From 0f6920518f8e13f4ee1167cdccaaea29170ae5c9 Mon Sep 17 00:00:00 2001
From: Tim Gover <tim.gover@raspberrypi.com>
Date: Thu, 22 May 2025 17:25:08 +0100
Subject: [PATCH 1/3] tools: Add the network install public key

For reference, add the Raspberry Pi Network Install public key
which is compiled into the bootmain executable.

To verify the current image:

git clone https://github.com/raspberrypi/rpi-eeprom
wget https://downloads.raspberrypi.com/net_install/boot.sig
wget https://downloads.raspberrypi.com/net_install/boot.img
cd rpi-eeprom
./rpi-eeprom-digest -k imager/net_install_pubkey.pem -i ../boot.img -v ../boot.sig

On success the expected output is "Verified OK" and exit status 0.

See: #711
---
 imager/net_install_pubkey.pem | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 imager/net_install_pubkey.pem

diff --git a/imager/net_install_pubkey.pem b/imager/net_install_pubkey.pem
new file mode 100644
index 0000000..6460332
--- /dev/null
+++ b/imager/net_install_pubkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAno9f6RGBaf2yaWTwf8+y
+MO4snzEgLOr8L3S28PZBdyx2qqNrzZ+xUOfLNYI5CwvBgOyKtm5L+wJIR8NUqgBl
+tvtBMAy2Auh0Qe679vN6UnsWE/o3pCgFPdmH+EcKfPqNBYODgfL+eumGM9Lo2dnl
+6P3JBR4Uy2E171k4D9Pj5rhO2K4jySYwbTuFR/drB2nDBrrsUW+SArnkTLvEGLY1
+nONW+AIBaqBxb+wjD/TMvVdsCWNXabcRqYM9DDgVzGePKuQdX5aBdgDnlbtDodyq
+FnLcRjqGE7nSQBQILwmGl5EvHMGa8d3/aLE6eXmMCakXyF1HPRv2lOecxNMO3xTF
+zwIDAQAB
+-----END PUBLIC KEY-----

From fac42a0d864d01e90999887c9780d9d556099d21 Mon Sep 17 00:00:00 2001
From: Tim Gover <tim.gover@raspberrypi.com>
Date: Tue, 3 Jun 2025 15:47:28 +0100
Subject: [PATCH 2/3] 2711: Change the automatic update minimum version to
 2025-05-08

Important changes since the last automatic update:

* Add the boot-menu to override the boot-order.
* Implement TCP window for network install.
* Preserve SDRAM contents after crash.
* Improved compatibility for USB pendrives.
---
 rpi-eeprom-update | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rpi-eeprom-update b/rpi-eeprom-update
index 1dc3b46..4087ce6 100755
--- a/rpi-eeprom-update
+++ b/rpi-eeprom-update
@@ -424,7 +424,7 @@ checkDependencies() {
    if [ $(((0x$BOARD_INFO >> 12) & 15)) = 3 ]; then
       BCM_CHIP=2711
       EEPROM_SIZE=524288
-      BOOTLOADER_AUTO_UPDATE_MIN_VERSION="${BOOTLOADER_AUTO_UPDATE_MIN_VERSION:-1599135103}"
+      BOOTLOADER_AUTO_UPDATE_MIN_VERSION="${BOOTLOADER_AUTO_UPDATE_MIN_VERSION:-1746717695}"
 
       SPIDEV=/dev/spidev0.0
    elif [ $(((0x$BOARD_INFO >> 12) & 15)) = 4 ]; then

From fd7c8323839d94b0b126407eb62b822b0063ae67 Mon Sep 17 00:00:00 2001
From: Tim Gover <tim.gover@raspberrypi.com>
Date: Wed, 4 Jun 2025 10:11:53 +0100
Subject: [PATCH 3/3] 2711: release-notes: Add (automatic) tag

---
 firmware-2711/release-notes.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/firmware-2711/release-notes.md b/firmware-2711/release-notes.md
index 2e1ec1d..91db23c 100644
--- a/firmware-2711/release-notes.md
+++ b/firmware-2711/release-notes.md
@@ -15,7 +15,7 @@
   that the second stage bootloader is counter-signed with the customer's
   private key.
 
-## 2025-05-13: Promote 2025-05-08 to the default release (default)
+## 2025-05-13: Promote 2025-05-08 to the default release (default) (automatic)
 
 ## 2025-05-08: Implement TCP window for net boot (latest)
 * Signed boot and HTTP boot mode