Interesting changes since the last automatic update:
* Enable network install
* Enable over-clocking frequencies > 3GHz
See: ttps://github.com/raspberrypi/firmware/issues/1876
* Adjust SDRAM refresh rate according to temperature and address a performance
gap between 4GB and 8GB parts in benchmarks.
See: https://github.com/raspberrypi/firmware/issues/1854
* Support custom CA certs with HTTPS boot
* Move non Kernel ARM stages back to 512KB
https://github.com/raspberrypi/firmware/issues/1868
* Assorted HAT+ and NVMe interop improvements.
* Fix TRYBOOT if secure-boot is enabled.
* Preliminary support for D0 and CM5.
* Switch to building the Pi4 firmware from the common Pi4/Pi5
mainline release. This doesn't change the Pi4 features
but should make it quicker to release bug fixes in common code.
* Fix issue that caused the TRYBOOT flag to be lost in secure-boot mode.
* dtoverlay: Use %u when converting u32s to strings
See: https://github.com/raspberrypi/linux/issues/6039
* Improved debug messages for secure-boot.
* Generate the bootloader diagnostics qrcode at run time.
* bootloader: clock_2712: Remove restriction on arm_freq <= 3000
See: https://github.com/raspberrypi/firmware/issues/1876
* arm_dt: Update max_current to match HAT value
* arm_dt: Remove unused legacy parameters (core_freq, arm_freq, uart0_clkrate and cache_line_size)
* Add support for custom CA cert for network install
You need to specify
HTTP_HOST=myhost.com
HTTP_PATH=/path/to/files
HTTP_CACERT_HASH=<hash>
where <hash> is a sha256 hash of the der encoded ca certificate.
CA cert is added using rpi-eeprom-config.
* Optimise Vbat current draw with charging disabled
* Display OTP boot status in UART log messages.
* Preliminary support for secure-boot OTP provisioning.
* Update PCIE DET_WAKE pinmux for D0 products
Make it clearer that rpi-eeprom-digest is used create optionally
signed hashes for binary files.
For secure-boot the update-pieeprom.sh wrapper must be used
because only the boot configuration is signed by the customer
key rather than the entire SPI flash image.
Update rpi-eeprom-config to support replacement of bootcode.bin
with a customer counter-signed version.
Add a new rpi-sign-bootcode script which enables bootcode.bin
to be counter-signed with the customer key.
N.B. Signed boot on 2712 requires newer firmware which is currently
under development and has not been released.
Allows you to add a custom ca cert to an image.
Note: This option is only relevant for newer (as yet unreleased)
bootloader images that support custom CA certs and reserve a space for
this in the flash image.
* Adjust the SDRAM refresh interval based on the temperature. This
addresses the gap in performance between the 8GB and 4GB variants.
See https://github.com/raspberrypi/firmware/issues/1864
* Preliminary support for signed boot.
* Adjust the SDRAM refresh interval based on the temperature. This
addresses the gap in performance between the 8GB and 4GB variants.
See https://github.com/raspberrypi/firmware/issues/1854
* Preliminary support for signed boot
* Fix issues with SFN entries sometimes being treated as LFNs
see https://github.com/raspberrypi/rpi-eeprom/issues/514
* Add a dedicated message for "M.2 HAT" not being found instead of
the generic 'unsupported boot order' message when NVMe boot is
skipped.
