bug_report template: Add missing CM5 + pi500

Signed-off-by: Nicolai Buchwitz <n.buchwitz@kunbus.com>

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -40,8 +40,11 @@ body:
     multiple: true
     options:
       - Raspberry Pi 5
+      - Raspberry Pi 500
       - Raspberry Pi 4 Mod. B
       - Raspberry Pi 400
+      - Raspberry Pi CM5
+      - Raspberry Pi CM5 Lite
       - Raspberry Pi CM4
       - Raspberry Pi CM4 Lite
       - Raspberry Pi CM4-S

LICENSE

@@ -6,10 +6,14 @@ Files: *
 Copyright: 2019, Raspberry Pi (Trading) Ltd.
 License: BSD-3
 
-Files: firmware/*
+Files: firmware-2711/*
 Copyright: 2019, Raspberry Pi (Trading) Ltd.
 License: custom
 
+Files: firmware-2712/*
+Copyright: 2024, Raspberry Pi (Trading) Ltd.
+License: custom
+
 License: BSD-3
  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions

debian/.gitignore

@@ -1,9 +0,0 @@
-.debhelper/
-debhelper-build-stamp
-files
-rpi-eeprom/
-rpi-eeprom-images/
-*.debhelper.log
-*.debhelper
-*.substvars
-*.1

debian/LICENCE.bootloader

@@ -1,28 +0,0 @@
-Copyright (c) 2019, Raspberry Pi (Trading) Ltd.
-All rights reserved.
-
-Redistribution.  Redistribution and use in binary form, without
-modification, are permitted provided that the following conditions are
-met:
-
-* This software may only be used for the purposes of developing for,
-  running or using a Raspberry Pi device.
-* Redistributions must reproduce the above copyright notice and the
-  following disclaimer in the documentation and/or other materials
-  provided with the distribution.
-* Neither the name of the copyright holder nor the names of its
-  contributors may be used to endorse or promote products derived
-  from this software without specific prior written permission.
-
-DISCLAIMER.  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
-CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
-BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
-OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
-TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
-USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGE. 

debian/control

@@ -1,29 +0,0 @@
-Source: rpi-eeprom
-Section: misc
-Priority: optional
-Maintainer: Serge Schneider <serge@raspberrypi.com>
-Build-Depends: debhelper-compat (= 12), help2man, python3-minimal
-Standards-Version: 4.6.2
-Homepage: https://github.com/raspberrypi/rpi-eeprom/
-Vcs-Browser: https://github.com/raspberrypi/rpi-eeprom/
-Vcs-Git: https://github.com/raspberrypi/rpi-eeprom.git
-
-Package: rpi-eeprom
-Architecture: all
-Depends: ${shlibs:Depends}, ${misc:Depends}, raspi-utils, python3,
- binutils, pciutils, python3-pycryptodome
-Breaks: rpi-eeprom-images (<<7.2)
-Replaces: rpi-eeprom-images (<<7.2)
-Recommends: flashrom
-Provides: rpi-eeprom-images
-Description: Raspberry Pi 4/5 boot EEPROM updater
- Checks whether the Raspberry Pi bootloader EEPROM is up-to-date and updates
- the EEPROM.
-
-Package: rpi-eeprom-images
-Architecture: all
-Depends: ${misc:Depends}, rpi-eeprom (>=7.2)
-Priority: optional
-Section: oldlibs
-Description: transitional package
- This is a transitional package. It can safely be removed.

debian/copyright

@@ -1 +0,0 @@
-../LICENSE

debian/default/rpi-eeprom-update

@@ -1 +0,0 @@
-FIRMWARE_RELEASE_STATUS="default"

debian/gbp.conf

@@ -1,3 +0,0 @@
-[DEFAULT]
-upstream-tree = master
-debian-branch = debian/bookworm

debian/rpi-eeprom.docs

@@ -1 +0,0 @@
-debian/LICENCE.bootloader

debian/rpi-eeprom.install

@@ -1,26 +0,0 @@
-rpi-eeprom-config usr/bin/
-rpi-eeprom-update usr/bin/
-rpi-eeprom-digest usr/bin/
-tools/rpi-bootloader-key-convert usr/bin/
-tools/rpi-otp-private-key usr/bin/
-tools/rpi-sign-bootcode usr/bin/
-
-debian/default/ etc/
-
-firmware-2711/default usr/lib/firmware/raspberrypi/bootloader-2711/
-firmware-2711/latest usr/lib/firmware/raspberrypi/bootloader-2711/
-
-firmware-2711/critical usr/lib/firmware/raspberrypi/bootloader-2711/
-firmware-2711/stable usr/lib/firmware/raspberrypi/bootloader-2711/
-firmware-2711/beta usr/lib/firmware/raspberrypi/bootloader-2711/
-
-firmware-2711/release-notes.md usr/lib/firmware/raspberrypi/bootloader-2711/
-
-firmware-2712/default usr/lib/firmware/raspberrypi/bootloader-2712/
-firmware-2712/latest usr/lib/firmware/raspberrypi/bootloader-2712/
-
-firmware-2712/critical usr/lib/firmware/raspberrypi/bootloader-2712/
-firmware-2712/stable usr/lib/firmware/raspberrypi/bootloader-2712/
-firmware-2712/beta usr/lib/firmware/raspberrypi/bootloader-2712/
-
-firmware-2712/release-notes.md usr/lib/firmware/raspberrypi/bootloader-2712/

debian/rpi-eeprom.maintscript

@@ -1,2 +0,0 @@
-dir_to_symlink /lib/firmware/raspberrypi/bootloader-2711/beta latest 17.0+pi5+1-1
-dir_to_symlink /lib/firmware/raspberrypi/bootloader-2712/beta latest 17.0+pi5+1-1

debian/rpi-eeprom.manpages

@@ -1,2 +0,0 @@
-debian/rpi-eeprom-update.1
-debian/rpi-eeprom-config.1

debian/rpi-eeprom.postinst

@@ -1,39 +0,0 @@
-#!/bin/sh
-# postinst script for rpi-eeprom
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <postinst> `configure' <most-recently-configured-version>
-#        * <old-postinst> `abort-upgrade' <new version>
-#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-#          <new-version>
-#        * <postinst> `abort-remove'
-#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-#          <failed-install-package> <version> `removing'
-#          <conflicting-package> <version>
-# for details, see https://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
-    configure)
-    ;;
-
-    abort-upgrade|abort-remove|abort-deconfigure)
-    ;;
-
-    *)
-        echo "postinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0

debian/rpi-eeprom.postrm

@@ -1,40 +0,0 @@
-#!/bin/sh
-# postrm script for rpi-eeprom
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <postrm> `remove'
-#        * <postrm> `purge'
-#        * <old-postrm> `upgrade' <new-version>
-#        * <new-postrm> `failed-upgrade' <old-version>
-#        * <new-postrm> `abort-install'
-#        * <new-postrm> `abort-install' <old-version>
-#        * <new-postrm> `abort-upgrade' <old-version>
-#        * <disappearer's-postrm> `disappear' <overwriter>
-#          <overwriter-version>
-# for details, see https://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
-    purge)
-        rm -rf /var/lib/raspberrypi/bootloader/backup/
-    ;;
-    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-    ;;
-
-    *)
-        echo "postrm called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0

debian/rpi-eeprom.prerm

@@ -1,38 +0,0 @@
-#!/bin/sh
-# prerm script for rpi-eeprom
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <prerm> `remove'
-#        * <old-prerm> `upgrade' <new-version>
-#        * <new-prerm> `failed-upgrade' <old-version>
-#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
-#        * <deconfigured's-prerm> `deconfigure' `in-favour'
-#          <package-being-installed> <version> `removing'
-#          <conflicting-package> <version>
-# for details, see https://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
-    remove|upgrade|deconfigure)
-    ;;
-
-    failed-upgrade)
-    ;;
-
-    *)
-        echo "prerm called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0

debian/rpi-eeprom.rpi-eeprom-update.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=Check for Raspberry Pi EEPROM updates
-After=boot-firmware.mount
-
-[Service]
-Type=oneshot
-RemainAfterExit=true
-ExecStart=/usr/bin/rpi-eeprom-update -s -a
-
-[Install]
-WantedBy=multi-user.target

debian/rules

@@ -1,27 +0,0 @@
-#!/usr/bin/make -f
-#export DH_VERBOSE = 1
-
-include /usr/share/dpkg/pkg-info.mk
-
-%:
-	dh $@
-
-override_dh_installsystemd:
-	dh_installsystemd --name=rpi-eeprom-update
-
-override_dh_auto_build: debian/rpi-eeprom-update.1 debian/rpi-eeprom-config.1
-
-override_dh_install:
-	mkdir -p debian/rpi-eeprom/var/lib/raspberrypi/bootloader/backup/
-	dh_install
-
-debian/rpi-eeprom-update.1:
-	help2man -N --version-string="${DEB_VERSION_UPSTREAM}" --help-option="-h" \
-		--name="Checks whether the Raspberry Pi bootloader EEPROM is \
-up-to-date and updates the EEPROM" \
-		--output=$@ ./rpi-eeprom-update
-
-debian/rpi-eeprom-config.1:
-	help2man -N --version-string="${DEB_VERSION_UPSTREAM}" --help-option="-h" \
-		--name="Bootloader EEPROM configuration tool for the Raspberry Pi 4/5" \
-		--output=$@ ./rpi-eeprom-config

debian/salsa-ci.yml

@@ -1,28 +0,0 @@
-include:
-  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
-  - $CI_SERVER_URL/$CI_PROJECT_NAMESPACE/salsa-ci/-/raw/pios/rpi.yml
-
-variables:
-  SALSA_CI_ARM_RUNNER_TAG: salsa-arm64
-  SALSA_CI_DISABLE_BUILD_PACKAGE_ARM64: 0
-  SALSA_CI_DISABLE_BUILD_PACKAGE_ARMHF: 0
-  SALSA_CI_DISABLE_APTLY: 0
-  SALSA_CI_DISABLE_VERSION_BUMP: 1
-  # These require priviledged docker containers to work
-  SALSA_CI_DISABLE_AUTOPKGTEST: 1
-  SALSA_CI_DISABLE_PIUPARTS: 1
-  SALSA_CI_DISABLE_REPROTEST: 1
-  SALSA_CI_IMAGES_LINTIAN: ${SALSA_CI_IMAGES}/lintian:bookworm
-  # Work around lintian bug in bookworm
-  # https://lists.debian.org/debian-lint-maint/2024/02/msg00039.html
-  SALSA_CI_LINTIAN_SUPPRESS_TAGS: 'bad-distribution-in-changes-file'
-
-extract-source:
-  variables:
-    GIT_DEPTH: 0
-    GIT_STRATEGY: clone
-  before_script:
-    - git fetch origin master:master
-
-publish to apt:
-  extends: .publish-public

debian/source/format

@@ -1 +0,0 @@
-3.0 (quilt)

debian/source/lintian-overrides

@@ -1,2 +0,0 @@
-debian-copyright-is-symlink
-source-is-missing [tools/vl805]

firmware-2711/release-notes.md

@@ -1,5 +1,42 @@
 # Raspberry Pi4 bootloader EEPROM release notes
 
+## 2025-02-17: Promote 2025-02-11 to default release (default)
+
+## 2025-02-11: recovery: Walk partitions to delete recovery.bin (latest)
+
+* recovery: Walk partitions to delete recovery.bin
+  Previously, recovery.bin would fail to delete itself
+  if the bootrom loaded recovery.bin where there are multiple FAT
+  partitions and the first partition does not contain recovery.bin
+  Update the rename code to walk the partition table to find
+  the recovery.bin file to delete.
+* Enable overriding of high partition numbers
+  Previously, the PARTITION=N bootloader config setting would only
+  be used at power on reset or if the partition number passed to
+  reboot was zero.
+  Change the behaviour so that the bootloader config PARTITION
+  property can override the reboot partition number if the reboot
+  parameter is > 31.
+* Walk the partition table if the requested partition is not bootable
+  Previously, if the specified boot partition was not bootable the
+  bootloader would stop and advance to the next BOOT_ORDER. If the
+  new PARTITION_WALK option is set to 1 the bootloader will now
+  check each partition in turn starting from the specified partition
+  before advancing the BOOT_ORDER.
+  This feature is intended for use with A/B systems to handle the case
+  where autoboot.txt is missing / corrupted. This change enables
+  the system to failover to the next available bootable partition.
+  The autoboot.txt file is not scanned during the partition-walk
+  phase i.e. there is no recursive processing of autoboot.txt files.
+  This option is only supported on physical block devices
+  (SD, NVMe, USB) and not RAMDISK. USB assumes a single high speed
+  device, partition walks on multiple USB devices is not recommended
+  and may cause timeouts.
+* Improve keyboard handling in boot menu
+  Try and make it more likely that we have enough time to perform key
+  detection.
+  Ignore mice, which were being enumerated and slowing things down.
+
 ## 2024-12-07: Enable banklow (and so NUMA) by default (latest)
 
 * Enable banklow (and so NUMA) by default

firmware-2712/release-notes.md

@@ -1,5 +1,149 @@
 # Raspberry Pi5 bootloader EEPROM release notes
 
+## 2025-03-19: Log the fan speed at boot (latest)
+
+* Log the fan speed at boot
+  Record the fan RPM (and the maximum seen) during boot, so that it is
+  accessible using "sudo vclog -m".
+  See: https://github.com/raspberrypi/rpi-eeprom/issues/678
+* Add current_supply to HAT+ support
+  Refactor the HAT library to make it more self-contained, and combine
+  the I2C address detection and the reading of the EEPROM contents.
+  Use it to allow the earlier boot stages to check for a current_supply
+  setting in the EEPROM of a normal (non-stackable) HAT+.
+
+## 2025-03-10: Promote 2025-03-10 release to default (default)
+
+## 2025-03-10: Add [boot_partition] filter plus SDRAM init fixes (latest)
+
+* Update SDRAM init timings to intermittent 8-flash SDRAM init errors
+  on some boards.
+  See: https://github.com/raspberrypi/rpi-eeprom/issues/67
+* config: Fix missing initialisation of selected_expr to 1 in config.txt
+  Without an [all] section the new expression filter might default to
+  false. This impacts the bootloader early parsing of config.txt
+  for things like boot_ramdisk rather than the later config.txt pass
+  for device-tree parsing.
+* config_loader: Add support [boot_partition=N] as an expression filter
+  The boot_partition tests whether the partition number N matches
+  the number that the system is booting from. This expression is
+  only supported in config.txt and is designed to make it easier
+  to have common boot.img ramdisks in an A/B system where the
+  conditional loads a different cmdline.txt file depending on
+  which partition boot.img is loaded from.
+
+## 2025-03-03: Fix bootloader pull configuration on 2712D0 (latest)
+
+* Fix pull configuration on 2712D0
+  2712D0 uses a horrendously sparse set of pad control registers. Make
+  the pull-setting code sufficiently complex to cope.
+  See: https://github.com/raspberrypi/rpi-eeprom/issues/672
+* Disable UARTA for CM5s without WiFi
+  Just as CM5s without WiFI don't need the SDIO interface, the Bluetooth
+  UART is unconnected. Disable the DT node to avoid kernel warnings and
+  save some cycles.
+
+## 2025-02-17: Promote 2025-02-12 to the default release (default)
+
+## 2025-02-12: Fixup change to disable 3.7V PMIC output on CM5 no-wifi (latest)
+
+* Fixup change to disable 3.7V PMIC output on CM5 no-wifi
+
+## 2025-02-11: CM5 no-Wifi stability improvements (latest)
+
+* recovery: Walk partitions to delete recovery.bin
+  Previously, recovery.bin would fail to delete itself
+  if the bootrom loaded recovery.bin where there are multiple FAT
+  partitions and the first partition does not contain recovery.bin
+  Update the rename code to walk the partition table to find
+  the recovery.bin file to delete.
+* pi5: Add config filter for simple boot variable expressions (experimental)
+  Add support for a new bootloader/config.txt conditional filter
+  which tests the partition, boot_count and boot_arg1 variables.
+  Syntax (no spaces):
+  ARG boot_arg1, boot_count or partition (EEPROM config stage only)
+  [ARG=VALUE]      selected if (ARG == VALUE)
+  [ARG&MASK]       selected if ((ARG & VALUE) != 0))
+  [ARG&MASK=VALUE] selected if ((ARG & MASK) == VALUE)
+  [ARG<VALUE]      selected if (ARG < VALUE)
+  [ARG>VALUE]      selected if (ARG > VALUE)
+  where VALUE and MASK are unsigned integer constants and ARG
+  corresponds to the value in the reset register before the
+  config file is parsed.
+* pi5: Add a boot-count bootloader variable (experimental)
+  Store the boot-count in a reset register and increment just
+  before the boot-order state-machine. The boot-count variable
+  is visible via device-tree /proc/device-tree/chosen/bootloader/count
+  and can be read/set via vcmailbox
+  GET: sudo vcmailbox 0x0003008d 4 4 0
+  SET to N: sudo vcmailbox 0x0003808d 4 4 N
+* pi5: Add user-defined reboot argument (boot_arg1) (experimental)
+  Add support for a user-defined boot parameter stored in a reset-safe
+  scratch register on BCM2712.  This is visible via device-tree at
+  /proc/device-tree/chosen/bootloader/arg1 and via vcmailboxes
+  GET arg1: sudo vcmailbox 0x0003008c 8 8 1 0
+  SET arg1 to 42: sudo vcmailbox 0x0003808c 8 8 1 42
+  or via config.txt
+  set_reboot_arg1=42
+  The variable is NOT cleared automatically and will persist until
+  a power-on-reset.
+* Enable overriding of high partition numbers
+  Previously, the PARTITION=N bootloader config setting would only
+  be used at power on reset or if the partition number passed to
+  reboot was zero.
+  Change the behaviour so that the bootloader config PARTITION
+  property can override the reboot partition number if the reboot
+  parameter is > 31.
+* Disable WiFi PMIC output on CM5 modules without WiFi
+  Disable the 3.7V WiFi power supply on CM5 modules which do not have a
+  WiFi module fitted. This fixes some stability issues where a CM5
+  would shutdown due to a spurious over-voltage condition on the
+  non-connected WiFi power supply.
+* Add memory barrier to the mbox handler
+  Firmware issue 1944 reports receiving kernel warnings about firmware
+  requests where the status return code is 0. This should not be
+  possible, as handle_mbox_property always sets the top bit of the return
+  code, with the bottom bit indicating success or failure. If the firmware
+  had died, the firmware driver would report a timeout due to the lack of
+  a mailbox interrupt, and that isn't happening.
+  See: https://github.com/raspberrypi/firmware/issues/1944
+* support dts files with size-cells of 2
+  DTS files with a top-level #size-cells of 2 make a lot of sense for
+  systems with a lot of RAM, but the firmware is currently inconsistent
+  in its support for that. Fix up the other cases to honor #size-cells
+  and #address-cells.
+* Disable SDIO2 for CM5s without WiFi
+  It has been observed that CM5s without WiFi hang on reboot. To prevent
+  that, disable the sdio2 node on those devices.
+  See: https://github.com/raspberrypi/linux/issues/6647
+* arm_dt: Use dtoverlay_enable_node
+  Convert the open-coded DT node status changes to use the new dtoverlay
+  method dtoverlay_enable_node.
+* dtoverlay: Add dtoverlay_enable_node
+  Add a helper function for setting the status of a node.
+
+## 2025-01-27: Walk the partition table if the requested partition is not bootable (latest)
+
+* Walk the partition table if the requested partition is not bootable
+  Previously, if the specified boot partition was not bootable the
+  bootloader would stop and advance to the next BOOT_ORDER. If the
+  new PARTITION_WALK option is set to 1 the bootloader will now
+  check each partition in turn starting from the specified partition
+  before advancing the BOOT_ORDER.
+  This feature is intended for use with A/B systems to handle the case
+  where autoboot.txt is missing / corrupted. This change enables
+  the system to failover to the next available bootable partition.
+  The autoboot.txt file is not scanned during the partition-walk
+  phase i.e. there is no recursive processing of autoboot.txt files.
+  This option is only supported on physical block devices
+  (SD, NVMe, USB) and not RAMDISK. USB assumes a single high speed
+  device, partition walks on multiple USB devices is not recommended
+  and may cause timeouts.
+* Improve keyboard handling in boot menu
+  Try and make it more likely that we have enough time to perform key
+  detection.
+  Ignore mice, which were being enumerated and slowing things down.
+
 ## 2025-01-22: Promote 2025-01-22 to default release (default)
 
 ## 2025-01-22: Add DT /chosen property signed-boot boot.img hash (latest)

imager/2711-config/boot-conf-network.txt

@@ -3,4 +3,5 @@ BOOT_UART=0
 WAKE_ON_GPIO=1
 ENABLE_SELF_UPDATE=1
 BOOT_ORDER=0xf21
+NET_INSTALL_AT_POWER_ON=1
 

imager/2711-config/boot-conf-sd.txt

@@ -3,4 +3,4 @@ BOOT_UART=0
 WAKE_ON_GPIO=1
 ENABLE_SELF_UPDATE=1
 BOOT_ORDER=0xf41
-
+NET_INSTALL_AT_POWER_ON=1

imager/2711-config/boot-conf-usb.txt

@@ -3,4 +3,5 @@ BOOT_UART=0
 WAKE_ON_GPIO=1
 ENABLE_SELF_UPDATE=1
 BOOT_ORDER=0xf14
+NET_INSTALL_AT_POWER_ON=1
 

imager/make-imager-release

@@ -5,7 +5,7 @@ set -e
 script_dir=$(cd "$(dirname "$0")" && pwd)
 
 # Pi4, Pi400, CM4, CM4-S
-${script_dir}/make-release critical 2023-01-11 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
+${script_dir}/make-release critical 2025-02-11 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
 
 # Pi5
-${script_dir}/make-release critical 2024-11-12 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712
+${script_dir}/make-release critical 2025-02-12 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712

rpi-eeprom-digest

@@ -59,11 +59,12 @@ Options:
    -k Optional RSA private key.
 
 RSA signing
-If a private key in PEM format is supplied then the RSA signature of the
-sha256 digest is included in the .sig file. Currently, the bootloader only
-supports sha256 digests signed with a 2048bit RSA key.
-The bootloader only verifies RSA signatures in signed boot mode
-and only for the EEPROM config file and the signed image.
+If a private key in PEM format or a pkcs#11 URI is supplied then the
+RSA signature of the sha256 digest is included in the .sig
+file. Currently, the bootloader only supports sha256 digests signed
+with a 2048bit RSA key.  The bootloader only verifies RSA signatures
+in signed boot mode and only for the EEPROM config file and the signed
+image.
 
 Examples:
 
@@ -78,6 +79,9 @@ rpi-eeprom-digest -k private.pem -i boot.img -o boot.sig
 # As used by update-pieeprom.sh in usbboot/secure-boot-recovery
 rpi-eeprom-digest -k private.pem -i bootconf.txt  -o bootconf.sig
 
+# Similarly, but specifying the key with a PKCS#11 URI
+rpi-eeprom-digest -k pkcs11:token=deadbeef;object=bl-key;type=private;pin-value=1234 -i bootconf.txt  -o bootconf.sig
+
 # To verify the signature of an existing .sig file using the public key.
 # N.B The key file must be the PUBLIC key in PEM format.
 rpi-eeprom-digest -k public.pem -i boot.bin -v boot.sig
@@ -99,8 +103,7 @@ writeSig() {
    fi
 
    if [ -n "${KEY}" ]; then
-      [ -f "${KEY}" ] || die "RSA private \"${KEY}\" not found"
-      "${OPENSSL}" dgst -sign "${KEY}" -keyform PEM -sha256 -out "${SIG_TMP}" "${IMAGE}"
+      "${OPENSSL}" dgst ${ENGINE_OPTS} -sign "${KEY}" -sha256 -out "${SIG_TMP}" "${IMAGE}"
       echo "rsa2048: $(xxd -c 4096 -p < "${SIG_TMP}")" >> "${OUTPUT}"
    fi
 }
@@ -113,7 +116,7 @@ verifySig() {
    [ -n "${sig_hex}" ] || die "No RSA signature in ${sig_file}"
 
    echo ${sig_hex} | xxd -c 4096 -p -r > "${TMP_DIR}/sig.bin"
-   "${OPENSSL}" dgst -verify "${KEY}" -signature "${TMP_DIR}/sig.bin" "${IMAGE}" || die "${IMAGE} not verified"
+   "${OPENSSL}" dgst ${ENGINE_OPTS} -verify "${KEY}" -signature "${TMP_DIR}/sig.bin" "${IMAGE}" || die "${IMAGE} not verified"
 }
 
 OUTPUT=""
@@ -142,6 +145,18 @@ checkDependencies
 
 [ -n "${IMAGE}" ] || usage
 [ -f "${IMAGE}" ] || die "Source image \"${IMAGE}\" not found"
+[ "${VERIFY}" != 1 ] || [ -n "${KEY}" ] || die "Option -v also requires passing public key via -k"
+
+if [ -n "${KEY}" ] ; then
+    if [ -f "${KEY}" ] ; then
+        ENGINE_OPTS=
+    elif echo "${KEY}" | grep -q "^pkcs11:" ; then
+        ENGINE_OPTS="-engine pkcs11 -keyform engine"
+    else
+        die "RSA key \"${KEY}\" not found"
+    fi
+fi
+
 if [ "${VERIFY}" = 1 ]; then
    verifySig "${SIGNATURE}"
 else