bug_report template: Be more precise about the UART pins

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -40,11 +40,8 @@ body:
     multiple: true
     options:
       - Raspberry Pi 5
-      - Raspberry Pi 500
       - Raspberry Pi 4 Mod. B
       - Raspberry Pi 400
-      - Raspberry Pi CM5
-      - Raspberry Pi CM5 Lite
       - Raspberry Pi CM4
       - Raspberry Pi CM4 Lite
       - Raspberry Pi CM4-S

LICENSE

@@ -6,14 +6,10 @@ Files: *
 Copyright: 2019, Raspberry Pi (Trading) Ltd.
 License: BSD-3
 
-Files: firmware-2711/*
+Files: firmware/*
 Copyright: 2019, Raspberry Pi (Trading) Ltd.
 License: custom
 
-Files: firmware-2712/*
-Copyright: 2024, Raspberry Pi (Trading) Ltd.
-License: custom
-
 License: BSD-3
  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions

firmware-2711/release-notes.md

@@ -1,42 +1,5 @@
 # Raspberry Pi4 bootloader EEPROM release notes
 
-## 2025-02-17: Promote 2025-02-11 to default release (default)
-
-## 2025-02-11: recovery: Walk partitions to delete recovery.bin (latest)
-
-* recovery: Walk partitions to delete recovery.bin
-  Previously, recovery.bin would fail to delete itself
-  if the bootrom loaded recovery.bin where there are multiple FAT
-  partitions and the first partition does not contain recovery.bin
-  Update the rename code to walk the partition table to find
-  the recovery.bin file to delete.
-* Enable overriding of high partition numbers
-  Previously, the PARTITION=N bootloader config setting would only
-  be used at power on reset or if the partition number passed to
-  reboot was zero.
-  Change the behaviour so that the bootloader config PARTITION
-  property can override the reboot partition number if the reboot
-  parameter is > 31.
-* Walk the partition table if the requested partition is not bootable
-  Previously, if the specified boot partition was not bootable the
-  bootloader would stop and advance to the next BOOT_ORDER. If the
-  new PARTITION_WALK option is set to 1 the bootloader will now
-  check each partition in turn starting from the specified partition
-  before advancing the BOOT_ORDER.
-  This feature is intended for use with A/B systems to handle the case
-  where autoboot.txt is missing / corrupted. This change enables
-  the system to failover to the next available bootable partition.
-  The autoboot.txt file is not scanned during the partition-walk
-  phase i.e. there is no recursive processing of autoboot.txt files.
-  This option is only supported on physical block devices
-  (SD, NVMe, USB) and not RAMDISK. USB assumes a single high speed
-  device, partition walks on multiple USB devices is not recommended
-  and may cause timeouts.
-* Improve keyboard handling in boot menu
-  Try and make it more likely that we have enough time to perform key
-  detection.
-  Ignore mice, which were being enumerated and slowing things down.
-
 ## 2024-12-07: Enable banklow (and so NUMA) by default (latest)
 
 * Enable banklow (and so NUMA) by default

firmware-2712/release-notes.md

@@ -1,232 +1,5 @@
 # Raspberry Pi5 bootloader EEPROM release notes
 
-## 2025-03-19: Log the fan speed at boot (latest)
-
-* Log the fan speed at boot
-  Record the fan RPM (and the maximum seen) during boot, so that it is
-  accessible using "sudo vclog -m".
-  See: https://github.com/raspberrypi/rpi-eeprom/issues/678
-* Add current_supply to HAT+ support
-  Refactor the HAT library to make it more self-contained, and combine
-  the I2C address detection and the reading of the EEPROM contents.
-  Use it to allow the earlier boot stages to check for a current_supply
-  setting in the EEPROM of a normal (non-stackable) HAT+.
-
-## 2025-03-10: Promote 2025-03-10 release to default (default)
-
-## 2025-03-10: Add [boot_partition] filter plus SDRAM init fixes (latest)
-
-* Update SDRAM init timings to intermittent 8-flash SDRAM init errors
-  on some boards.
-  See: https://github.com/raspberrypi/rpi-eeprom/issues/67
-* config: Fix missing initialisation of selected_expr to 1 in config.txt
-  Without an [all] section the new expression filter might default to
-  false. This impacts the bootloader early parsing of config.txt
-  for things like boot_ramdisk rather than the later config.txt pass
-  for device-tree parsing.
-* config_loader: Add support [boot_partition=N] as an expression filter
-  The boot_partition tests whether the partition number N matches
-  the number that the system is booting from. This expression is
-  only supported in config.txt and is designed to make it easier
-  to have common boot.img ramdisks in an A/B system where the
-  conditional loads a different cmdline.txt file depending on
-  which partition boot.img is loaded from.
-
-## 2025-03-03: Fix bootloader pull configuration on 2712D0 (latest)
-
-* Fix pull configuration on 2712D0
-  2712D0 uses a horrendously sparse set of pad control registers. Make
-  the pull-setting code sufficiently complex to cope.
-  See: https://github.com/raspberrypi/rpi-eeprom/issues/672
-* Disable UARTA for CM5s without WiFi
-  Just as CM5s without WiFI don't need the SDIO interface, the Bluetooth
-  UART is unconnected. Disable the DT node to avoid kernel warnings and
-  save some cycles.
-
-## 2025-02-17: Promote 2025-02-12 to the default release (default)
-
-## 2025-02-12: Fixup change to disable 3.7V PMIC output on CM5 no-wifi (latest)
-
-* Fixup change to disable 3.7V PMIC output on CM5 no-wifi
-
-## 2025-02-11: CM5 no-Wifi stability improvements (latest)
-
-* recovery: Walk partitions to delete recovery.bin
-  Previously, recovery.bin would fail to delete itself
-  if the bootrom loaded recovery.bin where there are multiple FAT
-  partitions and the first partition does not contain recovery.bin
-  Update the rename code to walk the partition table to find
-  the recovery.bin file to delete.
-* pi5: Add config filter for simple boot variable expressions (experimental)
-  Add support for a new bootloader/config.txt conditional filter
-  which tests the partition, boot_count and boot_arg1 variables.
-  Syntax (no spaces):
-  ARG boot_arg1, boot_count or partition (EEPROM config stage only)
-  [ARG=VALUE]      selected if (ARG == VALUE)
-  [ARG&MASK]       selected if ((ARG & VALUE) != 0))
-  [ARG&MASK=VALUE] selected if ((ARG & MASK) == VALUE)
-  [ARG<VALUE]      selected if (ARG < VALUE)
-  [ARG>VALUE]      selected if (ARG > VALUE)
-  where VALUE and MASK are unsigned integer constants and ARG
-  corresponds to the value in the reset register before the
-  config file is parsed.
-* pi5: Add a boot-count bootloader variable (experimental)
-  Store the boot-count in a reset register and increment just
-  before the boot-order state-machine. The boot-count variable
-  is visible via device-tree /proc/device-tree/chosen/bootloader/count
-  and can be read/set via vcmailbox
-  GET: sudo vcmailbox 0x0003008d 4 4 0
-  SET to N: sudo vcmailbox 0x0003808d 4 4 N
-* pi5: Add user-defined reboot argument (boot_arg1) (experimental)
-  Add support for a user-defined boot parameter stored in a reset-safe
-  scratch register on BCM2712.  This is visible via device-tree at
-  /proc/device-tree/chosen/bootloader/arg1 and via vcmailboxes
-  GET arg1: sudo vcmailbox 0x0003008c 8 8 1 0
-  SET arg1 to 42: sudo vcmailbox 0x0003808c 8 8 1 42
-  or via config.txt
-  set_reboot_arg1=42
-  The variable is NOT cleared automatically and will persist until
-  a power-on-reset.
-* Enable overriding of high partition numbers
-  Previously, the PARTITION=N bootloader config setting would only
-  be used at power on reset or if the partition number passed to
-  reboot was zero.
-  Change the behaviour so that the bootloader config PARTITION
-  property can override the reboot partition number if the reboot
-  parameter is > 31.
-* Disable WiFi PMIC output on CM5 modules without WiFi
-  Disable the 3.7V WiFi power supply on CM5 modules which do not have a
-  WiFi module fitted. This fixes some stability issues where a CM5
-  would shutdown due to a spurious over-voltage condition on the
-  non-connected WiFi power supply.
-* Add memory barrier to the mbox handler
-  Firmware issue 1944 reports receiving kernel warnings about firmware
-  requests where the status return code is 0. This should not be
-  possible, as handle_mbox_property always sets the top bit of the return
-  code, with the bottom bit indicating success or failure. If the firmware
-  had died, the firmware driver would report a timeout due to the lack of
-  a mailbox interrupt, and that isn't happening.
-  See: https://github.com/raspberrypi/firmware/issues/1944
-* support dts files with size-cells of 2
-  DTS files with a top-level #size-cells of 2 make a lot of sense for
-  systems with a lot of RAM, but the firmware is currently inconsistent
-  in its support for that. Fix up the other cases to honor #size-cells
-  and #address-cells.
-* Disable SDIO2 for CM5s without WiFi
-  It has been observed that CM5s without WiFi hang on reboot. To prevent
-  that, disable the sdio2 node on those devices.
-  See: https://github.com/raspberrypi/linux/issues/6647
-* arm_dt: Use dtoverlay_enable_node
-  Convert the open-coded DT node status changes to use the new dtoverlay
-  method dtoverlay_enable_node.
-* dtoverlay: Add dtoverlay_enable_node
-  Add a helper function for setting the status of a node.
-
-## 2025-01-27: Walk the partition table if the requested partition is not bootable (latest)
-
-* Walk the partition table if the requested partition is not bootable
-  Previously, if the specified boot partition was not bootable the
-  bootloader would stop and advance to the next BOOT_ORDER. If the
-  new PARTITION_WALK option is set to 1 the bootloader will now
-  check each partition in turn starting from the specified partition
-  before advancing the BOOT_ORDER.
-  This feature is intended for use with A/B systems to handle the case
-  where autoboot.txt is missing / corrupted. This change enables
-  the system to failover to the next available bootable partition.
-  The autoboot.txt file is not scanned during the partition-walk
-  phase i.e. there is no recursive processing of autoboot.txt files.
-  This option is only supported on physical block devices
-  (SD, NVMe, USB) and not RAMDISK. USB assumes a single high speed
-  device, partition walks on multiple USB devices is not recommended
-  and may cause timeouts.
-* Improve keyboard handling in boot menu
-  Try and make it more likely that we have enough time to perform key
-  detection.
-  Ignore mice, which were being enumerated and slowing things down.
-
-## 2025-01-22: Promote 2025-01-22 to default release (default)
-
-## 2025-01-22: Add DT /chosen property signed-boot boot.img hash (latest)
-
-* Add DT /chosen property signed-boot boot.img hash
-  Make the sha256 hash of the boot.img file available via
-  device-tree /proc/device-tree/chosen/bootloader/boot_img_sha256 if
-  signed boot is enabled.
-* filesystem: GPT autoboot/reboot partition number fixes for Pi4 and older
-* Fix problems when setting arm_freq_min=arm_freq and display clocks
-  if performance governor is not enabled.
-
-## 2025-01-14: Add set_reboot_order API (latest)
-
-* Add set_reboot_order API and config.txt properties
-  If set_reboot_order is defined in config.txt or set via vcmailbox
-  then this will override the bootloader config BOOT_ORDER property
-  on the next reboot. The parameter is stored in a reset safe register
-  and is cleared by the bootloader after reading it.
-  Typically, the config.txt value only be used via rpiboot to
-  override the boot-order on the next reboot. Otherwise, it should
-  reside in a conditional section so that the boot order is not
-  overridden on every reboot.
-  Example, test network boot
-  sudo vcmailbox 0x0003808b 4 4 0xf4612; sudo reboot
-
-## 2025-01-13: Improved SDRAM refresh timings for Pi5 16GB (latest)
-
-* Improved SDRAM refresh timings for Pi5 - 16GB
-* Add an option to wait for the power button to be pressed before booting.
-  If POWER_OFF_ON_HALT=1 and WAIT_FOR_POWER_BUTTON=1 in the bootloader
-  config then the bootloader will wait for either the power button
-  to be pressed or an RTC alarm before booting. The wait state
-  switches the PMIC to STANDBY mode which is the lowest possible
-  power state.
-
-## 2025-01-08: Update SDRAM refresh timings for BCM2712D0 products (latest)
-
-* Update SDRAM timings for BCM2712D0 products.
-
-## 2025-01-07: Fixup M.2 HAT+ detection (latest)
-
-* Fix a potential timing issue introduced in the 2025-01-06
-  release when enabling PCIE_PWR when booting from SD/USB.
-
-## 2025-01-06: Stop the fan after after fan-probe (latest)
-
-* Stop the fan after after fan-probe
-  After the fan-probe has completed drive the fan PWM GPIO
-  to high if a fan was detected and let the OS take over.
-* Add SD_QUIRKS for hardware bringup / workarounds
-  Add a new SD_QUIRKS flags property which can be used to
-  disable high-speed mode (bit 0). Other bits are reserved for
-  future use.
-* Change uart_2ndstage default to 1 on Pi5
-  Change the default to 1 because this gives useful diagnostics
-  for device-tree loading with minimal overhead. Set uart_2ndstage=0
-  or BOOT_UART=0 to disable this.
-* Move M.2 HAT+ detection to early boot.
-  Initialse M.2 HAT+ detection before DDR init to give NVMe
-  drive firmware more time to boot.
-
-## 2024-12-19: Disable fan PWM before shutdown (latest)
-
-* Disable fan PWM before shutdown
-  Drive the RP1 fan PWM GPIO high before entering the VPU
-  sleep (POWER_OFF_ON_HALT=0) to stop the fan spinning.
-* Disable fan PWM GPIO between RP1 init and fan probe
-  Drive fan PWM GPIO high during early boot to disable the fan
-  until it is probed during the device-tree setup stage.
-  This stops the spinning at max rpm during network-install.
-* arm_dt: enable_uart defaults to 0 on 2712
-  The default value of enable_uart on 2712 is 0, regardless of the
-  presence of the debug UART cable, so guarantee that the default is
-  always set correctly.
-
-## 2024-12-15: Add net install to boot menu (latest)
-
-* Add net install to boot menu
-  Press N (or shift).
-* enable_uart: Require enable_uart=1 to enable RP1 UART console
-  See: https://github.com/raspberrypi/rpi-eeprom/issues/643
-
 ## 2024-12-07: Enable banklow (and so NUMA) by default (latest)
 
 * Enable banklow (and so NUMA) by default

imager/2711-config/boot-conf-network.txt

@@ -3,5 +3,4 @@ BOOT_UART=0
 WAKE_ON_GPIO=1
 ENABLE_SELF_UPDATE=1
 BOOT_ORDER=0xf21
-NET_INSTALL_AT_POWER_ON=1
 

imager/2711-config/boot-conf-sd.txt

@@ -3,4 +3,4 @@ BOOT_UART=0
 WAKE_ON_GPIO=1
 ENABLE_SELF_UPDATE=1
 BOOT_ORDER=0xf41
-NET_INSTALL_AT_POWER_ON=1
+

imager/2711-config/boot-conf-usb.txt

@@ -3,5 +3,4 @@ BOOT_UART=0
 WAKE_ON_GPIO=1
 ENABLE_SELF_UPDATE=1
 BOOT_ORDER=0xf14
-NET_INSTALL_AT_POWER_ON=1
 

imager/make-imager-release

@@ -5,7 +5,7 @@ set -e
 script_dir=$(cd "$(dirname "$0")" && pwd)
 
 # Pi4, Pi400, CM4, CM4-S
-${script_dir}/make-release critical 2025-02-11 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
+${script_dir}/make-release critical 2023-01-11 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
 
 # Pi5
-${script_dir}/make-release critical 2025-02-12 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712
+${script_dir}/make-release critical 2024-11-12 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712

rpi-eeprom-config

@@ -171,6 +171,8 @@ def apply_update(config, eeprom=None, config_src=None):
     sys.stdout.write("Updating bootloader EEPROM\n image: %s\nconfig_src: %s\nconfig: %s\n%s\n%s\n%s\n" %
                      (eeprom_image, config_src, config, '#' * 80, config_str, '#' * 80))
 
+    sys.stdout.write("\n*** To cancel this update run 'sudo rpi-eeprom-update -r' ***\n\n")
+
     # Ignore APT package checksums so that this doesn't fail when used
     # with EEPROMs with configs delivered outside of APT.
     # The checksums are really just a safety check for automatic updates.

rpi-eeprom-digest

@@ -59,12 +59,11 @@ Options:
    -k Optional RSA private key.
 
 RSA signing
-If a private key in PEM format or a pkcs#11 URI is supplied then the
-RSA signature of the sha256 digest is included in the .sig
-file. Currently, the bootloader only supports sha256 digests signed
-with a 2048bit RSA key.  The bootloader only verifies RSA signatures
-in signed boot mode and only for the EEPROM config file and the signed
-image.
+If a private key in PEM format is supplied then the RSA signature of the
+sha256 digest is included in the .sig file. Currently, the bootloader only
+supports sha256 digests signed with a 2048bit RSA key.
+The bootloader only verifies RSA signatures in signed boot mode
+and only for the EEPROM config file and the signed image.
 
 Examples:
 
@@ -79,9 +78,6 @@ rpi-eeprom-digest -k private.pem -i boot.img -o boot.sig
 # As used by update-pieeprom.sh in usbboot/secure-boot-recovery
 rpi-eeprom-digest -k private.pem -i bootconf.txt  -o bootconf.sig
 
-# Similarly, but specifying the key with a PKCS#11 URI
-rpi-eeprom-digest -k pkcs11:token=deadbeef;object=bl-key;type=private;pin-value=1234 -i bootconf.txt  -o bootconf.sig
-
 # To verify the signature of an existing .sig file using the public key.
 # N.B The key file must be the PUBLIC key in PEM format.
 rpi-eeprom-digest -k public.pem -i boot.bin -v boot.sig
@@ -103,7 +99,8 @@ writeSig() {
    fi
 
    if [ -n "${KEY}" ]; then
-      "${OPENSSL}" dgst ${ENGINE_OPTS} -sign "${KEY}" -sha256 -out "${SIG_TMP}" "${IMAGE}"
+      [ -f "${KEY}" ] || die "RSA private \"${KEY}\" not found"
+      "${OPENSSL}" dgst -sign "${KEY}" -keyform PEM -sha256 -out "${SIG_TMP}" "${IMAGE}"
       echo "rsa2048: $(xxd -c 4096 -p < "${SIG_TMP}")" >> "${OUTPUT}"
    fi
 }
@@ -116,7 +113,7 @@ verifySig() {
    [ -n "${sig_hex}" ] || die "No RSA signature in ${sig_file}"
 
    echo ${sig_hex} | xxd -c 4096 -p -r > "${TMP_DIR}/sig.bin"
-   "${OPENSSL}" dgst ${ENGINE_OPTS} -verify "${KEY}" -signature "${TMP_DIR}/sig.bin" "${IMAGE}" || die "${IMAGE} not verified"
+   "${OPENSSL}" dgst -verify "${KEY}" -signature "${TMP_DIR}/sig.bin" "${IMAGE}" || die "${IMAGE} not verified"
 }
 
 OUTPUT=""
@@ -145,18 +142,6 @@ checkDependencies
 
 [ -n "${IMAGE}" ] || usage
 [ -f "${IMAGE}" ] || die "Source image \"${IMAGE}\" not found"
-[ "${VERIFY}" != 1 ] || [ -n "${KEY}" ] || die "Option -v also requires passing public key via -k"
-
-if [ -n "${KEY}" ] ; then
-    if [ -f "${KEY}" ] ; then
-        ENGINE_OPTS=
-    elif echo "${KEY}" | grep -q "^pkcs11:" ; then
-        ENGINE_OPTS="-engine pkcs11 -keyform engine"
-    else
-        die "RSA key \"${KEY}\" not found"
-    fi
-fi
-
 if [ "${VERIFY}" = 1 ]; then
    verifySig "${SIGNATURE}"
 else

rpi-eeprom-update

@@ -14,8 +14,6 @@ LOCAL_MODE=0
 if [ -n "$FIRMWARE_ROOT" ]; then
    # Provided by environment
    true
-elif [ -d /usr/lib/firmware/raspberrypi/bootloader ] || [ -d /usr/lib/firmware/raspberrypi/bootloader-2711 ] || [ -d /usr/lib/firmware/raspberrypi/bootloader-2712 ]; then
-   FIRMWARE_ROOT=/usr/lib/firmware/raspberrypi/bootloader
 elif [ -d /lib/firmware/raspberrypi/bootloader ] || [ -d /lib/firmware/raspberrypi/bootloader-2711 ] || [ -d /lib/firmware/raspberrypi/bootloader-2712 ]; then
    FIRMWARE_ROOT=/lib/firmware/raspberrypi/bootloader
 else
@@ -904,11 +902,6 @@ checkVersion()
 
    if [ "${ACTION_UPDATE_BOOTLOADER}" = 1 ] || [ "${ACTION_UPDATE_VL805}" = 1 ]; then
       echo "*** UPDATE AVAILABLE ***"
-      echo ""
-      echo "Run \"sudo rpi-eeprom-update -a\" to install this update now."
-      echo
-      echo "To configure the bootloader update policy run \"sudo ${RPI_EEPROM_UPDATE_CONFIG_TOOL}\""
-      echo ""
       printVersions
       write_status_info "EXIT_UPDATE_REQUIRED"
       exit ${EXIT_UPDATE_REQUIRED}

rpi-eeprom-update-default

@@ -1,5 +1,5 @@
 
-FIRMWARE_ROOT=/usr/lib/firmware/raspberrypi/bootloader
+FIRMWARE_ROOT=/lib/firmware/raspberrypi/bootloader
 FIRMWARE_RELEASE_STATUS="default"
 FIRMWARE_BACKUP_DIR="/var/lib/raspberrypi/bootloader/backup"
 EEPROM_CONFIG_HOOK=

test/install

@@ -20,14 +20,14 @@ CONFIG="/etc/default/rpi-eeprom-update"
 [ "$(id -u)" = "0" ] || die "$0 Must be run as root - try 'sudo $0 [-b]'"
 
 # Clear out the old firmware
-rm -rf /usr/lib/firmware/raspberrypi/bootloader
-rm -rf /usr/lib/firmware/raspberrypi/bootloader-2711
-rm -rf /usr/lib/firmware/raspberrypi/bootloader-2712
+rm -rf /lib/firmware/raspberrypi/bootloader
+rm -rf /lib/firmware/raspberrypi/bootloader-2711
+rm -rf /lib/firmware/raspberrypi/bootloader-2712
 
-mkdir -p /usr/lib/firmware/raspberrypi/bootloader-2711
-rsync -alv "${FIRMWARE_DIR}-2711"/* /usr/lib/firmware/raspberrypi/bootloader-2711 || echo "Failed"
-mkdir -p /usr/lib/firmware/raspberrypi/bootloader-2712
-rsync -alv "${FIRMWARE_DIR}-2712"/* /usr/lib/firmware/raspberrypi/bootloader-2712 || echo "Failed"
+mkdir -p /lib/firmware/raspberrypi/bootloader-2711
+rsync -alv "${FIRMWARE_DIR}-2711"/* /lib/firmware/raspberrypi/bootloader-2711 || echo "Failed"
+mkdir -p /lib/firmware/raspberrypi/bootloader-2712
+rsync -alv "${FIRMWARE_DIR}-2712"/* /lib/firmware/raspberrypi/bootloader-2712 || echo "Failed"
 
 cp -fv "${script_dir}/../rpi-eeprom-config" /usr/bin
 cp -fv "${script_dir}/../rpi-eeprom-digest" /usr/bin