pieeprom-2026-01-16: 2712: Assume eMMC for CM4/CM5 (latest)

* Assume eMMC for CM4/CM5 non-lite
  Attempt the fast path by skipping the SD interface condition command timeout on CM4/CM5 (non-lite) modules and enable eMMC mode directly. This saves ~250ms of the boot time.
* Don't stomp on RTC alarm state
  Preserve the RTC's alarm state so that it can be queried by the rpi-rtc
  driver.
  See: https://github.com/raspberrypi/firmware/issues/2011
* arm_loader: Apply rpifwcrypto lock permissions GET/SET USER OTP
  Previously, the GET/SET user OTP mailboxes would provide access to the
  device unique private key. Update the mailbox API to fail if the
  key has been locked via lock_device_private_key=1 in config.txt or
  the associated mailbox call.
  GET/SET user OTP fails by setting the result tag to the standard
  error code (0x80000000). The dedicate GET/SET private key continue
  to fail the entire mailbox operation to force vcmailbox to exit
  with a non-zero error code.
* cm5: Add support for 8-bit bus width eMMC

firmware-2711/release-notes.md

@@ -1,5 +1,22 @@
 # Raspberry Pi4 bootloader EEPROM release notes
 
+## 2026-01-13: Promote 2026-01-09 to the default release (default)
+
+## 2026-01-09: arm_loader: Apply rpifwcrypto lock permissions GET/SET USER OTP (latest)
+
+* arm_loader: Apply rpifwcrypto lock permissions GET/SET USER OTP
+  Previously, the GET/SET user OTP mailboxes would provide access to the
+  device unique private key. Update the mailbox API to fail if the
+  key has been locked via lock_device_private_key=1 in config.txt or
+  the associated mailbox call.
+  GET/SET user OTP fails by setting the result tag to the standard
+  error code (0x80000000). The dedicate GET/SET private key continue
+  to fail the entire mailbox operation to force vcmailbox to exit
+  with a non-zero error code.
+* cm5: Add support for 8-bit bus width eMMC
+* Query all sdram devices for temperature when adjusting refresh
+* Add support for more SDRAM die configurations.
+
 ## 2025-12-09: Promote 2025-12-08 to the default release (default)
 
 ## 2025-12-08: arm_loader: Add machine ID derived from OTP values (latest)

firmware-2712/release-notes.md

@@ -1,5 +1,24 @@
 # Raspberry Pi5 bootloader EEPROM release notes
 
+## 2026-01-16: Assume eMMC for CM4/CM5 non-lite (latest)
+
+* Assume eMMC for CM4/CM5 non-lite
+  Attempt the fast path by skipping the SD interface condition command timeout on CM4/CM5 (non-lite) modules and enable eMMC mode directly. This saves ~250ms of the boot time.
+* Don't stomp on RTC alarm state
+  Preserve the RTC's alarm state so that it can be queried by the rpi-rtc
+  driver.
+  See: https://github.com/raspberrypi/firmware/issues/2011
+* arm_loader: Apply rpifwcrypto lock permissions GET/SET USER OTP
+  Previously, the GET/SET user OTP mailboxes would provide access to the
+  device unique private key. Update the mailbox API to fail if the
+  key has been locked via lock_device_private_key=1 in config.txt or
+  the associated mailbox call.
+  GET/SET user OTP fails by setting the result tag to the standard
+  error code (0x80000000). The dedicate GET/SET private key continue
+  to fail the entire mailbox operation to force vcmailbox to exit
+  with a non-zero error code.
+* cm5: Add support for 8-bit bus width eMMC
+
 ## 2025-12-09: Promote 2025-12-08 to the default release (default)
 
 ## 2025-12-08: arm_loader: Add machine ID derived from OTP values (latest)

imager/make-imager-release

@@ -1,14 +1,18 @@
 #!/bin/sh
 
 set -e
+set -x
 
 script_dir=$(cd "$(dirname "$0")" && pwd)
+base_dir="${script_dir}/.."
 
 # Pi4, Pi400, CM4, CM4-S
-${script_dir}/make-release critical 2025-11-05 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
+image_date=$(ls -lr $base_dir/firmware-2711/default/ | grep pieeprom | sed 's/.*pieeprom-//g' | sed 's/.bin//g' | head -n1)
+${script_dir}/make-release critical ${image_date} 000138c0 "${script_dir}/2711-config" release-2711 rpi-boot-eeprom-recovery 2711
 
 # Pi5
-${script_dir}/make-release critical 2025-11-05 "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712
+image_date=$(ls -lr $base_dir/firmware-2712/default/ | grep pieeprom | sed 's/.*pieeprom-//g' | sed 's/.bin//g' | head -n1)
+${script_dir}/make-release critical ${image_date} "" "${script_dir}/2712-config" release-2712 rpi-boot-eeprom-recovery 2712
 
 # Convert to disk image for RPi Imager downloads
 sudo ${script_dir}/make-recovery-images

rpi-eeprom-config

@@ -117,12 +117,12 @@ def shell_cmd(args, timeout=10, echo=False):
     error occurs then exit and output the subprocess stdout, stderr messages
     for debug.
     """
-    start = time.time()
+    start = time.monotonic()
     arg_str = ' '.join(args)
     bufsize = 0 if echo else -1
     result = subprocess.Popen(args, bufsize=bufsize, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
-    while time.time() - start < timeout:
+    while time.monotonic() - start < timeout:
         if echo:
             s = result.stdout.read(80).decode('utf-8')
             if s != "":