diff --git a/eeprom-erase/README.md b/eeprom-erase/README.md
new file mode 100644
index 0000000..cd22599
--- /dev/null
+++ b/eeprom-erase/README.md
@@ -0,0 +1,10 @@
+The `erase_eeprom` `config.txt` option causes `recovery.bin` to execute a chip-erase operation on the bootloader SPI EEPROM.
+This is a test/debug option and there is no need to manually erase an EEPROM before flashing it.
+
+If the SPI EEPROM is erased then the Raspberry Pi will not boot until a new EEPROM image has been written via `RPIBOOT`
+or the Raspberry Pi Imager (Pi4 and Pi400 only).
+
+```bash
+cd erase-eeprom
+../rpiboot -d .
+```
diff --git a/eeprom-erase/bootcode4.bin b/eeprom-erase/bootcode4.bin
new file mode 100644
index 0000000..b5f0a18
--- /dev/null
+++ b/eeprom-erase/bootcode4.bin
diff --git a/eeprom-erase/config.txt b/eeprom-erase/config.txt
new file mode 100644
index 0000000..7fc4d21
--- /dev/null
+++ b/eeprom-erase/config.txt
@@ -0,0 +1,2 @@
+erase_eeprom=1
+uart_2ndstage=1
diff --git a/msd/bootcode4.bin b/msd/bootcode4.bin
index 6f54097..55d735e 100644
--- a/msd/bootcode4.bin
+++ b/msd/bootcode4.bin
diff --git a/recovery/bootcode4.bin b/recovery/bootcode4.bin
index 48dfd08..b5f0a18 100644
--- a/recovery/bootcode4.bin
+++ b/recovery/bootcode4.bin
diff --git a/recovery/pieeprom-2021-02-16.bin b/recovery/pieeprom-2021-02-16.bin
deleted file mode 100644
index 7413a3f..0000000
--- a/recovery/pieeprom-2021-02-16.bin
+++ /dev/null
diff --git a/recovery/pieeprom-2021-06-14.bin b/recovery/pieeprom-2021-06-14.bin
deleted file mode 100644
index a57c745..0000000
--- a/recovery/pieeprom-2021-06-14.bin
+++ /dev/null
diff --git a/recovery/pieeprom-2021-07-06.bin b/recovery/pieeprom-2021-07-06.bin
deleted file mode 100644
index c93ece1..0000000
--- a/recovery/pieeprom-2021-07-06.bin
+++ /dev/null
diff --git a/recovery/pieeprom-2021-11-22.bin b/recovery/pieeprom-2021-11-22.bin
deleted file mode 100755
index 6f21e0c..0000000
--- a/recovery/pieeprom-2021-11-22.bin
+++ /dev/null
diff --git a/recovery/pieeprom.bin b/recovery/pieeprom.bin
index 71e1d0f..fc91d1b 100644
--- a/recovery/pieeprom.bin
+++ b/recovery/pieeprom.bin
diff --git a/recovery/pieeprom.original.bin b/recovery/pieeprom.original.bin
index 6a00581..457f0ec 100755
--- a/recovery/pieeprom.original.bin
+++ b/recovery/pieeprom.original.bin
diff --git a/recovery/pieeprom.sig b/recovery/pieeprom.sig
index 6660ee4..258865b 100644
--- a/recovery/pieeprom.sig
+++ b/recovery/pieeprom.sig
@@ -1,2 +1,2 @@
-5ecc63242cd1250e70d9e630cd4e3a7c98af78b788168e34f2aa3333e44eb2dc
-ts: 1639478069
+b9cbf81208306d241687e657067efd3afdd537fc8a39f7567eba87e69f4fcf57
+ts: 1643189590
diff --git a/secure-boot-msd/bootcode4.bin b/secure-boot-msd/bootcode4.bin
index acb78a4..55d735e 100644
--- a/secure-boot-msd/bootcode4.bin
+++ b/secure-boot-msd/bootcode4.bin
diff --git a/secure-boot-recovery/README.md b/secure-boot-recovery/README.md
index 126dafa..80d3ac4 100644
--- a/secure-boot-recovery/README.md
+++ b/secure-boot-recovery/README.md
@@ -51,7 +51,7 @@ cd secure-boot-recovery
 ../tools/update-pieeprom.sh -k "${KEY_FILE}"
 ```
 
-`pieeprom.bin` can then be flashed to the bootloader EEPROM via rpiboot.
+`pieeprom.bin` can then be flashed to the bootloader EEPROM via `rpiboot`.
 
 ## Program the EEPROM image using rpiboot
 * Power off CM4
@@ -72,9 +72,11 @@ onwards:
 * The EEPROM configuration file must be signed with the customer private key.
 * It is not possible to install an old version of the bootloader that does
   support secure boot.
-* **It is NOT possible to use a different private key to signed the OS images**
+* This option requires EEPROM version 2022-01-06 or newer.
+* BETA bootloader releases are not signed with the ROM secure boot key and will
+  not boot on a system where `revoke_devkey` has been set.
 
-**WARNING: THESE OPTIONS PERMANENTLY THE BCM2711 CHIP AND ARE IRREVERSIBLE.**
+**WARNING: Modifications to OTP are irreversible. Once `revoke_devkey` has been set it is not possible to unlock secure-boot mode or use a different private key.**
 
 To enable this edit the `config.txt` file in this directory and set
 `program_pubkey=1`
diff --git a/secure-boot-recovery/bootcode4.bin b/secure-boot-recovery/bootcode4.bin
index f3a75cb..b5f0a18 100644
--- a/secure-boot-recovery/bootcode4.bin
+++ b/secure-boot-recovery/bootcode4.bin
diff --git a/secure-boot-recovery/pieeprom.original.bin b/secure-boot-recovery/pieeprom.original.bin
index 8ea80de..457f0ec 100644
--- a/secure-boot-recovery/pieeprom.original.bin
+++ b/secure-boot-recovery/pieeprom.original.bin