OpenSystemsDevelopment / usbboot

The MSD (and secure-boot variant) bootloader has been updated to
fully initialise SDRAM in order to resolve problems when using
this method to run Linux ramdisks / initrd.
Therefore, MSD boot will not work on a system with a blank or
corrupted EEPROM. If so, an error message will be output to the
UART and the EEPROM should be programmed using the recovery
option.

e.g. previously, ../../filename would generate ../.sig

Previously, relative paths would confuse the file name generation regex.
With this change, only the final '.' character is matched as the
beginning of the file extension.

20220111~130126 release

rpiboot: Add build date and version

Capture the changelog version and git version (if available)

bootloader: Enable revoke_devkey in secure-boot recovery.bin

Enable the recovery config.txt options to revoke the ROM
development key which permentantely locks the device into
secure-boot mode.

WARNING: This also prevents the bootloader from being downgraded
to older releases which don't support secure-boot.

This is a very old test image and shouldn't be in this repo.
Since it's bit rotted remove it to avoid confusion.

The image should probably be published via a different repo.

Update the default EEPROM image to 2021-12-02

See: https://github.com/raspberrypi/usbboot/issues/102

Signed-off-by: Phil Elwell <phil@raspberrypi.com>

All the bootloader changes to support secure boot are now in the
stable EEPROM release so switch to that.

Update default pieeprom.bin to the rpi-eeprom stable release

Fix some minor shellcheck warnings

Delete the target file before attempting to replace it, sync before
unmount and set the ownership to be that of the sudo user and not
just root.

secure-boot: Add more documentation about the RSA signatures and add an optional public key argument

Add some more detail about the RSA signatures.

Tweak update-pieeprom.sh so add a separate argument for the public key in
order to make it easier to customize the script for hardware security modules.

I missed correcting the description in https://github.com/raspberrypi/usbboot/pull/96/commits/14e28be2280212b07d3d64ea20609d76da8145fe

Corrected the prune the files to those required for the given board  flag

Update udev rules to use uaccess tag

This has fewer dependencies and avoids problems where the temporary
disk image is automounted.

Add an example boot.img file signed with tools/example-private.pem.

Initial BETA release for secure-boot.

secure-boot adds two new sub-directory to usbboot:

* secure-boot-recovery is used to create an EEPROM signed with
  the customer's RSA private key and configures the 2711 OTP
  settings permenantely require signed boot images.
  See secure-boot-recovery/README.md
* Once secure-boot is enabled the CM4 MSD mode firmware must
  also be signed with the customer's RSA private key.
  See secure-boot-msd/README.md

N.B The revoke_devkey and program_jtag_lock are NOT enabled in
this initial BETA release.

Update to the latest bootcode.bin built from top-of-tree source repo.

Update bootcode4.bin