OpenSystemsDevelopment / usbboot

On BCM2711 the green LED is enabled by the second stage bootloader
indicating that either rpiboot is running successfully or
the GPIO for nRPIBOOT is not being pulled low (e.g. problem on the IO board or damage to GPIO).

* Remove the reference to LEDs flashing with mass-storage-gadget
  because this code was removed.
* Mention LUKS / rpi-otp-private-key in the secure-boot section.
* Add a link to the PIP
* Drop reference to make-boot-image - just use buildroot.

Not all Linux systems have pkg-config installed by default, so include
it in the list of things to install.

Add missing products which do USB device boot.

Ensure consistency within repo and with style guide.

The secure-boot-example/boot.img has been replaced with the
mass-storage-gadget Linux OS image because it already supported
login, hdmi and ethernet.

Typo fixes from @dp111 (who obviously has too much time on his hands).

Add a few tidyups and a note about initramfs

Enable the recovery config.txt options to revoke the ROM
development key which permentantely locks the device into
secure-boot mode.

WARNING: This also prevents the bootloader from being downgraded
to older releases which don't support secure-boot.

This is a very old test image and shouldn't be in this repo.
Since it's bit rotted remove it to avoid confusion.

The image should probably be published via a different repo.

Add some more detail about the RSA signatures.

Tweak update-pieeprom.sh so add a separate argument for the public key in
order to make it easier to customize the script for hardware security modules.

I missed correcting the description in https://github.com/raspberrypi/usbboot/pull/96/commits/14e28be2280212b07d3d64ea20609d76da8145fe

This has fewer dependencies and avoids problems where the temporary
disk image is automounted.

Initial BETA release for secure-boot.

secure-boot adds two new sub-directory to usbboot:

* secure-boot-recovery is used to create an EEPROM signed with
  the customer's RSA private key and configures the 2711 OTP
  settings permenantely require signed boot images.
  See secure-boot-recovery/README.md
* Once secure-boot is enabled the CM4 MSD mode firmware must
  also be signed with the customer's RSA private key.
  See secure-boot-msd/README.md

N.B The revoke_devkey and program_jtag_lock are NOT enabled in
this initial BETA release.

The latest bootloader now supports NVMe

Adds instructions for macOS users.
It will mainly help with the perception that this only works on ubuntu.
You can also use this on macOS without a problem.

* Add 2711 bootcode and FW binaries with the 4 suffix.
* Use the device descriptor to select the correct bootcode and
  hack it so that bootcode.bin translates to bootcode4.bin on a
  Pi4 allowing the files to remain in the same directory.
* Add the latest best for recovery.bin and pieeprom.bin for CM4
* Update the installer.

Move the second stage preparation until after the device descriptor
has been retrieved because BCM2711 needs a different bootcode.bin.

If the '-d' argument specified then check for bootcode.bin in the
specified directory and don't fail over to the embedded fmem files.

Remove the default 'msd' directory and the references to /usr/share
because the behaviour conflicts with the original change to use
the fmem files.

Apt is newer and more user-friendly than apt-get

Since we no longer install rpiboot into /usr/bin then we need ./rpiboot to make it run from the current directory...