-
Also make the secure-boot-recovery pieeprom.original.bin a symlink to ../pieeprom.original.bin. There's no need to have different binaries so remove duplication.
-
This also resolve a startup issue CM4-S
-
Ideally, the bootloader EEPROM should be updated before using bootcode4 to run Linux so that full SDRAM init can be loaded. This version fails over to a generic slow configuration if BRCM DDR FW is not found.
-
Typo fixes from @dp111 (who obviously has too much time on his hands).
-
See https://github.com/raspberrypi/usbboot/issues/116
-
The previous version would fail to boot if secure-boot mode was locked via OTP settings.
-
recovery.bin prevent revoke_devkey from being set before the customer key has been programmed.
-
The MSD (and secure-boot variant) bootloader has been updated to fully initialise SDRAM in order to resolve problems when using this method to run Linux ramdisks / initrd. Therefore, MSD boot will not work on a system with a blank or corrupted EEPROM. If so, an error message will be output to the UART and the EEPROM should be programmed using the recovery option.
-
Enable the recovery config.txt options to revoke the ROM development key which permentantely locks the device into secure-boot mode. WARNING: This also prevents the bootloader from being downgraded to older releases which don't support secure-boot.
-
All the bootloader changes to support secure boot are now in the stable EEPROM release so switch to that.
-
Initial BETA release for secure-boot. secure-boot adds two new sub-directory to usbboot: * secure-boot-recovery is used to create an EEPROM signed with the customer's RSA private key and configures the 2711 OTP settings permenantely require signed boot images. See secure-boot-recovery/README.md * Once secure-boot is enabled the CM4 MSD mode firmware must also be signed with the customer's RSA private key. See secure-boot-msd/README.md N.B The revoke_devkey and program_jtag_lock are NOT enabled in this initial BETA release.