secure-boot-recovery5: Update docs to improve developer experience#325
secure-boot-recovery5: Update docs to improve developer experience#325timg236 merged 3 commits intoraspberrypi:masterfrom jack-obrien:master
Conversation
| ``` | ||
|
|
||
| ## Requirement for flashed OTP | ||
| The BCM2712 will not boot a signed EEPROM image unless it holds the public key in its One Time Programmable (OTP) memory. If you try to boot a signed EEPROM image without burning the public key into OTP, the boot LED on the Raspberry Pi 5B will display an error code by flashing green 2 times. |
There was a problem hiding this comment.
I think this first paragraph is only true on a BCM2712 C1, unfortuantely BCM2712 D0 (CM5, Pi500 and newer Pi5) cannot do the flash code from the bootrom.
|
Looks good apart from the minor detail about different bootrom behaviour. |
|
Thanks for the feedback! Happy to update that commit about the bootrom behaviour. Do you know if the BCM2712 D0 bootrom still needs burnt OTP to boot a signed EEPROM image? I can check this myself soon if needed, I have a couple CM5s to play with. |
Thanks for this. The BCM2712 C1 and D0 bootroms have the same OTP code signing requirements. Unfortunately, the D0 bootrom can't flash the activity LED due to fallout from the GPIO re-assignment between C1 and D0 which was in turn caused by removing the unused (by RPi) parts of the silicon. |
|
Should be good now, I rebased onto HEAD and added a little note about the different LED flash codes between the C1 and D0 steppings. |
Also note the difference between C1 and D0 steppings in the LED flash codes.
|
@jack-obrien merged. Thanks! |
2 participants
Hi there,
Recently I tried setting up secure boot on a pi5 and I had a lot of trouble wading through the docs and testing it.
In particular there was some confusion about the possibility to test booting from a signed
pieeprom.binEEPROM bootloader image without burning the OTP bits in the BCM2712. Seems other devs have had this issue, I found this forum post helpful at the time: https://forums.raspberrypi.com/viewtopic.php?t=370062Most of this stuff should be pretty uncontroversial, just adding clarification about how the tools in this folder work.
However I would appreciate some feedback on the 2nd commit "secure-boot-recovery5: Document that BCM2172 needs burnt OTP to boot signed pieeprom.bin". The two LED blinks seems like an undocumented feature of the Pi 5. Just want to confirm my understanding is correct about the BCM2712 currently not booting a signed EEPROM image without first burning the public key into OTP.