Skip to content

pieeprom-2026-06-17: 2712: rpi-fw-crypto fine-grained locking (latest)#852

Merged
timg236 merged 1 commit into
raspberrypi:masterfrom
timg236:pieeprom-2026-06-17-2712
Jun 17, 2026
Merged

pieeprom-2026-06-17: 2712: rpi-fw-crypto fine-grained locking (latest)#852
timg236 merged 1 commit into
raspberrypi:masterfrom
timg236:pieeprom-2026-06-17-2712

Conversation

@timg236

@timg236 timg236 commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator
  • rpi-fw-crypto fine-grained locking
    Crypto operations can be individually locked per key until after reboot using rpi-fw-crypto set-key-status. Reading, signing, hmac, setting key usage and generating a key can each individually be locked. Setting key usage and generating a key can be locked with lock_device_key_write=1 in config.txt.
  • Use UTC for BUILD_DATE and BUILD_TIME
    Expand BUILD_TIMESTAMP using (date -u) for the human readable date / timestamp strings. See: rpi-bootloader-version: vcgencmd bootloader_version replacement #850
  • fix wrap issue with platform_stc64
    It is unsafe to read lo and hi registers separately around the wrap point (every 71m)
  • gencmd: Disable pmicrd and pmicwr if secure-boot is enabled
  • arm_dt: Avoid incompatible overlay memory leak
    Overlay loading is now aborted early if the overlay map says that it isn't compatible. Unfortunately that error path leaked the memory used to hold any parameters passed to the overlay. Plug the leak.
  • Stop the heartbeat with the watchdog
    There is no reason to keep the watchdog heartbeat going when the watchdog is stopped. Ensure the heartbeat is also stopped. See: BOOT_WATCHDOG_TIMEOUT not cancelled after ARM CPU start firmware#2023
  • arm_dt: Defer overlay_map loading until needed
    There is no need to load the overlay map if overlays are not being used. Defer the loading of overlay_map until it is actually needed, saving a few tens of milliseconds.
  • arm_dt: Drop an overlay if remapping fails
    If the process of overlay name remapping explicitly fails by returning NULL, don't proceed to apply the overlay anyway - it has been rejected.
  • Avoid an unnecessary relocation ARM64 kernels
    Include a load address in the header, but others don't. For those cases, treat an explicit kernel_address setting as gospel, potentially avoiding an unnecessary relocation.
  • Set RP1 UART baud to the value configured in eeprom config
    See: No corresponding baud rate setting for enable_rp1_uart #765
  • arm-loader: Restrict SET_VOLTAGE to core-voltage on Pi4 and newer.
    With LPDDR4 the SDRAM is initialised by Broadcom's DPFE firmware which does PHY training. Attempting to adjust the SDRAM voltage independently of this will just make the system less stable so switch off this legacy behavior on Pi4 and newer.

* rpi-fw-crypto fine-grained locking
  Crypto operations can be individually locked per key until after reboot
  using rpi-fw-crypto set-key-status. Reading, signing, hmac, setting key usage
  and generating a key can each individually be locked. Setting key usage and
  generating a key can be locked with lock_device_key_write=1 in config.txt.
* Use UTC for BUILD_DATE and BUILD_TIME
  Expand BUILD_TIMESTAMP using (date -u) for the human readable
  date / timestamp strings.
  See: raspberrypi#850
* fix wrap issue with platform_stc64
  It is unsafe to read lo and hi registers separately
  around the wrap point (every 71m)
* gencmd: Disable pmicrd and pmicwr if secure-boot is enabled
* arm_dt: Avoid incompatible overlay memory leak
  Overlay loading is now aborted early if the overlay map says that it
  isn't compatible. Unfortunately that error path leaked the memory used
  to hold any parameters passed to the overlay. Plug the leak.
* Stop the heartbeat with the watchdog
  There is no reason to keep the watchdog heartbeat going when the
  watchdog is stopped. Ensure the heartbeat is also stopped.
  See: raspberrypi/firmware#2023
* arm_dt: Defer overlay_map loading until needed
  There is no need to load the overlay map if overlays are not being used.
  Defer the loading of overlay_map until it is actually needed, saving a
  few tens of milliseconds.
* arm_dt: Drop an overlay if remapping fails
  If the process of overlay name remapping explicitly fails by returning
  NULL, don't proceed to apply the overlay anyway - it has been rejected.
* Avoid an unnecessary relocation
  ARM64 kernels include a load address in the header, but others don't.
  For those cases, treat an explicit kernel_address setting as gospel,
  potentially avoiding an unnecessary relocation.
* Set RP1 UART baud to the value configured in eeprom config
  See: raspberrypi#765
* arm-loader: Restrict SET_VOLTAGE to core-voltage on Pi4 and newer.
  With LPDDR4 the SDRAM is initialised by Broadcom's DPFE
  firmware which does PHY training. Attempting to adjust the SDRAM
  voltage independently of this will just make the system less stable
  so switch off this legacy behavior on Pi4 and newer.
@timg236

timg236 commented Jun 17, 2026

Copy link
Copy Markdown
Collaborator Author

@pelwell

@timg236 timg236 merged commit 6e2ec7a into raspberrypi:master Jun 17, 2026
1 check passed
@timg236 timg236 deleted the pieeprom-2026-06-17-2712 branch June 17, 2026 08:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant