pieeprom-2026-06-17: 2712: rpi-fw-crypto fine-grained locking (latest)#852
Merged
Merged
Conversation
* rpi-fw-crypto fine-grained locking Crypto operations can be individually locked per key until after reboot using rpi-fw-crypto set-key-status. Reading, signing, hmac, setting key usage and generating a key can each individually be locked. Setting key usage and generating a key can be locked with lock_device_key_write=1 in config.txt. * Use UTC for BUILD_DATE and BUILD_TIME Expand BUILD_TIMESTAMP using (date -u) for the human readable date / timestamp strings. See: raspberrypi#850 * fix wrap issue with platform_stc64 It is unsafe to read lo and hi registers separately around the wrap point (every 71m) * gencmd: Disable pmicrd and pmicwr if secure-boot is enabled * arm_dt: Avoid incompatible overlay memory leak Overlay loading is now aborted early if the overlay map says that it isn't compatible. Unfortunately that error path leaked the memory used to hold any parameters passed to the overlay. Plug the leak. * Stop the heartbeat with the watchdog There is no reason to keep the watchdog heartbeat going when the watchdog is stopped. Ensure the heartbeat is also stopped. See: raspberrypi/firmware#2023 * arm_dt: Defer overlay_map loading until needed There is no need to load the overlay map if overlays are not being used. Defer the loading of overlay_map until it is actually needed, saving a few tens of milliseconds. * arm_dt: Drop an overlay if remapping fails If the process of overlay name remapping explicitly fails by returning NULL, don't proceed to apply the overlay anyway - it has been rejected. * Avoid an unnecessary relocation ARM64 kernels include a load address in the header, but others don't. For those cases, treat an explicit kernel_address setting as gospel, potentially avoiding an unnecessary relocation. * Set RP1 UART baud to the value configured in eeprom config See: raspberrypi#765 * arm-loader: Restrict SET_VOLTAGE to core-voltage on Pi4 and newer. With LPDDR4 the SDRAM is initialised by Broadcom's DPFE firmware which does PHY training. Attempting to adjust the SDRAM voltage independently of this will just make the system less stable so switch off this legacy behavior on Pi4 and newer.
Collaborator
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Crypto operations can be individually locked per key until after reboot using rpi-fw-crypto set-key-status. Reading, signing, hmac, setting key usage and generating a key can each individually be locked. Setting key usage and generating a key can be locked with lock_device_key_write=1 in config.txt.
Expand BUILD_TIMESTAMP using (date -u) for the human readable date / timestamp strings. See: rpi-bootloader-version: vcgencmd bootloader_version replacement #850
It is unsafe to read lo and hi registers separately around the wrap point (every 71m)
Overlay loading is now aborted early if the overlay map says that it isn't compatible. Unfortunately that error path leaked the memory used to hold any parameters passed to the overlay. Plug the leak.
There is no reason to keep the watchdog heartbeat going when the watchdog is stopped. Ensure the heartbeat is also stopped. See: BOOT_WATCHDOG_TIMEOUT not cancelled after ARM CPU start firmware#2023
There is no need to load the overlay map if overlays are not being used. Defer the loading of overlay_map until it is actually needed, saving a few tens of milliseconds.
If the process of overlay name remapping explicitly fails by returning NULL, don't proceed to apply the overlay anyway - it has been rejected.
Include a load address in the header, but others don't. For those cases, treat an explicit kernel_address setting as gospel, potentially avoiding an unnecessary relocation.
See: No corresponding baud rate setting for
enable_rp1_uart#765With LPDDR4 the SDRAM is initialised by Broadcom's DPFE firmware which does PHY training. Attempting to adjust the SDRAM voltage independently of this will just make the system less stable so switch off this legacy behavior on Pi4 and newer.