timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 198
Joined: Thu Jun 21, 2018 4:30 pm

Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 5:47 pm

EDIT: The package is now in the normal apt repositories so there is no need to use the 'untested' repository. You can remove untested from /etc/apt/sources.list.d/raspi.list and use just update/upgrade using regular apt repo

We have just released BETA of the new Debian package for updating the Raspberry Pi 4 bootloader EEPROM. This service automatically updates the bootloader to the latest stable release at the next reboot without needing to swap sd-cards or power cycle.

The release notes and documentation for the bootloader EEPROMs is here:-
https://www.raspberrypi.org/documentati ... teeprom.md

The official documentation for rpi-eeprom-update and rpi-eeprom-config is still being written so here are the notes:-
  • Critical releases are the releases whichare used for production plus any critical bug fixes or security patches.
  • Run "rpi-eeprom-update -h" for more documentation including instructions for how to force an update.
  • The "rpi-eeprom-config" tool is also included which makes it easy to extract bootconf.txt, edit it then update a pieeprom.bin for future updates.
  • The default mechanism is a recovery.bin file which renames itself after successfully updating the EEPROM. Flashrom can be used instead, but is not supported because it would not be safe in the event of power failure and more importantly using dtoverlay / dtparam causes too many deadlock issues if it was run whilst audio or some other driver had access to the SPI / GPIO resources.
  • There is a new gencmd to return the bootloader configuration used at boot 'vcgencmd bootloader_config'. This does not require flashrom or access to SPI.
  • It is possible to prevent automatic updates by editing the bootloader EEPROM configuration and adding 'FREEZE_VERSION=1' (use rpi-eeprom-config). The rpi-eeprom-update script checks this and skips automatic updates if this is set. The system can't enforce this so we would encourage anyone writing their own EEPROM update scripts to also check this flag.
  • This package is not currently installed by default. In future, you disable the systemd service or block the installation of the package with 'apt mark hold'
  • The beta includes the latest stable release (2019-07-15 RC3.3) which was previously announced and has now been promoted to stable and is the default image on the downloads page

Code: Select all

# Update firmware dependencies and install rpi-eeprom
sudo apt update
sudo apt dist-upgrade
sudo reboot
sudo apt install rpi-eeprom
rpi-eeprom-update -h

Code: Select all

# Check if the bootloader is up to date
rpi-eeprom-update

Code: Select all

# Install a specific image
sudo rpi-eeprom-update -f /lib/firmware/raspberrypi/bootloader/critical/pieeprom-2019-05-10.bin
sudo reboot

Code: Select all

# Syslog messages
sudo grep rpi-eeprom-update /var/log/syslog
Last edited by timg236 on Wed Sep 11, 2019 2:37 pm, edited 2 times in total.

ejolson
Posts: 3580
Joined: Tue Mar 18, 2014 11:47 am

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 5:53 pm

timg236 wrote:
Fri Aug 30, 2019 5:47 pm
We have just released BETA of the new Debian package for updating the Raspberry Pi 4 bootloader EEPROM.
Looks convenient. Is there a historical list of EEPROM image versions and what errata are fixed and features added in each?

Specifically is there anything related to gigabit networking?

trejan
Posts: 583
Joined: Tue Jul 02, 2019 2:28 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 6:00 pm

ejolson wrote:
Fri Aug 30, 2019 5:53 pm
Is there a historical list of EEPROM image versions and what errata are fixed and features added in each?
https://www.raspberrypi.org/forums/view ... 7&t=246027
ejolson wrote:
Fri Aug 30, 2019 5:53 pm
Specifically is there anything related to gigabit networking?
No

timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 198
Joined: Thu Jun 21, 2018 4:30 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 6:27 pm

Updated the post to include a link to the documentation + release notes, although the release notes may end up in a separate page at some point

https://www.raspberrypi.org/documentati ... teeprom.md

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 7:43 pm

Can you possibly confirm that the MESA packages are not required for the new firmware and the firmware tools? I don't want to touch MESA at the moment.

timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 198
Joined: Thu Jun 21, 2018 4:30 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 7:46 pm

andrum99 wrote:
Fri Aug 30, 2019 7:43 pm
Can you possibly confirm that the MESA packages are not required for the new firmware and the firmware tools? I don't want to touch MESA at the moment.
Correct they aren't required, just a warning that apt-get dist-ugprade will update all packages. It should be possible to install the package by itself.

apt-get install rpi-eeprom

but you might need to update firmware first if you haven't done so already because it needs the vcgencmd to backup the bootloader_config. I think the rpi-eeprom package depends on the latest firmware anyway.

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 7:55 pm

timg236 wrote:
Fri Aug 30, 2019 7:46 pm
andrum99 wrote:
Fri Aug 30, 2019 7:43 pm
Can you possibly confirm that the MESA packages are not required for the new firmware and the firmware tools? I don't want to touch MESA at the moment.
Correct they aren't required, just a warning that apt-get dist-ugprade will update all packages. It should be possible to install the package by itself.

apt-get install rpi-eeprom

but you might need to update firmware first if you haven't done so already because it needs the vcgencmd to backup the bootloader_config. I think the rpi-eeprom package depends on the latest firmware anyway.
Thanks - I'm already up-to-date so will just install rpi-eeprom and take it from there :D

So for anyone else wanting to avoid MESA changes, just run 'sudo apt update && sudo apt upgrade -y' BEFORE you change the apt sources, then miss out the 'apt dist-upgrade' step and proceed straight to 'apt install rpi-eeprom'.

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 8:05 pm

There's a typo in the help text for the rpi-eeprom-upgrade tool. The first part reads:

Code: Select all

rpi-eeprom-update [options]... [FILE]
   Checks whether there Raspberry Pi bootloader EEPROM is up to date and
   optionally updates the EEPROM.
I'm guessing it should probably say "Checks whether the Raspberry Pi...". Also, 'up to date' should ideally be hyphenated, i.e. 'up-to-date'.

Also, is this thread the best place to point out bugs, like this, or should they be somewhere else, like Github? If so, which repo?

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 8:16 pm

I've got another couple of questions:

Firstly, upon checking for a new EEPROM firmware, the rpi-eeprom-update tool currently reports '*** UPDATE REQUIRED ***'on my Pi 4. I'm wondering if perhaps it would be better worded as '*** UPDATE AVAILABLE ***'?

Secondly, does the rpi-eeprom-update tool, when called to manually update the EEPROM firmware, allow the EEPROM firmware to be flashed by a non-root user, i.e. without using sudo? I'm guessing not.

timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 198
Joined: Thu Jun 21, 2018 4:30 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 8:30 pm

andrum99 wrote:
Fri Aug 30, 2019 8:16 pm
I've got another couple of questions:

Firstly, upon checking for a new EEPROM firmware, the rpi-eeprom-update tool currently reports '*** UPDATE REQUIRED ***'on my Pi 4. I'm wondering if perhaps it would be better worded as '*** UPDATE AVAILABLE ***'?

Secondly, does the rpi-eeprom-update tool, when called to manually update the EEPROM firmware, allow the EEPROM firmware to be flashed by a non-root user, i.e. without using sudo? I'm guessing not.
The normal method for update would be via system which already has root priviledes, this also makes the output invisible. After extensive discussion about the the UI we decided that for the majority of non-technical users the service should just do the right thing. i.e. random permissions prompts full of technical stuff that people don't understand do more harm than good.

For technical users there are numerous options for them to tweak the script behaviour, systemd service and integrate UIs or not e.g. they could update the sudoers file to remove the need to do sudo. Personally, I'd just disable the systemd service and run it on demand if I wanted to do things manually. It would be trivial to wrap that into a UI if you wanted.

To answer your original question, if there is a critical update available then the service considers it to be required, if it wasn't required we wouldn't push it out as a critical update (.i.e. doing the right thing)

If you look at /etc/default/rpi-eeprom-update then it's possible to track different folders of EEPROM updates e.g. we might add beta or stable (for advanced boot modes out of beta)

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 8:41 pm

timg236 wrote:
Fri Aug 30, 2019 8:30 pm
andrum99 wrote:
Fri Aug 30, 2019 8:16 pm
I've got another couple of questions:

Firstly, upon checking for a new EEPROM firmware, the rpi-eeprom-update tool currently reports '*** UPDATE REQUIRED ***'on my Pi 4. I'm wondering if perhaps it would be better worded as '*** UPDATE AVAILABLE ***'?

Secondly, does the rpi-eeprom-update tool, when called to manually update the EEPROM firmware, allow the EEPROM firmware to be flashed by a non-root user, i.e. without using sudo? I'm guessing not.
The normal method for update would be via system which already has root priviledes, this also makes the output invisible. After extensive discussion about the the UI we decided that for the majority of non-technical users the service should just do the right thing. i.e. random permissions prompts full of technical stuff that people don't understand do more harm than good.
I don't like the idea of being able to flash an EEPROM without root permissions (or suitable fine-grained permissions). I hadn't realised there was the facility to have different levels of update available. Presumably you have the ability to flag more run of the mill updates that simply add new features, but not bug fixes or security fixes, as "optional", and this would result in a message more like 'update available'?

timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 198
Joined: Thu Jun 21, 2018 4:30 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 8:49 pm

andrum99 wrote:
Fri Aug 30, 2019 8:41 pm
timg236 wrote:
Fri Aug 30, 2019 8:30 pm
andrum99 wrote:
Fri Aug 30, 2019 8:16 pm
I've got another couple of questions:

Firstly, upon checking for a new EEPROM firmware, the rpi-eeprom-update tool currently reports '*** UPDATE REQUIRED ***'on my Pi 4. I'm wondering if perhaps it would be better worded as '*** UPDATE AVAILABLE ***'?

Secondly, does the rpi-eeprom-update tool, when called to manually update the EEPROM firmware, allow the EEPROM firmware to be flashed by a non-root user, i.e. without using sudo? I'm guessing not.
The normal method for update would be via system which already has root priviledes, this also makes the output invisible. After extensive discussion about the the UI we decided that for the majority of non-technical users the service should just do the right thing. i.e. random permissions prompts full of technical stuff that people don't understand do more harm than good.
I don't like the idea of being able to flash an EEPROM without root permissions (or suitable fine-grained permissions). I hadn't realised there was the facility to have different levels of update available. Presumably you have the ability to flag more run of the mill updates that simply add new features, but not bug fixes or security fixes, as "optional", and this would result in a message more like 'update available'?
The service requires root privileges but the pi user has special privileges for gpio and the eeprom is available via spi/gpio so nothing has changed

trejan
Posts: 583
Joined: Tue Jul 02, 2019 2:28 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 8:54 pm

andrum99 wrote:
Fri Aug 30, 2019 8:41 pm
I don't like the idea of being able to flash an EEPROM without root permissions (or suitable fine-grained permissions).
There is a system service that will apply critical updates automatically. If you don't want that happening then set the FREEZE_VERSION flag. If you want to stop users from applying firmware updates manually then you need to remove root privileges and make sure they're not in the gpio group which lets them directly reprogram the EEPROM using flashrom. If somebody has none of those privileges then they can't update the firmware.

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 8:57 pm

timg236 wrote:
Fri Aug 30, 2019 8:49 pm
andrum99 wrote:
Fri Aug 30, 2019 8:41 pm
timg236 wrote:
Fri Aug 30, 2019 8:30 pm


The normal method for update would be via system which already has root priviledes, this also makes the output invisible. After extensive discussion about the the UI we decided that for the majority of non-technical users the service should just do the right thing. i.e. random permissions prompts full of technical stuff that people don't understand do more harm than good.
I don't like the idea of being able to flash an EEPROM without root permissions (or suitable fine-grained permissions). I hadn't realised there was the facility to have different levels of update available. Presumably you have the ability to flag more run of the mill updates that simply add new features, but not bug fixes or security fixes, as "optional", and this would result in a message more like 'update available'?
The service requires root privileges but the pi user has special privileges for gpio and the eeprom is available via spi/gpio so nothing has changed
I was meaning the manual update process. Something has changed, since we didn't have an EEPROM until Pi 4. There is OTP on the other models, but that does require root privileges, since you need to be root to edit config.txt to insert the relevant commands to program the OTP. There are no other cases on official Raspberry Pi hardware where persistent memory can be altered without root privileges - just the new boot EEPROM. (This of course excludes third party hardware - if other vendors want to do things differently, that's up to them).

timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 198
Joined: Thu Jun 21, 2018 4:30 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 8:59 pm

As I said the manual process requires root. Try it :)

trejan
Posts: 583
Joined: Tue Jul 02, 2019 2:28 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 9:05 pm

andrum99 wrote:
Fri Aug 30, 2019 8:57 pm
I was meaning the manual update process. Something has changed, since we didn't have an EEPROM until Pi 4. There is OTP on the other models, but that does require root privileges, since you need to be root to edit config.txt to insert the relevant commands to program the OTP. There are no other cases on official Raspberry Pi hardware where persistent memory can be altered without root privileges - just the new boot EEPROM.
You can only do a manual update if you have root privileges when using the rpi-eeprom-update tool or are in the gpio group to do it directly using flashrom.

https://www.raspberrypi.org/documentati ... teeprom.md mentions a way of write protecting the EEPROM in hardware but the schematics don't say which resistor. The two EEPROMs on the top have the WP pins connected together but it disappears off into a via.

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Fri Aug 30, 2019 9:20 pm

timg236 wrote:
Fri Aug 30, 2019 8:59 pm
As I said the manual process requires root. Try it :)
Sorry - my mistake. As you were!

timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 198
Joined: Thu Jun 21, 2018 4:30 pm

Re: Raspberry Pi4 EEPROM update package - beta

Tue Sep 03, 2019 9:02 am

The scripts for updating and configuring the bootloader EEPROM are now hosted on Github. The pieeprom binaries will also be hosted here

https://github.com/raspberrypi/rpi-eeprom

bjtheone
Posts: 261
Joined: Mon May 20, 2019 11:28 pm
Location: Kanata, Ontario, Canada

Re: Raspberry Pi4 EEPROM update package - beta

Tue Sep 03, 2019 5:28 pm

trejan wrote:
Fri Aug 30, 2019 9:05 pm
You can only do a manual update if you have root privileges when using the rpi-eeprom-update tool or are in the gpio group to do it directly using flashrom.

https://www.raspberrypi.org/documentati ... teeprom.md mentions a way of write protecting the EEPROM in hardware but the schematics don't say which resistor. The two EEPROMs on the top have the WP pins connected together but it disappears off into a via.
Given that there will likely be a rev 2 of the pcb to deal with the USB C charging issue, so that it correctly identifies itself as per the standard, it might be a fabulous idea to add a jumper for the EEPROM, such that you could disable the ability. Obviously would not stop folks with physical access, but would deal will the oops, and the situation where you want to prevent certain mucking about (schools or commercial) by putting the Pi in a tamper proof case.

ejolson
Posts: 3580
Joined: Tue Mar 18, 2014 11:47 am

Re: Raspberry Pi4 EEPROM update package - beta

Tue Sep 03, 2019 9:02 pm

bjtheone wrote:
Tue Sep 03, 2019 5:28 pm
trejan wrote:
Fri Aug 30, 2019 9:05 pm
You can only do a manual update if you have root privileges when using the rpi-eeprom-update tool or are in the gpio group to do it directly using flashrom.

https://www.raspberrypi.org/documentati ... teeprom.md mentions a way of write protecting the EEPROM in hardware but the schematics don't say which resistor. The two EEPROMs on the top have the WP pins connected together but it disappears off into a via.
Given that there will likely be a rev 2 of the pcb to deal with the USB C charging issue, so that it correctly identifies itself as per the standard, it might be a fabulous idea to add a jumper for the EEPROM, such that you could disable the ability. Obviously would not stop folks with physical access, but would deal will the oops, and the situation where you want to prevent certain mucking about (schools or commercial) by putting the Pi in a tamper proof case.
Even high-end motherboards for Intel compatible processors don't have a jumper to disable reflashing the BIOS. The costs of such a jumper are two-fold: the actual manufacturing costs and technical support for the clueless who are holding it wrong.

I just spent yesterday afternoon resetting 50 such PCs because HP Sure Start was preventing access to any of the system settings on more than half the machines in the lab, presumably because such mucking about (or possibly an incompatibility with the HD imaging software used). On the bright side, having a programmable EEPROM in the Pi may make it more suitable for use in university-level courses on computer security and forensic analysis.

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Wed Sep 04, 2019 9:52 am

ejolson wrote:
Tue Sep 03, 2019 9:02 pm
Even high-end motherboards for Intel compatible processors don't have a jumper to disable reflashing the BIOS.

Agreed - adding a jumper is probably not necessary. Also, if Raspberry Pi thought it was necessary they would have added it to the board already.

bjtheone
Posts: 261
Joined: Mon May 20, 2019 11:28 pm
Location: Kanata, Ontario, Canada

Re: Raspberry Pi4 EEPROM update package - beta

Wed Sep 04, 2019 11:41 am

ejolson wrote:
Tue Sep 03, 2019 9:02 pm
Even high-end motherboards for Intel compatible processors don't have a jumper to disable reflashing the BIOS. The costs of such a jumper are two-fold: the actual manufacturing costs and technical support for the clueless who are holding it wrong.

I just spent yesterday afternoon resetting 50 such PCs because HP Sure Start was preventing access to any of the system settings on more than half the machines in the lab, presumably because such mucking about (or possibly an incompatibility with the HD imaging software used). On the bright side, having a programmable EEPROM in the Pi may make it more suitable for use in university-level courses on computer security and forensic analysis.
High end motherboards used to have such jumpers. Also, given that there are already a number of header posts on the board, the manufacturing process already has to deal with them so it would only be the incremental costs of another 3 pin header. If it was set disabled from the factory, most of the clueless would never know as they are unlikely to be the ones attempting to flash the EEPROM. I guess it comes down to how important RPT and their customers considers control & security. Personally I don't care, as my Pis are (a) for personal use, (b) live in a fairly secure environment, and (c) only admin'ed by me. If I was running a computer lab in a high school or university I would want such a jumper and secure cases and be looking forward to netboot with great enthusiasm.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 23688
Joined: Sat Jul 30, 2011 7:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Wed Sep 04, 2019 12:21 pm

bjtheone wrote:
Wed Sep 04, 2019 11:41 am
ejolson wrote:
Tue Sep 03, 2019 9:02 pm
Even high-end motherboards for Intel compatible processors don't have a jumper to disable reflashing the BIOS. The costs of such a jumper are two-fold: the actual manufacturing costs and technical support for the clueless who are holding it wrong.

I just spent yesterday afternoon resetting 50 such PCs because HP Sure Start was preventing access to any of the system settings on more than half the machines in the lab, presumably because such mucking about (or possibly an incompatibility with the HD imaging software used). On the bright side, having a programmable EEPROM in the Pi may make it more suitable for use in university-level courses on computer security and forensic analysis.
High end motherboards used to have such jumpers. Also, given that there are already a number of header posts on the board, the manufacturing process already has to deal with them so it would only be the incremental costs of another 3 pin header. If it was set disabled from the factory, most of the clueless would never know as they are unlikely to be the ones attempting to flash the EEPROM. I guess it comes down to how important RPT and their customers considers control & security. Personally I don't care, as my Pis are (a) for personal use, (b) live in a fairly secure environment, and (c) only admin'ed by me. If I was running a computer lab in a high school or university I would want such a jumper and secure cases and be looking forward to netboot with great enthusiasm.
I suspect the main problem would be board space and layout - it was very difficult to get everything on as it is now, adding an extra jumper, and they take up a lot of space - might be impossible.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
"My grief counseller just died, luckily, he was so good, I didn't care."

andrum99
Posts: 819
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi4 EEPROM update package - beta

Wed Sep 04, 2019 12:24 pm

Perhaps a compromise might be to include an obvious break location on the PCB with a couple of exposed pads either side, where someone could cut the track, then if they wanted to re-enable flashing place a link across the pads. Adding actual jumpers would add additional cost. If there was a way to add an unpopulated header but still have it default to enabling flashing then that would be simpler, but that may not be possible.

If someone really wants to permanently disable flashing the EEPROM now they can probably find a PCB track to cut.

timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 198
Joined: Thu Jun 21, 2018 4:30 pm

Re: Raspberry Pi4 EEPROM update package - beta

Sat Sep 07, 2019 11:08 am

The rpi-eeprom package has been moved from untested to stable so it can be installed with just

apt update
apt get rpi-eeprom

Whilst the rescue image is still available for fixing corrupted EEPROMs the documentation (PR pending) will point users towards rpi-eeprom for feature upgrades / bug fixes.

Return to “Advanced users”