Page 1 of 3

Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 5:47 pm
by timg236
EDIT: The package is now in the normal apt repositories so there is no need to use the 'untested' repository. You can remove untested from /etc/apt/sources.list.d/raspi.list and use just update/upgrade using regular apt repo

We have just released BETA of the new Debian package for updating the Raspberry Pi 4 bootloader EEPROM. This service automatically updates the bootloader to the latest stable release at the next reboot without needing to swap sd-cards or power cycle.

The release notes and documentation for the bootloader EEPROMs is here:-
https://www.raspberrypi.org/documentati ... teeprom.md

The official documentation for rpi-eeprom-update and rpi-eeprom-config is still being written so here are the notes:-
  • Critical releases are the releases whichare used for production plus any critical bug fixes or security patches.
  • Run "rpi-eeprom-update -h" for more documentation including instructions for how to force an update.
  • The "rpi-eeprom-config" tool is also included which makes it easy to extract bootconf.txt, edit it then update a pieeprom.bin for future updates.
  • The default mechanism is a recovery.bin file which renames itself after successfully updating the EEPROM. Flashrom can be used instead, but is not supported because it would not be safe in the event of power failure and more importantly using dtoverlay / dtparam causes too many deadlock issues if it was run whilst audio or some other driver had access to the SPI / GPIO resources.
  • There is a new gencmd to return the bootloader configuration used at boot 'vcgencmd bootloader_config'. This does not require flashrom or access to SPI.
  • It is possible to prevent automatic updates by editing the bootloader EEPROM configuration and adding 'FREEZE_VERSION=1' (use rpi-eeprom-config). The rpi-eeprom-update script checks this and skips automatic updates if this is set. The system can't enforce this so we would encourage anyone writing their own EEPROM update scripts to also check this flag.
  • This package is not currently installed by default. In future, you disable the systemd service or block the installation of the package with 'apt mark hold'
  • The beta includes the latest stable release (2019-07-15 RC3.3) which was previously announced and has now been promoted to stable and is the default image on the downloads page

Code: Select all

# Update firmware dependencies and install rpi-eeprom
sudo apt update
sudo apt dist-upgrade
sudo reboot
sudo apt install rpi-eeprom
rpi-eeprom-update -h

Code: Select all

# Check if the bootloader is up to date
rpi-eeprom-update

Code: Select all

# Install a specific image
sudo rpi-eeprom-update -f /lib/firmware/raspberrypi/bootloader/critical/pieeprom-2019-05-10.bin
sudo reboot

Code: Select all

# Syslog messages
sudo grep rpi-eeprom-update /var/log/syslog

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 5:53 pm
by ejolson
timg236 wrote:
Fri Aug 30, 2019 5:47 pm
We have just released BETA of the new Debian package for updating the Raspberry Pi 4 bootloader EEPROM.
Looks convenient. Is there a historical list of EEPROM image versions and what errata are fixed and features added in each?

Specifically is there anything related to gigabit networking?

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 6:00 pm
by trejan
ejolson wrote:
Fri Aug 30, 2019 5:53 pm
Is there a historical list of EEPROM image versions and what errata are fixed and features added in each?
https://www.raspberrypi.org/forums/view ... 7&t=246027
ejolson wrote:
Fri Aug 30, 2019 5:53 pm
Specifically is there anything related to gigabit networking?
No

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 6:27 pm
by timg236
Updated the post to include a link to the documentation + release notes, although the release notes may end up in a separate page at some point

https://www.raspberrypi.org/documentati ... teeprom.md

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 7:43 pm
by andrum99
Can you possibly confirm that the MESA packages are not required for the new firmware and the firmware tools? I don't want to touch MESA at the moment.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 7:46 pm
by timg236
andrum99 wrote:
Fri Aug 30, 2019 7:43 pm
Can you possibly confirm that the MESA packages are not required for the new firmware and the firmware tools? I don't want to touch MESA at the moment.
Correct they aren't required, just a warning that apt-get dist-ugprade will update all packages. It should be possible to install the package by itself.

apt-get install rpi-eeprom

but you might need to update firmware first if you haven't done so already because it needs the vcgencmd to backup the bootloader_config. I think the rpi-eeprom package depends on the latest firmware anyway.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 7:55 pm
by andrum99
timg236 wrote:
Fri Aug 30, 2019 7:46 pm
andrum99 wrote:
Fri Aug 30, 2019 7:43 pm
Can you possibly confirm that the MESA packages are not required for the new firmware and the firmware tools? I don't want to touch MESA at the moment.
Correct they aren't required, just a warning that apt-get dist-ugprade will update all packages. It should be possible to install the package by itself.

apt-get install rpi-eeprom

but you might need to update firmware first if you haven't done so already because it needs the vcgencmd to backup the bootloader_config. I think the rpi-eeprom package depends on the latest firmware anyway.
Thanks - I'm already up-to-date so will just install rpi-eeprom and take it from there :D

So for anyone else wanting to avoid MESA changes, just run 'sudo apt update && sudo apt upgrade -y' BEFORE you change the apt sources, then miss out the 'apt dist-upgrade' step and proceed straight to 'apt install rpi-eeprom'.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 8:05 pm
by andrum99
There's a typo in the help text for the rpi-eeprom-upgrade tool. The first part reads:

Code: Select all

rpi-eeprom-update [options]... [FILE]
   Checks whether there Raspberry Pi bootloader EEPROM is up to date and
   optionally updates the EEPROM.
I'm guessing it should probably say "Checks whether the Raspberry Pi...". Also, 'up to date' should ideally be hyphenated, i.e. 'up-to-date'.

Also, is this thread the best place to point out bugs, like this, or should they be somewhere else, like Github? If so, which repo?

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 8:16 pm
by andrum99
I've got another couple of questions:

Firstly, upon checking for a new EEPROM firmware, the rpi-eeprom-update tool currently reports '*** UPDATE REQUIRED ***'on my Pi 4. I'm wondering if perhaps it would be better worded as '*** UPDATE AVAILABLE ***'?

Secondly, does the rpi-eeprom-update tool, when called to manually update the EEPROM firmware, allow the EEPROM firmware to be flashed by a non-root user, i.e. without using sudo? I'm guessing not.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 8:30 pm
by timg236
andrum99 wrote:
Fri Aug 30, 2019 8:16 pm
I've got another couple of questions:

Firstly, upon checking for a new EEPROM firmware, the rpi-eeprom-update tool currently reports '*** UPDATE REQUIRED ***'on my Pi 4. I'm wondering if perhaps it would be better worded as '*** UPDATE AVAILABLE ***'?

Secondly, does the rpi-eeprom-update tool, when called to manually update the EEPROM firmware, allow the EEPROM firmware to be flashed by a non-root user, i.e. without using sudo? I'm guessing not.
The normal method for update would be via system which already has root priviledes, this also makes the output invisible. After extensive discussion about the the UI we decided that for the majority of non-technical users the service should just do the right thing. i.e. random permissions prompts full of technical stuff that people don't understand do more harm than good.

For technical users there are numerous options for them to tweak the script behaviour, systemd service and integrate UIs or not e.g. they could update the sudoers file to remove the need to do sudo. Personally, I'd just disable the systemd service and run it on demand if I wanted to do things manually. It would be trivial to wrap that into a UI if you wanted.

To answer your original question, if there is a critical update available then the service considers it to be required, if it wasn't required we wouldn't push it out as a critical update (.i.e. doing the right thing)

If you look at /etc/default/rpi-eeprom-update then it's possible to track different folders of EEPROM updates e.g. we might add beta or stable (for advanced boot modes out of beta)

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 8:41 pm
by andrum99
timg236 wrote:
Fri Aug 30, 2019 8:30 pm
andrum99 wrote:
Fri Aug 30, 2019 8:16 pm
I've got another couple of questions:

Firstly, upon checking for a new EEPROM firmware, the rpi-eeprom-update tool currently reports '*** UPDATE REQUIRED ***'on my Pi 4. I'm wondering if perhaps it would be better worded as '*** UPDATE AVAILABLE ***'?

Secondly, does the rpi-eeprom-update tool, when called to manually update the EEPROM firmware, allow the EEPROM firmware to be flashed by a non-root user, i.e. without using sudo? I'm guessing not.
The normal method for update would be via system which already has root priviledes, this also makes the output invisible. After extensive discussion about the the UI we decided that for the majority of non-technical users the service should just do the right thing. i.e. random permissions prompts full of technical stuff that people don't understand do more harm than good.
I don't like the idea of being able to flash an EEPROM without root permissions (or suitable fine-grained permissions). I hadn't realised there was the facility to have different levels of update available. Presumably you have the ability to flag more run of the mill updates that simply add new features, but not bug fixes or security fixes, as "optional", and this would result in a message more like 'update available'?

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 8:49 pm
by timg236
andrum99 wrote:
Fri Aug 30, 2019 8:41 pm
timg236 wrote:
Fri Aug 30, 2019 8:30 pm
andrum99 wrote:
Fri Aug 30, 2019 8:16 pm
I've got another couple of questions:

Firstly, upon checking for a new EEPROM firmware, the rpi-eeprom-update tool currently reports '*** UPDATE REQUIRED ***'on my Pi 4. I'm wondering if perhaps it would be better worded as '*** UPDATE AVAILABLE ***'?

Secondly, does the rpi-eeprom-update tool, when called to manually update the EEPROM firmware, allow the EEPROM firmware to be flashed by a non-root user, i.e. without using sudo? I'm guessing not.
The normal method for update would be via system which already has root priviledes, this also makes the output invisible. After extensive discussion about the the UI we decided that for the majority of non-technical users the service should just do the right thing. i.e. random permissions prompts full of technical stuff that people don't understand do more harm than good.
I don't like the idea of being able to flash an EEPROM without root permissions (or suitable fine-grained permissions). I hadn't realised there was the facility to have different levels of update available. Presumably you have the ability to flag more run of the mill updates that simply add new features, but not bug fixes or security fixes, as "optional", and this would result in a message more like 'update available'?
The service requires root privileges but the pi user has special privileges for gpio and the eeprom is available via spi/gpio so nothing has changed

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 8:54 pm
by trejan
andrum99 wrote:
Fri Aug 30, 2019 8:41 pm
I don't like the idea of being able to flash an EEPROM without root permissions (or suitable fine-grained permissions).
There is a system service that will apply critical updates automatically. If you don't want that happening then set the FREEZE_VERSION flag. If you want to stop users from applying firmware updates manually then you need to remove root privileges and make sure they're not in the gpio group which lets them directly reprogram the EEPROM using flashrom. If somebody has none of those privileges then they can't update the firmware.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 8:57 pm
by andrum99
timg236 wrote:
Fri Aug 30, 2019 8:49 pm
andrum99 wrote:
Fri Aug 30, 2019 8:41 pm
timg236 wrote:
Fri Aug 30, 2019 8:30 pm


The normal method for update would be via system which already has root priviledes, this also makes the output invisible. After extensive discussion about the the UI we decided that for the majority of non-technical users the service should just do the right thing. i.e. random permissions prompts full of technical stuff that people don't understand do more harm than good.
I don't like the idea of being able to flash an EEPROM without root permissions (or suitable fine-grained permissions). I hadn't realised there was the facility to have different levels of update available. Presumably you have the ability to flag more run of the mill updates that simply add new features, but not bug fixes or security fixes, as "optional", and this would result in a message more like 'update available'?
The service requires root privileges but the pi user has special privileges for gpio and the eeprom is available via spi/gpio so nothing has changed
I was meaning the manual update process. Something has changed, since we didn't have an EEPROM until Pi 4. There is OTP on the other models, but that does require root privileges, since you need to be root to edit config.txt to insert the relevant commands to program the OTP. There are no other cases on official Raspberry Pi hardware where persistent memory can be altered without root privileges - just the new boot EEPROM. (This of course excludes third party hardware - if other vendors want to do things differently, that's up to them).

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 8:59 pm
by timg236
As I said the manual process requires root. Try it :)

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 9:05 pm
by trejan
andrum99 wrote:
Fri Aug 30, 2019 8:57 pm
I was meaning the manual update process. Something has changed, since we didn't have an EEPROM until Pi 4. There is OTP on the other models, but that does require root privileges, since you need to be root to edit config.txt to insert the relevant commands to program the OTP. There are no other cases on official Raspberry Pi hardware where persistent memory can be altered without root privileges - just the new boot EEPROM.
You can only do a manual update if you have root privileges when using the rpi-eeprom-update tool or are in the gpio group to do it directly using flashrom.

https://www.raspberrypi.org/documentati ... teeprom.md mentions a way of write protecting the EEPROM in hardware but the schematics don't say which resistor. The two EEPROMs on the top have the WP pins connected together but it disappears off into a via.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Fri Aug 30, 2019 9:20 pm
by andrum99
timg236 wrote:
Fri Aug 30, 2019 8:59 pm
As I said the manual process requires root. Try it :)
Sorry - my mistake. As you were!

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Tue Sep 03, 2019 9:02 am
by timg236
The scripts for updating and configuring the bootloader EEPROM are now hosted on Github. The pieeprom binaries will also be hosted here

https://github.com/raspberrypi/rpi-eeprom

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Tue Sep 03, 2019 5:28 pm
by bjtheone
trejan wrote:
Fri Aug 30, 2019 9:05 pm
You can only do a manual update if you have root privileges when using the rpi-eeprom-update tool or are in the gpio group to do it directly using flashrom.

https://www.raspberrypi.org/documentati ... teeprom.md mentions a way of write protecting the EEPROM in hardware but the schematics don't say which resistor. The two EEPROMs on the top have the WP pins connected together but it disappears off into a via.
Given that there will likely be a rev 2 of the pcb to deal with the USB C charging issue, so that it correctly identifies itself as per the standard, it might be a fabulous idea to add a jumper for the EEPROM, such that you could disable the ability. Obviously would not stop folks with physical access, but would deal will the oops, and the situation where you want to prevent certain mucking about (schools or commercial) by putting the Pi in a tamper proof case.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Tue Sep 03, 2019 9:02 pm
by ejolson
bjtheone wrote:
Tue Sep 03, 2019 5:28 pm
trejan wrote:
Fri Aug 30, 2019 9:05 pm
You can only do a manual update if you have root privileges when using the rpi-eeprom-update tool or are in the gpio group to do it directly using flashrom.

https://www.raspberrypi.org/documentati ... teeprom.md mentions a way of write protecting the EEPROM in hardware but the schematics don't say which resistor. The two EEPROMs on the top have the WP pins connected together but it disappears off into a via.
Given that there will likely be a rev 2 of the pcb to deal with the USB C charging issue, so that it correctly identifies itself as per the standard, it might be a fabulous idea to add a jumper for the EEPROM, such that you could disable the ability. Obviously would not stop folks with physical access, but would deal will the oops, and the situation where you want to prevent certain mucking about (schools or commercial) by putting the Pi in a tamper proof case.
Even high-end motherboards for Intel compatible processors don't have a jumper to disable reflashing the BIOS. The costs of such a jumper are two-fold: the actual manufacturing costs and technical support for the clueless who are holding it wrong.

I just spent yesterday afternoon resetting 50 such PCs because HP Sure Start was preventing access to any of the system settings on more than half the machines in the lab, presumably because such mucking about (or possibly an incompatibility with the HD imaging software used). On the bright side, having a programmable EEPROM in the Pi may make it more suitable for use in university-level courses on computer security and forensic analysis.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Wed Sep 04, 2019 9:52 am
by andrum99
ejolson wrote:
Tue Sep 03, 2019 9:02 pm
Even high-end motherboards for Intel compatible processors don't have a jumper to disable reflashing the BIOS.

Agreed - adding a jumper is probably not necessary. Also, if Raspberry Pi thought it was necessary they would have added it to the board already.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Wed Sep 04, 2019 11:41 am
by bjtheone
ejolson wrote:
Tue Sep 03, 2019 9:02 pm
Even high-end motherboards for Intel compatible processors don't have a jumper to disable reflashing the BIOS. The costs of such a jumper are two-fold: the actual manufacturing costs and technical support for the clueless who are holding it wrong.

I just spent yesterday afternoon resetting 50 such PCs because HP Sure Start was preventing access to any of the system settings on more than half the machines in the lab, presumably because such mucking about (or possibly an incompatibility with the HD imaging software used). On the bright side, having a programmable EEPROM in the Pi may make it more suitable for use in university-level courses on computer security and forensic analysis.
High end motherboards used to have such jumpers. Also, given that there are already a number of header posts on the board, the manufacturing process already has to deal with them so it would only be the incremental costs of another 3 pin header. If it was set disabled from the factory, most of the clueless would never know as they are unlikely to be the ones attempting to flash the EEPROM. I guess it comes down to how important RPT and their customers considers control & security. Personally I don't care, as my Pis are (a) for personal use, (b) live in a fairly secure environment, and (c) only admin'ed by me. If I was running a computer lab in a high school or university I would want such a jumper and secure cases and be looking forward to netboot with great enthusiasm.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Wed Sep 04, 2019 12:21 pm
by jamesh
bjtheone wrote:
Wed Sep 04, 2019 11:41 am
ejolson wrote:
Tue Sep 03, 2019 9:02 pm
Even high-end motherboards for Intel compatible processors don't have a jumper to disable reflashing the BIOS. The costs of such a jumper are two-fold: the actual manufacturing costs and technical support for the clueless who are holding it wrong.

I just spent yesterday afternoon resetting 50 such PCs because HP Sure Start was preventing access to any of the system settings on more than half the machines in the lab, presumably because such mucking about (or possibly an incompatibility with the HD imaging software used). On the bright side, having a programmable EEPROM in the Pi may make it more suitable for use in university-level courses on computer security and forensic analysis.
High end motherboards used to have such jumpers. Also, given that there are already a number of header posts on the board, the manufacturing process already has to deal with them so it would only be the incremental costs of another 3 pin header. If it was set disabled from the factory, most of the clueless would never know as they are unlikely to be the ones attempting to flash the EEPROM. I guess it comes down to how important RPT and their customers considers control & security. Personally I don't care, as my Pis are (a) for personal use, (b) live in a fairly secure environment, and (c) only admin'ed by me. If I was running a computer lab in a high school or university I would want such a jumper and secure cases and be looking forward to netboot with great enthusiasm.
I suspect the main problem would be board space and layout - it was very difficult to get everything on as it is now, adding an extra jumper, and they take up a lot of space - might be impossible.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Wed Sep 04, 2019 12:24 pm
by andrum99
Perhaps a compromise might be to include an obvious break location on the PCB with a couple of exposed pads either side, where someone could cut the track, then if they wanted to re-enable flashing place a link across the pads. Adding actual jumpers would add additional cost. If there was a way to add an unpopulated header but still have it default to enabling flashing then that would be simpler, but that may not be possible.

If someone really wants to permanently disable flashing the EEPROM now they can probably find a PCB track to cut.

Re: Raspberry Pi4 EEPROM update package - beta

Posted: Sat Sep 07, 2019 11:08 am
by timg236
The rpi-eeprom package has been moved from untested to stable so it can be installed with just

apt update
apt get rpi-eeprom

Whilst the rescue image is still available for fixing corrupted EEPROMs the documentation (PR pending) will point users towards rpi-eeprom for feature upgrades / bug fixes.