Skip to content

Releases: raspberrypi/rpi-sb-provisioner

v2.3.1: Fixes & failure reporting

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 30 Jun 14:01

This release adds a saved signing-key registry, programming-rig customisation hooks, firmware-crypto bootstrap for at-rest secret wrapping, and fixes Ethernet image transfer over the fastboot TCP data plane. It also refreshes the bundled fastboot gadgets and corrects NVMe FDE LUKS passphrase derivation.

Highlights

  • Add a saved-key registry for multiple PEM and PKCS#11 signing keys, with one active key driving provisioning and CUSTOMER_KEY_* config sync. The Options page is redesigned as a tile grid showing per-key status, encrypted-at-rest state, fingerprint, and RSA-2048 fit-for-purpose checks.
  • Add provision-failed customisation hooks for all provisioner styles so programming rigs can signal errors (for example status LEDs) when bootstrap, triage, or provisioning aborts.
  • Export TARGET_USB_PATH, TARGET_DEVICE_PATH, and full manufacturing-database field values to customisation hooks, enabling per-port rig indicators and post-flash automation (issue #273).
  • Flash OS images over the fastboot TCP data plane when the daemon advertises split USB+TCP mode, restoring Ethernet image transfer in naked-, fde-, and sb-provisioner (issue #314).
  • Refresh bundled fastboot gadgets to rpi-fastbootd 14.0.0~git20260608, with on-device EEPROM update/verify/read commands and SPI flash identity getvars.
  • Rebundle gadgets with libblockdeviceid-based block device ID derivation for LUKS passphrase generation, matching the boot-time cryptroot unlocker so NVMe FDE volumes provisioned by the host unlock correctly on first boot (issue #316).
  • Generate a firmware-crypto key on hosts that have none via rpi-fw-crypto genkey in postinst, so device-bound wrapping of secrets at rest (HSM PINs, uploaded PEM keys) works without a pre-existing factory device key.

Reliability Fixes

  • Fix validate-key and manual key paths outside /etc/rpi-sb-provisioner/keys being rejected despite valid PEM content.
  • Load the OpenSSL default provider before key parsing and return clearer errors for public keys, certificates, OpenSSH keys, and encrypted PEMs.
  • Reject EEPROM images whose MFG_VER is below the board's min_boot_ver before write or verify, preventing downgrades on boards that require a newer bootloader baseline.
  • Use best-effort USB path lookup for the initial TRIAGE-STARTED record so triage does not abort under set -e when the path is not yet resolvable.
  • Fix get_usb_path_for_serial() udevadm fallback using the wrong variable.
  • Do not invoke provision-failed for duplicate bootstrap@ lock contention or triage failure while bootstrap is still in progress (expected USB re-enumeration during DUT reboot).

Upgrade Notes

  • The supported releases are 2.3.1 and 2.3.0; 2.3.0~pre* builds are no longer supported.
  • Legacy single-key PEM/PKCS#11 config entries are migrated into the saved-key registry automatically on first access.
  • postinst may generate a firmware-crypto key on hosts that have none, enabling at-rest wrapping without a pre-existing factory device key. This is skipped when a key already exists or the crypto service is unavailable, and never blocks installation.
  • The manufacturing database schema gains customer_key_fingerprint and customer_key_label columns; postinst migrates existing databases.
  • When the provisioning host and target share an Ethernet link, bulk image transfer can use the fastboot TCP data plane. USB remains required for control-plane commands.

What's Changed

Full Changelog: v2.3.0...v2.3.1

2.3.0

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 10 Jun 11:59

This release adds IDP image provisioning, firmware-crypto-backed device identity
workflows, OpenSSL 3 PKCS#11 provider support, and a broad set of provisioning
reliability fixes accumulated through the 2.3.0 preview series.

Highlights

  • Add IDP (Image Description Provisioning) support for rpi-image-gen artefacts,
    including archive upload, JSON/image validation, metadata-driven WebUI
    configuration, secure-boot slot signing, customisation hooks, and service-log
    viewing.
  • Add Raspberry Pi firmware crypto integration for cryptroot unlock and
    Raspberry Pi Connect device identity registration. The device firmware crypto
    key is provisioned and OTP-locked as part of the provisioning flow.
  • Move HSM support from the deprecated OpenSSL ENGINE path to OpenSSL 3
    pkcs11-provider/OSSL_STORE, with provider readiness checks and HSM key
    discovery in the WebUI.
  • Encrypt stored HSM PINs and uploaded PEM signing keys at rest using a
    device-bound AES-256-GCM wrapper derived from the Raspberry Pi firmware crypto
    device key.
  • Add A/B-capable 2712 EEPROM signing support and refresh bundled fastboot
    gadgets for EEPROM measurements, fixed A/B bootfiles, and monolithic sparse
    whole-disk image writing.
  • Remove the manual Raspberry Pi 5 re-plug step by using set_reboot_order=0x3
    in the recovery configuration so devices return to RPIBOOT automatically.

Reliability Fixes

  • Fix the Trixie/systemd 257 cryptroot initramfs switch-root regression reported
    in #299.
  • Use kernel crypto module aliases and copy modules for all applicable kernels,
    improving compatibility across kernel updates.
  • Preserve real provisioner exit statuses from cleanup traps so failures are
    visible to systemd, the WebUI, and manufacturing records.
  • Invalidate cached signed artefacts when firmware or signing keys change, and
    wipe cached workdir artefacts on package upgrade.
  • Replace the WebUI state database inotify watcher with authenticated local
    notification endpoints to avoid steady-state CPU spin while keeping device
    status updates responsive.

Upgrade Notes

  • The final supported release is 2.3.0; the 2.3.0~pre* builds are no longer
    supported.
  • Runtime dependencies now require recent rpi-eeprom and rpiboot packages,
    plus pkcs11-provider, p11-kit support, gnutls-bin, and
    librpifwcrypto.
  • Package upgrades clear /srv/rpi-sb-provisioner/workdir cached artefacts.
    Persistent data such as images, manufacturing databases, state databases, logs
    and configuration are preserved.
  • Stored PINs and uploaded PEM signing keys are migrated to device-wrapped
    storage when saved on a system with firmware crypto support. Wrapped material
    is intentionally bound to that provisioner device.

What's Changed

New Contributors

Full Changelog: v2.2.0...v2.3.0

v2.3.0-pre4

v2.3.0-pre4 Pre-release
Pre-release

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 01 Jun 16:10

What's Changed

  • Completely remove root= from cmdilne.txt modifications. by @stu-spp in #307
  • 2.3.0-pre4: Legacy OS flashing fixed, EEPROM measurements trimmed by @tdewey-rpi in #308

Full Changelog: v2.3.0-pre3...v2.3.0-pre4

v2.3.0-pre3

v2.3.0-pre3 Pre-release
Pre-release

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 29 May 12:53

What's Changed

  • Fix secure-boot configured but no partitions with static.role="boot" in image.json by @stu-spp in #304
  • 2.3.0-pre3: A/B EEPROM signing support by @tdewey-rpi in #306

Full Changelog: v2.3.0-pre2...v2.3.0-pre3

v2.3.0: Deps, fastboot, cryptroot, replug

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 27 May 14:43
  • cryptroot_initramfs regression fix (#299):

    • Refresh the bundled cryptroot_initramfs from pi-gen-micro. The
      Trixie-rebuilt image (systemd 257) refused systemctl switch-root
      from non-initrd mode, leaving devices provisioned successfully
      but stuck at the initramfs login prompt instead of pivoting into
      the unlocked rootfs.
    • The new image is marked as an initrd (/etc/initrd-release) and
      the cryptroot service has been rewired into the standard systemd
      initrd flow: Before=initrd-root-fs.target with the pivot
      delegated to systemd's stock initrd-switch-root.service, instead
      of the bespoke multi-user.target + manual switch-root from
      v2.1.3.
    • getty is masked in the cryptroot image: the "localhost login:"
      symptom cannot recur, and emergency.target still gets a console
      via sulogin if cryptroot.service fails.
  • Kernel module list durability (also #299):

    • host-support/kernel_modules.list: switch from concrete crypto
      module names (chacha-neon, chacha_generic, aes-arm64, ...) to
      kernel crypto API aliases (crypto-xts(aes), crypto-adiantum,
      crypto-nhpoly1305, crypto-xchacha12). Aliases are resolved by
      libkmod via modules.alias and survive the upstream module
      renames between 6.12 and 6.18, fixing the secondary
      provisioning-time failure also reported in #299.
  • Bundled rpi-fastbootd refresh:

    • Refresh the fastboot gadget image to pick up rpi-fastbootd
      be8a8ce ("vars: Add eeprom manipulation, data fetch"), which
      adds oem eeprom-update / eeprom-verify / eeprom-read plus
      signed-eeprom, eeprom-device, eeprom-size, eeprom-sha256,
      eeprom-jedec, eeprom-unique-id and eeprom-spi-speed getvars.
  • Dependency refresh:

    • debian/control: require rpi-eeprom (>= 28.23-1) to pick up the
      rpiboot/recovery image that honours set_reboot_order in the
      recovery config.txt.
  • Bootstrap: eliminate re-plug requirement on Pi 5 (and Pi 4):

    • service/rpi-sb-bootstrap.sh: insert set_reboot_order=0x3 ahead
      of recovery_reboot=1 in both the secure-boot keywriting recovery
      config and the non-secure EEPROM-update recovery config, so the
      device reboots straight back into RPIBOOT mode ready for the
      fastboot bootstrap phase instead of requiring a manual USB
      re-plug.

v2.3.0-pre1: IDP, Pi Connect, Options, performance, fastboot, everything?

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 21 May 16:03
  • Pre-release:

    • First preview of the 2.3.0 line. Combines the IDP, Connect and
      rpifwcrypto work from the 2.3.0 changelog draft with the
      post-April stabilisation and re-plug guidance work below.
  • IDP (Image Description Provisioning) Support:

    • Add support for consuming IDP-style artefacts from rpi-image-gen,
      enabling pre-built partition layouts, encryption, and sparse image
      provisioning via the device-side fastboot IDP protocol
    • Add new rpi-idp-provisioner.sh orchestrator implementing the full
      IDP protocol: erase, stage JSON, idpinit, idpwrite, idpgetblk/flash
      loop, and idpdone, with timeout_fatal wrappers on all fastboot
      commands
    • Add rpi-idp-provisioner@.service systemd template unit
    • Extend triage to detect IDP artefact directories
      (GOLD_MASTER_OS_FILE pointing to a directory) and route to the
      IDP provisioner automatically
    • IDP pre-flight validation: JSON syntax, referenced .simg file
      existence, device class and storage type cross-checks against
      host configuration
  • IDP WebUI:

    • Add image-first progressive disclosure UI: selecting an IDP
      artefact auto-populates device family, storage type, and cipher
      from the artefact's JSON metadata, locking those fields with
      "Set by image" badges
    • Hide the FDE-only provisioning style tile for IDP artefacts, as
      encryption is defined by the IDP JSON; provisioning style collapses
      to a binary Secure Boot / Naked choice
    • Support upload of .tar.gz, .tgz, and .zip archives containing IDP
      artefacts, with security validation (path traversal checks, disk
      space checks, atomic extraction)
    • Add /analyze-image endpoint returning IDP metadata (device class,
      storage type, encryption, cipher, partition count, image version)
    • Display IDP badge in the image list for artefact directories
  • Image SHA256 Improvements:

    • Compute SHA256 of IDP archives before extraction, capturing the
      fingerprint of the exact artefact uploaded
    • Store IDP archive hash in a .sha256 sidecar file alongside the
      extracted artefact directory, reusing the existing sidecar pattern
    • Update /get-image-sha256 to return sidecar hash directly for IDP
      artefact directories, avoiding unnecessary background calculation
    • Add is_idp flag to ImageInfo struct for reliable IDP detection
      in image listings, replacing fragile sha256 string comparison
    • Clean up sidecar files when deleting IDP artefact directories
  • Bug Fixes:

    • Fix image deletion from the Options page: frontend was calling
      /images/delete (non-existent) instead of /delete-image (the
      documented and registered endpoint)
    • Fix HTTP method for image deletion: changed from DELETE to POST
      to match the backend handler
    • Fix image browser detail pane overflowing its container by adding
      box-sizing: border-box to .image-list and .firmware-notes
    • Fix cleanup_orphans destroying persistent data directories
      (images, workdir, databases): TEMP_BASE now points to a dedicated
      /srv/rpi-sb-provisioner/tmp subdirectory, and all temp directory
      creation uses a new make_temp_dir helper
    • Fix rpi-sb-common.sh base directory variables overwriting values
      pre-set by sourcing scripts (e.g. rpi-sb-bootstrap.sh)
  • IDP Validation in provisioner-service:

    • Extend GOLD_MASTER_OS_FILE validation in options.cpp to support
      directories: validates exactly one .json file exists, JSON is
      syntactically valid, and all referenced .simg files are present
  • Packaging:

    • Add rpi-idp-provisioner.sh to /usr/bin and
      rpi-idp-provisioner@.service to /usr/lib/systemd/system in
      debian/install
    • Create /var/lock/rpi-sb-provisioner in postinst so with_lock()
      works on fresh installs; LOCK_BASE was previously assumed to
      exist but never created by the package
    • Remove redundant per-call board_type migration probe from
      record_state() in host-support/state-recording: postinst
      already performs a more thorough state.db schema migration on
      upgrade, so the runtime probe added two SQLite invocations to
      every device state transition for no benefit
  • Raspberry Pi Connect Device Identity Registration:

    • Automatically register provisioned devices with the Raspberry Pi
      Connect management API when RPI_CONNECT_API_KEY is configured
    • Request signing uses the device's firmware crypto ECDSA key via
      fastbootd's 'oem fwcrypto sign-hash' command; the private key
      never leaves hardware
    • Add RPI_CONNECT_API_KEY and RPI_CONNECT_DESCRIPTION config
      options with validation in options.cpp
    • Add Cloud Services section to options UI with password-masked
      API key input and description prefix field
    • Add connect_registered and connect_device_id columns to
      manufacturing database schema, with migration in postinst
    • Add Connect columns to manufacturing UI table and CSV export
    • Non-fatal: registration failures log warnings but never abort
      provisioning (set +e guard, curl timeouts, robust PEM capture)
  • Cryptroot rpifwcrypto Support:

    • Update cryptroot initramfs to unlock the encrypted root filesystem
      using the device's firmware crypto ECDSA key (rpifwcrypto), in
      place of key material delivered out-of-band or stored on disk
    • Triage now always provisions the device firmware crypto key
      (oem fwcrypto init) before provisioning proceeds, regardless of
      provisioning style, and verifies the key is written to OTP before
      continuing -- aborting the device if provisioning fails
    • Establishes a hardware-held device unique identity that underpins
      both LUKS unlock (via a derived secret bound to the key and other
      measurements) and Raspberry Pi Connect device identity
      registration; the private key never leaves the SoC
  • Provisioner Exit Status Fix:

    • Fix cleanup() trap handler in rpi-sb-provisioner.sh,
      rpi-fde-provisioner.sh, rpi-naked-provisioner.sh,
      rpi-idp-provisioner.sh and rpi-sb-bootstrap.sh swallowing the
      real exit status: the re-entry guard and CLEANUP_DONE=1
      assignment clobbered $? before it was captured, so any failure
      caught by the trap (set -e, die, SIGTERM) was reported as
      success -- the systemd unit showed "Deactivated successfully"
      and the WebUI saw a clean run despite aborted provisioning
    • Capture $? as the first statement of cleanup() so the original
      exit status propagates through to systemd and the manufacturing
      database
  • IDP Refinements:

    • Sign boot slots for secure-boot IDP provisioning, and drop a
      boot_ramdisk config.txt next to the signed boot.img so the
      device picks up the signed bootchain on first boot
    • Ensure the device unique firmware crypto key is OTP-locked at
      the end of provisioning, establishing an immutable hardware
      identity for subsequent boots
    • Expand the encryption flag matcher so all LUKS2 cipher variants
      are recognised as encrypted IDP layouts (fixes LUKS2 cipher
      field handling)
    • Fall back to the configured storage type when the IDP JSON does
      not name one, instead of refusing to provision
    • Catch all non-supported storage types up-front with a clear
      error rather than proceeding to a broken flash
    • Add missing timeout_nonfatal wrappers in rpi-idp-provisioner.sh
    • Default timeout_fatal to 30s in the IDP provisioner
    • Wire provision-started hook arguments through rpi-sb-common.sh
      and move the IDP provision-started hook to the correct
      lifecycle point
    • Add IDP provisioner customisation hook editors to the WebUI
    • Allow IDP service log viewing in the WebUI
    • Fix incorrect zero2w platform name mapping in the IDP
      provisioner, image-handling paths, and documentation
  • Re-plug Guidance:

    • Record the discovered board type per device so re-plug guidance
      can be tailored to the family
    • Add Raspberry Pi 5 re-plug banners to the WebUI, prompting
      operators to physically re-plug devices that cannot enter
      RPIBOOT automatically
    • Improve device and detail-view liveness so the WebUI reflects
      in-flight provisioning state without manual refresh
    • Capture provisioning intent vs observed state for fields that
      cannot yet be confirmed over fastboot (jtag_locked,
      eeprom_write_protected); add a devkey_revoked column observed
      via 'getvar secure-devkey'; clarify signed_boot_enabled as
      derived from pubkey_programmed in the manufacturing API
  • Fastboot Data Path & Gadget Updates:

    • Use TCP for the data path when fastbootd advertises support,
      improving throughput over USB on capable hardware
    • Refresh the bundled fastboot gadget against upstream
      rpi-fastbootd, through b1e51bd4, e8c13a5 and finally
      f3ce930249ab0d657ddaf5d3ba4a076320894c78
  • Workdir Cache Invalidation:

    • Invalidate cached signed artefacts in $RPI_SB_WORKDIR when the
      selected firmware or signing keys change, so stale boot.img
      files are never re-flashed
    • Wipe all cached provisioning artefacts under $RPI_SB_WORKDIR on
      package upgrade
  • Triage:

    • Trust idempotent 'oem fwcrypto init' and drop the pre-check
      that round-tripped over fastboot before initialisation
  • Configuration Plumbing:

    • Introduce shared resolvers for special configuration flags,
      consumed by both provisioner-service and rpi-sb-bootstrap.sh,
      so flag interpretation is consistent across host components
  • Database Contention:

    • Use SQL busy timeouts in provisioner-service to handle SQLite
      contention gracefully un...
Read more

v2.2.0

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 11 Feb 17:06

What's Changed

Naked Provisioner & Image Customisation

  • Expand naked-provisioner stages to include bootfs-mounted and rootfs-mounted phases for full image customisation support (fixes #258)
  • Use cp --reflink=auto for image copying, optimising performance and reducing disk usage on btrfs/xfs hosts
  • Add checks to ensure customisation scripts are executable before running
  • Flash modified image when customisation scripts are executed

Provisioning Hooks

  • Add provision-started stage and hook, allowing actions (e.g. LED control, rig signaling) to execute at the start of provisioning

Customisation WebUI

  • Add copy-sources functionality allowing users to select and copy scripts from other provisioners during stage editing
  • Display dropdown for available scripts from other provisioners, improving usability and efficiency

Provisioning Improvements

  • Consolidate loop device management functions (ensure_next_loopdev, ensure_loopdev_partitions, unmount, unmount_image) into rpi-sb-common.sh for better code reuse and maintainability
  • Improve cleanup logic in provisioner scripts to properly unmount images before deletion, preventing dangling loop devices
  • Enhance error handling in losetup operations with clearer exit messages on failure
  • Remove redundant get_variable function from rpi-fde-provisioner.sh

Features (from earlier in this release cycle)

  • Add PKCS#11 HSM signing support for secure signing operations
  • Add USB speed attribute detection for better device capability identification
  • Add CSRF token validation for critical endpoints
  • Add kernel_modules.list for configurable kernel module inclusion
  • Integrate rpi-modcopy for improved kernel module handling and dependency resolution
  • Add RPI_DEVICE_RPIBOOT_GPIO configuration for Pi 4 family secure-boot provisioning (fixes #242)

WebUI Accessibility

  • Add lang="en", semantic HTML structure, ARIA roles/live regions, table captions, accessible tab interfaces, and screen-reader-only descriptions for D3 visualizations
  • Improve focus visibility with enhanced CSS outline styles

Packaging

  • Add rpi-modcopy dependency for kernel module handling
  • Fix CMake configuration for jsoncpp dependency
  • Improve upgrade experience by shipping config defaults to /usr/share/rpi-sb-provisioner/defaults/ with user overrides in /etc/rpi-sb-provisioner/, eliminating dpkg conffile prompts during upgrades

Full Changelog: v2.1.3...v2.2.0

v2.1.3: Trixie packages, D3.js visualisation

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 20 Jan 17:01

What's Changed

New Contributors

Full Changelog: v2.1.1...v2.1.3

v2.1.1: Bugfix release

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 10 Oct 15:13

Headlines

  • WebUI Navigation Fixes - Resolved hanging issues on pages using AJAX for smoother user experience
  • Boot Image Generator Improvements - Better POSIX compliance and enhanced UI controls
  • Package Versioning Fix - Corrected Debian package version format for boot images

Who Should Upgrade

  • All users - Important WebUI bug fixes improve stability and usability
  • Boot image generator users - Fixed script compatibility issues and improved UI controls
  • Users experiencing WebUI hangs - Navigation issues on AJAX pages now resolved

What's Changed

Bug Fixes

  • WebUI Stability

    • Fixed navigation hangs on pages using AJAX requests
    • Implemented proper cleanup for WebSocket connections on page unload
    • Added auto-refresh cleanup mechanisms to prevent memory leaks
    • Improved resource management across devices, manufacturing, scantool, service log, and services views
  • Boot Image Generator

    • Fixed bashisms in boot image generator script for better POSIX compliance
    • Corrected package versioning format - now prefixes SHA256 hash with '0.' for valid Debian versioning
    • Added explicit boot image generation button in WebUI
    • Enhanced button styling for better user experience
    • Improved boot package status handling for more accurate state reporting

Breaking Changes

None. This release maintains full backward compatibility with v2.1.0.

Known Issues

  • Boot image generator requires at least 32GB free disk space

Full Changelog: v2.1.0...v2.1.1

v2.1.0

Choose a tag to compare

@tdewey-rpi tdewey-rpi released this 10 Oct 13:44

Headlines

  • Automatic Boot Image Generation - Generate signed boot images and Debian packages from uploaded OS images, enabling configuration updates without full re-provisioning
  • Complete Documentation Rewrite - README transformed into a beginner-friendly guide with step-by-step instructions and comprehensive troubleshooting
  • Enhanced EEPROM Support - Proper EEPROM updates for naked (non-secure-boot) provisioning on Pi 4 and Pi 5
  • Architecture Documentation - New workflow diagrams and detailed system design explanations

Who Should Upgrade

  • All users - Important bug fixes and usability improvements
  • New users - Significantly improved documentation makes getting started easier
  • Naked provisioning users - EEPROM updates now work correctly for non-secure-boot devices
  • Users wanting configuration updates - Deploy kernel and config.txt changes to provisioned devices without re-provisioning

What's Changed

New Features

  • Boot Image Generator - Introduces rpi-sb-image-bootimg-generator tool and systemd service

    • Automatically extracts boot partition from uploaded images
    • Creates signed boot.img and boot.sig for secure boot
    • Generates installable Debian packages for pushing updates to deployed devices
    • Full logging support in /var/log/rpi-sb-provisioner/bootimg-generator/
  • Enhanced EEPROM Updates

    • Non-secure-boot devices now receive proper EEPROM updates on 2711/2712
    • Improved special re-provisioning handling for Pi 5
    • Migration from custom writeSig() to standardized rpi-eeprom-digest tool
    • Better firmware version detection and logging
  • API Security

    • New RPI_SB_PROVISIONER_ENABLE_PRIVATE_KEY_API configuration option
    • Pagination and ordering for service log API
    • Enhanced audit logging

Documentation

  • Complete README rewrite with:
    • "What Problem Does This Solve?" introduction
    • Step-by-step getting started guide
    • Device-specific connection instructions
    • Comprehensive troubleshooting section
  • New architecture documentation with workflow diagrams
  • Boot image generator and Debian package guides
  • Enhanced API documentation

Improvements

  • Strip GNU and Bash-specific syntax for better POSIX compliance
  • Better error handling and logging throughout bootstrap process
  • Enhanced USB topology-based device status UI
  • Improved manufacturing database accuracy (secure vs signed states)
  • Fixed shell option detection in customization scripts
  • Fixed regex in simg_expanded_size() function
  • Fixed depmod handling for kernel modules

Dependencies

  • Update rpiboot to >= 20251002~150524
  • Update rpi-eeprom to >= 28.5
  • Update embedded curl to 8.16.0

Breaking Changes

None. This release maintains backward compatibility with v2.0.x configurations.

Known Issues

  • Special re-provisioning with boot image regeneration only supported on Pi 5 (2712)
  • Boot image generator requires at least 32GB free disk space

Full Changelog: v2.0.6...v2.1.0