Man page - rpi-eeprom-config(1)
Packages contains this manual
Manual
RPI-EEPROM-CONFIG
NAMEDESCRIPTION
positional arguments:
options:
NAME
rpi-eeprom-config - Bootloader EEPROM configuration tool for the Raspberry Pi 4/5
DESCRIPTION
usage:
rpi-eeprom-config [-h] [-a APPLY] [-c CONFIG] [-e] [-o OUT]
[-d DIGEST]
[-p PUBKEY] [-x] [-b BOOTCODE] [-t TIMESTAMP]
[--cacertder CACERTDER] [--debug] [eeprom]
Bootloader EEPROM configuration tool for the Raspberry Pi 4 and Raspberry Pi 5. Operating modes:
1. Outputs the current bootloader configuration to STDOUT if no arguments are
specified OR the given output file if --out is specified.
rpi-eeprom-config [--out boot.conf]
2. Extracts the configuration file from the given ’eeprom’ file and outputs
the result to STDOUT or the output file if --output is specified.
rpi-eeprom-config pieeprom.bin [--out boot.conf]
3. Writes a new EEPROM image replacing the configuration file with the contents
of the file specified by --config .
rpi-eeprom-config --config boot.conf --out newimage.bin pieeprom.bin
The new image file can be installed via rpi-eeprom-update sudo rpi-eeprom-update -d -f newimage.bin
4. Applies a given config file to an EEPROM image and invokes rpi-eeprom-update
to schedule an update of the bootloader when the system is rebooted.
Since this command launches rpi-eeprom-update to schedule the EEPROM update it must be run as root.
sudo rpi-eeprom-config --apply boot.conf [pieeprom.bin]
If the ’eeprom’ argument is not specified then the latest available image is selected by calling ’rpi-eeprom-update -l ’.
5. The ’--edit’ parameter behaves the same as ’--apply’ except that instead of
applying a predefined configuration file a text editor is launched with the contents of the current EEPROM configuration.
Since this command launches rpi-eeprom-update to schedule the EEPROM update it must be run as root.
The configuration file will be taken from:
* The blconfig reserved memory nvmem device * The cached bootloader configuration ’vcgencmd bootloader_config’ * The current pending update - typically /boot/firmware/pieeprom.upd
sudo -E rpi-eeprom-config --edit [pieeprom.bin]
To cancel the pending update run ’sudo rpi-eeprom-update -r ’
The default text editor is nano and may be overridden by setting the ’EDITOR’ environment variable and passing ’-E’ to ’sudo’ to preserve the environment.
6. Signing the bootloader config file.
Updates an EEPROM binary with a signed config file (created by rpi-eeprom-digest) plus the corresponding RSA public key.
Requires Python Cryptodomex libraries and OpenSSL. To install on Raspberry Pi OS run:- sudo apt install python3-pycryptodome
rpi-eeprom-digest -k private.pem -i bootconf.txt -o bootconf.sig rpi-eeprom-config --config bootconf.txt --digest bootconf.sig --pubkey public.pem --out pieeprom-signed.bin pieeprom.bin
Currently, the signing process is a separate step so can’t be used with the --edit or --apply modes.
See ’rpi-eeprom-update -h ’ for more information about the available EEPROM images.
positional arguments:
|
eeprom |
Name of EEPROM file to use as input |
options:
-h , --help
show this help message and exit
-a , --apply APPLY
Updates the bootloader to the given config plus latest available EEPROM release.
-c , --config CONFIG
Name of bootloader configuration file
-e , --edit
Edit the current EEPROM config
-o , --out OUT
Name of output file
-d , --digest DIGEST
Signed boot only. The name of the .sig file generated by rpi-eeprom-digest for config.txt
-p , --pubkey PUBKEY
Signed boot only. The name of the RSA public key file to store in the EEPROM
-x , --extract
Extract the modifiable files (boot.conf, pubkey, signature)
-b , --bootcode BOOTCODE
Signed boot 2712 only. The name of the customer signed bootcode.bin file to store in the EEPROM
-t , --timestamp TIMESTAMP
Set the timestamp in the EEPROM image file
--cacertder CACERTDER
The name of a CA Certificate DER encoded file to store in the EEPROM
--debug
Debug logging for this tool