Man page - rpi-eeprom-config(1)

Packages contas this manual

Manual

RPI-EEPROM-CONFIG(1) User Commands RPI-EEPROM-CONFIG(1)

rpi-eeprom-config - Bootloader EEPROM configuration tool for the Raspberry Pi 4/5

usage: rpi-eeprom-config [-h] [-a APPLY] [-c CONFIG] [-e] [-o OUT] [-d DIGEST]

[-p PUBKEY] [-x] [-b BOOTCODE] [-t TIMESTAMP]
[--cacertder CACERTDER] [--debug] [eeprom]

Bootloader EEPROM configuration tool for the Raspberry Pi 4 and Raspberry Pi 5. Operating modes:

1. Outputs the current bootloader configuration to STDOUT if no arguments are

specified OR the given output file if --out is specified.
rpi-eeprom-config [--out boot.conf]

2. Extracts the configuration file from the given 'eeprom' file and outputs

the result to STDOUT or the output file if --output is specified.
rpi-eeprom-config pieeprom.bin [--out boot.conf]

3. Writes a new EEPROM image replacing the configuration file with the contents

of the file specified by --config.
rpi-eeprom-config --config boot.conf --out newimage.bin pieeprom.bin
The new image file can be installed via rpi-eeprom-update sudo rpi-eeprom-update -d -f newimage.bin

4. Applies a given config file to an EEPROM image and invokes rpi-eeprom-update

to schedule an update of the bootloader when the system is rebooted.
Since this command launches rpi-eeprom-update to schedule the EEPROM update it must be run as root.
sudo rpi-eeprom-config --apply boot.conf [pieeprom.bin]
If the 'eeprom' argument is not specified then the latest available image is selected by calling 'rpi-eeprom-update -l'.

5. The '--edit' parameter behaves the same as '--apply' except that instead of

applying a predefined configuration file a text editor is launched with the contents of the current EEPROM configuration.
Since this command launches rpi-eeprom-update to schedule the EEPROM update it must be run as root.
The configuration file will be taken from:
* The blconfig reserved memory nvmem device * The cached bootloader configuration 'vcgencmd bootloader_config' * The current pending update - typically /boot/firmware/pieeprom.upd
sudo -E rpi-eeprom-config --edit [pieeprom.bin]
To cancel the pending update run 'sudo rpi-eeprom-update -r'
The default text editor is nano and may be overridden by setting the 'EDITOR' environment variable and passing '-E' to 'sudo' to preserve the environment.

6. Signing the bootloader config file.

Updates an EEPROM binary with a signed config file (created by rpi-eeprom-digest) plus the corresponding RSA public key.
Requires Python Cryptodomex libraries and OpenSSL. To install on Raspberry Pi OS run:- sudo apt install python3-pycryptodome
rpi-eeprom-digest -k private.pem -i bootconf.txt -o bootconf.sig rpi-eeprom-config --config bootconf.txt --digest bootconf.sig --pubkey public.pem --out pieeprom-signed.bin pieeprom.bin
Currently, the signing process is a separate step so can't be used with the --edit or --apply modes.

See 'rpi-eeprom-update -h' for more information about the available EEPROM images.

Name of EEPROM file to use as input

show this help message and exit
Updates the bootloader to the given config plus latest available EEPROM release.
Name of bootloader configuration file
Edit the current EEPROM config
Name of output file
Signed boot only. The name of the .sig file generated by rpi-eeprom-digest for config.txt
Signed boot only. The name of the RSA public key file to store in the EEPROM
Extract the modifiable files (boot.conf, pubkey, signature)
Signed boot 2712 only. The name of the customer signed bootcode.bin file to store in the EEPROM
Set the timestamp in the EEPROM image file
The name of a CA Certificate DER encoded file to store in the EEPROM
Debug logging for this tool
February 2026 rpi-eeprom-config 28.14