From 4d03c6027a7a43b5b3b02674ed411e8c6f5af505 Mon Sep 17 00:00:00 2001 From: martamomotko Date: Wed, 26 Nov 2025 14:43:41 +0000 Subject: [PATCH] rpiboot: Enable metadata output by default when metadata is received Metadata information is now written to stdout by default when received from BCM2712/2711 devices. The -j flag can be used to specify a directory for a JSON file output instead. To instruct recovery.bin to stop sending metadata, explicitly set recovery_metadata=0 in config.txt. --- Readme.md | 20 +++++++++++--------- docs/troubleshooting.md | 2 +- main.c | 30 ++++++++++-------------------- recovery/config.txt | 6 ++---- recovery5/config.txt | 6 ++---- secure-boot-recovery/README.md | 22 ++++++++++++---------- secure-boot-recovery/config.txt | 6 ++---- secure-boot-recovery5/README.md | 26 +++++++++++++++----------- secure-boot-recovery5/config.txt | 6 ++---- 9 files changed, 57 insertions(+), 67 deletions(-) diff --git a/Readme.md b/Readme.md index f50c30a..64765b8 100644 --- a/Readme.md +++ b/Readme.md @@ -219,9 +219,9 @@ the minimal set of files required from the boot partition. See the [troubleshooting guide](docs/troubleshooting.md). ## Reading device metadata from OTP via rpiboot -The `rpiboot` "recovery" modules provide a facility to read the device OTP information. This can be run either as a provisioning step or as a standalone operation. +The `rpiboot` "recovery" modules provide a facility to read the device OTP information. This can be run either as a provisioning step or as a standalone operation. Pass the `-j metadata` flag to `rpiboot` to write metadata JSON to a specified "metadata" directory. -To enable this make sure that `recovery_metadata=1` is set in the recovery `config.txt` file and pass the `-j metadata` flag to `rpiboot`. +Metadata output is enabled by default. To disable add `recovery_metadata=0` to the recovery `config.txt` file. See [board revision](https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#new-style-revision-codes-in-use) documentation to decode the `BOARD_ATTR` field. @@ -235,13 +235,15 @@ sudo rpiboot -j metadata -d . Example metadata file contents written to `metadata/SERIAL_NUMBER.json`: ```json { - "MAC_ADDR" : "d8:3a:dd:05:ee:78", - "CUSTOMER_KEY_HASH" : "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee", - "BOOT_ROM" : "0000c8b0", - "BOARD_ATTR" : "00000000", - "USER_BOARDREV" : "c03141", - "JTAG_LOCKED" : "0", - "ADVANCED_BOOT" : "0000e8e8" + "MAC_ADDR": "d8:3a:dd:05:ee:78", + "EEPROM_UPDATE": "success", + "EEPROM_HASH": "dfc8ef2c77b8152a5cfa008c2296246413fd580fdc26dfacd431e348571a2137", + "CUSTOMER_KEY_HASH": "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee", + "BOOT_ROM": "0000c8b0", + "BOARD_ATTR": "00000000", + "USER_BOARDREV": "c03141", + "JTAG_LOCKED": "0", + "ADVANCED_BOOT": "0000e8e8" } ``` diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index 5e5308a..672a9cf 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -47,5 +47,5 @@ Be careful not to overwrite `bootcode.bin` or `bootcode4.bin` with the executabl * If `rpiboot` starts to download `bootcode4.bin` but the transfer fails then can indicate a cable issue OR a corrupted file. Check the hash of `bootcode.bin` file against this repository and check `dmesg` for USB error. * If `bootcode.bin` or the `start.elf` detects an error then [error-code](https://www.raspberrypi.com/documentation/computers/configuration.html#led-warning-flash-codes) will be indicated by flashing the green activity LED. * Add `uart_2ndstage=1` to the `config.txt` file in `msd/` or `recovery/` directories to enable UART debug output. -* Add `recovery_metadata=1` to the `config.txt` file in `recovery/` or `recovery5/` directory to enable metadata JSON output. +* Add `recovery_metadata=0` to the `config.txt` file in `recovery/` or `recovery5/` directory to disable metadata JSON output. diff --git a/main.c b/main.c index eb4b623..10fbf56 100644 --- a/main.c +++ b/main.c @@ -87,7 +87,7 @@ void usage(int error) fprintf(dest, " -0/1/2/3/4/5/6 : Only look for CMs attached to USB port number 0-6\n"); fprintf(dest, " -p [pathname] : Only look for CM with USB pathname\n"); fprintf(dest, " -i [serialno] : Only look for a Raspberry Pi Device with a given serialno\n"); - fprintf(dest, " -j [path] : Output metadata JSON object to stdout, or to a file if directory is provided (BCM2712/2711)\n"); + fprintf(dest, " -j [path] : Write metadata JSON object to a file at the given path (BCM2712/2711)\n"); fprintf(dest, " -h : This help\n"); exit(error ? -1 : 0); @@ -540,7 +540,6 @@ void get_options(int argc, char *argv[]) } else if(strcmp(*argv, "-j") == 0) { - metadata = 1; if ((argc > 1) && (argv[1][0] != '-')) { argv++; argc--; metadata_path = *argv; @@ -788,11 +787,7 @@ FILE * check_file(const char * dir, const char *fname, int use_fmem) } void close_metadata_file(FILE ** fp){ - long pos = ftell(*fp); - if (pos == 0) // No metadata received, write empty JSON object - fprintf(*fp, "{}\n"); - else - fprintf(*fp, "\n}\n"); + fprintf(*fp, "\n}\n"); if (*fp != stdout) fclose(*fp); } @@ -865,19 +860,6 @@ int file_server(libusb_device_handle * usb_device) char metadata_fname[FILE_NAME_LENGTH]; int metadata_index = 0; - if (metadata) - { - if (bcm2711 || bcm2712) - { - create_metadata_file(&metadata_fp); - } - else - { - fprintf(stderr, "Failed to create metadata file: expected BCM2712/2711"); - metadata = 0; - } - } - while(going) { char message_name[][20] = {"GetFileSize", "ReadFile", "Done"}; @@ -902,6 +884,14 @@ int file_server(libusb_device_handle * usb_device) // Metadata files if ((message.fname[0] == '*') && (message.command != 2)) { + if (!metadata_fp) + { + if (bcm2711 || bcm2712) + { + create_metadata_file(&metadata_fp); + metadata = 1; + } + } if (metadata) { strcpy(metadata_fname, message.fname); diff --git a/recovery/config.txt b/recovery/config.txt index 4e05598..07ef8d1 100644 --- a/recovery/config.txt +++ b/recovery/config.txt @@ -4,7 +4,5 @@ # Uncomment to instruct recovery.bin to reboot the Pi after flashing the bootloader image #recovery_reboot=1 -# Uncomment to instruct recovery.bin to send metadata including OTP fields -# Specify -j dirname on the command line to specify the directory where -# metadata should be stored (JSON format) -recovery_metadata=1 +# Uncomment to instruct recovery.bin to stop sending metadata +#recovery_metadata=0 diff --git a/recovery5/config.txt b/recovery5/config.txt index 6ae1dd7..c0767c3 100644 --- a/recovery5/config.txt +++ b/recovery5/config.txt @@ -4,7 +4,5 @@ uart_2ndstage=1 # Uncomment to instruct recovery.bin to reboot the Pi after flashing the bootloader image #recovery_reboot=1 -# Uncomment to instruct recovery.bin to send metadata including OTP fields -# Specify -j dirname on the command line to specify the directory where -# metadata should be stored (JSON format) -recovery_metadata=1 \ No newline at end of file +# Uncomment to instruct recovery.bin to stop sending metadata +#recovery_metadata=0 diff --git a/secure-boot-recovery/README.md b/secure-boot-recovery/README.md index 863928e..e55a4c8 100644 --- a/secure-boot-recovery/README.md +++ b/secure-boot-recovery/README.md @@ -83,19 +83,21 @@ mkdir -p metadata ``` ### Metadata -The optional metadata argument causes rpiboot to readback the OTP information and write it to a JSON file in the given directory. +Metadata output is enabled by default to stdout. Optional argument can be used to specify writing a JSON file to the given directory. This can be useful for debug or for storing in a provisioning database. -Example metadata: +Example metadata file contents written to `metadata/SERIAL_NUMBER.json`: ```json { - "MAC_ADDR" : "d8:3a:dd:05:ee:78", - "CUSTOMER_KEY_HASH" : "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee", - "BOOT_ROM" : "0000c8b0", - "BOARD_ATTR" : "00000000", - "USER_BOARDREV" : "c03141", - "JTAG_LOCKED" : "0", - "ADVANCED_BOOT" : "0000e8e8" + "MAC_ADDR": "d8:3a:dd:05:ee:78", + "EEPROM_UPDATE": "success", + "EEPROM_HASH": "dfc8ef2c77b8152a5cfa008c2296246413fd580fdc26dfacd431e348571a2137", + "SECURE_BOOT_PROVISION": "success", + "CUSTOMER_KEY_HASH": "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee", + "BOOT_ROM": "0000c8b0", + "BOARD_ATTR": "00000000", + "USER_BOARDREV": "c03141", + "JTAG_LOCKED": "0", + "ADVANCED_BOOT": "0000e8e8" } ``` - diff --git a/secure-boot-recovery/config.txt b/secure-boot-recovery/config.txt index 433e284..2b7a914 100644 --- a/secure-boot-recovery/config.txt +++ b/secure-boot-recovery/config.txt @@ -36,7 +36,5 @@ uart_2ndstage=1 # reboot after the flashing the firmware. #recovery_reboot=1 -# Uncomment to instruct recovery.bin to send metadata including OTP fields -# Specify -j dirname on the command line to specify the directory where -# metadata should be stored (JSON format) -recovery_metadata=1 +# Uncomment to instruct recovery.bin to stop sending metadata +#recovery_metadata=0 diff --git a/secure-boot-recovery5/README.md b/secure-boot-recovery5/README.md index 9625fab..0e1f76a 100644 --- a/secure-boot-recovery5/README.md +++ b/secure-boot-recovery5/README.md @@ -89,22 +89,26 @@ This output is given by the EEPROM bootloader when it verifies the signature of ``` ### Metadata -The optional metadata argument causes rpiboot to readback the OTP information and write it to a JSON file in the given directory. +Metadata output is enabled by default to stdout. Optional argument can be used to specify writing a JSON file to the given directory. This can be useful for debug or for storing in a provisioning database. Example metadata: ```json { - "USER_SERIAL_NUM" : "a7eb274c", - "MAC_ADDR" : "2c:cf:67:70:76:f3", - "CUSTOMER_KEY_HASH" : "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee", - "BOOT_ROM" : "0000000a", - "BOARD_ATTR" : "00000000", - "USER_BOARDREV" : "b04170", - "JTAG_LOCKED" : "0", - "MAC_WIFI_ADDR" : "2c:cf:67:70:76:f4", - "MAC_BT_ADDR" : "2c:cf:67:70:76:f5", - "FACTORY_UUID" : "001000911006186073" + "USER_SERIAL_NUM": "a7eb274c", + "MAC_ADDR": "2c:cf:67:70:76:f3", + "EEPROM_UPDATE": "success", + "EEPROM_HASH": "dfc8ef2c77b8152a5cfa008c2296246413fd580fdc26dfacd431e348571a2137", + "SECURE_BOOT_PROVISION": "success", + "CUSTOMER_KEY_HASH": "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee", + "BOOT_ROM": "0000000a", + "BOARD_ATTR": "00000000", + "USER_BOARDREV": "b04170", + "JTAG_LOCKED": "0", + "SIGNATURE_MODE": "0", + "MAC_WIFI_ADDR": "2c:cf:67:70:76:f4", + "MAC_BT_ADDR": "2c:cf:67:70:76:f5", + "FACTORY_UUID": "001000911006186073" } ``` diff --git a/secure-boot-recovery5/config.txt b/secure-boot-recovery5/config.txt index db64a48..a1e0d49 100644 --- a/secure-boot-recovery5/config.txt +++ b/secure-boot-recovery5/config.txt @@ -25,7 +25,5 @@ uart_2ndstage=1 # reboot after the flashing the firmware. #recovery_reboot=1 -# Uncomment to instruct recovery.bin to send metadata including OTP fields -# Specify -j dirname on the command line to specify the directory where -# metadata should be stored (JSON format) -recovery_metadata=1 +# Uncomment to instruct recovery.bin to stop sending metadata +#recovery_metadata=0