rpiboot: Enable metadata output by default when metadata is received

Readme.md

@@ -219,9 +219,9 @@ the minimal set of files required from the boot partition.
 See the [troubleshooting guide](docs/troubleshooting.md).
 
 ## Reading device metadata from OTP via rpiboot
-The `rpiboot` "recovery" modules provide a facility to read the device OTP information. This can be run either as a provisioning step or as a standalone operation.
+The `rpiboot` "recovery" modules provide a facility to read the device OTP information. This can be run either as a provisioning step or as a standalone operation. Pass the `-j metadata` flag to `rpiboot` to write metadata JSON to a specified "metadata" directory.
 
-To enable this make sure that `recovery_metadata=1` is set in the recovery `config.txt` file and pass the `-j metadata` flag to `rpiboot`.
+Metadata output is enabled by default. To disable add `recovery_metadata=0` to the recovery `config.txt` file.
 
 See [board revision](https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#new-style-revision-codes-in-use) documentation to decode the `BOARD_ATTR` field.
 
@@ -235,13 +235,15 @@ sudo rpiboot -j metadata -d .
 Example metadata file contents written to `metadata/SERIAL_NUMBER.json`:
 ```json
 {
-        "MAC_ADDR" : "d8:3a:dd:05:ee:78",
-        "CUSTOMER_KEY_HASH" : "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee",
-        "BOOT_ROM" : "0000c8b0",
-        "BOARD_ATTR" : "00000000",
-        "USER_BOARDREV" : "c03141",
-        "JTAG_LOCKED" : "0",
-        "ADVANCED_BOOT" : "0000e8e8"
+        "MAC_ADDR": "d8:3a:dd:05:ee:78",
+        "EEPROM_UPDATE": "success",
+        "EEPROM_HASH": "dfc8ef2c77b8152a5cfa008c2296246413fd580fdc26dfacd431e348571a2137",
+        "CUSTOMER_KEY_HASH": "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee",
+        "BOOT_ROM": "0000c8b0",
+        "BOARD_ATTR": "00000000",
+        "USER_BOARDREV": "c03141",
+        "JTAG_LOCKED": "0",
+        "ADVANCED_BOOT": "0000e8e8"
 }
 ```
 

docs/troubleshooting.md

@@ -47,5 +47,5 @@ Be careful not to overwrite `bootcode.bin` or `bootcode4.bin` with the executabl
 * If `rpiboot` starts to download `bootcode4.bin` but the transfer fails then can indicate a cable issue OR a corrupted file. Check the hash of `bootcode.bin` file against this repository and check `dmesg` for USB error.
 * If `bootcode.bin` or the `start.elf` detects an error then [error-code](https://www.raspberrypi.com/documentation/computers/configuration.html#led-warning-flash-codes) will be indicated by flashing the green activity LED.
 * Add `uart_2ndstage=1` to the `config.txt` file in `msd/` or `recovery/` directories to enable UART debug output.
-* Add `recovery_metadata=1` to the `config.txt` file in `recovery/` or `recovery5/` directory to enable metadata JSON output.
+* Add `recovery_metadata=0` to the `config.txt` file in `recovery/` or `recovery5/` directory to disable metadata JSON output.
 

main.c

@@ -87,7 +87,7 @@ void usage(int error)
 	fprintf(dest, "        -0/1/2/3/4/5/6   : Only look for CMs attached to USB port number 0-6\n");
 	fprintf(dest, "        -p [pathname]    : Only look for CM with USB pathname\n");
 	fprintf(dest, "        -i [serialno]    : Only look for a Raspberry Pi Device with a given serialno\n");
-	fprintf(dest, "        -j [path]        : Output metadata JSON object to stdout, or to a file if directory is provided (BCM2712/2711)\n");
+	fprintf(dest, "        -j [path]        : Write metadata JSON object to a file at the given path (BCM2712/2711)\n");
 	fprintf(dest, "        -h               : This help\n");
 
 	exit(error ? -1 : 0);
@@ -540,7 +540,6 @@ void get_options(int argc, char *argv[])
 		}
 		else if(strcmp(*argv, "-j") == 0)
 		{
-			metadata = 1;
 			if ((argc > 1) && (argv[1][0] != '-')) {
 				argv++; argc--;
 				metadata_path = *argv;
@@ -788,11 +787,7 @@ FILE * check_file(const char * dir, const char *fname, int use_fmem)
 }
 
 void close_metadata_file(FILE ** fp){
-	long pos = ftell(*fp);
-	if (pos == 0) // No metadata received, write empty JSON object
-		fprintf(*fp, "{}\n");
-	else
-		fprintf(*fp, "\n}\n");
+	fprintf(*fp, "\n}\n");
 	if (*fp != stdout)
 		fclose(*fp);
 }
@@ -865,19 +860,6 @@ int file_server(libusb_device_handle * usb_device)
 	char metadata_fname[FILE_NAME_LENGTH];
 	int metadata_index = 0;
 
-	if (metadata)
-	{
-		if (bcm2711 || bcm2712)
-		{
-			create_metadata_file(&metadata_fp);
-		}
-		else
-		{
-			fprintf(stderr, "Failed to create metadata file: expected BCM2712/2711");
-			metadata = 0;
-		}
-	}
-
 	while(going)
 	{
 		char message_name[][20] = {"GetFileSize", "ReadFile", "Done"};
@@ -902,6 +884,14 @@ int file_server(libusb_device_handle * usb_device)
 		// Metadata files
 		if ((message.fname[0] == '*') && (message.command != 2))
 		{
+			if (!metadata_fp)
+			{
+				if (bcm2711 || bcm2712)
+				{
+					create_metadata_file(&metadata_fp);
+					metadata = 1;
+				}
+			}
 			if (metadata)
 			{
 				strcpy(metadata_fname, message.fname);

recovery/config.txt

@@ -4,7 +4,5 @@
 # Uncomment to instruct recovery.bin to reboot the Pi after flashing the bootloader image
 #recovery_reboot=1
 
-# Uncomment to instruct recovery.bin to send metadata including OTP fields
-# Specify -j dirname on the command line to specify the directory where
-# metadata should be stored (JSON format)
-recovery_metadata=1
+# Uncomment to instruct recovery.bin to stop sending metadata
+#recovery_metadata=0

recovery5/config.txt

@@ -4,7 +4,5 @@ uart_2ndstage=1
 # Uncomment to instruct recovery.bin to reboot the Pi after flashing the bootloader image
 #recovery_reboot=1
 
-# Uncomment to instruct recovery.bin to send metadata including OTP fields
-# Specify -j dirname on the command line to specify the directory where
-# metadata should be stored (JSON format)
-recovery_metadata=1
+# Uncomment to instruct recovery.bin to stop sending metadata
+#recovery_metadata=0

secure-boot-recovery/README.md

@@ -83,19 +83,21 @@ mkdir -p metadata
 ```
 
 ### Metadata
-The optional metadata argument causes rpiboot to readback the OTP information and write it to a JSON file in the given directory.
+Metadata output is enabled by default to stdout. Optional argument can be used to specify writing a JSON file to the given directory.
 This can be useful for debug or for storing in a provisioning database.
 
-Example metadata:
+Example metadata file contents written to `metadata/SERIAL_NUMBER.json`:
 ```json
 {
-        "MAC_ADDR" : "d8:3a:dd:05:ee:78",
-        "CUSTOMER_KEY_HASH" : "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee",
-        "BOOT_ROM" : "0000c8b0",
-        "BOARD_ATTR" : "00000000",
-        "USER_BOARDREV" : "c03141",
-        "JTAG_LOCKED" : "0",
-        "ADVANCED_BOOT" : "0000e8e8"
+        "MAC_ADDR": "d8:3a:dd:05:ee:78",
+        "EEPROM_UPDATE": "success",
+        "EEPROM_HASH": "dfc8ef2c77b8152a5cfa008c2296246413fd580fdc26dfacd431e348571a2137",
+        "SECURE_BOOT_PROVISION": "success",
+        "CUSTOMER_KEY_HASH": "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee",
+        "BOOT_ROM": "0000c8b0",
+        "BOARD_ATTR": "00000000",
+        "USER_BOARDREV": "c03141",
+        "JTAG_LOCKED": "0",
+        "ADVANCED_BOOT": "0000e8e8"
 }
 ```
-

secure-boot-recovery/config.txt

@@ -36,7 +36,5 @@ uart_2ndstage=1
 # reboot after the flashing the firmware.
 #recovery_reboot=1
 
-# Uncomment to instruct recovery.bin to send metadata including OTP fields
-# Specify -j dirname on the command line to specify the directory where
-# metadata should be stored (JSON format)
-recovery_metadata=1
+# Uncomment to instruct recovery.bin to stop sending metadata
+#recovery_metadata=0

secure-boot-recovery5/README.md

@@ -89,22 +89,26 @@ This output is given by the EEPROM bootloader when it verifies the signature of
 ```
 
 ### Metadata
-The optional metadata argument causes rpiboot to readback the OTP information and write it to a JSON file in the given directory.
+Metadata output is enabled by default to stdout. Optional argument can be used to specify writing a JSON file to the given directory.
 This can be useful for debug or for storing in a provisioning database.
 
 Example metadata:
 ```json
 {
-        "USER_SERIAL_NUM" : "a7eb274c",
-        "MAC_ADDR" : "2c:cf:67:70:76:f3",
-        "CUSTOMER_KEY_HASH" : "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee",
-        "BOOT_ROM" : "0000000a",
-        "BOARD_ATTR" : "00000000",
-        "USER_BOARDREV" : "b04170",
-        "JTAG_LOCKED" : "0",
-        "MAC_WIFI_ADDR" : "2c:cf:67:70:76:f4",
-        "MAC_BT_ADDR" : "2c:cf:67:70:76:f5",
-        "FACTORY_UUID" : "001000911006186073"
+        "USER_SERIAL_NUM": "a7eb274c",
+        "MAC_ADDR": "2c:cf:67:70:76:f3",
+        "EEPROM_UPDATE": "success",
+        "EEPROM_HASH": "dfc8ef2c77b8152a5cfa008c2296246413fd580fdc26dfacd431e348571a2137",
+        "SECURE_BOOT_PROVISION": "success",
+        "CUSTOMER_KEY_HASH": "8251a63a2edee9d8f710d63e9da5d639064929ce15a2238986a189ac6fcd3cee",
+        "BOOT_ROM": "0000000a",
+        "BOARD_ATTR": "00000000",
+        "USER_BOARDREV": "b04170",
+        "JTAG_LOCKED": "0",
+        "SIGNATURE_MODE": "0",
+        "MAC_WIFI_ADDR": "2c:cf:67:70:76:f4",
+        "MAC_BT_ADDR": "2c:cf:67:70:76:f5",
+        "FACTORY_UUID": "001000911006186073"
 }
 ```
 

secure-boot-recovery5/config.txt

@@ -25,7 +25,5 @@ uart_2ndstage=1
 # reboot after the flashing the firmware.
 #recovery_reboot=1
 
-# Uncomment to instruct recovery.bin to send metadata including OTP fields
-# Specify -j dirname on the command line to specify the directory where
-# metadata should be stored (JSON format)
-recovery_metadata=1
+# Uncomment to instruct recovery.bin to stop sending metadata
+#recovery_metadata=0