Hi everyone,
I'm trying to understand the Boot behavior on the Raspberry Pi 5
Two specific questions:
I'm trying to understand the Boot behavior on the Raspberry Pi 5
Two specific questions:
- In default state (Secure Boot not enabled, no OTP bits programmed for user key), does the BootROM only execute an officially-signed EEPROM bootloader firmware? Or can it load an unsigned or self-signed EEPROM image? Preferably from official sources or with direct evidence.
- After a user programs their own public key hash into OTP (enabling strict Secure Boot), does the BootROM then require the EEPROM/bootloader to be signed by BOTH the user's private key AND the official Raspberry Pi key? Or does it switch to only accepting user-signed firmware?
Statistics: Posted by helloserif — Fri Jan 23, 2026 9:01 am — Replies 3 — Views 77