The usbboot recovery.bin stage is able to dump OTP meta data to a JSON file as part of provisioning so you can use this to examine an existing device.
https://github.com/raspberrypi/usbboot/ ... y#metadata
N.B. On Pi5 family devices recovery.bin must be signed with the right key to extract the metadata because the firmware must be signed by both RPi and the customer key. In addition, if secure-boot is NOT enabled then recovery.bin must NOT be signed with the customer key, otherwise, the bootrom will reject it i.e signatures must always match the OTP settings or the bootrom will reject it.
https://github.com/raspberrypi/usbboot/ ... y#metadata
N.B. On Pi5 family devices recovery.bin must be signed with the right key to extract the metadata because the firmware must be signed by both RPi and the customer key. In addition, if secure-boot is NOT enabled then recovery.bin must NOT be signed with the customer key, otherwise, the bootrom will reject it i.e signatures must always match the OTP settings or the bootrom will reject it.
Statistics: Posted by timg236 — Tue Jul 22, 2025 11:12 am