The Raspis modern "BootROM" is one step forward, many steps back - change my mind.
I used hundreds of Raspis for fun and profit.
But BootROM is no fun nor profit for me.So after years of struggle I learned to not love and hate the BootROM - and I propose to give the option for disabling it in new devices. If booting from USB or network means to add a cheap SD-card - be it so.
- It is not a ROM anymore, but can just be written by OS. This implies:
- No two RaspberryPis on your shelf are expected to be the same anymore. Any trouble you may encounter now does not only can mean software or hardware defect, but also wrong or defect BootROM content.
- ROM Updates are not always compatible. I had scenarios like this: Boot one SD card just fine. Inset another OS card, it also bootet fine. Insert fist card later - it crashed on boot. The second OS decided to update the boot ROM, rendering it incompatible to older kernel on the first card, it turns out. I have quite some collection of imaged OS cards to have "just works" systems ready - most of them got broken on some BootROM revision update.
- For security purposes it offers another attack vector - modifying the ROM.
How is this any different from the UEFI or traditional BIOS on your average x86 PC? That's flashable, able to run arbitary code, and will vary between motherboards and batches within the same product model. And yes, manufacturers do release BIOS updates too.
I'd also point out that the only difference between this and earlier Pi models is where the second stage bootloader is stored: on the SD card or in the EEPROM (not ROM).
I also find it difficult to believe that updating the bootloader prevents a kernel from booting. At least not without a detailed example that I, and others, can reproduce. If that were the case I'd expect to see far more reports along the lines of "random kernel in random OS doesn't boot with updated bootloader". Or, potentially, "with current bootloader but does with the updated one".
I'd also argue that the old method (still used by everything that isn't based on the 2711 and 2712) is even less secure than the EEPROM. Fewer hoops to jump through to hack it: just open it in your average hex editor.
Statistics: Posted by thagrol — Sun Apr 20, 2025 11:49 pm