From d377e82357fa9acebee96381dd538ed12a87bbe4 Mon Sep 17 00:00:00 2001
From: Tom Dewey <tom.dewey@raspberrypi.com>
Date: Mon, 6 Jan 2025 11:36:45 +0000
Subject: [PATCH] provisioner: Attempt automatic pre-signed device recovery

---
 service/rpi-sb-provisioner.sh | 31 +++++++++++++++++++------------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/service/rpi-sb-provisioner.sh b/service/rpi-sb-provisioner.sh
index c3d0e28..feb1853 100755
--- a/service/rpi-sb-provisioner.sh
+++ b/service/rpi-sb-provisioner.sh
@@ -423,15 +423,6 @@ if [ ! -e "${DESTINATION_EEPROM_SIGNATURE}" ]; then
     fi
 fi
 
-### NOTE: Use this in only case of a partial signing situation, where you have provisioned the key, but need to re-write the eeprom.
-# case ${RPI_DEVICE_FAMILY} in
-#     4)
-#         cp "${BOOTCODE_BINARY_IMAGE}" "${BOOTCODE_FLASHING_NAME}"
-#         ;;
-#     5)
-#         rpi-sign-bootcode --debug -c 2712 -i "${BOOTCODE_BINARY_IMAGE}" -o "${BOOTCODE_FLASHING_NAME}" -k "${CUSTOMER_KEY_FILE_PEM}" -v 0 -n 16
-#         ;;
-# esac
 ### In the completely-unprovisioned state, where you have not yet written a customer OTP key, simply make the copy of the unsigned bootcode
 cp "${BOOTCODE_BINARY_IMAGE}" "${BOOTCODE_FLASHING_NAME}"
 ####
@@ -459,11 +450,27 @@ keywriter_log "Writing key and EEPROM configuration to the device"
 set +e
 [ -z "${DEMO_MODE_ONLY}" ] && timeout 120 rpiboot -d "${FLASHING_DIR}" -i "${TARGET_DEVICE_SERIAL}" -j "/var/log/rpi-sb-provisioner/${TARGET_DEVICE_SERIAL}/metadata/"
 KEYWRITER_EXIT_STATUS=$?
-if [ $KEYWRITER_EXIT_STATUS -eq 124 ]
+if [ ${KEYWRITER_EXIT_STATUS} -eq 124 ]
 then
 keywriter_log "Writing failed, timed out."
-echo "${KEYWRITER_ABORTED}" >> /var/log/rpi-sb-provisioner/"${TARGET_DEVICE_SERIAL}"/progress
-return 124
+    case "${RPI_DEVICE_FAMILY}" in
+        5)
+            # Raspberry Pi 5-family hardware may already have a key provisioned - so retry with a signed bootcode.
+            rpi-sign-bootcode --debug -c 2712 -i "${BOOTCODE_BINARY_IMAGE}" -o "${BOOTCODE_FLASHING_NAME}" -k "${CUSTOMER_KEY_FILE_PEM}" -v 0 -n 16
+            [ -z "${DEMO_MODE_ONLY}" ] && timeout 120 rpiboot -d "${FLASHING_DIR}" -i "${TARGET_DEVICE_SERIAL}" -j "/var/log/rpi-sb-provisioner/${TARGET_DEVICE_SERIAL}/metadata/"
+            KEYWRITER_RETRY_EXIT_STATUS=$?
+            if [ ${KEYWRITER_RETRY_EXIT_STATUS} -eq 124 ]; then
+                # If the retry with a signed recovery image fails, this is likely a hard failure.
+                echo "${KEYWRITER_ABORTED}" >> /var/log/rpi-sb-provisioner/"${TARGET_DEVICE_SERIAL}"/progress
+                return 124
+            fi
+        ;;
+        *)
+            # If we're not Raspberry Pi 5-family, then this is the end of the line, no retry will help.
+            echo "${KEYWRITER_ABORTED}" >> /var/log/rpi-sb-provisioner/"${TARGET_DEVICE_SERIAL}"/progress
+            return 124
+        ;;
+    esac
 else
 keywriter_log "Writing completed."
 fi