Release notes describing changes, fixes and known issues in PC Engines apux releases.
Each binary (or archive in case of older images) is cryptographically signed by PC Engines Open Source Firmware Release Signing Key adequate to the official coreboot release (i.e. 4.9.0.x releases are signed by 4.9 Signing Key and 4.10.0.x by 4.10 Signing Key). Legacy releases starting from v4.0.28 are being signed with PC Engines Open Source Firmware Release 4.10 Signing Key. The keys are maintained and managed by 3mdeb company responsible for maintaining PC Engines firmware. Under each release binaries one may find an asciinema record showing example firmware signature verification using appropriate key. The public parts of the keys are available at 3mdeb-secpack repository. For the details of the change please refer to Canary #2.
Following new coreboot release 4.11, a new PC Engines Open Source Firmware Release 4.10 Signing Key has been enrolled. Since v22.214.171.124 and v4.0.30 firmware releases are signed by PC Engines Open Source Firmware Release 4.10 Signing Key. The public parts of the keys may be found on 3mdeb-secpack. The details of the change are also available on Canary #3.
The recommended firmware version is latest mainline v4.11.0.x. Reasons:
- most of the new features are firstly introduced here in mainline
- mainline version is more actively developed and maintained than legacy
- mainline releases have extended validation comparing to legacy due to legacy limitations related to old toolchain and codebase
- mainline releases are built with newest toolchains