Updated provisioning software introduces flexible image selection, stronger cryptographic security and programmable deployment capabilities, simplifying secure operating system provisioning at enterprise scale.

Raspberry Pi has released version 2.3 of its rpi-sb-provisioner secure boot provisioning software, introducing new features designed to simplify the deployment of complex operating system images while strengthening device security for large-scale installations.
The latest update integrates support for device identity within Raspberry Pi Connect for Organisations, enabling administrators to automatically assign immutable identities to devices and associate them with organisational accounts during provisioning. This streamlines the setup process for fleets of connected systems and reduces manual configuration.
One of the most significant additions is Image Description Provisioning (IDP), which transforms the software from a fixed-function provisioning tool into a programmable deployment platform. Instead of relying solely on conventional Raspberry Pi OS-derived images, users can now define partition layouts, filesystem types and additional deployment attributes through image descriptions. The framework also supports operating systems created outside the standard image generation workflow, provided they can be accurately described using IDP.
The updated software includes an improved operating system image selection interface, displaying extended metadata to help users verify that they have selected the correct deployment image before provisioning begins. This reduces the likelihood of configuration errors in production environments.
Security has also been strengthened through integration with rpi-fw-crypto, allowing devices to use asymmetric cryptography without exposing device-specific private keys created during provisioning. On the provisioning server, signing material such as PEM files or hardware security module credentials can be securely encrypted and bound to the server. On provisioned devices, the same technology supports secure generation of full-disk encryption keys using either supplied pre-boot authentication environments or custom environments created with Raspberry Pi image generation tools.
Together, these enhancements deliver a more flexible, programmable and secure provisioning workflow, making large-scale deployment of embedded Linux systems more efficient while improving confidence in secure boot implementation across enterprise environments.



