The attached patch updates arm-trusted-firmware to 2.12.1, fixing a few
CVE issues.

All the various u-boot dependents still appear to build:

/gnu/store/641kcdl61xjsqn6001gmfqq8cx7j0pw3-u-boot-rock64-rk3328-2024.10
/gnu/store/2lh91is66sa964nk4860f47f7bp58mfk-u-boot-orangepi-r1-plus-lts-rk3328-2024.10
/gnu/store/f9vghparyywn7w9m3nxdlg8mpbwp1xgf-u-boot-firefly-rk3399-2024.10
/gnu/store/8cd32i44gxbkig4z359l1d527wkzsqra-u-boot-pinebook-pro-rk3399-2024.10
/gnu/store/j12i6bs7a4w1k7ssa4g2nfkmymv9pir4-u-boot-puma-rk3399-2024.10
/gnu/store/a7s96k9k62aa36l733vdazgq7dvdjzas-u-boot-rockpro64-rk3399-2024.10
/gnu/store/4mlmfxzy2kb6ilzm4k6hhr870i7m5f4y-u-boot-pinebook-2024.10
/gnu/store/6d0476i6zkj1nsn78jyfclqpw5b5sgv7-u-boot-pine64-lts-2024.10
/gnu/store/5csl9vwkn195qf37y4q8c8yq3x59mw11-u-boot-pine64-plus-2024.10

I have not done any boot testing.

live well,
  vagrant