From fc935a48ad91bbd9d5569ba3ebb37adf4881bd53 Mon Sep 17 00:00:00 2001
From: "flowzone-app[bot]"
 <124931076+flowzone-app[bot]@users.noreply.github.com>
Date: Wed, 18 Dec 2024 11:02:44 +0000
Subject: [PATCH] v6.2.0

---
 .versionbot/CHANGELOG.yml | 54 +++++++++++++++++++++++++++++++++++++++
 CHANGELOG.md              | 15 +++++++++++
 VERSION                   |  2 +-
 3 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml
index 681c566..62172e8 100644
--- a/.versionbot/CHANGELOG.yml
+++ b/.versionbot/CHANGELOG.yml
@@ -1,3 +1,57 @@
+- commits:
+    - subject: Update layers/meta-balena to 3033e1adebd2ec79f9528e83d616ccf27bee4035
+      hash: 7f29d80122b2727bb7d3dd8240f6797190e55494
+      body: Update layers/meta-balena
+      footer:
+        Changelog-entry: Update layers/meta-balena to 3033e1adebd2ec79f9528e83d616ccf27bee4035
+        changelog-entry: Update layers/meta-balena to 3033e1adebd2ec79f9528e83d616ccf27bee4035
+      author: balena-renovate[bot]
+      nested:
+        - commits:
+            - subject: "resin-init-flasher: with secure boot, authenticate the inner image"
+              hash: 1ae37ac158b93df836126030abec8c3d3f69d92b
+              body: >
+                At this moment resin-init-flasher just takes whatever image lies
+                in /opt
+
+                and dd's it to the target drive. This is fine for general use,
+                but with
+
+                secure boot enabled, we want to perform at least basic
+                authentication
+
+                of the image being written.
+
+
+                This patch gets the image signed at build time and makes flasher
+                verify
+
+                the signature against a key built-in the kernel trust store. At
+                this
+
+                very moment it fails hard if the signature does not match, but
+                this may
+
+                change in the future. Technically we only want to know if we are
+                about
+
+                to flash a balena-provided image or not, we might want to
+                support both
+
+                but behave slightly differently in each scenario.
+              footer:
+                Change-type: minor
+                change-type: minor
+                Signed-off-by: Michal Toman <michalt@balena.io>
+                signed-off-by: Michal Toman <michalt@balena.io>
+              author: Michal Toman
+              nested: []
+          version: meta-balena-6.2.0
+          title: ""
+          date: 2024-12-16T14:06:35.499Z
+  version: 6.2.0
+  title: ""
+  date: 2024-12-18T11:02:37.924Z
 - commits:
     - subject: Update contracts to 9ce0ad766c4f9b46cd78462813ff01600a61cde5
       hash: d34f26fa2689f577acdfd699486a84dbdca87668
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 38e3d9c..61bbf9d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,21 @@
 # v2.105.10
 ## (2022-10-13)
 
+# v6.2.0
+## (2024-12-18)
+
+
+<details>
+<summary> Update layers/meta-balena to 3033e1adebd2ec79f9528e83d616ccf27bee4035 [balena-renovate[bot]] </summary>
+
+> ## meta-balena-6.2.0
+> ### (2024-12-16)
+> 
+> * resin-init-flasher: with secure boot, authenticate the inner image [Michal Toman]
+> 
+
+</details>
+
 # v6.1.27+rev3
 ## (2024-12-18)
 
diff --git a/VERSION b/VERSION
index 228d6c7..4ac4fde 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-6.1.27+rev3
\ No newline at end of file
+6.2.0
\ No newline at end of file