README: bump to v1.13.2-k6.12.47-1, list new patches

- Talos version badge: v1.12.4 → v1.13.2 - Image-tag example + upgrade-command example: v1.13.2-k6.12.47-1 - Add patches 0006 (grub EFI upgrade fallback), 0007 (acquire.go STATE wait for slow-init eMMC) and 0008 (imager --insecure for Overlay) to the patches table - Note the slow-eMMC tolerance + canonical 3-CP validation in the "Reliable in-place upgrades" roadmap row
Merge branch 'talos-v1.13.2-bump' for v1.13.2-k6.12.47-1 release
2026-05-25 21:43:58 -04:00 · 2026-05-25 20:05:24 -04:00 · 2026-03-03 18:27:07 -05:00
3 changed files with 12 additions and 9 deletions
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@ -18,7 +18,7 @@ on:

 jobs:
  build:
-    runs-on: [self-hosted, macos]
+    runs-on: talos-rpi5
    timeout-minutes: 180

    steps:
--- a/.gitea/workflows/check-updates.yaml
+++ b/.gitea/workflows/check-updates.yaml
@ -13,7 +13,7 @@ on:

 jobs:
  check-and-build:
-    runs-on: [self-hosted, macos]
+    runs-on: talos-rpi5
    timeout-minutes: 15

    steps:
--- a/README.md
+++ b/README.md
@ -13,7 +13,7 @@ The official Talos Image Factory does not support CM5 — the mainline kernel la

 | Component | Version |
 |-----------|---------|
-| Talos Linux | <a href="https://github.com/siderolabs/talos" target="_blank"><img src="https://img.shields.io/badge/talos-v1.12.4-blue?logo=kubernetes&logoColor=white" alt="Talos version"></a> |
+| Talos Linux | <a href="https://github.com/siderolabs/talos" target="_blank"><img src="https://img.shields.io/badge/talos-v1.13.2-blue?logo=kubernetes&logoColor=white" alt="Talos version"></a> |
 | RPi Kernel | <a href="https://github.com/raspberrypi/linux" target="_blank"><img src="https://img.shields.io/badge/kernel-6.12.47-blue?logo=linux&logoColor=white" alt="Kernel version"></a> |
 | iscsi-tools | <a href="https://github.com/siderolabs/extensions" target="_blank"><img src="https://img.shields.io/badge/iscsi--tools-v0.1.6-blue?logo=docker" alt="iscsi-tools version"></a> |
 | util-linux-tools | <a href="https://github.com/siderolabs/extensions" target="_blank"><img src="https://img.shields.io/badge/util--linux--tools-2.40.4-blue?logo=docker" alt="util-linux-tools version"></a> |
@ -26,13 +26,13 @@ Release images are published to <a href="https://hub.docker.com/r/svrnty/talos-r
 v<talos>-k<kernel>-<revision>
 ```

-For example: `v1.12.4-k6.12.47-4`
+For example: `v1.13.2-k6.12.47-1`

 | Segment | Meaning |
 |---------|---------|
-| `v1.12.4` | Upstream Talos Linux version |
+| `v1.13.2` | Upstream Talos Linux version |
 | `k6.12.47` | RPi downstream kernel version |
-| `3` | Build revision (bumped for config/patch changes on the same upstream versions) |
+| `1` | Build revision (bumped for config/patch changes on the same upstream versions) |

 ## Usage

@ -48,7 +48,7 @@ zstd -d metal-arm64.raw.zst -o metal-arm64.raw
 ### Upgrade an existing node

 ```bash
-talosctl upgrade --image docker.io/svrnty/talos-rpi5:v1.12.4-k6.12.47-4 --nodes <node-ip>
+talosctl upgrade --image docker.io/svrnty/talos-rpi5:v1.13.2-k6.12.47-1 --nodes <node-ip>
 ```

 In-place upgrades are fully supported. The image includes patches to force GRUB with `--no-nvram` on arm64 (working around the RPi5/CM5 `SetVariableRT` firmware limitation) and to handle the SBC EFI-only disk layout (no separate BOOT partition).
@ -122,7 +122,10 @@ Talos ignores the `machine.install.disk` config field on SBC platforms. You **mu
 | `0002` (talos) | GRUB | `--no-nvram` for `grub-install` on arm64 (U-Boot lacks EFI `SetVariable`) |
 | `0003` (talos) | Bootloader | Force GRUB over sd-boot on arm64 (sd-boot crashes without EFI runtime) |
 | `0004` (talos) | Runtime | Fallback to classic bind mounts on kernels without `open_tree` (Linux <6.15) |
-| `0005` (talos) | GRUB | Handle missing BOOT partition for SBC EFI-only disk layouts |
+| `0005` (talos) | GRUB | Handle missing BOOT partition for SBC EFI-only disk layouts (install path) |
+| `0006` (talos) | GRUB | EFI-at-/boot fallback for BOOT-less SBC layouts on the upgrade path |
+| `0007` (talos) | Config | Wait up to 5 min for STATE volume on slow-init disks (CM5 eMMC) — prevents maintenance-mode fall-through on `talosctl upgrade` |
+| `0008` (talos) | Imager | Respect `--insecure` flag for Overlay and OverlayInstaller assets (build-tool only) |
 | `0001` (overlay) | Toolchain | Bump Go to 1.24.13 (CVE fix) |
 | `0002` (overlay) | Upgrade | Detect EFI mount path for SBC layouts (no BOOT partition) |

@ -133,7 +136,7 @@ This project targets production-ready Talos clusters on RPi5/CM5 hardware.
 | Status | Milestone | Description |
 |--------|-----------|-------------|
 | Tested | **4K page size** | Aligned with upstream Talos kernel config. Reduces memory overhead and improves workload compatibility (Longhorn, jemalloc, F2FS, etc.). |
-| Tested | **Reliable in-place upgrades** | Force GRUB bootloader with `--no-nvram` on arm64, handle SBC EFI-only disk layout. Verified end-to-end with `talosctl upgrade`. |
+| Tested | **Reliable in-place upgrades** | Force GRUB bootloader with `--no-nvram` on arm64, handle SBC EFI-only disk layout, tolerate slow eMMC init on CM5 (waits up to 5 min for STATE before falling back to maintenance). Verified end-to-end via canonical 3-CP rolling upgrade `v1.12.4 → v1.13.2`. |
 | Tested | **Kernel <6.15 compatibility** | Unconditional `open_tree` capability check — falls back to classic bind mounts on RPi downstream kernel 6.12.x. |
 | Tested | **Serial console** | GPIO UART0 (`ttyAMA0`) via `dtoverlay=uart0-pi5`. Read-only output at 115200 baud, even parity. Verified on Compute Blade with FT232RNL adapter. |
 | Tested | **NVMe boot support** | `dd` image to NVMe + set EEPROM `BOOT_ORDER=0xf416` and `PCIE_PROBE=1`. Verified on 1TB Kingston NVMe on Compute Blade. |