Commit Graph

6 Commits

Author SHA1 Message Date
Michael Pratt
afd3a23110 ath79: make Engenius fakeroot partitions read-only
For:

 - ENH202 v1
 - ENS202EXT v1

These boards were committed before it was discovered
that for all Engenius boards with a "failsafe" image,
forcing the failsafe image to load next boot
can be achieved by editing the u-boot environment like:

  `fw_setenv rootfs_checksum 0`

So it's not necessary to delete a partition to boot to failsafe image.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:27 +00:00
Adrian Schmutzler
f90b59240c treewide: use more descriptive names for concatenated partitions
A few devices in ath79 and ramips use mtd-concat to concatenate
individual partitions into a bigger "firmware" or "ubi" partition.

However, the original partitions are still present and visible,
and one can write to them directly although this might break the
actual virtual, concatenated partition.

As we cannot do much about the former, let's at least choose more
descriptive names than just "firmwareX" in order to indicate the
concatenation to the user. He might be less tempted into overwriting
a "fwconcat1" than a "firmware1", which might be perceived as an
alternate firmware for dual boot etc.

This applies the new naming consistently for all relevant devices,
i.e. fwconcatX for virtual "firmware" members and ubiconcatX for
"ubi" members.

While at it, use DT labels and label property consistently, and
also use consistent zero-based indexing.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:24 +00:00
Adrian Schmutzler
324e6508ba ath79: drop num-cs for SPI controller
None of the spi drivers on ath79 uses the num-cs property.

Cc: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:16 +00:00
Adrian Schmutzler
52fcb21f31 ath79: remove model name from LED labels
Currently, we request LED labels in OpenWrt to follow the scheme

  modelname:color:function

However, specifying the modelname at the beginning is actually
entirely useless for the devices we support in OpenWrt. On the
contrary, having this part actually introduces inconvenience in
several aspects:

  - We need to ensure/check consistency with the DTS compatible
  - We have various exceptions where not the model name is used,
    but the vendor name (like tp-link), which is hard to track
    and justify even for core-developers
  - Having model-based components will not allow to share
    identical LED definitions in DTSI files
  - The inconsistency in what's used for the model part complicates
    several scripts, e.g. board.d/01_leds or LED migrations from
    ar71xx where this was even more messy

Apart from our needs, upstream has deprecated the label property
entirely and introduced new properties to specify color and
function properties separately. However, the implementation does
not appear to be ready and probably won't become ready and/or
match our requirements in the foreseeable future.

However, the limitation of generic LEDs to color and function
properties follows the same idea pointed out above. Generic LEDs
will get names like "green:status" or "red:indicator" then, and
if a "devicename" is prepended, it will be the one of an internal
device, like "phy1:amber:status".

With this patch, we move into the same direction, and just drop
the boardname from the LED labels. This allows to consolidate
a few definitions in DTSI files (will be much more on ramips),
and to drop a few migrations compared to ar71xx that just changed
the boardname. But mainly, it will liberate us from a completely
useless subject to take care of for device support review and
maintenance.
To also drop the boardname from existing configurations, a simple
migration routine is added unconditionally.

Although this seems unfamiliar at first look, a quick check in kernel
for the arm/arm64 dts files revealed that while 1033 lines have
labels with three parts *:*:*, still 284 actually use a two-part
labelling *:*, and thus is also acceptable and not even rare there.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:03 +00:00
Adrian Schmutzler
d55410a9de ath79: move dts-v1 statement to ath79.dtsi
The "/dts-v1/;" identifier is supposed to be present once at the
top of a device tree file after the includes have been processed.

In ath79, we therefore requested to have in the DTS files so far,
and omit it in the DTSI files. However, essentially the syntax of
the parent ath79.dtsi file already determines the DTS version, so
putting it into the DTS files is just a useless repetition.

Consequently, this patch puts the dts-v1 statement into the parent
ath79.dtsi, which is (indirectly) included by all DTS files. All
other occurences are removed.
Since the dts-v1 statement needs to be before any other definitions,
this also moves the includes to make sure the ath79.dtsi or its
descendants are always included first.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:07:01 +00:00
Michael Pratt
8b78fc2ea1 ath79: add support for Senao Engenius ENS202EXT v1
Engenius ENS202EXT v1 is an outdoor wireless access point with 2 10/100 ports,
with built-in ethernet switch, detachable antennas and proprietery PoE.

FCC ID:	A8J-ENS202

Specification:

  - Qualcomm/Atheros AR9341 v1
  - 535/400/200/40 MHz          (CPU/DDR/AHB/REF)
  - 64 MB of RAM
  - 16 MB of FLASH              MX25L12835F(MI-10G)
  - UART (J1) header on PCB     (unpopulated)
  - 2x 10/100 Mbps Ethernet     (built-in switch Atheros AR8229)
  - 2.4 GHz, up to 27dBm        (Atheros AR9340)
  - 2x external, detachable antennas
  - 7x LED (5 programmable in ath79), 1x GPIO button (Reset)

Known Issues:

  - Sysupgrade from ar71xx no longer possible
  - Ethernet LEDs stay on solid when connected, not programmable

MAC addresses:

  eth0/eth1  *:7b   art 0x0/0x6
  wlan       *:7a   art 0x1002

  The device label lists both addresses, WLAN MAC and ETH MAC,
  in that order.

  Since 0x0 and 0x6 have the same content, it cannot be
  determined which is eth0 and eth1, so we chose 0x0 for both.

Installation:

  2 ways to flash factory.bin from OEM:

  - Connect ethernet directly to board (the non POE port)
      this is LAN for all images
  - if you get Failsafe Mode from failed flash:
      only use it to flash Original firmware from Engenius
      or risk kernel loop which requires serial cable

  Method 1: Firmware upgrade page:

    OEM webpage at 192.168.1.1
    username and password "admin"
    In upper right select Reset
    "Restore to factory default settings"
    Wait for reboot and login again
    Navigate to "Firmware Upgrade" page from left pane
    Click Browse and select the factory.bin image
    Upload and verify checksum
    Click Continue to confirm and wait 3 minutes

  Method 2: Serial to load Failsafe webpage:

    After connecting to serial console and rebooting...
    Interrupt boot with any key pressed rapidly
    execute `run failsafe_boot` OR `bootm 0x9fdf0000`
    wait a minute
    connect to ethernet and navigate to
    "192.168.1.1/index.htm"
    Select the factory.bin image and upload
    wait about 3 minutes

  *If you are unable to get network/LuCI after flashing*
  You must perform another factory reset:

    After waiting 3 minutes or when Power LED stop blinking:

    Hold Reset button for 15 seconds while powered on
    or until Power LED blinks very fast

    release and wait 2 minutes

Return to OEM:

  If you have a serial cable, see Serial Failsafe instructions

  *DISCLAIMER*
  The Failsafe image is unique to this model.
  The following directions are unique to this model.
  DO NOT downgrade to ar71xx this way, can cause kernel loop

  The easiest way to return to the OEM software is the Failsafe image
  If you dont have a serial cable, you can ssh into openwrt and run

  `mtd -r erase fakeroot`

  Wait 3 minutes
  connect to ethernet and navigate to 192.168.1.1/index.htm
  select OEM firmware image from Engenius and click upgrade

TFTP Recovery:

  For some reason, TFTP is not reliable on this board.
  Takes many attempts, many timeouts before it fully transfers.

  Starting with an initramfs.bin:

  Connect to ethernet
  set IP address and TFTP server to 192.168.1.101
  set up infinite ping to 192.168.1.1
  rename the initramfs.bin to "vmlinux-art-ramdisk" and host on TFTP server
  disconnect power to the board
  hold reset button while powering on board for 8 seconds

  Wait a minute, power LED should blink eventually if successful
  and a minute after that the pings should get replies
  You have now loaded a temporary Openwrt with default settings temporarily.
  You can use that image to sysupgrade another image to overwrite flash.

Format of OEM firmware image:

  The OEM software of ENS202EXT is a heavily modified version
  of Openwrt Kamikaze bleeding-edge. One of the many modifications
  is to the sysupgrade program. Image verification is performed
  simply by the successful ungzip and untar of the supplied file
  and name check and header verification of the resulting contents.
  To form a factory.bin that is accepted by OEM Openwrt build,
  the kernel and rootfs must have specific names...

    openwrt-senao-ens202ext-uImage-lzma.bin
    openwrt-senao-ens202ext-root.squashfs

  and begin with the respective headers (uImage, squashfs).
  Then the files must be tarballed and gzipped.
  The resulting binary is actually a tar.gz file in disguise.
  This can be verified by using binwalk on the OEM firmware images,
  ungzipping then untaring, and by swapping headers to see
  what the OEM upgrade utility accepts and rejects.

Note on the factory.bin:

  The newest kernel is too large to be in the kernel partition

  the new ath79 kernel is beyond   1592k
  Even ath79-tiny is               1580k

  Checksum fails at boot because the bootloader (modified uboot)
  expects kernel to be 1536k. If the kernel is larger, it gets
  overwritten when rootfs is flashed, causing a broken image.
  The mtdparts variable is part of the build and saving a new
  uboot environment will not persist after flashing.
  OEM version might interact with uboot or with the custom
  OEM partition at 0x9f050000.

  Failed checksums at boot cause failsafe image to launch,
  allowing any image to be flashed again.

  HOWEVER: one should not install older Openwrt from failsafe
  because it can cause rootfs to be unmountable,
  causing kernel loop after successful checksum.
  The only way to rescue after that is with a serial cable.

  For these reasons, a fake kernel (OKLI kernel loader)
  and fake squashfs rootfs is implemented to take care of
  the OEM firmware image verification and checksums at boot.
  The OEM only verifies the checksum of the first image
  of each partition respectively, which is the loader
  and the fake squashfs. This completely frees
  the "firmware" partition from all checks.

  virtual_flash is implemented to make use of the wasted space.
  this leaves only 2 erase blocks actually wasted.

  The loader and fakeroot partitions must remain intact, otherwise
  the next boot will fail, redirecting to the Failsafe image.

  Because the partition table required is so different
  than the OEM partition table and ar71xx partition table,
  sysupgrades are not possible until one switches to ath79 kernel.

Note on sysupgrade.tgz:

  To make things even more complicated, another change is needed to
  fix an issue where network does not work after flashing from either
  OEM software or Failsafe image, which implants the OEM (Openwrt Kamikaze)
  configuration into the jffs2 /overlay when writing rootfs from factory.bin.

  The upgrade script has this:

    mtd -j "/tmp/_sys/sysupgrade.tgz" write "${rootfs}" "rootfs"

  However, it also accepts scripts before and after:

    before_local="/etc/before-upgradelocal.sh"
    after_local="/etc/after-upgradelocal.sh"
    before="before-upgrade.sh"
    after="after-upgrade.sh"

  Thus, we can solve the issue by making the .tgz an empty file
  by making a before-upgrade.sh in the factory.bin

Note on built-in switch:

  There is two ports on the board, POE through the power supply brick,
  the other is on the board. For whatever reason, in the ar71xx target,
  both ports were on the built-in switch on eth1. In order to make use
  of a port for WAN or a different LAN, one has to set up VLANs.

  In ath79, eth0 and eth1 is defined in the DTS so that the
  built-in switch is seen as eth0, but only for 1 port
  the other port is on eth1 without a built-in switch.

  eth0: switch0
    CPU is port 0
    board port is port 1

  eth1: POE port on the power brick

  Since there is two physical ports,
  it can be configured as a full router,
  with LAN for both wired and wireless.

  According to the Datasheet, the port that is not on the switch
  is connected to gmac0. It is preferred that gmac0 is chosen as WAN
  over a port on an internal switch, so that link status can pass
  to the kernel immediately which is more important for WAN connections.

Signed-off-by: Michael Pratt <mpratt51@gmail.com>
[apply sorting in 01_leds, make factory recipe more generic, create common
device node, move label-mac to 02_network, add MAC addresses to commit
message, remove kmod-leds-gpio, use gzip directly]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: maurerr <mariusd84@gmail.com>
2021-09-01 08:06:55 +00:00