aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/ramips/patches-5.4/0010-MIPS-add-bootargs-override-property.patch
Commit message (Collapse)AuthorAgeFilesLines
* ramips: remove Linux 5.4 supportRui Salvaterra2021-12-151-63/+0
| | | | | | We're at 5.10 stable, this can finally go. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* ramips: add support for Ubiquiti UniFi 6 LiteDavid Bauer2021-01-051-0/+63
Hardware -------- MediaTek MT7621AT 256M DDR3 32M SPI-NOR MediaTek MT7603 2T2R 802.11n 2.4GHz MediaTek MT7915 2T2R 802.11ax 5GHz Not Working ----------- - Bluetooth (connected to UART3) UART ---- UART is located in the lower left corner of the board. Pinout is 0 - 3V3 (don't connect) 1 - RX 2 - TX 3 - GND Console is 115200 8N1. Boot ---- 1. Connect to the serial console and connect power. 2. Double-press ESC when prompted 3. Set the fdt address $ fdt addr $(fdtcontroladdr) 4. Remove the signature node from the control FDT $ fdt rm /signature 5. Transfer and boot the OpenWrt initramfs image to the device. Make sure to name the file C0A80114.img and have it reachable at 192.168.1.1/24 $ tftpboot; bootm Installation ------------ 1. Connect to the booted device at 192.168.1.20 using username/password "ubnt". 2. Update the bootloader environment. $ fw_setenv devmode TRUE $ fw_setenv boot_openwrt "fdt addr \$(fdtcontroladdr); fdt rm /signature; bootubnt" $ fw_setenv bootcmd "run boot_openwrt" 3. Transfer the OpenWrt sysupgrade image to the device using SCP. 4. Check the mtd partition number for bs / kernel0 / kernel1 $ cat /proc/mtd 5. Set the bootselect flag to boot from kernel0 $ dd if=/dev/zero bs=1 count=1 of=/dev/mtdblock4 6. Write the OpenWrt sysupgrade image to both kernel0 as well as kernel1 $ dd if=openwrt.bin of=/dev/mtdblock6 $ dd if=openwrt.bin of=/dev/mtdblock7 7. Reboot the device. It should boot into OpenWrt. Below are the original installation instructions prior to the discovery of "devmode=TRUE". They are not required for installation and are documentation only. The bootloader employs signature verification on the FIT image configurations. This way, booting unauthorized image without patching the bootloader is not possible. Manually configuring the bootcmd in the U-Boot envronment won't work, as this is restored to the default value if modified. The bootloader is made up of three different parts. 1. The SPL performing early board initialization and providing a XModem recovery in case the PBL is missing 2. The PBL being the primary U-Boot application and containing the control FDT. It is LZMA packed with a uImage header. 3. A Ubiquiti standalone U-Boot application providing the main boot routine as well as their recovery mechanism. In a perfect world, we would only replace the PBL, as the SPL does not perform checks on the PBLs integrity. However, as the PBL is in the same eraseblock as the SPL, we need to at least rewrite both. The bootloader will only verify integrity in case it has a "signature" node in it's control device-tree. Renaming the signature node to something else will prevent this from happening. Warning: These instructions are based on the firmware intially shipped with the device and potentially brick your device in a way it can only be recovered using a SPI flasher. Only (!) proceed if you understand this! 1. Extract the bootloader from the U-Boot partition using the OpenWrt initramfs image. 2. Split the bootloader into it's 3 components: $ dd if=bootloader.bin of=spl.bin bs=1 skip=0 count=45056 $ dd if=bootloader.bin of=pbl.uimage bs=1 skip=45056 count=143360 $ dd if=bootloader.bin of=ubnt.uimage bs=1 skip=188416 3. Strip the uImage header from the PBL $ dd if=pbl.uimage of=pbl.lzma bs=64 skip=1 4. Decompress the PBL $ lzma -d pbl.lzma --single-stream The decompressed PBL sha256sum should be d8b406c65240d260cf15be5f97f40c1d6d1b6e61ec3abed37bb841c90fcc1235 5. Open the decompressed PBL using your favorite hexeditor. Locate the control FDT at offset 0x4CED0 (0xD00DFEED). At offset 0x4D5BC, the label for the signature node is located. Rename the "signature" string at this offset to "signaturr". The patched PBL sha256sum should be d028e374cdb40ba44b6e3cef2e4e8a8c16a3b85eb15d9544d24fdd10eed64c97 6. Compress the patched PBL $ lzma -z pbl --lzma1=dict=67108864 The resulting pbl.lzma file should have the sha256sum 7ae6118928fa0d0b3fe4ff81abd80ecfd9ba2944cb0f0a462b6ae65913088b42 7. Create the PBL uimage $ SOURCE_DATE_EPOCH=1607909492 mkimage -A mips -O u-boot -C lzma -n "U-Boot 2018.03 [UniFi,v1.1.40.71]" -a 84000000 -e 84000000 -T firmware -d pbl.lzma patched_pbl.uimage The resulting patched_pbl.uimage should have the sha256sum b90d7fa2dcc6814180d3943530d8d6b0d6a03636113c94e99af34f196d3cf2ce 8. Reassemble the complete bootloader $ dd if=patched_pbl.uimage of=aligned_pbl.uimage bs=143360 count=1 conv=sync $ cat spl.bin > patched_uboot.bin $ cat aligned_pbl.uimage >> patched_uboot.bin $ cat ubnt.uimage >> patched_uboot.bin The resulting patched_uboot.bin should have the sha256sum 3e1186f33b88a525687285c2a8b22e8786787b31d4648b8eee66c672222aa76b 9. Transfer your patched bootloader to the device. Also install the kmod-mtd-rw package using opkg and load it. $ insmod mtd-rw.ko i_want_a_brick=1 Write the patched bootloader to mtd0 $ mtd write patched_uboot.bin u-boot 10. Erase the kernel1 partition, as the bootloader might otherwise decide to boot from there. $ mtd erase kernel1 11. Transfer the OpenWrt sysupgrade image to the device and install using sysupgrade. FIT configurations ------------------ In the future, the MT7621 UniFi6 family can be supported by a single OpenWrt image. config@1: U6 Lite config@2: U6 IW config@3: U6 Mesh config@4: U6 Extender config@5: U6 LR-EA (Early Access - GA is MT7622) Signed-off-by: David Bauer <mail@david-bauer.net>