[openwrt/openwrt] firmware-utils/tplink-safeloader: add compat level

LEDE Commits lede-commits at lists.infradead.org
Wed Sep 9 13:42:58 EDT 2020 

stintel pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/14464e1128924e127f82df38865734136008f532

commit 14464e1128924e127f82df38865734136008f532
Author: Sander Vanheule <sander at svanheule.net>
AuthorDate: Sat Jul 11 23:06:54 2020 +0200

    firmware-utils/tplink-safeloader: add compat level
    
    TP-Link has introduced a compatibility level to prevent certain
    downgrades. This information is stored in the soft-version partition,
    changing the data length from 0xc to 0x10.
    
    The compatibility level doesn't change frequently. For example, it has
    the following values for the EAP245v3 (released 2018-Q4):
    * FW v2.2.0  (2019-05-30): compat_level=0
    * FW v2.3.0  (2019-07-31): compat_level=0
    * FW v2.3.1  (2019-10-29): compat_level=1
    * FW v2.20.0 (2020-04-23): compat_level=1
    
    Empty flash values (0xffffffff) are interpreted as compat_level=0.
    If a firmware upgrade file has a soft-version block without
    compatibility level (data length < 0x10), this is also interpreted as
    compat_level=0.
    
    By including a high enough compatibility level in factory images, stock
    firmware can be convinced to accept the image. A compatibility level
    aware firmware will keep the original value.
    
    Example upgrade log of TP-Link EAP245v3 FWv2.3.0 to FWv2.20.0:
        [NM_Debug](nm_fwup_verifyFwupFile) 02073: curSoftVer:2.3.0 Build
            20190731 Rel. 51932,newSoftVer:2.20.0 Build 20200423 Rel. 36779
        ...
        AddiHardwareVer check: NEW(0x1) >= CUR(0x0), Success.
        ...
        [NM_NOTICE](updateDataToNvram) 00575: Restore old additionalHardVer:
        0x0.(new 0x1)
        [NM_NOTICE](updateDataToNvram) 00607: PTN 07: name = soft-version,
            base = 0x00092000, size = 0x00000100 Bytes, upDataType = 1,
            upDataStart = 7690604b, upDataLen = 00000018
        [NM_Debug](updateDataToNvram) 00738: PTN 07: write bytes = 000002eb
    
    Other firmware upgrades have been observed to modify the compabitility
    stored level (e.g. TP-Link EAP225-Outdoor FWv1.4.1 to FWv1.7.0).
    Therefore, it seems to be the safest option to set the OpenWrt
    compatibility level to the highest known value instead of the highest
    possible value (0xfffffffe), to ensure users do not get unexpectedly
    refused firmware upgrades when using a device reverted back to stock.
    
    To remain compatible with existing devices and not produce different
    images, the image builder doesn't store a compatibility level if it is
    zero.
    
    Signed-off-by: Sander Vanheule <sander at svanheule.net>
---
 tools/firmware-utils/src/tplink-safeloader.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
index 145e80855a..9005ffa487 100644
--- a/tools/firmware-utils/src/tplink-safeloader.c
+++ b/tools/firmware-utils/src/tplink-safeloader.c
@@ -77,6 +77,7 @@ struct device_info {
 	const char *support_list;
 	char support_trail;
 	const char *soft_ver;
+	uint32_t soft_ver_compat_level;
 	struct flash_partition_entry partitions[MAX_PARTITIONS+1];
 	const char *first_sysupgrade_partition;
 	const char *last_sysupgrade_partition;
@@ -95,7 +96,6 @@ struct __attribute__((__packed__)) soft_version {
 	uint8_t month;
 	uint8_t day;
 	uint32_t rev;
-	uint8_t pad2;
 };
 
 
@@ -2140,8 +2140,13 @@ static inline uint8_t bcd(uint8_t v) {
 
 
 /** Generates the soft-version partition */
-static struct image_partition_entry make_soft_version(uint32_t rev) {
-	struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
+static struct image_partition_entry make_soft_version(struct device_info *info, uint32_t rev) {
+	size_t part_len = sizeof(struct soft_version);
+	if (info->soft_ver_compat_level > 0)
+		part_len += sizeof(uint32_t);
+
+	struct image_partition_entry entry =
+	    alloc_image_partition("soft-version", part_len+1);
 	struct soft_version *s = (struct soft_version *)entry.data;
 
 	time_t t;
@@ -2168,7 +2173,11 @@ static struct image_partition_entry make_soft_version(uint32_t rev) {
 	s->day = bcd(tm->tm_mday);
 	s->rev = htonl(rev);
 
-	s->pad2 = 0xff;
+	if (info->soft_ver_compat_level > 0)
+		*(uint32_t *)(entry.data + sizeof(struct soft_version)) =
+		    htonl(info->soft_ver_compat_level);
+
+	entry.data[entry.size-1] = 0xff;
 
 	return entry;
 }
@@ -2480,7 +2489,7 @@ static void build_image(const char *output,
 	if (info->soft_ver)
 		parts[1] = make_soft_version_from_string(info->soft_ver);
 	else
-		parts[1] = make_soft_version(rev);
+		parts[1] = make_soft_version(info, rev);
 
 	parts[2] = make_support_list(info);
 	parts[3] = read_file("os-image", kernel_image, false, NULL);

More information about the lede-commits mailing list