[LEDE-DEV] Proper way to deal with "dual firmware" ar71xx devices

Alberto Bursi alberto.bursi at outlook.it
Sun Apr 23 12:54:56 PDT 2017



On 04/23/2017 08:40 PM, Bjørn Mork wrote:
> Hello,
>
> Many devices make use of "dual firmware" configurations, splitting the
> available flash and allowing two complete and independent installations.
> This works fine for devices like the Linksys WRT1900AC etc, where the
> boot loader make sure the kernel command line "root=" parameter matches
> the booted kernel.
>
> It does not work so well with ar71xx devices like the Ubiquiti UniFi AC
> Pro. The original firmware use this layout:
>
> dev:    size   erasesize  name
> mtd0: 00060000 00010000 "u-boot"
> mtd1: 00010000 00010000 "u-boot-env"
> mtd2: 00790000 00010000 "kernel0"
> mtd3: 00790000 00010000 "kernel1"
> mtd4: 00020000 00010000 "bs"
> mtd5: 00040000 00010000 "cfg"
> mtd6: 00010000 00010000 "EEPROM"
>
>
> The current LEDE images configure this as:
>    MTDPARTS = spi0.0:384k(u-boot)ro,64k(u-boot-env)ro,7744k(firmware),7744k(ubnt-airos)ro,128k(bs)ro,256k(cfg)ro,64k(EEPROM)ro
>
>
> Note that "kernel0" is statically mapped to "firmware", and that
> "kernel1" (or "ubnt-airos") is made read-only.  This sort of works as
> long as LEDE is installed on "kernel0". But LEDE/OpenWrt does its magic
> partition splitting based of the "firmware" partifion name.  And it will
> do this even if the currently booting LEDE kernel is located on
> "ubnt-airos"/"kernel1".
>
> Due to limited understanding of how the Ubiquiti U-Boot selects between
> "kernel0" and "kernel1", there are instructions out there telling users
> to try to install LEDE on both "kernel0" and "kernel1".  But what
> happens if the boot loader is actually loading the "kernel1" image? We
> will then have a system with the kernel loaded from "kernel1" but the
> rootfs loaded from "kernel0".  This is bad.  When sysupgrading, the
> image on "kernel0" (aka "firmare") is replaced, But the boot loader will
> still continue to load the old LEDE kernel from "kernel1".  If you are
> lucky, it will boot successfully using the new rootfs.  You can then use
> the mtd-rw package to make "ubnt-airos" writeable and copy the new
> kernel there.  Extremely confusing and unfriendly to users...
>
> This should be fixed somehow.  But I don't know how.  The best would be
> to make the kernel dynamically figure out which of the partitions it
> booted from and then force the rootfs there.  But I don't know if this
> can be done without the help of the boot loader?
>
> Another option would be to make two different systems, where the command
> line for the "kernel1" installation switched the order of the "firmware"
> and "ubnt-airos" partitions.  But this would require the user to select
> the correct image on installation. Not exactly user friendy...
>
> Any better ideas or advice is appreciated.
>
> Until this problem is resolved, I believe all installation instructions
> for such devices should emphasize that LEDE/OpenWrt *must* be installed
> on "kernel0" only!
>
> Note that the boot loader appears to select "kernel0" or "kernel1" based
> on the first bit of the "bs" partition.  This partition contains two
> 32bit numbers, where the first one is 0x80000000 if "kernel1" is booted
> and 0x00000000 if  "kernel0".  The second number appears to be a magic,
> and is always 0xa34de82b (both numbers given as big endian here).  The
> rest of the partition are zeroes.
>
>
>
>
> Bjørn
>
>

Can this  "bs" partition be manipulated on installation or later? If it 
can be manipulated it's not that hard to just erase the flash with the 
first 32bit number so it is 0x00 or maybe add a check in sysupgrade 
procedure that reads that and automatically erases the cells if it finds 
them not at 0x00 already.

-Alberto


More information about the Lede-dev mailing list