Re: [OpenWrt-Devel] [PATCH 1/2] ar71xx: sysupgrade for My Net Wi-Fi Range Extender

Christian Lamparter Fri, 29 Nov 2013 18:59:35 -0800

Hello Gabor, 

On Friday 29 November 2013 22:03:01 Gabor Juhos wrote:
> Sorry for the delay.
I was about to hit [RESEND] ;-).


> 
> > This patch enables the convenient sysupgrade feature for
> > WD's Wi-Fi Range Extender.
> > 
> > The procedure is pretty much SOP. However, there is one
> > small trick to it: The customized u-boot loader verifies
> > the image's CRC32 against a reference each time the
> > device boots. Now, In case of a jffs2-root filesystem
> > the reference checksum would have to be updated every
> > time something on the fs changes... Obviously, this
> > wouldn't be very practial.
> > 
> > Luckily, the bootloader check can be defeated by modifying
> > the TRX header after the flash.
> > 
> > Signed-off-by: Christian Lamparter <chunk...@googlemail.com>
> > ---
> > It seems the wrt160nl suffers from a similar issue. At least
> > there's an open ticket #8960 https://dev.openwrt.org/ticket/8960.
> > 
> > As far as I can tell, the current sysupgrade code already tries
> > to fix the TRX header (even on my Archer C7?!) but it fails: 
> > 
> > Writing from <stdin> to firmware ...
> > Appending jffs2 data from /tmp/sysupgrade.tgz to firmware...
> > TRX header not found Error fixing up TRX header.
> > 
> > This is because the current sysupgrade code doesn't know that
> > the TRX header has a offset (32 bytes from the beginning).
> > ---
> >  .../ar71xx/base-files/lib/upgrade/mynet-rext.sh    | 26 
> > ++++++++++++++++++++++
> >  .../ar71xx/base-files/lib/upgrade/platform.sh      |  6 +++++
> >  target/linux/ar71xx/image/Makefile                 |  3 +++
> >  3 files changed, 35 insertions(+)
> >  create mode 100644 target/linux/ar71xx/base-files/lib/upgrade/mynet-rext.sh
> > 
> > diff --git a/target/linux/ar71xx/base-files/lib/upgrade/mynet-rext.sh 
> > b/target/linux/ar71xx/base-files/lib/upgrade/mynet-rext.sh
> > new file mode 100644
> > index 0000000..ea4eddd
> > --- /dev/null
> > +++ b/target/linux/ar71xx/base-files/lib/upgrade/mynet-rext.sh
> > @@ -0,0 +1,26 @@
> > +#!/bin/sh
> > +
> > +. /lib/functions.sh
> > +. /lib/ar71xx.sh
> > +
> > +get_image_magic() {
> > +   local mtddev=$1
> > +   dd bs=8 count=1 skip=0 if=$mtddev 2>/dev/null | hexdump -v -n 8 -e '1/1 
> > "%02x"'
> > +}
> 
> This function is not used anywhere.
Uh, that's right! (this needs to be fixes)

AFICT, there are apparently two incompatible devices WD devices.
Both start with the same 4-Byte "WDHN" magic. However after 
that, things get complicated.

1. the Starfish Platform (this is my range extender) uses STFH 
(the full magic is WDHNSTFH).

2. the Seahorse Platform uses SHRS (WDHNSHRS).

This is why for wd hardware we need to check all 8 bytes.

> > +
> > +mynet_rext_check_image() {
> 
> The function can be used for the wrt160nl as well. It would be better to 
> rename
> it to cybertan_check_image or something similar.
Thanks! [Don't forget to close the WRT160NL ticket ;-)]

> > +   local magic="$(get_magic_long "$1")"
> > +   local fw_magic=$(get_magic_long "`find_mtd_part \"firmware\"`")
> > +
> > +   [ "$fw_magic" != "$magic" ] && {
> > +           echo "Invalid image, ID mismatch, got:$magic, but 
> > need:$fw_magic"
> > +           return 1
> > +   }
> > +
> > +   return 0;
> > +}
> 
> > +
> > +platform_do_upgrade_mynet_rext() {
> > +   default_do_upgrade "$ARGV"
> > +   mtd -o 32 fixtrx firmware
> > +}
> 
> Although this works, but it causes an extra erase of the first block of the
> firmware partition. We should patch the sysupgrade file on the host while
> we are building that and we should skip this extra step.
> 
> Can you try the attached patches instead please?

Didn't work. tried it twice, but sysupgrade bricked the device
(uboot complains about: Bad CRC).

However, it should be fixed now(tm).

I've attached my patches (add/merge them to your series):

0001-ar71xx-sysupgrade-for-My-Net-Wi-Fi-Range-Extender:
This is an update version of your 0003. Now, the script
really checks if all 8 byte matches.
[This replaces your 0003-ar71xx-sysupgrade...]

0002-firmware-utils-trx-fix-two-bugs: This fixes two bugs
in trx.c (The CRC32 wasn't calculated correctly if -F was
enabled).

0003-ar71xx-remove-trx-fixup: The preinit fixup is no longer
needed. We can delete the files and make the initial images
smaller.

Regards,

Christian

>From fed5c7692f66f0f9ad49f9e2f4c1534eec541395 Mon Sep 17 00:00:00 2001
From: Gabor Juhos <juh...@openwrt.org>
Date: Fri, 29 Nov 2013 21:59:48 +0100
Subject: [PATCH 1/3] ar71xx: sysupgrade for My Net Wi-Fi Range Extender

This patch enables the convenient sysupgrade feature for
WD's Wi-Fi Range Extender.

Signed-off-by: Christian Lamparter <chunk...@googlemail.com>
Patchwork: http://patchwork.openwrt.org/patch/4341/
[juhosg:
  - rename 'mynet_rext_check_image' function to 'cybertan_check_image'
    and move that into platform.sh,
  - remove the the model specific 'platform_do_upgrade_mynet_rext' function,
  - drop the mynet-rext.sh script,
  - remove the image/Makefile change,
  - update commit message]
[christian:
  - check all 8 bytes of the firmware/device magic]
Signed-off-by: Gabor Juhos <juh...@openwrt.org>
---
 target/linux/ar71xx/base-files/lib/ar71xx.sh        |  9 +++++++++
 .../linux/ar71xx/base-files/lib/upgrade/platform.sh | 21 +++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh b/target/linux/ar71xx/base-files/lib/ar71xx.sh
index e0b8830..0b18d0c 100755
--- a/target/linux/ar71xx/base-files/lib/ar71xx.sh
+++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh
@@ -53,6 +53,15 @@ wndr3700_board_detect() {
 	AR71XX_MODEL="$machine"
 }
 
+cybertan_get_hw_magic() {
+	local part
+
+	part=$(find_mtd_part firmware)
+	[ -z "$part" ] && return 1
+
+	dd bs=8 count=1 skip=0 if=$part 2>/dev/null | hexdump -v -n 8 -e '1/1 "%02x"'
+}
+
 tplink_get_hwid() {
 	local part
 
diff --git a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh
index 839ba4e..9d42404 100755
--- a/target/linux/ar71xx/base-files/lib/upgrade/platform.sh
+++ b/target/linux/ar71xx/base-files/lib/upgrade/platform.sh
@@ -73,6 +73,22 @@ seama_get_type_magic() {
 	get_image "$@" | dd bs=1 count=4 skip=53 2>/dev/null | hexdump -v -n 4 -e '1/1 "%02x"'
 }
 
+cybertan_get_image_magic() {
+	get_image "$@" | dd bs=8 count=1 skip=0  2>/dev/null | hexdump -v -n 8 -e '1/1 "%02x"'
+}
+
+cybertan_check_image() {
+	local magic="$(cybertan_get_image_magic "$1")"
+	local fw_magic="$(cybertan_get_hw_magic)"
+
+	[ "$fw_magic" != "$magic" ] && {
+		echo "Invalid image, ID mismatch, got:$magic, but need:$fw_magic"
+		return 1
+	}
+
+	return 0
+}
+
 platform_check_image() {
 	local board=$(ar71xx_board_name)
 	local magic="$(get_magic_word "$1")"
@@ -155,6 +171,11 @@ platform_check_image() {
 		dir825b_check_image "$1" && return 0
 		;;
 
+	mynet-rext)
+		cybertan_check_image "$1" && return 0
+		return 1
+		;;
+
 	mynet-n600)
 		[ "$magic_long" != "5ea3a417" ] && {
 			echo "Invalid image, bad magic: $magic_long"
-- 
1.8.4.4

>From 2cd3f5507f6857b34eb992f9b9cbfb5a19927e2f Mon Sep 17 00:00:00 2001
From: Christian Lamparter <chunk...@googlemail.com>
Date: Sat, 30 Nov 2013 03:22:03 +0100
Subject: [PATCH 3/3] ar71xx: remove trx fixup

This is no longer needed. The TRX header is now "fixed"
during image creation.

Signed-off-by: Christian Lamparter <chunk...@googlemail.com>
---
 .../base-files/etc/uci-defaults/09_fix-trx-header     | 19 -------------------
 1 file changed, 19 deletions(-)
 delete mode 100644 target/linux/ar71xx/base-files/etc/uci-defaults/09_fix-trx-header

diff --git a/target/linux/ar71xx/base-files/etc/uci-defaults/09_fix-trx-header b/target/linux/ar71xx/base-files/etc/uci-defaults/09_fix-trx-header
deleted file mode 100644
index 1bfd525..0000000
--- a/target/linux/ar71xx/base-files/etc/uci-defaults/09_fix-trx-header
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-#
-# Copyright (C) 2010 OpenWrt.org
-#
-
-. /lib/ar71xx.sh
-
-board=$(ar71xx_board_name)
-
-fixtrx() {
-	mtd -o 32 fixtrx firmware
-}
-
-case "$board" in
-mynet-rext |\
-wrt160nl)
-	fixtrx
-	;;
-esac
-- 
1.8.4.4

>From a3b6c6dada838cffe578991a876ba3243100d99b Mon Sep 17 00:00:00 2001
From: Christian Lamparter <chunk...@googlemail.com>
Date: Sat, 30 Nov 2013 03:18:18 +0100
Subject: [PATCH 2/3] firmware-utils/trx: fix two bugs

 - fix crc32 calculation if -F was enabled.

 - don't convert the crc32 to little endian twice.

Signed-off-by: Christian Lamparter <chunk...@googlemail.com>
---
 tools/firmware-utils/src/trx.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tools/firmware-utils/src/trx.c b/tools/firmware-utils/src/trx.c
index 8e95d98..e3b6a39 100644
--- a/tools/firmware-utils/src/trx.c
+++ b/tools/firmware-utils/src/trx.c
@@ -273,11 +273,10 @@ int main(int argc, char **argv)
 	}
 
 	p->crc32 = crc32buf((char *) &p->flag_version,
-						(fsmark)?fsmark:cur_len - offsetof(struct trx_header, flag_version));
+						((fsmark)?fsmark:cur_len) - offsetof(struct trx_header, flag_version));
 	p->crc32 = STORE32_LE(p->crc32);
 
 	p->len = STORE32_LE((fsmark) ? fsmark : cur_len);
-	p->len = STORE32_LE(p->len);
 
 	/* restore TRXv2 bin-header */
 	if (trx_version == 2) {
-- 
1.8.4.4

_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH 1/2] ar71xx: sysupgrade for My Net Wi-Fi Range Extender

Reply via email to