Hardware
--------
SoC: Freescale P1010
RAM: 512MB
FLASH: 1 MB SPI-NOR
512 MB NAND
ETH: 3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC: Battery-Backed RTC (I2C)
Installation
------------
1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
programmer. The SHA1 hash for the U-Boot password is currently
unknown.
A tool for patching U-Boot is available at
https://github.com/blocktrron/t10-uboot-patcher/
You can also patch the unknown password yourself. The SHA1 hash is
E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA
2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
The patched password is '1234' (without quotation marks)
3. Download the OpenWrt initramfs image. Copy it to a TFTP server
reachable at 10.0.1.13/24 and rename it to uImage.
4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.
5. Download and boot the initramfs image by entering "tftpboot; bootm;"
in U-Boot.
6. After OpenWrt booted, create a UBI volume on the old data partition.
The "ubi" mtd partition should be mtd7, check this using
$ cat /proc/mtd
Create a UBI partition by executing
$ ubiformat /dev/mtd7 -y
7. Increase the loadable kernel-size of U-Boot by executing
$ fw_setenv SysAKernSize 800000
8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
scp. Install the image by using sysupgrade:
$ sysupgrade -n <path-to-sysupgrade>
Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
have to change the ethernet-port.
9. OpenWrt should now boot from the internal NAND. Enjoy.
Signed-off-by: David Bauer <mail@david-bauer.net>
ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x20000" "0x20000"
;;
+watchguard,firebox-t10)
+ ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x2000" "0x10000"
+ ;;
aerohive,hiveap-330)
ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x20000" "0x10000"
;;
ucidef_set_interfaces_lan_wan "lan1 lan2 lan3 lan4" "wan"
ucidef_set_interface_macaddr "wan" "$(macaddr_add $(mtd_get_mac_binary u-boot 0x4fc00) 1)"
;;
+watchguard,firebox-t10)
+ ucidef_set_interfaces_lan_wan "eth1 eth2" "eth0"
+ ;;
*)
ucidef_set_interfaces_lan_wan "eth0" "eth1"
;;
ip link set dev eth0 address $(mtd_get_mac_ascii cfg1 ethaddr)
ip link set dev eth1 address $(mtd_get_mac_ascii cfg1 eth1addr)
;;
+ watchguard,firebox-t10)
+ ip link set dev eth0 address "$(mtd_get_mac_text "device_id" 0x1830)"
+ ip link set dev eth1 address "$(mtd_get_mac_text "device_id" 0x1844)"
+ ip link set dev eth2 address "$(mtd_get_mac_text "device_id" 0x1858)"
+ ;;
esac
}
case "$board" in
ocedo,panda|\
- sophos,red-15w-rev1)
+ sophos,red-15w-rev1|\
+ watchguard,firebox-t10)
nand_do_upgrade "$1"
;;
*)
CONFIG_TICK_CPU_ACCOUNTING=y
CONFIG_TINY_SRCU=y
# CONFIG_TL_WDR4900_V1 is not set
+# CONFIG_FIREBOX_T10 is not set
# CONFIG_TOOLCHAIN_DEFAULT_CPU is not set
# CONFIG_TQM8540 is not set
# CONFIG_TQM8541 is not set
# CONFIG_XES_MPC85xx is not set
CONFIG_XZ_DEC_BCJ=y
CONFIG_XZ_DEC_POWERPC=y
+# CONFIG_FIREBOX_T10 is not set
--- /dev/null
+// SPDX-License-Identifier: GPL-2.0-or-later or MIT
+
+#include <dt-bindings/input/input.h>
+#include <dt-bindings/gpio/gpio.h>
+
+/include/ "fsl/p1010si-pre.dtsi"
+
+/ {
+ model = "Watchguard Firebox T10";
+ compatible = "watchguard,firebox-t10";
+
+ chosen {
+ bootargs = "console=ttyS0,115200";
+ bootargs-override = "console=ttyS0,115200";
+ };
+
+ aliases {
+ spi0 = &spi0;
+ led-boot = &led_mode;
+ led-failsafe = &led_failover;
+ led-running = &led_mode;
+ led-upgrade = &led_attention;
+ };
+
+ memory {
+ device_type = "memory";
+ };
+
+ leds {
+ compatible = "gpio-leds";
+
+ led_attention: attention_orange {
+ gpios = <&gpio0 2 GPIO_ACTIVE_LOW>;
+ label = "orange:attention";
+ };
+
+ status_red {
+ gpios = <&gpio0 3 GPIO_ACTIVE_LOW>;
+ label = "red:status";
+ };
+
+ led_mode: mode_green {
+ gpios = <&gpio0 4 GPIO_ACTIVE_LOW>;
+ label = "green:mode";
+ };
+
+ led_failover: failover_green {
+ gpios = <&gpio0 5 GPIO_ACTIVE_LOW>;
+ label = "green:failover";
+ };
+ };
+
+ buttons {
+ compatible = "gpio-keys";
+
+ reset {
+ label = "Reset button";
+ gpios = <&gpio0 10 GPIO_ACTIVE_LOW>;
+ linux,code = <KEY_RESTART>;
+ };
+ };
+
+
+ soc: soc@ffe00000 {
+ ranges = <0x0 0x0 0xffe00000 0x100000>;
+
+ i2c@3000 {
+ rtc@30 {
+ compatible = "sii,s35390a";
+ reg = <0x30>;
+ };
+ };
+
+ spi0: spi@7000 {
+ flash@0 {
+ compatible = "jedec,spi-nor";
+ reg = <0>;
+ spi-max-frequency = <25000000>;
+
+ partitions {
+ compatible = "fixed-partitions";
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ uboot: partition@0 {
+ reg = <0x0 0x90000>;
+ label = "u-boot";
+ read-only;
+ };
+
+ partition@90000 {
+ reg = <0x90000 0x10000>;
+ label = "u-boot-env";
+ };
+
+ partition@a0000 {
+ reg = <0xa0000 0x20000>;
+ label = "cfgxxx";
+ read-only;
+ };
+
+ partition@c0000 {
+ reg = <0xc0000 0x40000>;
+ label = "device_id";
+ read-only;
+ };
+ };
+ };
+ };
+
+ gpio0: gpio-controller@fc00 {
+ };
+
+ usb@22000 {
+ phy_type = "utmi";
+ dr_mode = "host";
+ };
+
+ mdio@24000 {
+ phy1: ethernet-phy@1 {
+ reg = <0x1>;
+ };
+
+ phy2: ethernet-phy@2 {
+ reg = <0x2>;
+ };
+
+ phy3: ethernet-phy@3 {
+ reg = <0x3>;
+ };
+ };
+
+ mdio@25000 {
+ tbi_phy1: tbi-phy@11 {
+ reg = <0x11>;
+ device_type = "tbi-phy";
+ };
+ };
+
+ mdio@26000 {
+ tbi_phy2: tbi-phy@11 {
+ reg = <0x11>;
+ device_type = "tbi-phy";
+ };
+ };
+
+ enet0: ethernet@b0000 {
+ phy-handle = <&phy1>;
+ phy-connection-type = "rgmii-id";
+ };
+
+ enet1: ethernet@b1000 {
+ tbi-handle = <&tbi_phy1>;
+ phy-handle = <&phy2>;
+ phy-connection-type = "sgmii";
+ };
+
+ enet2: ethernet@b2000 {
+ tbi-handle = <&tbi_phy2>;
+ phy-handle = <&phy3>;
+ phy-connection-type = "sgmii";
+ };
+
+ sdhc@2e000 {
+ status = "disabled";
+ };
+
+ serial1: serial@4600 {
+ status = "disabled";
+ };
+
+ can0: can@1c000 {
+ status = "disabled";
+ };
+
+ can1: can@1d000 {
+ status = "disabled";
+ };
+ };
+
+ pci0: pcie@ffe09000 {
+ status = "disabled";
+ };
+
+ pci1: pcie@ffe0a000 {
+ status = "disabled";
+ };
+
+ ifc: ifc@ffe1e000 {
+ reg = <0x0 0xffe1e000 0 0x2000>;
+
+ /* NOR, NAND Flashes and CPLD on board */
+ ranges = <0x0 0x0 0x0 0xee000000 0x02000000
+ 0x1 0x0 0x0 0xff800000 0x00010000
+ 0x3 0x0 0x0 0xffb00000 0x00000020>;
+
+ nand@1,0 {
+ compatible = "fsl,ifc-nand";
+ reg = <0x1 0x0 0x10000>;
+
+ partitions {
+ compatible = "fixed-partitions";
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ /*
+ * Original partition layout:
+ * 0x000000000000-0x000000020000 : "NAND (RW) WG DTB Image"
+ * 0x000000020000-0x000000520000 : "NAND (RW) WG SYSA Kernel"
+ * 0x000000520000-0x000007f00000 : "NAND (RW) WG SYSA_CODE"
+ * 0x000007f00000-0x000008400000 : "NAND (RW) WG SYSB Kernel"
+ * 0x000008400000-0x000009c00000 : "NAND (RW) WG SYSB_CODE"
+ * 0x000009c00000-0x00000a100000 : "NAND (RW) WG SYSA2 Kernel"
+ * 0x00000a100000-0x000011ae0000 : "NAND (RW) WG SYSA_CODE2"
+ * 0x000011ae0000-0x000020000000 : "NAND (RW) WG SYSA_DATA"
+ */
+
+ partition@0 {
+ reg = <0x0 0x20000>;
+ label = "wg-dtb";
+ read-only;
+ };
+
+ partition@20000 {
+ reg = <0x20000 0x500000>;
+ label = "kernel";
+ };
+
+ partition@520000 {
+ reg = <0x520000 0x79e0000>;
+ label = "wg-sysa-rootfs";
+ read-only;
+ };
+
+ partition@7f00000 {
+ reg = <0x7f00000 0x500000>;
+ label = "wg-sysb-kernel";
+ read-only;
+ };
+
+ partition@8400000 {
+ reg = <0x8400000 0x1800000>;
+ label = "wg-sysb-rootfs";
+ read-only;
+ };
+
+ partition@9c00000 {
+ reg = <0x9c00000 0x500000>;
+ label = "wg-sysa2-kernel";
+ read-only;
+ };
+
+ partition@a100000 {
+ reg = <0xa100000 0x79e0000>;
+ label = "wg-sysa2-rootfs";
+ read-only;
+ };
+
+ partition@11ae0000 {
+ reg = <0x11ae0000 0xe520000>;
+ label = "ubi";
+ };
+ };
+ };
+ };
+};
+
+/include/ "fsl/p1010si-post.dtsi"
--- /dev/null
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+/*
+ * Watchguard Firebox T10 Board Setup
+ *
+ * Copyright (C) 2023 David Bauer <mail@david-bauer.net>
+ *
+ * Based on:
+ * p1010rdb.c:
+ * P1010 RDB Board Setup
+ * Copyright 2011 Freescale Semiconductor Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ */
+
+#include <linux/stddef.h>
+#include <linux/kernel.h>
+#include <linux/delay.h>
+#include <linux/interrupt.h>
+#include <linux/of_platform.h>
+
+#include <asm/time.h>
+#include <asm/machdep.h>
+#include <asm/pci-bridge.h>
+#include <mm/mmu_decl.h>
+#include <asm/prom.h>
+#include <asm/udbg.h>
+#include <asm/mpic.h>
+
+#include <sysdev/fsl_soc.h>
+#include <sysdev/fsl_pci.h>
+
+#include "mpc85xx.h"
+
+void __init firebox_t10_pic_init(void)
+{
+ struct mpic *mpic;
+
+ mpic = mpic_alloc(NULL, 0,
+ MPIC_BIG_ENDIAN | MPIC_SINGLE_DEST_CPU,
+ 0, 256, " OpenPIC ");
+
+ BUG_ON(mpic == NULL);
+ mpic_init(mpic);
+}
+
+/*
+ * Setup the architecture
+ */
+static void __init firebox_t10_setup_arch(void)
+{
+ if (ppc_md.progress)
+ ppc_md.progress("firebox_t10_setup_arch()", 0);
+
+ fsl_pci_assign_primary();
+
+ pr_info("Firebox T10 from Watchguard\n");
+}
+
+machine_arch_initcall(firebox_t10, mpc85xx_common_publish_devices);
+
+/*
+ * Called very early, device-tree isn't unflattened
+ */
+static int __init firebox_t10_probe(void)
+{
+ if (of_machine_is_compatible("watchguard,firebox-t10"))
+ return 1;
+ return 0;
+}
+
+define_machine(firebox_t10) {
+ .name = "P1010 RDB",
+ .probe = firebox_t10_probe,
+ .setup_arch = firebox_t10_setup_arch,
+ .init_IRQ = firebox_t10_pic_init,
+#ifdef CONFIG_PCI
+ .pcibios_fixup_bus = fsl_pcibios_fixup_bus,
+ .pcibios_fixup_phb = fsl_pcibios_fixup_phb,
+#endif
+ .get_irq = mpic_get_irq,
+ .calibrate_decr = generic_calibrate_decr,
+ .progress = udbg_progress,
+};
endef
TARGET_DEVICES += tplink_tl-wdr4900-v1
+define Device/watchguard_firebox-t10
+ DEVICE_VENDOR := Watchguard
+ DEVICE_MODEL := Firebox T10
+ DEVICE_PACKAGES := kmod-rtc-s35390a kmod-eeprom-at24
+ KERNEL = kernel-bin | gzip | fit gzip $(KDIR)/image-$$(DEVICE_DTS).dtb
+ IMAGES := sysupgrade.bin
+ IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata
+endef
+TARGET_DEVICES += watchguard_firebox-t10
+
define Device/sophos_red-15w-rev1
DEVICE_VENDOR := Sophos
DEVICE_MODEL := RED 15w
CONFIG_AT803X_PHY=y
+CONFIG_CMDLINE_OVERRIDE=y
# CONFIG_FSL_CORENET_CF is not set
CONFIG_MTD_NAND_FSL_IFC=y
CONFIG_MTD_SPLIT_FIRMWARE=y
CONFIG_REGULATOR=y
CONFIG_TL_WDR4900_V1=y
CONFIG_UBIFS_FS=y
+CONFIG_FIREBOX_T10=y
\ No newline at end of file
--- /dev/null
+--- a/arch/powerpc/platforms/85xx/Kconfig
++++ b/arch/powerpc/platforms/85xx/Kconfig
+@@ -92,6 +92,16 @@ config WS_AP3825I
+ This board is a Concurrent Dual-Band wireless access point with a
+ Freescale P1020 SoC.
+
++config FIREBOX_T10
++ bool "Watchguard Firebox T10"
++ select DEFAULT_UIMAGE
++ select ARCH_REQUIRE_GPIOLIB
++ select GPIO_MPC8XXX
++ help
++ This option enables support for the Watchguard Firebox T10 board.
++ This board is a VPN Gateway-Router with a
++ Freescale P1010 SoC.
++
+ config MPC8540_ADS
+ bool "Freescale MPC8540 ADS"
+ select DEFAULT_UIMAGE
+--- a/arch/powerpc/platforms/85xx/Makefile
++++ b/arch/powerpc/platforms/85xx/Makefile
+@@ -28,6 +28,7 @@ obj-$(CONFIG_PANDA) += panda.o
+ obj-$(CONFIG_TWR_P102x) += twr_p102x.o
+ obj-$(CONFIG_WS_AP3710I) += ws-ap3710i.o
+ obj-$(CONFIG_WS_AP3825I) += ws-ap3825i.o
++obj-$(CONFIG_FIREBOX_T10) += firebox_t10.o
+ obj-$(CONFIG_CORENET_GENERIC) += corenet_generic.o
+ obj-$(CONFIG_FB_FSL_DIU) += t1042rdb_diu.o
+ obj-$(CONFIG_RED_15W_REV1) += red15w_rev1.o
--- /dev/null
+--- a/arch/powerpc/platforms/85xx/Kconfig
++++ b/arch/powerpc/platforms/85xx/Kconfig
+@@ -92,6 +92,16 @@ config WS_AP3825I
+ This board is a Concurrent Dual-Band wireless access point with a
+ Freescale P1020 SoC.
+
++config FIREBOX_T10
++ bool "Watchguard Firebox T10"
++ select DEFAULT_UIMAGE
++ select ARCH_REQUIRE_GPIOLIB
++ select GPIO_MPC8XXX
++ help
++ This option enables support for the Watchguard Firebox T10 board.
++ This board is a VPN Gateway-Router with a
++ Freescale P1010 SoC.
++
+ config MPC8540_ADS
+ bool "Freescale MPC8540 ADS"
+ select DEFAULT_UIMAGE
+--- a/arch/powerpc/platforms/85xx/Makefile
++++ b/arch/powerpc/platforms/85xx/Makefile
+@@ -28,6 +28,7 @@ obj-$(CONFIG_PANDA) += panda.o
+ obj-$(CONFIG_TWR_P102x) += twr_p102x.o
+ obj-$(CONFIG_WS_AP3710I) += ws-ap3710i.o
+ obj-$(CONFIG_WS_AP3825I) += ws-ap3825i.o
++obj-$(CONFIG_FIREBOX_T10) += firebox_t10.o
+ obj-$(CONFIG_CORENET_GENERIC) += corenet_generic.o
+ obj-$(CONFIG_FB_FSL_DIU) += t1042rdb_diu.o
+ obj-$(CONFIG_RED_15W_REV1) += red15w_rev1.o