From: Lech Perczak Date: Sat, 22 Jul 2023 16:44:20 +0000 (+0200) Subject: ath79: support Fortinet FAP-220-B X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=0c47bdb9020a62e3358dc3878d614b8fac94fcd8;p=openwrt%2Fstaging%2Fthess.git ath79: support Fortinet FAP-220-B Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed access point with PoE input and single gigabit Ethernet interface. Hardware highlights: Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack. SoC: Atheros AR7161 (MIPS 24kc at 680MHz) RAM: 64MB DDR400 Flash: 16MB SPI-NOR Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band) Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band) Ethernet: Atheros AR8021 single gigabit Phy (RGMII) Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1) USB: Single USB 2.0 host port LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status (dual-colour, green and yellow) Buttons: reset button hidden in bottom grill, in the top row, 2nd column from the right. Label MAC address: eth0 FCC ID: TVE-220102 Serial port pinout: 3 - TxD 4 - GND 6 - RxD Installation: The same methods apply as for already supported FAP-221-B. For both methods, a backup of flash partitions is recommended, as stock firmware is not freely available on the internet. (a) Using factory image: 1. Connect console cable to the console port 2. Connect Ethernet interface to your PC 3. Start preferred terminal at 9600-8-N-1 4. Have a TFTP server running on the PC. 5. Put the "factory" image in TFTP root 6. Power on the device 7. Break boot sequence by pressing "Ctrl+C" 8. Press "G". The console will ask you for device IP, server IP, and filename. Enter them appropriately. The defaults are: Server IP: 192.168.1.1 # Update accordingly Device IP: 192.168.1.2 # Update accordingly Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin 9. The device will load the firmware over TFTP, and verify it. When verification passes, press "D" to continue installation. The device will reboot on completion. (b) Using initramfs + sysupgrade 1. Connect console cable to the console port 2. Connect Ethernet interface to your PC 3. Start preferred terminal at 9600-8-N-1 4. Have a TFTP server running on the PC. 5. Put the "initramfs" image in TFTP root 6. Power on the device. 7. Break boot sequence by pressing "Ctrl+C" 8. Enter hidden U-boot shell by pressing "K". The password is literal "1". 9. Load the initramfs over TFTP: > setenv serverip 192.168.1.1 # Your PC IP > setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet. > tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin > bootm 81000000 10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1" partitions, to allow restoring factory firmware in future: # cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin # cat /dev/mtd2 > /tmp/mtd2_loader.bin # cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin and then SCP them over to safety at your PC. 11. When the device boots, copy over the sysupgrade image, and execute normal upgrade: # sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin Return to stock firmware: 1. Boot initramfs image as per initial installation up to point 9 2. Copy over the previously backed up contents over network 3. Write the backed up contents back: # mtd write /tmp/mtd1_fwconcat0.bin fwconcat0 # mtd write /tmp/mtd2_loader.bin loader # mtd write /tmp/mtd3_fwconcat1.bin fwconcat1 4. Erase the reserved partition: # mtd erase reserved 5. Reboot the device Quirks and known issues: - The power LED blinking pattern is disrupted during boot, probably due to very slow serial console, which prints a lot during boot compared to stock FW. - "mac-address-ascii" device tree binding cannot yet be used for address stored in U-boot partition, because it expects the colons as delimiters, which this address lacks. Addresses found in ART partition are used instead. - Due to using kmod-owl-loader, the device will lack wireless interfaces while in initramfs, unless you compile it in. - The device heats up A LOT on the bottom, even when idle. It even contains a warning sticker there. - Stock firmware uses a fully read-write filesystem for its rootfs. - Stock firmware loads a lot of USB-serial converter drivers for use with built-in host, probably meant for hosting modem devices. - U-boot build of the device is stripped of all branding, despite that evidence of it (obviously) being U-boot can be found in the binary. - The user can break into hidden U-boot shell using key "K" after breaking boot sequence. The password is "1" (without quotes). - Telnet is available by default, with login "admin", without password. The same is true for serial console, both drop straight to the Busybox shell. - The web interface drops to the login page again, after successfull login. - Whole image authentication boils down to comparing a device ID against one stored in U-boot. - And this device is apparently made by a security company. Big thanks for Michael Pratt for providing support for FAP-221-B, which shares the entirety of image configuration with this device, this saved me a ton of work. Signed-off-by: Lech Perczak --- diff --git a/target/linux/ath79/dts/ar7161_fortinet_fap-220-b.dts b/target/linux/ath79/dts/ar7161_fortinet_fap-220-b.dts new file mode 100644 index 0000000000..331bc31714 --- /dev/null +++ b/target/linux/ath79/dts/ar7161_fortinet_fap-220-b.dts @@ -0,0 +1,183 @@ +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT + +#include "ar7100.dtsi" +#include "arxxxx_fortinet_loader.dtsi" + +#include +#include + +/ { + compatible = "fortinet,fap-220-b", "qca,ar7161"; + model = "Fortinet FAP-220-B"; + + chosen { + bootargs = "console=ttyS0,9600"; + }; + + aliases { + led-boot = &led_power; + led-failsafe = &led_power; + led-running = &led_power; + led-upgrade = &led_power; + label-mac-device = ð1; + }; + + keys { + compatible = "gpio-keys"; + reset { + label = "reset"; + linux,code = ; + gpios = <&gpio 8 GPIO_ACTIVE_LOW>; + debounce-interval = <60>; + }; + }; + + leds { + compatible = "gpio-leds"; + + led_power: power-green { + label = "green:power"; + gpios = <&gpio 4 GPIO_ACTIVE_HIGH>; + default-state = "on"; + }; + + status-green { + label = "green:status"; + gpios = <&gpio 1 GPIO_ACTIVE_LOW>; + }; + + status-yellow { + label = "yellow:status"; + gpios = <&gpio 0 GPIO_ACTIVE_LOW>; + panic-indicator; + }; + + mode-green { + label = "green:mode"; + gpios = <&gpio 5 GPIO_ACTIVE_LOW>; + }; + + mode-yellow { + label = "yellow:mode"; + gpios = <&gpio 6 GPIO_ACTIVE_LOW>; + }; + + wlan2g-green { + label = "green:wlan2g"; + gpios = <&ath9k0 5 GPIO_ACTIVE_LOW>; + linux,default-trigger = "phy0tpt"; + }; + + wlan2g-yellow { + label = "yellow:wlan2g"; + gpios = <&ath9k0 3 GPIO_ACTIVE_LOW>; + linux,default-trigger = "phy0assoc"; + }; + + wlan5g-green { + label = "green:wlan5g"; + gpios = <&ath9k1 5 GPIO_ACTIVE_LOW>; + linux,default-trigger = "phy1tpt"; + }; + + wlan5g-yellow { + label = "yellow:wlan5g"; + gpios = <&ath9k1 3 GPIO_ACTIVE_LOW>; + linux,default-trigger = "phy1assoc"; + }; + }; + + virtual_flash { + devices = <&fwconcat0 &fwconcat1 &fwconcat2>; + }; +}; + +&pcie0 { + status = "okay"; + + ath9k0: wifi@0,11 { /* 2.4 GHz */ + compatible = "pci168c,0029"; + reg = <0x8800 0 0 0 0>; + ieee80211-freq-limit = <2402000 2482000>; + nvmem-cells = <&macaddr_art_120c>, <&cal_art_1000>; + nvmem-cell-names = "mac-address", "calibration"; + mac-address-increment = <1>; + #gpio-cells = <2>; + gpio-controller; + }; + + ath9k1: wifi@0,12 { /* 5 GHz */ + compatible = "pci168c,0029"; + reg = <0x9000 0 0 0 0>; + ieee80211-freq-limit = <2402000 2482000 4900000 5990000>; + nvmem-cells = <&macaddr_art_520c>, <&cal_art_5000>; + nvmem-cell-names = "mac-address", "calibration"; + mac-address-increment = <9>; + #gpio-cells = <2>; + gpio-controller; + }; +}; + +&mdio0 { + status = "okay"; + + phy0: ethernet-phy@0 { + reg = <0x0>; + }; +}; + +ð0 { + status = "okay"; + compatible = "syscon", "simple-mfd"; +}; + +ð1 { + status = "okay"; + nvmem-cells = <&macaddr_art_120c>; + nvmem-cell-names = "mac-address"; + + pll-data = <0x00110000 0x00001099 0x00991099>; + phy-handle = <&phy0>; + phy-mode = "rgmii"; +}; + +&usb1 { + status = "okay"; +}; + +&usb_phy { + status = "okay"; +}; + +&uboot { + compatible = "nvmem-cells"; + #address-cells = <1>; + #size-cells = <1>; + + /* Currently doesn't work, because this one lacks colons as delimiters */ + macaddr_uboot_3ff80: mac-address-ascii@3ff80 { + reg = <0x3ff80 0xc>; + }; +}; + +&art { + compatible = "nvmem-cells"; + #address-cells = <1>; + #size-cells = <1>; + + cal_art_1000: calibration@1000 { + reg = <0x1000 0xeb8>; + }; + + macaddr_art_120c: mac-address@120c { + reg = <0x120c 0x6>; + }; + + cal_art_5000: calibration@5000 { + reg = <0x5000 0xeb8>; + }; + + macaddr_art_520c: mac-address@520c { + reg = <0x520c 0x6>; + }; +}; diff --git a/target/linux/ath79/generic/base-files/etc/board.d/02_network b/target/linux/ath79/generic/base-files/etc/board.d/02_network index 1b19d90a05..5d87ea8405 100644 --- a/target/linux/ath79/generic/base-files/etc/board.d/02_network +++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network @@ -47,6 +47,7 @@ ath79_setup_interfaces() engenius,ecb600|\ enterasys,ws-ap3705i|\ extreme-networks,ws-ap3805i|\ + fortinet,fap-220-b|\ fortinet,fap-221-b|\ glinet,gl-ar300m-lite|\ glinet,gl-usb150|\ diff --git a/target/linux/ath79/generic/base-files/lib/upgrade/platform.sh b/target/linux/ath79/generic/base-files/lib/upgrade/platform.sh index 67a3635075..a2b717ef34 100644 --- a/target/linux/ath79/generic/base-files/lib/upgrade/platform.sh +++ b/target/linux/ath79/generic/base-files/lib/upgrade/platform.sh @@ -55,6 +55,7 @@ platform_do_upgrade() { ROOTFS_FILE="root.squashfs" platform_do_upgrade_failsafe_datachk "$1" ;; + fortinet,fap-220-b|\ fortinet,fap-221-b) SKIP_HASH="1" ENV_SCRIPT="/dev/null" diff --git a/target/linux/ath79/image/generic.mk b/target/linux/ath79/image/generic.mk index d8ee3192c0..b74ce34509 100644 --- a/target/linux/ath79/image/generic.mk +++ b/target/linux/ath79/image/generic.mk @@ -1544,6 +1544,16 @@ define Device/fortinet_fap_common gzip-filename $$$$(FACTORY_IMG_NAME) endef +define Device/fortinet_fap-220-b + $(Device/fortinet_fap_common) + SOC := ar7161 + DEVICE_MODEL := FAP-220-B + FACTORY_IMG_NAME := FAP22B-9.99-AP-build999-999999-patch99 + DEVICE_PACKAGES := -uboot-envtools kmod-usb-ohci kmod-usb2 \ + kmod-owl-loader +endef +TARGET_DEVICES += fortinet_fap-220-b + define Device/fortinet_fap-221-b $(Device/fortinet_fap_common) SOC := ar9344