From 72466aaeb90bff618eaec83ca00b4aa99cb837c5 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Thu, 23 Jun 2022 17:50:03 -0300 Subject: [PATCH] realtek: add DGS-1210-28 factory image DGS-1210 switches support dual image, with each image composed of a kernel and a rootfs partition. For image1, kernel and rootfs are in sequence. The current OpenWrt image (written using a serial console), uses those partitions together as the firmware partition, ignoring the partition division. The current OEM u-boot fails to validate image1 but it will only trigger firmware recovery if both image1 and image2 fail, and it does not switch the boot image in case one of them fails the check. The OEM factory image is composed of concatenated blocks of data, each one prefixed with a 0x40-byte cameo header. A normal OEM firmware will have two of these blocks (kernel, rootfs). The OEM firmware only checks the header before writing unconditionally the data (except the header) to the correspoding partition. The OpenWrt factory image mimics the OEM image by cutting the kernel+rootfs firmware at the exact size of the OEM kernel partition and packing it as "the kernel partition" and the rest of the kernel and the rootfs as "the rootfs partition". It will only work if written to image1 because image2 has a sysinfo partition between kernel2 and rootfs2, cutting the kernel code in the middle. Steps to install: 1) switch to image2 (containing an OEM image), using web or these CLI commands: - config firmware image_id 2 boot_up - reboot 2) flash the factory_image1.bin to image1. OEM web (v6.30.016) is crashing for any upload (ssh keys, firmware), even applying OEM firmwares. These CLI commands can upload a new firmware to the other image location (not used to boot): - download firmware_fromTFTP factory_image1.bin - config firmware image_id 1 boot_up - reboot To debrick the device, you'll need serial access. If you want to recover to an OpenWrt, you can replay the serial installation instructions. For returning to the original firmware, press ESC during the boot to trigger the emergency firmware recovery procedure. After that, use D-Link Network Assistant v2.0.2.4 to flash a new firmware. The device documentation does describe that holding RESET for 12s trigger the firmware recovery. However, the latest shipped U-Boot "2011.12.(2.1.5.67086)-Candidate1" from "Aug 24 2021 - 17:33:09" cannot trigger that from a cold boot. In fact, any U-Boot procedure that relies on the RESET button, like reset settings, will only work if started from a running original firmware. That, in practice, cancels the benefit of having two images and a firmware recovery procedure (if you are not consider dual-booting OpenWrt). Signed-off-by: Luiz Angelo Daros de Luca (cherry picked from commit 1005dc0a64587e954364ff3a64bbb38b2ca371cd) --- target/linux/realtek/image/Makefile | 18 +++++++++++++++++- target/linux/realtek/image/rtl838x.mk | 8 ++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/target/linux/realtek/image/Makefile b/target/linux/realtek/image/Makefile index 026c6e0068..b54a1f0a8d 100644 --- a/target/linux/realtek/image/Makefile +++ b/target/linux/realtek/image/Makefile @@ -6,7 +6,8 @@ include $(INCLUDE_DIR)/image.mk KERNEL_LOADADDR = 0x80000000 KERNEL_ENTRY = 0x80000400 -DEVICE_VARS += ZYXEL_VERS +DEVICE_VARS += ZYXEL_VERS DLINK_KERNEL_PART_SIZE +DEVICE_VARS += CAMEO_KERNEL_PART CAMEO_ROOTFS_PART CAMEO_CUSTOMER_SIGNATURE CAMEO_BOARD_VERSION define Build/zyxel-vers ( echo VERS;\ @@ -16,6 +17,21 @@ define Build/zyxel-vers done ) >> $@ endef +define Build/dlink-headers + dd if=$@ bs=$(DLINK_KERNEL_PART_SIZE) count=1 of=$@.kernel_part; \ + dd if=$@ bs=$(DLINK_KERNEL_PART_SIZE) skip=1 of=$@.rootfs_part; \ + $(SCRIPT_DIR)/cameo-imghdr.py $@.kernel_part $@.kernel_part.hex \ + "$(DEVICE_MODEL)" os $(CAMEO_KERNEL_PART) \ + $(CAMEO_CUSTOMER_SIGNATURE) \ + $(CAMEO_BOARD_VERSION) \ + $(KERNEL_LOADADDR); \ + $(SCRIPT_DIR)/cameo-imghdr.py $@.rootfs_part $@.rootfs_part.hex \ + "$(DEVICE_MODEL)" squashfs $(CAMEO_ROOTFS_PART) \ + $(CAMEO_CUSTOMER_SIGNATURE) \ + $(CAMEO_BOARD_VERSION); \ + cat $@.kernel_part.hex $@.rootfs_part.hex > $@ +endef + define Device/Default PROFILES = Default KERNEL := kernel-bin | append-dtb | gzip | uImage gzip diff --git a/target/linux/realtek/image/rtl838x.mk b/target/linux/realtek/image/rtl838x.mk index 289e37db16..e71106d571 100644 --- a/target/linux/realtek/image/rtl838x.mk +++ b/target/linux/realtek/image/rtl838x.mk @@ -15,6 +15,7 @@ define Device/d-link_dgs-1210 SOC := rtl8382 IMAGE_SIZE := 13824k DEVICE_VENDOR := D-Link + DLINK_KERNEL_PART_SIZE := 1572864 endef define Device/d-link_dgs-1210-10p @@ -33,6 +34,13 @@ TARGET_DEVICES += d-link_dgs-1210-16 define Device/d-link_dgs-1210-28 $(Device/d-link_dgs-1210) DEVICE_MODEL := DGS-1210-28 + CAMEO_KERNEL_PART := 2 + CAMEO_ROOTFS_PART := 3 + CAMEO_CUSTOMER_SIGNATURE := 2 + CAMEO_BOARD_VERSION := 32 + IMAGES += factory_image1.bin + IMAGE/factory_image1.bin := append-kernel | pad-to 64k | \ + append-rootfs | pad-rootfs | pad-to 16 | check-size | dlink-headers endef TARGET_DEVICES += d-link_dgs-1210-28 -- 2.30.2