> On 2022-07-25 13:54, Bjørn Mork wrote: > Ian Pangilinan <[email protected]> writes: > >> The device comes in two variants depending on where the bootloader >> loads the kernel. One variant where the bootloader loads at 0xbc140000 >> (mtd4), and another at 0xbe800000 (mtd5). This patch is for the >> latter. >> I haven't found a way to change this behavior, so I'm making a >> distinction between the two. >> >> This is the MTD partitions from the stock firmware: >> >> 0x000000000000-0x000007f80000 : "ALL" >> 0x000000000000-0x000000080000 : "Bootloader" >> 0x000000080000-0x000000100000 : "Config" >> 0x000000100000-0x000000140000 : "Factory" >> 0x000000140000-0x000002800000 : "firmware1" >> 0x000002800000-0x000004ec0000 : "firmware2" >> 0x000002996dfc-0x000004ec0000 : "rootfs" >> 0x000003180000-0x000004ec0000 : "rootfs_data" >> 0x000004ec0000-0x000007f00000 : "ota" >> 0x000007f00000-0x000007f80000 : "Configbak" >> >> This is how it looks when flashed to OpenWrt with this patch: >> >> 0x000000000000-0x000000080000 : "u-boot" >> 0x000000080000-0x0000000a0000 : "u-boot-env" >> 0x000000100000-0x000000140000 : "factory" >> 0x000000140000-0x000002800000 : "ubiconcat0" >> 0x000002800000-0x000002c00000 : "kernel" >> 0x000002c00000-0x000007f00000 : "ubiconcat1" >> 0x000007f00000-0x000007f80000 : "configbak" >> 0x000000000000-0x0000079c0000 : "ubi" > > > This sounds strange. The above looks like a pretty common dual > partition scheme, where one or more variables in the > "Config"/"u-boot-env" partition decides which system partition is > booted > by default. > > Could you please dump the contents of "Config"/"u-boot-env"? Are you > 100% sure there isn't anything there telling U-Boot which partition is > active? > > > Bjørn >
Hi, thank you for your reply. Here's the contents of the u-boot-env as a fw_printenv output: bootcmd=tftp baudrate=57600 ethaddr="00:AA:BB:CC:DD:10" BootType=3 uboot_ver=V1.1 PCB_SN=<snip> SN=<snip> dropbear_password=75912917 dropbear_mode=0 dropbear_key_type=0 bootargs=console=ttyS1,57600n8 root=/dev/mtdblock6 wifi_ate=on rootfs_data_ofs=0x3180000 rootfs_data_size=0x01d40000 rootfs_data_fail=0 IMEI=<snip> stdin=serial stdout=serial stderr=serial filesize=651338 fileaddr=84000000 ipaddr=10.10.10.123 serverip=10.10.10.3 autostart=no bootfile=test.bin bootdelay=3 It may look like a dual-partition scheme on the outside, but the other partition merely serves as backup to the main partition where the bootloader is hardcoded, it seems, to load. This is an ISP-branded device that is actively being updated to thwart consumer modifications. And just recently they went beyond regular system updates and released a bootloader update that effectively disables tftpboot. I guess they forgot that this is a CPE, where the C stands for consumer. I have tried setting load_firmware_addr=0xbc140000 but this did not change anything. The variable was taken from another device, a Cat.4 LTE R051 from the same vendor. I thought it could work, but it didn't. Here's the serial console log from the stock firmware, in case you could find something: https://pastebin.com/etEUiphL -ianp _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
