Re: [PATCH v2] mvebu: add support for Fortinet FortiGate 50E
Hi Hauke, thank you for your review. On 2023/03/06 1:42, Hauke Mehrtens wrote: On 3/1/23 17:01, INAGAKI Hiroshi wrote: Fortinet FortiGate 50E (FG-50E) is a UTM, based on Armada 385 (88F6820). Notes: - All "SPEED" LEDs(Green/Amber) of LAN and 1000M "SPEED" LEDs(Green) of WAN1/2 are connected to GPIO expander. There is no way to indicate link speed of networking device, so those LEDs cannot be used like stock firmware. I think you can use the ledtrig-netdev to activate the LEDs on link up if they are connected to the nxp,pca9555 GPIO extender. I didn't think about it since "LINK/ACT" LEDs already indicate link up, but it certainly might be a good alternative for "SPEED" LEDs. - Both colors of Bi-color LEDs on the front panel cannot be turned on at the same time. - "PWR" and "Logo" LEDs are connected to power source directory. - The following partitions are added for OpenWrt. These partitions are contained in "uboot" partition (0x0-0x1f) on stock firmware. - "firmware-info" - "dtb" - "u-boot-env" - "board-info" . +define Device/fortinet_fg-50e + DEVICE_VENDOR := Fortinet + DEVICE_MODEL := FortiGate 50E + SOC := armada-385 + KERNEL := kernel-bin | append-dtb + KERNEL_INITRAMFS := kernel-bin | append-dtb | fortigate-header | \ + gzip-filename FGT50E + KERNEL_SIZE := 6144k + DEVICE_DTS := armada-385-fortinet-fg-50e + IMAGE/sysupgrade.bin := append-rootfs | pad-rootfs | \ + sysupgrade-tar rootfs=@ | append-metadata + DEVICE_PACKAGES := kmod-hwmon-nct7802 Why don't you add the driver for the GPIO extender kmod-gpio-pca953x here? CONFIG_GPIO_PCA953X (and irq option) is enabled in mvebu/config-5.15[1], so I didn't add that package. [1]: https://github.com/openwrt/openwrt/blob/a03076cc392b67c8342aac2017f8ac903c983e59/target/linux/mvebu/config-5.15#L191-L192 +endef +TARGET_DEVICES += fortinet_fg-50e + define Device/globalscale_mirabox $(Device/NAND-512K) DEVICE_VENDOR := Globalscale Regards, Hiroshi ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v2] mvebu: add support for Fortinet FortiGate 50E
On 3/1/23 17:01, INAGAKI Hiroshi wrote: Fortinet FortiGate 50E (FG-50E) is a UTM, based on Armada 385 (88F6820). Notes: - All "SPEED" LEDs(Green/Amber) of LAN and 1000M "SPEED" LEDs(Green) of WAN1/2 are connected to GPIO expander. There is no way to indicate link speed of networking device, so those LEDs cannot be used like stock firmware. I think you can use the ledtrig-netdev to activate the LEDs on link up if they are connected to the nxp,pca9555 GPIO extender. - Both colors of Bi-color LEDs on the front panel cannot be turned on at the same time. - "PWR" and "Logo" LEDs are connected to power source directory. - The following partitions are added for OpenWrt. These partitions are contained in "uboot" partition (0x0-0x1f) on stock firmware. - "firmware-info" - "dtb" - "u-boot-env" - "board-info" . +define Device/fortinet_fg-50e + DEVICE_VENDOR := Fortinet + DEVICE_MODEL := FortiGate 50E + SOC := armada-385 + KERNEL := kernel-bin | append-dtb + KERNEL_INITRAMFS := kernel-bin | append-dtb | fortigate-header | \ +gzip-filename FGT50E + KERNEL_SIZE := 6144k + DEVICE_DTS := armada-385-fortinet-fg-50e + IMAGE/sysupgrade.bin := append-rootfs | pad-rootfs | \ +sysupgrade-tar rootfs=@ | append-metadata + DEVICE_PACKAGES := kmod-hwmon-nct7802 Why don't you add the driver for the GPIO extender kmod-gpio-pca953x here? +endef +TARGET_DEVICES += fortinet_fg-50e + define Device/globalscale_mirabox $(Device/NAND-512K) DEVICE_VENDOR := Globalscale ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v2] mvebu: add support for Fortinet FortiGate 50E
Hi Mark, On 2023/03/02 4:47, Mark Thurston wrote: On Wed, 01 Mar 2023 16:01:50 + INAGAKI Hiroshi wrote --- > Fortinet FortiGate 50E (FG-50E) is a UTM, based on Armada 385 (88F6820). > > Specification: > > - SoC : Marvell Armada 385 88F6820 > - RAM : DDR3 2 GiB (4x Micron MT41K512M8DA-107, "D9SGQ") > - Flash: SPI-NOR 128 MiB (Macronix MX66L1G45GMI-10G) > - Ethernet : 7x 10/100/1000 Mbps > - LAN 1-5: Marvell 88E6176 > - WAN 1, 2 : Marvell 88E1512 (2x) > - LEDs/Keys: 18x/1x > - UART : "CONSOLE" port (RJ-45, RS-232C level) > - port : ttyS0 > - settings : 9600bps 8n1 > - assignment : 1:NC , 2:NC , 3:TXD, 4:GND, > 5:GND, 6:RXD, 7:NC , 8:NC > - note : compatible with Cisco console cable > - HW Monitoring: nuvoTon NCT7802Y > - Power: 12 VDC, 2 A > - plug : Molex 5557-02R I couldn't find the Fortinet FortiGate 50E in the table of hardware. Would you like to add it? If not, should I add it based on your description? (I don't have one of these to hand to confirm details). https://openwrt.org/supported_devices/adding_to_toh As for adding to ToH, I hadn't thought of anything yet. For me, it doesn't matter which one... I'll leave it up to you to decide :) BTW, adding entry to ToH should be done after the support is merged... Thanks, Hiroshi ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH v2] mvebu: add support for Fortinet FortiGate 50E
On Wed, 01 Mar 2023 16:01:50 + INAGAKI Hiroshi wrote --- > Fortinet FortiGate 50E (FG-50E) is a UTM, based on Armada 385 (88F6820). > > Specification: > > - SoC : Marvell Armada 385 88F6820 > - RAM : DDR3 2 GiB (4x Micron MT41K512M8DA-107, "D9SGQ") > - Flash: SPI-NOR 128 MiB (Macronix MX66L1G45GMI-10G) > - Ethernet : 7x 10/100/1000 Mbps > - LAN 1-5: Marvell 88E6176 > - WAN 1, 2 : Marvell 88E1512 (2x) > - LEDs/Keys: 18x/1x > - UART : "CONSOLE" port (RJ-45, RS-232C level) > - port : ttyS0 > - settings : 9600bps 8n1 > - assignment : 1:NC , 2:NC , 3:TXD, 4:GND, > 5:GND, 6:RXD, 7:NC , 8:NC > - note : compatible with Cisco console cable > - HW Monitoring: nuvoTon NCT7802Y > - Power: 12 VDC, 2 A > - plug : Molex 5557-02R I couldn't find the Fortinet FortiGate 50E in the table of hardware. Would you like to add it? If not, should I add it based on your description? (I don't have one of these to hand to confirm details). https://openwrt.org/supported_devices/adding_to_toh ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH v2] mvebu: add support for Fortinet FortiGate 50E
Fortinet FortiGate 50E (FG-50E) is a UTM, based on Armada 385 (88F6820).
Specification:
- SoC : Marvell Armada 385 88F6820
- RAM : DDR3 2 GiB (4x Micron MT41K512M8DA-107, "D9SGQ")
- Flash: SPI-NOR 128 MiB (Macronix MX66L1G45GMI-10G)
- Ethernet : 7x 10/100/1000 Mbps
- LAN 1-5: Marvell 88E6176
- WAN 1, 2 : Marvell 88E1512 (2x)
- LEDs/Keys: 18x/1x
- UART : "CONSOLE" port (RJ-45, RS-232C level)
- port : ttyS0
- settings : 9600bps 8n1
- assignment : 1:NC , 2:NC , 3:TXD, 4:GND,
5:GND, 6:RXD, 7:NC , 8:NC
- note : compatible with Cisco console cable
- HW Monitoring: nuvoTon NCT7802Y
- Power: 12 VDC, 2 A
- plug : Molex 5557-02R
Flash instruction using initramfs image:
1. Power on FG-50E and interrupt to show bootmenu
2. Call "[R]: Review TFTP parameters.", check TFTP parameters and
connect computer to "Image download port" in the parameters
3. Prepare TFTP server with the parameters obtained above
4. Rename OpenWrt initramfs image to "image.out" and put to TFTP
directory
5. Call "[T]: Initiate TFTP firmware transfer." to download initramfs
image from TFTP server
6. Type "r" key when the following message is showed, to boot initramfs
image without flashing to spi-nor flash
"Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?"
7. On initramfs image, backup mtd if needed
minimum:
- "firmware-info"
- "kernel"
- "rootfs"
7. On initramfs image, upload sysupgrade image to the device and perform
sysupgrade
8. Wait ~200 seconds to complete flashing and rebooting.
If the device is booted with stock firmware, login to bootmenu and
call "[B]: Boot with backup firmware and set as default." to set the
first OS image as default and boot it.
Notes:
- All "SPEED" LEDs(Green/Amber) of LAN and 1000M "SPEED" LEDs(Green) of
WAN1/2 are connected to GPIO expander. There is no way to indicate
link speed of networking device, so those LEDs cannot be used like
stock firmware.
- Both colors of Bi-color LEDs on the front panel cannot be turned on at
the same time.
- "PWR" and "Logo" LEDs are connected to power source directory.
- The following partitions are added for OpenWrt.
These partitions are contained in "uboot" partition (0x0-0x1f) on
stock firmware.
- "firmware-info"
- "dtb"
- "u-boot-env"
- "board-info"
Image header for bootmenu tftp:
0x0 - 0xf : ?
0x10 - 0x2f : Image Name
0x30 - 0x17f: ?
0x180 - 0x183: Kernel Offset*
0x184 - 0x187: Kernel Length*
0x188 - 0x18b: RootFS Offset (ext2)*
0x18c - 0x18f: RootFS Length (ext2)*
0x190 - 0x193: DTB Offset
0x194 - 0x197: DTB Length
0x198 - 0x19b: Data Offset (jffs2)
0x19c - 0x19f: Data Length (jffs2)
0x1a0 - 0x1ff: ?
*: required for initramfs image
MAC addresses:
(eth0): 70:4C:A5:xx:xx:7C (board-info, 0xd880 (hex))
WAN 1 : 70:4C:A5:xx:xx:7D
WAN 2 : 70:4C:A5:xx:xx:7E
LAN 1 : 70:4C:A5:xx:xx:7F
LAN 2 : 70:4C:A5:xx:xx:80
LAN 3 : 70:4C:A5:xx:xx:81
LAN 4 : 70:4C:A5:xx:xx:82
LAN 5 : 70:4C:A5:xx:xx:83
Signed-off-by: INAGAKI Hiroshi
---
v1 -> v2
- fix baudrate in the commit message
- add missing chip count of RAM in the commit message
.../base-files/etc/board.d/02_network | 3 +
.../base-files/lib/upgrade/fortinet.sh| 54 ++
.../base-files/lib/upgrade/platform.sh| 3 +
.../boot/dts/armada-385-fortinet-fg-50e.dts | 491 ++
target/linux/mvebu/image/cortexa9.mk | 28 +
5 files changed, 579 insertions(+)
create mode 100644
target/linux/mvebu/cortexa9/base-files/lib/upgrade/fortinet.sh
create mode 100644
target/linux/mvebu/files/arch/arm/boot/dts/armada-385-fortinet-fg-50e.dts
diff --git a/target/linux/mvebu/cortexa9/base-files/etc/board.d/02_network
b/target/linux/mvebu/cortexa9/base-files/etc/board.d/02_network
index d2229fe6bf..9db29d52df 100644
--- a/target/linux/mvebu/cortexa9/base-files/etc/board.d/02_network
+++ b/target/linux/mvebu/cortexa9/base-files/etc/board.d/02_network
@@ -18,6 +18,9 @@ mvebu_setup_interfaces()
cznic,turris-omnia)
ucidef_set_interfaces_lan_wan "lan0 lan1 lan2 lan3 lan4" "eth2"
;;
+ fortinet,fg-50e)
+ ucidef_set_interfaces_lan_wan "lan1 lan2 lan3 lan4 lan5" "eth1
eth2"
+ ;;
iptime,nas1dual)
ucidef_set_interface_lan "eth0 eth1" "dhcp"
;;
diff --git a/target/linux/mvebu/cortexa9/base-files/lib/upgrade/fortinet.sh
b/target/linux/mvebu/cortexa9/base-files/lib/upgrade/fortinet.sh
new file mode 100644
index 00..a2742aa374
--- /dev/null
+++ b/target/linux/mvebu/cortexa9/base-files/lib/upgrade/fortinet.sh
@@ -0,0 +1,54 @@
+. /lib/functions.sh
+
+fortinet_fwinfo_blocks() {
+ local fwinfo_mtd="$(find_mtd_part firmware-info)"
+ local offset="$1"
+ local len="$2"
+ local blks
+
+ if [ -z "$fwinfo_mtd" ]; then
+ echo "WARN: MTD device
