Skip to content

Instantly share code, notes, and snippets.

@furhouse

furhouse/mr3020 pepe2k uboot + lede + 16MiB flash

Created July 24, 2016 12:48
Show Gist options
  • Save furhouse/84ff8339809cd6b151764d6c82a58b61 to your computer and use it in GitHub Desktop.
Save furhouse/84ff8339809cd6b151764d6c82a58b61 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
mr3020 pepe2k uboot + lede + 16MiB flash
Requirements:
Winbond W25Q128FV (or other compatible chip, see pepe2k's uboot readme)
SPI Programmer (ie a Revelprog IS)
Serial Console (ie a CP2102)
HEX editor (ie Bless)
32bit vm to compile pepe2k's uboot
tftp server
Note: I already had pepe2k's uboot + LEDE r930 flashed on the original 4MiB flash chip. I assume I made a mistake with the data partition due to already having pepe2k's uboot installed. More is explained later on.
vagrant init ubuntu/trusty32 && vagrant up && vagrant ssh
vagrant@vagrant-ubuntu-trusty-32:~$ git clone https://github.com/pepe2k/u-boot_mod.git
vagrant@vagrant-ubuntu-trusty-32:~$ wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/OpenWrt-SDK-ar71xx-for-linux-i486-gcc-4.6-linaro_uClibc-0.9.33.2.tar.bz2
vagrant@vagrant-ubuntu-trusty-32:~$ tar xvf OpenWrt-SDK-ar71xx-for-linux-i486-gcc-4.6-linaro_uClibc-0.9.33.2.tar.bz2
vagrant@vagrant-ubuntu-trusty-32:~$ cd u-boot_mod/
vagrant@vagrant-ubuntu-trusty-32:~$ wget https://gist.githubusercontent.com/furhouse/68d6d50987df6d182af5f35d7268a348/raw/844badfb332c474409376d7ba2fae099041651d4/pepe2k_uboot_32bit.patch
vagrant@vagrant-ubuntu-trusty-32:~$ git apply pepe2k_uboot_32bit.patch
vagrant@vagrant-ubuntu-trusty-32:~$ make tplink_mr3020
dump the contents of the flash chip using the programmer & copy the dump to the vagrant box directory, rename it to flash_dump
vagrant@vagrant-ubuntu-trusty-32:~$ cd
vagrant@vagrant-ubuntu-trusty-32:~$ wget https://gist.githubusercontent.com/furhouse/7b83a66c6a504f4e522631422f410f4e/raw/0ba4673566aa64febc43a27b631afd419b6fca49/extract_build_mr3020_16m.sh
vagrant@vagrant-ubuntu-trusty-32:~$ chmod +x extract_build_mr3020_16m.sh
vagrant@vagrant-ubuntu-trusty-32:~$ ./extract_build_mr3020_16m.sh
Flash out/mr302016m.bin with a programmer*.
root@lede:/# cat /proc/mtd
dev: size erasesize name
mtd0: 00020000 00010000 "u-boot"
mtd1: 0014e2c0 00010000 "kernel"
mtd2: 00e81d40 00010000 "rootfs"
mtd3: 00ca0000 00010000 "rootfs_data"
mtd4: 00010000 00010000 "art"
mtd5: 00fd0000 00010000 "firmware"
[ 0.555233] 0x000000000000-0x000000020000 : "u-boot"
[ 0.562211] 0x000000020000-0x00000016e2c0 : "kernel"
[ 0.568005] 0x00000016e2c0-0x000000ff0000 : "rootfs"
[ 0.584028] 0x000000350000-0x000000ff0000 : "rootfs_data"
[ 0.591677] 0x000000ff0000-0x000001000000 : "art"
[ 0.597222] 0x000000020000-0x000000ff0000 : "firmware"
... but I made a mistake with the data partition, I was missing the macaddr, model & pin. If no macaddr is configured, Wifi will not work correctly.
0001FC00 - XX XX XX XX XX XX - 6 byte mac addr
0001FD00 - XX XX XX XX XX XX XX XX - 8 byte model
0001FE00 - XX XX XX XX XX XX XX XX - 8 byte pin
Use setmac in uboot to assign a macaddress.
Changing the model & pin was a bit more work:
dd if=/dev/mtd0 of=/tmp/uboot.bin
scp uboot.bin to your workstation
open uboot.bin w/ a hexeditor
modify 0001FD00 (model) & 0001FE00 (pin)
save modified file, put in tftp dir
backup uboot in RAM
cp.b 0x9F000000 0x80800000 0x20000
tftpboot 0x80800000 uboot.bin
erase 0x9F000000 +0x20000
cp.b 0x80800000 0x9F000000 0x20000
md 0x9F000000
Like I said, I assume the mistake was caused by already having pepe2k's uboot on the 4MiB chip, instead of the stock uboot with 2 64k partitions.
Next up is trying to figure out how to properly include the 64k data partition and unlock mtd0.
I also noticed I wasn't able to flash uboot through http after trying to modify just the uboot partition with a hexeditor, due to the filesize (128k instead of 64 iirc).
* In hindsight, I think 0001FC00, 0001FD00 & 0001FE00 of out/mr302016m.bin could be modified before actually flashing the chip.
@furhouse
Copy link
Author 

[    8.167294] jffs2_scan_eraseblock(): End of filesystem marker found at 0x10000
[    8.173135] jffs2_build_filesystem(): unlocking the mtd device... done.
[    8.179661] jffs2_build_filesystem(): erasing all blocks after the end marker... done.
[   56.370734] jffs2: notice: (353) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.

@furhouse
Copy link
Author

Unlocks uboot & mtd, & increases image size. Run make clean before rebuilding.

diff --git a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c
index ac1efa1..47ec9ab 100644
--- a/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c
+++ b/target/linux/ar71xx/files/drivers/mtd/tplinkpart.c
@@ -149,7 +149,6 @@ static int tplink_parse_partitions_offset(struct mtd_info *master,
    parts[0].name = "u-boot";
    parts[0].offset = 0;
    parts[0].size = offset;
-   parts[0].mask_flags = MTD_WRITEABLE;

    parts[1].name = "kernel";
    parts[1].offset = offset;
@@ -162,7 +161,6 @@ static int tplink_parse_partitions_offset(struct mtd_info *master,
    parts[3].name = "art";
    parts[3].offset = art_offset;
    parts[3].size = TPLINK_ART_LEN;
-   parts[3].mask_flags = MTD_WRITEABLE;

    parts[4].name = "firmware";
    parts[4].offset = offset;
diff --git a/target/linux/ar71xx/image/tp-link.mk b/target/linux/ar71xx/image/tp-link.mk
index f93eec6..1b0f3e4 100644
--- a/target/linux/ar71xx/image/tp-link.mk
+++ b/target/linux/ar71xx/image/tp-link.mk
@@ -264,7 +264,7 @@ endef
 TARGET_DEVICES += tl-mr10u-v1 tl-mr11u-v1 tl-mr11u-v2 tl-mr12u-v1 tl-mr13u-v1

 define Device/tl-mr3020-v1
-    $(Device/tplink-4mlzma)
+    $(Device/tplink-16mlzma)
     DEVICE_TITLE := TP-LINK TL-MR3020
     DEVICE_PACKAGES := kmod-usb-core kmod-usb2 kmod-ledtrig-usbdev
     BOARDNAME := TL-MR3020


root@lede:/# cd /tmp/
root@lede:/tmp# dd if=/dev/mtd0 of=uboot.bin
256+0 records in
256+0 records out
root@lede:/tmp# mtd -r write /tmp/uboot.bin u-boot
Unlocking u-boot ...

Writing from /tmp/uboot.bin to u-boot ...     
Rebooting ...

root@lede:/tmp# cd /tmp/
root@lede:/tmp# dd if=/dev/mtd4 of=art.bin
128+0 records in
128+0 records out
root@lede:/tmp# mtd -r write /tmp/art.bin art
Unlocking art ...

Writing from /tmp/art.bin to art ...     
Rebooting ...

@furhouse
Copy link
Author

furhouse commented Jul 24, 2016
edited
Loading

opkg install uboot-envtools

$ cat /etc/fw_env.config
# MTD device name       Device offset   Env. size       Flash sector size       Number of sectors
/dev/mtd0               0x1EC00         0x1000          0x10000

$ fw_printenv
bootargs=console=ttyS0,115200 root=31:02 rootfstype=squashfs init=/sbin/init mtdparts=ar7240-nor0:128k(u-boot),1024k(kernel),2816k(rootfs),64k(config),64k(ART)
bootcmd=bootm 0x9F020000
bootdelay=1
baudrate=115200
ipaddr=192.168.1.1
serverip=192.168.1.2
bootfile="firmware.bin"
loadaddr=0x80800000
ncport=6666
uboot_addr=0x9F000000
uboot_name=uboot.bin
uboot_size=0x1EC00
uboot_backup_size=0x20000
uboot_upg=if ping $serverip; then mw.b $loadaddr 0xFF $uboot_backup_size && cp.b $uboot_addr $loadaddr $uboot_backup_size && tftp $loadaddr $uboot_name && if itest.l $filesize <= $uboot_size; then erase $uboot_addr +$uboot_backup_size && cp.b $loadaddr $uboot_addr $uboot_backup_size && echo OK!; else echo ERROR! Wrong file size!; fi; else echo ERROR! Server not reachable!; fi
firmware_addr=0x9F020000
firmware_name=firmware.bin
firmware_upg=if ping $serverip; then tftp $loadaddr $firmware_name && erase $firmware_addr +$filesize && cp.b $loadaddr $firmware_addr $filesize && echo OK!; else echo ERROR! Server not reachable!; fi
ethact=eth0
stdin=serial
stdout=serial
stderr=serial

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment