diff mbox series

[OpenWrt-Devel] ath79: ubnt-m-xw: Fix factory image flashing using TFTP recovery method

Message ID 1554204403-23685-3-git-send-email-ynezz@true.cz
State Not Applicable
Headers show
Series [OpenWrt-Devel] ath79: ubnt-m-xw: Fix factory image flashing using TFTP recovery method | expand

Commit Message

Petr Štetiar April 2, 2019, 11:26 a.m. UTC 
Ubiquity allows flashing of unsigned factory images via TFTP recovery
method[1]. They claim in airOS v6.0.7 release changelog[2] following:

 All future airOS versions will be signed in this way and not allow
 unsigned firmware to be loaded except via TFTP.

U-boot bootloader on M-XW devices expects factory image revision
version in specific format. On airOS v6.1.7 with `U-Boot 1.1.4-s1039
(May 24 2017 - 15:58:18)` bootloader checks if the revision major(?)
number is actually a number, but in currently generated images there's
OpenWrt text and so the check fails:

 Hit any key to stop autoboot:  0
 Setting default IP 192.168.1.20
 Starting TFTP server...
 Receiving file from 192.168.1.25:38438
 Received 4981148 bytes
 Firmware check failed! (1)

By placing arbitrary correct number first in major version, we make the
bootloader happy and we can flash factory images over TFTP again:

 Received 3735964 bytes
 Firmware Version: XW.ar934x.v6.0.4-42.r8474-56aa1ac-OpenWrt
 Setting U-Boot environment variables
 Un-Protected 1 sectors
 Erasing Flash.... done

Patch provided by AREDN[3] project, tested on Bullet M2 XW (ynezz) and
Nanostation M5 XW (ae6xe).

1. https://help.ubnt.com/hc/en-us/articles/204910124-UniFi-TFTP-Recovery-for-Bricked-Access-Points
2. https://dl.ubnt.com/firmwares/XW-fw/v6.0.7/changelog.txt
3. https://github.com/aredn

Signed-off-by: Petr Štetiar <ynezz@true.cz>
---
 target/linux/ath79/image/generic-ubnt.mk | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Comments

Petr Štetiar April 2, 2019, 11:31 a.m. UTC | #1 
Petr Štetiar <ynezz@true.cz> [2019-04-02 13:26:42]:

> Ubiquity allows flashing of unsigned factory images via TFTP recovery
> method[1]. They claim in airOS v6.0.7 release changelog[2] following:

Please don't bother with this patch, I've sent it accidentaly. Removed from
patchwork as well. Sorry for the noise.

-- ynezz
diff mbox series

Patch

diff --git a/target/linux/ath79/image/generic-ubnt.mk b/target/linux/ath79/image/generic-ubnt.mk
index 2d0b1ad..66c16e4 100644
--- a/target/linux/ath79/image/generic-ubnt.mk
+++ b/target/linux/ath79/image/generic-ubnt.mk
@@ -1,4 +1,9 @@ 
-DEVICE_VARS += UBNT_BOARD UBNT_CHIP UBNT_TYPE UBNT_VERSION
+DEVICE_VARS += UBNT_BOARD UBNT_CHIP UBNT_TYPE UBNT_VERSION UBNT_REVISION
+
+# On M (XW) devices the U-Boot as of version 1.1.4-s1039 doesn't like
+# VERSION_DIST being on the place of major(?) version number, so we need to
+# use some number.
+UBNT_REVISION := $(VERSION_DIST)-$(REVISION)
 
 # mkubntimage is using the kernel image direct
 # routerboard creates partitions out of the ubnt header
@@ -17,7 +22,7 @@  define Build/mkubntimage-split
 	dd if=$@ of=$@.old1 bs=1024k count=1; \
 	dd if=$@ of=$@.old2 bs=1024k skip=1; \
 	$(STAGING_DIR_HOST)/bin/mkfwimage \
-		-B $(UBNT_BOARD) -v $(UBNT_TYPE).$(UBNT_CHIP).v$(UBNT_VERSION)-$(VERSION_DIST)-$(REVISION) \
+		-B $(UBNT_BOARD) -v $(UBNT_TYPE).$(UBNT_CHIP).v$(UBNT_VERSION)-$(UBNT_REVISION) \
 		-k $@.old1 \
 		-r $@.old2 \
 		-o $@; \
@@ -69,6 +74,7 @@  define Device/ubnt-xw
   UBNT_CHIP := ar934x
   UBNT_BOARD := XM
   UBNT_VERSION := 6.0.4
+  UBNT_REVISION := 42.$(UBNT_REVISION)
   ATH_SOC := ar9342
 endef