Some U-Boot checks for a specified uImage time and refuses to boot if
mismatched. This patch fixes it by recognizing UIMAGE_TIME parameter.
Signed-off-by: David Yang <mmyangfl@gmail.com>
Prevents subshell commands from failing to parse options
when having defined a whitespace in the VERSION_DIST.
As the called resulting images unlikely will handle
whitespace correctly, we replace them by "-".
Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
This reverts commit 91e3419a33.
Now that squashfs3-lzma generates reproducible output we can drop the
empty binary. Having a binary file in the tree is not nice and we actually
also use squashfs3-lzma for devices which expect the kernel to be loaded
from a squashfs3...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The filesystem is currently created on every build to trick the boot
loader of some FRITZ! devices into accepting the image. Sadly the
resulting squashfs-lzma filesystem is not reproducible. To fix this,
create a squashfs filesystem once and include it into the repository.
Creation happend as shown below
rm -rf empty_dir
mkdir empty_dir
./staging_dir/host/bin/mksquashfs-lzma \
empty_dir/ empty-squashfs-lzma \
-noappend -root-owned -be -nopad -b 65536 -fixed-time 0
Signed-off-by: Paul Spooren <mail@aparcar.org>
The name of squashfs is confusing since in reality it's a really old
version using an old lzma library. This tools is used for old ath79
netgear target and to produde a fake squasfs3 image needed for some
specific bootloader from some OEM (AVM for example)
Rename squashfs tool to squasfs3-lzma to better describe it.
Rename the installed bin from mksquashfs-lzma to mksquashfs3-lzma.
Use tar transform to migrate the root directory in tar to the new
naming.
Drop redundant PKG_CAT variable not needed anymore.
Also update any user of this tool.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Requires: tools/lz4, tools/lzop
complete the wiring so that these options work:
* `CONFIG_KERNEL_INITRAMFS_COMPRESSION_LZO`
* `CONFIG_KERNEL_INITRAMFS_COMPRESSION_LZ4`
Signed-off-by: Tony Butler <spudz76@gmail.com>
[remove blocking dependencies for separate ramdisk, fix lzop options]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Some vendors use basic gzip metadata (original filename and timestamp)
to verify valid images, along with the size of it's contents.
Also, add a new device profile variable FACTORY_IMG_NAME
which would be ideal to use with this new recipe.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Several devices provide U-Boot versions with only gzip compressed kernel
support (e.g. Realtek switches). This compression method produces larger
images than lzma. To save space on flash and avoid going the hard way with
lzma-loader we can make use of enhanced gzip tool based on libdeflate
compression library from https://github.com/ebiggers/libdeflate. It
keeps 100% deflate/gzip compatibility while improving compression ratio.
The image can be unpacked by the default inflate routines inside U-Boot.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
[Switched to v1.15 and made it work with cmake]
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Sander Vanheule <sander@svanheule.net>
Most/all other tools use the staging dir prefix, gzip should as well.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
Call 'mkdir -p $(STAGING_DIR_IMAGE)' before trying to store files in
this potentially non-existing folder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Support defining a per-device loadaddress for the DTB. This is required
for devices which to not align the DTB from the bootloader correctly.
Signed-off-by: David Bauer <mail@david-bauer.net>
To use from the following devices in ath79 target, move edimax-header to
image-commands.mk.
- ELECOM WRC-300GHBK2-I
- ELECOM WRC-1750GHBK2-I/C
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Fix syntax error on macos, for substr is undefined results according to
the POSIX standard.
From expr on macos:
According to the POSIX standard, the use of string arguments length,
substr, index, or match produces undefined results. In this version of
expr, these arguments are treated just as their respective string values.
By a simple test Makefile:
define ModelNameLimit16
$(shell expr substr "$(word 2, $(subst _, ,$(1)))" 1 16)
endef
define ModelNameLimit16_2
$(shell printf %.16s "$(word 2, $(subst _, ,$(1)))")
endef
hello:
echo $(call ModelNameLimit16, technicolor_tg582n-telecom-italia)
echo $(call ModelNameLimit16_2, technicolor_tg582n-telecom-italia)
The same output is produced.
echo tg582n-telecom-i
tg582n-telecom-i
echo tg582n-telecom-i
tg582n-telecom-i
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
[ wrap commit description to 80 columns and improve it ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Netgear encrypted image is used in various devices including WAX202,
WAX206, and EX6400v3. This image format also requires a dummy squashfs4
image which is added here as well.
References in WAX202 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar
* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c
Bootloader code that verifies the presence of a squashfs4 image, thus
a dummy image is added here.
* openwrt/tools/imgencoder/src/gj_enc.c
Contains code that generates the encrypted image. There is support for
adding an RSA signature, but it does not look like the signature is
verified by the stock firmware or bootloader.
* openwrt/tools/imgencoder/src/imagekey.h
Contains the encryption key and IV. It appears the same key/IV is used
for other Netgear devices including WAX206 and EX6400v3.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
Image metadata and signature is of no use for images which are included
inside other artifacts (like an SD-card image). Strip them off before
using images in artifacts or stashing them for the ImageBuilder as the
contained signature breaks reproducibility.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.
Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.
Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Zip uses DOS timestamp for mtime which is stored in local time and hence
depends on the timezone of the build system. Force zip to use UTC timezone
to make image builds more reproducible.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
If a image is bigger than the device can handle, an error message is
printed. This is usually silenced and silently ignored, making it harder
to debug. While it's possible to run the build in verbose mode (via
`make V=s`) and grep for *is too big*, it's more intuitive to print the
error message directly. For that use the newly unlocked `$(call
ERROR_MESSAGE,...)` definition which now also print in non-verbose mode.
Fixes: FS#50 (aka #7604)
Signed-off-by: Paul Spooren <mail@aparcar.org>
ipTIME AX2004M is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.
Specifications:
* SoC: MT7621A
* RAM: 256 MiB
* Flash: NAND 128 MiB
* Wi-Fi:
* MT7915D: 2.4/5 GHz (DBDC)
* Ethernet: 5x 1GbE
* Switch: SoC built-in
* USB: 1x 3.0
* UART: J4 (115200 baud)
* Pinout: [3V3] (TXD) (RXD) (GND)
MAC addresses:
| interface | MAC address | source | comment
|-----------|-------------------|----------------|---------
| LAN | 58:xx:xx:00:xx:9B | | [1]
| WAN | 58:xx:xx:00:xx:99 | |
| WLAN 2G | 58:xx:xx:00:xx:98 | factory 0x4 |
| WLAN 5G | 5A:xx:xx:40:xx:98 | |
| | 58:xx:xx:00:xx:98 | config ethaddr |
[1] Used in this patch as WLAN 5G MAC address with the local bit set
Load addresses:
* stock
* 0x80010000: FIT image
* 0x81001000: kernel image -> entry
* OpenWrt
* 0x80010000: FIT image
* 0x82000000: uncompressed kernel+relocate image
* 0x80001000: relocated kernel image -> entry
Notes:
* This device has a dual-boot partition scheme, but this firmware works
only on boot partition 1. The stock web interface will flash only on the
inactive boot partition, but the recovery web page will always flash on
boot partition 1.
Installation via recovery mode:
1. Press reset button, power up the device, wait >10s for CPU LED
to stop blinking.
2. Upload recovery image through the recovery web page at 192.168.0.1.
Revert to stock firmware:
1. Install stock image via recovery mode.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Commit f4a79148f8 ("ramips: add support for ipTIME AX2004M") seems to
leak KERNEL_LOADADDR 0x82000000 to other devices, causing the to no
longer boot. The leak is visible in u-boot:
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: MIPS OpenWrt Linux-5.10.92
Type: Kernel Image
Compression: lzma compressed
Data Start: 0x840000e4
Data Size: 10750165 Bytes = 10.3 MiB
Architecture: MIPS
OS: Linux
Load Address: 0x82000000
Entry Point: 0x82000000
Normally, it should look like this:
Using 'config-1' configuration
Trying 'kernel-1' kernel subimage
Description: MIPS OpenWrt Linux-5.10.92
Type: Kernel Image
Compression: lzma compressed
Data Start: 0xbfca00e4
Data Size: 2652547 Bytes = 2.5 MiB
Architecture: MIPS
OS: Linux
Load Address: 0x80001000
Entry Point: 0x80001000
Revert the commit to avoid more people soft-bricking their devices.
This reverts commit f4a79148f8.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
ipTIME NAS1 is a 1-bay NAS, based on Marvell Kirkwood SoC.
Specifications:
* SoC: 88F6281
* RAM: 256 MiB
* Flash: SPI NOR 16 MiB
* SATA: 1x 3Gb/s
* Ethernet: 1x 1GbE
* USB: 1x 2.0
* Fan: 2 speed level
* UART: JP1 (115200 8N1)
* Pinout: [3V3] (TXD) (RXD) (GND)
Notes:
* There are several variants of the model name: "NAS-I", "NASI", "NAS1".
Here "NAS1" is adopted for consistent naming scheme.
* The reset button is also a USB copy button in stock FW,
but in this patch the former is the only default behavior.
Installation via web interface:
1. Flash sysupgrade image through the stock web interface.
Revert to stock firmware:
1. Perform sysupgrade with stock image.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Added support to generate dynamic-sized VHDX images for Hyper-V.
Compile-tested on x86 and run-tested on Windows 10 21H2 (Hyper-V).
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Newer NAND devices from MikroTik like the hAP ac3
require the kernel to be packed into UBIFS and then
ubinized.
So, since the ubinize-image.sh script can now ubinize
kernel only as well lets add a command for it.
This now allows calling ubinize-kernel in the kernel
packaging at then end.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Rootfs is now optional in ubinize-image.sh and
requires --rootfs flag instead of just passing the
rootfs image as the argument before ubinize opts.
So, simply add --rootfs flag before the $(IMAGE_ROOTFS).
Signed-off-by: Robert Marko <robimarko@gmail.com>
ELECOM WRC-X3200GST3 uses the same header/footer as WRC-GS/GST devices
in ramips/mt7621 subtarget, so move "Build/elecom-wrc-gs-factory" to
image-commands.mk to use from mediatek/mt7622 subtarget.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
commit 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
broke support for Meraki MR32 and this patch makes the replacement
configurable allowing for specifying the @ or - or whatever character
that is desired to retain backwards compatibility with existing devices.
For example, this patch includes the fix for the Meraki MR32 in
target/linux/bcm53xx/image for meraki_mr32:
DEVICE_DTS_DELIMITER := @
DEVICE_DTS_CONFIG := config@1
Fixes: 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
Signed-off-by: Damien Mascord <tusker@tusker.org>
[Added tags, checkpatch.pl fixes, noted that this is for old stuff]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Before this commit, it was assumed that mkhash is in the PATH. While
this was fine for the normal build workflow, this led to some issues if
make TOPDIR="$(pwd)" -C "$pkgdir" compile
was called manually. In most of the cases, I just saw warnings like this:
make: Entering directory '/home/.../package/gluon-status-page'
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
bash: line 1: mkhash: command not found
[...]
While these were only warnings and the package still compiled sucessfully,
I also observed that some package even fail to build because of this.
After applying this commit, the variable $(MKHASH) is introduced. This
variable points to $(STAGING_DIR_HOST)/bin/mkhash, which is always the
correct path.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
When building for MikroTik devices the kernel2minor tool will sometimes
fail with:
Can't get lstat from kernel file!: No such file or directory.
This is because kernel2minor expects paths no longer than 250 chars.
To work around this the include/image-commands.mk has been modified
to copy the kernel to a temporary file (/tmp/tmp.XXXXXXXXXX) before
calling kernel2minor.
Signed-off-by: François Chavant <francois@chavant.info>
The 'append-image-stage' command doesn't work when setting the
EXTRA_IMAGE_NAME option of the ImageBuilder as in that case
DEVICE_IMG_PREFIX is modified and no longer matches the value it had in
buildroot. Choose a filename independent of DEVICE_IMG_PREFIX for
images staged using 'append-image-stage' to fix that.
Fixes: de4b29dab9 ("image: introduce 'append-image-stage' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Similar to 'append-image' this new command appends an existing binary.
'append-image-stage' also makes a copy of that binary and keeps it in
$(STAGING_DIR_IMAGE). When called from within the ImageBuilder, this
copy is used instead of expecting the binary to be present.
This is useful for artifacts which include the initramfs/recovery image
which is usually not included in the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In case CONFIG_TARGET_MULTI_PROFILE is set, IMG_PREFIX cannot be
expanded. Use DEVICE_IMG_PREFIX instead and make sure it's defined.
Fixes: 8f89b1ab0f ("image: add 'append-image' build command")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit 7ce1d9ce09 ("build: artifacts add dependency for built images")
now makes sure that sysupgrade and initramfs images are available at
the stage that artifacts are created.
Allow making use of that with a new build command 'append-image' to
be used in artifacts.
See the next commit for an example.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add new target feature 'dt-overlay' which makes DTC keep the symbol
names in the generated dtb.
Make sure additional DT overlay sources specified by the new device
variable DEVICE_DTS_OVERLAY get compiled together with the main DTS
(currently overlays got to be in the same folder). Let Build/fit pass
the generated DT overlay blobs to mkits.sh.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
U-boot will reject all nodes with @ since commit:
79af75f777
This will cause the OpenWrt images to fail booting,
to rectify use the config-1 as default.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
The previous approach of referencing artifacts in follow-up artifacts
can't work with parallel builds in the current way image.mk is built.
Refactor things so this is not needed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Write everything needed for eMMC install into the gaps between
partitions on SD card. In that way, installation to eMMC only needs
the SD card, no additional files need to be loaded via TFTP any more.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
That was a left-over from testing and should not have made it into the
tree. Remove it.
Fixes: 330bd380e8 ("image: allow building FIT and uImage with ramdisk")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of embedding the initrd cpio archive into the kernel, allow
for having an external ramdisk added to the FIT or uImage.
This is useful to overcome kernel size limitations present in many
stock bootloaders, as the ramdisk is then loaded seperately and doesn't
add to the kernel size. Hence we can have larger ramdisks to host ie.
installers with all binaries to flash included (or a web-based
firmware selector).
In terms of performance and total size the differences are neglectible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).
This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>