This commit adds support for the Watchguard Firebox models
T10-W, T15 and T15-W.
CPU: Freescale P1010
RAM: 512MB (T10) / 1024MB (T15)
Flash: 1MB SPI-NOR, 512MB NAND (T10) / 1024MB NAND (T15)
WiFi: 802.11abgn 2T2R AR9582 based Mini-PCIe card (-W models only)
Ethernet: 3x GBE (via AR8033 PHY)
LEDs: 7x hard-wired (6x LAN, 1x Power)
4x GPIO single-colored (Attn/Status/Mode/Failover)
1x GPIO dual-colored (2.4/5G WiFi, -W models only)
Serial: RJ45, Cisco pinout, 115200/8N1
Other: Battery backed RTC
Atmel TPM 1.2 chip (unsupported)
Based on
35f6d79, which introduced Watchguard Firebox T10 support.
The T10 and T15 are identical hardware, with the exception of the T15
having twice the flash and RAM size.
The T10-W and T15-W models have their Mini-PCIe slot populated with an ath9
(AR9582) based WiFi card. The slot is either unpopulated or empty for
non-WiFi models. All required drivers are present by default on the mpc85xx
target, so T10/T10-W resp. T15/T15-W can use the same OpenWrt image.
This commit also introduces the zImage loader from
7d768a9 to boot the
kernel. This is required, since the U-Boot version used in these devices
appears to have a hard limit of 16MB for the kernel size it can handle. The
current kernel size is around 17MB, though, due to kernel page alignment
required for memory protection.
Installation (replaces previous instructions for T10):
1. If the U-Boot password is known, proceed with step 2.
If the U-Boot password is unknown, dump the NOR flash using a SPI
programmer and patch the unknown password to a known one. You can use
blocktrron's Python script:
https://github.com/blocktrron/t10-uboot-patcher/
This script will patch the password to '1234' (without quotes).
Alternatively, you can search for the hashed password in the NOR dump
yourself and overwrite it with a known one. The SHA1 hash is:
E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA
Write the patched NOR dump back to the device.
2. Connect the device via serial cable, power it on and interrupt
the boot process by pressing Ctrl+C. Enter the U-Boot password to access
the CLI.
3. (Optional) Populate the uboot-env partition by entering:
saveenv
This will allow you to use uboot-envtools from within OpenWrt later,
e.g. to increase the loadable kernel size.
The default loadable kernel size is 5MB, the compressed kernel size at
the time of this commit is 3.1MB.
4. Serve the initramfs OpenWrt image from a TFTP server at 10.0.1.13/24,
connected to eth0 (WAN) of the device. File name must be 'uImage'. Boot
with:
tftpboot; bootm;
Make sure to use the correct image for your device (T10 resp. T15)!
5. After booting, connect to OpenWrt on eth1 (LAN) via SSH. Verify
that the UBI partiton is mtd7, format it and install the sysupgrade
image.
$ cat /proc/mtd
$ ubiformat /dev/mtd7 -y
$ sysupgrade -n <path to sysupgrade.bin>
6. The device should now boot OpenWrt from NAND flash. Enjoy.
Back to stock:
Use the vendor recovery procedure.
Stock recovery might also be necessary in case you have accidentally used
the fw_setenv command from within OpenWrt without using saveenv in U-Boot
first.
In order to use the vendor firmware recovery procedure, the NAND partitions
mtd3 to mtd6 must remain intact. Make sure not to overwrite them, or keep
dumps of them for later recovery.
Signed-off-by: Shine <[email protected]>
Link: https://github.com/openwrt/openwrt/pull/16776
Signed-off-by: Hauke Mehrtens <[email protected]>
ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x20000" "0x20000"
;;
-watchguard,firebox-t10)
+watchguard,firebox-t10|\
+watchguard,firebox-t15)
ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x2000" "0x10000"
;;
aerohive,hiveap-330)
tplink,tl-wdr4900-v1)
ucidef_set_interfaces_lan_wan "lan1 lan2 lan3 lan4" "wan"
;;
-watchguard,firebox-t10)
+watchguard,firebox-t10|\
+watchguard,firebox-t15)
ucidef_set_interfaces_lan_wan "eth1 eth2" "eth0"
;;
*)
hpe,msm460|\
ocedo,panda|\
sophos,red-15w-rev1|\
- watchguard,firebox-t10)
+ watchguard,firebox-t10|\
+ watchguard,firebox-t15)
nand_do_upgrade "$1"
;;
*)
CONFIG_EDAC_MPC85XX=y
CONFIG_EDAC_SUPPORT=y
CONFIG_EXCLUSIVE_SYSTEM_RAM=y
-# CONFIG_FIREBOX_T10 is not set
+# CONFIG_FIREBOX_T1X is not set
CONFIG_FIXED_PHY=y
CONFIG_FORCE_NR_CPUS=y
CONFIG_FSL_EMB_PERFMON=y
--- /dev/null
+// SPDX-License-Identifier: GPL-2.0-or-later or MIT
+
+/include/ "fsl/p1010si-pre.dtsi"
+#include "firebox-t1x.dtsi"
+
+/ {
+ model = "Watchguard Firebox T15";
+ compatible = "watchguard,firebox-t15";
+
+ ifc: ifc@ffe1e000 {
+ reg = <0x0 0xffe1e000 0 0x2000>;
+
+ /* NOR, NAND Flashes and CPLD on board */
+ ranges = <0x0 0x0 0x0 0xee000000 0x02000000
+ 0x1 0x0 0x0 0xff800000 0x00010000
+ 0x3 0x0 0x0 0xffb00000 0x00000020>;
+
+ nand@100000000 {
+ compatible = "fsl,ifc-nand";
+ reg = <0x1 0x0 0x10000>;
+
+ partitions {
+ compatible = "fixed-partitions";
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+ /*
+ * Original partition layout:
+ * 0x000000000000-0x000000020000 : "NAND (RW) WG DTB Image"
+ * 0x000000020000-0x000000520000 : "NAND (RW) WG SYSA Kernel"
+ * 0x000000520000-0x00000f720000 : "NAND (RW) WG SYSA_CODE"
+ * 0x00000f720000-0x00000fc20000 : "NAND (RW) WG SYSB Kernel"
+ * 0x00000fc20000-0x000011420000 : "NAND (RW) WG SYSB_CODE"
+ * 0x000011420000-0x000011920000 : "NAND (RW) WG SYSA2 Kernel"
+ * 0x000011920000-0x000019220000 : "NAND (RW) WG SYSA_CODE2"
+ * 0x000019220000-0x000040000000 : "NAND (RW) WG SYSA_DATA"
+ */
+
+ partition@0 {
+ reg = <0x0 0x20000>;
+ label = "wg-dtb";
+ read-only;
+ };
+
+ partition@20000 {
+ reg = <0x20000 0x500000>;
+ label = "kernel";
+ };
+
+ partition@520000 {
+ reg = <0x520000 0xf200000>;
+ label = "wg-sysa-rootfs";
+ read-only;
+ };
+
+ partition@f720000 {
+ reg = <0xf720000 0x500000>;
+ label = "wg-sysb-kernel";
+ read-only;
+ };
+
+ partition@fc20000 {
+ reg = <0xfc20000 0x1800000>;
+ label = "wg-sysb-rootfs";
+ read-only;
+ };
+
+ partition@11420000 {
+ reg = <0x11420000 0x500000>;
+ label = "wg-sysa2-kernel";
+ read-only;
+ };
+
+ partition@11920000 {
+ reg = <0x11920000 0x7900000>;
+ label = "wg-sysa2-rootfs";
+ read-only;
+ };
+
+ partition@19220000 {
+ reg = <0x19220000 0x26de0000>;
+ label = "ubi";
+ };
+ };
+ };
+ };
+};
+
+/include/ "fsl/p1010si-post.dtsi"
gpios = <&gpio0 5 GPIO_ACTIVE_LOW>;
label = "green:failover";
};
+
+ led_wap_orange: wap_orange {
+ gpios = <&gpio0 12 GPIO_ACTIVE_LOW>;
+ function = LED_FUNCTION_WLAN_2GHZ;
+ color = <LED_COLOR_ID_ORANGE>;
+ label = "orange:wap";
+ };
+
+ led_wap_green: wap_green {
+ gpios = <&gpio0 13 GPIO_ACTIVE_LOW>;
+ function = LED_FUNCTION_WLAN_5GHZ;
+ color = <LED_COLOR_ID_GREEN>;
+ label = "green:wap";
+ linux,default-trigger = "phy0tpt";
+ };
};
buttons {
};
pci1: pcie@ffe0a000 {
- status = "disabled";
+ reg = <0 0xffe0a000 0 0x1000>;
+ ranges = <0x2000000 0x0 0x80000000 0 0x80000000 0x0 0x20000000
+ 0x1000000 0x0 0x00000000 0 0xffc00000 0x0 0x10000>;
+ pcie@0 {
+ ranges = <0x2000000 0x0 0x80000000
+ 0x2000000 0x0 0x80000000
+ 0x0 0x20000000
+
+ 0x1000000 0x0 0x0
+ 0x1000000 0x0 0x0
+ 0x0 0x100000>;
+
+ ath9k: wifi@0,0 {
+ compatible = "pci168c,0033";
+ reg = <0x0000 0 0 0 0>;
+ #gpio-cells = <2>;
+ gpio-controller;
+ nvmem-cells = <&macaddr_device_id_186c 0>;
+ nvmem-cell-names = "mac-address";
+ };
+ };
};
};
+++ /dev/null
-// SPDX-License-Identifier: GPL-2.0-or-later
-
-/*
- * Watchguard Firebox T10 Board Setup
- *
- *
- * Based on:
- * p1010rdb.c:
- * P1010 RDB Board Setup
- * Copyright 2011 Freescale Semiconductor Inc.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.
- */
-
-#include <linux/stddef.h>
-#include <linux/kernel.h>
-#include <linux/delay.h>
-#include <linux/interrupt.h>
-
-#include <asm/time.h>
-#include <asm/machdep.h>
-#include <asm/pci-bridge.h>
-#include <mm/mmu_decl.h>
-#include <asm/prom.h>
-#include <asm/udbg.h>
-#include <asm/mpic.h>
-
-#include <sysdev/fsl_soc.h>
-#include <sysdev/fsl_pci.h>
-
-#include "mpc85xx.h"
-
-static void __init firebox_t10_pic_init(void)
-{
- struct mpic *mpic;
-
- mpic = mpic_alloc(NULL, 0,
- MPIC_BIG_ENDIAN | MPIC_SINGLE_DEST_CPU,
- 0, 256, " OpenPIC ");
-
- BUG_ON(mpic == NULL);
- mpic_init(mpic);
-}
-
-/*
- * Setup the architecture
- */
-static void __init firebox_t10_setup_arch(void)
-{
- if (ppc_md.progress)
- ppc_md.progress("firebox_t10_setup_arch()", 0);
-
- fsl_pci_assign_primary();
-
- pr_info("Firebox T10 from Watchguard\n");
-}
-
-machine_arch_initcall(firebox_t10, mpc85xx_common_publish_devices);
-
-define_machine(firebox_t10) {
- .name = "P1010 RDB",
- .compatible = "watchguard,firebox-t10",
- .setup_arch = firebox_t10_setup_arch,
- .init_IRQ = firebox_t10_pic_init,
-#ifdef CONFIG_PCI
- .pcibios_fixup_bus = fsl_pcibios_fixup_bus,
- .pcibios_fixup_phb = fsl_pcibios_fixup_phb,
-#endif
- .get_irq = mpic_get_irq,
- .progress = udbg_progress,
-};
--- /dev/null
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+/*
+ * Watchguard Firebox T10 Board Setup
+ *
+ *
+ * Based on:
+ * p1010rdb.c:
+ * P1010 RDB Board Setup
+ * Copyright 2011 Freescale Semiconductor Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ */
+
+#include <linux/stddef.h>
+#include <linux/kernel.h>
+#include <linux/delay.h>
+#include <linux/interrupt.h>
+
+#include <asm/time.h>
+#include <asm/machdep.h>
+#include <asm/pci-bridge.h>
+#include <mm/mmu_decl.h>
+#include <asm/prom.h>
+#include <asm/udbg.h>
+#include <asm/mpic.h>
+
+#include <sysdev/fsl_soc.h>
+#include <sysdev/fsl_pci.h>
+
+#include "mpc85xx.h"
+
+static void __init firebox_t1x_pic_init(void)
+{
+ struct mpic *mpic;
+
+ mpic = mpic_alloc(NULL, 0,
+ MPIC_BIG_ENDIAN | MPIC_SINGLE_DEST_CPU,
+ 0, 256, " OpenPIC ");
+
+ BUG_ON(mpic == NULL);
+ mpic_init(mpic);
+}
+
+/*
+ * Setup the architecture
+ */
+static void __init firebox_t1x_setup_arch(void)
+{
+ if (ppc_md.progress)
+ ppc_md.progress("firebox_t1x_setup_arch()", 0);
+
+ fsl_pci_assign_primary();
+
+ pr_info("Firebox T10/T15 from Watchguard\n");
+}
+
+machine_arch_initcall(firebox_t10, mpc85xx_common_publish_devices);
+machine_arch_initcall(firebox_t15, mpc85xx_common_publish_devices);
+
+define_machine(firebox_t10) {
+ .name = "P1010 RDB",
+ .compatible = "watchguard,firebox-t10",
+ .setup_arch = firebox_t1x_setup_arch,
+ .init_IRQ = firebox_t1x_pic_init,
+#ifdef CONFIG_PCI
+ .pcibios_fixup_bus = fsl_pcibios_fixup_bus,
+ .pcibios_fixup_phb = fsl_pcibios_fixup_phb,
+#endif
+ .get_irq = mpic_get_irq,
+ .progress = udbg_progress,
+};
+
+define_machine(firebox_t15) {
+ .name = "P1010 RDB",
+ .compatible = "watchguard,firebox-t15",
+ .setup_arch = firebox_t1x_setup_arch,
+ .init_IRQ = firebox_t1x_pic_init,
+#ifdef CONFIG_PCI
+ .pcibios_fixup_bus = fsl_pcibios_fixup_bus,
+ .pcibios_fixup_phb = fsl_pcibios_fixup_phb,
+#endif
+ .get_irq = mpic_get_irq,
+ .progress = udbg_progress,
+};
define Device/watchguard_firebox-t10
DEVICE_VENDOR := Watchguard
DEVICE_MODEL := Firebox T10
+ DEVICE_ALT0_VENDOR := Watchguard
+ DEVICE_ALT0_MODEL := Firebox T10-W
DEVICE_PACKAGES := kmod-rtc-s35390a kmod-eeprom-at24
+ # This boot loader doesn't reliably boot an uncompressed image,
+ # therefore resort to gzipping the already compressed zImage
KERNEL = kernel-bin | gzip | fit gzip $(KDIR)/image-$$(DEVICE_DTS).dtb
+ KERNEL_NAME := zImage.la3000000
+ KERNEL_ENTRY := 0x3000000
+ KERNEL_LOADADDR := 0x3000000
IMAGES := sysupgrade.bin
IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata
endef
TARGET_DEVICES += watchguard_firebox-t10
+define Device/watchguard_firebox-t15
+ DEVICE_VENDOR := Watchguard
+ DEVICE_MODEL := Firebox T15
+ DEVICE_ALT0_VENDOR := Watchguard
+ DEVICE_ALT0_MODEL := Firebox T15-W
+ DEVICE_PACKAGES := kmod-rtc-s35390a kmod-eeprom-at24
+ # This boot loader doesn't reliably boot an uncompressed image,
+ # therefore resort to gzipping the already compressed zImage
+ KERNEL = kernel-bin | gzip | fit gzip $(KDIR)/image-$$(DEVICE_DTS).dtb
+ KERNEL_NAME := zImage.la3000000
+ KERNEL_ENTRY := 0x3000000
+ KERNEL_LOADADDR := 0x3000000
+ IMAGES := sysupgrade.bin
+ IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata
+endef
+TARGET_DEVICES += watchguard_firebox-t15
+
define Device/sophos_red-15w-rev1
DEVICE_VENDOR := Sophos
DEVICE_MODEL := RED 15w
CONFIG_CRYPTO_LZO=y
CONFIG_CRYPTO_ZSTD=y
CONFIG_DEFAULT_UIMAGE=y
-CONFIG_FIREBOX_T10=y
+CONFIG_FIREBOX_T1X=y
# CONFIG_FSL_CORENET_CF is not set
CONFIG_FSL_IFC=y
CONFIG_GPIO_74X164=y
BOARDNAME:=P1010
-KERNEL_IMAGES:=simpleImage.br200-wp simpleImage.tl-wdr4900-v1 simpleImage.ws-ap3715i
+KERNEL_IMAGES:=simpleImage.br200-wp simpleImage.tl-wdr4900-v1 simpleImage.ws-ap3715i zImage.la3000000
define Target/Description
Build firmware images for P1010 based boards.
+++ /dev/null
---- a/arch/powerpc/platforms/85xx/Kconfig
-+++ b/arch/powerpc/platforms/85xx/Kconfig
-@@ -83,6 +83,16 @@ config WS_AP3825I
- This board is a Concurrent Dual-Band wireless access point with a
- Freescale P1020 SoC.
-
-+config FIREBOX_T10
-+ bool "Watchguard Firebox T10"
-+ select DEFAULT_UIMAGE
-+ select ARCH_REQUIRE_GPIOLIB
-+ select GPIO_MPC8XXX
-+ help
-+ This option enables support for the Watchguard Firebox T10 board.
-+ This board is a VPN Gateway-Router with a
-+ Freescale P1010 SoC.
-+
- config MPC8540_ADS
- bool "Freescale MPC8540 ADS"
- select DEFAULT_UIMAGE
---- a/arch/powerpc/platforms/85xx/Makefile
-+++ b/arch/powerpc/platforms/85xx/Makefile
-@@ -27,6 +27,7 @@ obj-$(CONFIG_PPC_P2020) += p2020.o $(o
- obj-$(CONFIG_TWR_P102x) += twr_p102x.o
- obj-$(CONFIG_WS_AP3710I) += ws-ap3710i.o
- obj-$(CONFIG_WS_AP3825I) += ws-ap3825i.o
-+obj-$(CONFIG_FIREBOX_T10) += firebox_t10.o
- obj-$(CONFIG_CORENET_GENERIC) += corenet_generic.o
- obj-$(CONFIG_FB_FSL_DIU) += t1042rdb_diu.o
- obj-$(CONFIG_RED_15W_REV1) += red15w_rev1.o
--- /dev/null
+--- a/arch/powerpc/platforms/85xx/Kconfig
++++ b/arch/powerpc/platforms/85xx/Kconfig
+@@ -83,6 +83,16 @@ config WS_AP3825I
+ This board is a Concurrent Dual-Band wireless access point with a
+ Freescale P1020 SoC.
+
++config FIREBOX_T1X
++ bool "Watchguard Firebox T10/T15"
++ select DEFAULT_UIMAGE
++ select ARCH_REQUIRE_GPIOLIB
++ select GPIO_MPC8XXX
++ select PPC_ZIMAGE_LA3000000
++ help
++ This option enables support for the Watchguard Firebox T10/T15 board.
++ This board is a VPN Gateway-Router with a Freescale P1010 SoC.
++
+ config MPC8540_ADS
+ bool "Freescale MPC8540 ADS"
+ select DEFAULT_UIMAGE
+--- a/arch/powerpc/platforms/85xx/Makefile
++++ b/arch/powerpc/platforms/85xx/Makefile
+@@ -27,6 +27,7 @@ obj-$(CONFIG_PPC_P2020) += p2020.o $(o
+ obj-$(CONFIG_TWR_P102x) += twr_p102x.o
+ obj-$(CONFIG_WS_AP3710I) += ws-ap3710i.o
+ obj-$(CONFIG_WS_AP3825I) += ws-ap3825i.o
++obj-$(CONFIG_FIREBOX_T1X) += firebox_t1x.o
+ obj-$(CONFIG_CORENET_GENERIC) += corenet_generic.o
+ obj-$(CONFIG_FB_FSL_DIU) += t1042rdb_diu.o
+ obj-$(CONFIG_RED_15W_REV1) += red15w_rev1.o
obj-$(CONFIG_WS_AP3710I) += ws-ap3710i.o
+obj-$(CONFIG_WS_AP3715I) += ws-ap3715i.o
obj-$(CONFIG_WS_AP3825I) += ws-ap3825i.o
- obj-$(CONFIG_FIREBOX_T10) += firebox_t10.o
+ obj-$(CONFIG_FIREBOX_T1X) += firebox_t1x.o
obj-$(CONFIG_CORENET_GENERIC) += corenet_generic.o
--- a/arch/powerpc/boot/Makefile
+++ b/arch/powerpc/boot/Makefile
--- a/arch/powerpc/platforms/85xx/Kconfig
+++ b/arch/powerpc/platforms/85xx/Kconfig
-@@ -114,6 +114,18 @@ config FIREBOX_T10
- This board is a VPN Gateway-Router with a
- Freescale P1010 SoC.
+@@ -114,6 +114,18 @@ config FIREBOX_T1X
+ This option enables support for the Watchguard Firebox T10/T15 board.
+ This board is a VPN Gateway-Router with a Freescale P1010 SoC.
+config MSM460
+ bool "HPE MSM460"
projects / openwrt / openwrt.git / commitdiff