From be7aa5bda40ee05b1dd0b4f4a1bf88e653ef875a Mon Sep 17 00:00:00 2001 From: Shine <4c.fce2@proton.me> Date: Thu, 24 Oct 2024 14:19:43 +0200 Subject: [PATCH] mpc85xx: add support for Watchguard Firebox T10-W, T15(-W) This commit adds support for the Watchguard Firebox models T10-W, T15 and T15-W. CPU: Freescale P1010 RAM: 512MB (T10) / 1024MB (T15) Flash: 1MB SPI-NOR, 512MB NAND (T10) / 1024MB NAND (T15) WiFi: 802.11abgn 2T2R AR9582 based Mini-PCIe card (-W models only) Ethernet: 3x GBE (via AR8033 PHY) LEDs: 7x hard-wired (6x LAN, 1x Power) 4x GPIO single-colored (Attn/Status/Mode/Failover) 1x GPIO dual-colored (2.4/5G WiFi, -W models only) Serial: RJ45, Cisco pinout, 115200/8N1 Other: Battery backed RTC Atmel TPM 1.2 chip (unsupported) Based on 35f6d79, which introduced Watchguard Firebox T10 support. The T10 and T15 are identical hardware, with the exception of the T15 having twice the flash and RAM size. The T10-W and T15-W models have their Mini-PCIe slot populated with an ath9 (AR9582) based WiFi card. The slot is either unpopulated or empty for non-WiFi models. All required drivers are present by default on the mpc85xx target, so T10/T10-W resp. T15/T15-W can use the same OpenWrt image. This commit also introduces the zImage loader from 7d768a9 to boot the kernel. This is required, since the U-Boot version used in these devices appears to have a hard limit of 16MB for the kernel size it can handle. The current kernel size is around 17MB, though, due to kernel page alignment required for memory protection. Installation (replaces previous instructions for T10): 1. If the U-Boot password is known, proceed with step 2. If the U-Boot password is unknown, dump the NOR flash using a SPI programmer and patch the unknown password to a known one. You can use blocktrron's Python script: https://github.com/blocktrron/t10-uboot-patcher/ This script will patch the password to '1234' (without quotes). Alternatively, you can search for the hashed password in the NOR dump yourself and overwrite it with a known one. The SHA1 hash is: E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA Write the patched NOR dump back to the device. 2. Connect the device via serial cable, power it on and interrupt the boot process by pressing Ctrl+C. Enter the U-Boot password to access the CLI. 3. (Optional) Populate the uboot-env partition by entering: saveenv This will allow you to use uboot-envtools from within OpenWrt later, e.g. to increase the loadable kernel size. The default loadable kernel size is 5MB, the compressed kernel size at the time of this commit is 3.1MB. 4. Serve the initramfs OpenWrt image from a TFTP server at 10.0.1.13/24, connected to eth0 (WAN) of the device. File name must be 'uImage'. Boot with: tftpboot; bootm; Make sure to use the correct image for your device (T10 resp. T15)! 5. After booting, connect to OpenWrt on eth1 (LAN) via SSH. Verify that the UBI partiton is mtd7, format it and install the sysupgrade image. $ cat /proc/mtd $ ubiformat /dev/mtd7 -y $ sysupgrade -n 6. The device should now boot OpenWrt from NAND flash. Enjoy. Back to stock: Use the vendor recovery procedure. Stock recovery might also be necessary in case you have accidentally used the fw_setenv command from within OpenWrt without using saveenv in U-Boot first. In order to use the vendor firmware recovery procedure, the NAND partitions mtd3 to mtd6 must remain intact. Make sure not to overwrite them, or keep dumps of them for later recovery. Signed-off-by: Shine <4c.fce2@proton.me> Link: https://github.com/openwrt/openwrt/pull/16776 Signed-off-by: Hauke Mehrtens --- .../uboot-tools/uboot-envtools/files/mpc85xx | 3 +- .../mpc85xx/base-files/etc/board.d/02_network | 3 +- .../base-files/lib/upgrade/platform.sh | 3 +- target/linux/mpc85xx/config-6.12 | 2 +- .../arch/powerpc/boot/dts/firebox-t15.dts | 89 +++++++++++++++++++ .../arch/powerpc/boot/dts/firebox-t1x.dtsi | 37 +++++++- .../85xx/{firebox_t10.c => firebox_t1x.c} | 28 ++++-- target/linux/mpc85xx/image/p1010.mk | 24 +++++ target/linux/mpc85xx/p1010/config-default | 2 +- target/linux/mpc85xx/p1010/target.mk | 2 +- ...owerpc-85xx-firebox-t10-t15-support.patch} | 12 +-- ...-powerpc-85xx-add-ws-ap3715i-support.patch | 2 +- .../111-powerpc-85xx-hpe-msm-support.patch | 6 +- 13 files changed, 189 insertions(+), 24 deletions(-) create mode 100644 target/linux/mpc85xx/files/arch/powerpc/boot/dts/firebox-t15.dts rename target/linux/mpc85xx/files/arch/powerpc/platforms/85xx/{firebox_t10.c => firebox_t1x.c} (66%) rename target/linux/mpc85xx/patches-6.12/{108-powerpc-85xx-firebox-t10-support.patch.patch => 108-powerpc-85xx-firebox-t10-t15-support.patch} (74%) diff --git a/package/boot/uboot-tools/uboot-envtools/files/mpc85xx b/package/boot/uboot-tools/uboot-envtools/files/mpc85xx index a74466ab3a..70d12bb7ea 100644 --- a/package/boot/uboot-tools/uboot-envtools/files/mpc85xx +++ b/package/boot/uboot-tools/uboot-envtools/files/mpc85xx @@ -20,7 +20,8 @@ ocedo,panda) ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000" ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x20000" "0x20000" ;; -watchguard,firebox-t10) +watchguard,firebox-t10|\ +watchguard,firebox-t15) ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x2000" "0x10000" ;; aerohive,hiveap-330) diff --git a/target/linux/mpc85xx/base-files/etc/board.d/02_network b/target/linux/mpc85xx/base-files/etc/board.d/02_network index 6225f189a5..d1ebe806f1 100644 --- a/target/linux/mpc85xx/base-files/etc/board.d/02_network +++ b/target/linux/mpc85xx/base-files/etc/board.d/02_network @@ -29,7 +29,8 @@ ocedo,panda) tplink,tl-wdr4900-v1) ucidef_set_interfaces_lan_wan "lan1 lan2 lan3 lan4" "wan" ;; -watchguard,firebox-t10) +watchguard,firebox-t10|\ +watchguard,firebox-t15) ucidef_set_interfaces_lan_wan "eth1 eth2" "eth0" ;; *) diff --git a/target/linux/mpc85xx/base-files/lib/upgrade/platform.sh b/target/linux/mpc85xx/base-files/lib/upgrade/platform.sh index 5d111676ae..f0875388af 100755 --- a/target/linux/mpc85xx/base-files/lib/upgrade/platform.sh +++ b/target/linux/mpc85xx/base-files/lib/upgrade/platform.sh @@ -16,7 +16,8 @@ platform_do_upgrade() { hpe,msm460|\ ocedo,panda|\ sophos,red-15w-rev1|\ - watchguard,firebox-t10) + watchguard,firebox-t10|\ + watchguard,firebox-t15) nand_do_upgrade "$1" ;; *) diff --git a/target/linux/mpc85xx/config-6.12 b/target/linux/mpc85xx/config-6.12 index e336a19914..d2a720ebcf 100644 --- a/target/linux/mpc85xx/config-6.12 +++ b/target/linux/mpc85xx/config-6.12 @@ -71,7 +71,7 @@ CONFIG_EDAC_LEGACY_SYSFS=y CONFIG_EDAC_MPC85XX=y CONFIG_EDAC_SUPPORT=y CONFIG_EXCLUSIVE_SYSTEM_RAM=y -# CONFIG_FIREBOX_T10 is not set +# CONFIG_FIREBOX_T1X is not set CONFIG_FIXED_PHY=y CONFIG_FORCE_NR_CPUS=y CONFIG_FSL_EMB_PERFMON=y diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/firebox-t15.dts b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/firebox-t15.dts new file mode 100644 index 0000000000..6a726aee8b --- /dev/null +++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/firebox-t15.dts @@ -0,0 +1,89 @@ +// SPDX-License-Identifier: GPL-2.0-or-later or MIT + +/include/ "fsl/p1010si-pre.dtsi" +#include "firebox-t1x.dtsi" + +/ { + model = "Watchguard Firebox T15"; + compatible = "watchguard,firebox-t15"; + + ifc: ifc@ffe1e000 { + reg = <0x0 0xffe1e000 0 0x2000>; + + /* NOR, NAND Flashes and CPLD on board */ + ranges = <0x0 0x0 0x0 0xee000000 0x02000000 + 0x1 0x0 0x0 0xff800000 0x00010000 + 0x3 0x0 0x0 0xffb00000 0x00000020>; + + nand@100000000 { + compatible = "fsl,ifc-nand"; + reg = <0x1 0x0 0x10000>; + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + /* + * Original partition layout: + * 0x000000000000-0x000000020000 : "NAND (RW) WG DTB Image" + * 0x000000020000-0x000000520000 : "NAND (RW) WG SYSA Kernel" + * 0x000000520000-0x00000f720000 : "NAND (RW) WG SYSA_CODE" + * 0x00000f720000-0x00000fc20000 : "NAND (RW) WG SYSB Kernel" + * 0x00000fc20000-0x000011420000 : "NAND (RW) WG SYSB_CODE" + * 0x000011420000-0x000011920000 : "NAND (RW) WG SYSA2 Kernel" + * 0x000011920000-0x000019220000 : "NAND (RW) WG SYSA_CODE2" + * 0x000019220000-0x000040000000 : "NAND (RW) WG SYSA_DATA" + */ + + partition@0 { + reg = <0x0 0x20000>; + label = "wg-dtb"; + read-only; + }; + + partition@20000 { + reg = <0x20000 0x500000>; + label = "kernel"; + }; + + partition@520000 { + reg = <0x520000 0xf200000>; + label = "wg-sysa-rootfs"; + read-only; + }; + + partition@f720000 { + reg = <0xf720000 0x500000>; + label = "wg-sysb-kernel"; + read-only; + }; + + partition@fc20000 { + reg = <0xfc20000 0x1800000>; + label = "wg-sysb-rootfs"; + read-only; + }; + + partition@11420000 { + reg = <0x11420000 0x500000>; + label = "wg-sysa2-kernel"; + read-only; + }; + + partition@11920000 { + reg = <0x11920000 0x7900000>; + label = "wg-sysa2-rootfs"; + read-only; + }; + + partition@19220000 { + reg = <0x19220000 0x26de0000>; + label = "ubi"; + }; + }; + }; + }; +}; + +/include/ "fsl/p1010si-post.dtsi" diff --git a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/firebox-t1x.dtsi b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/firebox-t1x.dtsi index 09824b46cb..5b494745e1 100644 --- a/target/linux/mpc85xx/files/arch/powerpc/boot/dts/firebox-t1x.dtsi +++ b/target/linux/mpc85xx/files/arch/powerpc/boot/dts/firebox-t1x.dtsi @@ -48,6 +48,21 @@ gpios = <&gpio0 5 GPIO_ACTIVE_LOW>; label = "green:failover"; }; + + led_wap_orange: wap_orange { + gpios = <&gpio0 12 GPIO_ACTIVE_LOW>; + function = LED_FUNCTION_WLAN_2GHZ; + color = ; + label = "orange:wap"; + }; + + led_wap_green: wap_green { + gpios = <&gpio0 13 GPIO_ACTIVE_LOW>; + function = LED_FUNCTION_WLAN_5GHZ; + color = ; + label = "green:wap"; + linux,default-trigger = "phy0tpt"; + }; }; buttons { @@ -221,6 +236,26 @@ }; pci1: pcie@ffe0a000 { - status = "disabled"; + reg = <0 0xffe0a000 0 0x1000>; + ranges = <0x2000000 0x0 0x80000000 0 0x80000000 0x0 0x20000000 + 0x1000000 0x0 0x00000000 0 0xffc00000 0x0 0x10000>; + pcie@0 { + ranges = <0x2000000 0x0 0x80000000 + 0x2000000 0x0 0x80000000 + 0x0 0x20000000 + + 0x1000000 0x0 0x0 + 0x1000000 0x0 0x0 + 0x0 0x100000>; + + ath9k: wifi@0,0 { + compatible = "pci168c,0033"; + reg = <0x0000 0 0 0 0>; + #gpio-cells = <2>; + gpio-controller; + nvmem-cells = <&macaddr_device_id_186c 0>; + nvmem-cell-names = "mac-address"; + }; + }; }; }; diff --git a/target/linux/mpc85xx/files/arch/powerpc/platforms/85xx/firebox_t10.c b/target/linux/mpc85xx/files/arch/powerpc/platforms/85xx/firebox_t1x.c similarity index 66% rename from target/linux/mpc85xx/files/arch/powerpc/platforms/85xx/firebox_t10.c rename to target/linux/mpc85xx/files/arch/powerpc/platforms/85xx/firebox_t1x.c index f8f90b22bf..edbdb8ba1e 100644 --- a/target/linux/mpc85xx/files/arch/powerpc/platforms/85xx/firebox_t10.c +++ b/target/linux/mpc85xx/files/arch/powerpc/platforms/85xx/firebox_t1x.c @@ -34,7 +34,7 @@ #include "mpc85xx.h" -static void __init firebox_t10_pic_init(void) +static void __init firebox_t1x_pic_init(void) { struct mpic *mpic; @@ -49,26 +49,40 @@ static void __init firebox_t10_pic_init(void) /* * Setup the architecture */ -static void __init firebox_t10_setup_arch(void) +static void __init firebox_t1x_setup_arch(void) { if (ppc_md.progress) - ppc_md.progress("firebox_t10_setup_arch()", 0); + ppc_md.progress("firebox_t1x_setup_arch()", 0); fsl_pci_assign_primary(); - pr_info("Firebox T10 from Watchguard\n"); + pr_info("Firebox T10/T15 from Watchguard\n"); } machine_arch_initcall(firebox_t10, mpc85xx_common_publish_devices); +machine_arch_initcall(firebox_t15, mpc85xx_common_publish_devices); define_machine(firebox_t10) { .name = "P1010 RDB", .compatible = "watchguard,firebox-t10", - .setup_arch = firebox_t10_setup_arch, - .init_IRQ = firebox_t10_pic_init, + .setup_arch = firebox_t1x_setup_arch, + .init_IRQ = firebox_t1x_pic_init, #ifdef CONFIG_PCI .pcibios_fixup_bus = fsl_pcibios_fixup_bus, - .pcibios_fixup_phb = fsl_pcibios_fixup_phb, + .pcibios_fixup_phb = fsl_pcibios_fixup_phb, +#endif + .get_irq = mpic_get_irq, + .progress = udbg_progress, +}; + +define_machine(firebox_t15) { + .name = "P1010 RDB", + .compatible = "watchguard,firebox-t15", + .setup_arch = firebox_t1x_setup_arch, + .init_IRQ = firebox_t1x_pic_init, +#ifdef CONFIG_PCI + .pcibios_fixup_bus = fsl_pcibios_fixup_bus, + .pcibios_fixup_phb = fsl_pcibios_fixup_phb, #endif .get_irq = mpic_get_irq, .progress = udbg_progress, diff --git a/target/linux/mpc85xx/image/p1010.mk b/target/linux/mpc85xx/image/p1010.mk index 1f898c483f..b9d865f7e8 100644 --- a/target/linux/mpc85xx/image/p1010.mk +++ b/target/linux/mpc85xx/image/p1010.mk @@ -77,13 +77,37 @@ TARGET_DEVICES += tplink_tl-wdr4900-v1 define Device/watchguard_firebox-t10 DEVICE_VENDOR := Watchguard DEVICE_MODEL := Firebox T10 + DEVICE_ALT0_VENDOR := Watchguard + DEVICE_ALT0_MODEL := Firebox T10-W DEVICE_PACKAGES := kmod-rtc-s35390a kmod-eeprom-at24 + # This boot loader doesn't reliably boot an uncompressed image, + # therefore resort to gzipping the already compressed zImage KERNEL = kernel-bin | gzip | fit gzip $(KDIR)/image-$$(DEVICE_DTS).dtb + KERNEL_NAME := zImage.la3000000 + KERNEL_ENTRY := 0x3000000 + KERNEL_LOADADDR := 0x3000000 IMAGES := sysupgrade.bin IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata endef TARGET_DEVICES += watchguard_firebox-t10 +define Device/watchguard_firebox-t15 + DEVICE_VENDOR := Watchguard + DEVICE_MODEL := Firebox T15 + DEVICE_ALT0_VENDOR := Watchguard + DEVICE_ALT0_MODEL := Firebox T15-W + DEVICE_PACKAGES := kmod-rtc-s35390a kmod-eeprom-at24 + # This boot loader doesn't reliably boot an uncompressed image, + # therefore resort to gzipping the already compressed zImage + KERNEL = kernel-bin | gzip | fit gzip $(KDIR)/image-$$(DEVICE_DTS).dtb + KERNEL_NAME := zImage.la3000000 + KERNEL_ENTRY := 0x3000000 + KERNEL_LOADADDR := 0x3000000 + IMAGES := sysupgrade.bin + IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata +endef +TARGET_DEVICES += watchguard_firebox-t15 + define Device/sophos_red-15w-rev1 DEVICE_VENDOR := Sophos DEVICE_MODEL := RED 15w diff --git a/target/linux/mpc85xx/p1010/config-default b/target/linux/mpc85xx/p1010/config-default index 2d5d1c9ea9..a300486087 100644 --- a/target/linux/mpc85xx/p1010/config-default +++ b/target/linux/mpc85xx/p1010/config-default @@ -6,7 +6,7 @@ CONFIG_CRYPTO_HASH_INFO=y CONFIG_CRYPTO_LZO=y CONFIG_CRYPTO_ZSTD=y CONFIG_DEFAULT_UIMAGE=y -CONFIG_FIREBOX_T10=y +CONFIG_FIREBOX_T1X=y # CONFIG_FSL_CORENET_CF is not set CONFIG_FSL_IFC=y CONFIG_GPIO_74X164=y diff --git a/target/linux/mpc85xx/p1010/target.mk b/target/linux/mpc85xx/p1010/target.mk index 6b54390863..b6236196f3 100644 --- a/target/linux/mpc85xx/p1010/target.mk +++ b/target/linux/mpc85xx/p1010/target.mk @@ -1,5 +1,5 @@ BOARDNAME:=P1010 -KERNEL_IMAGES:=simpleImage.br200-wp simpleImage.tl-wdr4900-v1 simpleImage.ws-ap3715i +KERNEL_IMAGES:=simpleImage.br200-wp simpleImage.tl-wdr4900-v1 simpleImage.ws-ap3715i zImage.la3000000 define Target/Description Build firmware images for P1010 based boards. diff --git a/target/linux/mpc85xx/patches-6.12/108-powerpc-85xx-firebox-t10-support.patch.patch b/target/linux/mpc85xx/patches-6.12/108-powerpc-85xx-firebox-t10-t15-support.patch similarity index 74% rename from target/linux/mpc85xx/patches-6.12/108-powerpc-85xx-firebox-t10-support.patch.patch rename to target/linux/mpc85xx/patches-6.12/108-powerpc-85xx-firebox-t10-t15-support.patch index 2c722e4d9b..402a613834 100644 --- a/target/linux/mpc85xx/patches-6.12/108-powerpc-85xx-firebox-t10-support.patch.patch +++ b/target/linux/mpc85xx/patches-6.12/108-powerpc-85xx-firebox-t10-t15-support.patch @@ -4,15 +4,15 @@ This board is a Concurrent Dual-Band wireless access point with a Freescale P1020 SoC. -+config FIREBOX_T10 -+ bool "Watchguard Firebox T10" ++config FIREBOX_T1X ++ bool "Watchguard Firebox T10/T15" + select DEFAULT_UIMAGE + select ARCH_REQUIRE_GPIOLIB + select GPIO_MPC8XXX ++ select PPC_ZIMAGE_LA3000000 + help -+ This option enables support for the Watchguard Firebox T10 board. -+ This board is a VPN Gateway-Router with a -+ Freescale P1010 SoC. ++ This option enables support for the Watchguard Firebox T10/T15 board. ++ This board is a VPN Gateway-Router with a Freescale P1010 SoC. + config MPC8540_ADS bool "Freescale MPC8540 ADS" @@ -23,7 +23,7 @@ obj-$(CONFIG_TWR_P102x) += twr_p102x.o obj-$(CONFIG_WS_AP3710I) += ws-ap3710i.o obj-$(CONFIG_WS_AP3825I) += ws-ap3825i.o -+obj-$(CONFIG_FIREBOX_T10) += firebox_t10.o ++obj-$(CONFIG_FIREBOX_T1X) += firebox_t1x.o obj-$(CONFIG_CORENET_GENERIC) += corenet_generic.o obj-$(CONFIG_FB_FSL_DIU) += t1042rdb_diu.o obj-$(CONFIG_RED_15W_REV1) += red15w_rev1.o diff --git a/target/linux/mpc85xx/patches-6.12/109-powerpc-85xx-add-ws-ap3715i-support.patch b/target/linux/mpc85xx/patches-6.12/109-powerpc-85xx-add-ws-ap3715i-support.patch index 37e3e5587a..761c4d9509 100644 --- a/target/linux/mpc85xx/patches-6.12/109-powerpc-85xx-add-ws-ap3715i-support.patch +++ b/target/linux/mpc85xx/patches-6.12/109-powerpc-85xx-add-ws-ap3715i-support.patch @@ -26,7 +26,7 @@ obj-$(CONFIG_WS_AP3710I) += ws-ap3710i.o +obj-$(CONFIG_WS_AP3715I) += ws-ap3715i.o obj-$(CONFIG_WS_AP3825I) += ws-ap3825i.o - obj-$(CONFIG_FIREBOX_T10) += firebox_t10.o + obj-$(CONFIG_FIREBOX_T1X) += firebox_t1x.o obj-$(CONFIG_CORENET_GENERIC) += corenet_generic.o --- a/arch/powerpc/boot/Makefile +++ b/arch/powerpc/boot/Makefile diff --git a/target/linux/mpc85xx/patches-6.12/111-powerpc-85xx-hpe-msm-support.patch b/target/linux/mpc85xx/patches-6.12/111-powerpc-85xx-hpe-msm-support.patch index 1d1fb4f54f..f9761d4447 100644 --- a/target/linux/mpc85xx/patches-6.12/111-powerpc-85xx-hpe-msm-support.patch +++ b/target/linux/mpc85xx/patches-6.12/111-powerpc-85xx-hpe-msm-support.patch @@ -1,8 +1,8 @@ --- a/arch/powerpc/platforms/85xx/Kconfig +++ b/arch/powerpc/platforms/85xx/Kconfig -@@ -114,6 +114,18 @@ config FIREBOX_T10 - This board is a VPN Gateway-Router with a - Freescale P1010 SoC. +@@ -114,6 +114,18 @@ config FIREBOX_T1X + This option enables support for the Watchguard Firebox T10/T15 board. + This board is a VPN Gateway-Router with a Freescale P1010 SoC. +config MSM460 + bool "HPE MSM460" -- 2.30.2