Skip to content
Permalink
Browse files

mtd: add logic for TP-Link ramips recovery magic

This adds an option to set the recovery flag of newer TP-Link MediaTek
boards and remove it after a successful write.

To make use of this feature, add the '-t' option to mtd-write.

The '-t' option takes the mtd partition containing the recovery flag
(usually 'romfile') as an argument. Make sure this partition is not
flagged as read-only!

Example:
 > mtd -t romfile write owrt.bin firmware

This command writes the recovery-flag before it begins writing the image
to the firmware partition. After the image-write has been successful,
the recovery flag is removed.

This way, the TP-Link web-recovery is automatically enabled on an
unsucessful flash (e.g. power loss).

This option is only available if the mtd package is compiled for the
ramips target.

Signed-off-by: David Bauer <mail@david-bauer.net>
  • Loading branch information...
blocktrron authored and mkresin committed Dec 31, 2018
1 parent 36a091c commit 1e06482f7db284567b240ce6f59c644439ec813f
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk

PKG_NAME:=mtd
PKG_RELEASE:=23
PKG_RELEASE:=24

PKG_BUILD_DIR := $(KERNEL_BUILD_DIR)/$(PKG_NAME)
STAMP_PREPARED := $(STAMP_PREPARED)_$(call confvar,CONFIG_MTD_REDBOOT_PARTS)
@@ -6,12 +6,13 @@ obj = mtd.o jffs2.o crc32.o md5.o
obj.seama = seama.o md5.o
obj.wrg = wrg.o md5.o
obj.wrgg = wrgg.o md5.o
obj.tpl = tpl_ramips_recoveryflag.o
obj.ar71xx = trx.o $(obj.seama) $(obj.wrgg)
obj.brcm = trx.o
obj.brcm47xx = $(obj.brcm)
obj.bcm53xx = $(obj.brcm) $(obj.seama)
obj.brcm63xx = imagetag.o
obj.ramips = $(obj.seama) $(obj.wrg)
obj.ramips = $(obj.seama) $(obj.tpl) $(obj.wrg)
obj.mvebu = linksys_bootcount.o
obj.kirkwood = linksys_bootcount.o
obj.ipq806x = linksys_bootcount.o
@@ -85,6 +85,7 @@ static char *buf = NULL;
static char *imagefile = NULL;
static enum mtd_image_format imageformat = MTD_IMAGE_FORMAT_UNKNOWN;
static char *jffs2file = NULL, *jffs2dir = JFFS2_DEFAULT_DIR;
static char *tpl_uboot_args_part;
static int buflen = 0;
int quiet;
int no_erase;
@@ -554,6 +555,17 @@ mtd_write(int imagefd, const char *mtd, char *fis_layout, size_t part_offset)
lseek(fd, part_offset, SEEK_SET);
}

/* Write TP-Link recovery flag */
if (tpl_uboot_args_part && mtd_tpl_recoverflag_write) {
if (quiet < 2)
fprintf(stderr, "Writing recovery flag to %s\n", tpl_uboot_args_part);
result = mtd_tpl_recoverflag_write(tpl_uboot_args_part, true);
if (result < 0) {
fprintf(stderr, "Could not write TP-Link recovery flag to %s: %i", mtd, result);
exit(1);
}
}

indicate_writing(mtd);

w = e = 0;
@@ -716,6 +728,18 @@ mtd_write(int imagefd, const char *mtd, char *fis_layout, size_t part_offset)
#endif

close(fd);

/* Clear TP-Link recovery flag */
if (tpl_uboot_args_part && mtd_tpl_recoverflag_write) {
if (quiet < 2)
fprintf(stderr, "Removing recovery flag from %s\n", tpl_uboot_args_part);
result = mtd_tpl_recoverflag_write(tpl_uboot_args_part, false);
if (result < 0) {
fprintf(stderr, "Could not clear TP-Link recovery flag to %s: %i", mtd, result);
exit(1);
}
}

return 0;
}

@@ -771,6 +795,10 @@ static void usage(void)
fprintf(stderr,
" -c datasize amount of data to be used for checksum calculation (for fixtrx / fixseama / fixwrg / fixwrgg)\n");
}
if (mtd_tpl_recoverflag_write) {
fprintf(stderr,
" -t <partition> write TP-Link recovery-flag to <partition> (for write)\n");
}
fprintf(stderr,
#ifdef FIS_SUPPORT
" -F <part>[:<size>[:<entrypoint>]][,<part>...]\n"
@@ -828,7 +856,7 @@ int main (int argc, char **argv)
#ifdef FIS_SUPPORT
"F:"
#endif
"frnqe:d:s:j:p:o:c:l:")) != -1)
"frnqe:d:s:j:p:o:c:t:l:")) != -1)
switch (ch) {
case 'f':
force = 1;
@@ -896,6 +924,9 @@ int main (int argc, char **argv)
usage();
}
break;
case 't':
tpl_uboot_args_part = optarg;
break;
#ifdef FIS_SUPPORT
case 'F':
fis_layout = optarg;
@@ -30,4 +30,5 @@ extern int mtd_fixseama(const char *mtd, size_t offset, size_t data_size) __attr
extern int mtd_fixwrg(const char *mtd, size_t offset, size_t data_size) __attribute__ ((weak));
extern int mtd_fixwrgg(const char *mtd, size_t offset, size_t data_size) __attribute__ ((weak));
extern int mtd_resetbc(const char *mtd) __attribute__ ((weak));
extern int mtd_tpl_recoverflag_write(const char *mtd, const bool recovery_active) __attribute__ ((weak));
#endif /* __mtd_h */
@@ -0,0 +1,94 @@
/*
* TP-Link recovery flag set and unset code for ramips target
*
* Copyright (C) 2018 David Bauer <mail@david-bauer.net>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License v2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/

#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <unistd.h>
#include <sys/mman.h>
#include <errno.h>
#include <stdint.h>

#include <mtd/mtd-user.h>
#include <sys/ioctl.h>

#include "mtd.h"


#define TPL_RECOVER_MAGIC 0x89abcdef
#define TPL_NO_RECOVER_MAGIC 0x00000000


struct uboot_args {
uint32_t magic;
};

int mtd_tpl_recoverflag_write(const char *mtd, const bool recovery_active)
{
struct erase_info_user erase_info;
struct uboot_args *args;
uint32_t magic;
int ret = 0;
int fd;

args = malloc(erasesize);
if (!args) {
fprintf(stderr, "Could not allocate memory!\n");
return -1;
}

fd = mtd_check_open(mtd);
if (fd < 0) {
fprintf(stderr, "Could not open mtd device: %s\n", mtd);
ret = -1;
goto out;
}

/* read first block (containing the magic) */
pread(fd, args, erasesize, 0);

/* set magic to desired value */
magic = TPL_RECOVER_MAGIC;
if (!recovery_active)
magic = TPL_NO_RECOVER_MAGIC;

/* no need to write when magic is already set correctly */
if (magic == args->magic)
goto out;

/* erase first block (containing the magic) */
erase_info.start = 0;
erase_info.length = erasesize;

ret = ioctl(fd, MEMERASE, &erase_info);
if (ret < 0) {
fprintf(stderr, "failed to erase block: %i\n", ret);
goto out;
}

/* write magic to flash */
args->magic = magic;

ret = pwrite(fd, args, erasesize, 0);
if (ret < 0)
fprintf(stderr, "failed to write: %i\n", ret);

sync();
out:
free(args);
close(fd);

return ret;
}

0 comments on commit 1e06482

Please sign in to comment.
You can’t perform that action at this time.