Thu Mar 7 12:44:49 EST 2013

OpenWRT dev - How to use CFE network image for testing without flashing?

1. Find out how the CFE boot process works.  What code is executed
first?  Where does the TRX fit in?

- CFE loads decompress routine + compressed kernel at 0x80001000 and
  jumps to it.

- Linux starts and later re-reads the partition table.

From dmesg:

[    0.288000] bcm47xx_pflash: Flash device: 0x2000000 at 0x1fc00000
[    0.296000] bcm47xx_part: Found Belkin_F7D3301 header:cfe
[    0.300000] bcm47xx_part: bootloader size: 196608
[    0.308000] bcm47xx_part: Looking for dual image
[    0.316000] bcm47xx_part: Found Belkin_F7D3301 header:root
[    0.320000] bcm47xx_part: TRX offset : 0
[    0.324000] 4 bcm47xx partitions found on MTD device Physically mapped flash
[    0.332000] Creating 4 MTD partitions on "Physically mapped flash":
[    0.340000] 0x000000000000-0x000000030000 : "cfe"
[    0.348000] 0x000000030000-0x0000007f0000 : "linux"
[    0.356000] 0x000000111000-0x0000007f0000 : "rootfs"
[    0.360000] mtd: partition "rootfs" must either start or end on erase block boundary or be smaller than an erase block -- forcing read-only
[    0.376000] mtd: partition "rootfs" set to be root filesystem
[    0.380000] mtd: partition "rootfs_data" created automatically, ofs=2D0000, len=520000 
[    0.392000] 0x0000002d0000-0x0000007f0000 : "rootfs_data"
[    0.400000] 0x0000007f0000-0x000000800000 : "nvram"

First partition is 0x30000 (196608) bytes large and contains
bootloader.  I'm assuming this part is not overwritten.

mtd0 "cfe"    probably has the CFE bootloader, and is never touched.
mtd1 "linux"  has the TRX image

At start, CFE says:
Boot partition size = 131072(0x20000)
Would this be on the flash?
Not included in the TRX and other partition stuff?
I don't find this number anywhere.
-> at 0x20000 in mtd0.bin I find something extra:
00020000  42 52 4e 2d 42 4f 4f 54  00 00 00 00 00 00 00 00  |BRN-BOOT........|
00020010  00 00 00 00 00 00 31 2e  30 30 65 00 31 31 94 44  |......1.00e.11.D|

So it looks like CFE is loaded by processor from the start of Flash.
CFE looks for TRX image on the Flash and pulls out the loader binary
from the first partition.  Loader uncompresses Linux.  Linux scans for
the TRX again to find the squashfs and sets up mtd partitions, saving
mtd0 for CFE bootloader.

So how is default boot configured in CFE?

2. How to boot over the network?  What format to use?

It's probably simplest to just use a TFTP put.  This will flash the whole TRX.

atftp --trace --option "timeout 1" --option "mode octet" --put --local-file zuk.trx

Since the OpenWRT patch looks for TRX on Flash, it probably won't work
to boot a whole image over the network.  However, when there is a JFFS
on the Flash, it might be possible to just boot the kernel if it is in
the right format.  See [1].

CFE> boot
Loader:raw Filesys:tftp Dev:eth0 File: Options:(null)
Loading: TFTP error 1: File not found
Could not load Network protocol error
*** command status = -22

- Build latest revision
- Boot it, see where it fails
- Add the TRX magic stuff
- rest of patch..

[1] https://forum.openwrt.org/viewtopic.php?id=33184