小米路由器 2 硬盘版(MiWifi R2D)刷第三方固件(OpenWrt)(实为救砖而且还没成功)
2019-04-13
截止到本文章写出为止,据我所知 MiWiFi R2D 没有 第三方固件(如果有请告知),以下过程是我在摸索学习中的一些笔记,希望为后来人提供帮助,避免弯路。
我学习的固件是 OpenWrt ,一是小米路由器的固件就是基于 OpenWrt 开发的,二是 OpenWrt 与我一直学习的 Ubuntu 有千丝万缕的联系。当然你也可以选择 DD-WRT 等等,换汤不换药。
推荐阅读这个 OpenWrt 提供的救砖指南(该文章以及其链接到的文章说明了启动原理):
https://openwrt.org/docs/guide-user/troubleshooting/generic.debrick
硬件
首先我们需要先确认我们的硬件是基于什么解决方案的(或者叫做平台?不大清楚),寻找硬件信息可以通过这个网站查询到(最简单):
https://deviwiki.com/wiki/Xiaomi_MiWiFi_(R2D)
当然,我们也可以自己拆开设备然后去看芯片上的信息(推荐)。
这个设备使用的是 Broadcom 提供的解决方案,处理器、以太网控制器是 BCM4709C0 ,两个 wlan 的芯片也是 Broadcom 提供的(废话啊)
注意到 BCM4709C0 是 bcm47xx 系列中较为高端的基于 ARM 的芯片( https://deviwiki.com/wiki/Broadcom ),跟该系列基于 MIPS 的芯片是有区别的,在接下来过程中寻找合适的固件(确定软件源)时需要注意。
OpenWrt 用 brcm47xx 来标识 基于 MIPS 的 BCM47xx 、 BCM53xx 系列芯片,用 bcm53xx 来标识 基于 ARM 的 BCM47xx 、 BCM53xx 系列芯片。( https://dev.archive.openwrt.org/wiki/platforms )
同样使用 BCM4709C0 这个芯片的设备可以在下面这个网址查询到:
闪存方面使用了 NAND 闪存,相比于 NOR 闪存,提高了入门门槛(NOR 闪存有更便宜的编程器便于救砖),当然,因为是 NAND 闪存,也同时提高了闪存容量(降低了成本 = =)。
设备提供了串口便于查看调试信息,但是并没有找到明显的 JTAG (救砖帮手)连接位置。
使用 115200 比特率 3.3v 的电压可以通过 usb 转 ttl 转接器来连接到设备的串口(线材方面,使用公头杜邦线提供的针可以插入到设备的串口中(好评))。
Windows 上可以使用 putty 作为终端使用,方便快捷。
转接器上的 TXD 连接到设备的 RX 上(即电脑的写入链接到设备的读取),转接器上的 RXD 连接到设备的 TX 上,转接器上的 GND 连接到设备的 GND 上,只需要接 3 个,另外一个用于提供电源电压的口不需要接。
软件
嵌入式设备跟我们一般使用的电脑类似,都是由引导(BootLoader) + 系统(System)构成的。
引导负责设置好一些硬件,使其工作在正常的状态,正常启动时将启动权交付系统,启动不正常的时候提供一些备用的刷入系统的方式。系统就是协调硬件工作,让我们能用上系统啦。
这个设备的引导使用的是魔改过的 Broadcom CFE (Common Firmware Environment) ,系统使用的是魔改过的 OpenWrt (上文提过)。
这是正常的设备启动时的日志(我有两个,其中一个是正常的):
Digital core power voltage set to 1.05V
Detect memory size = 256 MB
Post lines...ok
Memory check ok!
Decompressing...done
Digital core power voltage set to 1.05V
Detect memory size = 256 MB
Post lines...ok
Memory check ok!
Decompressing...done
Found a AMD NAND flash:
Total size: 512MB
Block size: 128KB
Page Size: 2048B
OOB Size: 64B
Sector size: 512B
Spare size: 16B
ECC level: 4 (4-bit)
Device ID: 0x01 0xdc 0x90 0x95 0x56 0x01
board=8, clk=1400
CFE version v1.0.4
BSP: 7.14.92 (r523444) based on BBP 1.0.37 for BCM947XX (32bit,SP,)
Build Date: Tue Jun 16 22:17:45 CST 2015 (szy@szy-rommaker)
Copyright (C) 2000-2008 Broadcom Corporation.
Init Arena
Init Devs.
Boot up from NAND flash...
Boot partition size = 262144(0x40000)
DDR Clock: 800 MHz
Info: DDR frequency set from clkfreq=1400,*800*
XXXXX chipattach,538: Don't need override the robosw port5 setting
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.92 (r523444)
CPU type 0x0: 1400MHz
Tot mem: 262144 KBytes
CFE mem: 0x00F00000 - 0x017913F4 (8983540)
Data: 0x00F597E0 - 0x00F59E58 (1656)
BSS: 0x00F59E68 - 0x00F8F3F4 (218508)
Heap: 0x00F8F3F4 - 0x0178F3F4 (8388608)
Stack: 0x0178F3F4 - 0x017913F4 (8192)
Text: 0x00F00000 - 0x00F4D704 (317188)
Boot: 0x01792000 - 0x017D2000
Reloc: I:00000000 - D:00000000
Device eth0: hwaddr F0-B4-29-2A-92-96, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
bootargs: boot -loader=raw_brcmnand -addr=0x8000 nflash0.os1:
Loader:raw_brcmnand Filesys:raw Dev:nflash0.os1 File: Options:(null)
Loading: compressed crc = 0xd1545136 3137536 bytes read
Entry at 0x00008000
Closing network.
Starting program at 0x00008000
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Linux version 2.6.36 (jenkins@48251e92e4b1) (gcc version 4.8.2 20130603 (prerelease) (crosstool-NG 1.19.0) ) #3 MiWiFi-R2D-2.25.209 SMP PREEMPT Tue Oct 16 11:45:02 UTC 2018
[ 0.000000] CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c53c7f
[ 0.000000] CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
[ 0.000000] Machine: Northstar Prototype
[ 0.000000] Ignoring unrecognised tag 0x00000000
[ 0.000000] Memory policy: ECC disabled, Data cache writealloc
[ 0.000000] MPCORE found at 19020000
[ 0.000000] PERCPU: Embedded 7 pages/cpu @c8206000 s5568 r8192 d14912 u65536
[ 0.000000] pcpu-alloc: s5568 r8192 d14912 u65536 alloc=16*4096
[ 0.000000] pcpu-alloc: [0] 0 [0] 1
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 65024
[ 0.000000] Kernel command line: root=/dev/ram rw console=ttyS0,115200 init=/init libata.force=3.0Gbps
[ 0.000000] System in normal state
[ 0.000000] PID hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.000000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
[ 0.000000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Memory: 256MB = 256MB total
[ 0.000000] Memory: 253228k/253228k available, 8916k reserved, 0K highmem
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
[ 0.000000] DMA : 0xf7e00000 - 0xffe00000 ( 128 MB)
[ 0.000000] vmalloc : 0xd0800000 - 0xf0000000 ( 504 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xd0000000 ( 256 MB)
[ 0.000000] modules : 0xbf000000 - 0xc0000000 ( 16 MB)
[ 0.000000] .init : 0xc0008000 - 0xc0139000 (1220 kB)
[ 0.000000] .text : 0xc0139000 - 0xc058f000 (4440 kB)
[ 0.000000] .data : 0xc05aa000 - 0xc05d3d00 ( 168 kB)
[ 0.000000] SLUB: Genslabs=11, HWalign=32, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] RCU-based detection of stalled CPUs is disabled.
[ 0.000000] Verbose stalled-CPUs detection is disabled.
[ 0.000000] NR_IRQS:256
[ 0.000000] MPCORE GIC init
[ 0.000000] External imprecise Data abort at addr=0x0, fsr=0x1c06 ignored.
[ 0.000000] Found chip type NAI (0x3f00cf26)
[ 0.000000] Chipc: rev 42, caps 0x48000a, chipst 0x0 pmurev 0, pmucaps 0x0
[ 0.000000] si_kattach done. ccrev = 42, wd_msticks = 100000
[ 0.000000] MPCORE Global Timer Clock 700000000Hz
[ 0.000000] allocated 1310720 bytes of page_cgroup
[ 0.000000] please try 'cgroup_disable=memory' option if you don't want memory cgroups
[ 0.000000] Calibrating delay loop... 2798.38 BogoMIPS (lpj=13991936)
[ 0.250000] pid_max: default: 32768 minimum: 301
[ 0.250000] Mount-cache hash table entries: 512
[ 0.250000] Initializing cgroup subsys memory
[ 0.250000] Initializing cgroup subsys net_cls
[ 0.250000] CPU: Testing write buffer coherency: ok
[ 0.250000] MPCORE Private timer setup CPU0
[ 0.250000] Calibrating local timer... 699.797MHz.
[ 0.340000] L310: cache controller enabled 16 ways, CACHE_ID 0x410000c8, AUX_CTRL 0x7a130800
[ 0.380000] CPU1: Booted secondary processor
[ 0.380000] MPCORE Private timer setup CPU1
[ 0.640000] Brought up 2 CPUs
[ 0.640000] SMP: Total of 2 processors activated (5596.77 BogoMIPS).
[ 0.640000] devtmpfs: initialized
[ 0.640000] atomic64 test passed
[ 0.640000] NET: Registered protocol family 16
[ 0.640000] Found a AMD NAND flash:
[ 0.640000] Total size: 512MB
[ 0.640000] Block size: 128KB
[ 0.640000] Page Size: 2048B
[ 0.640000] OOB Size: 64B
[ 0.640000] Sector size: 512B
[ 0.640000] Spare size: 16B
[ 0.640000] ECC level: 4 (4-bit)
[ 0.640000] Device ID: 0x 1 0xdc 0x90 0x95 0x56 0x01
[ 0.660000] CCA UART Clock Config: Sel=1 Ovr=1 Div=48
[ 0.660000] CCA UART Clock rate 100000000Hz CCB UART Clock rate 100000000Hz
[ 0.660000] ACP (Accelerator Coherence Port) enabled
[ 0.660000] bio: create slab <bio-0> at 0
[ 0.660000] SCSI subsystem initialized
[ 0.660000] usbcore: registered new interface driver usbfs
[ 0.660000] usbcore: registered new interface driver hub
[ 0.660000] usbcore: registered new device driver usb
[ 0.660000] DEV + ,register_netdevice, lo, paddr: cf821800
[ 0.660000] Switching to clocksource mpcore_gtimer
[ 0.660000] NET: Registered protocol family 2
[ 0.660000] IP route cache hash table entries: 2048 (order: 1, 8192 bytes)
[ 0.660000] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[ 0.660000] TCP bind hash table entries: 8192 (order: 4, 98304 bytes)
[ 0.660000] TCP: Hash tables configured (established 8192 bind 8192)
[ 0.660000] TCP reno registered
[ 0.660000] UDP hash table entries: 128 (order: 0, 4096 bytes)
[ 0.660000] UDP-Lite hash table entries: 128 (order: 0, 4096 bytes)
[ 0.660000] NET: Registered protocol family 1
[ 0.660000] system bringup monitor is running...
[ 1.020000] PCI: no core
[ 1.020000] PCI: no core
[ 1.020000] ai_flag: Attempting to read CHIPCOMMONB DMP registers on 4707
[ 1.020000] PCI: scanning bus 0
[ 1.020000] PCI: Fixing up bus 0
[ 1.270000] PCIE1 link=1
[ 1.270000] PCIE1 switching to GEN2
[ 1.520000] PCIE1 link=1
[ 1.520000] PCI: Fixing up bus 0
[ 1.520000] PCI: bus0: Fast back to back transfers disabled
[ 1.520000] PCI: Fixing up bus 1
[ 1.520000] PCI: bus1: Fast back to back transfers disabled
[ 1.520000] pci 0001:00:00.0: BAR 8: assigned [mem 0x08000000-0x080fffff]
[ 1.520000] pci 0001:01:00.0: BAR 0: assigned [mem 0x08000000-0x08007fff 64bit]
[ 1.520000] pci 0001:01:00.0: BAR 0: set to [mem 0x08000000-0x08007fff 64bit] (PCI address [0x8000000-0x8007fff]
[ 1.520000] pci 0001:00:00.0: PCI bridge to [bus 01-01]
[ 1.520000] pci 0001:00:00.0: bridge window [io disabled]
[ 1.520000] pci 0001:00:00.0: bridge window [mem 0x08000000-0x080fffff]
[ 1.520000] pci 0001:00:00.0: bridge window [mem pref disabled]
[ 1.770000] PCIE2 link=1
[ 1.770000] PCIE2 switching to GEN2
[ 2.020000] PCIE2 link=1
[ 2.020000] PCI: Fixing up bus 0
[ 2.020000] PCI: bus0: Fast back to back transfers disabled
[ 2.020000] PCI: Fixing up bus 1
[ 2.020000] PCI: bus1: Fast back to back transfers disabled
[ 2.020000] pci 0002:00:00.0: BAR 8: assigned [mem 0x20000000-0x200fffff]
[ 2.020000] pci 0002:01:00.0: BAR 0: assigned [mem 0x20000000-0x20007fff 64bit]
[ 2.020000] pci 0002:01:00.0: BAR 0: set to [mem 0x20000000-0x20007fff 64bit] (PCI address [0x20000000-0x20007fff]
[ 2.020000] pci 0002:00:00.0: PCI bridge to [bus 01-01]
[ 2.020000] pci 0002:00:00.0: bridge window [io disabled]
[ 2.020000] pci 0002:00:00.0: bridge window [mem 0x20000000-0x200fffff]
[ 2.020000] pci 0002:00:00.0: bridge window [mem pref disabled]
[ 2.270000] PCIE3 link=1
[ 2.270000] PCIE3 switching to GEN2
[ 2.530000] PCIE3 link=1
[ 2.530000] PCI: Fixing up bus 0
[ 2.530000] PCI: bus0: Fast back to back transfers disabled
[ 2.530000] PCI: Fixing up bus 1
[ 2.530000] PCI: bus1: Fast back to back transfers disabled
[ 2.530000] pci 0003:00:00.0: BAR 8: assigned [mem 0x28000000-0x280fffff]
[ 2.530000] pci 0003:01:00.0: BAR 5: assigned [mem 0x28000000-0x280001ff]
[ 2.530000] pci 0003:01:00.0: BAR 5: set to [mem 0x28000000-0x280001ff] (PCI address [0x28000000-0x280001ff]
[ 2.530000] pci 0003:01:00.0: BAR 4: can't assign io (size 0x10)
[ 2.530000] pci 0003:01:00.0: BAR 0: can't assign io (size 0x8)
[ 2.530000] pci 0003:01:00.0: BAR 2: can't assign io (size 0x8)
[ 2.530000] pci 0003:01:00.0: BAR 1: can't assign io (size 0x4)
[ 2.530000] pci 0003:01:00.0: BAR 3: can't assign io (size 0x4)
[ 2.530000] pci 0003:00:00.0: PCI bridge to [bus 01-01]
[ 2.530000] pci 0003:00:00.0: bridge window [io disabled]
[ 2.530000] pci 0003:00:00.0: bridge window [mem 0x28000000-0x280fffff]
[ 2.530000] pci 0003:00:00.0: bridge window [mem pref disabled]
[ 2.530000] VFS: Disk quotas dquot_6.5.2
[ 2.530000] Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
[ 2.530000] msgmni has been set to 494
[ 2.530000] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
[ 2.530000] io scheduler noop registered
[ 2.530000] io scheduler deadline registered
[ 2.530000] io scheduler cfq registered (default)
[ 2.530000] Serial: 8250/16550 driver, 2 ports, IRQ sharing disabled
[ 2.530000] serial8250.0: ttyS0 at MMIO 0x18000300 (irq = 117) is a 16550
[ 3.300000] console [ttyS0] enabled
[ 3.310000] serial8250.0: ttyS1 at MMIO 0x18000400 (irq = 117) is a 16550
[ 3.310000] init reset module!
[ 3.320000] brd: module loaded
[ 3.320000] loop: module loaded
[ 3.330000] PCI: Enabling device 0003:01:00.0 (0140 -> 0142)
[ 3.330000] ahci: SSS flag set, parallel bus scan disabled
[ 3.340000] ahci 0003:01:00.0: AHCI 0001.0200 32 slots 2 ports 6 Gbps 0x3 impl IDE mode
[ 3.350000] ahci 0003:01:00.0: flags: 64bit ncq sntf stag led clo pmp pio slum part ccc sxs
[ 3.350000] scsi0 : ahci
[ 3.360000] scsi1 : ahci
[ 3.360000] ata1: FORCE: PHY spd limit set to 3.0Gbps
[ 3.360000] ata1: SATA max UDMA/133 abar m512@0x28000000 port 0x28000100 irq 175
[ 3.370000] ata2: FORCE: PHY spd limit set to 3.0Gbps
[ 3.380000] ata2: SATA max UDMA/133 abar m512@0x28000000 port 0x28000180 irq 175
[ 3.730000] ata1: SATA link down (SStatus 0 SControl 320)
[ 4.080000] ata2: SATA link down (SStatus 0 SControl 320)
[ 6.140000] Creating 8 MTD partitions on "nflash":
[ 6.150000] 0x000000000000-0x000000080000 : "boot"
[ 6.150000] 0x000000080000-0x000000100000 : "nvram"
[ 6.160000] 0x000000100000-0x000000140000 : "board_data"
[ 6.160000] 0x000000140000-0x000000180000 : "crash"
[ 6.170000] 0x000000180000-0x000000200000 : "rsvd0"
[ 6.170000] 0x000000200000-0x000000600000 : "os0"
[ 6.180000] 0x000000600000-0x000000a00000 : "os1"
[ 6.180000] 0x000000a00000-0x000001000000 : "rsvd1"
[ 6.190000] PPP generic driver version 2.4.2
[ 6.190000] NET: Registered protocol family 24
[ 6.200000] DEV + ,register_netdevice, ifb0, paddr: cd7d6000
[ 6.200000] Netlink kernel socket create failed
[ 6.210000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 6.220000] ehci_hcd 0000:00:0b.1: EHCI Host Controller
[ 6.220000] ehci_hcd 0000:00:0b.1: new USB bus registered, assigned bus number 1
[ 6.260000] ehci_hcd 0000:00:0b.1: irq 111, io mem 0x18021000
[ 6.280000] ehci_hcd 0000:00:0b.1: USB 0.0 started, EHCI 1.00
[ 6.280000] hub 1-0:1.0: USB hub found
[ 6.280000] hub 1-0:1.0: 2 ports detected
[ 6.290000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 6.300000] ohci_hcd 0000:00:0b.0: OHCI Host Controller
[ 6.300000] ohci_hcd 0000:00:0b.0: new USB bus registered, assigned bus number 2
[ 6.310000] ohci_hcd 0000:00:0b.0: irq 111, io mem 0x18022000
[ 6.370000] hub 2-0:1.0: USB hub found
[ 6.370000] hub 2-0:1.0: 2 ports detected
[ 6.380000] Initializing USB Mass Storage driver...
[ 6.380000] usbcore: registered new interface driver usb-storage
[ 6.390000] USB Mass Storage support registered.
[ 6.390000] Software Watchdog Timer: 0.07 initialized. soft_noboot=0 soft_margin=60 sec (nowayout= 0)
[ 6.400000] Netfilter messages via NETLINK v0.30 with ipset netlink.patch.
[ 6.410000] nf_conntrack version 0.5.0 (3956 buckets, 15824 max)
[ 6.420000] ctnetlink v0.93: registering with nfnetlink.
[ 6.420000] TCP cubic registered
[ 6.420000] NET: Registered protocol family 10
[ 6.430000] NET: Registered protocol family 17
[ 6.430000] L2TP core driver, V2.0
[ 6.440000] 802.1Q VLAN Support v1.8 Ben Greear <[email protected]>
[ 6.440000] All bugs added by David S. Miller <[email protected]>
[ 6.470000] Northstar brcmnand NAND Flash Controller driver, Version 0.1 (c) Broadcom Inc. 2012
[ 6.470000] NAND device: Manufacturer ID: 0x01, Chip ID: 0xdc (AMD NAND 512MiB 3,3V 8-bit)
[ 6.480000] Spare area=64 eccbytes 28, ecc bytes located at:
[ 6.490000] 9 10 11 12 13 14 15 25 26 27 28 29 30 31 41 42 43 44 45 46 47 57 58 59 60 61 62 63
[ 6.500000] Available 35 bytes at (off,len):
[ 6.500000] (1,8) (16,9) (32,9) (48,9) (0,0) (0,0) (0,0) (0,0)
[ 6.510000] Scanning device for bad blocks
[ 9.280000] Options: NO_AUTOINCR,NO_READRDY,NO_SUBPAGE_WRITE,BBT_SCAN2NDPAGE,
[ 9.290000] Creating 3 MTD partitions on "brcmnand":
[ 9.290000] 0x000001000000-0x000009000000 : "rootfs0"
[ 9.300000] 0x000009000000-0x000011000000 : "rootfs1"
[ 9.300000] 0x000011000000-0x000020000000 : "overlay"
[ 9.310000] Freeing init memory: 1220K
[ 9.330000] Loading essential drivers...
[ 9.380000] Check for USB rescure...
[ 9.390000] Press Ctrl+C to enter RAMFS...
[ 10.390000] INFO: No Hard Disk
[ 10.400000] Bringup the system...
[ 10.410000] UBI: attaching mtd9 to ubi1
[ 10.410000] UBI: physical eraseblock size: 131072 bytes (128 KiB)
[ 10.420000] UBI: logical eraseblock size: 126976 bytes
[ 10.430000] UBI: smallest flash I/O unit: 2048
[ 10.430000] UBI: VID header offset: 2048 (aligned 2048)
[ 10.440000] UBI: data offset: 4096
[ 11.460000] UBI: max. sequence number: 12
[ 11.480000] UBI: attached mtd9 to ubi1
[ 11.480000] UBI: MTD device name: "rootfs1"
[ 11.490000] UBI: MTD device size: 128 MiB
[ 11.490000] UBI: number of good PEBs: 1024
[ 11.500000] UBI: number of bad PEBs: 0
[ 11.500000] UBI: max. allowed volumes: 128
[ 11.510000] UBI: wear-leveling threshold: 4096
[ 11.510000] UBI: number of internal volumes: 1
[ 11.510000] UBI: number of user volumes: 1
[ 11.520000] UBI: available PEBs: 0
[ 11.520000] UBI: total number of reserved PEBs: 1024
[ 11.530000] UBI: number of PEBs reserved for bad PEB handling: 40
[ 11.530000] UBI: max/mean erase counter: 52/10
[ 11.540000] UBI: image sequence number: 1844941163
[ 11.540000] UBI: background thread "ubi_bgt1d" started, PID 406
UBI device number 1, total 1024 LEBs (130023424 bytes, 124.0 MiB), available 0 LEBs (0 bytes), LEB size 126976 bytes (124.0 KiB)
[ 11.610000] UBIFS: recovery needed
[ 11.850000] UBIFS: recovery deferred
[ 11.860000] UBIFS: mounted UBI device 1, volume 0, name "system"
[ 11.860000] UBIFS: mounted read-only
[ 11.870000] UBIFS: file system size: 123039744 bytes (120156 KiB, 117 MiB, 969 LEBs)
[ 11.870000] UBIFS: journal size: 9023488 bytes (8812 KiB, 8 MiB, 72 LEBs)
[ 11.880000] UBIFS: media format: w4/r0 (latest is w4/r0)
[ 11.890000] UBIFS: default compressor: none
[ 11.890000] UBIFS: reserved for root: 0 bytes (0 KiB)
config core 'version'
# ROM ver
option ROM '2.25.209'
# channel
option CHANNEL 'stable'
# hardware platform R1AC or R1N etc.
option HARDWARE 'R2D'
# CFE ver
option UBOOT '1.0.2'
# Linux Kernel ver
option LINUX '0.0.1'
# RAMFS ver
option RAMFS '0.0.1'
# SQUASHFS ver
option SQAFS '0.0.1'
# ROOTFS ver
option ROOTFS '0.0.1'
#build time
option BUILDTIME 'Tue, 16 Oct 2018 11:21:13 +0000'
#build timestamp
option BUILDTS '1539688873'
#build git tag
option GTAG 'commit f617d73c957fe11a260770f38004851c3da6e31f'
- preinit -
Tue Oct 16 11:45:02 UTC 2018
- regular preinit -
/lib/preinit.sh: line 1: pi_indicate_led: not found
/lib/preinit.sh: line 1: jffs2_not_mounted: not found
[ 12.480000] UBI: attaching mtd10 to ubi2
[ 12.480000] UBI: physical eraseblock size: 131072 bytes (128 KiB)
[ 12.490000] UBI: logical eraseblock size: 126976 bytes
[ 12.490000] UBI: smallest flash I/O unit: 2048
[ 12.500000] UBI: VID header offset: 2048 (aligned 2048)
[ 12.500000] UBI: data offset: 4096
[ 14.420000] UBI: max. sequence number: 3556263
[ 14.440000] UBI: attached mtd10 to ubi2
[ 14.440000] UBI: MTD device name: "overlay"
[ 14.450000] UBI: MTD device size: 240 MiB
[ 14.450000] UBI: number of good PEBs: 1920
[ 14.460000] UBI: number of bad PEBs: 0
[ 14.460000] UBI: max. allowed volumes: 128
[ 14.470000] UBI: wear-leveling threshold: 4096
[ 14.470000] UBI: number of internal volumes: 1
[ 14.470000] UBI: number of user volumes: 1
[ 14.480000] UBI: available PEBs: 0
[ 14.480000] UBI: total number of reserved PEBs: 1920
[ 14.490000] UBI: number of PEBs reserved for bad PEB handling: 76
[ 14.490000] UBI: max/mean erase counter: 3642/1854
[ 14.500000] UBI: image sequence number: 659397754
[ 14.500000] UBI: background thread "ubi_bgt2d" started, PID 443
UBI device number 2, total 1920 LEBs (243793920 bytes, 232.5 MiB), available 0 LEBs (0 bytes), LEB size 126976 bytes (124.0 KiB)
[ 14.580000] UBIFS: recovery needed
[ 15.080000] UBIFS: recovery completed
[ 15.090000] UBIFS: mounted UBI device 2, volume 0, name "data"
[ 15.090000] UBIFS: file system size: 232239104 bytes (226796 KiB, 221 MiB, 1829 LEBs)
[ 15.100000] UBIFS: journal size: 11681792 bytes (11408 KiB, 11 MiB, 92 LEBs)
[ 15.110000] UBIFS: media format: w4/r0 (latest is w4/r0)
[ 15.110000] UBIFS: default compressor: none
[ 15.120000] UBIFS: reserved for root: 4952683 bytes (4836 KiB)
Primary disk mount failed: No block device.
- init -
init started: BusyBox v1.19.4 (2018-10-16 11:10:12 UTC)
rcS S boot: INFO: rc script run time limit to 65 seconds.
(none) login: [ 17.290000] ctf: module license 'Proprietary' taints kernel.
[ 17.300000] Disabling lock debugging due to kernel taint
[ 17.310000] DEV + ,register_netdevice, dpsta, paddr: cf094800
[ 17.350000] et_module_init: passivemode set to 0x0
[ 17.360000] et_module_init: txworkq set to 0x0
[ 17.360000] et_module_init: et_txq_thresh set to 0x400
[ 17.370000] et_module_init: et_rxlazy_timeout set to 0x3e8
[ 17.370000] et_module_init: et_rxlazy_framecnt set to 0x20
[ 17.380000] si_doattach: incoming bus is PCI but it's a lie, switching to SI devid:0x4715
[ 17.390000] Found chip type NAI (0x3f00cf26)
[ 17.390000] Chipc: rev 42, caps 0x48000a, chipst 0x0 pmurev 0, pmucaps 0x0
[ 17.400000] XXXXX chipattach,538: Don't need override the robosw port5 setting
[ 17.410000] DEV + ,register_netdevice, eth0, paddr: cf095800
[ 17.410000] eth0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.116 (r549303)
[ 17.750000] tun: Universal TUN/TAP device driver, 1.6
[ 17.760000] tun: (C) 1999-2004 Max Krasnyansky <[email protected]>
[ 17.780000] PPP MPPE Compression module registered
[ 17.790000] Mirror/redirect action on
[ 17.820000] u32 classifier
[ 17.820000] Actions configured
[ 17.940000] IPv6 over IPv4 tunneling driver
[ 17.950000] DEV + ,register_netdevice, sit0, paddr: cd1d1800
[ 17.960000] GRE over IPv4 demultiplexor driver
[ 17.980000] GRE over IPv4 tunneling driver
[ 17.980000] DEV + ,register_netdevice, gre0, paddr: cd1d2800
[ 17.990000] ipgre init: can't add protocol
[ 17.990000] DEV - ,unregister_netdevice_queue, gre0, paddr: cd1d2800
[ 18.060000] DEV , netdev_run_todo, release dev, gre0, paddr: cd1d2800
[ 18.130000] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 18.190000] xt_time: kernel timezone is +0800
[ 18.230000] PPPoL2TP kernel driver, V2.0
[ 18.250000] PPTP driver version 0.8.5
[ 18.270000] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 18.460000] ipt: xt_cgroup_MARK installed ok.
[ 18.660000] ip_set: protocol 6
[ 19.040000] NF_TPROXY: Transparent proxy support initialized, version 4.1.0
[ 19.050000] NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
[ 19.090000] ipaccount: ifname [lo] event[5]
[ 19.090000] ipaccount: ifname [ifb0] event[5]
[ 19.100000] ipaccount: ifname [dpsta] event[5]
[ 19.100000] ipaccount: ifname [eth0] event[5]
[ 19.110000] ipaccount: ifname [sit0] event[5]
[ 19.150000] fuse init (API version 7.15)
[ 21.130000] wl_module_init: msglevel set to 0x0
[ 21.140000] wl_module_init: msglevel2 set to 0x0
[ 21.140000] wl_module_init: phymsglevel set to 0x0
[ 21.150000] wl_module_init: passivemode set to 0x0
[ 21.150000] wl_module_init: txworkq set to 0x0
[ 21.160000] Found chip type AI (0x15134352)
[ 21.160000] Chipc: rev 43, caps 0x58680001, chipst 0x9a69 pmurev 17, pmucaps 0x10a22b11
[ 21.170000] initvars_cis_pci: Not CIS format
[ 21.170000] ipxotp_read_region: h/w region not programmed
[ 21.180000] Neither SPROM nor OTP has valid image
[ 21.180000] srom rev:0
[ 21.190000] Overriding boardvendor: 0x14e4 instead of 0x14e4
[ 21.190000] ChangeVCO => vco:960, xtalF:40, frac: 98, ndivMode: 3, ndivint: 24
[ 21.200000] Data written into the PLL_CNTRL_ADDR2: 00000c31
[ 21.210000] Data written into the PLL_CNTRL_ADDR3 (Fractional): 0000100e
[ 21.210000] Changing rsrc 6 res_updn_timer to 0x200001
[ 21.220000] ALP in KHz is 40000, cur PM_REG_VAL is 0, new PM_REG_VAL is 50
[ 21.230000] pciedev_crwlpciegen2_180:Reg:0x1814 ::0x5305f
[ 21.240000] ipaccount: ifname [wl0] event[16]
[ 21.250000] DEV + ,register_netdevice, wl0, paddr: cdc16000
[ 21.250000] ipaccount: ifname [wl0] event[5]
[ 21.260000] wl0: Broadcom BCM4360 802.11 Wireless Controller 7.14.116 (r549303 WLTEST) (Compiled in . at 11:08:41 on Oct 16 2018)
[ 21.270000] PCI: Enabling device 0002:01:00.0 (0140 -> 0142)
[ 21.270000] Found chip type AI (0x1380a8d1)
[ 21.280000] Chipc: rev 39, caps 0x18500000, chipst 0x6 pmurev 12, pmucaps 0x108c260c
[ 21.290000] initvars_cis_pci: Not CIS format
[ 21.300000] ipxotp_read_region: h/w region not programmed
[ 21.300000] Neither SPROM nor OTP has valid image
[ 21.310000] srom rev:0
[ 21.310000] MIN and MAX mask is not programmed
[ 21.330000] ipaccount: ifname [wl1] event[16]
[ 21.340000] DEV + ,register_netdevice, wl1, paddr: ce8ca800
[ 21.340000] ipaccount: ifname [wl1] event[5]
[ 21.350000] wl1: Broadcom BCM43227 802.11 Wireless Controller 7.14.116 (r549303 WLTEST) (Compiled in . at 11:08:41 on Oct 16 2018)
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: INFO: loading exist /etc/config/network.
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config switch 'eth0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option enable '1'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config switch_vlan 'eth0_1'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option device 'eth0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option vlan '1'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ports '0 2 3 5*'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config switch_vlan 'eth0_2'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option device 'eth0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option vlan '2'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ports '4 5'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'loopback'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ifname 'lo'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option proto 'static'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ipaddr '127.0.0.1'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option netmask '255.0.0.0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'lan'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option type 'bridge'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ifname 'eth0.1'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option proto 'static'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option netmask '255.255.255.0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ip6assign '64'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ipaddr '192.168.0.1'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: list ip6class 'ifb'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: list ip6class 'ipv66'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'ifb'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ifname 'ifb0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'ready'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option proto 'static'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ipaddr '169.254.29.1'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option netmask '255.255.255.0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'guest'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ifname 'eth0.3'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option type 'bridge'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option proto 'static'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option netmask '255.255.255.0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ipaddr '192.168.1.1'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'wan6'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option proto 'dhcpv6'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ifname '@wan'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'ipv66'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ifname '@ipv6'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option proto 'dhcpv6'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'wan'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option proto 'dhcp'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option mtu '1500'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ifname 'eth0.2'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: config interface 'openvpn'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option ifname 'tun0'
Tue Oct 16 19:45:11 CST 2018 netconfig[925]: option proto 'openvpn'
[ 22.690000] ipaccount: ifname [br-guest] event[16]
[ 22.690000] DEV + ,register_netdevice, br-guest, paddr: cda57000
[ 22.700000] ipaccount: ifname [br-guest] event[5]
[ 22.700000] ipaccount: ifname [eth0] event[13]
[ 22.710000] ipaccount: ifname [eth0] event[1]
[ 22.710000] ipaccount: ifname [eth0.3] event[16]
[ 22.720000] DEV + ,register_netdevice, eth0.3, paddr: cd1d4000
[ 22.720000] ipaccount: ifname [eth0.3] event[5]
[ 22.730000] ipaccount: ifname [eth0.3] event[13]
[ 22.730000] ipaccount: ifname [eth0.3] event[1]
[ 22.740000] device eth0.3 entered promiscuous mode
[ 22.740000] device eth0 entered promiscuous mode
[ 22.750000] ipaccount: ifname [br-guest] event[8]
[ 22.750000] ipaccount: ifname [br-guest] event[13]
[ 22.760000] br-guest: port 1(eth0.3) entering learning state
[ 22.760000] br-guest: port 1(eth0.3) entering learning state
[ 22.770000] ipaccount: ifname [br-guest] event[1]
[ 22.780000] ipaccount: ifname [br-lan] event[16]
[ 22.790000] DEV + ,register_netdevice, br-lan, paddr: cda54000
[ 22.790000] ipaccount: ifname [br-lan] event[5]
[ 22.800000] ipaccount: ifname [eth0.1] event[16]
[ 22.800000] DEV + ,register_netdevice, eth0.1, paddr: ce7b8800
[ 22.810000] ipaccount: ifname [eth0.1] event[5]
[ 22.810000] ipaccount: ifname [eth0.1] event[13]
[ 22.820000] ipaccount: ifname [eth0.1] event[1]
[ 22.820000] device eth0.1 entered promiscuous mode
[ 22.830000] ipaccount: ifname [br-lan] event[8]
[ 22.830000] ipaccount: ifname [br-lan] event[13]
[ 22.840000] br-lan: port 1(eth0.1) entering learning state
[ 22.840000] br-lan: port 1(eth0.1) entering learning state
[ 22.850000] ipaccount: ifname [br-lan] event[1]
[ 22.860000] ipaccount: ifname [ifb0] event[13]
[ 22.860000] ipaccount: ifname [ifb0] event[1]
[ 22.870000] ipaccount: ifname [lo] event[13]
[ 22.870000] ipaccount: ifname [lo] event[1]
[ 22.880000] ipaccount: ifname [eth0.2] event[16]
[ 22.880000] DEV + ,register_netdevice, eth0.2, paddr: ce7bc800
[ 22.890000] ipaccount: ifname [eth0.2] event[5]
[ 22.890000] ipaccount: ifname [eth0.2] event[13]
[ 22.900000] ipaccount: ifname [eth0.2] event[1]
[ 23.710000]
[ 23.710000] robo_link_down: applying EEE WAR for 53125 port 1 link-down
[ 23.710000] robo_link_down: applying EEE WAR for 53125 port 2 link-down
[ 23.720000] robo_link_down: applying EEE WAR for 53125 port 3 link-down
[ 23.730000] robo_link_down: applying EEE WAR for 53125 port 4 link-downipaccount: ifname [eth0.1] event[4]
[ 23.740000] ipaccount: ifname [eth0.2] event[4]
[ 24.670000] ctf: bytes_threshold 3MB(3145728B), mask F00000, old_mark: 200000, new_mark: 400000
[ 24.760000] br-guest: port 1(eth0.3) entering forwarding state
[ 24.840000] br-lan: port 1(eth0.1) entering forwarding state
[ 27.980000] Changing rsrc 6 res_updn_timer to 0x200001
[ 27.990000] ALP in KHz is 40000, cur PM_REG_VAL is 0, new PM_REG_VAL is 50
[ 27.990000] ALP in KHz is 40000, cur PM_REG_VAL is 0, new PM_REG_VAL is 50
[ 28.000000] pciedev_crwlpciegen2_180:Reg:0x1814 ::0x5305f
[ 28.070000] ALP in KHz is 40000, cur PM_REG_VAL is 0, new PM_REG_VAL is 50
[ 28.080000] pciedev_crwlpciegen2_180:Reg:0x1814 ::0x5305f
[ 28.400000] device wl0 entered promiscuous mode
[ 29.120000] ctf: bytes_threshold 3MB(3145728B), mask F00000, old_mark: 200000, new_mark: 400000
[ 30.030000] ipaccount: ifname [wl1.3] event[16]
[ 30.030000] DEV + ,register_netdevice, wl1.3, paddr: ce79f400
[ 30.040000] ipaccount: ifname [wl1.3] event[5]
[ 30.060000] ipaccount: ifname [wl1.2] event[16]
[ 30.060000] DEV + ,register_netdevice, wl1.2, paddr: ce79d800
[ 30.070000] ipaccount: ifname [wl1.2] event[5]
[ 30.280000] device wl1 entered promiscuous mode
[ 30.550000] ipaccount: ifname [wl1.3] event[13]
[ 30.550000] ipaccount: ifname [wl1.3] event[1]
[ 30.790000] ipaccount: ifname [wl1.2] event[13]
[ 30.790000] ipaccount: ifname [wl1.2] event[1]
[ 30.790000] device wl1.2 entered promiscuous mode
[ 30.810000] br-guest: port 2(wl1.2) entering learning state
[ 30.810000] br-guest: port 2(wl1.2) entering learning state
[ 32.420000] ctf: bytes_threshold 3MB(3145728B), mask F00000, old_mark: 200000, new_mark: 400000
[ 32.810000] br-guest: port 2(wl1.2) entering forwarding state
[ 34.530000] ipaccount: ifname [wl0] event[13]
[ 34.530000] br-lan: port 2(wl0) entering learning state
[ 34.540000] br-lan: port 2(wl0) entering learning state
[ 34.550000] ipaccount: ifname [wl0] event[1]
[ 34.620000] ipaccount: ifname [wl1] event[13]
[ 34.630000] br-lan: port 3(wl1) entering learning state
[ 34.630000] br-lan: port 3(wl1) entering learning state
[ 34.640000] ipaccount: ifname [wl1] event[1]
[ 34.670000] ipaccount: ifname [wl1.2] event[9]
[ 34.710000] br-guest: port 2(wl1.2) entering forwarding state
[ 34.710000] ipaccount: ifname [wl1.2] event[2]
[ 35.730000]
[ 35.730000] robo_link_down: applying EEE WAR for 53125 port 0 link-down
[ 36.540000] br-lan: port 2(wl0) entering forwarding state
[ 36.630000] br-lan: port 3(wl1) entering forwarding state
[ 38.730000]
[ 38.730000] robo_link_down: applying EEE WAR for 53125 port 0 link-upTue Oct 16 19:45:30 CST 2018 boot_check[7032]: INFO: Wireless OK
ipaccount: refresh dev ifname to [eth0 wl0 wl1 wl1.2]
[ 41.590000] ipaccount: landev_init_all() add dev [eth0] is_wireless: 0.
[ 41.600000] ipaccount: landev_init_all() add dev [wl0] is_wireless: 1.
[ 41.600000] ipaccount: landev_init_all() add dev [wl1] is_wireless: 1.
[ 41.610000] ipaccount: landev_init_all() add dev [wl1.2] is_wireless: 1.
[ 42.190000] tcpproxy_init, succeed!
rcS S calling: /etc/rc.d/S80autossh boot: logexec: exitcode 1, runt 65 /etc/rc.d/S80autossh boot
[ 45.170000] ctf: bytes_threshold 3MB(3145728B), mask F00000, old_mark: 200000, new_mark: 400000
[ 45.660000] system bringup check is okay.
Oct 16 19:45:51 pluginControllor[10110]: fork_exec_functions param is chroot
Oct 16 19:45:51 pluginControllor[10111]: fork_exec_functions param is chroot
Oct 16 19:45:51 pluginControllor[10112]: fork_exec_functions param is chroot
rcS S boot: INFO: rcS S boot timing 50 seconds.
Tue Oct 16 19:45:55 CST 2018 INFO: rcS S boot timing 50 seconds.
rcS S boot: system type(R2D/1): SATA/3
Tue Oct 16 19:45:55 CST 2018 system type(R2D/1): SATA/3
rcS S boot: ROOTFS: /dev/ubi1_0 on / type ubifs (ro,noatime,bulk_read,no_chk_data_crc,compr=none)
Tue Oct 16 19:45:55 CST 2018 ROOTFS: /dev/ubi1_0 on / type ubifs (ro,noatime,bulk_read,no_chk_data_crc,compr=none)
Tue Oct 16 19:45:55 CST 2018 boot_check[10716]: Booting up finished.
这是不正常设备启动时的日志(多种多样,这是最后的一种):
Digital core power voltage set to 1.05V
Detect memory size = 256 MB
Post lines...ok
Memory check ok!
Decompressing...done
Digital core power voltage set to 1.05V
Detect memory size = 256 MB
Post lines...ok
Memory check ok!
Decompressing...done
Found a AMD NAND flash:
Total size: 512MB
Block size: 128KB
Page Size: 2048B
OOB Size: 64B
Sector size: 512B
Spare size: 16B
ECC level: 4 (4-bit)
Device ID: 0x01 0xdc 0x90 0x95 0x56 0x01
board=8, clk=1400
CFE version v1.0.4
BSP: 7.14.116 (r549303) based on BBP 1.0.37 for BCM947XX (32bit,SP,)
Build Date: Thu Feb 18 11:37:14 CST 2016 (jenkins@JenkinsServer)
Copyright (C) 2000-2008 Broadcom Corporation.
Init Arena
Init Devs.
Boot up from NAND flash...
Boot partition size = 262144(0x40000)
DDR Clock: 800 MHz
Info: DDR frequency set from clkfreq=1400,*800*
XXXXX chipattach,538: Don't need override the robosw port5 setting
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 7.14.116 (r549303)
CPU type 0x0: 1400MHz
Tot mem: 262144 KBytes
CFE mem: 0x00F00000 - 0x0179135C (8983388)
Data: 0x00F59748 - 0x00F59DC0 (1656)
BSS: 0x00F59DD0 - 0x00F8F35C (218508)
Heap: 0x00F8F35C - 0x0178F35C (8388608)
Stack: 0x0178F35C - 0x0179135C (8192)
Text: 0x00F00000 - 0x00F4D68C (317068)
Boot: 0x01792000 - 0x017D2000
Reloc: I:00000000 - D:00000000
Device eth0: hwaddr F0-B4-29-86-71-EB, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
compressed crc = 0x78a03008 Both system failed. Choosing os1
bootargs: boot -loader=raw_brcmnand -addr=0x8000 nflash0.os0:
Loader:raw_brcmnand Filesys:raw Dev:nflash0.os0 File: Options:(null)
Loading: compressed crc = 0x78a03008 PANIC: out of memory!
LZMA decompress error. ret=0x2
Failed.
Could not load nflash0.os0:: Error
PANIC: out of memory!
_nvram_realloc: our of memory
PANIC: out of memory!
_nvram_realloc: our of memory
PANIC: out of memory!
_nvram_realloc: our of memory
PANIC: out of memory!
nvram_commit: out of memory
PANIC: out of memory!
xiaomi>
引导
原版 CFE 的源代码可以在下方两个网址中找到:
https://github.com/kevbroch/cfe , https://github.com/Noltari/cfe_bcm63xx
原版 CFE 的说明可以在下方这个网址中找到:
http://melbourne.wireless.org.au/files/wrt54/cfe.pdf
OpenWrt 提供了对 CFE 的简单说明:
https://openwrt.org/docs/techref/bootloader/cfe
为什么说魔改呢。
因为小米为了“防止刷机出错”为 CFE 添加了双系统启动的功能,但是可能因为防止私拆修理,移除了启动时串口键入 Ctrl-C 阻止系统启动(进入 CFE 的命令行界面)的功能(MiWiFi Mini 也阻止其 BootLoader U-Boot 的控制台写入功能,神奇的小米(使用 Ctrl-C 中断启动就不需要去小米官网获取开启 ssh 的秘钥,小米就不知道你破解设备了哟))。中断启动功能的阉割搭配上没做启动错误时内存回收使得我的设备变的很难抢救 >_< (疯狂 Out of memory)。
插入一句:就我的设备而言,现在剩下唯一的办法就是拆下闪存,然后用编程器将那个正常设备的固件刷进去了。考虑到时间成本以及金钱成本,我就不再去尝试了。
CFE 在一些启动失败(CRC 校验失败等)的情况下会自动进入固件恢复模式,此时,设备会闪烁三个 led ,这个时候长按 reset 键,设备会通过以太网连接尝试去 192.168.1.2 (设备所访问的电脑需要设置的静态地址(网络掩码设置成 225.225.225.0 即可,网关、DNS 不需要填写))上的 tftp 服务端来拉下固件,同时也会在 192.168.1.1 (设备自己的地址)上启动 http 服务器来接收上传的固件(这个功能的启停以及两个 ip 是由设备厂商决定的,小米使用的是上述配置)。如果没有自动进入上述模式,理论上在串口上的控制台上输入 go 也会进入这个模式的。(原版 CFE 的说明中可以找到相关解释)
这是在那个不正常的设备中运行 help 命令得到的结果:
Available commands:
nvram NVRAM utility.
reboot Reboot.
set console Change the active console device
loop Loop a command
nandboot SPI flash copy and jump to nand flash
flash Update a flash memory device
memtest Test memory.
f Fill contents of memory.
e Modify contents of memory.
d Dump memory.
u Disassemble instructions.
batch Load a batch file into memory and execute it
go Verify and boot OS image.
boot Load an executable file into memory and execute it
load Load an executable file into memory without executing it
save Save a region of memory to a remote file via TFTP
ping Ping a remote IP host.
arp Display or modify the ARP Table
ifconfig Configure the Ethernet interface
show clocks Show current values of the clocks.
show heap Display information about CFE's heap
show memory Display the system physical memory map.
show devices Display information about the installed devices.
unsetenv Delete an environment variable.
printenv Display the environment variables
setenv Set an environment variable.
help Obtain help for CFE commands
For more information about a command, enter 'help command-name'
*** command status = 0
这是在那个不正常的设备中运行 show devices 命令得到的结果:
Device Name Description
------------------- ---------------------------------------------------------
uart0 NS16550 UART at 0x18000300
uart1 NS16550 UART at 0x18000400
nflash0 AMD NAND flash size 524288KB
nflash0.boot AMD NAND flash offset 0 size 512KB
nflash0.nvram AMD NAND flash offset 80000 size 512KB
nflash0.board_data AMD NAND flash offset 100000 size 256KB
nflash0.crash AMD NAND flash offset 140000 size 256KB
nflash0.rsvd0 AMD NAND flash offset 180000 size 512KB
nflash0.os0 AMD NAND flash offset 200000 size 4096KB
nflash0.os1 AMD NAND flash offset 600000 size 4096KB
nflash0.rsvd1 AMD NAND flash offset A00000 size 6144KB
nflash0.rootfs_data AMD NAND flash offset 1000000 size 507904KB
nflash1.boot_kernel AMD NAND flash offset 0 size 16384KB
nflash1.rootfs0 AMD NAND flash offset 1000000 size 131072KB
nflash1.rootfs1 AMD NAND flash offset 9000000 size 131072KB
nflash1.data AMD NAND flash offset 11000000 size 245760KB
eth0 Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller
*** command status = 0
这是在那个不正常的设备中运行 show memory 命令得到的结果:
Range Start Range End Range Size Description
------------ ------------ -------------- --------------------
000000000000-000000EFFFFF (000000F00000) DRAM (available)
000001792000-00000FFFFFFF (00000E86E000) DRAM (available)
*** command status = 0
这是在那个不正常的设备中运行 show heap 命令得到的结果:
Total bytes: 8388608
Free bytes: 204
Free nodes: 3
Allocated bytes: 3987184
Allocated nodes: 1032
Largest free node: 80
Heap status: CONSISTENT
*** command status = 0
这是在那个不正常的设备中运行 printenv 命令得到的结果:
Variable Name Value
-------------------- --------------------------------------------------
BOOT_CONSOLE uart0
CFE_VERSION 1.0.37
CFE_BOARDNAME BCM947XX
CFE_MEMORYSIZE 262144
NET_DEVICE eth0
NET_IPADDR 192.168.1.1
NET_NETMASK 255.255.255.0
NET_GATEWAY 0.0.0.0
NET_NAMESERVER 0.0.0.0
STARTUP go;
*** command status = 0
系统
小米使用了非常非常非常老的系统内核,同时阉割掉了 OpenWrt 所提供的非常有用的 overlay 层,转而设置了一个奇怪的 /userdata 文件夹,阉割掉了 OpenWrt 中极其有用的 opkg 包管理(需要手动配置),阉割掉了 OpenWrt 强大的 luci 界面,不仅如此还隐藏了 web 界面上许多功能,放到 app 上去实现。
总之很烂。
如果想要在这个设备上启用 opkg ,可以参考下面这个文章:
https://www.jianshu.com/p/2e10f202ed21
这是在那个正常的设备中运行 mount 命令得到的结果:
rootfs on / type rootfs (rw)
none on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
none on /proc type proc (rw,nosuid,nodev,noexec,relatime)
none on /dev type devtmpfs (rw,relatime,size=126612k,nr_inodes=31653,mode=755)
tmpfs on /tmp type tmpfs (rw,nosuid,relatime,size=101780k,mode=755)
/dev/ubi1_0 on / type ubifs (ro,noatime,bulk_read,no_chk_data_crc,compr=none)
devpts on /dev/pts type devpts (rw,noatime,mode=600)
tmpfs on /extdisks type tmpfs (rw,nosuid,relatime,size=101780k,mode=755)
/dev/ubi2_0 on /data type ubifs (rw,noatime,bulk_read,compr=none)
/dev/ubi2_0 on /userdisk type ubifs (rw,noatime,bulk_read,compr=none)
/dev/ubi1_0 on /userdisk/data type ubifs (ro,noatime,bulk_read,no_chk_data_crc,compr=none)
/dev/ubi2_0 on /etc type ubifs (rw,noatime,bulk_read,compr=none)
none on /dev/cgroup/mem type cgroup (rw,relatime,memory)
none on /dev/cgroup/net_cls type cgroup (rw,relatime,net_cls)
/dev/ubi2_0 on /userdisk/appdata/2882303761517170443/lib type ubifs (rw,noatime,bulk_read,compr=none)
tmpfs on /userdisk/appdata/2882303761517170443/tmp type tmpfs (rw,relatime,size=128k,mode=755)
/dev/ubi2_0 on /userdisk/appdata/2882303761517170443/bin type ubifs (rw,noatime,bulk_read,compr=none)
/dev/ubi1_0 on /userdisk/appdata/2882303761517170443/userdata type ubifs (ro,noatime,bulk_read,no_chk_data_crc,compr=none)
proc on /userdisk/appdata/2882303761517170443/proc type proc (rw,relatime)
devtmpfs on /userdisk/appdata/2882303761517170443/dev type devtmpfs (rw,relatime,size=126612k,nr_inodes=31653,mode=755)
devpts on /userdisk/appdata/2882303761517170443/dev/pts type devpts (rw,relatime,mode=600)
这是在那个正常的设备中运行 ls -la / 命令得到的结果:
drwxr-xr-x 22 1000 1000 1528 Oct 16 19:44 .
drwxr-xr-x 22 1000 1000 1528 Oct 16 19:44 ..
drwxrwxrwx 2 root root 5136 Oct 16 19:44 bin
drwxr-xr-x 9 root root 616 Oct 18 2018 data
drwxr-xr-x 7 root root 1660 Oct 16 19:45 dev
drwxr-xr-x 39 root root 6888 Oct 16 19:45 etc
drwxr-xr-x 2 root root 40 Oct 16 19:45 extdisks
drwxrwxrwx 18 root root 4112 Oct 16 19:45 lib
drwxr-xr-x 2 root root 160 Oct 16 19:21 mnt
drwxr-xr-x 4 root root 304 Oct 16 19:44 opt
drwxr-xr-x 2 root root 160 Oct 16 19:21 overlay
dr-xr-xr-x 149 root root 0 Jan 1 1970 proc
drwxr-xr-x 3 root root 224 Oct 16 19:15 rc
drwxr-xr-x 2 root root 160 Oct 16 19:21 readonly
drwxrwxrwx 2 root root 296 Oct 16 19:44 rom
drwxr-xr-x 2 root root 160 Oct 16 19:21 root
drwxrwxrwx 2 root root 5416 Oct 16 19:44 sbin
drwxr-xr-x 12 root root 0 Jan 1 1970 sys
drwxr-xr-x 25 root root 1160 Oct 16 19:48 tmp
drwxr-xr-x 9 root root 712 Oct 16 2018 userdisk
drwxrwxrwx 9 root root 608 Oct 16 19:44 usr
lrwxrwxrwx 1 root root 4 Oct 16 19:44 var -> /tmp
drwxr-xr-x 11 root root 1176 Oct 16 2018 www
这是在那个正常的设备中运行 uname -a 命令得到的结果:
Linux XiaoQiang 2.6.36 #3 MiWiFi-R2D-2.25.209 SMP PREEMPT Tue Oct 16 11:45:02 UTC 2018 armv7l GNU/Linux
这是在那个正常的设备中运行 cat /proc/mtd 命令得到的结果:
dev: size erasesize name
mtd0: 00080000 00020000 "boot"
mtd1: 00080000 00020000 "nvram"
mtd2: 00040000 00020000 "board_data"
mtd3: 00040000 00020000 "crash"
mtd4: 00080000 00020000 "rsvd0"
mtd5: 00400000 00020000 "os0"
mtd6: 00400000 00020000 "os1"
mtd7: 00600000 00020000 "rsvd1"
mtd8: 08000000 00020000 "rootfs0"
mtd9: 08000000 00020000 "rootfs1"
mtd10: 0f000000 00020000 "overlay"
后记
可能小米为了返修率、生态闭环以及其购买对象的特点,做出了上述许多看似匪夷所思的决定,能理解但不支持。就我自己的感受来说,小米在外观设计、硬件配置以及定价方面上是非常有诚意的,但是小米对其设备的开放程度是远远不足的。故意禁用掉一些很有用的功能,以自愿放弃保修的前提换取设备的底层访问权限,同时对设备固件代码进行修改却不放出源代码,这与小米路由器的宣传所称的“开放”是背道而驰的。就像其手机系统 MIUI 一样,从开源社区拿出许多却不返回其应该贡献的东西,在大家的一致声讨下才勉勉强强地放出一点点内容。这种“开放”,是一种微信式的“开放”,与其说是一种贡献,不妨说是一种索取。
当然这也可能是当今中国互联网的一个现状吧。
“生态闭环”
呵呵。
20220505 更新
再看这篇文章,写文的时候,应该是心情不大好,牢骚有点多,各位看官看个乐呵就好。
现在对这台小米路由进行了进一步分析,参见 记录一次失败的小米路由器 MiWiFi R2D 救砖之旅。