Belkin RT3200/Linksys E8450 WiFi AX discussion

NullDev · August 12, 2024, 4:52pm

Please see the post by @peca89 above.

peca89:

root@E8450:~# grep "(release)" /dev/mtd0ro
v2.4(release):OpenWrt v2021-05-08-d2c75b21-3 (mt7622-snand-1ddr)
If you are on v2.4 => You can safely sysupgrade to any 23.x

If you are on v2.9 => We still need to agree on the best way to proceed (wait for the new installer, patch bl2 from openwrt, patch bl2 from Uboot...)

If it says "v2.4", then you are safe from OKD.

hnyman · August 12, 2024, 5:12pm

Actually, specifically regarding E8450, I do not think that there is any major config difference. Between 23.05 and main/master(forthcoming 24.xx).

In February I did upgrade my own router, already running master, to the new "fip in UBI" layout by backup - use Daniel's new installer - sysupgarde - restore, and that went otherwise smoothly, but as the "compatilibility setting" was removed from the file system when I restored the old /etc/config/system, I naturally received a bogus compatibility warning then at the next sysupgarde...

I have been continuously using / upgrading my RT3200 since June 2021 (so far 332 sysupgrades ). I think that the settings have stayed pretty intact the whole time, as the router was on the DSA already initially.

jkdf2 · August 12, 2024, 7:27pm

I actually don't see a new installer since v1.1.2 at https://github.com/dangowrt/owrt-ubi-installer/releases. Mind telling me where you got the new installer? Thanks in advance!

hnyman · August 12, 2024, 7:29pm

I meant that I upgraded my router in February to the new "fip in UBI" layout , and ran to the bogus warning later. No connection to the OKD issue or OKD-fixed installer... (I added that February to the message)

hnyman · August 12, 2024, 7:50pm

hnyman:

quarky:
you could do this, like what @daniel's installer does:
echo "redundantly write bl2 into the first 4 blocks"
for bl2start in 0x0 0x20000 0x40000 0x60000 ; do
	mtd -p $bl2start write $PRELOADER /dev/mtd0
done
sounds interesting, as many of the users have no serial access.

Well, I like experimenting, so I hope to have fixed my own RT3200 (running main/master snapshot) from the live SSH console by writing the new bl2 to mtd0.
Router booted just fine after that. Lucky me.

I used a self-built bl2, built along my normal firmware image into which I also added the kmod-mtd-rw package, (as the buildbot has not yet compiled a new version after the fix).

Commands used:

 -----------------------------------------------------
 OpenWrt SNAPSHOT, r27123-8cf9a932fa
 -----------------------------------------------------

root@router4:/tmp# insmod mtd-rw.ko i_want_a_brick=1
root@router4:/tmp#
root@router4:/tmp# mtd -p 0x0 write /tmp/E8450-main-r27123-8cf9a932fa-20240812-2053-ubi-preloader.bin /dev/mtd0
Unlocking /dev/mtd0 ...

Writing from /tmp/E8450-main-r27123-8cf9a932fa-20240812-2053-ubi-preloader.bin to /dev/mtd0 ...
root@router4:/tmp# mtd -p 0x20000 write /tmp/E8450-main-r27123-8cf9a932fa-20240812-2053-ubi-preloader.bin /dev/mtd0
Unlocking /dev/mtd0 ...
Seeking on mtd device '/dev/mtd0' to: 131072

Writing from /tmp/E8450-main-r27123-8cf9a932fa-20240812-2053-ubi-preloader.bin to /dev/mtd0 ...
root@router4:/tmp# mtd -p 0x40000 write /tmp/E8450-main-r27123-8cf9a932fa-20240812-2053-ubi-preloader.bin /dev/mtd0
Unlocking /dev/mtd0 ...
Seeking on mtd device '/dev/mtd0' to: 262144

Writing from /tmp/E8450-main-r27123-8cf9a932fa-20240812-2053-ubi-preloader.bin to /dev/mtd0 ...
root@router4:/tmp# mtd -p 0x60000 write /tmp/E8450-main-r27123-8cf9a932fa-20240812-2053-ubi-preloader.bin /dev/mtd0
Unlocking /dev/mtd0 ...
Seeking on mtd device '/dev/mtd0' to: 393216

Writing from /tmp/E8450-main-r27123-8cf9a932fa-20240812-2053-ubi-preloader.bin to /dev/mtd0 ...
root@router4:/tmp#
root@router4:/tmp# sync
root@router4:~# grep "(release)" /dev/mtd0ro
v2.10.0 (release):OpenWrt v2024.01.17~bacca82a-3 (mt7622-snand-ubi-1ddr)
v2.10.0 (release):OpenWrt v2024.01.17~bacca82a-3 (mt7622-snand-ubi-1ddr)
v2.10.0 (release):OpenWrt v2024.01.17~bacca82a-3 (mt7622-snand-ubi-1ddr)
v2.10.0 (release):OpenWrt v2024.01.17~bacca82a-3 (mt7622-snand-ubi-1ddr)
root@router4:/tmp# hexdump -C /dev/mtd0 | grep -C 3 Built
00012590  65 6e 57 72 74 20 76 32  30 32 34 2e 30 31 2e 31  |enWrt v2024.01.1|
000125a0  37 7e 62 61 63 63 61 38  32 61 2d 33 20 28 6d 74  |7~bacca82a-3 (mt|
000125b0  37 36 32 32 2d 73 6e 61  6e 64 2d 75 62 69 2d 31  |7622-snand-ubi-1|
000125c0  64 64 72 29 00 42 75 69  6c 74 20 3a 20 31 37 3a  |ddr).Built : 17:|
000125d0  32 31 3a 33 34 2c 20 41  75 67 20 31 32 20 32 30  |21:34, Aug 12 20|
000125e0  32 34 00 0a 42 4c 32 3a  20 46 61 69 6c 75 72 65  |24..BL2: Failure|
000125f0  20 69 6e 20 70 72 65 20  69 6d 61 67 65 20 6c 6f  | in pre image lo|
--
00032590  65 6e 57 72 74 20 76 32  30 32 34 2e 30 31 2e 31  |enWrt v2024.01.1|
000325a0  37 7e 62 61 63 63 61 38  32 61 2d 33 20 28 6d 74  |7~bacca82a-3 (mt|
000325b0  37 36 32 32 2d 73 6e 61  6e 64 2d 75 62 69 2d 31  |7622-snand-ubi-1|
000325c0  64 64 72 29 00 42 75 69  6c 74 20 3a 20 31 37 3a  |ddr).Built : 17:|
000325d0  32 31 3a 33 34 2c 20 41  75 67 20 31 32 20 32 30  |21:34, Aug 12 20|
000325e0  32 34 00 0a 42 4c 32 3a  20 46 61 69 6c 75 72 65  |24..BL2: Failure|
000325f0  20 69 6e 20 70 72 65 20  69 6d 61 67 65 20 6c 6f  | in pre image lo|
--
00052590  65 6e 57 72 74 20 76 32  30 32 34 2e 30 31 2e 31  |enWrt v2024.01.1|
000525a0  37 7e 62 61 63 63 61 38  32 61 2d 33 20 28 6d 74  |7~bacca82a-3 (mt|
000525b0  37 36 32 32 2d 73 6e 61  6e 64 2d 75 62 69 2d 31  |7622-snand-ubi-1|
000525c0  64 64 72 29 00 42 75 69  6c 74 20 3a 20 31 37 3a  |ddr).Built : 17:|
000525d0  32 31 3a 33 34 2c 20 41  75 67 20 31 32 20 32 30  |21:34, Aug 12 20|
000525e0  32 34 00 0a 42 4c 32 3a  20 46 61 69 6c 75 72 65  |24..BL2: Failure|
000525f0  20 69 6e 20 70 72 65 20  69 6d 61 67 65 20 6c 6f  | in pre image lo|
--
00072590  65 6e 57 72 74 20 76 32  30 32 34 2e 30 31 2e 31  |enWrt v2024.01.1|
000725a0  37 7e 62 61 63 63 61 38  32 61 2d 33 20 28 6d 74  |7~bacca82a-3 (mt|
000725b0  37 36 32 32 2d 73 6e 61  6e 64 2d 75 62 69 2d 31  |7622-snand-ubi-1|
000725c0  64 64 72 29 00 42 75 69  6c 74 20 3a 20 31 37 3a  |ddr).Built : 17:|
000725d0  32 31 3a 33 34 2c 20 41  75 67 20 31 32 20 32 30  |21:34, Aug 12 20|
000725e0  32 34 00 0a 42 4c 32 3a  20 46 61 69 6c 75 72 65  |24..BL2: Failure|
000725f0  20 69 6e 20 70 72 65 20  69 6d 61 67 65 20 6c 6f  | in pre image lo|

chill · August 12, 2024, 11:43pm

Just an FYI for anyone else on 23.05.x with BL2 of v2.9 wishing to downgrade to 2.4 I successfully did so via tftp in a matter of seconds.

Steps:

Download the 22.03 image from https://archive.openwrt.org/releases/22.03.0/targets/mediatek/mt7622/openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin and rename to openwrt-mediatek-mt7622-linksys_e8450-ubi-preloader.bin
Spin up a tftp server hosting that file on 192.168.1.254, e.g.
- sudo ip addr add 192.168.1.254/24 dev eth1
- sudo dnsmasq --no-daemon --port 0 --enable-tftp --tftp-root="$(pwd)" -i eth1
Connect up a TTL to the serial pins, power on and get the U-Boot menu and select:
- 8. Load BL2 preloader via TFTP then write to flash.
- You should then see the following on the console:

Using ethernet@1b100000 device
TFTP from server 192.168.1.254; our IP address is 192.168.1.1
Filename 'openwrt-mediatek-mt7622-linksys_e8450-ubi-preloader.bin'.
Load address: 0x48000000
Loading: ##############
        3.2 MiB/s
done
Bytes transferred = 67445 (10775 hex)
Erasing 0x00000000 ... 0x0007ffff (4 eraseblock(s))
Writing 131072 byte(s) (64 page(s)) at offset 0x00000000
Writing 131072 byte(s) (64 page(s)) at offset 0x00020000
Writing 131072 byte(s) (64 page(s)) at offset 0x00040000
Writing 131072 byte(s) (64 page(s)) at offset 0x00060000
Press ENTER to return to menu

And after a reboot you'll see BL2 is back to v2.4:

Before

NOTICE:  BL2: v2.9(release):OpenWrt v2023-07-24-00ac6db3-2 (mt7622-snand-1ddr)
NOTICE:  BL2: Built : 21:45:35, Oct  9 2023
NOTICE:  CPU: MT7622
NOTICE:  WDT: Cold boot
NOTICE:  WDT: disabled
NOTICE:  SPI-NAND: FM35Q1GA (128MB)
NOTICE:  BL2: Booting BL31
NOTICE:  BL31: v2.9(release):OpenWrt v2023-07-24-00ac6db3-2 (mt7622-snand-1ddr)
NOTICE:  BL31: Built : 21:45:35, Oct  9 2023

After

NOTICE:  BL2: v2.4(release):OpenWrt v2021-05-08-d2c75b21-3 (mt7622-snand-1ddr)
NOTICE:  BL2: Built : 02:55:34, Sep  3 2022
NOTICE:  SPI-NAND: FM35Q1GA (128MB)
NOTICE:  BL2: Booting BL31
NOTICE:  BL31: v2.9(release):OpenWrt v2023-07-24-00ac6db3-2 (mt7622-snand-1ddr)
NOTICE:  BL31: Built : 21:45:35, Oct  9 2023

quarky · August 13, 2024, 6:04am

chill:

Bytes transferred = 67445 (10775 hex)
Erasing 0x00000000 ... 0x0007ffff (4 eraseblock(s))
Writing 131072 byte(s) (64 page(s)) at offset 0x00000000
Writing 131072 byte(s) (64 page(s)) at offset 0x00020000
Writing 131072 byte(s) (64 page(s)) at offset 0x00040000
Writing 131072 byte(s) (64 page(s)) at offset 0x00060000
Press ENTER to return to menu

Right, so it looks like BL1 is hard-coding BL2 offsets at those 4 locations then.

It will be safe to do it while booted into OpenWrt then, if users do not feel like cracking open the RT3200/E8450 to connect up a serial cable for UART console operations. Also a hassle to set up a TFTP server IMHO.

notthesun · August 13, 2024, 10:39am

how can we know merged change are built?

hnyman · August 13, 2024, 11:08am

It has been built into main/master snapshot by the buildbot and is visible in buildbot history...
The specific build run: https://buildbot.openwrt.org/images/#/builders/189/builds/329

So the preloader.bin in master snapshot downloads does contain the new version, and respectively the firmware images does contain the fip scrubbing trigger. That should naturally the trickle down to auc/owut/attendedsyupgrade etc.

Note: the changes have not been merged to 23.05, yet. Only to main/master.

eginnc · August 13, 2024, 11:19am

If running a main snapshot from after February 2024, does installing the latest main snapshot (with the OKD fixes) do anything to reduce OKD risk, or is there no point in doing so without first running a yet to be released new installer version?

grauerfuchs · August 13, 2024, 11:36am

If you're already running a snapshot that has the fip in UBI, you do not need to run the new installer. All you need to do is upgrade the BL2 and the firmware image to get full support of all the added features and bugfixes.

hnyman · August 13, 2024, 12:03pm

Just flashing the new main/master snapshot decreases the OKD risk somewhat, as it contains the fip scrubbing feature, which causes UBI filesystem to react to too many bitflips and read/write a faulting flash block to another. That doesn't remove the risk of OKD, but may decrease it.

Like grauerfucsh says, there is no need to run a new full installer from Daniel, when he publishes one.
The only needed steps for a main/master snapshot with "fip in UBI" layout are:

normally flash the new sysupgrade to activate the fip scrubbing feature in future.
- note: to be able to opkg install the current kmod-mtd-rw, you will need to first sysupgrade to the current snapshot image, and only then install kmod-mtd-rw and write the bl2
you need to opkg install the kmod-mtd-rw (or include it in your own firmware image) and then separately load it during runtime with "insmod" like I did.
you can download the new bl2 (preloader.bin: http://downloads.openwrt.org/snapshots/targets/mediatek/mt7622/openwrt-mediatek-mt7622-linksys_e8450-ubi-preloader.bin ) and mtd write it from a live OpenWrt SSH console, like I did above in Belkin RT3200/Linksys E8450 WiFi AX discussion - #5702 by hnyman. At your own risk...

Videopac · August 13, 2024, 12:15pm

Good to see that so much effort is made to make this device better.
For me as a technical novice it is not clear if I can safely upgrade from 23.05.3 to 23.05.4. My device is on UBI (it states: "Linksys E8450 (UBI)"). Thanks.

eginnc · August 13, 2024, 12:15pm

Thank you for restating what you already had done. That was a helpful clarification.

Looks like I'll be flashing a new main snapshot sysupgrade first regardless to get the latest kernel bump for compatibility with the latest kmod-mtd-rw (I'm running 6.6.43 now), but I understand the steps now.

quarky · August 13, 2024, 12:16pm

If I’m reading the patch right, FIP scrubbing is only trigger upon boot up.

Wonder what will happen if router is left running for months and reboot. Will flash bitflips be more likely during powered on state or powered off?

daniel · August 13, 2024, 12:33pm

True. We could add a cron job to repeat the procedure, let's say, once a week...

grauerfuchs · August 13, 2024, 12:36pm

If we do this, would it not also make sense to either do the same for the factory partition, or move the EEPROM data from said partition into BLOBs in the dts? If we extract the EEPROMs, the only thing left in the factory partition that could be an issue would be the device MAC addresses. OpenWRT already randomizes them if they can't be found. U-Boot does not, but it's an option in the configuration. We could possibly do this and eliminate the reliance on that partition entirely.

There's precedent for it already; The BPI devices don't have factory partitions. The wireless firmware is handled via BLOB or via filesystem object. I've already verified that the drivers would support this even for the e8450.

daniel · August 13, 2024, 12:39pm

For the factory UBI volume this is already done implicitly during boot because the Wi-Fi and Ethernet drivers are reading it, which will cause UBI to take care of scrubbing.
We could include it in a cron job, but I don't see that more than 4 bitflips will happen to a single eraseblock that fast for this to be a problem. It'd take years usually, and probably years of uptime without reboot is something rather rare.
However, having a cron job which just causes scrubbing of the entire flash would probably be the best idea.

Imho that would be moving into the wrong direction. Not having on-flash EEPROM and MAC addresses is rather annoying and should only be seen as a last resort when dealing with vendors who are either not capable of doing it properly or too stingy to purchase a block of MAC addresses. Or SBCs which run of microSD cards.

grauerfuchs · August 13, 2024, 12:40pm

Very good points. You're right. I'm going to blame my lack of caffeine for not seeing that right away.

NullDev · August 13, 2024, 12:41pm

If you have yet to experience OKD, but are running release (22.x or 23.x) and you used v1.0.3 of the UBI Installer, then here is how you can downgrade BL2 to a version not affected by OKD.

SSH into your router and verify that your BL2 has the OKD bug:

# grep "(release)" /dev/mtd0ro
v2.9(release):OpenWrt v2023-07-24-00ac6db3-2 (mt7622-snand-1ddr)
v2.9(release):OpenWrt v2023-07-24-00ac6db3-2 (mt7622-snand-1ddr)
v2.9(release):OpenWrt v2023-07-24-00ac6db3-2 (mt7622-snand-1ddr)
v2.9(release):OpenWrt v2023-07-24-00ac6db3-2 (mt7622-snand-1ddr)

If you see "v2.9", then you should proceed. If you have "v2.4", then you are fine and don't need to proceed.

Update the package list and download a kernel module that lets you modify BL2 within OpenWRT:

# opkg update && opkg install kmod-mtd-rw

Load the kernel module:

# insmod mtd-rw i_want_a_brick=1

Next, we download the replacement BL2 image:

# cd /tmp
wget https://archive.openwrt.org/releases/22.03.0/targets/mediatek/mt7622/openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin

Now we install the image into BL2 at 4 locations (double check everything because this is where things can go sideways):

# mtd -p 0x0 write openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin /dev/mtd0
Unlocking /dev/mtd0 ...

Writing from openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin to /dev/mtd0 ...

# mtd -p 0x20000 write openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin  /dev/mtd0
Unlocking /dev/mtd0 ...
Seeking on mtd device '/dev/mtd0' to: 131072

Writing from openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin to /dev/mtd0 ...

# mtd -p 0x40000 write openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin  /dev/mtd0
Unlocking /dev/mtd0 ...
Seeking on mtd device '/dev/mtd0' to: 262144

Writing from openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin to /dev/mtd0 ...

# mtd -p 0x60000 write openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin  /dev/mtd0
Unlocking /dev/mtd0 ...
Seeking on mtd device '/dev/mtd0' to: 393216

Writing from openwrt-22.03.0-mediatek-mt7622-linksys_e8450-ubi-preloader.bin to /dev/mtd0 ...

# sync

Lastly, we check that we have indeed loaded the proper image:

# grep "(release)" /dev/mtd0ro
v2.4(release):OpenWrt v2021-05-08-d2c75b21-3 (mt7622-snand-1ddr)
v2.4(release):OpenWrt v2021-05-08-d2c75b21-3 (mt7622-snand-1ddr)
v2.4(release):OpenWrt v2021-05-08-d2c75b21-3 (mt7622-snand-1ddr)
v2.4(release):OpenWrt v2021-05-08-d2c75b21-3 (mt7622-snand-1ddr)

All that's left to do is cross your fingers and reboot.

! WARNING ! ATTENTION ! NOTE ! ThisMeansYou ! - If something doesn't go properly and the router doesn't reboot, you will most likely need to connect via a TTL UART for recovery.