Create readonly file system like rom in OpenWrt

For Developers
1

hi friends
how i can creat a read only file same rom directory in openwrt that not remove never ?

2

With a "normal" router, the /rom directory contains everything of the original flashed firmware and nothing else. All later changes are added to "/overlay" and the overlayfs shows them combined as the normal "/" root file system.

Thus you can't add anything to /rom. You need to add those files before compiling the firmware by yourself.

2 Likes
3

Yes I know
But I want to create a directory similar to rom
That is, a directory with rom attributes
i want It cannot be written and erased even after the reset factory

4

Just follow the advice about custom files.

full compilation:

imagebuilder:

1 Like
5

I've done all of this and created a personalized version of the header
My intention is basically to create a serial number after installing firmware for the modem
I want to see this brand serial always, even after reset factory and installing later versions of firmware. I have no idea about this and want to get help

6

You might want to consider looking into U-Boot environment variables, or a full-custom flash partitioning that had a partition for your data. Neither are "immutable", but at least will generally survive firmware upgrades. As forewarning, U-Boot may rewrite its environment to defaults if corrupted, or for other reasons only the OEM may know. Certain devices have "fuses" that are write-once, but generally limited in scope, and may permanently change device behavior, especially during boot.

1 Like
7

I didn't understand exactly what you meant
Can I create a variable or file that is always stable after installing firmware on uboot?

8

Yes. (if your router has u-boot and it has u-boot env partition)

Which router you are talking about?

In any case, the approach requires modifying some area outside the normal firmware, either

  • piggy-backing/reusing the existing uboot-env or
  • splitting the normal firmware into two partitions in DTS (or partition table) and then writing the serial number to the new small partition at the end of the old firmware area. E.g. 31 MB firmware area split to 30 MB firmware and 1 MB serial number area.

Many old routers' OEMs have used the "art" partition that may contain also wifi calibration etc, but may also contain e.g. MAC addresses, serial number, WPS PIN etc.

Example from WNDR3700:

00000000  74 44 01 02 a3 e7 74 44 01 02 a3 e8 74 44 01 02 a3 e9 31 32 33 34 35 36  tD£çtD£ètD£é123456
00000018  37 38 32 4d 31 32 33 43 34 56 35 36 37 38 45 00 02 32 39 37 36 33 36 35  782M123C4V5678E 2976365
00000030  34 2b 31 36 2b 31 32 38 57 4e 44 52 33 38 30 30 00 00 4e 45 54 47 45 41  4+16+128WNDR3800  NETGEA
00000048  52 30 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  R03                     
00000060  00 00 63 6c 6f 75 64 79 70 6f 6e 64 33 33 33 00 00 00 00 00 00 00 00 00    cloudypond333         
00000078  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00                          

Explanations:
74 44 01 02 a3 e7         ETH0 MAC  / WLAN0 MAC   (also in the label in router's bottom)
74 44 01 02 a3 e8         ETH1 MAC
74 44 01 02 a3 e9         WLAN1 MAC
31 32 33 34 35 36 37 38   WPS PIN code
32 4d 31 32 33 43 34 56 35 36 37 38 45   Router serial number (in the label in router's bottom)
00 02
32 39 37 36 33 36 35 34 2b 31 36 2b 31 32 38   Magic? Part of firmware image ID
57 4e 44 52 33 38 30 30                  Router type (Openwrt uses for identification)
00 00
4e 45 54 47 45 41 52 30 33               Netgear firmware WLAN network default name (also in label)
00 ...
63 6c 6f 75 64 79 70 6f 6e 64 33 33 33   Netgear firmware WLAN network default keyphrase (also in label)

In any case, that kind of stuff requires much familiarity of the router, its file system and the ability to overcome some write-protection, and the ability to write a few specific bytes there.

Uboot env:
The simpler approach might be to use the u-boot environment, like e.g. in WRT3200ACM:

 OpenWrt SNAPSHOT, r11149-0714a11bee
 -----------------------------------------------------
root@router3:~# fw_printenv
CASset=max
MALLOC_len=5
MPmode=SMP
SMT-2D=NIFN...
altFwSize=0x5000000
altKernAddr=0x5a00000
altKernSize=0x0600000
altnandboot=setenv bootargs console=ttyS0,115200 root=/dev/mtdblock8 ro rootdelay=1 rootfstype=jffs2 earlyprintk $mtdparts;nand read $defaultLoadAddr $altKernAddr $altKernSize; bootm $defaultLoadAddr
autoload=no
baudrate=115200
boot_order=hd_scr usb_scr mmc_scr hd_img usb_img mmc_img pxe net_img net_scr
bootargs_dflt=$console $nandEcc $mtdparts_lgcy $bootargs_root nfsroot=$serverip:$rootpath ip=$ipaddr:$serverip$bootargs_end $mvNetConfig video=dovefb:lcd0:$lcd0_params clcd.lcd0_enable=$lcd0_enable clcd.lcd_panel=$lcd_panel
bootargs_end=:10.4.50.254:255.255.255.0:Armada38x:eth0:none
bootargs_root=root=/dev/nfs rw
bootcmd_auto=stage_boot $boot_order

You could add your serial there after flashing, by using "fw_setenv", but of course the user could modify it later with the same tools, so it is not quite that permanent. But it would survive any normal firmware upgrade and reset.

2 Likes
9

very very thanks
i use unielec mt7628
and check dts file for partition this modem
i change bootloder partittion for this modem to :

partition@0 {
                                    label = "uboot";
                                    reg = <0x00000 0x30000>;
                                    read-only;
                            };

                            partition@10000 {
                                    label = "uboot_env";
                                    reg = <0x30000 0x10000>;
                                    read-only;
                            };

                            partition@20000 {
                                    label = "firmware";
                                    reg = <0x40000 0x7b0000>;
                            };

but after install uboot-envtools and upgrade modem get this error :
fw_printenv
Cannot parse config file '/etc/fw_env.config': No such file or directory

i must creat this config myself ?

Of course, according to this page, I also remove read only

https://openwrt.org/docs/techref/bootloader/uboot.config#example_of_configuring_uboot-envtools

10

You either need to create it by hand, or look at package/boot/uboot-envtools/files/<target> as how they are created on the device itself during "first boot".

1 Like
11

thanks
i search in package/boot but not found offsrtd of my device
my device is unielec u7628
how i found boot type and check offset for set in fw config ?

12

Look at the DTS/mach file and it should have the offset and size of the U-Boot environment partition.

1 Like
13

i edit my dts beacuse in dts just set partition for bootloader not u-boot
i change dts file and creat partition for u-boot and u-boot env

14

If you didn't already have a U-Boot environment partition and all you want to do is provide a "private" area for your own data. I'd leave the boot loader partition alone and just "steal" a one or two erase-block size partition from the "top"/"end" of the firmware (and adjust the build-time IMAGE_SIZE variable). Read from it directly. No file system needed. No end-user access to the data without a custom "C" executable.

1 Like
16

The steps you would take include at least:

  • Determine the erase-block size of the device
  • Shrink the firmware partition by at least one erase block (Edit: at the end, relocating the start of the kernel is not recommended)
  • Re-allocate the space to a partition of your choice, such as "ro_data", likely setting it to read-only in the DTS
  • Write appropriate "C" code to read the (raw) data
  • Integrate that executable into your boot/configure process
  • Create and use a device-configuration process that overrides the MTD read-only flag and uses C code to write what you want to the ro_data partition.
2 Likes