Failsafe boot on Turris Omnia


Since Turris Omnia has a peculiar reset button, that's apparently handled by some low-level circuitry, the only way to recover from a wrong configuration that breaks network access, seems to be to perform a so-called 5-LEDs reset ("unsecure" SSH access) or 7-LEDs reset (shell on the serial console) and re-flash the whole thing.

I'm wondering whether it would be possible to implement a failsafe boot using e.g. 3-LEDs reset procedure. I could not find where the interaction between the handler of the button and the OS happens.

Surely somebody has already considered that possibility and I'm curious what conclusion were drawn.

I dug deeper and this is what I've discovered so far:

  1. There is a microcontroller on the board that deals with the reset button and probably with the lighting of the LEDs during the selection of the reset mode.

  2. U-Boot queries the microcontroller through i2c to determine what reset mode was selected and boots the rescue image passing the reset mode as a kernel command line parameter.

  3. The rescue image boots, action is taken depending on the reset mode as read from /proc/cmdline and the board is rebooted.

That makes it virtually impossible to detect the reset mode from OpenWRT without support from either U-Boot or the rescue image.