Hello,
I have Acer W6d router, it has 4GB eMMC, there are "kernel" and "rootfs" partitions referred as slot 0 and "kernel1" and "rootfs1" partitions referred as slot 1. In U-Boot, there is an environment variable that decides from which slot system boots up:
dual_boot.current_slot=0
When system is running on slot 0, during the upgrade, new fw is put into slot 1 partitions and in order to boot into new fw, dual_boot.current_slot variable is set to 1 and system boots with new fw.
Currently, I have stock fw (based on openWrt 21.02) in slot 1 and vanilla OpenWrt 23.05.2 in slot 0.
When I try to boot OpenWrt from slot 0, it fails, because signature check fails and router starts to load stock fw from slot 1
Trying to boot from image slot 0
Reading from 0x880000 to 0x40000000, size 0x200 ... OK
Reading from 0x880000 to 0x40000000, size 0x39e7ec ... OK
## Checking hash(es) for FIT Image at 40000000 ...
Hash(es) for Image 0 (kernel-1): crc32+ sha1+
Hash(es) for Image 1 (fdt-1): crc32+ sha1+
Reading from 0x2880000 to 0x4039e7ec, size 0x200 ... OK
Reading from 0x2880000 to 0x4039e7ec, size 0x5de0b0 ... OK
No rootfs node found in FIT image!
Error: rootfs verification failed
Firmware integrity verification failed
Failed to boot from current image slot, error -74
Saving Environment to MMC... Writing to MMC(0)... OK
Trying to boot from image slot 1
Reading from 0x22880000 to 0x40000000, size 0x200 ... OK
Reading from 0x22880000 to 0x40000000, size 0x363cdb ... OK
## Checking hash(es) for FIT Image at 40000000 ...
Hash(es) for Image 0 (kernel-1): crc32+ sha1+
Hash(es) for Image 1 (fdt-1): crc32+ sha1+
Reading from 0x24880000 to 0x40363cdc, size 0x200 ... OK
Reading from 0x24880000 to 0x40363cdc, size 0x2a96c83 ... OK
Hash(es) for rootfs: crc32+ sha1+
Firmware integrity verification passed
In order to avoid signature check, it is needed to interrupt autoboot (via serial connection with TTL USB adapter), enter U-Boot command line and execute the following commands that read image from eMMC:
// boot without signature check
mmc read 0x40000000 0x00004400 0x0010000
fdt addr $(fdtcontroladdr)
fdt rm /signature
bootm 0x40000000
According to OpenWrt installation instructions from git commit for Acer A6, environment variable bootcmd (default boot command) can be set to include above steps:
setenv bootcmd 'mmc read 0x40000000 0x00004400 0x0010000; fdt addr $(fdtcontroladdr); fdt rm /signature; bootm 0x40000000';
saveenv
Howeveer, first entry which is selected if autoboot process is not interrupted, is mtkboardboot command, because it is the default U-Boot entry as defined by U-Boot environment variables:
bootmenu_0=Startup system (Default)=mtkboardboot
bootmenu_1=Upgrade firmware=mtkupgrade fw
bootmenu_2=Upgrade ATF BL2=mtkupgrade bl2
bootmenu_3=Upgrade ATF FIP=mtkupgrade fip
bootmenu_4=Upgrade eMMC partition table=mtkupgrade gpt
bootmenu_5=Upgrade single image=mtkupgrade simg
bootmenu_6=Load image=mtkload
It is possible to change this entry from U-Boot to include boot command (that would use instructions from bootcmd env variable) instead of mtkboardboot:
MT7986> setenv bootmenu_0 'Startup system (Default)=boot'
MT7986> saveenv
Saving Environment to MMC... Writing to MMC(0)... OK
MT7986>
After such change and execution of 'bootmenu' command that starts U-Boot menu and selecting first entry 'Startup system (Default)', system executes 'bootcmd' command, it reads eMMC memory and boots without signature check.
Unfortunately, after router restart, first default entry (bootmenu_0 U-variable) is reset to mtkboardboot:
bootmenu_0=Startup system (Default)=mtkboardboot
I tried to setup 'preboot' environment variable (it can contain script which is executed before autoboot) to change bootmenu_0 entry to 'boot' insstead of mtkboardboot, but it looks that 'preboot' variable is not used by stock U-Boot from Acer, it is not present after system restart - according to information that I have found, it is used if CONFIG_USE_PREBOOT=y - looks that this was not set during stock U-Boot build.
PROBLEM:
The problem is that after each router restart, bootmenu_0 environment variable in U-Boot is reset / gets back to mtkboardboot causing that next boot will be with signature check, it will fail for vanilla OpenWrt and stock firmware from another slot will be booted. It looks that variable bootmenu_0=Startup system (Default)=mtkboardboot is part of default stock U-Boot environment (created during U-Boot build) and any user changes to this variable will be overwritten after the restart.
QUESTION:
Is there any way to overcome it? Other way than connecting laptop with USB TTL adapter and interrupting autoboot via serial connection for every router restart and manually executing 'mmc read' to boot without signature check?
I know that U-Boot is not part of OpenWrt, but I decided to give a try with this post hoping that there is someone who could help. Maybe there is an U-Boot Specialist here who could help solving that puzzle
Thanks in advance,
Przemek