OpenWrt support for Netgear WAX610 / WAX610Y / WAX610PA

For Developers
1

Device support added on 04-04-25.

Support PR is up at https://github.com/openwrt/openwrt/pull/18377

Return to stock firmware instructions in - OpenWrt support for Netgear WAX610 / WAX610Y / WAX610PA - #22 by serverror

I have one of these devices and have used them on stock firmware for a period of time. I'll be looking at OpenWrt support since IPQ60xx support seems to be maturing (especially on forks on github). The device uses a 4.4 OpenWrt kernel on the stock firmware.

CPU: IPQ6018
RAM: 512MB
FLASH: 128MB (dual partition)

Bootlog:

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.XF.0.3-00077-IPQ60xxLZB-2
S - IMAGE_VARIANT_STRING=IPQ6018LA
S - OEM_IMAGE_VERSION_STRING=crm-ubuntu64
S - Boot Interface: NAND
S - Secure Boot: Off
S - Boot Config @ 0x000a602c = 0x000002e4
S - JTAG ID @ 0x000a607c = 0x0013a0e1
S - OEM ID @ 0x000a6080 = 0x00000000
S - Serial Number @ 0x000a4128 = 0xccea5fc1
S - OEM Config Row 0 @ 0x000a4188 = 0x0000000000000000
S - OEM Config Row 1 @ 0x000a4190 = 0x0000000000000000
S - Feature Config Row 0 @ 0x000a4130 = 0x0000000008000001
S - Feature Config Row 1 @ 0x000a4138 = 0x02c3e83383000009
S - PBL Patch Ver: 1
S - I-cache: On
S - D-cache: On
B -      3413 - PBL, Start
B -       592 - bootable_media_detect_entry, Start
B -      4339 - bootable_media_detect_success, Start
B -      5207 - elf_loader_entry, Start
B -      5380 - auth_hash_seg_entry, Start
B -      7847 - auth_hash_seg_exit, Start
B -      8344 - elf_segs_hash_verify_entry, Start
B -    110495 - elf_segs_hash_verify_exit, Start
B -    114920 - auth_xbl_sec_hash_seg_entry, Start
B -    115063 - auth_xbl_sec_hash_seg_exit, Start
B -    121613 - xbl_sec_segs_hash_verify_entry, Start
B -    121614 - xbl_sec_segs_hash_verify_exit, Start
B -    122543 - PBL, End
B -    103303 - SBL1, Start
B -    243390 - GCC [RstStat:0x0, RstDbg:0x600000] WDog Stat : 0x4
B -    245830 - clock_init, Start
D -      2531 - clock_init, Delta
B -    254309 - boot_flash_init, Start
D -     29707 - boot_flash_init, Delta
B -    287279 - sbl1_ddr_set_default_params, Start
D -       213 - sbl1_ddr_set_default_params, Delta
B -    293898 - boot_config_data_table_init, Start
D -      4727 - boot_config_data_table_init, Delta - (575 Bytes)
B -    303719 - CDT Version:2,Platform ID:8,Major ID:3,Minor ID:2,Subtype:0
B -    308599 - Image Load, Start
D -      6619 - OEM_MISC Image Loaded, Delta - (0 Bytes)
B -    317932 - Image Load, Start
D -      5063 - PMIC Image Loaded, Delta - (0 Bytes)
B -    325801 - sbl1_ddr_set_params, Start
B -    330772 - CPR configuration: 0x366
B -    333975 - Pre_DDR_clock_init, Start
D -       183 - Pre_DDR_clock_init, Delta
D -         0 - sbl1_ddr_set_params, Delta
B -    370636 - Image Load, Start
D -       458 - APDP Image Loaded, Delta - (0 Bytes)
B -    383720 - Image Load, Start
D -       427 - QTI_MISC Image Loaded, Delta - (0 Bytes)
B -    386160 - Image Load, Start
D -       885 - Auth Metadata
D -       701 - Segments hash check
D -     22509 - QSEE Dev Config Image Loaded, Delta - (36354 Bytes)
B -    410621 - Image Load, Start
D -      6527 - Auth Metadata
D -     10553 - Segments hash check
D -    335958 - QSEE Image Loaded, Delta - (1470632 Bytes)
B -    747006 - Image Load, Start
D -       762 - Auth Metadata
D -       976 - Segments hash check
D -     35075 - RPM Image Loaded, Delta - (102664 Bytes)
B -    783789 - Image Load, Start
D -       671 - Auth Metadata
D -      3080 - Segments hash check
D -    117852 - APPSBL Image Loaded, Delta - (541348 Bytes)
B -    917257 - SBL1, End
D -    814259 - SBL1, Delta
S - Flash Throughput, 4000 KB/s  (2152245 Bytes,  431872 us)
S - Core 0 Frequency, 800 MHz
S - DDR Frequency, 466 MHz


U-Boot 2016.01-V9.0.0.23 (May 21 2020 - 11:58:58 +0530)

DRAM:  smem ram ptable found: ver: 2 len: 4
512 MiB
NAND:  ONFI device found
ID = 9500a1ef
Vendor = ef
Device = a1
SF: Unsupported flash IDs: manuf 00, jedec 0000, ext_jedec 0000
ipq_spi: SPI Flash not found (bus/cs/speed/mode) = (0/0/48000000/0)
128 MiB
MMC:   sdhci: Node Not found, skipping initialization

PCI0 is not defined in the device tree
In:    serial@78B1000
Out:   serial@78B1000
Err:   serial@78B1000
Product ID: WAX610
HW Version: 1.0
machid: 8030200
Power source: Adaptor
eth2 MAC Address from ART is not valid
eth3 MAC Address from ART is not valid
eth4 MAC Address from ART is not valid
eth5 MAC Address from ART is not valid
Hit any key to stop autoboot:  0
Erasing NAND...
Erasing at 0xde0000 -- 100% complete.
Writing to NAND... OK
ubi0: attaching mtd1
ubi0: scanning is finished
ubi0: attached mtd1 (name "mtd=0", size 44 MiB)
ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
ubi0: good PEBs: 356, bad PEBs: 0, corrupted PEBs: 0
ubi0: user volume: 4, internal volumes: 1, max. volumes count: 128
ubi0: max/mean erase counter: 60/18, WL threshold: 4096, image sequence number: 139228212
ubi0: available PEBs: 0, total reserved PEBs: 356, PEBs reserved for bad PEB handling: 20
Read 0 bytes from volume kernel to 44000000
No size specified -> Using max size (4595836)
## Loading kernel from FIT Image at 44000000 ...
   Using 'config@cp03-c1' configuration
   Trying 'kernel@1' kernel subimage
     Description:  ARM OpenWrt Linux-4.4.60
     Type:         Kernel Image
     Compression:  gzip compressed
     Data Start:   0x440000e4
     Data Size:    3985847 Bytes = 3.8 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x41008000
     Entry Point:  0x41008000
     Hash algo:    crc32
     Hash value:   31a23c74
     Hash algo:    sha1
     Hash value:   673770d28a245817617477d628482770eb2ced65
   Verifying Hash Integrity ... crc32+ sha1+ OK
## Loading fdt from FIT Image at 44000000 ...
   Using 'config@cp03-c1' configuration
   Trying 'fdt@cp03-c1' fdt subimage
     Description:  ARM OpenWrt qcom-ipq60xx-cpxx device tree blob
     Type:         Flat Device Tree
     Compression:  uncompressed
     Data Start:   0x4444f5e8
     Data Size:    73811 Bytes = 72.1 KiB
     Architecture: ARM
     Hash algo:    crc32
     Hash value:   57916838
     Hash algo:    sha1
     Hash value:   3f17eb5447993d1bafb4a83cec543cf1df9f3d7e
   Verifying Hash Integrity ... crc32+ sha1+ OK
   Booting using the fdt blob at 0x4444f5e8
   Uncompressing Kernel Image ... OK
   Loading Device Tree to 484ea000, end 484ff052 ... OK
Could not find PCI in device tree
Using machid 0x8030200 from environment

Starting kernel ...

The device has serial headers already installed. Connection is as follows (remember TX to RX, RX to TX):

20231226_153313
20231226_1533131920×1806 392 KB

A little off topic, but my device is a WAX610NA, normally locked to the United States region on stock firmware. Halting uboot and waiting a moment for the IPQ6018 prompt allows us to dump device specific info and rewrite it to change the region:

IPQ6018# board_parameters_show

NAND read: device 0 offset 0x6b00000, size 0x20000
 131072 bytes read: OK

Serial Number: XXXXXXXXXXXXX
productid: WAX610
hwversion : 1.0
subhwversion : 1.0
region-info : 1
board_type : WAX610
device_type : WAX610NA
default_ssid : NETGEARXXXXXX-SETUP
default_wifi_password : sharedsecret
default_ipaddr : 192.168.0.100
default_admin_user : admin
default_admin_password : password
lan_mac: XX:XX:XX:XX:XX:XX
wlan_mac: XX:XX:XX:XX:XX:XX

(Unique information has been removed)

Regions
0 - Unused?
1 - NA/US
2 - JP
3 - EU/WW

Changing device_type appears to be unnecessary, but could be done.
To write this data, one could edit the command below as needed. The example given uses the EU region, which unlocks most regions aside from US and Japan (maybe others).

board_parameters_set XXXXXXXXXXXXX WAX610 1.0 1.0 3 WAX610 WAX610NA NETGEARXXXXXX-SETUP sharedsecret 192.168.0.100 admin password XX:XX:XX:XX:XX:XX XX:XX:XX:XX:XX:XX

Then factory reset the device via GUI or button to make the new region take effect.

More findings / development to come as time allows. Help welcome.

2

Any further progress? Thanks.

3

Have you tried to extract the firmware with binwalk and had a look at the DTS?
I saw that this device use config@cp03-c1 and you might have a look at https://github.com/openwrt/openwrt/blob/main/target/linux/qualcommax/files/arch/arm64/boot/dts/qcom/ipq6018-fap650.dts that also use config@cp03-c1 as a guide.

4

I have working support for the WAX610 and will submit it some time this week. I originally set it aside but found new inspiration when I found out that 802.11r is paywalled and only available when using Insight cloud.

2 Likes
5

I'm waiting on a PR for the board files to be accepted before starting the main support PR.

One outstanding issue/question is the WAX610Y. On stock, it is the same firmware as the WAX610 selectively using a different BDF. I didn't see any similar board file select/override in OpenWRT. Does anyone know of one? It seems wasteful to have a completely different build/target for WAX610Y.

6

Very much looking forward to this, thank you for your effort!!

2 Likes
7

Hello. Is there any news regarding the creation of an OpenWrt software for the Wax610Y? I have the Engenius ECW260, I believe it has the same hardware. I would also be very happy about a firmware image for the device from OpenWrt. Best regards.

8

The first line of the main post links to the pull request for support. Have you compared board shots and device trees of both units? Why do you think they are the same?

9

I thought because both devices have the same hardware. But I don't know anything about building firmware. Sorry

10

Hi @serverror

I tried to convert a Netgear WAX610Y to OpenWrt using the TFTP method. After booting the initramfs-uImage.itb into OpenWrt, I performed a sysupgrade. However, after rebooting, the device consistently drops into the U-Boot prompt. This is using the latest snapshot image.

Could you please give me some suggestion on how to fix this issue? Thanks.

root@OpenWrt:~# ubus call system board
{
        "kernel": "6.12.32",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Netgear WAX610Y",
        "board_name": "netgear,wax610y",
        "rootfs_type": "initramfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "firmware_url": "https://downloads.openwrt.org/",
                "revision": "r29955-8b24289a52",
                "target": "qualcommax/ipq60xx",
                "description": "OpenWrt SNAPSHOT r29955-8b24289a52",
                "builddate": "1749156955"
        }
}

root@OpenWrt:/tmp# sysupgrade -n openwrt-qualcommax-ipq60xx-netgear_wax610y-squa
shfs-sysupgrade.bin 
Thu Jan  1 00:05:17 GMT 1970 upgrade: Commencing upgrade. Closing all shell sessions.
Watchdog handover: fd=3
- watchdog -
Watchdog did not previously reset the system
Thu Jan  1 00:05:18 GMT 1970 upgrade: Sending TERM to remaining processes ...
Thu Jan  1 00:05:22 GMT 1970 upgrade: Sending KILL to remaining processes ...
[  328.399126] stage2 (3554): drop_caches: 3
Thu Jan  1 00:05:28 GMT 1970 upgrade: Switching to ramdisk...
Thu Jan  1 00:05:29 UTC 1970 upgrade: Performing system upgrade...
verifying sysupgrade tar file integrity
[  330.095902] block ubiblock0_3: released
Volume ID 0, size 45 LEBs (5713920 bytes, 5.4 MiB), LEB size 126976 bytes (124.0 KiB), dynamic, name "kernel", alignment 1
[  330.424644] block ubiblock0_3: created from ubi0:3(rootfs)
Volume ID 3, size 54 LEBs (6856704 bytes, 6.5 MiB), LEB size 126976 bytes (124.0 KiB), dynamic, name "rootfs", alignment 1
Set volume size to 1396736
Volume ID 4, size 11 LEBs (1396736 bytes, 1.3 MiB), LEB size 126976 bytes (124.0 KiB), dynamic, name "rootfs_data", alignment 1
sysupgrade successful
umount: can't unmount /dev: Resource busy
umount: can't unmount /tmp: Resource busy
[  334.185660] leds blue:wlan-2: led_trigger_set: Error sending uevent
[  334.305659] leds blue:wlan-0: led_trigger_set: Error sending uevent
[  334.374075] remoteproc remoteproc0: stopped remote processor cd00000.remoteproc
[  335.086586] reboot: Restarting system

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.XF.0.3-00077-IPQ60xxLZB-2
S - IMAGE_VARIANT_STRING=IPQ6018LA
S - OEM_IMAGE_VERSION_STRING=crm-ubuntu64
S - Boot Interface: NAND
S - Secure Boot: Off
S - Boot Config @ 0x000a602c = 0x000002e4
S - JTAG ID @ 0x000a607c = 0x0013a0e1
S - OEM ID @ 0x000a6080 = 0x00000000
S - Serial Number @ 0x000a4128 = 0x9c4da819
S - OEM Config Row 0 @ 0x000a4188 = 0x0000000000000000
S - OEM Config Row 1 @ 0x000a4190 = 0x0000000000000000
S - Feature Config Row 0 @ 0x000a4130 = 0x0000000008000001
S - Feature Config Row 1 @ 0x000a4138 = 0x02c3e83383000009
S - PBL Patch Ver: 1
S - I-cache: On
S - D-cache: On
B -      3413 - PBL, Start
B -       592 - bootable_media_detect_entry, Start
B -      4339 - bootable_media_detect_success, Start
B -      5147 - elf_loader_entry, Start
B -      5319 - auth_hash_seg_entry, Start
B -      7787 - auth_hash_seg_exit, Start
B -      8282 - elf_segs_hash_verify_entry, Start
B -    110429 - elf_segs_hash_verify_exit, Start
B -    114854 - auth_xbl_sec_hash_seg_entry, Start
B -    114998 - auth_xbl_sec_hash_seg_exit, Start
B -    121549 - xbl_sec_segs_hash_verify_entry, Start
B -    121550 - xbl_sec_segs_hash_verify_exit, Start
B -    122479 - PBL, End
B -    103273 - SBL1, Start
B -    243359 - GCC [RstStat:0x0, RstDbg:0x600000] WDog Stat : 0x4
B -    245799 - clock_init, Start
D -      2745 - clock_init, Delta
B -    254278 - boot_flash_init, Start
D -     29676 - boot_flash_init, Delta
B -    287249 - sbl1_ddr_set_default_params, Start
D -       244 - sbl1_ddr_set_default_params, Delta
B -    293867 - boot_config_data_table_init, Start
D -      4758 - boot_config_data_table_init, Delta - (575 Bytes)
B -    303688 - CDT Version:2,Platform ID:8,Major ID:3,Minor ID:2,Subtype:0
B -    308538 - Image Load, Start
D -      6618 - OEM_MISC Image Loaded, Delta - (0 Bytes)
B -    317871 - Image Load, Start
D -      5063 - PMIC Image Loaded, Delta - (0 Bytes)
B -    325740 - sbl1_ddr_set_params, Start
B -    330711 - CPR configuration: 0x366
B -    333914 - Pre_DDR_clock_init, Start
D -       183 - Pre_DDR_clock_init, Delta
D -         0 - sbl1_ddr_set_params, Delta
B -    370575 - Image Load, Start
D -       427 - APDP Image Loaded, Delta - (0 Bytes)
B -    383659 - Image Load, Start
D -       458 - QTI_MISC Image Loaded, Delta - (0 Bytes)
B -    386099 - Image Load, Start
D -       793 - Auth Metadata
D -       640 - Segments hash check
D -     22387 - QSEE Dev Config Image Loaded, Delta - (36354 Bytes)
B -    410438 - Image Load, Start
D -      6588 - Auth Metadata
D -     10553 - Segments hash check
D -    336324 - QSEE Image Loaded, Delta - (1470632 Bytes)
B -    747189 - Image Load, Start
D -       702 - Auth Metadata
D -      1037 - Segments hash check
D -     35075 - RPM Image Loaded, Delta - (102664 Bytes)
B -    783941 - Image Load, Start
D -       763 - Auth Metadata
D -      3050 - Segments hash check
D -    117944 - APPSBL Image Loaded, Delta - (541348 Bytes)
B -    917531 - SBL1, End
D -    814563 - SBL1, Delta
S - Flash Throughput, 4000 KB/s  (2152245 Bytes,  432298 us)
S - Core 0 Frequency, 800 MHz
S - DDR Frequency, 466 MHz


U-Boot 2016.01-V9.0.0.23 (May 21 2020 - 11:58:58 +0530)

DRAM:  smem ram ptable found: ver: 2 len: 4
512 MiB
NAND:  ONFI device found
ID = 9500a1ef
Vendor = ef
Device = a1
SPI_ADDR_LEN=3
SF: Detected MX25U6435F with page size 256 Bytes, erase size 64 KiB, total 8 MiB
ipq_spi: page_size: 0x100, sector_size: 0x10000, size: 0x800000
136 MiB
MMC:   sdhci: Node Not found, skipping initialization

PCI0 is not defined in the device tree
In:    serial@78B1000
Out:   serial@78B1000
Err:   serial@78B1000
Product ID: WAX610Y
HW Version: 1.0
machid: 8030200
Power source: Adaptor
eth2 MAC Address from ART is not valid
eth3 MAC Address from ART is not valid
eth4 MAC Address from ART is not valid
eth5 MAC Address from ART is not valid
Hit any key to stop autoboot:  0 
Erasing NAND...
Erasing at 0xde0000 -- 100% complete.
Writing to NAND... OK
setenv - set environment variables


Net:   MAC0 addr:44:a5:6e:cb:9c:df
PHY ID1: 0x4d
PHY ID2: 0xd101
EDMA ver 1 hw init
Num rings - TxDesc:1 (0-0) TxCmpl:1 (0-0)
RxDesc:1 (15-15) RxFill:1 (7-7)
ipq6018_edma_alloc_rings: successfull
ipq6018_edma_setup_ring_resources: successfull
ipq6018_edma_configure_rings: successfull
ipq6018_edma_hw_init: successfull
eth0

Net:   MAC0 addr:44:a5:6e:cb:9c:df
PHY ID1: 0x4d
PHY ID2: 0xd101
EDMA ver 1 hw init
Num rings - TxDesc:1 (0-0) TxCmpl:1 (0-0)
RxDesc:1 (15-15) RxFill:1 (7-7)
ipq6018_edma_alloc_rings: successfull
ipq6018_edma_setup_ring_resources: successfull
ipq6018_edma_configure_rings: successfull
ipq6018_edma_hw_init: successfull
, eth0
Warning: eth0 MAC addresses don't match:
Address in SROM is         44:a5:6e:cb:9c:df
Address in environment is  44:a5:6e:cb:9c:ef

IPQ6018#
11

I won't have access to my WAX610 until later this week but let me first check that snapshot tftp flash is working there before assuming it's WAX610Y specific.

12

Thanks a lot @serverror

Is there a way in U-Boot to force the WAX610Y to boot into the Netgear OEM firmware, so I can try using the WebUI method instead?

13

Yes, though before you do, run a printenv and copy the output here after removing the ethernet addresses.

choose_part 0 and choose_part 1 should toggle the active partition. It's also supposed to happen automatically after 5 failed boots and you can force that behavior by doing

setenv boot_count 5
saveenv
reset

14 
**IPQ6018# printenv**
baudrate=115200
boot_count=2
bootargs=console=ttyMSM0,115200n8
bootcmd=bootipq
bootdelay=2
eth1addr=XXX
ethact=eth0
ethaddr=XXX
failsafe=0
fdt_high=0x48500000
fdtcontroladdr=4a472b70
flash_type=2
fsbootargs=ubi.mtd=rootfs root=mtd:ubi_rootfs rootfstype=squashfs
fw_upgrade=0
hw_ver=1.0
ipaddr=192.168.0.100
machid=8030200
netmask=255.255.255.0
proceed_upgrade=0
product_id=WAX610Y
serverip=192.168.0.10
soc_version_major=1
soc_version_minor=0
stderr=serial@78B1000
stdin=serial@78B1000
stdout=serial@78B1000

Environment size: 589/262140 bytes
15

@serverror

With "setenv boot_count 5", the device was able to boot past U-Boot, but it then stopped with the following error:

Jumping to AARCH64 kernel via monitor

[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x51af8014]
[    0.000000] Linux version 6.12.32 (builder@buildhost) (aarch64-openwrt-linux-musl-gcc (OpenWrt GCC 14.3.0 r29955-8b24289a52) 14.3.0, GNU ld (GNU Binutils) 2.42) #0 SMP Thu Jun  5 20:55:55 2025
[    0.000000] Machine model: Netgear WAX610Y
...
...
[    1.825188] block ubiblock0_3: created from ubi0:3(roo[    1.845418] Waiting for root device /dev/ubiblock0_1...

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.XF.0.3-00077-IPQ60xxLZB-2
S - IMAGE_VARIANT_STRING=IPQ6018LA
S - OEM_IMAGE_VERSION_STRING=crm-ubuntu64
S - Boot Interface: NAND
S - Secure Boot: Off
S - Boot Config @ 0x000a602c = 0x000002e4
S - JTAG ID @ 0x000a607c = 0x0013a0e1
S - OEM ID @ 0x000a6080 = 0x00000000
S - Serial Number @ 0x000a4128 = 0x9c4da819
S - OEM Config Row 0 @ 0x000a4188 = 0x0000000000000000
S - OEM Config Row 1 @ 0x000a4190 = 0x0000000000000000
S - Feature Config Row 0 @ 0x000a4130 = 0x0000000008000001
S - Feature Config Row 1 @ 0x000a4138 = 0x02c3e83383000009
S - PBL Patch Ver: 1
S - I-cache: On
S - D-cache: On
B -      3413 - PBL, Start
B -       592 - bootable_media_detect_entry, Start
B -      4339 - bootable_media_detect_success, Start
B -      5147 - elf_loader_entry, Start
B -      5319 - auth_hash_seg_entry, Start
B -      7786 - auth_hash_seg_exit, Start
B -      8281 - elf_segs_hash_verify_entry, Start
B -    110428 - elf_segs_hash_verify_exit, Start
B -    114856 - auth_xbl_sec_hash_seg_entry, Start
B -    114998 - auth_xbl_sec_hash_seg_exit, Start
B -    121546 - xbl_sec_segs_hash_verify_entry, Start
B -    121547 - xbl_sec_segs_hash_verify_exit, Start
B -    122476 - PBL, End
B -    103242 - SBL1, Start
B -    243359 - GCC [RstStat:0x0, RstDbg:0x600000] WDog Stat : 0x4
B -    245799 - clock_init, Start
D -      2745 - clock_init, Delta
B -    254278 - boot_flash_init, Start
D -     29737 - boot_flash_init, Delta
B -    287249 - sbl1_ddr_set_default_params, Start
D -       244 - sbl1_ddr_set_default_params, Delta
B -    293867 - boot_config_data_table_init, Start
D -      4758 - boot_config_data_table_init, Delta - (575 Bytes)
B -    303719 - CDT Version:2,Platform ID:8,Major ID:3,Minor ID:2,Subtype:0
B -    308568 - Image Load, Start
D -      6618 - OEM_MISC Image Loaded, Delta - (0 Bytes)
B -    317901 - Image Load, Start
D -      5033 - PMIC Image Loaded, Delta - (0 Bytes)
B -    325770 - sbl1_ddr_set_params, Start
B -    330742 - CPR configuration: 0x366
B -    333944 - Pre_DDR_clock_init, Start
D -       183 - Pre_DDR_clock_init, Delta
D -         0 - sbl1_ddr_set_params, Delta
B -    370575 - Image Load, Start
D -       457 - APDP Image Loaded, Delta - (0 Bytes)
B -    383690 - Image Load, Start
D -       457 - QTI_MISC Image Loaded, Delta - (0 Bytes)
B -    386130 - Image Load, Start
D -       854 - Auth Metadata
D -       610 - Segments hash check
D -     22326 - QSEE Dev Config Image Loaded, Delta - (36354 Bytes)
B -    410408 - Image Load, Start
D -      6588 - Auth Metadata
D -     10492 - Segments hash check
D -    335500 - QSEE Image Loaded, Delta - (1470632 Bytes)
B -    746365 - Image Load, Start
D -       701 - Auth Metadata
D -       976 - Segments hash check
D -     34953 - RPM Image Loaded, Delta - (102664 Bytes)
B -    782996 - Image Load, Start
D -       702 - Auth Metadata
D -      3080 - Segments hash check
D -    117882 - APPSBL Image Loaded, Delta - (541348 Bytes)
B -    916525 - SBL1, End
D -    813588 - SBL1, Delta
S - Flash Throughput, 4000 KB/s  (2152245 Bytes,  431383 us)
S - Core 0 Frequency, 800 MHz
S - DDR Frequency, 466 MHz




U-Boot 2016.01-V9.0.0.23 (May 21 2020 - 11:58:58 +0530)



DRAM:  smem ram ptable found: ver: 2 len: 4

512 MiB

NAND:  ONFI device found

ID = 9500a1ef

Vendor = ef

Device = a1

SPI_ADDR_LEN=3

SF: Detected MX25U6435F with page size 256 Bytes, erase size 64 KiB, total 8 MiB

ipq_spi: page_size: 0x100, sector_size: 0x10000, size: 0x800000

136 MiB

MMC:   sdhci: Node Not found, skipping initialization



PCI0 is not defined in the device tree

In:    serial@78B1000

Out:   serial@78B1000

Err:   serial@78B1000

Product ID: WAX610Y

HW Version: 1.0

machid: 8030200

Power source: Adaptor

eth2 MAC Address from ART is not valid

eth3 MAC Address from ART is not valid

eth4 MAC Address from ART is not valid

eth5 MAC Address from ART is not valid

Hit any key to stop autoboot:  2 ... 1 ... 0 

Erasing NAND...


Erasing at 0xd80000 --  25% complete.
Erasing at 0xda0000 --  50% complete.
Erasing at 0xdc0000 --  75% complete.
Erasing at 0xde0000 -- 100% complete.

Writing to NAND... OK

ubi0: attaching mtd2

ubi0: scanning is finished

ubi0: attached mtd2 (name "mtd=0", size 44 MiB)

ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes

ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048

ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096

ubi0: good PEBs: 355, bad PEBs: 1, corrupted PEBs: 0

ubi0: user volume: 5, internal volumes: 1, max. volumes count: 128

ubi0: max/mean erase counter: 16/2, WL threshold: 4096, image sequence number: 248281062

ubi0: available PEBs: 0, total reserved PEBs: 355, PEBs reserved for bad PEB handling: 19

Read 0 bytes from volume kernel to 44000000

No size specified -> Using max size (5713920)

## Loading kernel from FIT Image at 44000000 ...

   Using 'config@cp03-c1' configuration

   Trying 'kernel-1' kernel subimage

     Description:  ARM64 OpenWrt Linux-6.12.32

     Type:         Kernel Image

     Compression:  gzip compressed

     Data Start:   0x440000e8

     Data Size:    5641925 Bytes = 5.4 MiB

     Architecture: AArch64

     OS:           Linux

     Load Address: 0x41000000

     Entry Point:  0x41000000

     Hash algo:    crc32

     Hash value:   775d60a5

     Hash algo:    sha1

     Hash value:   b3ca79f0ab58140a94c8b9f4acf420d918972445

   Verifying Hash Integrity ... crc32+ sha1+ OK

## Loading fdt from FIT Image at 44000000 ...

   Using 'config@cp03-c1' configuration

   Trying 'fdt-1' fdt subimage

     Description:  ARM64 OpenWrt netgear_wax610y device tree blob

     Type:         Flat Device Tree

     Compression:  uncompressed

     Data Start:   0x445618f0

     Data Size:    34399 Bytes = 33.6 KiB

     Architecture: AArch64

     Hash algo:    crc32

     Hash value:   af88ac08

     Hash algo:    sha1

     Hash value:   588e0f7b558ee434350b5a5210592c599155bf8a

   Verifying Hash Integrity ... crc32+ sha1+ OK

   Booting using the fdt blob at 0x445618f0

   Uncompressing Kernel Image ... OK

   Loading Device Tree to 484f4000, end 484ff65e ... OK

Could not find PCI in device tree

Using machid 0x8030200 from environment



Starting kernel ...



Jumping to AARCH64 kernel via monitor

[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x51af8014]
[    0.000000] Linux version 6.12.32 (builder@buildhost) (aarch64-openwrt-linux-musl-gcc (OpenWrt GCC 14.3.0 r29955-8b24289a52) 14.3.0, GNU ld (GNU Binutils) 2.42) #0 SMP Thu Jun  5 20:55:55 2025
[    0.000000] Machine model: Netgear WAX610Y
[    0.000000] OF: reserved mem: 0x0000000000060000..0x0000000000065fff (24 KiB) nomap non-reusable memory@60000
[    0.000000] OF: reserved mem: 0x0000000040000000..0x0000000040ffffff (16384 KiB) nomap non-reusable memory@40000000
[    0.000000] OF: reserved mem: 0x000000004a100000..0x000000004a4fffff (4096 KiB) nomap non-reusable bootloader@4a100000
[    0.000000] OF: reserved mem: 0x000000004a500000..0x000000004a5fffff (1024 KiB) nomap non-reusable sbl@4a500000
[    0.000000] OF: reserved mem: 0x000000004a600000..0x000000004a9fffff (4096 KiB) nomap non-reusable memory@4a600000
[    0.000000] OF: reserved mem: 0x000000004aa00000..0x000000004aafffff (1024 KiB) nomap non-reusable memory@4aa00000
[    0.000000] OF: reserved mem: 0x000000004ab00000..0x000000004fffffff (87040 KiB) nomap non-reusable memory@4ab00000
[    0.000000] Zone ranges:
[    0.000000]   DMA      [mem 0x0000000040000000-0x000000005fffffff]
[    0.000000]   DMA32    empty
[    0.000000]   Normal   empty
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000040000000-0x0000000040ffffff]
[    0.000000]   node   0: [mem 0x0000000041000000-0x000000004a0fffff]
[    0.000000]   node   0: [mem 0x000000004a100000-0x000000004fffffff]
[    0.000000]   node   0: [mem 0x0000000050000000-0x000000005fffffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x000000005fffffff]
[    0.000000] psci: probing for conduit method from DT.
[    0.000000] psci: PSCIv1.0 detected in firmware.
[    0.000000] psci: Using standard PSCI v0.2 function IDs
[    0.000000] psci: MIGRATE_INFO_TYPE not supported.
[    0.000000] psci: SMC Calling Convention v1.0
[    0.000000] percpu: Embedded 20 pages/cpu s43352 r8192 d30376 u81920
[    0.000000] Detected VIPT I-cache on CPU0
[    0.000000] CPU features: detected: Spectre-v4
[    0.000000] alternatives: applying boot alternatives
[    0.000000] Kernel command line: WAX610Y 1.0 console=ttyMSM0,115200n8 ubi.mtd=rootfs root=mtd:ubi_rootfs rootfstype=squashfs rootwait root=/dev/ubiblock0_1
[    0.000000] Unknown kernel command line parameters "WAX610Y", will be passed to user space.
[    0.000000] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
[    0.000000] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes, linear)
[    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 131072
[    0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[    0.000000] software IO TLB: SWIOTLB bounce buffer size adjusted to 0MB
[    0.000000] software IO TLB: area num 4.
[    0.000000] software IO TLB: SWIOTLB bounce buffer size roundup to 1MB
[    0.000000] software IO TLB: mapped [mem 0x000000005f4c0000-0x000000005f5c0000] (1MB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] rcu: Hierarchical RCU implementation.
[    0.000000] .Tracing variant of Tasks RCU enabled.
[    0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
[    0.000000] RCU Tasks Trace: Setting shift to 2 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=4.
[    0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
[    0.000000] Root IRQ handler: gic_handle_irq
[    0.000000] GICv2m: range[mem 0x0b00a000-0x0b00affc], SPI[448:479]
[    0.000000] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[    0.000000] arch_timer: cp15 and mmio timer(s) running at 24.00MHz (virt/virt).
[    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x588fe9dc0, max_idle_ns: 440795202592 ns
[    0.000000] sched_clock: 56 bits at 24MHz, resolution 41ns, wraps every 4398046511097ns
[    0.000089] Calibrating delay loop (skipped), value calculated using timer frequency.. 48.00 BogoMIPS (lpj=240000)
[    0.000102] pid_max: default: 32768 minimum: 301
[    0.005081] Mount-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[    0.005094] Mountpoint-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[    0.060111] rcu: Hierarchical SRCU implementation.
[    0.060121] rcu: .Max phase no-delay instances is 1000.
[    0.060425] Timer migration: 1 hierarchy levels; 8 children per group; 1 crossnode level
[    0.070406] smp: Bringing up secondary CPUs ...
[    0.080417] Detected VIPT I-cache on CPU1
[    0.080524] CPU1: Booted secondary processor 0x0000000001 [0x51af8014]
[    0.081272] Detected VIPT I-cache on CPU2
[    0.081348] CPU2: Booted secondary processor 0x0000000002 [0x51af8014]
[    0.090441] Detected VIPT I-cache on CPU3
[    0.090515] CPU3: Booted secondary processor 0x0000000003 [0x51af8014]
[    0.090597] smp: Brought up 1 node, 4 CPUs
[    0.090606] SMP: Total of 4 processors activated.
[    0.090610] CPU: All CPU(s) started at EL1
[    0.090614] CPU features: detected: 32-bit EL0 Support
[    0.090619] CPU features: detected: CRC32 instructions
[    0.090673] alternatives: applying system-wide alternatives
[    0.090868] CPU features: emulated: Privileged Access Never (PAN) using TTBR0_EL1 switching
[    0.091121] Memory: 381416K/524288K available (8896K kernel code, 902K rwdata, 2836K rodata, 1792K init, 302K bss, 139912K reserved, 0K cma-reserved)
[    0.097975] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[    0.098000] futex hash table entries: 1024 (order: 4, 65536 bytes, linear)
[    0.098106] 29040 pages in range for non-PLT usage
[    0.098110] 520560 pages in range for PLT usage
[    0.100262] pinctrl core: initialized pinctrl subsystem
[    0.104647] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[    0.105244] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
[    0.105285] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[    0.105319] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[    0.105694] thermal_sys: Registered thermal governor 'step_wise'
[    0.105755] cpuidle: using governor menu
[    0.105996] ASID allocator initialised with 65536 entries
[    0.111818] /soc@0/interrupt-controller@b000000: Fixed dependency cycle(s) with /soc@0/interrupt-controller@b000000
[    0.150968] qcom,cpr4-apss-regulator b018000.cpr4-ctrl: CPR valid fuse count: 4
[    0.172569] SCSI subsystem initialized
[    0.172770] usbcore: registered new interface driver usbfs
[    0.172809] usbcore: registered new interface driver hub
[    0.172858] usbcore: registered new device driver usb
[    0.173157] qcom_scm: convention: smc arm 64
[    0.175001] s2: Bringing 0uV into 725000-725000uV
[    0.175817] clocksource: Switched to clocksource arch_sys_counter
[    0.176102] l2: Bringing 0uV into 1800000-1800000uV
[    0.176247] qcom_rpm_smd_regulator remoteproc:glink-edge:rpm-requests:regulators: Supply for l2 (l2) resolved to itself
[    0.179665] NET: Registered PF_INET protocol family
[    0.179811] IP idents hash table entries: 8192 (order: 4, 65536 bytes, linear)
[    0.182227] tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes, linear)
[    0.182246] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[    0.182261] TCP established hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.182309] TCP bind hash table entries: 4096 (order: 5, 131072 bytes, linear)
[    0.182450] TCP: Hash tables configured (established 4096 bind 4096)
[    0.182908] MPTCP token hash table entries: 512 (order: 1, 12288 bytes, linear)
[    0.183068] UDP hash table entries: 256 (order: 1, 8192 bytes, linear)
[    0.183094] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes, linear)
[    0.183386] NET: Registered PF_UNIX/PF_LOCAL protocol family
[    0.183421] PCI: CLS 0 bytes, default 64
[    0.185157] workingset: timestamp_bits=46 max_order=17 bucket_order=0
[    0.185907] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.185914] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.188639] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 248)
[    0.199275] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[    0.203016] msm_serial 78b1000.serial: msm_serial: detected port #0
[    0.203102] msm_serial 78b1000.serial: uartclk = 1843200
[    0.203429] 78b1000.serial: ttyMSM0 at MMIO 0x78b1000 (irq = 22, base_baud = 115200) is a MSM
[    0.203506] msm_serial: console setup on port #0
[    0.203549] printk: legacy console [ttyMSM0] enabled
[    0.974545] msm_serial: driver initialized
[    0.984071] loop: module loaded
[    0.985402] nand: device found, Manufacturer ID: 0xef, Chip ID: 0xa1
[    0.986236] nand: Winbond W29N01HZ
[    0.992646] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[    1.012179] i2c_dev: i2c /dev entries driver
[    1.017017] sdhci: Secure Digital Host Controller Interface driver
[    1.017062] sdhci: Copyright(c) Pierre Ossman
[    1.022097] sdhci-pltfm: SDHCI platform and OF driver helper
[    1.030660] remoteproc remoteproc0: releasing cd00000.remoteproc
[    1.034869] NET: Registered PF_INET6 protocol family
[    1.039704] Segment Routing with IPv6
[    1.043238] In-situ OAM (IOAM) with IPv6
[    1.046852] NET: Registered PF_PACKET protocol family
[    1.050767] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[    1.055840] 8021q: 802.1Q VLAN Support v1.8
[    1.100895] qcom,cpr4-apss-regulator b018000.cpr4-ctrl: CPR valid fuse count: 4
[    1.101264] cpr4_ipq807x_apss_read_fuse_data: apc_corner: speed bin = 0
[    1.107048] cpr4_ipq807x_apss_read_fuse_data: apc_corner: CPR fusing revision = 2
[    1.113625] cpr4_ipq807x_apss_read_fuse_data: apc_corner: CPR misc fuse value = 0
[    1.121304] cpr4_ipq807x_apss_read_fuse_data: apc_corner: Voltage boost fuse config = 0 boost = disable
[    1.128842] cpr3_mem_acc_init: apc: not using memory accelerator regulator
[    1.137939] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused      SVS: open-loop= 675000 uV
[    1.144877] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused      NOM: open-loop= 787500 uV
[    1.154868] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused    TURBO: open-loop= 862500 uV
[    1.164677] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused   STURBO: open-loop= 925000 uV
[    1.174514] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused      SVS: quot[ 7]= 533, quot_offset[ 7]=   0
[    1.184298] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused      NOM: quot[ 7]= 723, quot_offset[ 7]= 190
[    1.195149] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused    TURBO: quot[ 7]= 844, quot_offset[ 7]= 120
[    1.206085] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused   STURBO: quot[ 7]= 943, quot_offset[ 7]=  95
[    1.217357] cpr3_regulator_init_ctrl: apc: Default CPR mode = closed-loop
[    1.221095] nand: device found, Manufacturer ID: 0xef, Chip ID: 0xa1
[    1.234715] nand: Winbond W29N01HZ
[    1.241151] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[    1.244642] 23 qcomsmem partitions found on MTD device qcom_nand.0
[    1.251925] Creating 23 MTD partitions on "qcom_nand.0":
[    1.258078] 0x000000000000-0x000000180000 : "0:sbl1"
[    1.265412] 0x000000180000-0x000000280000 : "0:mibib"
[    1.269780] 0x000000280000-0x000000300000 : "0:bootconfig"
[    1.274271] 0x000000300000-0x000000380000 : "0:bootconfig1"
[    1.279789] 0x000000380000-0x000000700000 : "0:qsee"
[    1.287730] 0x000000700000-0x000000a80000 : "0:qsee_1"
[    1.292894] 0x000000a80000-0x000000b00000 : "0:devcfg"
[    1.295313] 0x000000b00000-0x000000b80000 : "0:devcfg_1"
[    1.300448] 0x000000b80000-0x000000c00000 : "0:rpm"
[    1.305922] 0x000000c00000-0x000000c80000 : "0:rpm_1"
[    1.310479] 0x000000c80000-0x000000d00000 : "0:cdt"
[    1.315708] 0x000000d00000-0x000000d80000 : "0:cdt_1"
[    1.320449] 0x000000d80000-0x000000e00000 : "0:appsblenv"
[    1.325608] 0x000000e00000-0x000000f80000 : "0:appsbl"
[    1.331902] 0x000000f80000-0x000001100000 : "0:appsbl_1"
[    1.336919] 0x000001100000-0x000001180000 : "0:art"
[    1.341508] 0x000001180000-0x000003e00000 : "rootfs"
[    1.384504] mtd: setting mtd16 (rootfs) as root device
[    1.384843] mtdsplit: no squashfs found in "rootfs"
[    1.388588] 0x000003e00000-0x000006a80000 : "rootfs_1"
[    1.432355] 0x000006a80000-0x000006b00000 : "0:ethphyfw"
[    1.433286] 0x000006b00000-0x000006c00000 : "0:mfgdata"
[    1.438073] 0x000006c00000-0x000007d00000 : "0:ntgrdata"
[    1.456946] 0x000007d00000-0x000007d80000 : "0:oops_log"
[    1.457857] 0x000007d80000-0x000008000000 : "0:reserved"
[    1.473910] cpufreq: cpufreq_online: CPU0: Running at unlisted initial frequency: 799999 KHz, changing to: 864000 KHz
[    1.476733] remoteproc remoteproc0: cd00000.remoteproc is available
[    1.483903] ubi0: attaching mtd16
[    1.717956] ubi0: scanning is finished
[    1.776569] ubi0: attached mtd16 (name "rootfs", size 44 MiB)
[    1.776610] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[    1.781317] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[    1.788102] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
[    1.794932] ubi0: good PEBs: 355, bad PEBs: 1, corrupted PEBs: 0
[    1.801713] ubi0: user volume: 5, internal volumes: 1, max. volumes count: 128
[    1.807960] ubi0: max/mean erase counter: 16/2, WL threshold: 4096, image sequence number: 248281062
[    1.814989] ubi0: available PEBs: 0, total reserved PEBs: 355, PEBs reserved for bad PEB handling: 19
[    1.824301] ubi0: background thread "ubi_bgt0d" started, PID 617
[    1.825188] block ubiblock0_3: created from ubi0:3(roo[    1.845418] Waiting for root device /dev/ubiblock0_1...
16

Did you log the output of both choose_part commands and know which one you did first?

The openwrt kernel is loading but my guess is that it's trying to mount a rootfs that still contains stock firmware (and wont be mountable in openwrt), while the openwrt rootfs may be in rootfs_1. We can try swapping just the rootfs around, or going back to stock and doing the UI install may work as well.

Also interesting to see that you have a spi flash on board while my two WAX610 units did not.

17

choose_part 0

IPQ6018# choose_part 0

the arguement in integer is 0

the primary boot value before setting is 0

the primary boot value is after setting 0



NAND erase: device 0 offset 0x280000, size 0x80000


Erasing at 0x280000 --  25% complete.
Erasing at 0x2a0000 --  50% complete.
Erasing at 0x2c0000 --  75% complete.
Erasing at 0x2e0000 -- 100% complete.

OK

IPQ6018# 


IPQ6018# reset


resetting ...


Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.XF.0.3-00077-IPQ60xxLZB-2
S - IMAGE_VARIANT_STRING=IPQ6018LA
S - OEM_IMAGE_VERSION_STRING=crm-ubuntu64
S - Boot Interface: NAND
S - Secure Boot: Off
S - Boot Config @ 0x000a602c = 0x000002e4
S - JTAG ID @ 0x000a607c = 0x0013a0e1
S - OEM ID @ 0x000a6080 = 0x00000000
S - Serial Number @ 0x000a4128 = 0x9c4da819
S - OEM Config Row 0 @ 0x000a4188 = 0x0000000000000000
S - OEM Config Row 1 @ 0x000a4190 = 0x0000000000000000
S - Feature Config Row 0 @ 0x000a4130 = 0x0000000008000001
S - Feature Config Row 1 @ 0x000a4138 = 0x02c3e83383000009
S - PBL Patch Ver: 1
S - I-cache: On
S - D-cache: On
B -      3413 - PBL, Start
B -       592 - bootable_media_detect_entry, Start
B -      4339 - bootable_media_detect_success, Start
B -      5147 - elf_loader_entry, Start
B -      5319 - auth_hash_seg_entry, Start
B -      7786 - auth_hash_seg_exit, Start
B -      8279 - elf_segs_hash_verify_entry, Start
B -    110424 - elf_segs_hash_verify_exit, Start
B -    114850 - auth_xbl_sec_hash_seg_entry, Start
B -    114993 - auth_xbl_sec_hash_seg_exit, Start
B -    121544 - xbl_sec_segs_hash_verify_entry, Start
B -    121545 - xbl_sec_segs_hash_verify_exit, Start
B -    122474 - PBL, End
B -    103242 - SBL1, Start
B -    243329 - GCC [RstStat:0x0, RstDbg:0x600000] WDog Stat : 0x4
B -    245769 - clock_init, Start
D -      2745 - clock_init, Delta
B -    254248 - boot_flash_init, Start
D -     29707 - boot_flash_init, Delta
B -    287218 - sbl1_ddr_set_default_params, Start
D -       244 - sbl1_ddr_set_default_params, Delta
B -    293837 - boot_config_data_table_init, Start
D -      4758 - boot_config_data_table_init, Delta - (575 Bytes)
B -    303688 - CDT Version:2,Platform ID:8,Major ID:3,Minor ID:2,Subtype:0
B -    308538 - Image Load, Start
D -      6588 - OEM_MISC Image Loaded, Delta - (0 Bytes)
B -    317871 - Image Load, Start
D -      5063 - PMIC Image Loaded, Delta - (0 Bytes)
B -    325740 - sbl1_ddr_set_params, Start
B -    330711 - CPR configuration: 0x366
B -    333914 - Pre_DDR_clock_init, Start
D -       213 - Pre_DDR_clock_init, Delta
D -         0 - sbl1_ddr_set_params, Delta
B -    370575 - Image Load, Start
D -       457 - APDP Image Loaded, Delta - (0 Bytes)
B -    383690 - Image Load, Start
D -       427 - QTI_MISC Image Loaded, Delta - (0 Bytes)
B -    386130 - Image Load, Start
D -       885 - Auth Metadata
D -       640 - Segments hash check
D -     22387 - QSEE Dev Config Image Loaded, Delta - (36354 Bytes)
B -    410499 - Image Load, Start
D -      6527 - Auth Metadata
D -     10370 - Segments hash check
D -    335622 - QSEE Image Loaded, Delta - (1470632 Bytes)
B -    746579 - Image Load, Start
D -       671 - Auth Metadata
D -       976 - Segments hash check
D -     34953 - RPM Image Loaded, Delta - (102664 Bytes)
B -    783179 - Image Load, Start
D -       640 - Auth Metadata
D -      3050 - Segments hash check
D -    117791 - APPSBL Image Loaded, Delta - (541348 Bytes)
B -    916616 - SBL1, End
D -    813679 - SBL1, Delta
S - Flash Throughput, 4000 KB/s  (2152245 Bytes,  431687 us)
S - Core 0 Frequency, 800 MHz
S - DDR Frequency, 466 MHz




U-Boot 2016.01-V9.0.0.23 (May 21 2020 - 11:58:58 +0530)



DRAM:  smem ram ptable found: ver: 2 len: 4

512 MiB

NAND:  ONFI device found

ID = 9500a1ef

Vendor = ef

Device = a1

SPI_ADDR_LEN=3

SF: Detected MX25U6435F with page size 256 Bytes, erase size 64 KiB, total 8 MiB

ipq_spi: page_size: 0x100, sector_size: 0x10000, size: 0x800000

136 MiB

MMC:   sdhci: Node Not found, skipping initialization



PCI0 is not defined in the device tree

In:    serial@78B1000

Out:   serial@78B1000

Err:   serial@78B1000

Product ID: WAX610Y

HW Version: 1.0

machid: 8030200

Power source: Adaptor

eth2 MAC Address from ART is not valid

eth3 MAC Address from ART is not valid

eth4 MAC Address from ART is not valid

eth5 MAC Address from ART is not valid

Hit any key to stop autoboot:  2 ... 1 ... 0 

Erasing NAND...


Erasing at 0xd80000 --  25% complete.
Erasing at 0xda0000 --  50% complete.
Erasing at 0xdc0000 --  75% complete.
Erasing at 0xde0000 -- 100% complete.

Writing to NAND... OK

ubi0: attaching mtd2

ubi0: scanning is finished

ubi0: attached mtd2 (name "mtd=0", size 44 MiB)

ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes

ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048

ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096

ubi0: good PEBs: 355, bad PEBs: 1, corrupted PEBs: 0

ubi0: user volume: 5, internal volumes: 1, max. volumes count: 128

ubi0: max/mean erase counter: 16/2, WL threshold: 4096, image sequence number: 248281062

ubi0: available PEBs: 0, total reserved PEBs: 355, PEBs reserved for bad PEB handling: 19

Read 0 bytes from volume kernel to 44000000

No size specified -> Using max size (5713920)

## Loading kernel from FIT Image at 44000000 ...

   Using 'config@cp03-c1' configuration

   Trying 'kernel-1' kernel subimage

     Description:  ARM64 OpenWrt Linux-6.12.32

     Type:         Kernel Image

     Compression:  gzip compressed

     Data Start:   0x440000e8

     Data Size:    5641925 Bytes = 5.4 MiB

     Architecture: AArch64

     OS:           Linux

     Load Address: 0x41000000

     Entry Point:  0x41000000

     Hash algo:    crc32

     Hash value:   775d60a5

     Hash algo:    sha1

     Hash value:   b3ca79f0ab58140a94c8b9f4acf420d918972445

   Verifying Hash Integrity ... crc32+ sha1+ OK

## Loading fdt from FIT Image at 44000000 ...

   Using 'config@cp03-c1' configuration

   Trying 'fdt-1' fdt subimage

     Description:  ARM64 OpenWrt netgear_wax610y device tree blob

     Type:         Flat Device Tree

     Compression:  uncompressed

     Data Start:   0x445618f0

     Data Size:    34399 Bytes = 33.6 KiB

     Architecture: AArch64

     Hash algo:    crc32

     Hash value:   af88ac08

     Hash algo:    sha1

     Hash value:   588e0f7b558ee434350b5a5210592c599155bf8a

   Verifying Hash Integrity ... crc32+ sha1+ OK

   Booting using the fdt blob at 0x445618f0

   Uncompressing Kernel Image ... OK

   Loading Device Tree to 484f4000, end 484ff65e ... OK

Could not find PCI in device tree

Using machid 0x8030200 from environment



Starting kernel ...



Jumping to AARCH64 kernel via monitor

[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x51af8014]
[    0.000000] Linux version 6.12.32 (builder@buildhost) (aarch64-openwrt-linux-musl-gcc (OpenWrt GCC 14.3.0 r29955-8b24289a52) 14.3.0, GNU ld (GNU Binutils) 2.42) #0 SMP Thu Jun  5 20:55:55 2025
[    0.000000] Machine model: Netgear WAX610Y
[    0.000000] OF: reserved mem: 0x0000000000060000..0x0000000000065fff (24 KiB) nomap non-reusable memory@60000
[    0.000000] OF: reserved mem: 0x0000000040000000..0x0000000040ffffff (16384 KiB) nomap non-reusable memory@40000000
[    0.000000] OF: reserved mem: 0x000000004a100000..0x000000004a4fffff (4096 KiB) nomap non-reusable bootloader@4a100000
[    0.000000] OF: reserved mem: 0x000000004a500000..0x000000004a5fffff (1024 KiB) nomap non-reusable sbl@4a500000
[    0.000000] OF: reserved mem: 0x000000004a600000..0x000000004a9fffff (4096 KiB) nomap non-reusable memory@4a600000
[    0.000000] OF: reserved mem: 0x000000004aa00000..0x000000004aafffff (1024 KiB) nomap non-reusable memory@4aa00000
[    0.000000] OF: reserved mem: 0x000000004ab00000..0x000000004fffffff (87040 KiB) nomap non-reusable memory@4ab00000
[    0.000000] Zone ranges:
[    0.000000]   DMA      [mem 0x0000000040000000-0x000000005fffffff]
[    0.000000]   DMA32    empty
[    0.000000]   Normal   empty
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000040000000-0x0000000040ffffff]
[    0.000000]   node   0: [mem 0x0000000041000000-0x000000004a0fffff]
[    0.000000]   node   0: [mem 0x000000004a100000-0x000000004fffffff]
[    0.000000]   node   0: [mem 0x0000000050000000-0x000000005fffffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x000000005fffffff]
[    0.000000] psci: probing for conduit method from DT.
[    0.000000] psci: PSCIv1.0 detected in firmware.
[    0.000000] psci: Using standard PSCI v0.2 function IDs
[    0.000000] psci: MIGRATE_INFO_TYPE not supported.
[    0.000000] psci: SMC Calling Convention v1.0
[    0.000000] percpu: Embedded 20 pages/cpu s43352 r8192 d30376 u81920
[    0.000000] Detected VIPT I-cache on CPU0
[    0.000000] CPU features: detected: Spectre-v4
[    0.000000] alternatives: applying boot alternatives
[    0.000000] Kernel command line: WAX610Y 1.0 console=ttyMSM0,115200n8 ubi.mtd=rootfs root=mtd:ubi_rootfs rootfstype=squashfs rootwait root=/dev/ubiblock0_1
[    0.000000] Unknown kernel command line parameters "WAX610Y", will be passed to user space.
[    0.000000] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
[    0.000000] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes, linear)
[    0.000000] Built 1 zonelists, mobility grouping on.  Total pages: 131072
[    0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
[    0.000000] software IO TLB: SWIOTLB bounce buffer size adjusted to 0MB
[    0.000000] software IO TLB: area num 4.
[    0.000000] software IO TLB: SWIOTLB bounce buffer size roundup to 1MB
[    0.000000] software IO TLB: mapped [mem 0x000000005f4c0000-0x000000005f5c0000] (1MB)
[    0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[    0.000000] rcu: Hierarchical RCU implementation.
[    0.000000] .Tracing variant of Tasks RCU enabled.
[    0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
[    0.000000] RCU Tasks Trace: Setting shift to 2 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=4.
[    0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
[    0.000000] Root IRQ handler: gic_handle_irq
[    0.000000] GICv2m: range[mem 0x0b00a000-0x0b00affc], SPI[448:479]
[    0.000000] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[    0.000000] arch_timer: cp15 and mmio timer(s) running at 24.00MHz (virt/virt).
[    0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x588fe9dc0, max_idle_ns: 440795202592 ns
[    0.000000] sched_clock: 56 bits at 24MHz, resolution 41ns, wraps every 4398046511097ns
[    0.000090] Calibrating delay loop (skipped), value calculated using timer frequency.. 48.00 BogoMIPS (lpj=240000)
[    0.000103] pid_max: default: 32768 minimum: 301
[    0.005094] Mount-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[    0.005107] Mountpoint-cache hash table entries: 1024 (order: 1, 8192 bytes, linear)
[    0.060112] rcu: Hierarchical SRCU implementation.
[    0.060120] rcu: .Max phase no-delay instances is 1000.
[    0.060425] Timer migration: 1 hierarchy levels; 8 children per group; 1 crossnode level
[    0.070408] smp: Bringing up secondary CPUs ...
[    0.080418] Detected VIPT I-cache on CPU1
[    0.080527] CPU1: Booted secondary processor 0x0000000001 [0x51af8014]
[    0.081272] Detected VIPT I-cache on CPU2
[    0.081348] CPU2: Booted secondary processor 0x0000000002 [0x51af8014]
[    0.090446] Detected VIPT I-cache on CPU3
[    0.090518] CPU3: Booted secondary processor 0x0000000003 [0x51af8014]
[    0.090601] smp: Brought up 1 node, 4 CPUs
[    0.090611] SMP: Total of 4 processors activated.
[    0.090615] CPU: All CPU(s) started at EL1
[    0.090619] CPU features: detected: 32-bit EL0 Support
[    0.090624] CPU features: detected: CRC32 instructions
[    0.090679] alternatives: applying system-wide alternatives
[    0.090875] CPU features: emulated: Privileged Access Never (PAN) using TTBR0_EL1 switching
[    0.091127] Memory: 381416K/524288K available (8896K kernel code, 902K rwdata, 2836K rodata, 1792K init, 302K bss, 139912K reserved, 0K cma-reserved)
[    0.097969] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[    0.097993] futex hash table entries: 1024 (order: 4, 65536 bytes, linear)
[    0.098101] 29040 pages in range for non-PLT usage
[    0.098106] 520560 pages in range for PLT usage
[    0.100253] pinctrl core: initialized pinctrl subsystem
[    0.104632] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[    0.105227] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
[    0.105268] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
[    0.105301] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
[    0.105673] thermal_sys: Registered thermal governor 'step_wise'
[    0.105733] cpuidle: using governor menu
[    0.105976] ASID allocator initialised with 65536 entries
[    0.111789] /soc@0/interrupt-controller@b000000: Fixed dependency cycle(s) with /soc@0/interrupt-controller@b000000
[    0.150934] qcom,cpr4-apss-regulator b018000.cpr4-ctrl: CPR valid fuse count: 4
[    0.172551] SCSI subsystem initialized
[    0.172752] usbcore: registered new interface driver usbfs
[    0.172791] usbcore: registered new interface driver hub
[    0.172840] usbcore: registered new device driver usb
[    0.173144] qcom_scm: convention: smc arm 64
[    0.174799] s2: Bringing 0uV into 725000-725000uV
[    0.175615] clocksource: Switched to clocksource arch_sys_counter
[    0.175946] l2: Bringing 0uV into 1800000-1800000uV
[    0.176072] qcom_rpm_smd_regulator remoteproc:glink-edge:rpm-requests:regulators: Supply for l2 (l2) resolved to itself
[    0.179471] NET: Registered PF_INET protocol family
[    0.179616] IP idents hash table entries: 8192 (order: 4, 65536 bytes, linear)
[    0.182016] tcp_listen_portaddr_hash hash table entries: 256 (order: 0, 4096 bytes, linear)
[    0.182036] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[    0.182053] TCP established hash table entries: 4096 (order: 3, 32768 bytes, linear)
[    0.182102] TCP bind hash table entries: 4096 (order: 5, 131072 bytes, linear)
[    0.182244] TCP: Hash tables configured (established 4096 bind 4096)
[    0.182703] MPTCP token hash table entries: 512 (order: 1, 12288 bytes, linear)
[    0.182865] UDP hash table entries: 256 (order: 1, 8192 bytes, linear)
[    0.182891] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes, linear)
[    0.183205] NET: Registered PF_UNIX/PF_LOCAL protocol family
[    0.183242] PCI: CLS 0 bytes, default 64
[    0.184973] workingset: timestamp_bits=46 max_order=17 bucket_order=0
[    0.185748] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.185755] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.188711] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 248)
[    0.199257] Serial: 8250/16550 driver, 16 ports, IRQ sharing enabled
[    0.203071] msm_serial 78b1000.serial: msm_serial: detected port #0
[    0.203156] msm_serial 78b1000.serial: uartclk = 1843200
[    0.203498] 78b1000.serial: ttyMSM0 at MMIO 0x78b1000 (irq = 22, base_baud = 115200) is a MSM
[    0.203573] msm_serial: console setup on port #0
[    0.203616] printk: legacy console [ttyMSM0] enabled
[    0.974627] msm_serial: driver initialized
[    0.984212] loop: module loaded
[    0.985521] nand: device found, Manufacturer ID: 0xef, Chip ID: 0xa1
[    0.986298] nand: Winbond W29N01HZ
[    0.992765] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[    1.013108] i2c_dev: i2c /dev entries driver
[    1.017968] sdhci: Secure Digital Host Controller Interface driver
[    1.018014] sdhci: Copyright(c) Pierre Ossman
[    1.023050] sdhci-pltfm: SDHCI platform and OF driver helper
[    1.031503] remoteproc remoteproc0: releasing cd00000.remoteproc
[    1.035926] NET: Registered PF_INET6 protocol family
[    1.040461] Segment Routing with IPv6
[    1.044188] In-situ OAM (IOAM) with IPv6
[    1.047796] NET: Registered PF_PACKET protocol family
[    1.051718] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[    1.056881] 8021q: 802.1Q VLAN Support v1.8
[    1.101940] qcom,cpr4-apss-regulator b018000.cpr4-ctrl: CPR valid fuse count: 4
[    1.102227] cpr4_ipq807x_apss_read_fuse_data: apc_corner: speed bin = 0
[    1.108090] cpr4_ipq807x_apss_read_fuse_data: apc_corner: CPR fusing revision = 2
[    1.114671] cpr4_ipq807x_apss_read_fuse_data: apc_corner: CPR misc fuse value = 0
[    1.122337] cpr4_ipq807x_apss_read_fuse_data: apc_corner: Voltage boost fuse config = 0 boost = disable
[    1.129868] cpr3_mem_acc_init: apc: not using memory accelerator regulator
[    1.138988] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused      SVS: open-loop= 675000 uV
[    1.145931] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused      NOM: open-loop= 787500 uV
[    1.155920] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused    TURBO: open-loop= 862500 uV
[    1.165723] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused   STURBO: open-loop= 925000 uV
[    1.175549] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused      SVS: quot[ 7]= 533, quot_offset[ 7]=   0
[    1.185335] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused      NOM: quot[ 7]= 723, quot_offset[ 7]= 190
[    1.196203] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused    TURBO: quot[ 7]= 844, quot_offset[ 7]= 120
[    1.207132] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused   STURBO: quot[ 7]= 943, quot_offset[ 7]=  95
[    1.218399] cpr3_regulator_init_ctrl: apc: Default CPR mode = closed-loop
[    1.222113] nand: device found, Manufacturer ID: 0xef, Chip ID: 0xa1
[    1.235781] nand: Winbond W29N01HZ
[    1.242177] nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[    1.245685] 23 qcomsmem partitions found on MTD device qcom_nand.0
[    1.252949] Creating 23 MTD partitions on "qcom_nand.0":
[    1.259168] 0x000000000000-0x000000180000 : "0:sbl1"
[    1.266503] 0x000000180000-0x000000280000 : "0:mibib"
[    1.270806] 0x000000280000-0x000000300000 : "0:bootconfig"
[    1.275276] 0x000000300000-0x000000380000 : "0:bootconfig1"
[    1.280687] 0x000000380000-0x000000700000 : "0:qsee"
[    1.288796] 0x000000700000-0x000000a80000 : "0:qsee_1"
[    1.293912] 0x000000a80000-0x000000b00000 : "0:devcfg"
[    1.296333] 0x000000b00000-0x000000b80000 : "0:devcfg_1"
[    1.301485] 0x000000b80000-0x000000c00000 : "0:rpm"
[    1.307058] 0x000000c00000-0x000000c80000 : "0:rpm_1"
[    1.311510] 0x000000c80000-0x000000d00000 : "0:cdt"
[    1.316829] 0x000000d00000-0x000000d80000 : "0:cdt_1"
[    1.321438] 0x000000d80000-0x000000e00000 : "0:appsblenv"
[    1.326670] 0x000000e00000-0x000000f80000 : "0:appsbl"
[    1.332926] 0x000000f80000-0x000001100000 : "0:appsbl_1"
[    1.337981] 0x000001100000-0x000001180000 : "0:art"
[    1.342508] 0x000001180000-0x000003e00000 : "rootfs"
[    1.385655] mtd: setting mtd16 (rootfs) as root device
[    1.386000] mtdsplit: no squashfs found in "rootfs"
[    1.389724] 0x000003e00000-0x000006a80000 : "rootfs_1"
[    1.433777] 0x000006a80000-0x000006b00000 : "0:ethphyfw"
[    1.434673] 0x000006b00000-0x000006c00000 : "0:mfgdata"
[    1.439480] 0x000006c00000-0x000007d00000 : "0:ntgrdata"
[    1.458431] 0x000007d00000-0x000007d80000 : "0:oops_log"
[    1.459344] 0x000007d80000-0x000008000000 : "0:reserved"
[    1.475211] cpufreq: cpufreq_online: CPU0: Running at unlisted initial frequency: 799999 KHz, changing to: 864000 KHz
[    1.477972] remoteproc remoteproc0: cd00000.remoteproc is available
[    1.485191] ubi0: attaching mtd16
[    1.717928] ubi0: scanning is finished
[    1.776348] ubi0: attached mtd16 (name "rootfs", size 44 MiB)
[    1.776389] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[    1.781083] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[    1.787867] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
[    1.794711] ubi0: good PEBs: 355, bad PEBs: 1, corrupted PEBs: 0
[    1.801485] ubi0: user volume: 5, internal volumes: 1, max. volumes count: 128
[    1.807747] ubi0: max/mean erase counter: 16/2, WL threshold: 4096, image sequence number: 248281062
[    1.814768] ubi0: available PEBs: 0, total reserved PEBs: 355, PEBs reserved for bad PEB handling: 19
[    1.824080] ubi0: background thread "ubi_bgt0d" started, PID 620
[    1.833818] block ubiblock0_3: created from ubi0:3(roo¸[    1.845248] Waiting for root device /dev/ubiblock0_1...

choose_part 1

IPQ6018# choose_part 1


the arguement in integer is 1

the primary boot value before setting is 0

the primary boot value is after setting 1



NAND erase: device 0 offset 0x280000, size 0x80000


Erasing at 0x280000 --  25% complete.
Erasing at 0x2a0000 --  50% complete.
Erasing at 0x2c0000 --  75% complete.
Erasing at 0x2e0000 -- 100% complete.

OK

IPQ6018# 


IPQ6018# reset


resetting ...


Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.XF.0.3-00077-IPQ60xxLZB-2
S - IMAGE_VARIANT_STRING=IPQ6018LA
S - OEM_IMAGE_VERSION_STRING=crm-ubuntu64
S - Boot Interface: NAND
S - Secure Boot: Off
S - Boot Config @ 0x000a602c = 0x000002e4
S - JTAG ID @ 0x000a607c = 0x0013a0e1
S - OEM ID @ 0x000a6080 = 0x00000000
S - Serial Number @ 0x000a4128 = 0x9c4da819
S - OEM Config Row 0 @ 0x000a4188 = 0x0000000000000000
S - OEM Config Row 1 @ 0x000a4190 = 0x0000000000000000
S - Feature Config Row 0 @ 0x000a4130 = 0x0000000008000001
S - Feature Config Row 1 @ 0x000a4138 = 0x02c3e83383000009
S - PBL Patch Ver: 1
S - I-cache: On
S - D-cache: On
B -      3413 - PBL, Start
B -       592 - bootable_media_detect_entry, Start
B -      4339 - bootable_media_detect_success, Start
B -      5147 - elf_loader_entry, Start
B -      5319 - auth_hash_seg_entry, Start
B -      7786 - auth_hash_seg_exit, Start
B -      8281 - elf_segs_hash_verify_entry, Start
B -    110432 - elf_segs_hash_verify_exit, Start
B -    114859 - auth_xbl_sec_hash_seg_entry, Start
B -    115002 - auth_xbl_sec_hash_seg_exit, Start
B -    121547 - xbl_sec_segs_hash_verify_entry, Start
B -    121547 - xbl_sec_segs_hash_verify_exit, Start
B -    122477 - PBL, End
B -    103242 - SBL1, Start
B -    243329 - GCC [RstStat:0x0, RstDbg:0x600000] WDog Stat : 0x4
B -    245769 - clock_init, Start
D -      2745 - clock_init, Delta
B -    254248 - boot_flash_init, Start
D -     29829 - boot_flash_init, Delta
B -    287371 - sbl1_ddr_set_default_params, Start
D -       244 - sbl1_ddr_set_default_params, Delta
B -    293989 - boot_config_data_table_init, Start
D -      4758 - boot_config_data_table_init, Delta - (575 Bytes)
B -    303810 - CDT Version:2,Platform ID:8,Major ID:3,Minor ID:2,Subtype:0
B -    308660 - Image Load, Start
D -      6618 - OEM_MISC Image Loaded, Delta - (0 Bytes)
B -    317993 - Image Load, Start
D -      5063 - PMIC Image Loaded, Delta - (0 Bytes)
B -    325862 - sbl1_ddr_set_params, Start
B -    330833 - CPR configuration: 0x366
B -    334036 - Pre_DDR_clock_init, Start
D -       183 - Pre_DDR_clock_init, Delta
D -         0 - sbl1_ddr_set_params, Delta
B -    370697 - Image Load, Start
D -       427 - APDP Image Loaded, Delta - (0 Bytes)
B -    383781 - Image Load, Start
D -       458 - QTI_MISC Image Loaded, Delta - (0 Bytes)
B -    386221 - Image Load, Start
D -       763 - Auth Metadata
D -       610 - Segments hash check
D -     22296 - QSEE Dev Config Image Loaded, Delta - (36354 Bytes)
B -    410469 - Image Load, Start
D -      6588 - Auth Metadata
D -     10675 - Segments hash check
D -    336415 - QSEE Image Loaded, Delta - (1470632 Bytes)
B -    747311 - Image Load, Start
D -       671 - Auth Metadata
D -       976 - Segments hash check
D -     35014 - RPM Image Loaded, Delta - (102664 Bytes)
B -    784002 - Image Load, Start
D -       762 - Auth Metadata
D -      3050 - Segments hash check
D -    117913 - APPSBL Image Loaded, Delta - (541348 Bytes)
B -    917562 - SBL1, End
D -    814594 - SBL1, Delta
S - Flash Throughput, 4000 KB/s  (2152245 Bytes,  432208 us)
S - Core 0 Frequency, 800 MHz
S - DDR Frequency, 466 MHz




U-Boot 2016.01-V9.0.0.23 (May 21 2020 - 11:58:58 +0530)



DRAM:  smem ram ptable found: ver: 2 len: 4

512 MiB

NAND:  ONFI device found

ID = 9500a1ef

Vendor = ef

Device = a1

SPI_ADDR_LEN=3

SF: Detected MX25U6435F with page size 256 Bytes, erase size 64 KiB, total 8 MiB

ipq_spi: page_size: 0x100, sector_size: 0x10000, size: 0x800000

136 MiB

MMC:   sdhci: Node Not found, skipping initialization



PCI0 is not defined in the device tree

In:    serial@78B1000

Out:   serial@78B1000

Err:   serial@78B1000

Product ID: WAX610Y

HW Version: 1.0

machid: 8030200

Power source: Adaptor

eth2 MAC Address from ART is not valid

eth3 MAC Address from ART is not valid

eth4 MAC Address from ART is not valid

eth5 MAC Address from ART is not valid

Hit any key to stop autoboot:  2 ... 1 ... 0 

Erasing NAND...


Erasing at 0xd80000 --  25% complete.
Erasing at 0xda0000 --  50% complete.
Erasing at 0xdc0000 --  75% complete.
Erasing at 0xde0000 -- 100% complete.

Writing to NAND... OK

ubi0: attaching mtd2

ubi0: scanning is finished

ubi0: attached mtd2 (name "mtd=0", size 44 MiB)

ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes

ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048

ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096

ubi0: good PEBs: 356, bad PEBs: 0, corrupted PEBs: 0

ubi0: user volume: 1, internal volumes: 1, max. volumes count: 128

ubi0: max/mean erase counter: 3/1, WL threshold: 4096, image sequence number: 2020437244

ubi0: available PEBs: 286, total reserved PEBs: 70, PEBs reserved for bad PEB handling: 20

Read 0 bytes from volume kernel to 44000000

No size specified -> Using max size (5840896)



Net:   MAC0 addr:44:a5:6e:cb:9c:df

PHY ID1: 0x4d

PHY ID2: 0xd101

EDMA ver 1 hw init

Num rings - TxDesc:1 (0-0) TxCmpl:1 (0-0)

RxDesc:1 (15-15) RxFill:1 (7-7)

ipq6018_edma_alloc_rings: successfull

ipq6018_edma_setup_ring_resources: successfull

ipq6018_edma_configure_rings: successfull

ipq6018_edma_hw_init: successfull

eth0



Net:   MAC0 addr:44:a5:6e:cb:9c:df

PHY ID1: 0x4d

PHY ID2: 0xd101

EDMA ver 1 hw init

Num rings - TxDesc:1 (0-0) TxCmpl:1 (0-0)

RxDesc:1 (15-15) RxFill:1 (7-7)

ipq6018_edma_alloc_rings: successfull

ipq6018_edma_setup_ring_resources: successfull

ipq6018_edma_configure_rings: successfull

ipq6018_edma_hw_init: successfull

, eth0

Warning: eth0 MAC addresses don't match:

Address in SROM is         44:a5:6e:cb:9c:df

Address in environment is  44:a5:6e:cb:9c:ef

IPQ6018#
18

@serverror

I fixed the problem by booting into the partition 1 and did the TFTP method.

Is there a way to completely get rid of Netgear stuff and be able to boot OpenWrt in either part 0 or 1.

Thanks a lot!

19

I think the WAX610Y needs a thorough re-evaluation. I performed another sysupgrade using the latest image, and the device broke again.

When using choose_part 0, the device gets stuck at /dev/ubiblock0_1
When using choose_part 1, it always drops into the U-Boot prompt, no matter how many times I try flashing it via the TFTP method.

20

As mentioned in the PR, it was never evaluated to begin with, just approximated on the WAX610.

That said, the issue you're seeing is most likely not limited to the Y model but rather an issue with the partition scheme that hasn't played well with a TFTP install. I'll see if I can replicate it when I have some time.

In the meanwhile, can you return to stock and use the UI install method instead and see if it's stable?