RouterBoard firmware (not RouterOS) questions

I though RouterBoard firmware version didn't matter because it's only the bootloader. Thus I installed OpenWRT by selecting the factory/backup bootloader (v3.43 in this case) instead of downgrading to ROS 6.x (from 7.x) first.

However, I recently bumped into a forum post claiming that some runtime issues were fixed by upgrading the RouterBoard firmware (while already having an updated ROS).
And then I also remembered something about this, like some Mikrotik forum posts suggesting the RouterBoard firmware on these specific devices I have to realize the "improved wifi performance" claimed by the ROS release notes (may be it was the release notes themself, I don't know, it was years ago).

Now this brings up a few questions on my part:
1: Does the RouterBoard firmware really contain anything else besides the bootloader? Or at any rate, can it really affect runtime operation while using OpenWRT?
2: Can I update this firmware while running OpenWRT (without going back to ROS and then OpenWRT again)?
3: The https://openwrt.org/toh/mikrotik/common page only instructs the reader to downgrade from v7 to v6 but I wonder if any v6 will do or if the real issue is "protected-routerboot" instead (which is available since v3.24). *
4: Assuming RouterBoard firmware updates might update things besides the bootloader, does "force backup bootloader" also imply using a backup version of those things as well or is that option restricted solely to the bootloader?

  • Do note that the RouterBoard firmware version didn't match the RouterOS version and was much less frequently bumped up until a certain point and I personally can't remember what that point was (so it's possible to have a v3.x RB firmware installed from a running ROS 6.x which only complicates this further). Also, theoretically any fresh ROS v6 could have the new bootloader backported (I don't know if that's the case).

Ah, and yes, I checked the WiFi performance recently with OpenWRT and it's not that great. But I was too lazy to check right before switching to OpenWRT. (I was focusing on getting .11r and neglected some more obvious things. My bad...)

Updating the firmware on MikroTik RouterBoard devices can indeed have an impact on their runtime operation, and it's not just limited to the bootloader. Here are answers to your specific questions:

  1. RouterBoard Firmware Content: The firmware on a MikroTik RouterBoard does contain more than just the bootloader. It includes various drivers, device-specific settings, and functionality updates that can affect the device's overall performance and capabilities. It's not limited to the bootloader alone.
  2. Updating Firmware While Running OpenWRT: Yes, it is possible to update the RouterBoard firmware while running OpenWRT. MikroTik provides tools and methods for updating the firmware directly from their RouterOS operating system, and you can use these tools from within OpenWRT as well. However, it may require some command-line work and potentially scripting to achieve this.
  3. Firmware Version Compatibility: You are correct that sometimes certain RouterBoard firmware versions may be more compatible with specific OpenWRT versions or device features. To ensure compatibility, it's a good idea to check the OpenWRT documentation or community forums for specific recommendations regarding which RouterBoard firmware version works best with your OpenWRT setup. The "protected-routerboot" feature could indeed be a factor in compatibility, so you should consider that as well.
  4. "Force Backup Bootloader" Option: The "force backup bootloader" option typically refers to the bootloader only, and it doesn't necessarily imply using a backup version of other firmware components. This option is primarily used to switch to a different bootloader version in case the primary bootloader is corrupted or malfunctioning. Firmware updates typically involve updating the RouterOS firmware, which includes various components beyond just the bootloader.

In summary, updating the RouterBoard firmware can affect the device's runtime operation and compatibility with OpenWRT. You can update the firmware while running OpenWRT, but it might require some additional configuration or scripting. It's essential to consider compatibility between the RouterBoard firmware version, the OpenWRT version, and any device-specific features or settings you require.

1 Like

Please, quantitively detail the differences you see so that someone can look into them.

Of course. The bootloader initialises most parts of the hardware.

Yes, this has been detailed here before. Primary RouterBOOT is the (NRV2B compressed machine code) fwf file (which you can extract from RouterOS NPK squashfs), less headers, written to the right spot on NOR. Yes, it can be changed from OpenWrt, but get it wrong, and you have a brick.

The reason for v7 NOR RouterBOOT not booting OpenWrt is well detailed on the OpenWrt forum and Github. Nothing to do with protected.


Cannot decide if this is troll, homework, generative text, or all of the above. Seems to be many words adding up to meaninglessness…

2 Likes

LT:DR, All-In-All, I guess I should restore ROS (to the latest), set RouterBOOT to normal mode, measure WiFi, restore OpenWRT without messing with RouterBOOT settings, and measure WiFi, compare, decide...

Well, thank you for some actual answers (I didn't want to be rude to the first poster, but yeah...).

Sounds even more tiresome than switching back to ROS, updating the firmware, and restoring OpenWRT.

So NAND targets are unaffected? (Is the hAP AC AC 2 NAND-only? The build target is NAND but I read those talks about NOR+NAND and the Winbond W25Q128JVSM datasheet tells me it's SPI serial flash, no NAND or NOR words to be found in the text.)
In that case, all I might need to do is instruct the device to use the primary bootloader (which is fairly fresh now). Although I don't see any easy ways of doing it from OpenWRT. I only found a way described through serial console but that's more complicated than temporarily restoring ROS.

Sadly, I have nothing concrete (just things from years-old memories about how far and how fast WiFi used to reach when I did some real measurements/surveys).
At first, I was simply curious if wave2 features like FT would work in my environment and only planned to worry about other things after that.

It seems l caused a strange defect in one of the two hAP AC 2 boxes. May be I power-cycled it manually too soon when Netinstall told me it will reboot the board, the status changed to OK and nothing visible (like LED blinking or the box appearing in Winbox) happened for about 0.5-1 minute.
After that, I flashed OpenWRT and it took much longer than what I allowed for Netinstall. So I might have interrupted the flash or the initial ROS boot process.
It's no longer recognized by Netinstall after the "hold Reset and connect power" sequence. But I can boot the OpenWRT initramfs with pxesrv. And the backup booter (I assume it's the backup due to the version number reported in sysfs under OpenWRT) persistently boots OpenWRT from the flash (even if the box is power cycled). Whatever error there might be inside the flash, it probably causes a fallback to the backup bootloader (or my earlier change to set "use backup booter" still persists despite using Netinstall on the box without choosing to preserve settings). But I am not sure why it also lacks the Netinstall functionality if pxesrv works.

The network is functioning with OpenWRT (both ethernet and WLAN). But I can't go back to ROS using Netinstall.

Any idea how to repair this?
Is there a tool to control RouterBOOT parameters (like in ROS) to see if "use backup booter" is set?

Hi

ls /sys/firmware/mikrotik/soft_config/
bios_version  boot_delay    boot_device   boot_key      boot_proto    booter        commit        cpu_mode      silent_boot   uart_speed
cat /sys/firmware/mikrotik/soft_config/booter 
[regular] backup

i am using primary 7.11.2 booter on HAP AC2 with @johnth patch

cat /sys/firmware/mikrotik/soft_config/bios_version 
7.11.2
1 Like

Which one takes priority, soft or hard config? I currently read these:

root@F17a_AP0:~# cat /sys/firmware/mikrotik/hard_config/booter_version
3.43
root@F17a_AP0:~# cat /sys/firmware/mikrotik/soft_config/bios_version
6.49.10
root@F17a_AP0:~# cat /sys/firmware/mikrotik/soft_config/booter
[regular] backup
root@F17a_AP1:~# cat /sys/firmware/mikrotik/hard_config/booter_version
3.43
root@F17a_AP1:~# cat /sys/firmware/mikrotik/soft_config/bios_version
6.45.8
root@F17a_AP1:~# cat /sys/firmware/mikrotik/soft_config/booter
cat: can't open '/sys/firmware/mikrotik/soft_config/booter': No such file or directory

I see no other relevant things in hard_config and soft/boot_proto is [bootp] on both.

AP0 is the problematic one (not detected by Netinstall). Since it has a theoretically incompatible version selected in soft_config, I wager hard_config takes precedence.
But it's strange I can't read a soft_config/booter for AP1. I guess hard_config takes precedence here and v3 backup is used anyway.

Or does hard_config mean "when using the Reset button" and soft_config mean "when powering up normally"?

I built the images with ImageBuilder, not from source, so the RB_v7 patch is not applied. But, at any rate, it doesn't matter much in case of not being able to use Netinstall.

hmmm
mine is much newer

cat /sys/firmware/mikrotik/hard_config/booter_version 
6.43.10

anyway, my wild guess (and dangerous idea) is to flash RouterBoot from working device to broken one

cat /proc/mtd 
dev:    size   erasesize  name
mtd0: 00080000 00010000 "Qualcomm"
mtd1: 00080000 00010000 "RouterBoot"
mtd2: 00002000 00010000 "hard_config"
mtd3: 00007bbc 00010000 "dtb_config"
mtd4: 00001000 00010000 "soft_config"
mtd5: 00f00000 00010000 "firmware"
mtd6: 00320000 00010000 "kernel"
mtd7: 00be0000 00010000 "rootfs"
mtd8: 008b0000 00010000 "rootfs_data"

so you need MTD1 from good device
cat /dev/mtd1 > /tmp/mtd1.bin
transfer it

then on broken device

insmod mtd-rw i_want_a_brick=1
mtd unlock RouterBoot
mtd erase RouterBoot
mtd write /tmp/mtd1.bin RouterBoot

it is only idea, maybe you brick your device, maybe you will fix it to be reachable again with netinstall ...

1 Like

There might be unique things on that partition. I can't tell because the versions are different, so the content is inherently different.

mine is much newer
cat /sys/firmware/mikrotik/hard_config/booter_version
6.43.10

Based on this, hard_config/booter_version reads the version of the backup booter.
But that leaves me questioning what the soft_config parameters mean on my AP0, since that seemingly uses 6.49.10 to boot which is said to be incompatible with unpatched OpenWRT.
And why is soft_config/booter broken on the theoretically clean AP1? (Not applicable with v6.45.8?)

How did you update your RouterBoot: ROS/Netinstall or some script for OpenWRT?

Logic say: NO
here is relevant config partitions

mtd2: 00002000 00010000 "hard_config"
mtd3: 00007bbc 00010000 "dtb_config"
mtd4: 00001000 00010000 "soft_config"

so, from my point of view, it could be safe to rewrite bootloader

it was updated from ROS, i needed some 7.x features before switching to OWRT/DumbAP so i was upgrading to 7.x
that lead me after to mentioned patch, because i am sick of switching back/forth between ROS booters

maybe because of this
cat /sys/firmware/mikrotik/soft_config/bios_version 6.45.8
it is older than AP0
cat /sys/firmware/mikrotik/soft_config/bios_version 6.49.10
maybe it is too old to be read from sysfs driver

1 Like

hard config does not change (set by manufacturer)
booter_version is backup bootloader version
bios_version is primary bootloader version
soft config does change, and can be reset to defaults with one of the reset button at boot timings (read OEM manual).

Then OpenWrt is installed to flash, and RouterOS is not.

Triggering Netinstall is tedious. Watch the LED patterns (manual) to make sure you have reached netboot, then release reset. Try with both the backup bootloader (start reset hold before power), and primary (start reset button hold after power). Reset the soft config settings. Still no luck, you could mtd erase firmware https://github.com/openwrt/openwrt/blob/e3559fb4453c99c25f6234beda69e1e8a95e663f/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4018-hap-ac2.dts#L198 from an OpenWrt netboot (but always backup, and copy to PC, full mtd images before changing it manually).

booter was introduced with a later RouterBOOT version. Can also sometimes see this happen if you reset button reset soft config from backup bootloader versus from primary bootloader.

RouterBOOT is parent partition which includes per-device settings in children (hard; the MACs, serial, and WLAN calibration data), and the key). At best, lose your MACs and serial, RouterOS will likely want a new key, if a different revision possibly slow wifi.
You can see this from dmesg, or from DTS:

thank you for explanation, so i was wrong
but ...
if you backup [hard,dtb,soft] configs, reflash bootloader, and write back (from OWRT) these 3 partition, then it is still doable? or i am wrong ?

Also the ?key? (there is another very small chunk of data, guessing the RouterOS key). When I have done it (after many backups, hexdump and binwalk sessions, comparing the fwf to what is on flash, and a SOIC8 clip incase it goes wrong), I erase and write as little as possible; I manually define partitions in DTS for each bootloader, the configs, and the ?key, plus master partitions, so that I only touch the primary bootloader. Could do this with mtdpart, or via seeking, but more likely to get it wrong that way.

1 Like

Triggering Netinstall is tedious. Watch the LED patterns (manual) to make sure you have reached netboot, then release reset. Try with both the backup bootloader (start reset hold before power), and primary (start reset button hold after power).

Thanks, I wasn't aware netboot can be initiated with the primary bootloader as well. Although that might fail because I suspect the boot process falls back to using the backup bootloader when no button is pressed during boot. Or can you explain what else might be happening right now? According to the sysfs outputs I posted above, soft_config is set to use the primary bootloader which is theoretically incompatible with OpenWRT (it's v6.49, not .48), yet OpenWRT still boots from the flash (without the button touched and after full power loss).
Also, I gather sysfs can't tell the bootloader version actually in use, only the soft_config setting state for it.

I guess I will leave it as it is until I convince myself to build from source with your patch and then (try to) Netinstall the latest ROS.

No. It does really help to RTFM (and has been suggested more than once): https://help.mikrotik.com/docs/pages/viewpage.action?pageId=16351533#hAPac²-Buttonsandjumpers

I have not seen this, why would it be incompatible? If you are just parroting the wiki, please don't, that page is a huge mess, and that edit never bothered to document or justify their changes: https://openwrt.org/toh/mikrotik/common?do=diff&rev2[0]=1677350241&rev2[1]=1680834958&difftype=inline

Correct, it only decodes the type-length-value fields from hard and soft configs on NOR. Side note: RouterBOOT does pass version information (amongst other bits) to kernel command line, ex: ver=6.46.5 bver=6.42.4, but in how OpenWrt works on this device, it gets discarded.

I already read that. I indeed based those above written assumptions on the information found in the WiKi article and what I see in front of me. If that's incorrect then my assumptions based on that are indeed stupid.

Sorry for my ignorance. I tried to get by with the least amount of effort necessary instead of jumping into a full 360° 4D research. I haven't even compiled or used OpenWRT or Netinstall for 5+ years and I never used OpenWRT on Mikrotik hardware before recently.