Support for Meraki MX85?

This is not a question, I am leaving the information here for anyone to find in the future when they are wondering if the Meraki MX85 will be supported by OpenWrt:

No

Do not purchase this device with the intention of running OpenWrt.

What follows is information from my WatchMySys blog on the MX85.


MX85 specs:

  • NXP LayerScape LS1046A (ARM A72, 4 cores @ 1.8GHz)
  • 8GB DDR4 RAM (Samsung K4AAG165WA-BCWE x4, soldered)
  • 16GB of EMMC flash (SanDisk SDINBDA6-16G)
  • Winbond W25Q64JVSIQ (x2)
  • Aikido/Cisco TAM hardware root-of-trust (Microchip SmartFusion2 M2S010)
  • Qualcomm QCA8337-AL3C 7-port Gigabit Ethernet Switch (x2, PDF datasheet)
  • Qualcomm QCA8334-AL3C 4-port Gigabit Ethernet Switch (PDF datasheet)
  • Atheros AR8033-AL1A Gigabit Ethernet PHY (dedicated management port)
  • Microchip PD69104B1 PSE controller (PoE WAN port)
  • UMEC UP1501D-54 150W power supply

The MX85 contains the Cisco TAM, implemented using a SmartFusion2 M2S010. The TAM is used for secure boot.

## Starting application at 0x82120000 ...
bootselect
## Application terminated, rc = 0x0
## Starting application at 0x82120000 ...

----Security Versions----
SecureBoot:  R6.3.66-f6737c7-20200623
SB Core:     F01257R21.038ae8d0b2020-05-15
Microloader: MK0007R01.0105062020
SF: Detected SPI Generic with page size 256 Bytes, erase size 4 KiB, total 16 MiB

----SecureBoot Registers----
system_invalid:            0
boot_check_count_error:    0
boot_done:                 1
boot_ok:                   1
boot_check_count_golden:   0
boot_check_count_upgrade:  2
boot_status_golden:        0
boot_status_upgrade:       1
first_bootloader:          1

----Upgrade----
boot_error:                0
boot_check_count_error_vc: 0
boot_check_count_error:    0
boot_timeout_vc:           0
boot_timeout:              0
boot_cs_good:              1
boot_config_error:         0
boot_version_error:        0
boot_config_error_code:    0
boot_error_code:           0
boot_cs_good:              1
boot_version_error:        0
boot1_cs_key_type:         1
boot1_cs_return_code:      0
boot1_cs_key_index:        5
boot2_cs_return_code:      0
boot2_cs_key_index:        5
boot2_cs_key_type:         1

----Other Registers----
fpga_version:      0090

Reading whitelist from TAM
whitelist.bin: 740 bytes

Converting whitelist to signature fdt
BOX-WINE_LDWM-rel
wired-arm64-AP-SECP384R1_1-rel
wired-arm64-OD-SECP384R1_1-rel
wired-arm64-RT-SECP384R1_1-rel
wrote 558 bytes to 0000000082330000
## Application terminated, rc = 0x0
** File not found part.new **
87760567 bytes read in 4176 ms (20 MiB/s)
## Loading kernel from FIT Image at a0000000 ...
   Using 'conf@3' configuration
   Verifying Hash Integrity ... sha384,secp384r1:wired-arm64-RT-SECP384R1_1-rel+ OK
   Trying 'kernel@1' kernel subimage
     Description:  Linux kernel
     Type:         Kernel Image
     Compression:  uncompressed
     Data Start:   0xa000012c
     Data Size:    10563592 Bytes = 10.1 MiB
     Architecture: AArch64
     OS:           Linux
     Load Address: 0x80080000
     Entry Point:  0x80080000
     Hash algo:    sha1
     Hash value:   186b252be8c267ec7b20b072de98fe3d51c93c7f
   Verifying Hash Integrity ... sha1+ OK
## Loading ramdisk from FIT Image at a0000000 ...
   Using 'conf@3' configuration
   Verifying Hash Integrity ... sha384,secp384r1:wired-arm64-RT-SECP384R1_1-rel+ OK
   Trying 'ramdisk@1' ramdisk subimage
     Description:  meraki-image
     Type:         RAMDisk Image
     Compression:  gzip compressed
     Data Start:   0xa0a13224
     Data Size:    76964193 Bytes = 73.4 MiB
     Architecture: AArch64
     OS:           Linux
     Load Address: unavailable
     Entry Point:  unavailable
     Hash algo:    sha1
     Hash value:   a1f027fbf5acbf81befdb6ce746fee76adf132d5
   Verifying Hash Integrity ... sha1+ OK
## Loading fdt from FIT Image at a0000000 ...
   Using 'conf@3' configuration
   Verifying Hash Integrity ... sha384,secp384r1:wired-arm64-RT-SECP384R1_1-rel+ OK
   Trying 'fdt@3' fdt subimage
     Description:  Flattened Device Tree blob
     Type:         Flat Device Tree
     Compression:  uncompressed
     Data Start:   0xa538fb0c
     Data Size:    46124 Bytes = 45 KiB
     Architecture: AArch64
     Load Address: 0x90000000
     Hash algo:    sha1
     Hash value:   dd869c604072a7e29f37cc6cb4e1c9c398a46295
   Verifying Hash Integrity ... sha1+ OK
   Loading fdt from 0xa538fb0c to 0x90000000
   Booting using the fdt blob at 0x90000000
   Loading Kernel Image ... OK
   Using Device Tree in place at 0000000090000000, end 000000009001e42b
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
WARNING failed to get smmu node: FDT_ERR_NOTFOUND
WARNING failed to get smmu node: FDT_ERR_NOTFOUND
*** din = 0x0000000000000000

All ahead full! Goodbye!

The U-Boot binary is signed. The environment is compiled into U-Boot. There is no string to interrupt boot.

U-Boot verifies the signature of the payload before booting. There is no way to modify U-Boot to disable signature verification or boot another payload.

Sure there is no diagnostic mode in OEM CLI?

Meraki devices do not have an OEM CLI.

There has not been shell access in the Meraki firmware for 7+ years.

1 Like