This is not a question, I am leaving the information here for anyone to find in the future when they are wondering if the Meraki MX85 will be supported by OpenWrt:
No
Do not purchase this device with the intention of running OpenWrt.
What follows is information from my WatchMySys blog on the MX85.
MX85 specs:
- NXP LayerScape LS1046A (ARM A72, 4 cores @ 1.8GHz)
- 8GB DDR4 RAM (Samsung K4AAG165WA-BCWE x4, soldered)
- 16GB of EMMC flash (SanDisk SDINBDA6-16G)
- Winbond W25Q64JVSIQ (x2)
- Aikido/Cisco TAM hardware root-of-trust (Microchip SmartFusion2 M2S010)
- Qualcomm QCA8337-AL3C 7-port Gigabit Ethernet Switch (x2, PDF datasheet)
- Qualcomm QCA8334-AL3C 4-port Gigabit Ethernet Switch (PDF datasheet)
- Atheros AR8033-AL1A Gigabit Ethernet PHY (dedicated management port)
- Microchip PD69104B1 PSE controller (PoE WAN port)
- UMEC UP1501D-54 150W power supply
The MX85 contains the Cisco TAM, implemented using a SmartFusion2 M2S010. The TAM is used for secure boot.
## Starting application at 0x82120000 ...
bootselect
## Application terminated, rc = 0x0
## Starting application at 0x82120000 ...
----Security Versions----
SecureBoot: R6.3.66-f6737c7-20200623
SB Core: F01257R21.038ae8d0b2020-05-15
Microloader: MK0007R01.0105062020
SF: Detected SPI Generic with page size 256 Bytes, erase size 4 KiB, total 16 MiB
----SecureBoot Registers----
system_invalid: 0
boot_check_count_error: 0
boot_done: 1
boot_ok: 1
boot_check_count_golden: 0
boot_check_count_upgrade: 2
boot_status_golden: 0
boot_status_upgrade: 1
first_bootloader: 1
----Upgrade----
boot_error: 0
boot_check_count_error_vc: 0
boot_check_count_error: 0
boot_timeout_vc: 0
boot_timeout: 0
boot_cs_good: 1
boot_config_error: 0
boot_version_error: 0
boot_config_error_code: 0
boot_error_code: 0
boot_cs_good: 1
boot_version_error: 0
boot1_cs_key_type: 1
boot1_cs_return_code: 0
boot1_cs_key_index: 5
boot2_cs_return_code: 0
boot2_cs_key_index: 5
boot2_cs_key_type: 1
----Other Registers----
fpga_version: 0090
Reading whitelist from TAM
whitelist.bin: 740 bytes
Converting whitelist to signature fdt
BOX-WINE_LDWM-rel
wired-arm64-AP-SECP384R1_1-rel
wired-arm64-OD-SECP384R1_1-rel
wired-arm64-RT-SECP384R1_1-rel
wrote 558 bytes to 0000000082330000
## Application terminated, rc = 0x0
** File not found part.new **
87760567 bytes read in 4176 ms (20 MiB/s)
## Loading kernel from FIT Image at a0000000 ...
Using 'conf@3' configuration
Verifying Hash Integrity ... sha384,secp384r1:wired-arm64-RT-SECP384R1_1-rel+ OK
Trying 'kernel@1' kernel subimage
Description: Linux kernel
Type: Kernel Image
Compression: uncompressed
Data Start: 0xa000012c
Data Size: 10563592 Bytes = 10.1 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x80080000
Entry Point: 0x80080000
Hash algo: sha1
Hash value: 186b252be8c267ec7b20b072de98fe3d51c93c7f
Verifying Hash Integrity ... sha1+ OK
## Loading ramdisk from FIT Image at a0000000 ...
Using 'conf@3' configuration
Verifying Hash Integrity ... sha384,secp384r1:wired-arm64-RT-SECP384R1_1-rel+ OK
Trying 'ramdisk@1' ramdisk subimage
Description: meraki-image
Type: RAMDisk Image
Compression: gzip compressed
Data Start: 0xa0a13224
Data Size: 76964193 Bytes = 73.4 MiB
Architecture: AArch64
OS: Linux
Load Address: unavailable
Entry Point: unavailable
Hash algo: sha1
Hash value: a1f027fbf5acbf81befdb6ce746fee76adf132d5
Verifying Hash Integrity ... sha1+ OK
## Loading fdt from FIT Image at a0000000 ...
Using 'conf@3' configuration
Verifying Hash Integrity ... sha384,secp384r1:wired-arm64-RT-SECP384R1_1-rel+ OK
Trying 'fdt@3' fdt subimage
Description: Flattened Device Tree blob
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0xa538fb0c
Data Size: 46124 Bytes = 45 KiB
Architecture: AArch64
Load Address: 0x90000000
Hash algo: sha1
Hash value: dd869c604072a7e29f37cc6cb4e1c9c398a46295
Verifying Hash Integrity ... sha1+ OK
Loading fdt from 0xa538fb0c to 0x90000000
Booting using the fdt blob at 0x90000000
Loading Kernel Image ... OK
Using Device Tree in place at 0000000090000000, end 000000009001e42b
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
fdt_update_ethernet_dt: Invalid SerDes prtcl 0x3333 for LS1046ARDB
WARNING failed to get smmu node: FDT_ERR_NOTFOUND
WARNING failed to get smmu node: FDT_ERR_NOTFOUND
*** din = 0x0000000000000000
All ahead full! Goodbye!
The U-Boot binary is signed. The environment is compiled into U-Boot. There is no string to interrupt boot.
U-Boot verifies the signature of the payload before booting. There is no way to modify U-Boot to disable signature verification or boot another payload.