OpenWrt Forum Archive

Topic: [WIP] Teldat / Bintec Elmeg RS353aw (VRX288 1.2 / VDSL)

The content of this topic has been archived on 3 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
sebtx
14 Nov 2016, 18:18

Hello,

(EDIT : topic moved to the right section)

I am trying to run openwrt on this router : http://www.teldat.fr/fr/bintec-RS353aw-845.html

- CPU : VRX288 v1.2 (PSB 80920 EL) @500MHz
- RAM : 128 MiB
- Flash : 32 MiB (AMD/Spansion S29GL256FLT2I)
- 5 Ethernet ports ( 2xPHY11G and 3xPEF7071 )
- Wireless : Atheros AR9300 Rev:4
- xDSL modem (ADSL2/VDSL VRX208)
- 1 USB 2.0 host port
- 1 uart port (accessible via front USB device port)
- 1 JTAG header (standard 14pin Mips)
- Power supply : 230V socket on back.
- Power / Status / DSL / WLAN / USB LEDs
- Function and reset buttons.
- i2c bus : S-35390A real time clock.

Bootloader : proprietary bootmon.
OS : Proprietary OS "BOSS".

Boot log : 

### RS353aw (Hardware-Rev. 1.0, Firmware-Rev. 1.1) ###

CPU   Check ... passed (MIPS 34KEc [MT] @ 500/250.0 MHz)
SDRAM Check ................................................................................................................................. passed (128 MByte)
FLASH Check  passed (32 MByte)

### Selftest passed ###


Press <sp> for boot monitor or any other key to boot system

Booting Image from Flash ROM
Checking image ... OK
Writing image to RAM (Release 10.1.9.106) ........................................................................................................................................................................................................................................................................................................................................................................................................................................................ OK (16385316 bytes)
Booting BOSS...
boss image started at 0x2d6a0


BOSS MIPS kernel v2.0 (RS353aw)
Copyright (c) 1996-2015 by bintec elmeg GmbH
Version V.10.1 Rev. 9 (Patch 6) IPv6, IPSec from 2016/07/21 00:00:00

The system is coming up.

Speed index... 332.80 MIPS
Collecting Entropy........................................
Installed modules:
Slot: BoardId      SerialNo        
   0: SYS-VRX                       OK   
   1: GETH5                         OK   
   3: VDSL                          OK   
   6: USB2                          OK   
   7: WLAN-ATH                      OK   
InstallModules = 0x5

The system is ready.

AUTOEXEC:
  1    date Wed Oct 26 20:41:15 2016 done
  1    configd   SystemId: RN7Fxxxxxxxxxxx  Cfg: (default) done
  4    dslvrxd background
  5    sysconfigd background
  5    usbd background
  9    comd background
  10    isdnd background
  11    isdnautocf background
  19    ethoad background
  19    pppoad background
  19    rpoad background
  50    brd background
  50    ipd background
  50    natproxyd background
  51    telnetd background
  51    alertd background
  51    telnetd6 background
  51    stfd background
  51    snmpd background
  52    httpd background
  52    syslogd background
  68    pppoed background
  69    itpd background
  69    tud background
  70    routed background
  70    pppd background
  70    radiusd background
  70    tacacspd background
  70    gremprd background
  70    l2tpd background
  90    timed background
  97    dnsd background
  97    alived background
  97    scheduled background
  97    watchd background
  99    vectoringd background
  99    authd background
  99    supplicantd background
  99    vcapid background
  99    ddnsd background
  99    bootpd background
BOOTP: creating ipRouteTableEntry
BOOTP: Dest=192.168.0.0 IfIndex=1000000
BOOTP: NextHop=192.168.0.254 Mask=255.255.255.0
  99    resolvd background
  99    pingd background
  99    scfgmgrd background
  99    stunneld background
  99    serviced background
  99    dhcp6d background
  99    ipsecd background
  99    isdnlogind background
  99    sshd background
  99    httpproxyd background
  99    traced background
  99    upnpd background
  99    capwapd background
  99    caad background
  99    wtpd background
  99    tr069d background



Welcome to RS353aw version V.10.1 Rev. 9 (Patch 6) IPv6, IPSec from 2016/07/21 00:00:00
systemname is rs353aw, location 


Login:

Pressing space key allows to enter to bootmonitor menu : 

Press <sp> for boot monitor or any other key to boot system



RS353aw Bootmonitor V.1.0 from 2013/10/31 00:00:00
Copyright (c) 1996-2013 by Bintec Elmeg GmbH

(1) Boot System
(2) Software Update via TFTP
(3) Software Update via XMODEM
(4) Delete Configuration
(5) Default Bootmonitor Parameters
(6) Show System Information

Your Choice>

From this menu you can do some basic actions such as delete configuration or upgrade firmware. At this point, I first downloaded the firmware update file from the manufacturer's website. You can flash this file from web GUI or tftp. Basically, this file is a micro updater OS (named BLUP), with some embedded files.

TFTP Upgrade process (the most interesting as it allows to boot directly from RAM) : 

RS353aw Bootmonitor V.1.0 from 2013/10/31 00:00:00
Copyright (c) 1996-2013 by Bintec Elmeg GmbH

(1) Boot System
(2) Software Update via TFTP
(3) Software Update via XMODEM
(4) Delete Configuration
(5) Default Bootmonitor Parameters
(6) Show System Information

Your Choice> 2

Enter local IP address [192.168.2.1]: 

Enter IP address of TFTP server [192.168.2.2]: 

Enter file name of image [test1.cev]: test.cev


Are your entries correct (y or n) ? y


Starting file transfer ................................................................................................................................................................................................................................................................................................................OK (9663748 bytes received)
Checking new image ... OK

Your current software release is 10.1.9.106.
Loaded new image has release 1.0.

Now choose from the following:

(u) Update Flash ROM
(r) Write image to RAM and start it
(e) Exit

Enter (u, r or e): r

Booting BOSS...
boss image started at 0x5fb0034


RS353aw BLUP V.(SRC) from Sep 25 2013 15:40:16
Copyright (c) 1996-2013 by Bintec Elmeg GmbH

List of files in this update (len 9503948):
  Version    Length  Name
10.1.9.106   6358675  Boss
10.1.9.106   1771126  webpages.ez
10.1.9.106   1308477  text_ger.ez
      1.1     65664  GPHY_CPR

Proceed with update (y or n) ? y


*** Don't power-off your router while the update takes place ***


Updating Boss
New software release is 10.1.9.106
Erasing Flash-ROM ................................................. OK
Writing Flash-ROM ................................................. OK
Verify  Flash-ROM ................................................. OK

Updating webpages.ez
skipped, already in flash

Updating text_ger.ez
skipped, already in flash

Updating GPHY_CPR
skipped, already in flash

Blup update successful.
Rebooting...

As you can see, it downloads the file and starts it. The entry point seems to be 0x5fb0034.

If you try to alter the upgrade file, it tells you "incorrect CRC" but it tells you the correct CRC.

Here is the beginning of the upgrade file :

00000000  54 45 4C 44  41 54 20 43   6C 6F 73 65  64 45 79 65                                                 TELDAT ClosedEye
00000010  56 69 73 75  61 6C 00 00   01 00 00 01  00 00 00 00                                                 Visual..........
00000020  00 02 70 00  00 02 70 00   00 00 00 00  EC B8 D4 64                                                 ..p...p........d
00000030  EC B8 D4 64  10 00 00 0A   00 00 00 00  43 45 56 00                                                 ...d........CEV.
00000040  04 00 04 20  00 00 00 00   00 01 A6 20  00 01 B0 00                                                 ... ....... ....
00000050  00 01 B6 50  00 02 70 00   00 01 55 90  00 01 A3 90                                                 ...P..p...U.....
00000060  04 11 00 01  00 00 00 00   3C 08 00 01  25 08 2C 94                                                 ........<...%.,.
00000070  3C 09 00 00  25 29 00 34   01 09 40 23  01 1F 40 21                                                 <...%).4..@#..@!
00000080  01 00 00 08  00 00 00 00   00 00 00 00  00 00 00 00                                                 ................
00000090  00 00 00 00  00 00 00 00   00 00 00 00  00 00 00 00                                                 ................

You can find :

- Magic string at the beginning "TELDAT ClosedEyeVisual"
- The BLUP Image length in Bytes 00027000 (159744Bytes). The CRC is calculated in this area.
- Fisrt Image CRC EC B8 D4 64 at offset 2C
- Second image CRC (which is the same) at offset 30
- Beginning of the BLUP upgrader at offset 34.
- Magic string "CEV" of BLUP at offset 3C

While downloading the firmware, the device checks if the CRC is correct. Then, it verifies if the image is valid (by checking the presence of "CEV" magic). Finally, it writes the entire image to RAM at 0x05fb0000 address. At this point, you can see the first execution begins at 0x05fb0034. If you go to offset 34, you can see the ASM instruction 1000000A which is a jump to offset 0x3E (0A+34). This avoid executing the magic string (CEV) and crash.

For testing purpose, you can run the following commands : 

$ dd if=update.cev of=image bs=1 skip=52 count=159744
159744+0 enregistrements lus
159744+0 enregistrements écrits
159744 bytes (160 kB, 156 KiB) copied, 0,190313 s, 839 kB/s

$ crc32 image
ecb8d464

You can see the CRC is correct smile

To execute my own code, I have to put it somewhere after the magic string, and modify the Jump instruction. For simplicity, I choose to put the new code at offset 0x40.

First, I cut the upgrade file to keep only the first 64bytes. This is done with dd.

dd if=upgrade.cev of=header.cev bs=64 count=1

Then, with an hex editor, modify the jump at offset 34 to jump to offset 40 : 

10 00 00 02  00 00 00 00  43 45 56 00

Then, simply concatenate your code with cat :

cat header.cev mycode.bin > newimage.cev

At this point, you  have a good image, but with incorrect CRC. To obtain the correct CRC, you just have to download this image to the router with tftp, and it will tells you the good CRC. Copy/paste to your image using an hex editor.

Checking new image ... failed: CRC-error (0x042b49b7 <> 0xd90a573a)

I compiled U-boot after changing TEXT_START to offset 0x05FB0040 (I will explain how to do that), and tried to boot it. See next post.

(Last edited by sebtx on 14 Nov 2016, 21:44)

Post #2
sebtx
14 Nov 2016, 18:19

To compile u-boot, I started from arv7519rw board, and modified the generic vrx200 config file (arch/mips/include/asm/arch-vrx200/config.h)

I compiled U-boot-ram to avoid some lowlevel initialization.

You have to redefine the memory layout : 

#if defined(CONFIG_SYS_BOOT_RAM)
#define CONFIG_SYS_TEXT_BASE            0x5FB0040 // Was 0xA0100000
#define CONFIG_SKIP_LOWLEVEL_INIT
#define CONFIG_SYS_DISABLE_CACHE
#endif

After that, you can put u-boot.img at offset 0x40 and try to boot it !

Starting file transfer ...OK (125668 bytes received)
Checking new image ... OK

Your current software release is 10.1.9.106.
Loaded new image has release 1.0.

Now choose from the following:

(u) Update Flash ROM
(r) Write image to RAM and start it
(e) Exit

Enter (u, r or e): r

Booting BOSS...
boss image started at 0x5fb0034��

U-Boot 2014.01-openwrt4-gef35f22-dirty (Oct 27 2016 - 09:05:05) rs353aw

Board: Bintec RS353aw
SoC:   Lantiq VRX288 v1.2
CPU:   500 MHz
IO:    250 MHz
BUS:   250 MHz
BOOT:  NOR w/o BootROM
DRAM:  128 MiB
Top of RAM usable for U-Boot at: 08000000
Reserving 123k for U-Boot at: 07fe0000
Reserving 1032k for malloc() at: 07ede000
Reserving 32 Bytes for Board Info at: 07eddfe0
Reserving 128 Bytes for Global Data at: 07eddf60
Reserving 128k for boot params() at: 07ebdf60
Stack Pointer at: 07ebdf48
Now running in RAM - U-Boot at: 07fe0000
Using default environment

Destroy Hash Table: 07ffcd7c table = 00000000
Create Hash Table: N=67
INSERT: table 07ffcd7c, filled 1/67 rv 07ede3e0 ==> name="bootdelay" value="2"
INSERT: table 07ffcd7c, filled 2/67 rv 07ede3f4 ==> name="baudrate" value="115200"
INSERT: free(data = 07ede008)
INSERT: done
In:    serial
Out:   serial
Err:   serial
Initial value for argc=3
Final value for argc=3
Initial value for argc=3
Final value for argc=3
Initial value for argc=3
Final value for argc=3
### main_loop entered: bootdelay=2

### main_loop: bootcmd="<UNDEFINED>"
rs353aw # 
rs353aw # 
rs353aw # 
rs353aw # 
rs353aw #

After enabling Flash, Ethernet, and disabled Watchdog : 

U-Boot 2014.01-openwrt4-gef35f22-dirty (Oct 27 2016 - 09:27:59) rs353aw

Board: Bintec RS353aw
SoC:   Lantiq VRX288 v1.2
CPU:   500 MHz
IO:    250 MHz
BUS:   250 MHz
BOOT:  NOR w/o BootROM
DRAM:  128 MiB
Flash: 32 MiB
Using default environment

In:    serial
Out:   serial
Err:   serial
Net:   ltq-eth
rs353aw #

Now ready for the next....


Little kernel boot test -_-

rs353aw # tftp 0x1000000 openwrt-15.05-lantiq-xway-ARV7519PW-uImage
ltq_phy: addr 0, link 0, speed 10, duplex 0
ltq_phy: addr 17, link 0, speed 10, duplex 0
ltq_phy: addr 18, link 0, speed 10, duplex 0
ltq_phy: addr 19, link 1, speed 100, duplex 1
ltq_phy: addr 20, link 0, speed 10, duplex 0
Using ltq-eth device
TFTP from server 192.168.2.2; our IP address is 192.168.2.1
Filename 'openwrt-15.05-lantiq-xway-ARV7519PW-uImage'.
Load address: 0x1000000
Loading: #################################################################
     #################################################################
     #################################################################
     #################################################################
     #######################
done
Bytes transferred = 1444836 (160be4 hex)
rs353aw # bootm
## Booting kernel from Legacy Image at 01000000 ...
   Image Name:   MIPS OpenWrt Linux-3.18.20
   Created:      2015-09-11  17:00:55 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    1444772 Bytes = 1.4 MiB
   Load Address: 80002000
   Entry Point:  80002000
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK

Starting kernel ...

[    0.000000] Linux version 3.18.20 (buildbot@builder1) (gcc version 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r46450) ) #1 Fri Sep 4 17:16:20 CEST 2015
[    0.000000] SoC: VR9 rev 1.2
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019556 (MIPS 34Kc)
[    0.000000] MIPS: machine is ARV7519PW - Astoria Networks
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 04000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x00000000-0x03ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x00000000-0x03ffffff]
[    0.000000] Initmem setup node 0 [mem 0x00000000-0x03ffffff]
[    0.000000] Primary instruction cache 32kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 16256
[    0.000000] Kernel command line: console=ttyLTQ0,115200 init=/etc/preinit
[    0.000000] PID hash table entries: 256 (order: -2, 1024 bytes)
[    0.000000] Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
[    0.000000] Writing ErrCtl register=00048500
[    0.000000] Readback ErrCtl register=00048500
[    0.000000] Memory: 60336K/65536K available (3475K kernel code, 154K rwdata, 556K rodata, 148K init, 195K bss, 5200K reserved)
[    0.000000] NR_IRQS:256
[    0.000000] CPU Clock: 333MHz
[    0.016000] Calibrating delay loop... 7.64 BogoMIPS (lpj=15296)
[    0.072000] pid_max: default: 32768 minimum: 301
[    0.088000] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.092000] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.176000] pinctrl core: initialized pinctrl subsystem
[    0.308000] NET: Registered protocol family 16
[    0.436000] pinctrl-xway 1e100b10.pinmux: Init done
[    0.464000] dma-xway 1e104100.dma: Init done - hw rev: 7, ports: 7, channels: 28
[    0.524000] PCI host bridge /fpi@10000000/pci@E105400 ranges:
[    0.528000]  MEM 0x0000000018000000..0x0000000019ffffff
[    0.532000]   IO 0x000000001ae00000..0x000000001affffff
[    0.684000] usbcore: registered new interface driver usbfs
[    0.688000] usbcore: registered new interface driver hub
[    0.692000] usbcore: registered new device driver usb
[    0.704000] PCI host bridge to bus 0000:00
[    0.708000] pci_bus 0000:00: root bus resource [mem 0x18000000-0x19ffffff]
[    0.712000] pci_bus 0000:00: root bus resource [io  0xffffffff]
[    0.716000] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
[    0.744000] Switched to clocksource MIPS
[    0.796000] NET: Registered protocol family 2
[    0.856000] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.868000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[    0.880000] TCP: Hash tables configured (established 1024 bind 1024)
[    0.892000] TCP: reno registered
[    0.900000] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    0.908000] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    0.932000] NET: Registered protocol family 1
[    0.948000] gptu: totally 6 16-bit timers/counters
[    0.960000] gptu: misc_register on minor 63
[    0.968000] gptu: succeeded to request irq 126
[    0.972000] gptu: succeeded to request irq 127
[    0.980000] gptu: succeeded to request irq 128
[    0.988000] gptu: succeeded to request irq 129
[    0.996000] gptu: succeeded to request irq 130
[    1.004000] gptu: succeeded to request irq 131
[    1.060000] lantiq,vmmc 1f103000.vmmc: reserved 1MB at 0x03a00000
[    1.088000] ralink,eeprom ralink_eep: using RT2860.eeprom as eeprom
[    1.124000] futex hash table entries: 256 (order: -1, 3072 bytes)
[    1.152000] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    1.160000] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    1.200000] msgmni has been set to 117
[    1.220000] io scheduler noop registered
[    1.228000] io scheduler deadline registered (default)
[    1.244000] gpio-export gpio_export: 1 gpio(s) exported
[    1.264000] 1e100c00.serial: ttyLTQ0 at MMIO 0x1e100c00 (irq = 112, base_baud = 0) is a lantiq,asc

Now, it's time to build flashable firmware.

Post #3
sebtx
14 Nov 2016, 18:19

Decided flash layout : 

4 MB for kernel
26,75 MB for rootfs

Offset          Size            Name
0x10000000      0x20000         logic_config
0x10020000      0x20000         logic_addr
0x10040000      0x20000         bootmonitor
0x10080000      0x40000         flash_config
0x100c0000      0x40000         u-boot
0x10100000      0x20000         u-boot-env
0x10120000      0x400000        kernel
0x10520000      0x1AC0000       rootfs
0x11FE0000      0x20000         GPHY_CPR
Post #4
sebtx
14 Nov 2016, 18:19

Booting with rootfs in flash : 

rs353aw # bootm
## Booting kernel from Legacy Image at 01000000 ...
   Image Name:   MIPS OpenWrt Linux-4.4.7
   Created:      2016-06-30   5:39:05 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    1678675 Bytes = 1.6 MiB
   Load Address: 80002000
   Entry Point:  80002000
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK

Starting kernel ...

[    0.000000] Linux version 4.4.7 (qa@serveurQA) (gcc version 5.3.0 (OpenWrt GCC 5.3.0 r49395) ) #23 Fri Oct 28 22:06:56 UTC 2016
[    0.000000] SoC: xRX200 rev 1.2
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019556 (MIPS 34Kc)
[    0.000000] MIPS: machine is Bintec Elmeg RS353aw
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 08000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] Primary instruction cache 32kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 32512
[    0.000000] Kernel command line: console=ttyLTQ0,115200 init=/etc/preinit
[    0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[    0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Writing ErrCtl register=0007fdb0
[    0.000000] Readback ErrCtl register=0007fdb0
[    0.000000] Memory: 123372K/131072K available (3755K kernel code, 164K rwdata, 1144K rodata, 1192K init, 211K bss, 7700K reserved, 0K cma-reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[    0.000000] NR_IRQS:256
[    0.000000] CPU Clock: 500MHz
[    0.000000] clocksource: MIPS: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041786 ns
[    0.000266] sched_clock: 32 bits at 250MHz, resolution 4ns, wraps every 8589934590ns
[    0.008463] Calibrating delay loop... 11.52 BogoMIPS (lpj=23040)
[    0.065129] pid_max: default: 32768 minimum: 301
[    0.072898] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.080047] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.222613] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[    0.235937] pinctrl core: initialized pinctrl subsystem
[    0.260816] NET: Registered protocol family 16
[    0.358680] pinctrl-xway 1e100b10.pinmux: Init done
[    0.377890] dma-xway 1e104100.dma: Init done - hw rev: 7, ports: 7, channels: 28
[    0.540321] dcdc-xrx200 1f106a00.dcdc: Core Voltage : 1016 mV
[    0.663008] PCI host bridge /fpi@10000000/pci@E105400 ranges:
[    0.669458]  MEM 0x0000000018000000..0x0000000019ffffff
[    0.675236]   IO 0x000000001ae00000..0x000000001affffff
[    0.914111] usbcore: registered new interface driver usbfs
[    0.922185] usbcore: registered new interface driver hub
[    0.929340] usbcore: registered new device driver usb
[    0.941360] PCI host bridge to bus 0000:00
[    0.946165] pci_bus 0000:00: root bus resource [mem 0x18000000-0x19ffffff]
[    0.953728] pci_bus 0000:00: root bus resource [io  0xffffffff]
[    0.960349] pci_bus 0000:00: root bus resource [??? 0x00000000 flags 0x0]
[    0.967761] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
[    0.998767] clocksource: Switched to clocksource MIPS
[    1.041284] NET: Registered protocol family 2
[    1.069060] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    1.077560] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
[    1.085097] TCP: Hash tables configured (established 1024 bind 1024)
[    1.093546] UDP hash table entries: 256 (order: 0, 4096 bytes)
[    1.100553] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[    1.112043] NET: Registered protocol family 1
[    1.124764] gptu: totally 6 16-bit timers/counters
[    1.132384] gptu: misc_register on minor 63
[    1.137033] gptu: succeeded to request irq 126
[    1.141946] gptu: succeeded to request irq 127
[    1.147075] gptu: succeeded to request irq 128
[    1.151989] gptu: succeeded to request irq 129
[    1.156902] gptu: succeeded to request irq 130
[    1.161815] gptu: succeeded to request irq 131
[    1.184281] phy-xrx200 gphy-xrx200: requesting lantiq/vr9_phy22f_a2x.bin
[    1.198453] phy-xrx200 gphy-xrx200: booting GPHY0 firmware at 7960000
[    1.205950] phy-xrx200 gphy-xrx200: booting GPHY1 firmware at 7960000
[    1.213450] phy-xrx200 gphy-xrx200: booting GPHY2 firmware at 7960000
[    1.220599] phy-xrx200 gphy-xrx200: 2 is an invalid gphy id
[    1.227134] phy-xrx200: probe of gphy-xrx200 failed with error -22
[    1.253997] futex hash table entries: 256 (order: -1, 3072 bytes)
[    1.739346] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    1.745974] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    1.818091] io scheduler noop registered
[    1.823215] io scheduler deadline registered (default)
[    1.839714] 1e100c00.serial: ttyLTQ0 at MMIO 0x1e100c00 (irq = 112, base_baud = 0) is a lantiq,asc
[    1.849518] console [ttyLTQ0] enabled
[    1.849518] console [ttyLTQ0] enabled
[    1.857310] bootconsole [early0] disabled
[    1.857310] bootconsole [early0] disabled
[    1.885810] lantiq nor flash device: 02000000 at 10000000
[    1.891858] ltq_nor: Found 1 x16 devices at 0x0 in 16-bit bank. Manufacturer ID 0x0000c2 Chip ID 0x00227e
[    1.900724] Amd/Fujitsu Extended Query Table at 0x0040
[    1.905857]   Amd/Fujitsu Extended Query version 1.3.
[    1.911052] number of CFI chips: 1
[    1.915139] 9 ofpart partitions found on MTD device ltq_nor
[    1.919874] Creating 9 MTD partitions on "ltq_nor":
[    1.924853] 0x000000000000-0x000000020000 : "logic_config"
[    1.982708] 0x000000020000-0x000000040000 : "logic_addr"
[    2.024659] 0x000000040000-0x000000060000 : "bootmonitor"
[    2.066320] 0x000000080000-0x0000000c0000 : "flash_config"
[    2.108156] 0x0000000c0000-0x000000100000 : "uboot"
[    2.149619] 0x000000100000-0x000000120000 : "uboot-env"
[    2.192428] 0x000000120000-0x000000520000 : "kernel"
[    2.234383] 0x000000520000-0x000001fe0000 : "rootfs"
[    2.276581] mtd: device 7 (rootfs) set to be root filesystem
[    2.281574] 1 squashfs-split partitions found on MTD device rootfs
[    2.287716] 0x000000720000-0x000001fe0000 : "rootfs_data"
[    2.330343] 0x000001fe0000-0x000002000000 : "GPHY_CPR"
[    2.535450] libphy: lantiq,xrx200-mdio: probed
[    2.641366] net-xrx200: invalid MAC, using random
[    2.708063] eth0: attached PHY [Lantiq XWAY PEF7071] (phy_addr=0:00, irq=-1)
[    2.780030] eth0: attached PHY [Lantiq XWAY XRX PHY22F v1.4] (phy_addr=0:13, irq=-1)
[    2.852033] eth0: attached PHY [Lantiq XWAY XRX PHY22F v1.4] (phy_addr=0:14, irq=-1)
[    2.924026] eth0: attached PHY [Lantiq XWAY XRX PHY22F v1.4] (phy_addr=0:11, irq=-1)
[    2.996025] eth0: attached PHY [Lantiq XWAY XRX PHY22F v1.4] (phy_addr=0:12, irq=-1)
[    3.025120] wdt 1f8803f0.watchdog: Init done
[    3.079610] NET: Registered protocol family 10
[    3.152180] NET: Registered protocol family 17
[    3.156947] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    3.169044] 8021q: 802.1Q VLAN Support v1.8
[    3.267359] UBIFS error (pid: 1): cannot open "ubi0:rootfs", error -19
[    3.295313] VFS: Mounted root (squashfs filesystem) readonly on device 31:7.
[    3.347312] Freeing unused kernel memory: 1192K (804f6000 - 80620000)
[    6.911721] eth0: port 4 got link
[   30.576195] init: Console is alive
[   30.581189] init: - watchdog -
[   33.115639] random: nonblocking pool is initialized
[   60.975871] init: - preinit -
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[   80.041480] jffs2: notice: (372) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   80.083438] mount_root: switching to jffs2 overlay
[   80.325686] procd: - early -
[   80.329082] procd: - watchdog -
[   85.731946] procd: - ubus -
[   85.969378] procd: - init -
Please press Enter to activate this console.



BusyBox v1.24.2 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 DESIGNATED DRIVER (Bleeding Edge, r49395)
 -----------------------------------------------------
  * 2 oz. Orange Juice         Combine all juices in a
  * 2 oz. Pineapple Juice      tall glass filled with
  * 2 oz. Grapefruit Juice     ice, stir well.
  * 2 oz. Cranberry Juice
 -----------------------------------------------------
root@(none):/# [  106.134032] IFXOS, Version 1.5.19 (c) Copyright 2009, Lantiq Deutschland GmbH
[  106.203754] NET: Registered protocol family 8
[  106.207346] NET: Registered protocol family 20
[  106.313917] PPP generic driver version 2.4.2
[  106.440226] ip6_tables: (C) 2000-2006 Netfilter Core Team
[  106.789990] Lantiq (VRX) DSL CPE MEI driver, version 1.4.8.5, (c) 2013 Lantiq Deutschland GmbH

Lantiq CPE API Driver version: DSL CPE API V4.16.6.3
[  106.966619] 
[  106.966619] Predefined debug level: 3
[  107.045212] Loading modules backported from Linux version v4.4-rc5-1913-gc8fdf68
[  107.051883] Backport generated by backports.git backports-20151218-0-g2f58d9d
[  107.115030] ip_tables: (C) 2000-2006 Netfilter Core Team
[  107.225102] Infineon Technologies DEU driver version 2.0.0 
[  107.248191] IFX DEU DES initialized (multiblock).
[  107.263483] IFX DEU AES initialized (multiblock).
[  107.271988] IFX DEU ARC4 initialized (multiblock).
[  107.278434] IFX DEU SHA1 initialized.
[  107.283726] IFX DEU MD5 initialized.
[  107.288682] IFX DEU SHA1_HMAC initialized.
[  107.294448] IFX DEU MD5_HMAC initialized.
[  107.440226] nf_conntrack version 0.5.0 (1946 buckets, 7784 max)
[  107.777938] NET: Registered protocol family 24
[  108.097651] xt_time: kernel timezone is -0000

root@OpenWrt:/#

But the processor is very slow : 

root@OpenWrt:/# cat /proc/cpuinfo 
system type        : xRX200 rev 1.2
machine            : Bintec Elmeg RS353aw
processor        : 0
cpu model        : MIPS 34Kc V5.6
BogoMIPS        : 11.52
wait instruction    : yes
microsecond timers    : yes
tlb_entries        : 16
extra interrupt vector    : yes
hardware watchpoint    : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa            : mips1 mips2 mips32r1 mips32r2
ASEs implemented    : mips16 dsp mt
shadow register sets    : 1
kscratch registers    : 0
package            : 0
core            : 0
VCED exceptions        : not available
VCEI exceptions        : not available

EDIT : OK I found the reason. You have to disable this config option to have normal processor speed : 

#define CONFIG_SYS_DISABLE_CACHE

It's a particularity of U-boot-RAM.

Post #5
sebtx
14 Nov 2016, 18:19

Some good news !

First dts file to make openwrt compatible : 

/dts-v1/;

/include/ "vr9.dtsi"

/ {
    model = "Bintec Elmeg RS353aw";

    chosen {
        bootargs = "console=ttyLTQ0,115200 init=/etc/preinit";
        leds {
                        running = &status;
                        boot = &status;
            wifi = &wlan;
            usb = &usb;
                };

    };

    memory@0 {
        reg = <0x0 0x8000000>;
    };

    sram@1F000000 {
        cgu0: cgu@103000 {
                        compatible = "lantiq,cgu-xway";
                        reg = <0x103000 0x1000>;
                        #clock-cells = <1>;
            lantiq,phy-clk-src = <0x2>;
        };
    };

    fpi@10000000 {
        localbus@0 {
            nor-boot@0 {
                compatible = "lantiq,nor";
                bank-width = <2>;
                reg = <0 0x0 0x2000000>;
                #address-cells = <1>;
                #size-cells = <1>;

                partitions {
                    compatible = "fixed-partitions";
                    #address-cells = <1>;
                    #size-cells = <1>;

                    boardconfig: partition@0 {
                        label = "logic_config";
                        reg = <0x0 0x20000>;
                        read-only;
                    };

                    partition@0x20000 {
                        label = "logic_addr";
                        reg = <0x20000 0x20000>;
                        read-only;
                    };

                    partition@0x40000 {
                        label = "bootmonitor";
                        reg = <0x40000 0x20000>;
                        read-only;
                    };

                    partition@0x80000 {
                        label = "flash_config";
                        reg = <0x80000 0x40000>;
                        read-only;
                    };

                    partition@0xc0000 {
                                                label = "uboot";
                                                reg = <0xc0000 0x40000>;
                                                read-only;
                                        };

                    partition@0x100000 {
                                                label = "uboot-env";
                                                reg = <0x100000 0x20000>;
                                                read-only;
                                        };
                    
                    partition@0x120000 {
                                                label = "firmware";
                                                reg = <0x120000 0x1EC0000>;
                                        };

                    partition@0x1FE0000 {
                                                label = "GPHY_CPR";
                                                reg = <0x1FE0000 0x20000>;
                                        };

                };
            };
        };

        gpio: pinmux@E100B10 {
            pinctrl-names = "default";
            pinctrl-0 = <&state_default>;

            state_default: pinmux {
                mdio {
                    lantiq,groups = "mdio";
                    lantiq,function = "mdio";
                };
                i2c {
                    lantiq,pins = "io19", "io20"; /* port i2c */
                    lantiq,open-drain;
                    lantiq,pull = <2>;
                };

            };
        };

        ifxhcd@E101000 {
            status = "okay";
            /* gpios = <&gpio 14 0>; */
        };

        ifxhcd@E106000 {
            status = "okay";
            /* gpios = <&gpio 14 0>; */
        };

        pcie@d900000 {
            status = "okay";
            gpio-reset = <&gpio 18 0>;
        };

                pci@E105400 {
                        status = "disabled";
                        #address-cells = <3>;
                        #size-cells = <2>;
                        #interrupt-cells = <1>;
                        compatible = "lantiq,pci-xway";
        };
    };
    i2c@0 {
            compatible = "i2c-gpio";
            gpios = <&gpio 20 0 /* sda */
                    &gpio 19 0 /* scl */
                    >;
            i2c-gpio,delay-us = <2>;        /* ~100 kHz */
            #address-cells = <1>;
            #size-cells = <0>;
                     s35390a: s35390a@30 {
                     compatible = "ssi,s35390a";
                     reg = <0x30>;
            };
    };

    gphy-xrx200 {
        compatible = "lantiq,phy-xrx200";
        firmware1 = "lantiq/vr9_phy11g_a1x.bin";    /*VR9 1.1*/
        firmware2 = "lantiq/vr9_phy11g_a2x.bin";    /*VR9 1.2*/
        phys = [ 00 01 ];
    };


    gpio-keys-polled {
        compatible = "gpio-keys-polled";
        #address-cells = <1>;
        #size-cells = <0>;
        poll-interval = <100>;

        reset {
            label = "reset";
            gpios = <&gpio 34 0>;
            linux,code = <0x198>;
        };
        function {
            label = "function";
            gpios = <&gpio 35 0>;
            linux,code = <0x357>;
        };
    };

    gpio-leds {
        compatible = "gpio-leds";

        wlan: wlan {
            label = "rs353:green:wlan";
            gpios = <&gpio 28 1>;
        };
        dsl: dsl {
                        label = "rs353:greeen:dsl";
                        gpios = <&gpio 8 1>;
                };
        usb: usb {
                        label = "rs353:green:usb";
                        gpios = <&gpio 11 1>;
                };
        status: status {
                        label = "rs353:green:status";
                        gpios = <&gpio 12 1>;
                };
    };
};

&eth0 {
    lan: interface@0 {
        compatible = "lantiq,xrx200-pdi";
        #address-cells = <1>;
        #size-cells = <0>;
        reg = <0>;
        mac-address = [ 00 11 22 33 44 55 ];
        lantiq,switch;

        /* ETH2 */
                ethernet@5 {
                        compatible = "lantiq,xrx200-pdi-port";
                        reg = <2>;
                        phy-mode = "gmii";
                        phy-handle = <&phy11>;
                };
        /* ETH3 */
        ethernet@1 {
            compatible = "lantiq,xrx200-pdi-port";
            reg = <1>;
            phy-mode = "rgmii";
            phy-handle = <&phy0>;
        };
        /* ETH4 */
        ethernet@0 {
            compatible = "lantiq,xrx200-pdi-port";
            reg = <0>;
            phy-mode = "rgmii";
            phy-handle = <&phy1>;
        };
        /* ETH5 */
        ethernet@3 {
            compatible = "lantiq,xrx200-pdi-port";
            reg = <5>;
            phy-mode = "rgmii";
                        phy-handle = <&phy2>;
        };
        /* ETH1 */
        ethernet@4 {
            compatible = "lantiq,xrx200-pdi-port";
            reg = <4>;
            phy-mode = "gmii";
            phy-handle = <&phy13>;
        };


    };

    mdio@0 {
        #address-cells = <1>;
        #size-cells = <0>;
        compatible = "lantiq,xrx200-mdio";
        phy0: ethernet-phy@0 {
            reg = <0x0>;
            compatible = "lantiq,phy11g", "ethernet-phy-ieee802.3-c22";
        };
        phy1: ethernet-phy@1 {
            reg = <0x1>;
            compatible = "lantiq,phy11g", "ethernet-phy-ieee802.3-c22";
        };
        phy2: ethernet-phy@2 {
            reg = <0x2>;
            compatible = "lantiq,phy11g", "ethernet-phy-ieee802.3-c22";
        };
        phy11: ethernet-phy@11 {
            reg = <0x11>;
            compatible = "lantiq,phy11g", "ethernet-phy-ieee802.3-c22";
        };
        phy13: ethernet-phy@13 {
            reg = <0x13>;
            compatible = "lantiq,phy11g", "ethernet-phy-ieee802.3-c22";
        };
    };
};

GPIO Mapping :

2 : ETH2 green left led
5 : ETH2 green right led
7 :  ETH2 right orange led
8 :  DSL LED : a_high
11 : USB LED : a_low
12 : status LED : a_low
14 : USB power supply
18 : PCIE_rst
19 : i2c SDA
20 : i2c SCL
28 : WLAN LED : a_low
34 : Reset button
35 : Function button
Post #6
sebtx
14 Nov 2016, 18:20

Complete boot log : 

### RS353aw (Hardware-Rev. 1.0, Firmware-Rev. 1.0) ###

CPU   Check ... passed (MIPS 34KEc [MT] @ 500/250.0 MHz)
SDRAM Check ................................................................................................................................. passed (128 MByte)
FLASH Check  passed (32 MByte)

### Selftest passed ###

Warning: Watchdog disabled


Press <sp> for boot monitor or any other key to boot system

Booting Image from Flash ROM
Checking image ... OK
Writing image to RAM (Release 10.1.9.106) .... OK (308888 bytes)
Booting BOSS...
boss image started at 0x2d6a0


U-Boot 2014.01-openwrt4-gef35f22-dirty (Nov 10 2016 - 23:10:34) rs353aw

Board: Bintec RS353aw
SoC:   Lantiq VRX288 v1.2
CPU:   500 MHz
IO:    250 MHz
BUS:   250 MHz
BOOT:  NOR w/o BootROM
DRAM:  128 MiB
Flash: 32 MiB
In:    serial
Out:   serial
Err:   serial
Net:   Phy not found
PHY reset timed out
Phy not found
PHY reset timed out
ltq-eth
Hit any key to stop autoboot:  0 
## Booting kernel from Legacy Image at 10120000 ...
   Image Name:   MIPS OpenWrt Linux-4.4.7
   Created:      2016-06-30   5:39:05 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    1926415 Bytes = 1.8 MiB
   Load Address: 80002000
   Entry Point:  80002000
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK

Starting kernel ...

[    0.000000] Linux version 4.4.7 (qa@serveurQA) (gcc version 5.3.0 (OpenWrt GCC 5.3.0 r49395) ) #45 SMP PREEMPT Fri Nov 11 18:30:02 UTC 2016
[    0.000000] SoC: xRX200 rev 1.2
[    0.000000] bootconsole [early0] enabled
[    0.000000] CPU0 revision is: 00019556 (MIPS 34Kc)
[    0.000000] MIPS: machine is Bintec Elmeg RS353aw
[    0.000000] Determined physical RAM map:
[    0.000000]  memory: 08000000 @ 00000000 (usable)
[    0.000000] Initrd not found or empty - disabling initrd
[    0.000000] Zone ranges:
[    0.000000]   Normal   [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] Movable zone start for each node
[    0.000000] Early memory node ranges
[    0.000000]   node   0: [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] Initmem setup node 0 [mem 0x0000000000000000-0x0000000007ffffff]
[    0.000000] Detected 1 available secondary CPU(s)
[    0.000000] Primary instruction cache 32kB, VIPT, 4-way, linesize 32 bytes.
[    0.000000] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.000000] PERCPU: Embedded 10 pages/cpu @8110b000 s8352 r8192 d24416 u40960
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 32512
[    0.000000] Kernel command line: console=ttyLTQ0,115200 init=/etc/preinit
[    0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[    0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[    0.000000] Writing ErrCtl register=0007edf8
[    0.000000] Readback ErrCtl register=0007edf8
[    0.000000] Memory: 122452K/131072K available (4352K kernel code, 195K rwdata, 1280K rodata, 1260K init, 226K bss, 8620K reserved, 0K cma-reserved)
[    0.000000] SLUB: HWalign=32, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[    0.000000] Preemptible hierarchical RCU implementation.
[    0.000000]     RCU restricting CPUs from NR_CPUS=4 to nr_cpu_ids=2.
[    0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[    0.000000] NR_IRQS:256
[    0.000000] Setting up vectored interrupts
[    0.000000] Setting up IPI vectored interrupts
[    0.000000] CPU Clock: 500MHz
[    0.000000] clocksource: MIPS: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041786 ns
[    0.000011] sched_clock: 32 bits at 250MHz, resolution 4ns, wraps every 8589934590ns
[    0.007881] Calibrating delay loop... 332.54 BogoMIPS (lpj=665088)
[    0.042379] pid_max: default: 32768 minimum: 301
[    0.047256] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.053798] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[    0.093447] Primary instruction cache 32kB, VIPT, 4-way, linesize 32 bytes.
[    0.093464] Primary data cache 32kB, 4-way, VIPT, cache aliases, linesize 32 bytes
[    0.093666] CPU1 revision is: 00019556 (MIPS 34Kc)
[    0.153034] Synchronize counters for CPU 1: done.
[    0.157937] Brought up 2 CPUs
[    0.165466] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[    0.175290] pinctrl core: initialized pinctrl subsystem
[    0.181241] NET: Registered protocol family 16
[    0.196166] pinctrl-xway 1e100b10.pinmux: Init done
[    0.202236] dma-xway 1e104100.dma: Init done - hw rev: 7, ports: 7, channels: 28
[    0.315977] dcdc-xrx200 1f106a00.dcdc: Core Voltage : 1016 mV
[    0.512783] usbcore: registered new interface driver usbfs
[    0.518373] usbcore: registered new interface driver hub
[    0.523838] usbcore: registered new device driver usb
[    0.529136] Linux video capture interface: v2.00
[    0.534241] Advanced Linux Sound Architecture Driver Initialized.
[    0.540501] PCI host bridge to bus 0000:00
[    0.544535] pci_bus 0000:00: root bus resource [mem 0x1c000000-0x1cffffff]
[    0.551446] pci_bus 0000:00: root bus resource [io  0x1d800000-0x1d8fffff]
[    0.558412] pci_bus 0000:00: root bus resource [??? 0x00000000 flags 0x0]
[    0.565240] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
[    0.573354] ifx_pcie_rc_class_early_fixup: fixed pcie host bridge to pci-pci bridge
[    0.590662] pci 0000:00:00.0: BAR 8: assigned [mem 0x1c000000-0x1c0fffff]
[    0.597397] pci 0000:00:00.0: BAR 9: assigned [mem 0x1c100000-0x1c1fffff pref]
[    0.604660] pci 0000:01:00.0: BAR 0: assigned [mem 0x1c000000-0x1c01ffff 64bit]
[    0.612089] pci 0000:01:00.0: BAR 6: assigned [mem 0x1c100000-0x1c10ffff pref]
[    0.619317] pci 0000:00:00.0: PCI bridge to [bus 01]
[    0.624382] pci 0000:00:00.0:   bridge window [mem 0x1c000000-0x1c0fffff]
[    0.631209] pci 0000:00:00.0:   bridge window [mem 0x1c100000-0x1c1fffff pref]
[    0.638566] ifx_pcie_bios_map_irq port 0 dev 0000:00:00.0 slot 0 pin 1 
[    0.645164] ifx_pcie_bios_map_irq dev 0000:00:00.0 irq 144 assigned
[    0.651560] ifx_pcie_bios_map_irq port 0 dev 0000:01:00.0 slot 0 pin 1 
[    0.658171] ifx_pcie_bios_map_irq dev 0000:01:00.0 irq 144 assigned
[    0.666343] clocksource: Switched to clocksource MIPS
[    0.674794] NET: Registered protocol family 2
[    0.680388] TCP established hash table entries: 1024 (order: 0, 4096 bytes)
[    0.687351] TCP bind hash table entries: 1024 (order: 1, 8192 bytes)
[    0.693696] TCP: Hash tables configured (established 1024 bind 1024)
[    0.700253] UDP hash table entries: 256 (order: 1, 8192 bytes)
[    0.706037] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
[    0.712740] NET: Registered protocol family 1
[    0.717531] gptu: totally 6 16-bit timers/counters
[    0.722512] gptu: misc_register on minor 63
[    0.726706] gptu: succeeded to request irq 126
[    0.731195] gptu: succeeded to request irq 127
[    0.735718] gptu: succeeded to request irq 128
[    0.740201] gptu: succeeded to request irq 129
[    0.744746] gptu: succeeded to request irq 130
[    0.749248] gptu: succeeded to request irq 131
[    0.756103] phy-xrx200 gphy-xrx200: requesting lantiq/vr9_phy11g_a2x.bin
[    0.763492] phy-xrx200 gphy-xrx200: booting GPHY0 firmware at 79E0000
[    0.769866] phy-xrx200 gphy-xrx200: booting GPHY1 firmware at 79E0000
[    0.855983] futex hash table entries: 512 (order: 2, 16384 bytes)
[    0.882759] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[    0.888572] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    0.901783] io scheduler noop registered
[    0.905779] io scheduler deadline registered (default)
[    0.912185] 1e100c00.serial: ttyLTQ0 at MMIO 0x1e100c00 (irq = 112, base_baud = 0) is a lantiq,asc
[    0.921133] console [ttyLTQ0] enabled
[    0.921133] console [ttyLTQ0] enabled
[    0.928455] bootconsole [early0] disabled
[    0.928455] bootconsole [early0] disabled
[    0.938528] lantiq nor flash device: 02000000 at 10000000
[    0.942702] ltq_nor: Found 1 x16 devices at 0x0 in 16-bit bank. Manufacturer ID 0x0000c2 Chip ID 0x00227e
[    0.952150] Amd/Fujitsu Extended Query Table at 0x0040
[    0.957260]   Amd/Fujitsu Extended Query version 1.3.
[    0.962394] number of CFI chips: 1
[    0.965698] 8 ofpart partitions found on MTD device ltq_nor
[    0.971256] Creating 8 MTD partitions on "ltq_nor":
[    0.976163] 0x000000000000-0x000000020000 : "logic_config"
[    0.987891] 0x000000020000-0x000000040000 : "logic_addr"
[    0.998029] 0x000000040000-0x000000060000 : "bootmonitor"
[    1.008296] 0x000000080000-0x0000000c0000 : "flash_config"
[    1.018706] 0x0000000c0000-0x000000100000 : "uboot"
[    1.028528] 0x000000100000-0x000000120000 : "uboot-env"
[    1.038674] 0x000000120000-0x000001fe0000 : "firmware"
[    1.068669] 2 uimage-fw partitions found on MTD device firmware
[    1.073229] 0x000000120000-0x0000002f654f : "kernel"
[    1.084418] 0x0000002f654f-0x000001fe0000 : "rootfs"
[    1.094150] mtd: device 8 (rootfs) set to be root filesystem
[    1.098463] 1 squashfs-split partitions found on MTD device rootfs
[    1.104631] 0x0000006a0000-0x000001fe0000 : "rootfs_data"
[    1.116291] 0x000001fe0000-0x000002000000 : "GPHY_CPR"
[    1.210255] libphy: lantiq,xrx200-mdio: probed
[    1.279060] eth0: attached PHY [Lantiq XWAY VR9 GPHY 11G v1.4] (phy_addr=0:11, irq=-1)
[    1.347087] eth0: attached PHY [Lantiq XWAY PEF7071] (phy_addr=0:00, irq=-1)
[    1.415071] eth0: attached PHY [Lantiq XWAY PEF7071] (phy_addr=0:01, irq=-1)
[    1.483070] eth0: attached PHY [Lantiq XWAY PEF7071] (phy_addr=0:02, irq=-1)
[    1.551055] eth0: attached PHY [Lantiq XWAY VR9 GPHY 11G v1.4] (phy_addr=0:13, irq=-1)
[    1.559963] i2c /dev entries driver
[    1.562506] wdt 1f8803f0.watchdog: Init done
[    1.569302] usbcore: registered new interface driver snd-usb-audio
[    1.576918] NET: Registered protocol family 10
[    1.581856] NET: Registered protocol family 17
[    1.585027] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[    1.597565] 8021q: 802.1Q VLAN Support v1.8
[    1.606725] hctosys: unable to open rtc device (rtc0)
[    1.610777] ALSA device list:
[    1.613279]   No soundc[    1.617387] UBIFS error (pid: 1): cannot open "ubi0:rootfs", error -19
[    1.626755] VFS: Mounted root (squashfs filesystem) readonly on device 31:8.
[    1.636577] Freeing unused kernel memory: 1260K (805b5000 - 806f0000)
[    2.847719] init: Console is alive
[    2.850036] init: - watchdog -
[    4.562962] eth0: port 4 got link
[    5.005624] Button Hotplug driver version 0.4.1
[    5.020991] SCSI subsystem initialized
[    5.029716] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    5.036051] ehci-platform: EHCI generic platform driver
[    5.045348] dwc2 1e101000.ifxhcd: Configuration mismatch. Forcing host mode
[    5.906709] dwc2 1e101000.ifxhcd: DWC OTG Controller
[    5.910290] dwc2 1e101000.ifxhcd: new USB bus registered, assigned bus number 1
[    5.917729] dwc2 1e101000.ifxhcd: irq 62, io mem 0x00000000
[    5.923190] dwc2 1e101000.ifxhcd: Hardware does not support descriptor DMA mode -
[    5.930598] dwc2 1e101000.ifxhcd: falling back to buffer DMA mode.
[    5.937270] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
[    5.943638] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    5.950833] usb usb1: Product: DWC OTG Controller
[    5.955546] usb usb1: Manufacturer: Linux 4.4.7 dwc2_hsotg
[    5.961019] usb usb1: SerialNumber: 1e101000.ifxhcd
[    5.966970] hub 1-0:1.0: USB hub found
[    5.969691] hub 1-0:1.0: 1 port detected
[    5.974476] dwc2 1e106000.ifxhcd: Configuration mismatch. Forcing host mode
[    6.838690] dwc2 1e106000.ifxhcd: DWC OTG Controller
[    6.842271] dwc2 1e106000.ifxhcd: new USB bus registered, assigned bus number 2
[    6.849654] dwc2 1e106000.ifxhcd: irq 91, io mem 0x00000000
[    6.855150] dwc2 1e106000.ifxhcd: Hardware does not support descriptor DMA mode -
[    6.862585] dwc2 1e106000.ifxhcd: falling back to buffer DMA mode.
[    6.869255] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002
[    6.875605] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[    6.882814] usb usb2: Product: DWC OTG Controller
[    6.887526] usb usb2: Manufacturer: Linux 4.4.7 dwc2_hsotg
[    6.893000] usb usb2: SerialNumber: 1e106000.ifxhcd
[    6.898964] hub 2-0:1.0: USB hub found
[    6.901672] hub 2-0:1.0: 1 port detected
[    6.910999] usbcore: registered new interface driver usb-storage
[    6.924463] init: - preinit -
[    7.391760] random: procd urandom read with 112 bits of entropy available
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[    9.062387] random: nonblocking pool is initialized
[   10.758522] jffs2_scan_eraseblock(): End of filesystem marker found at 0x20000
[   10.764397] jffs2_build_filesystem(): unlocking the mtd device... done.
[   10.770909] jffs2_build_filesystem(): erasing all blocks after the end marker... done.
[  120.550498] jffs2: notice: (460) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[  120.568042] mount_root: overlay filesystem has not been fully initialized yet
[  120.575794] mount_root: switching to jffs2 overlay
- config restore -
[  120.813383] procd: - early -
[  120.815049] procd: - watchdog -
[  121.589522] procd: - ubus -
[  121.644675] procd: - init -
Please press Enter to activate this console.
[  122.823289] IFXOS, Version 1.5.19 (c) Copyright 2009, Lantiq Deutschland GmbH
[  122.836880] NET: Registered protocol family 8
[  122.839885] NET: Registered protocol family 20
[  122.869683] PPP generic driver version 2.4.2
[  122.880892] ip6_tables: (C) 2000-2006 Netfilter Core Team
[  122.907411] Lantiq (VRX) DSL CPE MEI driver, version 1.4.8.5, (c) 2013 Lantiq Deutschland GmbH

Lantiq CPE API Driver version: DSL CPE API V4.16.6.3
[  122.928855] 
[  122.928855] Predefined debug level: 3
[  122.948035] rtc-s35390a 0-0030: rtc core: registered rtc-s35390a as rtc0
[  122.953499] i2c-gpio i2c@0: using pins 482 (SDA) and 481 (SCL)
[  122.968334] hidraw: raw HID events driver (C) Jiri Kosina
[  122.988036] usbcore: registered new interface driver cdc_acm
[  122.992395] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
[  123.002237] usbcore: registered new interface driver cdc_wdm
[  123.007960] Loading modules backported from Linux version v4.4-rc5-1913-gc8fdf68
[  123.014008] Backport generated by backports.git backports-20151218-0-g2f58d9d
[  123.023802] cpia2: V4L-Driver for Vision CPiA2 based cameras v3.0.1
[  123.029101] usbcore: registered new interface driver cpia2
[  123.037943] gspca_main: v2.14.0 registered
[  123.044744] ip_tables: (C) 2000-2006 Netfilter Core Team
[  123.055743] Infineon Technologies DEU driver version 2.0.0 
[  123.061724] IFX DEU DES initialized (multiblock).
[  123.066594] IFX DEU AES initialized (multiblock).
[  123.070621] IFX DEU ARC4 initialized (multiblock).
[  123.075021] IFX DEU SHA1 initialized.
[  123.078667] IFX DEU MD5 initialized.
[  123.082137] IFX DEU SHA1_HMAC initialized.
[  123.086307] IFX DEU MD5_HMAC initialized.
[  123.099635] nf_conntrack version 0.5.0 (1933 buckets, 7732 max)
[  123.169837] NET: Registered protocol family 24
[  123.177438] usbcore: registered new interface driver ums-alauda
[  123.184088] usbcore: registered new interface driver ums-cypress
[  123.190900] usbcore: registered new interface driver ums-datafab
[  123.197431] usbcore: registered new interface driver ums-freecom
[  123.204328] usbcore: registered new interface driver ums-isd200
[  123.211236] usbcore: registered new interface driver ums-jumpshot
[  123.217894] usbcore: registered new interface driver ums-karma
[  123.225018] usbcore: registered new interface driver ums-sddr09
[  123.231951] usbcore: registered new interface driver ums-sddr55
[  123.239085] usbcore: registered new interface driver ums-usbat
[  123.246951] usbcore: registered new interface driver usbhid
[  123.251240] usbhid: USB HID core driver
[  123.285345] xt_time: kernel timezone is -0000
[  123.291464] usbcore: registered new interface driver asix
[  123.298059] usbcore: registered new interface driver ax88179_178a
[  123.304382] usbcore: registered new interface driver cdc_eem
[  123.310876] usbcore: registered new interface driver cdc_ether
[  123.318826] usbcore: registered new interface driver cdc_ncm
[  123.351991] usbcore: registered new interface driver huawei_cdc_ncm
[  123.361439] usbcore: registered new interface driver kalmia
[  123.414183] usbcore: registered new interface driver Philips webcam
[  123.421703] usbcore: registered new interface driver rndis_host
[  123.429710] usbcore: registered new interface driver smsc95xx
[  123.439584] usbcore: registered new interface driver uvcvideo
[  123.443961] USB Video Class driver (1.1.1)
[  123.478053] usbcore: registered new interface driver cdc_mbim
[  123.498189] PCI: Enabling device 0000:00:00.0 (0000 -> 0002)
[  123.502599] PCI: Enabling device 0000:01:00.0 (0000 -> 0002)
[  123.635751] ieee80211 phy0: Atheros AR9300 Rev:4 mem=0xbc000000, irq=144
[  130.318869] PTM 1.0.27    PTM (E1) firmware version 0.30
[  130.327900] ifxmips_ptm: PTM init succeed
[  134.583006] IPv6: ADDRCONF(NETDEV_UP): ptm0: link is not ready
[  135.654241] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[..]
[  140.207476] wlan0: associated



BusyBox v1.24.2 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 DESIGNATED DRIVER (Bleeding Edge, r49395)
 -----------------------------------------------------
  * 2 oz. Orange Juice         Combine all juices in a
  * 2 oz. Pineapple Juice      tall glass filled with
  * 2 oz. Grapefruit Juice     ice, stir well.
  * 2 oz. Cranberry Juice
 -----------------------------------------------------
root@OpenWrt:/#
Post #7
sebtx
13 Dec 2016, 12:43

GPHY LED configuration to fit to the original firmware behavior : 

lantiq,led0h = <0x20>;
lantiq,led0l = <0x00>;
lantiq,led1h = <0x40>;
lantiq,led1l = <0x00>;
lantiq,led2h = <0x70>;
lantiq,led2l = <0x03>;

(Last edited by sebtx on 16 Dec 2016, 11:29)

The discussion might have continued from here.