Problem with installation on nanopir2s sdcard

gandalph · 26 September 2023 05:33

Hello guys,
I tried IPFire 2.27 core 178 on nanopi r2s.

I booted from the sdcard(no spi flash onboard), then I started with usb…
It installed OK, but then on reboot…nothing happen.

So I investigated the issue, and I found that the /boot partition in not properly created …

Number  Start     End        Size       Type     File system     Flags
 1      2048s     1050623s   1048576s   primary  ext4            boot
 2      1050624s  1116159s   65536s     primary  fat16           esp
 3      1116160s  1616467s   500308s    primary  linux-swap(v1)  swap
 4      1616468s  31114239s  29497772s  primary  ext4

The 1st partition needs to start in Sector >= 32768, but it starts in typical 2048…
It will never boot…
Here is the scheme of RockChip bootloader:

SoC pseudo-partition[ -     - 63    ] 'SoC Boot Rom  - reset entry point'
1st pseudo-partition[ 64    - 16383 ] 'idbloader.img - Uboot SPL'
2nd pseudo-partition[ 16384 - 24575 ] 'uboot.itb     - Uboot'
3rd pseudo-partition[ 24576 - 32767 ] 'trust.img     - none, ATF is already included above'

I burned a old bootloader that I had here, but it fails to seed TRNG to kernel and so KASLR is disabled…
The solution will be to build a new one with at least:

CONFIG_DM_RNG=y
CONFIG_CMD_KASLRSEED=y
CONFIG_RNG_ROCKCHIP=y

In the meantime I managed to redo the partition /boot, and flashed a old uboo i had here.:

Number  Start     End        Size       Type     File system     Flags
 1      32768s    1050623s   1017856s   primary  ext2            boot
 2      1050624s  1116159s   65536s     primary  fat16           esp
 3      1116160s  1616467s   500308s    primary  linux-swap(v1)  swap
 4      1616468s  31114239s  29497772s  primary  ext4

The board boots…
I also found a weird initramfs… 2 of them:

/boot/initramfs-6.1.45-ipfire.img
/boot/uInit-6.1.45-ipfire

I tried to boot with ‘initramfs-6.1.45-ipfire.img’, but it gives me error, and so I am using the other one…
Also the usb to ethernet driver(r8152), when it loads, it assigns a ramdom maccaddress, and IPFire uses the Macs to track the interfaces…
So long story short, I created this script:

# Import uEnv.txt...
if ext2load mmc 1:1 ${scriptaddr} uEnv.txt; then
	echo Load uEnv.txt...;
	env import -t ${scriptaddr} ${filesize};
fi
# NOTA
# Set MAC addr of LAN iface( USB RTL8153b ),on drv load its zero, then drv sets it to random.
# IPFire expects a persistent value for MAC addresses.
setenv eth1addr AA:BB:CC:DD:EE:FF; 
part uuid ${devtype} ${devnum}:4 rootfsuuid;

# Check if serial console is enabled
# Set bootargs
if test "${SERIAL-CONSOLE}" = "ON"; then
	if test ${console} = ""; then
		setenv console ttyS2,1500000n8;
	fi;
	echo Set console to ${console} and bootargs;
	#setenv bootargs "earlyprintk earlycon=uart8250,mmio32,0xff130000 consoleblank=0 console=${console} swiotlb=1 coherent_pool=1m cma=32M usb-storage.quirks=0x2537:0x1066:u,0x2537:0x1068:u root=PARTUUID=${rootfsuuid} rw fsck.repair=yes rootwait elevator=noop";
	setenv bootargs console=${console} cma=32M usb-storage.quirks=0x2537:0x1066:u,0x2537:0x1068:u root=PARTUUID=${rootfsuuid} rootwait elevator=noop;
else
	echo Set console to tty1 and bootargs;
	# setenv bootargs "earlyprintk earlycon=uart8250,mmio32,0xff130000 consoleblank=0 console=tty1 swiotlb=1 coherent_pool=1m cma=32M usb-storage.quirks=0x2537:0x1066:u,0x2537:0x1068:u root=PARTUUID=${rootfsuuid} rw fsck.repair=yes rootwait elevator=noop";
	setenv bootargs console=tty1 cma=32M usb-storage.quirks=0x2537:0x1066:u,0x2537:0x1068:u root=PARTUUID=${rootfsuuid} rootwait elevator=noop;
fi;

if ext2load ${devtype} ${devnum}:1 ${kernel_addr_r} vmlinuz-${KVER}-ipfire${kernel_type}; then
	echo Loading Kernel ${KVER}...
	setenv fdt_high ffffffff;
	if ext2load ${devtype} ${devnum}:1 ${fdt_addr_r} dtb-${KVER}-ipfire/${fdtfile}; then
		echo Loading Device-Tree dtb-${KVER}-ipfire/${fdtfile}...
		setenv initrd_high ffffffff;
		fdt addr ${fdt_addr_r};
		fdt resize 65536;
		#fdt set /ethernet@ff550000 local-mac-address ${macaddr1};
		if ext2load ${devtype} ${devnum}:1 ${ramdisk_addr_r} ${initramfsfile}; then
			echo Loading InitRamFS ${initramfsfile}...
			booti ${kernel_addr_r} ${ramdisk_addr_r} ${fdt_addr_r};
		fi;
		booti ${kernel_addr_r} - ${fdt_addr_r};
	fi;
fi;

# Recompile with:
# mkimage -C none -A arm -T script -d /boot/boot.cmd /boot/boot.scr

I will try now to compile a new uboot that is able to seed the kernel for KASLR support, and also to train the DDR4 on boot.
Ho and by the way, I found out that… 1GB Ram, is very small for a firewall…
I have IPS activated but only with one feature…

I will try to see if its possible to upgrade the Ram from 1GB to 4GB.
The orangepi r1s Plus has a better motherboard, and also comes with SPI flash(but now its not anymore on sale, only the …LTS version…).I don’t know about dtb support…

arne_f · 26 September 2023 07:14

gan dalph:

Number  Start     End        Size       Type     File system     Flags
 1      2048s     1050623s   1048576s   primary  ext4            boot
 2      1050624s  1116159s   65536s     primary  fat16           esp
 3      1116160s  1616467s   500308s    primary  linux-swap(v1)  swap
 4      1616468s  31114239s  29497772s  primary  ext4

How have you created the sd-card?
The aarch64 ipfire image has complete different layout. Boot partition should be fat16… (this looks like the x86_64 layout)

Download https://downloads.ipfire.org/releases/ipfire-2.x/2.27-core178/ipfire-2.27-core178-aarch64.img.xz
and extract it with
xzcat ipfire-2.27-core178-aarch64.img.xz > /dev/device of you cardreader

It comes preconfigured for R2S because this was the first supported board so no bootloader work is needed.

gandalph · 26 September 2023 13:24

Hello Arne,
Many thanks for your reply.

I downloaded the ISO, used a bootloader in sdcard, to boot the efi USB pendrive with the iso.

From the uboot shell, boot the usb ISO:

=> usb reset || usb start
=> usb tree && setenv devtype usb && setenv devnum 0 && run scan_dev_for_boot_part

The partition table was created by the installation process.
But it has 2 stages, after the 1st one, with that partition table, the sdcard didn’t booted.
So I had to redo the table, and flash a old uboot in sdcard(again), to then boot the sdcard and finish the configuration process.

The process was:

Flash uboot to SDCard
Boot the USB efi ISO
Do 1st installation stage
Redo SDCard partition table
Reflash uboot to sdcard
Create uboot script to boot sdcard, and to fix r8152 mac addr
Boot from sdcard
Finish 2nd configuration stage

arne_f · 26 September 2023 13:52

The iso installation method was tested long ago on a TianoCore based uEFI system. Maybe this doesn’t work at the current version. (The ext4 seems to be a bug in the installer)

The flashimage should work out of the box and should also set mac addresses for both nic’s with the supplied u-boot.