17 November, 2007

Software of the Ericsson W25

The Ericsson W25 is running an embebbed linux.

When you power on your device first the bootloader is started. The bootloader is responsible for loading in the complete operating system and start it up. In the Ericsson W25 there is a RedBoot bootloader, which has plenty of features. It is capable of booting from network, from serial devices, it has a telnet interface etc., but in our case it just selects the propper linux kernel and the propper root file system and starts up the linux operating system.

All the software to be loaded is stored in the built in ROM, in 9 partitons:

0x00000000-0x00080000 : "RedBoot"
0x00080000-0x001c0000 : "kernel_A"
0x001c0000-0x007a0000 : "rootfs_A"
0x007a0000-0x008e0000 : "kernel_B"
0x008e0000-0x00ec0000 : "rootfs_B"
0x00ec0000-0x00fa0000 : "rwfs"
0x00fa0000-0x00fe0000 : "test"
0x00fe0000-0x00fff000 : "FIS directory"
0x00fff000-0x01000000 : "RedBoot config"

As you can see the first partitition is the boatloader itself, while the last partition is the configuration for the bootloader. The "FIS directory" is the "Flash Image System directory" which actually holds the addresses of the above listed partitions.

Partition "test" is probably not used.

Partition "rwfs" is the partition which contains the writable parameters of the router. It countains a jffs2 type filesystem.

Partitions 1-4 hold two versions of the kernel and the root file system. This is a good way of making the device more secure, if a firmware update does not sucseed, there is a copy of the earlier version and the device can switch back to the previous version. Probably there are some commands in the device, where you can switch between these partitions, but so far I have not found them.

The used linux is a MontaVista linux, which is a commercial distribution. The main point of using it, that it gives you a complete development environment with support and instead of trying to find the best components to use, you can develop your device very quickly. As in most embebbed linuxes, most of the commands are implemented in Busybox. Busybox is used to reduce the space used by small command files, instead there is one big executable, which is including all the small unix utility commands. The commands can be executed by shortcuts pointing to the busibox executable.

The management of the wireless router is done by Tail-f Systems ConfD product. This utility makes it possible to handle the different configuration interface identically, and it has ready tools to implement a commd line interface, a web interface and SNMP interface. The command line interface is called cf and when called without parameters it gives a help about the available commands.

After booting up, the root file system will be the selected partition from the flash (3 or 5) which has a squashfs filesystem. This contains all the non changing files. The 6 th flash partition is mounted to /rw, here are stored the parameters which are changing, but have to be preserved between the restarts of the router. There is a RAM based filesystem mounted on /var, which is populated during the init procedure from /etc/varfs.tar and it is a tempfs type filesystem.

To be able to use standard tools, the important configuration files from the /etc directory are symlinked to the /rw/etc and when they are changed these chages are kept peristent in the rw filesystem. The advantage of this solution is that it is very simple, but if you want to change a parameter, which it is not prepared for it (e.g. timezone), you can not change it whithout changing the entire read only root filesystem. A better solution would be to use a filesystem like unionfs which can combine a read only and a read write filesystem and store the changes in the writable filesystem.

This is enough from the theory, in the next post I will write about how to make your own init script to start your very own programs after rebooting.

8 comments:

Gabor said...

Could you extract the squashfs?

Lacó said...

Yes you can.

There are at least 3 possible ways:

1) You log on to the unit with WinSCP or a similar utility and you can copy the mounted filesystem over the network to your computer.

2) You insert an USB memory to the unit and with the command DD you simply copy the whole partition to the USB drive.

3) You download a firmware update from the W25 site and extract the squasfs from it.

If you want to view the contents of the squashfs and you don't have a propperly configured linux machine, then probably the easiest way is to use the slax live cd (http://slax.hosting4p.com/) which has support for squashfs (I have not tested this)

Gabor said...

so not, you did not extract the squashfs :) i think it's a modified version of squashfs and we can't extract it with any generic tools.

Lacó said...

You are right :-)

I have made what I have mentioned in the 1st point but not the rest.

Did you managed to do something fancy with the W25?

Lacó said...

May be this can help you to extract it:

http://www.beyondlogic.org/nb5/squashfs_lzma.htm

Loryan said...

You mention SNMP - but I can't find any information about it, nor can I see any options in the Linux commands.

Have searched the net but to no avail.
Do you know how to set it?

Thanks

Guto Melo said...

Friend, I inadvertently took a fis init, deleted the kernel and file system? My W25 does not start, what do I do? I appreciate any information.

Thank you.

Lacó said...

Hello Gutto Melo!

I can tell you that in theory what can be done, but I did not do it myself.

If the redboot boot loader is working, then you have chances to restore the system.

The following steps are needed:

1. Download an earlier version of the firmware and extract the kernel and filesystem images from it (it is a normal TAR archive).
2. Restart the router and login to redboot with telnet port 9000 (I think the address will be 192.168.1.1)
3. In redboot there are commands to flash from a web site or tftp you should use this to restore your images. (You can find information about redboot commands on the internet)

The redboot boot loader has a 1 sec timeout before it starts booting, so may be you can not connect to it manually, then you should write some kind of script/program which looks if the router can be "ping"-ed and if yes then it connects automatically.