Digital World

Output of dmesg

Booting Linux on physical CPU 0
Initializing cgroup subsys cpu
Linux version 3.3.4-88f6281 (root@HP7907) (gcc version 4.2.0 20070413 (prerelease)) #1 Thu Jun 22 15:47:23 JST 2017
CPU: Feroceon 88FR131 [56251311] revision 1 (ARMv5TE), cr=00053977
CPU: VIVT data cache, VIVT instruction cache
Machine: Feroceon-KW
Using UBoot passing parameters structure
Memory policy: ECC disabled, Data cache writeback
paging_init: zero_page=0xc3ffc000
arm_bootmem_init: boot_pages=0x1 bitmap=0x3ffb000
On node 0 totalpages: 16384
free_area_init_node: node 0, pgdat c051ec1c, node_mem_map c1401000
  Normal zone: 128 pages used for memmap
  Normal zone: 0 pages reserved
  Normal zone: 16256 pages, LIFO batch:3
pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
pcpu-alloc: [0] 0 
Built 1 zonelists in Zone order, mobility grouping off.  Total pages: 16256
Kernel command line: console=ttyS0,115200 root=/dev/sda2 rw initrd=0x00800040,12M panic=5 BOOTVER=0.27 mtdparts=nand_mtd:0x1000000(boot),0xfe800000(rootfs),0x800000(reserve)
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 64MB = 64MB total
Memory: 39636k/39636k available, 25900k reserved, 0K highmem
Virtual kernel memory layout:
    vector  : 0xffff0000 - 0xffff1000   (   4 kB)
    fixmap  : 0xfff00000 - 0xfffe0000   ( 896 kB)
    vmalloc : 0xc4800000 - 0xff000000   ( 936 MB)
    lowmem  : 0xc0000000 - 0xc4000000   (  64 MB)
    modules : 0xbf000000 - 0xc0000000   (  16 MB)
      .text : 0xc0008000 - 0xc04ce000   (4888 kB)
      .init : 0xc04ce000 - 0xc04f3000   ( 148 kB)
      .data : 0xc04f4000 - 0xc0520620   ( 178 kB)
       .bss : 0xc0520620 - 0xc0532428   (  72 kB)
SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS:128
Console: colour dummy device 80x30
Calibrating delay loop... 795.44 BogoMIPS (lpj=3977216)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
Setting up static identity map for 0x17568 - 0x175a4
?
 : consistent_pte=0xc2000b80
xor: measuring software checksum speed
   arm4regs  :   726.400 MB/sec
   8regs     :   550.800 MB/sec
   32regs    :   618.000 MB/sec
xor: using function: arm4regs (726.400 MB/sec)
NET: Registered protocol family 16
Feroceon L2: Enabling L2
Feroceon L2: Cache support initialised.

CPU Interface
-------------
SDRAM_CS0 ....base 00000000, size  64MB 
SDRAM_CS1 ....disable
SDRAM_CS2 ....disable
SDRAM_CS3 ....disable
PEX0_MEM ....base e0000000, size 128MB 
PEX0_IO ....base f2000000, size   1MB 
PEX1_MEM ....no such
PEX1_IO ....no such
INTER_REGS ....base f1000000, size   1MB 
NFLASH_CS ....base fa000000, size   2MB 
SPI_CS ....base f4000000, size  16MB 
BOOT_ROM_CS ....no such
DEV_BOOTCS ....no such
CRYPT_ENG ....base f0000000, size   2MB 

  Marvell Development Board (LSP Version KW_LSP_5.1.3_patch13)-- MVLSXL-GE-V2  Soc: 88F6192 A1 LE

 Detected Tclk 166666667 and SysClk 200000000 
gpiochip_add: registered GPIOs 0 to 63 on device: mv_gpio
MV Buttons Device Load
Marvell USB EHCI Host controller #0: c2049000
PEX0 interface detected no Link.
PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [io  0x0000-0xffffffff]
pci_bus 0000:00: root bus resource [mem 0x00000000-0xffffffff]
PCI: bus0: Fast back to back transfers enabled
mvPexLocalBusNumSet: ERR. Invalid PEX interface 1
bio: create slab <bio-0> at 0
raid6: int32x1     80 MB/s
raid6: int32x2     94 MB/s
raid6: int32x4     90 MB/s
raid6: int32x8     79 MB/s
raid6: using algorithm int32x2 (94 MB/s)
vgaarb: loaded
SCSI subsystem initialized
Switching to clocksource kw_clocksource
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
PCI: CLS 0 bytes, default 32
Trying to unpack rootfs image as initramfs...
rootfs image is not initramfs (no cpio magic); looks like an initrd
Freeing initrd memory: 12288K
XOR registered 4 channels
XOR 2nd invalidate WA enabled
cesadev_init(c04d6134)
MV Buttons Driver Load
MICON ctrl (C) BUFFALO INC. V.1.00 installed.
Buffalo Gpio Control Driver (C) BUFFALO INC. Ver.1.00 installed.
Buffalo CPU Inerupts Driver (C) BUFFALO INC. Ver.0.01 alpha1 installed.
Kernel event proc (C) BUFFALO INC. V.1.00 installed.
initial_polarity_val = 0x0c020000
initial_polarity_val_high = 0x00000000
Buffalo GPIO SATA Hotplug Event Driver (C) BUFFALO INC. Ver.1.00 installed.
VFS: Disk quotas dquot_6.5.2
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
fuse init (API version 7.18)
SGI XFS with ACLs, security attributes, large block numbers, no debug enabled
SGI XFS Quota Management subsystem
msgmni has been set to 101
alg: No test for cipher_null (cipher_null-generic)
alg: No test for ecb(cipher_null) (ecb-cipher_null)
alg: No test for digest_null (digest_null-generic)
alg: No test for compress_null (compress_null-generic)
alg: No test for stdrng (krng)
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
io scheduler noop registered
io scheduler deadline registered (default)
io scheduler cfq registered
Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0xf1012000 (irq = 33) is a 16550A
console [ttyS0] enabled
serial8250.1: ttyS1 at MMIO 0xf1012100 (irq = 34) is a 16550A
brd: module loaded
loop: module loaded
Integrated Sata device found
mvSataInitAdapter : regVal changed(0x00000010)
scsi0 : Marvell SCSI to SATA adapter
scsi1 : Marvell SCSI to SATA adapter
** BUFFALO Disable Command Queuing Function [0 0] **
scsi 0:0:0:0: Direct-Access     Seagate  ST2000DM006-2DM1 CC26 PQ: 0 ANSI: 5
sd 0:0:0:0: [sda] Sector size 0 reported, assuming 512.
sd 0:0:0:0: [sda] 3907029168 512-byte logical blocks: (2.00 TB/1.81 TiB)
sd 0:0:0:0: [sda] 0-byte physical blocks
sd 0:0:0:0: Attached scsi generic sg0 type 0
SPI Serial flash detected @ 0xf4000000, 512KB (8sec x 64KB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Mode Sense: 23 00 00 00
NAND device: Manufacturer ID: 0xc3, Chip ID: 0xc3 (Unknown NAND 1GiB 3,3V 16-bit)
NAND bus width 8 instead 16 bit
No NAND device found
sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
Loading Marvell Ethernet Driver:
  o Cached descriptors in DRAM
  o DRAM SW cache-coherency
  o 2 Giga ports supported
  o Single RX Queue support - ETH_DEF_RXQ=0
  o Single TX Queue support - ETH_DEF_TXQ=0
  o TCP segmentation offload (TSO) supported
  o Receive checksum offload supported
  o Transmit checksum offload supported
  o Driver ERROR statistics enabled
  o Proc tool API enabled
  o Gateway support enabled
     o Using Marvell Header Mode
     o L2 IGMP support
  o Rx descripors: q0=128
  o Tx descripors: q0=532
  o Loading network interface(s):
     o register under mv88fx_eth platform
sd 0:0:0:0: [sda] Sector size 0 reported, assuming 512.
     o eth0, ifindex = 2, GbE port = 0

Warning: Giga 1 is Powered Off

Warning: Giga 1 is Powered Off

rtc-mv rtc-mv: rtc core: registered rtc-mv as rtc0
md: linear personality registered for level -1
md: raid0 personality registered for level 0
md: raid1 personality registered for level 1
md: raid6 personality registered for level 6
md: raid5 personality registered for level 5
md: raid4 personality registered for level 4
device-mapper: ioctl: 4.22.0-ioctl (2011-10-19) initialised: dm-devel@redhat.com
TCP cubic registered
NET: Registered protocol family 17
NET: Registered protocol family 15
Registering the dns_resolver key type
rtc-mv rtc-mv: setting system clock to 2000-01-01 00:00:00 UTC (946684800)
 sda: sda1 sda2 sda3 sda4 sda5 sda6
sd 0:0:0:0: [sda] Sector size 0 reported, assuming 512.
sd 0:0:0:0: [sda] Attached SCSI disk
md: Waiting for all devices to be available before autodetect
md: If you don't use raid, use raid=noautodetect
md: Autodetecting RAID arrays.
md: Scanned 0 and added 0 devices.
md: autorun ...
md: ... autorun DONE.
RAMDISK: gzip image found at block 0
VFS: Mounted root (ext2 filesystem) on device 1:0.
kjournald starting.  Commit interval 5 seconds
EXT3-fs (sda1): using internal journal
EXT3-fs (sda1): mounted filesystem with writeback data mode
umount: sending ioctl 4c01 to a partition!
umount: sending ioctl 4c01 to a partition!
kjournald starting.  Commit interval 5 seconds
EXT3-fs (sda2): using internal journal
EXT3-fs (sda2): recovery complete
EXT3-fs (sda2): mounted filesystem with writeback data mode
umount: sending ioctl 4c01 to a partition!
umount: sending ioctl 4c01 to a partition!
kjournald starting.  Commit interval 5 seconds
EXT3-fs (sda2): using internal journal
EXT3-fs (sda2): mounted filesystem with writeback data mode
VFS: Mounted root (ext3 filesystem) on device 8:2.
Trying to move old root to /initrd ... okay
Freeing init memory: 148K
udevd (728): /proc/728/oom_adj is deprecated, please use /proc/728/oom_score_adj instead.
Adding 1000444k swap on /dev/sda5.  Priority:-1 extents:1 across:1000444k 
kjournald starting.  Commit interval 5 seconds
EXT3-fs (sda1): using internal journal
EXT3-fs (sda1): mounted filesystem with writeback data mode
eth0: link down
eth0: started
eth0: link up, full duplex, speed 1 Gbps
program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO
program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO
program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO
program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO
program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO
program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO
program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO
program smartctl is using a deprecated SCSI ioctl, please convert it to SG_IO
XFS (sda6): Mounting Filesystem
XFS (sda6): Starting recovery (logdev: internal)
XFS (sda6): Ending recovery (logdev: internal)
bfSetMagicKey > Changed to 0x71 from 0x00

What is Image Builder

A packaging tool officially distributed by the OpenWrt Project. You can include or delete any opkg file from the beginning in the install image file for each model.

It is of course to exclude unnecessary pkg from the beginning, but by the initial install the pkg you can to reduce the flash memory usage than to install in opkg command later.

Unlike the SDK, to create an image by combining the compiled pkg file
does not have a problem with low-spec of the PC environment. Virtual machines such as VirtualBOX / VMware are also sufficient

Preparing Linux for work

Prepare Linux such as ubuntu, debian, CentOS. The architecture must be x86_64.
Install the packages required for build.
In the case of CentOS7, the following was required.

yum install git gawk gettext ncurses-devel zlib-devel openssl-devel libxslt wget 
yum -y groupinstall base "Development tools" --setopt = group_package_types = mandatory, default, optional 

For ubuntu 18.04.2 the following was required:

apt-get install build-essential libncurses5-dev zlib1g-dev gawk git gettext libssl-dev xsltproc wget unzip python curl

Obtaining and deploying an image builder

Image Builder is divided by target.
The imagebuilder link is displayed at the bottom of the hierarchy where the installation image is placed. Download and expand it.
When downloading the imagebuilder for “18.06.4” and “ramips” to the current directory while downloading, it will be as follows.

curl https://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/openwrt-imagebuilder-18.06.4-ramips-mt7621.Linux-x86_64.tar.xz | tar Jxv

Basic operations of Image Builder

1) Display the included target. The model name displayed here is the PROFILE name.

make info

2) Delete the temporary generation file Delete the generated image and intermediate files and make it clean.

make clean

3) Generate image

make image

If no argument is given, an image of all models is generated.

make image PROFILE = "wsr-1166" 

If you specify PROFILE displayed by make info, an image of only that model will be generated.
Note that Web Builder’s luci and uhttpd are not included by default in Image Builder.

Custom image creation

You can increase or decrease the number of pkg files with the PACKAGES parameter of make image.

make image PACKAGES = "pkg1 -pkg2"

If so, add pkg1 and exclude pkg2.
Even if it is installed, it may generate a brick image.
Carefully consider the addition and exclusion of pkg, considering its meaning and capacity.

Example of creating an image that excludes USB and wireless drivers including Web-GUI for WSR-1166

make image PROFILE = "wsr-1166" PACKAGES = "kmod-mt7603 -kmod-rt2800-pci -wpad-mini -iwinfo -kmod-usb-core -kmod-usb-ledtrig-usbport -kmod-usb3 -kmod-cfg80211 -hostapd-common -kmod-mac80211 -kmod-mt7603 -wireless-regdb uhttpd luci "

The generated image is in bin / targets /.

The manifest file contains the name of the installed pkg including dependencies.

Docker can be used to prepare an fully functional operating environment, to work on openwrt image builder.

Preparing Docker

Install Docker CE on Windows or Linux or Mac OS

Host Side Preparation ( assuming Linux)

Prepare a working directory

mkdir /docker

Get Docker Image

docker pull ubuntu:18.04

Start Container

docker run -d -it --name IMAGEBUILDER -v `pwd` / mnt: / mnt -w / mnt ubuntu: 18.04 bash 

Run apt-get update

docker exec IMAGEBUILDER apt-get update 
docker exec IMAGEBUILDER apt-get install -y build-essential libncurses5-dev zlib1g-dev gawk git gettext libssl-dev xsltproc wget unzip python curl

Download and deploy imagebuilder

docker exec IMAGEBUILDER bash -c "curl https://downloads.openwrt.org/releases/18.06.4/targets/ramips/mt7621/openwrt-imagebuilder-18.06.4-ramips-mt7621.Linux-x86_64.tar.xz | tar Jxv -C / mnt "

Connect with shell in container

docker exec -it IMAGEBUILDER bash

cd to /mnt/openwrt-imagebuilder and run make to prepare openwrt image

Cleanup Container

Check docker container status and stop

docker ps -a 
docker stop IMAGEBUILDER 
docker ps -a 

Deleting a stopped docker container

docker ps -a 
docker rm IMAGEBUILDER docker ps -a 

If the downloaded image is unnecessary, delete it

docker images 
docker rmi ubuntu: 18.04 
docker images

This post will list the steps to configure Let’s Encrypt SSL certificate on a pfSense box

• Use Cloudflare DNS and point the subdomains to their DNS servers.
• Install the “acme” package using the “Package Manager” (System / Package Manager / Available Packages)

• After installation check if Acme Certificates option exist under Services and Click on Acme Certificates

• Go to the “Account keys” option and click on the “Add” button

• Provide values for Name, email-address and click on Create New Account key. Click on “Register ACME account key” and then “Save”.

• Choose “Certificate” and provide following values:
• Name: abc.def.com
• Description: pfSense Certificate
• Status – Set as Active
• Acme Account -> account name provided in the previous step
• Private Key – 2046-bit RSA
• OSCP Must Staple – leave unchecked
• Domain SAN List
  • Choose Mode as Enabled
  • Domain Name – abc.def.com
  • Method – DNS-Cloudflare
  • Key – API key from cloudfare website
  • Email – API email address
  • Enable DNS alias mode – leave blank
  • Enable DNS domain alias – leave blank
• Click on Save
• Click on “Issue / Renew” button to create a new certificate
• Choose “General Settings” and click on Cron Entry – then Save

Reconfigure session to use HTTPS

Go to System / Advanced / Admin Access and make following changes:

• Protocol – HTTPS
• SSL Certificate – Choose the Let’s Encrypt certificate created previously
• Max Processes – 2
• WebGUI redirect – blank ( unchecked)
• HSTS – blank ( unchecked)
• OCSP Must-Staple – blank ( unchecked)
• WebGUI Login Autocomplete – Toggle On
• WebGUI login messages – ( unchecked)
• Anti-lockout – ( unchecked)
• DNS Rebind Check – Toggle On
• Alternate Hostnames – provide if any
• Browser HTTP_REFERER enforcement – Toggle On
• Browser tab text – blank
• Secure Shell
  • Secure Shell Server – toggle on
  • SSHd Key Only – Password or Public Key
  • Allow Agent Forwarding – ( unchecked)
  • SSH port – default 22
• Login Protection
  • Threshold -default 30
  • Blocktime – 120
  • Detection Time – 1800
  • Whitelist – blank
• Serial Comm – default values
• Console Options
  • Console meu – ( unchecked)