Upgrade firmware manually on Turris MOX

bakuka · February 24, 2024, 5:33pm

Short story:

I’d like to ask for the following information for Turris MOX:

Where is the download of the latest stable secure firmware image for flashing to /dev/mtd0?
Where is the download of the latest stable U-Boot image for flashing to /dev/mtd1?
How do I reset the U-Boot environment variables stored in /dev/mtd2 to default values?
Where is the download of the latest stable rescue system image for flashing to /dev/mtd3?
Where is the download of the latest DTB image for flashing to /dev/mtd4?
Instructions on how to flash all of the above

Thank you.

Longer story:

I am trying to recover some old Turris MOX that has a damaged bootloader and is experiencing the old well-known reboot failure, and cannot currently be upgraded to newest TurrisOS.

Firmware update files used to be posted on Releases · Turris / MOX boot-builder · GitLab but that page appears to no longer be updated.

That page contains the files trusted-secure-firmware.bin and a53-firmware.bin from v2021.09.07, with instructions to flash them like this:

mtd write trusted-secure-firmware.bin secure-firmware
mtd write a53-firmware.bin a53-firmware || mtd write a53-firmware.bin u-boot

The a53-firmware.bin contains U-Boot 2021.10-rc3-00050-g7d3fea2c7f (Sep 07 2021 - 18:16:56 +0200).

The same page also contains secure-firmware.bin with no instructions.

There also exists https://repo.turris.cz/hbs/mox/packages/turrispackages/turris-mox-firmware_2.0-3_aarch64_cortex-a53.ipk which contains the files secure-firmware.bin and uboot and rescue.

The uboot file contains U-Boot 2022.07 (Aug 15 2022 - 12:25:08 +0000).

There also exists https://repo.turris.cz/hbs/mox/packages/turrispackages/mox-a53-firmware_2.7-5_aarch64_cortex-a53.ipk which contains the file uboot-devel.

The uboot-devel file contains U-Boot 2023.01-OpenWrt-r16881+135-4a1d8ef55c (Feb 13 2024 - 16:26:38 +0000). I assume this is some development version not meant to be flashed yet.

What I currently gathered is this:

The files on Releases · Turris / MOX boot-builder · GitLab are out of date and should not be used.
The only way to obtain the firmware files is browsing Index of /hbs/mox/packages/turrispackages/ downloading the relevant files and extracting the firmware files from them.
There are no up to date instructions anywhere on how to flash the files.

I came up with these instructions and don’t know if they are correct, verification would be appreciated.

The secure-firmware.bin file is flashed to /dev/mtd0 this way:

mtd -e /dev/mtd0 write secure-firmware.bin /dev/mtd0

The uboot file is flashed to /dev/mtd1 this way:

mtd -e /dev/mtd1 write uboot /dev/mtd1

U-Boot environment variables are stored in /dev/mtd2, and there are no instructions anywhere on how to reset them or regenerate them.

The rescue file is flashed to /dev/mtd3 this way:

mtd -e /dev/mtd3 write rescue /dev/mtd3

The DTB files are not available for download anywhere, but would be flashed to /dev/mtd4.

Thank you for reading.

Stepan_Dalecky · February 24, 2024, 7:10pm

Hi bakuka,

the latest stable firmware is provided through package turris-mox-firmware, currently in version 2.0.3. So you can download the package, extract it and flash it. You can also use nor-update utility that will do the job for you, check turris-nor-update package currently in version 1.1.1-8.

Mapping:
secure-firmware.bin → /dev/mtd0
uboot → /dev/mtd1
rescue → /dev/mtd3
dtb → /dev/mtd4

I am not sure if reseting mtd2 (uboot values) is good idea. I would not say so. You can end up with bricked device easily.

/boot/armada-3720-turris-mox.dtb is usable as dtb provided in mox-dtb currently in version 5.15.148-1-ac3950207e90faa9d8a5b1c624fa87c0-5

To verify

mtd verify secure-firmware.bin /dev/mtd0
mtd verify uboot /dev/mtd1
mtd verify rescue /dev/mtd3
mtd verify /boot/armada-3720-turris-mox.dtb /dev/mtd4

If it differs you can use those commands

mtd -e /dev/mtd0 write secure-firmware.bin /dev/mtd0
mtd -e /dev/mtd1 write uboot /dev/mtd1
mtd -e /dev/mtd3 write rescue /dev/mtd3
mtd -e /dev/mtd4 write /boot/armada-3720-turris-mox.dtb /dev/mtd4

bakuka · February 25, 2024, 1:22pm

Thank you, testing those commands now.

you’re missing the write command there, it should look like:

mtd -e /dev/mtd4 write /boot/armada-3720-turris-mox.dtb /dev/mtd4

Stepan_Dalecky · February 25, 2024, 1:23pm

My bad. You are right. Fixed.

bakuka · February 25, 2024, 5:16pm

I successfully flashed all the partitions and even reset the partition that stores the u-boot environment variables and everything is working now.

system · February 28, 2024, 5:16pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.