If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since years. Please use hippie2000@webnmail.de instead.
Property:Multi-EVA
| BoxMatrix >> Lexicon >> FRITZ-Terms >> Multi-EVA | @ BoxMatrix - IRC-Chat - Translate: de es fr it nl pl |
| News | Selectors | Models | Accessories | Components | Environment | Config | Commands | System | Webif | Software | Develop | Lexicon | Community | Project | Media |
| Computer | FRITZ | I18N | Telephony | Smarthome | Internet | Protocols | Multimedia | Formats | Hardware | Software | Research |
Term
| Term: | Multi-EVA | Wiki | Freetz | IPPF | whmf | AVM | Web |
| Short for: | Multi-Instance EVA Bootloader | ||||||
| Location: | Lexicon >> FRITZ-Terms | ||||||
| Weblinks: | |||||||
| Description: | Multi-Instance EVA Bootloader | ||||||
Goto: FRITZ!OS - mtd2size - Qualcomm-ARM - Broadcom-ARM - Lantiq-MIPS - SMW-Browser
Details
Multi-EVA is the term used here for multiple EVA Bootloader instances.
EVA is the AVM developed Bootloader which launches FRITZ!OS since more than a decade.
Initially all models used NOR-Flash, with limited size and a single EVA (formerly ADAM2) at the beginning of it.
The CPU directly starts the bootloader after powerup and it's the first intelligent thing which happens.
With the increasing complexity of FRITZ!OS more space was required. AVM decided to use NAND-Flash.
The disadvantage of NAND-Flash is that it's aging way faster than NOR-Flash.
To keep the reliability of their brand (5 years warranty on routers) they decided to store multuple instances of FRITZ!OS.
Dual-Boot was introduced, storing 2 Filesystem and 2 Kernel instances, and a hybrid TFFS design with S-Flash.
If a partition breaks due to aging or loss of power during an update there is still a second working instance as fallback.
But this did not work for the bootloader with early SoCs, which requires a hardware dependend fixed start address at powerup.
With later SoCs it was possible (or necessary) to run portions of code and store its config before the Bootloader is executed.
This was the birth of a Multi-EVA solution, finally providing a safe way to update the bootloader.
How this is designed is platform and architecture dependend and will be researched and explained here separately.
FRITZ!OS
mtd2size
Multi-EVA models can be detected by the mtd2size. Single-EVA models use 64 KB - 256 KB for the bootloader partition mtd2.
For models with multiple EVA instances mtd2 is always at least 1 MB, up to currently 32 MB. Current mtd2size ranking:
32,768 KB- Hawkeye - Qualcomm-ARM - 4060, 5590, 6000 - FIT-Image32,768 KB- Miami - Qualcomm-ARM - 7690 - FIT-Image32,768 KB- Alder - Qualcomm-ARM - 5690pro - FIT-Image5,376 KB- Maple - Qualcomm-ARM - 7510, 1200ax, 1240ax, 3000ax, fsgw - FIT-Image2,816 KB- Dakota - Qualcomm-ARM - 6850lte, 68505g, 7520, 7520v2, 7530ac, 1200, 3000, 12602,048 KB- Puma7 - ATOM + ARM - 6591, 6660, 66902,048 KB- BCM63 - Broadcom-ARM - 7530ax (FIT-Image), 7581, 75831,536 KB- Falcon - Lantiq-MIPS - 5530 - FIT-Image1,152 KB- Dakota - Qualcomm-ARM - 4040, 1260e1,024 KB- Seale - Lantiq-MIPS - 6890v1, 6890v2, 7560, 7580, 7583gfast, 7583vdsl, 7590ac, 7590ax, 7590axv2
As you see there are at least 3 architectures to explain. Let's start with generic ARM:
Qualcomm-ARM
Hawkeye, Alder, Miami, Maple and Dakota use a derivative of Qualcomm Android Boot.
These ARM SoCs all support SecureBoot, with hardware-enforced isolation of trusted and untrusted execution environments.
This is implemented by the ability to split each core into a virtual core for the secure world and the normal world each.
The secure world runs the TrustZone OS, for monitoring and for providing security and crypto services to the normal world.
The normal world runs the application OS, here EVA booting FRITZ!OS.
Booting happpens in multiple stages. Raw principle:
- PBL - Primary Bootloader - located on-chip (SecureCore) - loading:
All these have a "chain of trust", checking the signature of the respective next stage before execution.
This chain includes EVA, which could not be modified without getting signed by AVM.
Per SoC details could be found in the SBL article.
Multi-EVA boot on Qualcomm-ARM:
- SoCs: Hawkeye, Alder, Miami, Dakota, Maple
- Lexicon: PBL, SBL, TrustZone, EVA
- Procfs: sbl_version, sbl_reboot, struct_version
- Procfs: sbl_fault_register, sbl_reset_debug, sbl_wdog_status, sbl_wonce
- Procfs: tz0_verified, tz0_version, tz1_verified, tz1_version
- Procfs: tz_boot_ack, tz_boot_index, tz_version
- Procfs: eva0_verified, eva0_version, eva1_verified, eva1_version
- Procfs: eva_boot_ack, eva_boot_index
- Firmware: sblupdate, tzupdate, urladerupdate
- Commands: tz_update
- Startup: E02-tz_update, cortexa9, cortexa9.service
- Partitions: GPT, alignto512, align_config_to_4mb, SBL1, SBL1_1, MIBIB
- Partitions: BOOTCONFIG, BOOTCONFIG1, QSEE, QSEE_1, DEVCFG, DEVCFG_1, RPM, RPM_1
- Partitions: CDT, CDT_1, APPSBL, APPSBL_1, CONFIG, CONFIG_1, TME, TME_1
- Kconfig: CONFIG_AVM_FASTIRQ, CONFIG_AVM_TZ_EXTENSIONS, CONFIG_QSEECOM
- Kernel: avm_sbl.ko, avm_tz.ko, qseecom.ko, ipq40xx_qseecom.ko
Broadcom-ARM
todo
Lantiq-MIPS
todo
Multi-EVA boot on Lantiq-MIPS:
- SoCs: Seale, Falcon
- Lexicon: Bootcore, Interaptiv, PreEVA, EVA
- Commands: urladerupdate
- Kconfig: CONFIG_BOOTCORE_LOAD_ADDR
- Kconfig: CONFIG_SOC_PRX300_BOOTCORE, CONFIG_PRX300_BOOTCORE_WDT
- Kconfig: CONFIG_SOC_GRX500_BOOTCORE, CONFIG_SERIAL_GRX500_BOOTCORE_CONSOLE
- Kernel: cpunet.ko, grx_switch_console.ko
- Sysfs: switch_console
