Important note for QNAP TS-11x/TS-21x users re mtd5 partition

To: debian-arm@lists.debian.org
Subject: Important note for QNAP TS-11x/TS-21x users re mtd5 partition
From: Martin Michlmayr <tbm@cyrius.com>
Date: Tue, 18 May 2010 23:46:10 +0100
Message-id: <[🔎] 20100518224610.GA10442@jirafa.cyrius.com>

Summary: On some QNAP TS-11x/TS-21x devices, it's possible to overwrite
the mtd5 flash partition (the "NAS Config" partition, where some info
is stored, most notably the MAC address of the device).  This happens
if you:
 - have a QNAP device with an old version of u-boot
 - use the recovery mode according to my documentation

The most obvious symptom of this problem is that your MAC address is
00:00:00:00:05:09 under the QNAP firmware or that the flash-debian
script will complain because it cannot find your MAC address.

If you have a QNAP TS-11x or TS-21x device, please check if you're
affected by running the following commands on your QNAP:

  wget http://people.debian.org/~tbm/qnap/check-mtd5
  sh check-mtd5

Full analysis and explanation:

This is the flash layout on QNAP TS-11x/TS-21x machines:

mtd0 0xf8000000-0xf8080000 : "U-Boot"
mtd4 0xf8080000-0xf80c0000 : "U-Boot Config"
mtd5 0xf80c0000-0xf8200000 : "NAS Config"
mtd1 0xf8200000-0xf8400000 : "Kernel"
mtd2 0xf8400000-0xf8d00000 : "RootFS"
mtd3 0xf8d00000-0xf9000000 : "RootFS2"

My device, with the U-Boot build from Feb  9 2009 - 11:13:32, does this
when you use the recovery mode:

| tftpboot 0x800000 ${bootfile}
| protect off bank 1; erase 0xf8200000 0xf8ffffff; cp.b 0xa00000 0xf8200000 e00000; protect on bank 1

In other words, load the recovery file to 0x800000, then erase the Kernel,
RootFS and RootFS2 partitions.  Then skip the first 2 MB from the recovery
file and write the rest to the Kernel, RootFS and RootFS2 partitions.

However, the older u-boot with version Jan  5 2009 - 12:58:51, does this:

| tftpboot 0x800000 ${bootfile}
| protect off bank 1; erase 0xf80c0000 0xf9000000; cp.b 0x8c0000 0xf80c0000 f40000; protect on bank 1

In other word, erase the NAS Config, Kernel, RootFS and RootFS partitions.
then skip the first 0.75 MB of the recovery image and write the rest to
the NAS Config, Kernel, RootFS and RootFS partitions.

The difference is that the old u-boot version also erases the "NAS Config"
partition and loads the data from the recovery image, which the new version
doesn't do.

Now my web site claims that the first 2 MB of the recovery image are not
important because they are skipped.  This is true for new u-boot, but
obviously not the case for that old u-boot version.  With the old u-boot
version, you'll overwrite your "NAS Config" partition where e.g. the MAC
address used by the QNAP firmware is used. (Debian uses the MAC address
from u-boot).

I'll go and fix my documentation...

BTW, if you want to check the version of u-boot, you can do:

    apt-get install binutils
    strings /dev/mtdblock0 | grep -i "^U-Boot" | grep -i version:

-- 
Martin Michlmayr
http://www.cyrius.com/

Reply to:

Follow-Ups:
- Re: Important note for QNAP TS-11x/TS-21x users re mtd5 partition
  - From: Martin Michlmayr <tbm@cyrius.com>

Prev by Date: Re: John Holland's eSATA support for the Sheevaplug
Next by Date: guruplug: uap access point possibilities
Previous by thread: Re: John Holland's eSATA support for the Sheevaplug
Next by thread: Re: Important note for QNAP TS-11x/TS-21x users re mtd5 partition
Index(es):
- Date
- Thread