Thursday, March 21, 2013

Compiling Firmware for Opengear ACM5000

Opengear gave me two ACM5000 units as a part of my attendance at Network Field Day 4 in October of last year. The gift has not influenced my opinion of the company nor their product: I continue to think they're a bunch of amazingly clever people, and that they make the best out-of-band access equipment on the market. I recommend them without hesitation nor reservation.

I've been waiting anxiously for the release of the Custom Development Kit (CDK) based on release 3.6 code, and it's finally out. The README that comes with the CDK is a bit dated, and not super easy to follow, so I'm sharing my notes on rolling custom firmware here.

I started with Ubuntu 12.04.2 Server i386 installed inside VMware Fusion on my MacBook. I pretty much took the defaults, allowing VMware to manage the install for me (how cool is this feature?)

Remote Access
Pretty soon I was looking at an Ubuntu login prompt in the VMware console, I logged in and then did:
sudo apt-get -y update
sudo apt-get -y upgrade
sudo apt-get -y install openssh-server
ifconfig eth0
Downloads
Now I could log in via SSH, so I was done with the VMware console. Grab the software we need.
sudo apt-get install -y make g++ liblzma-dev
sudo mkdir -p /usr/local/download /usr/local/src
sudo chmod 1777 /usr/local/download /usr/local/src
mkdir /usr/local/download/Opengear-CDK
cd /usr/local/download/Opengear-CDK
wget ftp://ftp.opengear.com/cdk/OpenGear-ACM500x-devkit-20130314.tar.gz
wget ftp://ftp.opengear.com/cdk/tools/arm-linux-tools-20080623.sh
MD5 checksums of the files I grabbed:
040b2318025adcd956b6bb836791a107  arm-linux-tools-20080623.sh
7b07c8a30413f4013eb9c8deb2787dcb  OpenGear-ACM500x-devkit-20130314.tar.gz
Toolchain Installation
Gzip produces an error as a part of this script, but the tarball hidden inside unrolls cleanly anyway. Weird.
yes "" | sudo sh arm-linux-tools-20080623.sh
CDK Unroll
Unpack the CDK for the ACM5000 series. This process works for the ACM5500 too. I know because I accidentally compiled firmware for a box I don't own :)
cd /usr/local/src
tar zxvf ../download/Opengear-CDK/OpenGear-ACM500x-devkit-20130314.tar.gz
Not required for the fimware build, but I found the following helpful when cross-compiling some other packages for the ACM5000:
sudo ln -s /usr/local/opengear/arm-linux-tools-20080623/arm-linux/ /usr/local/
That's it!
Now we can build a firmware image:
cd /usr/local/src/OpenGear-ACM500x-devkit-20130314
make
The new firmware image should have appeared here:
$ ls -l ./images/image.bin
-rw-r--r-- 1 ogd ogd 11496469 Mar 20 20:33 ./images/image.bin
If you poke around in the romfs directory you'll find the ACM5000 filesystem, and can drop new files in there, change startup scripts, etc...

Prep local storage for the upgrade
You can use the HTTP interface for firmware upgrade, but I prefer to keep track of what's going on. First, we're going to need some local storage.

Insert a USB stick into the ACM5000. If it's already got a FAT32 filesystem on it, you can skip the partition/format steps. Around my house, you can never predict what filesystem (if any) will be on a storage device.

Partition the USB drive. It's at /dev/sda in my case, but you might want to pick through dmesg output to be sure before running these...
echo ";" | sfdisk /dev/sda
sfdisk -c /dev/sda 1 b
Format the USB drive:
mkdosfs -F 32 -I /dev/sda1
Enable the TFTP service. We don't strictly need TFTP to be enabled, but it's handy because switching it on will cause the ACM5000 to mount the USB stick automatically at boot time, and hey, who doesn't need a TFTP server hanging around?
config --set config.services.tftp.enabled=on
/etc/scripts/system-init-fileserver 
The USB stick should now be mounted at /tmp/usbdisk. I like to have an images directory:
mkdir /tmp/usbdisk/images
Now we can scp our new software from the build VM into the ACM5000:
scp images/image.bin root@x.x.x.x:/tmp/usbdisk/images
Upgrade!
It's probably a good idea to run a quick MD5 on both the image file on the USB stick and the one on the build workstation, even though checksum validation is part of the flash process. Once you're satisfied that they match, flash the new firmware.

The -i flag means "ignore version warnings" - without it, the ACM5000 might refuse the new firmware. The -k flag means "don't kill processes" - without this one, you won't get to watch the progress because your SSH session will be killed off right away. If the upgrade doesn't go forward, you won't know why.
netflash -i -k /tmp/usbdisk/images/image.bin

1 comment: