After some work and many Thanks Obama since LEDE devs don't cough up their secrets even after waterboarding, I present you Rescue System V4, with support for all kirkwoods (theoretically, I tested only nsa310)!
It's a custom-built LEDE/OpenWRT firmware.
it needs only 2MiB of space for the kernel and 11MiB of space for the rootfs on the NAND (will use more if available and allows writing on it).
But it is packed of goodies:
It supports ext2-3-4, btrfs, f2fs, FAT32, XFS (also ubifs and jffs2 and squashfs but these aren't usually used by Debian). (theoretically, not all have been tested)
It has fdisk for MBR partitioning and gdisk/sgdisk/cgdisk for GPT partitioning.
It also has mdadm and is able to read raid arrays (theoretically, not tested), and debootstrap/pkg-config so it can (theoretically, not tested) generate a debian rootfs on its own.
Since this is a rescue system, the opkg (expansion) functionality has been removed.
Also no webinterface is available, only way to connect is through ssh. user is "root", password is empty or "".
If you think there are crucial tools or drivers I've missed, please post and I'm updating the image. Serial connection is recommended as I might have not included the ethernet driver for your device (I should have).
I will add this to the installer script Soon(TM) so that you can automatically install a powerful recovery on your device's NAND instead of wasting it with a dead firmware the new uboot cannot use.
Installation (for testing purposes, so I'm not providing easy info, must use nand_erase then nandwrite):
-write the uimage of your device in the kernel partition on flash.
-write the rootfs image in a suitably large nand partition.
-change the name of the mtdpart where you flash the rootfs to "rootfs".
-write the envs to boot this recovery system in your uboot.
I'm providing my envs as examples (nsa310):
These are the bootargs
These are the bootcommands
Adjust that to fit the partition you flash the kernel image into.
This is mtdparts_lede, the last one is the rootfs (mtd8):
If someone is wondering why this hacking around the mtdparts, it's because LEDE firmware's kernel looks for partitions called "rootfs" or "rootfs_data" and acts on them automatically.
In our case it splits on its own the "rootfs" partition in a first part with a squashfs filesystem and the rest of the space becomes another mtd partition where it creates a jffs2 (read-write) filesystem that then mounts as overlay on the squashfs (so you can write anywhere, and you can easily reset to defaults by erasing the jffs2 partition).
This system allows them to hard-code mtdparts in the dtb file so their kernel will ignore what uboot gives them, and their rootfs will be able to occupy the whole flash space instead of using only a pre-made mtd partition and wasting most of the NAND.
For this recovery system and for kirkwoods in general it's not that necessary, so I just rename an existing mtd partition in the kernel command line I send from uboot and call it a day.
Here is the download package, https://dl.dropboxusercontent.com/u/47541136/linux/kirkwood_recovery/kirkwood_recoveryV4-beta.7z
I provide also "sources" and some instructions in the package so you can build the same on your own if you grab the LEDE sources from their git. (for the sake of openness).
It's a custom-built LEDE/OpenWRT firmware.
it needs only 2MiB of space for the kernel and 11MiB of space for the rootfs on the NAND (will use more if available and allows writing on it).
But it is packed of goodies:
root@lede:/# ls /bin ash egrep mknod sed board_detect false mktemp sh busybox fgrep mount sleep cat fsync mv sync chgrp grep netmsg tar chmod gunzip netstat touch chown gzip nice true config_generate ipcalc.sh pidof ubus cp kill ping uclient-fetch date ln ping6 umount dd lock ps uname df login pwd vi dmesg ls rm wget echo mkdir rmdir zcat root@lede:/# ls /sbin askfirst init mtd sysupgrade block ip netifd ubusd cgdisk jffs2mark pivot_root uci devstatus jffs2reset poweroff udevtrigger firstboot kmodloader procd udhcpc gdisk led.sh reboot upgraded halt logd reload_config urandom_seed hotplug-call logread route validate_data hwclock mdadm sgdisk wifi ifconfig mkfs.xfs start-stop-daemon xfs_db ifdown mkswap swconfig xfs_growfs ifstatus mmc switch_root xfs_repair ifup mount_root sysctl root@lede:/# ls /usr/bin [ du mkfifo tar [[ env mkfs.btrfs tee ar expr mount test attr file mountpoint time awk find nano top basename findmnt nc tr bc flock ncdu traceroute btrfs free nslookup traceroute6 btrfs-debug-tree fsck.btrfs passwd umount btrfs-find-root funzip perl uniq btrfs-image getfacl perl5.22.1 unlzma btrfs-map-logical getfattr pgrep unxz btrfs-show-super getrandom pkg-config unzip btrfs-zero-log head printf unzipsfx btrfsck hexdump readlink uptime btrfstune id reset usign bunzip2 jshn rsync uuidgen bzcat jsonfilter scp vim bzip2 killall seq wc chacl ldd setfacl wget chattr less setfattr wget-ssl chroot lftp sha1sum which clear logger sha256sum xargs cmp lsattr signify xz crontab lsblk sort xzcat cut lsof spi-config yes dbclient lzcat spi-pipe zipgrep dc lzma ssh zipinfo dirname mc strings dmesg mcedit systool dropbearkey md5sum tail root@lede:/# ls /usr/sbin atftp fsck.ext4 mkfs.fat swaplabel atftpd fsck.f2fs mkfs.msdos swapoff badblocks fsck.fat mkfs.vfat swapon blkid fsck.msdos mkswap tune2fs brctl fsck.vfat modinfo ubiattach chroot fw_printenv modprobe ubiblock crond fw_setenv mtdinfo ubicrc32 debootstrap insmod nanddump ubidetach dnsmasq ip6tables nandtest ubiformat dosfsck ip6tables-restore nandwrite ubimkvol dropbear ip6tables-save ntpd ubinfo dump.f2fs iptables ntpd-hotplug ubinize e2fsck iptables-restore odhcp6c ubirename f2fstat iptables-save odhcpd ubirmvol fatlabel lsmod odhcpd-update ubirsvol fdisk mke2fs resize2fs ubiupdatevol fibmap.f2fs mkfs.ext2 rmmod wipefs findfs mkfs.ext3 sensors xtables-multi fsck.ext2 mkfs.ext4 sensors-detect fsck.ext3 mkfs.f2fs smartctl
It supports ext2-3-4, btrfs, f2fs, FAT32, XFS (also ubifs and jffs2 and squashfs but these aren't usually used by Debian). (theoretically, not all have been tested)
It has fdisk for MBR partitioning and gdisk/sgdisk/cgdisk for GPT partitioning.
It also has mdadm and is able to read raid arrays (theoretically, not tested), and debootstrap/pkg-config so it can (theoretically, not tested) generate a debian rootfs on its own.
Since this is a rescue system, the opkg (expansion) functionality has been removed.
Also no webinterface is available, only way to connect is through ssh. user is "root", password is empty or "".
If you think there are crucial tools or drivers I've missed, please post and I'm updating the image. Serial connection is recommended as I might have not included the ethernet driver for your device (I should have).
I will add this to the installer script Soon(TM) so that you can automatically install a powerful recovery on your device's NAND instead of wasting it with a dead firmware the new uboot cannot use.
Installation (for testing purposes, so I'm not providing easy info, must use nand_erase then nandwrite):
-write the uimage of your device in the kernel partition on flash.
-write the rootfs image in a suitably large nand partition.
-change the name of the mtdpart where you flash the rootfs to "rootfs".
-write the envs to boot this recovery system in your uboot.
I'm providing my envs as examples (nsa310):
These are the bootargs
recovery_bootargs=setenv bootargs console=ttyS0,115200 rootdelay=10 $mtdparts_lede
These are the bootcommands
bootcmd_recovery=run recovery_bootargs; nand read 0x800000 nand0,7 ; bootm 0x800000 bootcmd=run bootcmd_uenv; run scan_disk; run set_bootargs; run bootcmd_exec; run bootcmd_recovery;here the "nand0" is the NAND chip onboard, and "nand0,7" is like saying mtd7, or whatever hex offsets the partition sits in and none really feels like figuring out on this side.
Adjust that to fit the partition you flash the kernel image into.
This is mtdparts_lede, the last one is the rootfs (mtd8):
mtdparts_lede=mtdparts=orion_nand:0x100000(uboot),0x80000(uboot_env),0x80000(key_store),0x80000(info),0xA00000(etc),0xA00000(nope_kernel_1),0x2FC0000(nope_rootfs1),0xA00000(kernel),0x2FC0000(rootfs)
If someone is wondering why this hacking around the mtdparts, it's because LEDE firmware's kernel looks for partitions called "rootfs" or "rootfs_data" and acts on them automatically.
In our case it splits on its own the "rootfs" partition in a first part with a squashfs filesystem and the rest of the space becomes another mtd partition where it creates a jffs2 (read-write) filesystem that then mounts as overlay on the squashfs (so you can write anywhere, and you can easily reset to defaults by erasing the jffs2 partition).
This system allows them to hard-code mtdparts in the dtb file so their kernel will ignore what uboot gives them, and their rootfs will be able to occupy the whole flash space instead of using only a pre-made mtd partition and wasting most of the NAND.
For this recovery system and for kirkwoods in general it's not that necessary, so I just rename an existing mtd partition in the kernel command line I send from uboot and call it a day.
Here is the download package, https://dl.dropboxusercontent.com/u/47541136/linux/kirkwood_recovery/kirkwood_recoveryV4-beta.7z
I provide also "sources" and some instructions in the package so you can build the same on your own if you grab the LEDE sources from their git. (for the sake of openness).