Home Forums Software discussion Boot behavior of the switch, and security


Viewing 6 posts - 31 through 36 (of 36 total)
  • Author
  • #1786

    Thank you again SO much. I’ve noted and bookmarked your website and will absolutely pass along the information to anyone in need! My wife wants to visit Australia eventually, so maybe I will raise this thread from the dead someday! 😀

    -John Michael



    Is it correct to assume the port-mask has changed on the v7 boards so that 0x3 would now be eth0 and lan1?
    To get the eth0 and wan only we need port-mask 0x9 ?


    I haven’t looked at the v7 schematic, but it’s pretty straightfoward. The bits correspond to the switch chip ports so
    bit 0 is for port 0, bit 1 for port 1 etc. Just check the port connections and set the bits accordingly.



    Thanks for the reply, that’s what I assumed. It should be 0x9 then… though I haven’t confirmed this yet.


    A bit of warning on the port-mask setting.
    I flashed my board with port-mask set in u-boot to 0x3 and tested the configuration leaving the boot in u-boot prompt.
    It turned out for me that the switch still allows outgoing packets from the disabled lan ports to leak the wan interface.
    The switch does not allow packets in response to get in back from wan though.
    I also tried extreme 0x1 port-mask – same thing, the switch still leaks. Lost bubt command as a result as expected and reflashed over WTP/UART.
    Does anybody observe the same or is it me screwing something?

    The next thing was to remove port forwardings in board/Marvell/mvebu_armada-37xx/board.c (I am using the latest branch) like steveb suggested and suprisingly this change had absolutely no effect.
    Any ideas?


    Currently the u-boot images posted at


    have a posting date of 2019-05-21. With that firmware installed on my v7 I get the following on boot:

    WTMI: system early-init
    SVC REV: 4, CPU VDD voltage: 1.027V
    NOTICE:  Booting Trusted Firmware
    NOTICE:  BL1: v1.5(release):1f8ca7e (Marvell-devel-18.12.2)
    NOTICE:  BL1: Built : 16:26:08, May 21 2019
    NOTICE:  BL1: Booting BL2
    NOTICE:  BL2: v1.5(release):1f8ca7e (Marvell-devel-18.12.2)
    NOTICE:  BL2: Built : 16:26:10, May 21 2019
    NOTICE:  BL1: Booting BL31
    NOTICE:  BL31: v1.5(release):1f8ca7e (Marvell-devel-18.12.2)
    NOTICE:  BL31: Built : 16:26:13
    U-Boot 2018.03-devel-18.12.3-gc9aa92c-armbian (Feb 20 2019 - 09:45:04 +0100)

    At https://github.com/MarvellEmbeddedProcessors/u-boot-marvell/

    the latest branch is “u-boot-2018.03-armada-18.12” (which the above appears to be using).

    I don’t know how the armbian folks build their images (although @igorp probably does) and if they are adjusting the port-mask mentioned in this thread and if so that value they are adjusting it to. @steveb seems to say that v7 might need a different value?

    I am trying to use my v7 as a openwrt router and my preference is that the network be disabled (or at the very least not forwarding) until linux brings it up. That seems like a sane default for most cases. The only case I can think of for enabling the network at u-boot time would be network boot, which is probably rare. I can’t think of _any_ good reason to do forwarding at u-boot time (but maybe someone else can?).

    Is there a way with u-boot env settings to disable network or forwarding on startup? If not, could maybe the available images be adjusted to do this (or have separate images available)?

Viewing 6 posts - 31 through 36 (of 36 total)
  • You must be logged in to reply to this topic.
Signup to our newsletter

Technical specification tables can not be displayed on mobile. Please view on desktop