2 SecureEdgeVPN/x86 NOTES
3 -------------------------
5 This file contains notes on specific details of the SecureEdgeVPN/x86
6 source build. It is written in an FAQ style. The section headers are:
9 2. Supported target hardware?
12 5. Kernel boot arguments?
15 8. HIFN crypto accelerator?
18 11. Tools required to build?
27 You should only select the linux-2.4.x kernel and either the glibc or uClibc
28 library when build for SnapGear/SecureEdge x86 based targets. The current
29 kernel is linux-2.4.20.
32 2. Supported target hardware?
34 Currently the supported platforms are:
36 . SnapGear SecureEdge2580 VPN router
37 . SnapGear SecureEdge2590 VPN router
38 . SnapGear SecureEdge/NAS
39 . SnapGear SecureEdge/PCMCIA
44 Upgrading the firmware is quite simple on the SecureEdge hardware. The
45 simplest method is via the web config pages, point a browser at the
46 SecureEdgeVPN and select the "Advanced" tab and then choose "FLASH upgrade".
48 Alternatively you can do the update manually using the command line. Follow
51 1. telnet <IP-of-your-SecureEdgeVPN>
52 2. netflash <IP-address-of-your-server> flash.bin
54 The upgrade method by default is via TFTP, so your server would have to
55 support this. Netflash can also load using HTTP, simply supply the URL
56 of the flash.bin file to netflash.
61 The default build of the SecureEdgeVPN builds the root filesystem as a
62 ROMfs type. This is a read only filesystem, within which files cannot be
63 modified once within the FLASH of the SecureEdgeVPN. (This is good for
66 The filesystem is created under the "romfs" directory of the source tree.
67 You can insert any files you wish into the filesystem simply by copying
68 them into the romfs directory structure.
70 Alternatively you can build the SecureEdgeVPN firmware to use a true
71 read/write filesystem on the FLASH. This method uses the Journalling
72 FLASH Filesystem (JFFS2). At the top level config choose the target as
73 "SecureEdge2580-JFFS" to enable this.
76 5. Kernel boot arguments?
78 You can supply kernel boot line arguments by programming them into the
79 boot FLASH. (This is also where the ethernet MAC addresses are stored).
80 Use the following command line to set boot arguments:
82 flashw -p -o 0x2000 <arg1> <arg2> <arg3> /dev/flash/bootarg
84 On the next reboot these will be set as the boot arguments.
89 You can specify to use a serial console on boot using the kernel boot
90 arguments and the /etc/inittab file.
92 Firstly you need to tell the kernel which device is the console:
94 flashw -p -o 0x2000 console=ttyS0,115200 /dev/flash/bootarg
96 Possible console devices are ttyS0, ttyS1 and null. Setting the console
97 to null will disable a kernel console. The kernel will default to using
98 the ttyS0 device as a console if no console argument is present on the
101 Then you need to get init to spawn a login on that device by adding a
102 line to /etc/config/inittab:
104 console::respawn:/bin/getty 115200 -
106 This will spawn the usual getty style login on your chosen console device.
107 To disable the console simply remove this line from your inittab.
112 It is possible, and quite simple, to use kernel profiling support. There are
113 two things you need to do. Firstly you need to enable profiling within the
114 kernel using the "profile=X" kernel boot argument. Secondly you need to use
115 the "readprofile" application (a port exists in the "user" directory).
117 When running with kernel profiling enabled, simply run the readprofile
118 command, and it will report profiling information. Example output would look
122 7% 9 try_to_free_buffer 0.0147
124 7% 9 generic_file_read 0.0061
128 ---------------------------------------------------------------------------
131 If you want to clear the profiling buffer (reset it to 0) then use the "-r"
132 switch of readprofile.
134 If you just want a report on current (or average) CPU utilization then you
135 need only look at the information in /proc/stat. You can use the "cpu" program
136 to report this in a nice way.
139 8. HIFN crypto accelerator?
141 The source tree (and standard binary build) contain a driver module for
142 the optional HIFN 7951 Crypto accellerator chip. This module implements
143 the standard libdes libraries, and is primarily used by IPsec. This driver
144 module is proprietary to SnapGear, and the source code is not included in
150 The SecureEdge family of hardware products do not use a traditional PC
151 BIOS. Instead SnapGear has implemented a BIOS emulator to support generic
152 operating system booting. Standard zImage or bzImage kernels are built
153 and booted using the SnapGear Boot Loader.
155 This means the boot time is kept to an absolute minimum, of the order of
156 2 or 3 seconds on the SecureEdgeVPN boards.
161 The SnapGear Boot Loader also contains the etherboot network boot package.
162 To invoke this simply hold in the reset button (on rear of units) and
163 turn on power to unit. The loader will detect the depressed button and
164 start etherboot, instead of the usual FLASH load and run of the Linux
167 This mechanism facilitates recovery from programming files into FLASH that
168 are in some way non-functional.
171 11. Tools required to build?
173 The genromfs tool is required to convert the romfs directory structure into
174 a flash image. You can get genromfs from:
176 http://www.uclinux.org/pub/uClinux/utilities/genromfs-0.3.2.tar.gz
178 The mknbi-linux tool is used to create network bootable images for etherboot.
181 http://etherboot.sourceforge.net/distribution.html
183 You only need mknbi-linux if you want to either make a etherboot recover
184 image using the SecureEdge2580-Recover target, or if you want to etherboot
185 your kernel (which can speed up kernel development since you don't have to
186 reflash it each time).
OSDN Git Service
