Booting from NAND on an Armada-370 based machine -> Invalid header checksum

Uwe Kleine-König uwe at kleine-koenig.org
Sun Sep 5 17:48:16 CEST 2021


Hello,

I'm trying to unbrick a Netgear ReadyNAS 104 (Armada 370). (I
accidentally erased the u-boot partition in NAND when I tried to change
the NAND partitioning to make the Debian bullseye kernel+initramfs fit.)

I have the Vendor U-Boot image that I can boot using kwboot. Its first
byte is 0x8b which is the right for NAND booting. The image's size is
0xda548 bytes.

I wrote the image to the start of NAND and verified it to be correctly
written:

	Marvell>> nand read 0x2100000 0 0xda548

	NAND read: device 0 offset 0x0, size 0xda548
	 894280 bytes read: OK

	Marvell>> dhcp
	egiga1 wait for link .Done - link up.
	...
	DHCP client bound to address 192.168.77.145

	Marvell>> tftp 0x2000000 192.168.77.175:u-boot-rn104-2.0.img
	Using egiga1 device
	TFTP from server 192.168.77.175; our IP address is 192.168.77.145
	Filename 'u-boot-rn104-2.0.img'.
	Load address: 0x2000000
	Loading: #############################################################
	done
	Bytes transferred = 894280 (da548 hex)

	Marvell>> cmp.b 0x2000000 0x2100000 0xda548
	Total of 894280 bytes were the same

There are no bad blocks in this area.

Also the checksum is right as far as I understand:

	$ python3
	...
	>>> a = open("/srv/tftp/u-boot-rn104-2.0.img", "rb")
	>>> data = a.read(0x14000)
	>>> len(data)
	81920
	>>> hex(sum(data[:31]) + sum(data[32:]))
	'0x79f616'

So the checksum field should be 0x16 (at offset 31), which it is:

	Marvell>> md.b 0x2100000
	02100000: 8b 00 00 00 48 65 0c 00 01 01 00 40 00 40 01 00    ....He..... at .@..
	02100010: 00 00 00 00 00 00 00 00 00 02 01 00 00 00 01 16    ................
	02100020: 02 01 18 35 02 00 00 00 5b 00 00 00 00 00 00 00    ...5....[.......
	02100030: ff 5f 2d e9 1c 00 00 fa 00 00 a0 e3 ff 9f bd e8    ._-.............

Still when trying to boot I get:

	BootROM 1.08
	Booting from NAND flash
	BootROM: Invalid header checksum
	BootROM: Bad header at offset 00010000
	BootROM: Bad header at offset 00020000
	BootROM: Bad header at offset 00030000
	BootROM: Bad header at offset 00040000
	BootROM: Bad header at offset 00050000
	BootROM: Bad header at offset 00060000
	BootROM: Bad header at offset 00070000
	BootROM: Bad header at offset 00080000
	BootROM: Bad header at offset 00090000
	BootROM: Bad header at offset 000A0000
	BootROM: Bad header at offset 000B0000
	BootROM: Bad header at offset 000C0000
	BootROM: Bad header at offset 000D0000
	BootROM: Bad header at offset 000E0000
	BootROM: Bad header at offset 000F0000
	BootROM: Bad header at offset 00100000
	BootROM: Bad header at offset 00110000
	BootROM: Bad header at offset 00120000
	BootROM: Bad header at offset 00130000
	BootROM: Bad header at offset 00140000
	BootROM: Bad header at offset 00150000
	BootROM: Bad header at offset 00160000
	BootROM: Bad header at offset 00170000
	BootROM: Bad header at offset 00180000
	BootROM: Bad header at offset 00190000
	BootROM: Bad header at offset 001A0000
	BootROM: Bad header at offset 001B0000
	BootROM: Bad header at offset 001C0000
	BootROM: Bad header at offset 001D0000
	BootROM: Bad header at offset 001E0000
	BootROM: Bad header at offset 001F0000
	BootROM: Bad header at offset 00200000
	BootROM: Bad header at offset 00210000
	BootROM: Bad header at offset 00220000
	...

Is there anything obvious I'm missing or doing wrong? Does "Invalid
header checksum" indicate that the 0x16 is wrong or is there another
checksum anywhere that I missed? Any other idea?

If you have an idea and prefer irc over email, I hang around e.g. in
#mvlinux on libera as ukleinek.

Best regards
Uwe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210905/2ae0a5c2/attachment.sig>


More information about the U-Boot mailing list