Differences

This shows you the differences between two versions of the page.

--- remote_upgrade_poc [2023/07/13 16:14] – [Concerns, Issues, and Known Challenges] -formatting hogwild
+++ remote_upgrade_poc [2023/07/13 17:05] (current) – [Concerns, Issues, and Known Challenges] -formatting hogwild
@@ Line 71: / Line 71: @@
   - How critical is Internet access at the remote location? \\  \\
   - How quickly can you reach the remote location to fix possible problems? \\  \\
-  - Best practices include firmware upgrades when available. However, in scenarios involving remote configurations,  \\ only high impact CVEs should be considered.  Does this rule apply in your scenario? \\  \\
+  - Best practices include firmware upgrades when available. However, in remote configuration scenarios,  \\ only high impact CVEs should be considered.  Does this rule apply in your scenario? \\  \\
   - Make a backup plan in case the upgrade fails:
     - Keep a spare device on site, fully configured and ready, or;
     - Reach the remote location in x hours/days or;
     - Have someone on site who can recover from a failure.
-      - (Such as using the factory Reset button to restore the backup configuration/switch to PC internet only) \\  \\
+      - (Such as using the Reset button to restore the backup configuration/switch to PC internet only) \\  \\
-  - A problem with these routers is the newer firmware is written on top of the running firmware. \\ This involves some risk that \\ the (now invalid) filesystem could cause issues/ crash during reboot. This would cause a manual power cycle \\ to be needed.
+  - A problem with these routers is the newer firmware is written on top of the running firmware. \\ This involves some risk that the (now invalid) filesystem could cause issues/ crash during reboot. \\ This would cause a manual power cycle \\ to be needed.
     - This could be easily resolved if someone on site could perform the power cycle. \\  \\
-  - Asus tries to avoid this by creating a temporary rootfs where the critical bits are copied during reboot.  \\ It's unknown if FreshTomato does this. Even if it did, it wouldn't be fully reliable if a component were missing.
+  - Asus tries to avoid this by creating a temporary rootfs where the critical bits are copied during reboot.  \\ It's unknown if FreshTomato does. Even if it did, it wouldn't be fully reliable if a component were missing.
-    - Newer Broadcom routers solve this using two separate firmware partitions. The new firmware is written to  \\ the other partition, so the running filesystem remains intact.
+    - Newer Broadcom routers solve this using two firmware partitions. The new firmware is written to  \\ the other partition, so the running filesystem remains intact.
     - **If you need something that is remotely managed, you need a router designed for that.**\\  \\
   - Trying to script fail-safe procedures for all possible scenarios will require a lot of work.
@@ Line 87: / Line 87: @@
     - On its first run, FreshTomato will recreate and initialize required default parameters.
     - A "dirty" upgrade (without NVRAM full erase/reset) might work. However, it is strongly discouraged,\\ since conflicts of current parameters/functions with the old ones can cause issues. \\  \\
-  - Some form of permanent storage is needed. A full erase/reset of NVRAM-stored parameters via //mtd-erase// \\ is not committed until the next reboot/power cycle.
+  - A form of permanent storage is needed. A full erase/reset of NVRAM-stored parameters via //mtd-erase// \\ is not committed until the next reboot/power cycle.
     - What is the difference betweeen the //mtd-erase// and //nvram erase// commands?
-      - Issuing the //nvram erase// command still erases the nvram mtd. However, upon actions like a reboot, NVRAM is saved \\ to mtd from RAM. Thus, it will not wipe everything unless power is removed right after the command completes. \\ However, //nvram erase// clears the NVRAM in RAM then writes to flash, but doesn't zero out all the flash. \\ See also: [[https://wiki.dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30#Erasing_NVRAM|Hard reset or 30/30/30 - DD-WRT Wiki]]
+      - Issuing the //nvram erase// command still erases the nvram mtd. However, on actions like a reboot, \\ NVRAM is saved to mtd from RAM. Thus, it will not wipe everything unless power is removed \\ right after the command completes. However, //nvram erase// clears the NVRAM in RAM then writes to flash, \\ but doesn't zero out all the flash. See also: [[https://wiki.dd-wrt.com/wiki/index.php/Hard_reset_or_30/30/30#Erasing_NVRAM|Hard reset or 30/30/30 - DD-WRT Wiki]]
-      - The //nvram erase// command maintains the NVRAM structure (header/checksum/length) but erases the variables. \\ The //mtd// command erases the sectors of a flash partition, leaving the partition data values set to "FF" (flash erase state). \\  \\
+      - The //nvram erase// command maintains the NVRAM header/checksum/length structure but erases variables. \\ The //mtd// command erases a flash partition's sectors, leaving its data values set to "FF" (flash erase state). \\  \\
-  - Thus, options for storage persistence seem to be:
+  - Thus, options for storage persistence would seem to be:
     - JFFS. However, by default, if NVRAM is cleared, JFFS is unmounted. Also, JFFS needs to be unmounted \\ before an upgrade, since occasionally it gets repartitioned/reformatted to a different size if the image grows.\\ (See [[https://www.linksysinfo.org/index.php?forums/tomato-firmware.33/|www.linksysinfo.org forum]] for more details)
     - USB storage \\  \\
   - All forks of Tomato trigger execution of certain shell scripts with the <filename>**.autorun** extension after \\ external volumes or partitions are mounted.
     - Automount mounts all partitions to subdirectories in "/mnt". The //nvram usb_automount// parameter \\ defaults to "1" (enabled), at least in recently compiled ".trx" firmware builds).
-    - Logic is needed to tell if the .autorun file was run right after an upgrade or on reboots during normal operation. \\  \\
+    - Logic is needed to tell if the .autorun file ran right after an upgrade or on reboot during normal operation. \\  \\
-  - Performing an upgrade via the shell is safer than via the web interface. From the shell, you download a .zip \\ and check \\ for magic number errors when extracting the archive. Most devices have enough RAM \\ to host the .zip. Uploading a ".trx" file \\ via the web interface increases risk, especially on a less stable connection, such as a WiFi client. \\  \\
+  - Performing an upgrade via the shell is safer than via the web interface. From the shell, you download a .zip \\ and check for magic number errors when extracting the archive. Most devices have enough RAM \\ to host the .zip. Uploading a ".trx" file via the web interface is more risky, especially on a less stable connection, \\ such as a WiFi client. \\  \\
-  - Clearing NVRAM and restoring variables remotely via a script could lead to a serious lockout or bootloop. \\ Even if such an approach (having a list of nvram set commands) saved time, too many things could go wrong.\\  \\
+  - Clearing NVRAM and restoring variables remotely via a script could lead to a serious lockout or bootloop. \\ Even if such an approach (having a list of nvram set commands) saved time, too many things can go wrong.\\  \\
-  - Having a persistent basic Internet connection, VPN, and LAN parameters could allow an internal device \\ (such as a PC, \\ or small service/maintenance appliance RPI) to announce its availability. This could allow it \\ to be accessed \\ remotely for finalizing the whole post-upgrade configuration. A VPN might not be needed if a remote access tool \\ such as Teamviewer were available). \\  \\
+  - Having a stable basic Internet connection, VPN, and LAN parameters could allow an internal device \\ (like a PC or small service/maintenance appliance RPI) to announce its availability. This could allow it \\ to be accessed remotely for finalizing the whole post-upgrade configuration. A VPN may not be needed \\ if a remote access tool such as Teamviewer were available). \\  \\
-  - Upgrade options using TFTP wouldn't be viable because of the need to trigger the transfer during a short \\ (a few seconds) \\ service window during power-up. Such options might also require specific button combinations \\ which wouldn't be practical.\\  \\
+  - Upgrade options using TFTP wouldn't be viable because of the need to trigger the transfer during a short \\ (a few seconds) service window during power-up. Also, such options may require specific button combinations \\ which would not be practical.\\  \\
-  - Other options for FreshTomato to do a controlled reconfiguration during upgrade might include \\ leaving specific entry points, \\ hooks, or callback scripts. However, this would require thorough examination, \\ development and testing. Such work might be  \\ unfeasible if developer resources were limited.
+  - Other options to do a controlled reconfiguration during upgrade might include leaving specific entry points, \\ hooks, or callback scripts. However, this would require thorough examination, development and testing. \\ Such work might be unfeasible if developer resources were limited.

FreshTomato Wiki

User Tools

Site Tools

Differences

Page Tools