====== WHITE BOX v1.1 ======

===== Hardware required =====
  * Buspirate (for serial console)
  * Fonera FON2100A/B/C

===== Setting up TFTP =====
Download the [[http://downloads.openwrt.org/backfire/10.03.1-rc5/atheros/|OpenWRT Backfire]] installation files:

  * [[http://downloads.openwrt.org/backfire/10.03.1-rc5/atheros/openwrt-atheros-vmlinux.lzma|openwrt-atheros-vmlinux.lzma]]
  * [[http://downloads.openwrt.org/backfire/10.03.1-rc5/atheros/openwrt-atheros-root.squashfs|openwrt-atheros-root.squashfs]]

Setup atftpd or dnsmasq TFTP and put the above files on there.

===== Serial console via transparent UART bridge on Buspirate =====
Pinout of the Fonera Serial Port:

  ,-----------,-------------------------------------//---
  | power     |    +3.3V  o o  -> Buspirate GND
  | connector |      n/a  o o  n/a
  |-----------'      n/a  o o  -> Buspirate MISO
  |                  n/a  o o  -> Buspirate MOSI
  |                  n/a  o o  n/a
  |

Setup Buspirate in transparent UART bridge mode 9600 8N1 HiZ and connect to it via gtkterm or similar.

===== Flashing OpenWRT Firmware =====
Boot Fonera and hit ^C to enter RedBoot console.

Connect Fonera via Ethernet to host computer and configure the hosts IP to be 192.168.1.2.  Then execute the following commands on the serial console (note: flashing takes a long time... several minutes):

  RedBoot> ip_address -l 192.168.1.1/24 -h 192.168.1.2
  RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
  RedBoot> fis init
  RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7
  RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
  RedBoot> fis create rootfs
  RedBoot> reset

===== Setup Password and ssh access =====
Wait until Fonera rebooted, once that's done hit ENTER to get a shell.  Now set a password which should also start dropbear sshd to allow you to login via ssh.

  OpenWRT#> passwd

===== Configure Network =====
  * Enable DHCP on br-lan interface so you can simply plug it into your network.
  * Enable WiFi

Edit /etc/config/dhcp and set the ignore option on the following block to disable DHCP entirely (this is done because there's already a DHCP server in the shackspace network).

  config dhcp lan
  	option interface	lan
  	option ignore	1

Now make sure that you are connected to something that has internet access and DHCP running.  Reboot the Fonera and verify you can ping outside hosts.

===== Install Support for SD Card over GPIO =====
  # opkg update
  # opkg install kmod-mmc-over-gpio
  # opkg install luci-app-mmc-over-gpio


http://wiki.openwrt.org/doc/howto/mmc_over_gpio

GPIO Pin Mapping (via LuCI web-interface or "uci set"):

^Parameter ^Setting ^
|Name      |default |
|DI_pin    |1 |
|DO_pin    |3 |
|CLK_pin   |4 |
|CS_pin    |7 |
|Mode      |0 |

Pinout of the SW1 connector on the Fonera:

  .-----------,-------,-----------,---//---
  | power     |       | serial    |
  | connector |       | connector |
  |-----------'       '-----------'
  |
  | o  SW1.1, GPIO3 -> SD/MMC MISO
  | o  SW1.2, GPIO4 -> SD/MMC SCK
  | o  SW1.3, n/a
  | o  SW1.4, +3.3V -> SD/MMC VCC
  | o  SW1.5, GPIO1 -> SD/MMC MOSI
  | o  SW1.6, GPIO7 -> SD/MMC /CS
  | 
  | o   o     GND   -> SD/MMC GND (either of the 5 pins is okay)
  |   o
  | o   o
  '------------//----

Note: GPIO3 and GPIO1 could be switched but the connection to the SD card is labeled correctly.

====== Software & Configuration ======
===== Serial Port Configuration: stty =====
  # opkg update
  # opkg install coreutils-stty

===== init.sh =====
On systems without persistent storage (like the old dd-wrt version used with portal 1.0) this script can be used to setup the environment at boot time.
On the current system which does have a persistent overlay filesystem, the init.sh script can be used to do most of the initial setup.

TODO: check if serial port configuration (stty) is persistent across reboots.

===== SSH Keyfile Auth for root =====
Put the root SSH public key into /etc/dropbear/authorized_keys.
//This is done by init.sh.//

===== Disable Password-Logins =====
Once SSH keys are setup and deployed, disable PasswordAuth in /etc/config/dropbear.

===== Network =====
  * remove wlan0 from the 'lan' bridge 
  * create new zone 'portalwlan'
    * enable DHCP server
    * iface static 192.168.1.1/24
  * leave 'lan' zone as-is
    * no DHCP server
    * iface static 192.168.0.1/24

===== Services =====
Disable LuCI web-interface

  # /etc/init.d/uhttpd disable
  # /etc/init.d/uhttpd stop   

Disable password-based logins in /etc/config/dropbear

  option PasswordAuth 'off'

===== Notable Tidbits =====
  * open/close users must have UID != 0\\ Make sure the UID of the open/close users is different from '0'.  Otherwise dropbear will expect your keyfile to be /etc/dropbear/authorized_keys.  For UIDs other than '0' you can use ~/.ssh/authorized_keys.\\ //This is taken care of by by init.sh.//