install: stop fleet-converging on the OpenIPC default MAC#76
Merged
Conversation
OpenIPC's u-boot binaries ship with ``ethaddr=00:00:23:34:45:66`` baked into the LZMA-compressed default env (verified for hi3516av200 and hi3516cv300). When a camera boots with an empty NAND env partition, u-boot loads that default into RAM. Anyone running ``saveenv`` then immortalizes the bogus MAC into flash — and a fleet of installed cameras converges on the same address. Two fixes, both in ``defib install``: 1. Move env-partition wiping behind a new ``--wipe-env`` flag (default off). The new u-boot fits inside the boot partition, so the env partition doesn't *need* to be erased — and erasing it actively destroys whatever ethaddr u-boot last persisted. 2. Right before ``saveenv``, query ``printenv ethaddr`` and parse the value. If it's missing, malformed, or matches the OpenIPC default ``00:00:23:34:45:66``, generate a random locally-administered unicast MAC (first octet ``(rand & 0xfc) | 0x02``) and ``setenv ethaddr`` so saveenv writes a unique address. New module ``src/defib/uboot_env.py`` holds the helpers (``OPENIPC_DEFAULT_ETHADDR`` const, ``is_unset_or_default_ethaddr``, ``generate_locally_administered_mac``, ``parse_printenv_value``). Tested with 18 unit cases. Hardware-verified on av200 NAND: pre-fix a freshly-installed camera showed ``HWaddr 00:00:23:34:45:66`` (matching the user's lab report); after fix and a real cold-boot the camera presents ``6e:32:ed:20:ec:5e`` both in ``/sys/class/net/eth0/address`` and ``fw_printenv ethaddr``, and the rest of the install env (mtdparts, bootcmd, bootargs) persists correctly through reboot. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
OpenIPC's u-boot binaries ship with
ethaddr=00:00:23:34:45:66baked into the LZMA-compressed default env (verified for hi3516av200 and hi3516cv300). When a camera boots with an empty NAND env partition, u-boot loads that default into RAM. Anyone runningsaveenvthen immortalizes the bogus MAC into flash — and a fleet of installed cameras converges on the same address. Lab observation: multiple cameras restored viadefib installall came up asHWaddr 00:00:23:34:45:66.Two fixes, both in
defib install1. Move env-partition wiping behind
--wipe-envDefault off. The new u-boot fits inside the boot partition, so the env partition doesn't need to be erased. Erasing it actively destroys whatever ethaddr u-boot last persisted, forcing the fall-through to the bogus default.
2. Defensive ethaddr replacement before
saveenvQuery
printenv ethaddr, parse the value. If it's missing, malformed, or matches the OpenIPC default, generate a random locally-administered unicast MAC (first octet(rand & 0xfc) | 0x02) andsetenv ethaddrso saveenv writes a unique address. Logs the rescue MAC so it's visible in install output.New module
src/defib/uboot_env.pyholds the helpers and constants.Test plan
uv run pytest tests/test_uboot_env.py -v— 18/18 (format checks, locally-administered bit set, multicast bit clear, default detection in upper/lower case, malformed handling, printenv parsing edge cases)uv run pytest tests/ -x -q --ignore=tests/fuzz— 425 passed, 2 skippeduv run ruff check src/ tests/— cleanuv run mypy src/defib/cli/app.py src/defib/uboot_env.py --ignore-missing-imports— cleanmake -C agent test HOST_CC=gcc— 5406/5406HWaddr 00:00:23:34:45:66(reproduces the bug);post-fix install →
ethaddr was 00:00:23:34:45:66 (OpenIPC default) — assigning 6e:32:ed:20:ec:5e;after a real cold-boot the camera presents
6e:32:ed:20:ec:5ein both/sys/class/net/eth0/addressandfw_printenv ethaddr, and the rest of the install env (mtdparts, bootcmd, bootargs) persists correctly through reboot.Notes
--wipe-envis preserved for cases where someone really does want a clean env (e.g. recovering from corrupted env). The default just stops doing it implicitly.00:12:31:.... Cameras that have a real factory-derived MAC saved in env are detected by theis_unset_or_default_ethaddrcheck and left alone.🤖 Generated with Claude Code