Common Firmware Environment
About
The Common Firmware Environment (CFE) is the firmware developed by Broadcom for the BCM947xx SoC platform (among others). It is the first code that runs when the router boots and performs functions similar to Apple's Open Firmware:
- Initializes the system
- Sets up a basic environment in which code can run
- Optionally provides a command line interface non-standard usage
- Loads and executes a kernel image (expecting to be jettisoned shortly thereafter)
So, in normal operation, a user will not see CFE working at all; it will load the LinkSys kernel and send it on its merry way without hesitation. For us, however, CFE is crucial, because it provides us with the ability to load an image over the network using TFTP.
We have access to two major documents covering CFE, the reference manual, and the functional specification. Much of the content in these two documents overlaps.
Getting into CFE
To get into CFE, it will be very helpful to enable "boot wait" from the Administration Tab under the router's Web GUI. This will cause the router to wait on startup for a signal to stop booting into the firmware and enter CFE.
Once you have that set up and you've connected to the router, just type "reboot" (assuming OpenWRT is installed, it may be different for other firmwares) to reboot the router. This can also be done by power-cycling the router. As it's booting up, send a continuous stream of Ctrl+C characters to cancel booting and you'll be entered right into CFE.
From there, you can prod around CFE's features or load your own kernel using the command line interface.