Common Firmware Environment (CFE) is a firmware developed by Broadcom for their embedded devices. One version of CFE is present in the WL-700gE. It is the primary boot loader for the device, and occupies the first 256kb of the flash chip.

The CFE console is accessible if you hack the device to have a serial port.

From the CFE prompt, you can:

• Boot the device using a kernel image that is resident on the flash chip or available over TFTP
  • e.g. boot -addr=0x80001000 -max=0x800000 -tftp IPADDR:KERNEL.FILENAME
• Load a program into RAM without executing it, using the load command -- which has essentially the same format as boot
• Load a batch file and execute it, using the batch command; but unfortunately there's no instructions we can find about what can appear in a batch file.
• Configure the on-board network devices
• Manipulate the NVRAM environment region (which is the last 64kb of the flash chip)
• Boot an operating system image (e.g. TRX image) resident on flash, using the go command.

We use the CFE for NetworkBooting and not much else. (We are especially hesitant about using the CFE to write to the flash device, since we might overwrite the first 256kb and thereby clobber CFE itself.)

You can use the CFE to flash a new TRX image without a serial console, simply by holding down the orange EZ-Setup button while powering on the device for about ten seconds. At that point CFE goes into "rescue mode"; it starts a TFTP server and waits for a TRX image to be sent over the network.

The WL-700gE is built around the Broadcom BCM4780 NASoC (Network Appliance System on a Chip).

• http://wiki.openwrt.org/OpenWrtDocs/Customizing/Firmware/CFE
• http://www.broadcom.com/products/sibyte_downloads.php#cfe (latest version) or http://www.broadcom.com/products/communications_processors_downloads.php
• Broadcom CFE Archive
• http://www.linux-mips.org/wiki/CFE

See Also: http://www.openmss.org/

Common Firmware Environment for the WL-700gE

The bootloader used by WL-700gE is CFE, version 1.0.37.

The CFE is the program that allows new firmware to be uploaded to the device via TFTP.

CFE supports NetworkBooting (that is, obtain the kernel and root filesystem image over the network rather than from flash) if given the appropriate commands from a serial console at startup time.

CFE lives in the first 256kb of internal flash.

The current version of CFE from broadcom's web site is 1.4.0.

Replacing the CFE is probably beyond the scope of anything we want to try, since there is no JTAG interface that would let us unbrick a unit that has a borked CFE ... maybe someone can help with this.

Information on CFE is currently available directly from Broadcom, in case you want to look at the documentation or source code for it.

Current versions of CFE are available under a BSD-style (free software, non-copyleft) license; but the version of CFE that is on the 700gE is proprietary. It sure is too bad that CFE isn't under GPL; if it were, then the Asus GPL source tarball would include the source for the version they use. Oh well.