Commit Graph

165 Commits

Author SHA1 Message Date
Felix Fietkau
557a7ca70d build: add locking around dtc call after running mkits.sh
mkits.sh creates a root.*.pagesync file with padding, which is global, and
the generated .its files reference it. Since dtc reads this file, it must
not run at the same time as mkits.sh
Fixes generating itb images with broken rootfs.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-12-04 13:33:21 +01:00
Maxim Anisimov
79db5d65ca ramips: move zyimage creation to include/image-commands.mk
This is required for upcoming Keenetic KN-3911 support

Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16830
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-11-28 22:33:21 +01:00
Christian Marangi
def70fa85b
image: ignore errors from more commands
Ignore errors in more image commands to handle case where the image is
too big and check-image validation fails.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-10-30 14:17:34 +01:00
Christian Marangi
5ba701fe19
image: ignore errors from mktplinkfw command
Rework tplink-v2-header and tplink-v2-image Build define to ignore error
if mktplinkfw2 errors out.

This is to handle situation when the image is too big and can't be
generated or prev check-image calls deleted the source file as it's too
big.

This aligns to the pattern used by tplink-v1-image.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-10-30 14:17:33 +01:00
Christian Marangi
bfb2e099e4
kernel: rework Initramfs compile cpio handling
Now that we copy and then delete the Per-Device rootfs linux directory,
it's not valid anymore placing the generated cpio there as artifacts
or subsequent commands need the generated cpio.

To handle this, rework Initramfs compile cpio handling by placing them in
the KERNEL_BUILD_DIR but add to the name the rootfs HASH ID.

To also prevent race condition, generate and access these file under a
lock to prevent fit command to reference a cpio while a parallel
execution is genereting it.

Fixes: 52cc9d82f1 ("kernel: rework Initramfs locking logic")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-09-19 01:07:25 +02:00
Robert Marko
905338ad60 image: add recipe for legacy multiple images
Asus RT-AX89X has modded U-Boot that boots FIT images fine when manually
using bootm command, however once the image is flashed and device boots via
the default bootcmd it only supports booting via legacy images.

More precisely, it requires the "multi" image format with:
1. kernel
2. ramdisk
3. DTB

So, lets add a recipe based on the existing uImage one.

Link: https://github.com/openwrt/openwrt/pull/15840
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-07-09 12:33:17 +02:00
Christian Marangi
ec75f86612
image: respect TARGET_PER_DEVICE_ROOTFS for initramfs fit command
Fit command makes use of CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE as the
cpio is provided externally and is not embedded in the kernel image.

As done with embedded cpio, also handle PER_DEVICE_ROOTFS by generating
a cpio for each rootfs and reference them by the ROOTFS_ID generated
previously. The generated cpio are placed in the linux directory + the
package ID.

Link: https://github.com/openwrt/openwrt/pull/12959
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-07-06 16:20:07 +02:00
INAGAKI Hiroshi
47d9dcd01a build: move Build/buffalo-trx to image-commands.mk
Move Build/buffalo-trx to image-commands.mk from image/mt7622.mk to use
that definition from ramips as well.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2024-06-05 21:14:16 +02:00
Michał Kępień
77106faa37 tools: remove kernel2minor
Since the Yafut tool is now used for both updating the kernel on
MikroTik devices with NAND flash and preparing firmware images for
MikroTik devices with NOR flash, remove the kernel2minor utility from
the tree as it is no longer used for anything.

Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
Link: https://github.com/openwrt/openwrt/pull/13453
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-06-05 17:03:24 +02:00
Michał Kępień
a60721f2ed mikrotik: switch to Yafut for building MikroTik NOR images
The Yafut tool now has limited capabilities for working on filesystem
images stored in regular files.  This enables preparing Yaffs2 images
for devices with NOR flash using upstream Yaffs2 filesystem code instead
of the custom kernel2minor tool.

Since minimizing the size of the resulting filesystem image size is
important and upstream Yaffs2 code requires two allocator reserve blocks
to be available when writing a file to the filesystem, a trick is
employed while preparing an OpenWRT image: the blank filesystem image
that Yafut operates on initially contains two extra erase blocks that
are chopped off after the kernel file is written.  This is safe to do
because Yaffs2 has a true log structure and therefore only ever writes
sequentially (and the size of the kernel file is known beforehand).
While the two extra erase blocks are necessary for writes, Yaffs2 code
seems to be perfectly capable of reading back files from a "truncated"
filesystem that does not contain these extra erase blocks.

In terms of image size, this new approach is only marginally worse than
the current kernel2minor-based one: specifically, upstream Yaffs2 code
needs to write three object headers (each of which takes up an entire
data chunk) when the kernel file is written to the filesystem:

  - an object header for the kernel file when it is created,

  - an object header for the root directory when the kernel file is
    created,

  - an updated object header for the kernel file when the latter is
    fully written (so that its new size can be recorded).

kernel2minor only writes two of these headers, which is the absolute
minimum required for reading the file back.  This means that the
Yafut-based approach causes firmware images to be at most one erase
block (64 kB) larger than those created using kernel2minor, but only in
the very unfortunate scenario where the size of the kernel file is
really close to a multiple of the erase block size.

The rest of the calculations performed when the empty filesystem image
is first prepared stems from the Yaffs2 layout used by MikroTik NOR
devices: each 65,536-byte erase block contains 63 chunks, each of which
consists of 1024 bytes of data followed by 16-byte Yaffs tags without
ECC data; each such group of 63 chunks is then followed by 16 bytes of
padding, which translates to "-C 1040 -B 64k -E" in the Yafut
invocation.  Yaffs2 checkpoints and summaries are disabled (using
Yafut's -P and -S switches, respectively) as they are merely performance
optimizations that require extra storage space.  The -L and -M switches
are used to force little-endian or big-endian byte order (respectively)
in the resulting filesystem image, no matter what byte order the build
host uses.  The tr invocation is used to ensure that the filesystem
image is initialized with 0xFF bytes (which are an indicator of unused
space for Yaffs2 code).

Signed-off-by: Michał Kępień <openwrt@kempniu.pl>
Link: https://github.com/openwrt/openwrt/pull/13453
Signed-off-by: Robert Marko <robimarko@gmail.com>
2024-06-05 17:03:24 +02:00
Paul Spooren
d997477775 treewide: remove implicit SUBTARGET
Historically it's possible to leave the `SUBTARGETS` undefined and
automatically fallback to a "generic" subtarget. This however breaks
various downstream scripts which may have expectations around filenames:

While some targets with an explicit generic subtarget contain `generic`
in the filenames of artifacts, implicit "subtargets" don't.

Right now this breaks the CI[1], possibly also scripts using the ImageBuilders.

This commit removes all code that support implicit handling of
subtargets and instead requires every target to define "SUBTARGETS".

[1]: https://github.com/openwrt/openwrt/actions/runs/8592821105/job/23548273630

Signed-off-by: Paul Spooren <mail@aparcar.org>
2024-04-08 21:53:05 +02:00
Roland Reinl
0e2b7e3bd6 mediatek: Moved recovery image creation to include/image-commands.mk
The recovery image is reqired for D-Link M30 as well. So I moved it to include/image-commands.mk to be able to use it for MT7622 and filogic devices.

Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
2024-03-31 19:01:20 +02:00
Daniel Golle
1323314087 images: append to existing image with ubinize-image build cmd
Let ubinize-image append the ubinized image to the existing image
instead of replacing it.

Fixes: 6c17d71973 ("scripts: ubinize-image.sh: support static volumes, make size optional")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-16 13:56:01 +00:00
Daniel Golle
67beab2b2b scripts: ubinize-image.sh: fix on POSIX shell, allow custom images
Make sure ubinize-image.sh also works with more simple POSIX Shell and
allow creating complete custom images to be used as ARTIFACT/foo.img
and thereby allow including uImage.FIT, TF-A FIP and what ever else
is required on a specific board.

Fixes: 6c17d71973 ("scripts: ubinize-image.sh: support static volumes, make size optional")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-16 05:32:51 +00:00
Daniel Golle
6c17d71973 scripts: ubinize-image.sh: support static volumes, make size optional
In order to support devices having TF-A FIP image or UBI-aware U-Boot
SPL we need to include a static volume for the bootloader.

Introduce support for adding additional static volumes by prefixing
the filename with ':', eg.

UBINIZE_PARTS := fip:=$(STAGING_DIR_IMAGE)/u-boot.fip

Also add support for rootfs-in-uImage.FIT setups which don't require a
rootfs partition and make the (3rd) size parameter in UBINIZE_PARTS
optional (see example above without declared size).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-02-15 19:30:08 +00:00
Tony Ambardar
fc16df9fdd image: improve UBI image sizing on NAND devices
Many NAND devices use a build recipe with "append-ubi | check-size" to
ensure factory images don't exceed the target flash partition size.
However, UBI reserves space for bad block handling and other operational
overhead, and thus 'check-size' can overestimate the space available by
several MB. In practice, this means a failed check is definitely a failure,
while a passing check is only probably a pass.

Improve the situation by teaching 'Build/append-ubi' to check image sizes
while accounting for UBI reserved blocks. Add new device variable NAND_SIZE
and use with existing IMAGE_SIZE to derate the available space. Each UBI
device reserves 20 PEBs per 1024 PEBs of the entire NAND device for bad
blocks, plus an additional 4 PEBs overhead.

Many devices can transparently enable this check by setting NAND_SIZE based
on their flash storage, and may then remove any unneeded 'check-size'.

Link: http://www.linux-mtd.infradead.org/doc/ubi.html#L_overhead

Suggested-by: Shiji Yang <yangshiji66@qq.com>
Suggested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-11-26 18:37:20 +01:00
Tony Ambardar
cd5e0134b6 image: fix Linksys image alignment and simplify footer creation
Current factory image sizes for Linksys devices are 256-byte aligned. This
is not an issue writing factory images from the OpenWrt or Linksys GUIs,
but can lead to failures using a TFTP client from the Linksys bootloader:

     NAND write: device 1 offset 0x2800000, size 0xc00100
     Attempt to write to non page aligned data
     NAND write to offset 2800000 failed -22
      0 bytes written: ERROR

Simplify Linksys footer creation by migrating to a makefile build recipe,
and pre-pad the footer (with 0xFF) to ensure the final image is $(PAGESIZE)
aligned.  Finally, remove the old linksys-image.sh script no longer needed.

Linksys footer details are given below for future reference. The 256-byte
footer is appended to factory images and tested by both the Linksys
Upgrader (observed in EA6350v3) and OpenWrt sysupgrade.

  Footer format:
    .LINKSYS.     Checked by Linksys upgrader before continuing.  (9 bytes)
    <VERSION>     Upgrade version number, unchecked so arbitrary. (8 bytes)
    <TYPE>        Model of device, space padded (0x20).          (15 bytes)
    <CRC>         CRC checksum of factory image to flash.         (8 bytes)
    <padding>     Padding ('0' + 0x20 * 7)                        (8 bytes)
    <signature>   Signature of signer, unchecked so arbitrary.   (16 bytes)
    <padding>     Padding with nulls (0x00)                     (192 bytes)

Link: https://github.com/openwrt/openwrt/pull/11405#issuecomment-1358510123
Link: https://github.com/openwrt/openwrt/pull/11405#issuecomment-1587517739

Reported-by: Stijn Segers <foss@volatilesystems.org>
Reported-by: Wyatt Martin <wawowl@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-11-26 18:37:20 +01:00
Tony Ambardar
b16e14a220 image: use helper function for size units
Add the make function 'exp_units' for helping evaluate k/m/g size units in
expressions, and use this to consistently replace many ad hoc substitutions
like '$(subst k,* 1024,$(subst m, * 1024k,$(IMAGE_SIZE)))' in makefiles.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2023-11-26 18:37:20 +01:00
Alan Luck
4c0dc68f46 ramips: add encrypted SGE factory image for D-Link devices
creates SGE encrypted factory images
to use via the D-Link web interface
rename the old factory unencrypted images to recovery
for use in the recovery console when recovery is needed
DIR-1935-A1 , DIR-853-A1 , DIR-853-A3 , DIR-867-A1 ,
DIR-878-A1 and DIR-882-A1

Signed-off-by: Alan Luck <luckyhome2008@gmail.com>
2023-11-12 15:03:05 +01:00
Wenli Looi
0a1ebccc87 image: add additional fields to Netgear encrypted image
These fields are used for EAX12 and EX6250v2 series, and perhaps other
devices. Compatibility is preserved with the WAX202 and WAX206.

In addition, adds the related vars to DEVICE_VARS so that the variables
work correctly with multiple devices.

References in GPL source:
https://www.downloads.netgear.com/files/GPL/EAX12_EAX11v2_EAX15v2_GPL_V1.0.3.34_src.tar.gz

* tools/imgencoder/src/gj_enc.c
  Contains code that generates the encrypted image.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2023-07-01 14:42:11 +02:00
Maximilian Martin
906e2a1b99 ath79: Add support for MOXA AWK-1137C
Device specifications:
======================

* Qualcomm/Atheros AR9344
* 128 MB of RAM
* 16 MB of SPI NOR flash
* 2x 10/100 Mbps Ethernet
* 2T2R 2.4/5 GHz Wi-Fi
* 4x GPIO-LEDs (1x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* 2x fast ethernet
  - lan1
    + builtin switch port 1
    + used as WAN interface
  - lan2
    + builtin switch port 2
    + used as LAN interface
* 9-30V DC
* external antennas

Flashing instructions:
======================

Log in to https://192.168.127.253/
   Username: admin
   Password: moxa

Open Maintenance > Firmware Upgrade and install the factory image.

Serial console access:
======================

Connect a RS232-USB converter to the maintenance port.
   Pinout: (reset button left) [GND] [NC] [RX] [TX]

Firmware Recovery:
==================

When the WLAN and SYS LEDs are flashing, the device is in recovery mode.

Serial console access is required to proceed with recovery.

Download the original image from MOXA and rename it to 'awk-1137c.rom'.
Set up a TFTP server at 192.168.127.1 and connect to a lan port.

Follow the instructions on the serial console to start the recovery.

Signed-off-by: Maximilian Martin <mm@simonwunderlich.de>
2023-06-25 12:59:26 +02:00
Daniel Golle
6b01d40bfe image: improve uImage.FIT device tree overlay support
Instead of generating full config nodes incl. kernel, generate minimal
config nodes for device tree overlays to be applied to the main config.
In this way, multiple device tree overlays can be applied more easily.
While at it change filenames to upstream style, ie. use dtso and dtbo
suffix for device tree overlays.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-06-05 11:36:32 +01:00
David Yang
a8a2a95351
build: Allow specifying uImage time
Some U-Boot checks for a specified uImage time and refuses to boot if
mismatched. This patch fixes it by recognizing UIMAGE_TIME parameter.

Signed-off-by: David Yang <mmyangfl@gmail.com>
2023-05-20 21:29:25 +02:00
Sven Roederer
4071398b13 build: escape whitespaces in VERSION_DIST for Netgear images
Prevents subshell commands from failing to parse options
when having defined a whitespace in the VERSION_DIST.
As the called resulting images unlikely will handle
whitespace correctly, we replace them by "-".

Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
2023-05-20 15:19:14 +02:00
Daniel Golle
43417aef84 Revert "ath79: add empty squashfs-lzma filesystem"
This reverts commit 91e3419a33.
Now that squashfs3-lzma generates reproducible output we can drop the
empty binary. Having a binary file in the tree is not nice and we actually
also use squashfs3-lzma for devices which expect the kernel to be loaded
from a squashfs3...

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-05-12 02:27:17 +02:00
Paul Spooren
91e3419a33 ath79: add empty squashfs-lzma filesystem
The filesystem is currently created on every build to trick the boot
loader of some FRITZ! devices into accepting the image. Sadly the
resulting squashfs-lzma filesystem is not reproducible. To fix this,
create a squashfs filesystem once and include it into the repository.

Creation happend as shown below

    rm -rf empty_dir
    mkdir empty_dir
    ./staging_dir/host/bin/mksquashfs-lzma \
    	empty_dir/ empty-squashfs-lzma \
    	-noappend -root-owned -be -nopad -b 65536 -fixed-time 0

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-05-08 20:03:44 +02:00
Rani Hod
e4c7703d2a ramips: add support for D-Link DAP-1620 B1
The DAP-1620 rev B is a wall-plug AC1300 repeater.

Specifications:
- MT7621AT, 256 MiB RAM, 16 MiB SPI NOR
- MT7615DN 2x2 802.11n +2x2 802.11ac (DBDC)
- Ethernet: 1 port 10/100/1000
- Status LEDs (1x red+green)
- LED RSSI bargraph (2x green, 1x red+green)

Installation:
- Keep reset button pressed during plug-in
- Web Recovery Updater is at 192.168.0.50
- Upload factory.bin, confirm flashing
  (seems to work best with Chromium-based browsers)

Revert to OEM firmware:
- tail -c+117 DAP1620B1_FW212B03.bin | \
  openssl aes-256-cbc -d -md md5 -out decrypted.bin \
  -k 905503a4e0c3cd3c1ce062246de427a68962347e
- flash decrypted.bin via D-Link Web Recovery

Signed-off-by: Rani Hod <rani.hod@gmail.com>
2023-04-29 22:05:20 +02:00
Christian Marangi
01262c921c
tools/squashfs: rename to squashfs3-lzma
The name of squashfs is confusing since in reality it's a really old
version using an old lzma library. This tools is used for old ath79
netgear target and to produde a fake squasfs3 image needed for some
specific bootloader from some OEM (AVM for example)

Rename squashfs tool to squasfs3-lzma to better describe it.
Rename the installed bin from mksquashfs-lzma to mksquashfs3-lzma.
Use tar transform to migrate the root directory in tar to the new
naming.
Drop redundant PKG_CAT variable not needed anymore.
Also update any user of this tool.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-02-18 21:11:36 +01:00
Tony Butler
4a444e576f build: fix incomplete initramfs compression options
Requires: tools/lz4, tools/lzop

complete the wiring so that these options work:
* `CONFIG_KERNEL_INITRAMFS_COMPRESSION_LZO`
* `CONFIG_KERNEL_INITRAMFS_COMPRESSION_LZ4`

Signed-off-by: Tony Butler <spudz76@gmail.com>
[remove blocking dependencies for separate ramdisk, fix lzop options]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-01-17 00:16:35 +00:00
Michael Pratt
ee87dbb3fe image: add gzip-filename build recipe
Some vendors use basic gzip metadata (original filename and timestamp)
to verify valid images, along with the size of it's contents.

Also, add a new device profile variable FACTORY_IMG_NAME
which would be ideal to use with this new recipe.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-01-06 15:34:07 +01:00
Markus Stockhausen
a51ca085bf tools: Add gzip-libdeflate advanced compressor
Several devices provide U-Boot versions with only gzip compressed kernel
support (e.g. Realtek switches). This compression method produces larger
images than lzma. To save space on flash and avoid going the hard way with
lzma-loader we can make use of enhanced gzip tool based on libdeflate
compression library from https://github.com/ebiggers/libdeflate. It
keeps 100% deflate/gzip compatibility while improving compression ratio.
The image can be unpacked by the default inflate routines inside U-Boot.

Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
[Switched to v1.15 and made it work with cmake]
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Sander Vanheule <sander@svanheule.net>
2023-01-02 10:15:37 +01:00
Olliver Schinagl
47df168dd2
image-commands.mk: Be consistent in command invocation
Most/all other tools use the staging dir prefix, gzip should as well.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-18 13:18:09 +01:00
Daniel Golle
2f14c17501 build: make sure that $(STAGING_DIR_IMAGE) exists
Call 'mkdir -p $(STAGING_DIR_IMAGE)' before trying to store files in
this potentially non-existing folder.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-12-05 01:28:28 +00:00
David Bauer
a208f0a9be mkits: support definition of DTB loadaddr
Support defining a per-device loadaddress for the DTB. This is required
for devices which to not align the DTB from the bootloader correctly.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-11-08 12:16:36 +01:00
INAGAKI Hiroshi
00ddd29b65 build: move Build/edimax-header to image-commands.mk
To use from the following devices in ath79 target, move edimax-header to
image-commands.mk.

- ELECOM WRC-300GHBK2-I
- ELECOM WRC-1750GHBK2-I/C

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2022-10-19 22:58:12 +02:00
Huangbin Zhan
2f8ac8bcea
build: image: use printf for ModelNameLimit16
Fix syntax error on macos, for substr is undefined results according to
the POSIX standard.

From expr on macos:
 According to the POSIX standard, the use of string arguments length,
 substr, index, or match produces undefined results.  In this version of
 expr, these arguments are treated just as their respective string values.

By a simple test Makefile:

define ModelNameLimit16
$(shell expr substr "$(word 2, $(subst _, ,$(1)))" 1 16)
endef

define ModelNameLimit16_2
$(shell printf %.16s "$(word 2, $(subst _, ,$(1)))")
endef

hello:
	echo $(call ModelNameLimit16, technicolor_tg582n-telecom-italia)
	echo $(call ModelNameLimit16_2, technicolor_tg582n-telecom-italia)

The same output is produced.

echo tg582n-telecom-i
tg582n-telecom-i
echo tg582n-telecom-i
tg582n-telecom-i

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
[ wrap commit description to 80 columns and improve it ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-10-13 15:57:35 +02:00
Daniel Golle
4a28537e4c image-commands: fix generating out-of-tree DTO
Hack path so DTO generation works also for out-of-tree device tree
sources which currently fail.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-07-30 19:04:36 +02:00
Wenli Looi
efca76ffce
image: add support for Netgear encrypted image
Netgear encrypted image is used in various devices including WAX202,
WAX206, and EX6400v3. This image format also requires a dummy squashfs4
image which is added here as well.

References in WAX202 GPL source:
https://www.downloads.netgear.com/files/GPL/WAX202_V1.0.5.1_Source.rar

* openwrt/bootloader/u-boot-mt7621-2018.09-gitb178829-20200526/board/ralink/common/dual_image.c
  Bootloader code that verifies the presence of a squashfs4 image, thus
  a dummy image is added here.

* openwrt/tools/imgencoder/src/gj_enc.c
  Contains code that generates the encrypted image. There is support for
  adding an RSA signature, but it does not look like the signature is
  verified by the stock firmware or bootloader.

* openwrt/tools/imgencoder/src/imagekey.h
  Contains the encryption key and IV. It appears the same key/IV is used
  for other Netgear devices including WAX206 and EX6400v3.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
2022-07-19 14:49:03 +02:00
Daniel Golle
7a256d97d9
image: strip metadata from images when used in other artifacts
Image metadata and signature is of no use for images which are included
inside other artifacts (like an SD-card image). Strip them off before
using images in artifacts or stashing them for the ImageBuilder as the
contained signature breaks reproducibility.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-04-15 13:42:01 +01:00
Paul Spooren
8822a8d850 build: store sha256_unsigned in JSON
Introduce `sha256_unsigned` which is a checksum of the image _before_ a
signature is attached. This is helpful to compare image reproducibility.

Since the `.sha256sum` file is located in the $(KDIR) folder, switch
$(BIN_DIR) with $(KDIR) to simplify the code. The value of $(BIN_DIR)
itself is not stored inside the resulting JSON file, so it can be
replaced.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-29 21:41:06 +01:00
Sungbo Eo
39d06472eb tools: zip: fetch SOURCE_DATE_EPOCH directly
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.

Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-03-09 15:38:23 +09:00
Sungbo Eo
e42764cc5f build: image: use UTC for zip timestamp
Zip uses DOS timestamp for mtime which is stored in local time and hence
depends on the timezone of the build system. Force zip to use UTC timezone
to make image builds more reproducible.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-03-09 15:38:23 +09:00
Paul Spooren
a9478490d8 image-commands.mk: Use ERROR_MESSAGE for imagesize fails
If a image is bigger than the device can handle, an error message is
printed. This is usually silenced and silently ignored, making it harder
to debug. While it's possible to run the build in verbose mode (via
`make V=s`) and grep for *is too big*, it's more intuitive to print the
error message directly. For that use the newly unlocked `$(call
ERROR_MESSAGE,...)` definition which now also print in non-verbose mode.

Fixes: FS#50 (aka #7604)

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-28 23:52:13 +01:00
Sungbo Eo
37753f34ac ramips: add support for ipTIME AX2004M
ipTIME AX2004M is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.

Specifications:
* SoC: MT7621A
* RAM: 256 MiB
* Flash: NAND 128 MiB
* Wi-Fi:
  * MT7915D: 2.4/5 GHz (DBDC)
* Ethernet: 5x 1GbE
  * Switch: SoC built-in
* USB: 1x 3.0
* UART: J4 (115200 baud)
  * Pinout: [3V3] (TXD) (RXD) (GND)

MAC addresses:

| interface |    MAC address    |     source     | comment
|-----------|-------------------|----------------|---------
|       LAN | 58:xx:xx:00:xx:9B |                | [1]
|       WAN | 58:xx:xx:00:xx:99 |                |
|   WLAN 2G | 58:xx:xx:00:xx:98 | factory 0x4    |
|   WLAN 5G | 5A:xx:xx:40:xx:98 |                |
|           | 58:xx:xx:00:xx:98 | config ethaddr |

[1] Used in this patch as WLAN 5G MAC address with the local bit set

Load addresses:
* stock
  * 0x80010000: FIT image
  * 0x81001000: kernel image -> entry
* OpenWrt
  * 0x80010000: FIT image
  * 0x82000000: uncompressed kernel+relocate image
  * 0x80001000: relocated kernel image -> entry

Notes:
* This device has a dual-boot partition scheme, but this firmware works
  only on boot partition 1. The stock web interface will flash only on the
  inactive boot partition, but the recovery web page will always flash on
  boot partition 1.

Installation via recovery mode:
1.  Press reset button, power up the device, wait >10s for CPU LED
    to stop blinking.
2.  Upload recovery image through the recovery web page at 192.168.0.1.

Revert to stock firmware:
1.  Install stock image via recovery mode.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-02-11 22:30:04 +09:00
Stijn Tintel
cd6a6e3030 Revert "ramips: add support for ipTIME AX2004M"
Commit f4a79148f8 ("ramips: add support for ipTIME AX2004M") seems to
leak KERNEL_LOADADDR 0x82000000 to other devices, causing the to no
longer boot. The leak is visible in u-boot:

   Using 'config-1' configuration
   Trying 'kernel-1' kernel subimage
     Description:  MIPS OpenWrt Linux-5.10.92
     Type:         Kernel Image
     Compression:  lzma compressed
     Data Start:   0x840000e4
     Data Size:    10750165 Bytes = 10.3 MiB
     Architecture: MIPS
     OS:           Linux
     Load Address: 0x82000000
     Entry Point:  0x82000000

Normally, it should look like this:

   Using 'config-1' configuration
   Trying 'kernel-1' kernel subimage
     Description:  MIPS OpenWrt Linux-5.10.92
     Type:         Kernel Image
     Compression:  lzma compressed
     Data Start:   0xbfca00e4
     Data Size:    2652547 Bytes = 2.5 MiB
     Architecture: MIPS
     OS:           Linux
     Load Address: 0x80001000
     Entry Point:  0x80001000

Revert the commit to avoid more people soft-bricking their devices.

This reverts commit f4a79148f8.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-01 21:35:15 +02:00
Sungbo Eo
f4a79148f8 ramips: add support for ipTIME AX2004M
ipTIME AX2004M is an 802.11ax (Wi-Fi 6) router, based on MediaTek
MT7621A.

Specification:
* SoC: MT7621A
* RAM: 256 MiB
* Flash: NAND 128 MiB
* Wi-Fi:
  * MT7915D: 2.4/5 GHz (DBDC)
* Ethernet: 5x 1GbE
  * Switch: SoC built-in
* USB: 1x 3.0
* UART: J4 (115200 baud)
  * Pinout: [3V3] (TXD) (RXD) (GND)

MAC address:

| interface |        MAC        |     source     | comment
|-----------|-------------------|----------------|---------
|       LAN | 58:XX:XX:00:XX:9B |                | [1]
|       WAN | 58:XX:XX:00:XX:99 |                |
|   WLAN 2G | 58:XX:XX:00:XX:98 | factory 0x4    |
|   WLAN 5G | 5A:XX:XX:40:XX:98 |                |
|           |                   |                |
|           | 58:XX:XX:00:XX:98 | config ethaddr |

[1] Used in this patch as WLAN 5G MAC address with the local bit set

Load address:
* stock
  * 0x80010000: FIT image
  * 0x81001000: kernel image -> entry
* OpenWrt
  * 0x80010000: FIT image
  * 0x82000000: uncompressed kernel+relocate image
  * 0x80001000: relocated kernel image -> entry

Installation via **recovery** mode:
1.  Press reset button, power up the device, wait >10s for CPU LED
    to stop blinking.
2.  Upload recovery image through the recovery web page at 192.168.0.1.

Revert to stock firmware:
1.  Install stock image via recovery mode.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-01-29 23:50:28 +09:00
Sungbo Eo
957f9adeb1 kirkwood: add support for ipTIME NAS1
ipTIME NAS1 is a 1-bay NAS, based on Marvell Kirkwood SoC.

Specifications:
* SoC: 88F6281
* RAM: 256 MiB
* Flash: SPI NOR 16 MiB
* SATA: 1x 3Gb/s
* Ethernet: 1x 1GbE
* USB: 1x 2.0
* Fan: 2 speed level
* UART: JP1 (115200 8N1)
  * Pinout: [3V3] (TXD) (RXD) (GND)

Notes:
* There are several variants of the model name: "NAS-I", "NASI", "NAS1".
  Here "NAS1" is adopted for consistent naming scheme.
* The reset button is also a USB copy button in stock FW,
  but in this patch the former is the only default behavior.

Installation via web interface:
1.  Flash sysupgrade image through the stock web interface.

Revert to stock firmware:
1.  Perform sysupgrade with stock image.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2022-01-29 23:50:28 +09:00
Christian Lamparter
144609bb3d build: move Build/copy-file to image-commands.mk
This is makro is present in more than one place.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-01-15 19:29:42 +01:00
Sungbo Eo
446da70669 build: image: improve zip build recipe
* clean before build
* specify executable path
* allow adding extra options for zip
* use basename of $@

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-12-12 14:05:55 +09:00
Oldřich Jedlička
fd4ad6cae8 x86: added support to generate VHDX images
Added support to generate dynamic-sized VHDX images for Hyper-V.
Compile-tested on x86 and run-tested on Windows 10 21H2 (Hyper-V).

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2021-12-05 18:49:14 +01:00