This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.
For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.
Notice that curve names are not necessarily the same in mbedtls and
openssl. In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.
Package size increased by about 900 bytes (arm).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Because a bug in handling partial erase blocks in 4.19 kernel, using
sysupgrade images will hard brick devices that use RedBoot bootloader
and have "FIS directory" with "RedBoot config" on the same erase block.
Since flashing the devices from bootloader is safe, and to not cause a
situation where external chip programmer or JTAG is needed, disable
sysupgrade images for affected boards while creating kernel.bin and
rootfs.bin for jjPlus JA76PF2 board, which doesn't have factory image.
To set up the JA76PF2 board follow "Installation" instructions in b3a0c97
("ath79: add support for jjPlus JA76PF2") except the part of loading
initramfs image and using sysupgrade image for flashing (point 6 and 7).
Enter following commands to flash the board from bootloader:
fis init
load -r -b 0x80060000 <openwrt_kernel_image_name>
fis create linux
load -r -b %{FREEMEMLO} <openwrt_rootfs_image_name>
fis create rootfs
fis load -l linux
exec -c ""
For RouterStations use TFTP recovery procedure.
Ref: FS#2428
Cc: Matt Merhar <mattmerhar@protonmail.com>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
When bumping to 4.19 the patch responsible for scaning flash for FIS
partition got left out. Without it devices with RedBoot bootloader using
automatic partitions detection in dts won't boot with the new kernel.
Fixes: 3771176 ("ath79: add support for linux 4.19")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Now that the md5 check is fixed and metadata present, sysupgrade on
ar71xx will complain about device not being supported by the image.
Since the cause is not matching strings for supported devices add them
accordingly.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This target enforces metadata check so add the necessary information. It
was previously removed because md5 sum check. When using these sysupgrade
images on ar71xx target the check would complain about them not matching.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
There is md5 sum of whole image embedded in combined-image header which
is checked on sysupgrade. The check will fail for ath79 images which
may have embedded metadata. This is because metadata are appended after
the combined image is created. To allow smooth transition from ar71xx to
ath79, strip metadata before calculating md5 sum for whole image.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
During review it slipped by that these devices use combined-image which
should never be used for newly added ones. Therefore switch to
sysupgrade-tar generated images introduced in 8f6f260 ("ath79:
routerstation: prepare to use sysupgrade-tar format image"). The
sysupgrade accepts both images for now so no reression should occur.
Cc: Brian Gonyer <bgonyer@gmail.com>
Cc: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
The frequency was filled acording the information from datasheet for
particular chip (Winbond 25Q128BVFG). Unfortunately this led to
coruption and introduced bad blocks on the chip. Reducing the frequency
to commonly used in ath79, made the board more stable and no new bad
blocks were spoted.
Fixes: b3a0c97 ("ath79: add support for jjPlus JA76PF2")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This fixes the previously incorrect phy-mode for the OCEDO Ursus GMAC0.
See 62abbd587d ("ath79: correct various phy-mode properties")
for more details.
Signed-off-by: David Bauer <mail@david-bauer.net>
Without this patch, an extra entry appears for AR9287 GPIO
that duplicates WLAN LED but in fact drives nothing:
gpiochip1: GPIOs 502-511, ath9k-phy0:
gpio-502 ( |netgear:blue:wlan ) out hi
gpio-503 ( |netgear:amber:test ) out hi
gpio-504 ( |netgear:green:power ) out lo
gpio-505 ( |rfkill ) in hi
gpio-507 ( |wps ) in hi
gpio-508 ( |reset ) in hi
gpio-510 ( |ath9k-phy0 ) out hi <===!
The pin pointed above is default LED GPIO (8) for AR9287.
For WNR2200 it is not connected anywhere - pin 0 drives blue WLAN
LED instead - but initialization code is missing that information.
This fix calls ap9x_pci_setup_wmac_led_pin() function at device
setup, forcing WLAN LED pin to be 0 and removing redundant entry.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Instead, instruct the configure script to use $(FPIC) only.
Mixing -fPIC and -fpic can cause issues on some platforms like PPC.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.
Removed PKG_BUILD_DIR as it is already the default value.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The button is labelled reboot/restore in documentation, and has always
been used for that. Naming it WPS has always been wrong.
Signed-off-by: Karl Pálsson <karlp@etactica.com>
[matched author to SoB]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
As Netgear uses the same image for R6260, R6350 & R6850
we can merge device tree files and generate separate
images for each device.
Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[add missing WiFi compatible string, fix network
configuration]
Signed-off-by: David Bauer <mail@david-bauer.net>
This adds factory image generation for all three
devices. These images can be flashed via WebUI
for easy installation.
Thanks to David Bauer for the inspiration.
Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[altered commit to only include the R6350]
Signed-off-by: David Bauer <mail@david-bauer.net>
There are currently the following issues present for the Netgear R6220,
R6350 and WNDR3700 v5:
- LAN and WAN MAC-addresses are inverted
- WAN MAC-address is off. It are +2 compared to the LAN MAC-address
(R6350 only)
- Switchport order is inverted in LuCi
This commit fixes both these issues by assigning correct MAC-addresses
to LAN and WAN interfaces and defining the switchports with the correct
labels.
Signed-off-by: David Bauer <mail@david-bauer.net>
This commit switches the default trigger for the WiFi LED from a netdev
trigger on "wlan0" to a wireless-phy based trigger. THis allows the LED
to work, even when the wireless interface is not named "wlan0" without
modifiying the LED settings.
Signed-off-by: David Bauer <mail@david-bauer.net>
This adds an easy-installation factory image for the NETGEAR R6220
router. The factory image can either be flashed via the vendor Web-UI or
the bootloader using nmrpflash.
Tested with NETGEAR V1.1.0.86 firmware.
Signed-off-by: David Bauer <mail@david-bauer.net>
The MediaTek MT7621 NAND driver currently intransparently shifts NAND
pages when a block is marked as bad. Because of this, offsets for e.g.
caldata and MAC-addresses seem to be off.
This is, howeer, not a task for the mtd NAND driver, as the flash
translation layer is tasked with this.
This patch disables this badblock shifting. This fix was originally
proposed by Jo-Philipp Wich at
https://bugs.openwrt.org/index.php?do=details&task_id=1926
Fixes FS#1926 ("MTD partition offset not correctly mapped when bad
eraseblocks present")
Signed-off-by: David Bauer <mail@david-bauer.net>
Since the binaries for both lua as well as lua5.3 contain the version
number, invocations of the "lua" binary are failing, as it's not created
anymore for the host package.
Fixes: fe59b46 ("lua: include version number in installed files")
Signed-off-by: David Bauer <mail@david-bauer.net>
While the -nopad option prevents mksquashfs from padding the
image to an arbitrary 4k. It does not take into consideration
that squashfs is programmed to have this 4k padding when it's
being used on on a block device... which is its main "use-case".
Now, after a week long discussion on the ML that included a
back-and-forth between some of the possible options.
But this is likely the best KISS patch to deal with the issue
right away given the limited resources.
From squashfs code point of view, be warned. The 4k padding is
not enough when dealing with devices that have a PAGE_SIZE
bigger than 4k.
if it turns out to be affecting you, then please look-up either:
"FS#2460 - kernel panic reading squashfs from ubi volume" bug
Or the discussion on the OpenWrt-Devel ML in
"amp821xx: use newly added pad-squashfs for Meraki MR24" and
"Squashfs breakage lottery with UBI..."
before making an educated guess.
Note: This will not affect the "tiny"/small flash devices as
much as it seems at first. This is because the the rootfs_data
partition that follows uses jffs2. And it requires to be aligned
to the flash block-size in order to work at all.
So either the involved FSes will meet in the middle as before,
or not at all. But in that latter case the image was already
hoping for the "undefined behaviour" gamble to turn out in its
favour and this is probably why this was unnoticed for so long.
Fixes: FS#2460
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)
This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true
},
"valid": true,
"forceable": true
}
Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info
This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.
Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.
Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
method so:
a) It's possible to safely sysupgrade using ubus only
b) /sbin/sysupgrade can be more like just a CLI
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
From: Stanislaw Gruszka <sgruszka@redhat.com>
This reverts commit 9ad3b55654455258a9463384edb40077439d879f.
As reported by Sergey:
"I got some problem after upgrade kernel to 5.2 version (debian testing
linux-image-5.2.0-2-amd64). 5Ghz client stopped to see AP.
Some tests with 1metre distance between client-AP: 2.4Ghz -22dBm, for
5Ghz - 53dBm !, for longer distance (8m + walls) 2.4 - 61dBm, 5Ghz not
visible."
It was identified that rx signal level degradation was caused by
9ad3b5565445 ("rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band").
So revert this commit.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed
as a first step, add disable_eap_hack sysfs config to allow to disable it
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
this allows adding "--" prefixed parameters inside feeds.conf between the
target and name. The first parameter is --force which has the same effect
as using -f when installing any of the packages. This allows creating
feeds that will override base packages by default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.
Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link
These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.
When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)
These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.
Distances between devices varied from <100m up to ~35km
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist
Also remove deprecation notices from init script while we're at it.
Fixes: FS#2274
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
tx_size was just declared above and set to BIT(tx->order)
Use the declaration instead, which could avoid a pointer deref
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Backport of a4eef43a12 ("ath79: ag71xx: replace alloc_etherdev with devm_alloc_etherdev")
combined with the initial changes from John Crispin.
Simplifies the code a lot by using the Managed dev API.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>