Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with
kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used
by wireguard.
Signed-off-by: Xu Wang <xwang1498@gmx.com>
(cherry picked from commit 197b672c40)
This enables armv8 crypto extensions version of AES, GHASH, SHA1, and
CRC T10 algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9be35180f4)
This enables armv8 crypto extensions version of AES, GHASH, and CRC T10
algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit b1346d35e4)
Adds the crypto extensions version of the CRC T10 algorithm that is
already built into the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1b94e4aab8)
This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.
The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 06bb5ac1f2)
This is result of a plain make kernel_oldconfig CONFIG_TARGET=subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 39b6af1147)
This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.
The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f5167e11bf)
This is result of a plain make kernel_oldconfig CONFIG_TARGET=subtarget.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit a4c6384d93)
This enables armv8 crypto extensions version of AES, GHASH, SHA256 and
CRC T10 algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit eb33232420)
This enables armv8 crypto extensions version of AES and GHASH algorithms
in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit b2cb87bc98)
This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel. bcm2711 does not support armv8 crypto extensions, so they
are not included.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7b6beb7489)
This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel. bcm2710 does not support armv8 crypto extensions, so they
are not included.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 38ebb210a9)
The image builds and works fine on Asus RT-AC88U. Therefore, remove the
BROKEN flag from the makefile.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 5c1b1918ab)
Hannu Nyman wrote in openwrt's github issue #9962:
|Based on forum discussion, the commit 0bc794a
|"kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash"
|causes flash memory chip misdetection for some other
|Fritzbox devices, as the commit only defines a 4-byte flash
|memory chip ID that matches several chips used in the devices.
|
|See discussion from this onward
|<https://forum.openwrt.org/t/openwrt-22-03-0-rc1-first-release-candidate/126045/182>
|
|OpenWrt 22.03.0-rc2 and rc3 are causing on a Fritzbox 7412
|bootloops due to a misdetected flash chip.
|
|Yup, that patch is missing the 5th ID byte entirely - both chips
|share the same first 4;
|
| TC58NVG0S3HTA00 = 0x98 0xf1 0x80 0x15 0x72 (digikey datasheet, page 35)
| TC58BVG0S3HTA00 = 0x98 0xf1 0x80 0x15 0xf2 (digikey datasheet, page 28)
|
|The commit has also been backported to openwrt-22.03 after rc1,
|so both rc2 and rc3 suffer from this bug."
Andreas' TC58NVG0S3H seems not to follow Toshibas/Kioxa's own datasheet.
It only reports the first four bytes: "98 f1 80 15 00 00 00 00".
This patch changes the id_len in the entry to 8. This makes it so that
Andreas' NAND is still detected. At the same time, this prevents other
Toshiba NAND flash chips - that share the same four bytes - from being
misdetected.
Upstream (Miquel Raynal) decided to drop this patch for now. But he
advised to keep it in OpenWrt. As other devices could be affected.
<https://lore.kernel.org/linux-mtd/20220606155919.23001410@xps-13/>
Reported-by: Peter-vdL
Tested-by: Peter-vdL
Tested-by: Andreas B<C3><B6>hler <dev@aboehler.at>
Fixes: 0bc794a668 ("kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash")
Link: <https://github.com/openwrt/openwrt/issues/9962>
(actually move the patch, added comment about possible counterfeits)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0a2edc2714)
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 677774d445)
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit cd634afe6c)
Major changes are:
Add support for smbd-direct multi-desctriptor.
Add support for dkms.
Add support for key exchange.
Fix seveal bugs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 95adbc24e7)
Small update to my previous path 'fix I2C on GL-AR300M devices'.
This update allow using GPIO17 as regular GPIO in case it not used
as I2C SDA line.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
(cherry picked from commit 493080815d)
With the pinctrl configuration set properly by the previous commit, the
LED stays lit regardless of status of 2.4GHz radio, even if 5GHz radio
is disabled. Map GPIO19 as LED for ath9k, this way the LED will show
activity for both bands, as it is bound by logical AND with output of
ath10k-phy0 LED. This works well because during management traffic,
phy*tpt triggers typically cause LEDs to blink in unison.
Link: <https://github.com/openwrt/openwrt/pull/9941>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 5ca45e0a21)
The default configuration of pinctrl for GPIO19 set by U-boot was not a
GPIO, but an alternate function, which prevented the GPIO hog from
working. Set GPIO19 into GPIO mode to allow the hog to work, then the
ath10k LED output can control the state of actual LED properly.
Link: <https://github.com/openwrt/openwrt/pull/9941>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 82b5984636)
If you change SCAN_EXTRA variable with "-path target/linux/xxxx" in
include/toplevel.mk for speed up scan, find will warn with:
find: warning: you have specified the global option -maxdepth after
the argument -path, but global options are not positional, i.e.,
-maxdepth affects tests specified before it as well as those specified
after it. Please specify global options before other arguments.
The find option -mindepth -maxdepth are global options and must be
before any path option. Change order of $(SCAN_EXTRA) after -mindepth
and -maxdepth to fix this.
Signed-off-by: Leo Chung <gewalalb@gmail.com>
[capitalize Description, Author and Sob and minor description tweak]
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
(cherry picked from commit eb787b5b9d)
- fix an issues when accessing the port pointer of an expired/invalid fdb entry
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 38a5b593ef)
Buidbots are currently choking on the following compile error:
In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
# include <openssl/evp.h>
^~~~~~~~~~~~~~~
compilation terminated.
This is caused by a complete overriding of make flags which are provided
correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden
instead of extended. This then leads to the usage of build host include
dirs, which are not available.
Fix it by extending `UBOOT_MAKE_FLAGS` variable in all device recipes.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 481339a042)
Some dst in IPv6 flow offload table become invalid after the table is created.
So check_dst is needed in packet path.
Signed-off-by: Ritaro Takenaka <ritarot634@gmail.com>
[Add patch for kernel 5.15 too and rename file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit efff48529b)
ucidef_set_bridge_device is needed for DGND3700v2 network config since VLAN 1
must be used for the switch to be correctly configured.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 90e4c8c6e6)
f2d6752901f2 blob: clear buf->head when freeing a buffer
45210ce14136 list.h: add container_of_safe macro
cfa372ff8aed blobmsg: implicitly reserve space for 0-terminator in string buf alloc
d2223ef9da71 blobmsg: work around false positive gcc -Warray-bounds warnings
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3e300e724b)
Stop the connection when the control daemon is terminated. The code is
a modified version of the termination routine in version 4.23.1 of the
daemon (which doesn't support VR9 modems anymore).
This could also be implemented by calling the acos and acs commands via
dsl_cpe_pipe.sh in the init script. However, doing it in the daemon
itself has the advantage of also working if it is terminated in another
way (for example during sysupgrade).
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 1daaef31b3)
The driver maintains elapsed times by repeatedly accumulating the time
since the previous update in a loop. For the elapsed showtime time, the
time difference is truncated to seconds before adding it, leading to a
sizable error over time.
Move the truncation to before calculation of the time difference in
order to remove this error. Also maintain the total elapsed time in the
same way in full seconds, to prevent the unsigned 32-bit counter from
wrapping around after about 50 days.
Testing on a VR9 device shows that the reported line uptime now matches
the actual elapsed wall time. The ADSL variant is only compile-tested,
but it should also work as the relevant code is identical.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit db4bf4b968)
Right now, both ltq-adsl-mei and ltq-vdsl-mei are always built, even
when they aren't necessary for the selected variant. This can cause the
build to fail, for example ltq-vdsl-mei doesn't build successfully here
on xway target due to the vectoring callback.
Make these dependencies conditional on the specific package variants,
so they are only built when actually needed.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 2f484aeff5)
Some users noticed repeated resyncs at random intervals, which go away
when the MEI driver is configured to use polling instead of interrupts.
Debugging shows that this seems to be caused by concurrent calls to
MEI_ReadMailbox (in the interrupt handler) and MEI_WriteMailbox. This
appears to be mostly triggered when there is an interrupt for vectoring
error reports.
In polling mode, calls to MEI_ReadMailbox are protected by the same
semaphore as is used in MEI_WriteMailbox. When interrupts are used,
MEI_WriteMailbox appears to rely on MEI_DisableDeviceInt and
MEI_EnableDeviceInt to provide mutual exclusion with the interrupt
handler. These functions mask/unmask interrupts, and there is an
additional check of the mask in the interrupt handler itself. However,
this is not sufficient on systems with SMP, as the interrupt handler
may be running in parallel, and could already be past the interrupt
mask check at this point.
This adds a lock to the interrupt handler, and also acquires this lock
in MEI_DisableDeviceInt. This should make sure that after a call to
MEI_DisableDeviceInt the interrupt is masked, and the interrupt handler
is either not running, has alread finished its work, or is still before
the interrupt mask check, and is thus going to detect the change.
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit 1700424553)
This tells the modem about the WAN MAC address, which is used as source
address for vectoring error reports that are generated by the firmware.
It needs to be set early, as the MEI driver only actually writes the
value to the modem when is in reset state (i.e. the firmware has been
loaded, but connection has not started yet).
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit b35d33c8b8)
This re-enables the vectoring error sample callback and adds a
dependency to the corresponding driver.
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit 93f0e1f922)
In order to calculate the required pre-distortion for downstream
vectoring, the vectoring control entity (VCE) at the carrier office
needs error samples from the modem. On Lantiq VR9 modems, error reports
are generated by the firmware, but need to be multiplexed into the data
stream by the driver on the main processor when L2 encapsulation is
selected by the VCE.
This driver provides the necessary callback function, which is called by
the MEI driver after receiving an error report from the firmware.
Originally, it is part of the Lantiq PPA driver, but after a few changes
it also works with the PTM driver used in OpenWrt. The direct call to
ndo_start_xmit needs to be replaced, as the PTM driver relies on locks
from the kernel. Instead dev_queue_xmit is used, which is called from a
work queue, as it is not safe to call from an interrupt handler.
Additional changes include fixes to support recent kernel versions and
a change of the used interface from ptm0 to dsl0.
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit f872b96609)
A GPIO assert is required to reset the system. Otherwise, the system
will hang on reboot.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit a2817ce96f17db3a5af77837ae5733b47182ae0d)
Tested in a DGS-1210-28 F3, both triggering failsafe and reboot.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b85f59b726442621efb95153ff60b8767723feca)
Add NVRAM quirks script for the bcm53xx target. Split NVRAM quirks for the
bcm47xx and bcm53xx targets. Move clear partialboot NVRAM quirk for Linksys
EA9500 here. Add set wireless LED behaviour quirk for Asus RT-AC88U.
Use boot() instead of start() as nvram commands are meant to be executed
only once, at boot.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit f4e219fd5e)
Asus RT-AC88U is an AC3100 router featuring 9 Ethernet ports over the
integrated Broadcom and the external Realtek switch.
Hardware info:
* Processor: Broadcom BCM4709C0KFEBG dual-core @ 1.4 GHz
* Switch: BCM53012 in BCM4709C0KFEBG & external RTL8365MB
* DDR3 RAM: 512 MB
* Flash: 128 MB (ESMT F59L1G81LA-25T)
* 2.4GHz: BCM4366 4×4 2.4/5G single chip 802.11ac SoC
* 5GHz: BCM4366 4×4 2.4/5G single chip 802.11ac SoC
* Ports: 8 Ports, 1 WAN Ports
Flashing instructions:
* Boot to CFE Recovery Mode by holding the reset button while power-on.
* Connect to the router with an ethernet cable.
* Set IPv4 address of the computer to 192.168.1.2 subnet 255.255.255.0.
* Head to http://192.168.1.1.
* Reset NVRAM.
* Upload the OpenWrt image.
CFE bootloader may reject flashing the image due to image integrity check.
In that case, follow the instructions below.
* Rename the OpenWrt image as firmware.trx.
* Run a TFTP server and make it serve the firmware.trx file.
* Run the URL below on a browser or curl.
http://192.168.1.1/do.htm?cmd=flash+-noheader+192.168.1.2:firmware.trx+flash0.trx
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
[rmilecki: mark BROKEN until we sort out nvram & CFE recovery]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 72b9b721d7)
The ZyXEL GS1900-24E is a 24 port gigabit switch similar to other GS1900
switches.
Specifications
--------------
* Device: ZyXEL GS1900-24E
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB Macronix MX25L12835F
* RAM: 128 MiB DDR2 SDRAM Nanya NT5TU128M8GE
* Ethernet: 24x 10/100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
24 ethernet port link/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESET" button on front panel
* Switch: 1 Power switch on rear of device
* Power 120-240V AC C13
* UART: 1 serial header (JP2) with populated standard pin connector on
the left side of the PCB.
Pinout (front to back):
+ Pin 1 - VCC marked with white dot
+ Pin 2 - RX
+ Pin 3 - TX
+ PIn 4 - GND
Serial connection parameters: 115200 8N1.
Installation
------------
OEM upgrade method:
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware
* Select the HTTP radio button
* Select the Active radio button
* Use the browse button to locate the
realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
file and select open so File Path is updated with filename.
* Select the Apply button. Screen will display "Prepare
for firmware upgrade ...".
*Wait until screen shows "Do you really want to reboot?"
then select the OK button
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-24E is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-rtl838x-zyxel_gs1900-24e-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-rtl838x-zyxel_gs1900-24e-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Raylynn Knight <rayknight@me.com>
(cherry picked from commit b515ad10a6)
Using nvmem-cells to set the MAC address for a DBDC device results in
both PHY devices using the same MAC address. This in turn will result in
multiple BSSes using the same BSSID, which can cause various problems.
Use the hotplug script for the EAP615-Wall instead to avoid this.
Fixes: a1b8a4d7b3 ("ramips: support TP-Link EAP615-Wall")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Stijn Segers <foss@volatilesystems.org>
Tested-By: Andrew Powers-Holmes <aholmes@omnom.net>
(cherry picked from commit ce90ba1f31)
mkimage limits the length of the file paths in can deal with to 256
characters. Turns out that in automated builds by asu we break this
limit, so increase it to 1024 characters.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3fbf9689b6)