Commit Graph

58145 Commits

Author SHA1 Message Date
Ivan Pavlov
11b0c43671 openssl: update to 3.0.10
Changes between 3.0.9 and 3.0.10 [1 Aug 2023]
 * Fix excessive time spent checking DH q parameter value ([CVE-2023-3817])
 * Fix DH_check() excessive time with over sized modulus ([CVE-2023-3446])
 * Do not ignore empty associated data entries with AES-SIV ([CVE-2023-2975])

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 92602f823a)
2023-08-09 22:20:58 +02:00
Christophe Sokol
e0d5621d28 openssl: opt-out of lto usage
This fixes building with USE_LTO enabled:

aarch64-openwrt-linux-musl-gcc -fPIC -pthread -Wa,--noexecstack -Wall -O3 -Os -pipe -mcpu=cortex-a53 -fno-caller-saves -fno-plt -fhonour-copts -fmacro-prefix-map=/build_dir/target-aarch64_cortex-a53_musl/openssl-3.0.9=openssl-3.0.9 -ffunction-sections -fdata-sections -flto=auto -fno-fat-lto-objects -Wformat -Werror=format-security -DPIC -fPIC -fstack-protector-strong -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -DPIC -fPIC -Os -pipe -mcpu=cortex-a53 -fno-caller-saves -fno-plt -fhonour-copts -fmacro-prefix-map=/build_dir/target-aarch64_cortex-a53_musl/openssl-3.0.9=openssl-3.0.9 -ffunction-sections -fdata-sections -flto=auto -fno-fat-lto-objects -Wformat -Werror=format-security -fPIC -fstack-protector-strong -fPIC -fuse-ld=bfd -flto=auto -fuse-linker-plugin -fPIC -specs=/include/hardened-ld-pie.specs -znow -zrelro -L. -Wl,-z,defs -Wl,-znodelete -shared -Wl,-Bsymbolic  -Wl,-z,now -Wl,-z,relro -L/staging_dir/toolchain-aarch64_cortex-a53_gcc-13.1.0_musl/usr/lib -L/staging_dir/toolchain-aarch64_cortex-a53_gcc-13.1.0_musl/lib -Wl,--gc-sections \
	-o providers/legacy.so -Wl,--version-script=providers/legacy.ld \
	providers/legacy-dso-legacyprov.o \
	providers/liblegacy.a providers/libcommon.a -lcrypto -ldl -pthread
ld.bfd: /tmp/ccdWw6Lo.ltrans0.ltrans.o: in function `legacy_get_params':
<artificial>:(.text.legacy_get_params+0xd4): undefined reference to `ossl_prov_is_running'
ld.bfd: <artificial>:(.text.legacy_get_params+0xd8): undefined reference to `ossl_prov_is_running'
ld.bfd: /tmp/ccdWw6Lo.ltrans0.ltrans.o: in function `legacy_teardown':
<artificial>:(.text.legacy_teardown+0x4): undefined reference to `ossl_prov_ctx_get0_libctx'
ld.bfd: <artificial>:(.text.legacy_teardown+0x8): undefined reference to `ossl_prov_ctx_get0_libctx'
ld.bfd: <artificial>:(.text.legacy_teardown+0x34): undefined reference to `ossl_prov_ctx_free'
ld.bfd: <artificial>:(.text.legacy_teardown+0x38): undefined reference to `ossl_prov_ctx_free'
ld.bfd: /tmp/ccdWw6Lo.ltrans0.ltrans.o: in function `OSSL_provider_init':
<artificial>:(.text.OSSL_provider_init+0x14): undefined reference to `ossl_prov_ctx_new'
ld.bfd: <artificial>:(.text.OSSL_provider_init+0x18): undefined reference to `ossl_prov_ctx_new'
ld.bfd: <artificial>:(.text.OSSL_provider_init+0x84): undefined reference to `ossl_prov_ctx_set0_libctx'
ld.bfd: <artificial>:(.text.OSSL_provider_init+0x88): undefined reference to `ossl_prov_ctx_set0_libctx'
ld.bfd: <artificial>:(.text.OSSL_provider_init+0x98): undefined reference to `ossl_prov_ctx_set0_handle'
ld.bfd: <artificial>:(.text.OSSL_provider_init+0x9c): undefined reference to `ossl_prov_ctx_set0_handle'
ld.bfd: /tmp/ccdWw6Lo.ltrans0.ltrans.o:(.data.rel.ro.legacy_kdfs+0x10): undefined reference to `ossl_kdf_pbkdf1_functions'
ld.bfd: /tmp/ccdWw6Lo.ltrans0.ltrans.o:(.data.rel.ro.legacy_ciphers+0x10): undefined reference to `ossl_cast5128ecb_functions'
ld.bfd: /tmp/ccdWw6Lo.ltrans0.ltrans.o:(.data.rel.ro.legacy_ciphers+0x30): undefined reference to `ossl_cast5128cbc_functions'
[...]
ld.bfd: /tmp/ccdWw6Lo.ltrans0.ltrans.o:(.data.rel.ro.legacy_digests+0x10): undefined reference to `ossl_md4_functions'
ld.bfd: /tmp/ccdWw6Lo.ltrans0.ltrans.o:(.data.rel.ro.legacy_digests+0x30): undefined reference to `ossl_ripemd160_functions'
collect2: error: ld returned 1 exit status

Signed-off-by: Christophe Sokol <christophe@wk3.org>
(cherry picked from commit 906616d201)
2023-08-09 22:20:52 +02:00
Pawel Dembicki
4ebba8a05d realtek: add support for HPE 1920-8g-poe+
Hardware information:
---------------------

- RTL8380 SoC
- 8 Gigabit RJ45 PoE ports (built-in RTL8218B)
- 2 SFP ports (built-in SerDes)
- RJ45 RS232 port on front panel
- 32 MiB NOR Flash
- 128 MiB DDR3 DRAM
- PT7A7514 watchdog
- PoE chips: Nuvoton M0516LDE + BCM59121

Known issues:
---------------------
- PoE LEDs are uncontrolled.

(Manual taken from f2f09bc002)
Booting initramfs image:
------------------------

- Prepare a FTP or TFTP server serving the OpenWrt initramfs image and
  connect the server to a switch port.

- Connect to the console port of the device and enter the extended
  boot menu by typing Ctrl+B when prompted.

- Choose the menu option "<3> Enter Ethernet SubMenu".

- Set network parameters via the option "<5> Modify Ethernet Parameter".
  Enter the FTP/TFTP filename as "Load File Name" ("Target File Name"
  can be left blank, it is not required for booting from RAM). Note that
  the configuration is saved on flash, so it only needs to be done once.

- Select "<1> Download Application Program To SDRAM And Run".

Initial installation:
---------------------

- Boot an initramfs image as described above, then use sysupgrade to
  install OpenWrt permanently. After initial installation, the
  bootloader needs to be configured to load the correct image file

- Enter the extended boot menu again and choose "<4> File Control",
  then select "<2> Set Application File type".

- Enter the number of the file "openwrt-kernel.bin" (should be 1), and
  use the option "<1> +Main" to select it as boot image.

- Choose "<0> Exit To Main Menu" and then "<1> Boot System".

NOTE: The bootloader on these devices can only boot from the VFS
filesystem which normally spans most of the flash. With OpenWrt, only
the first part of the firmware partition contains a valid filesystem,
the rest is used for rootfs. As the bootloader does not know about this,
you must not do any file operations in the bootloader, as this may
corrupt the OpenWrt installation (selecting the boot image is an
exception, as it only stores a flag in the bootloader data, but doesn't
write to the filesystem).

Example PoE config file (/etc/config/poe):
---------------------
config global
        option budget   '180'

config port
        option enable   '1'
        option id       '1'
        option name     'lan8'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '2'
        option name     'lan7'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '3'
        option name     'lan6'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '4'
        option name     'lan5'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '5'
        option name     'lan4'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '6'
        option name     'lan3'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '7'
        option name     'lan2'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '8'
        option name     'lan1'
        option poe_plus '1'
        option priority '2'

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit b370753fc4)
2023-08-09 22:14:12 +02:00
Daniel Golle
ad2fa6bc9c mediatek: filogic: restore non-const type in pinctrl-mt7988 driver
When building with Linux 5.15 the 'const' type results in warnings.
Restore the original non-const type in those cases.

Fixes: 36d0aa9c2d ("mediatek: filogic: sync pinctrl-mt7988 with MediaTek SDK")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1eb67cb070)
2023-08-07 16:48:08 +01:00
Daniel Golle
c072069fa7 mediatek: filogic: update MT7988 device tree
* move ethernet to mt7988a.dtsi
 * move switch definition to mt7988a.dtsi
 * add PHY LEDs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 64b99802a6)
2023-08-07 16:48:08 +01:00
Daniel Golle
830bb57f6a mediatek: filogic: sync pinctrl-mt7988 with MediaTek SDK
Update pinctrl driver for the MT7988 with driver from mtk-openwrt-feeds.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 36d0aa9c2d)
2023-08-07 16:48:07 +01:00
Daniel Golle
34cd471742 mediatek: filogic: enable driver for MediaTek XS-PHY
Enable driver for MediaTek SuperSpeedPlus XS-PHY transceiver for the
USB3.1 GEN2 controllers found in the MT7988 SoC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dc4aafb309)
2023-08-07 16:48:07 +01:00
Daniel Golle
e723cb6131 kernel: netdevices: add driver for Marvell 10G Ethernet PHYs
Package kernel module for Marvell 10G Ethernet PHYs found also in many
10G/1G/100M/10M RJ-45 SFP+ modules.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2a5c7bf621)
2023-08-07 16:31:27 +01:00
Daniel Golle
d25b543aa5 uboot-mediatek: fix build for MT7629
Add patch to fix build failure caused by a missing header which had
previously been implicitely included.

Fixes: 6ddb5f5a65 ("uboot-mediatek: update to version 2023.07.02")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-07 16:31:27 +01:00
Daniel Golle
0415aba6a9 uboot-mediatek: add missing 'memory' nodes to downstream boards
Among the patches adding support for MT7988 also came the switch to
use fdtdec_setup_mem_size_base() and no longer rely on CFG_SYS_SDRAM_BASE.
Take care of our downstream boards which did not have a 'memory' node in
their device trees.

Fixes: 572ea68070 ("uboot-mediatek: add patches for MT7988 and builds for RFB")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-07 16:31:27 +01:00
Daniel Golle
b7e9445d6d uboot-mediatek: add patches for MT7988 and builds for RFB
Import pending patches adding support for MT7988 and provide builds
for the reference board for all possible boot media.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-07 16:31:27 +01:00
Daniel Golle
6553b1caed uboot-mediatek: update to version 2023.07.02
Release 2023.07 got tagged wrongly and replaced by follow-up release
2023.07.02.

Now using upstream DTS for BPi-R3.
Removed two patches which made it upstream, refreshed the rest.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-07 16:31:27 +01:00
Daniel Golle
ecfb96195c arm-trusted-firmware-mediatek: fix PKG_MIRROR_HASH
Instead of using the hash of the Github-generated tarball use the
hash of the tarball generated by the OpenWrt build system (in this
case they are different, unfortunately).

Reported-by: Chen Minqiang <ptpt52@gmail.com>
Fixes: 07dbeb430e ("arm-trusted-firmware-mediatek: update to sources of 2023-07-24")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-07 16:31:27 +01:00
Daniel Golle
513ab38b8c arm-trusted-firmware-mediatek: update to sources of 2023-07-24
Use updated Trusted Firmware-A sources from MediaTek, now stacked
on top of the ARM Trusted Firmware-A v2.9 release.
Add builds for the newly added MT7988 SoC.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-07 16:31:27 +01:00
Daniel Golle
6ad85a6c2d arm-trusted-firmware-tools: update to version 2.9
147f52f3e feat(fiptool): add cca, core_swd, plat cert in FIP
 0aaa382fe fix(sptool): fix concurrency issue for SP packages
 cb666b39d Merge "fix(sptool): fix concurrency issue for SP packages" into integration
 0be2475f6 fix: 'sp_mk_generator.py' reference to undef var
 1a28f290b fix(sptool): operators "is/is not" in sp_mk_gen.py
 cf2dd17dd refactor(security): add OpenSSL 1.x compatibility
 4daeaf341 fix(sptool): add dependency to SP image
 06e69f7c9 feat(fiptool): handle FIP in a disk partition
 5a53c6c66 Merge "feat(fiptool): handle FIP in a disk partition" into integration
 034a2e3ef refactor(fiptool): move plat_fiptool.mk to tools
 0165ddd7c build(fiptool): add object dependency generation
 c89fdb4a5 Merge "refactor(fiptool): move plat_fiptool.mk to tools" into integration
 1b491eead fix(tree): correct some typos

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-08-07 16:31:27 +01:00
Petr Štetiar
5ae1b90e03 mediatek: filogic: fix broken sysupgrade script
Changes introduced in commit 54dc1cde48 ("mediatek: filogic: add
support for Xiaomi WR30U") missed to end the case item with mandatory
`;;` which lead to a broken sysupgrade.

Fixes: 54dc1cde48 ("mediatek: filogic: add support for Xiaomi WR30U")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-08-07 16:31:27 +01:00
Hank Moretti
34d8913bd5 mediatek: filogic: add specific layout for WR30U
Because this device enable NMBM by default, most users use custom
U-Boot with NMBM-Enabled in Chinese forums.

This layout is the same as the ubootmod layout but enabling NMBM.

Signed-off-by: Hank Moretti <mchank9999@gmail.com>
2023-08-07 16:31:27 +01:00
Hank Moretti
0f0ea1087b mediatek: filogic: add support for Xiaomi WR30U
Hardware specification:
  SoC: MediaTek MT7981B 2x A53
  Flash: ESMT F50L1G41LB 128MB
  RAM: NT52B128M16JR-FL 256MB
  Ethernet: 4x 10/100/1000 Mbps
  Switch: MediaTek MT7531AE
  WiFi: MediaTek MT7976C
  Button: Reset, Mesh
  Power: DC 12V 1A

Flash instructions:

1. Get ssh access
   Check this link: https://forum.openwrt.org/t/openwrt-support-for-xiaomi-ax3000ne/153769/22

2. Backup import partitions
   ```
   dev:    size   erasesize  name
   mtd1: 00100000 00020000 "BL2"
   mtd2: 00040000 00020000 "Nvram"
   mtd3: 00040000 00020000 "Bdata"
   mtd4: 00200000 00020000 "Factory"
   mtd5: 00200000 00020000 "FIP"
   mtd8: 02200000 00020000 "ubi"
   mtd9: 02200000 00020000 "ubi1"
   mtd12: 00040000 00020000 "KF"

   ```

   Use these commands blow to backup your stock partitions.
   ```
   nanddump -f /tmp/BL2.bin /dev/mtd1
   nanddump -f /tmp/Nvram.bin /dev/mtd2
   nanddump -f /tmp/Bdata.bin /dev/mtd3
   nanddump -f /tmp/Factory.bin /dev/mtd4
   nanddump -f /tmp/FIP.bin /dev/mtd5
   nanddump -f /tmp/ubi.bin /dev/mtd8
   nanddump -f /tmp/KF.bin /dev/mtd12
   ```
   Then, transfer them to your computer via scp, netcat, tftp
   or others and keep them in a safe place.

3. Setup Nvram
   Get the current stock: `cat /proc/cmdline`

   If you find `firmware=0` or `mtd=ubi`, use these commands:
   ```
   nvram set boot_wait=on
   nvram set uart_en=1
   nvram set flag_boot_rootfs=1
   nvram set flag_last_success=1
   nvram set flag_boot_success=1
   nvram set flag_try_sys1_failed=0
   nvram set flag_try_sys2_failed=0
   nvram commit
   ```

   If you find `firmware=1` or `mtd=ubi1`, use these commands:
   ```
   nvram set boot_wait=on
   nvram set uart_en=1
   nvram set flag_boot_rootfs=0
   nvram set flag_last_success=0
   nvram set flag_boot_success=1
   nvram set flag_try_sys1_failed=0
   nvram set flag_try_sys2_failed=0
   nvram commit
   ```

4. Flash stock-initramfs-factory.ubi
   If you find `firmware=0` or `mtd=ubi`:
   `ubiformat /dev/mtd9 -y -f /tmp/stock-initramfs-factory.ubi`

   If you find `firmware=1` or `mtd=ubi1`:
   `ubiformat /dev/mtd8 -y -f /tmp/stock-initramfs-factory.ubi`

   Then reboot your router, it should boot to the openwrt
   initramfs system now.

5. Setup uboot-env
   Now it will be setup automatically in upgrade process,
   you can skip this step.

   If your `fw_setenv` did not work, you need run this command:
   `echo "/dev/mtd1 0x0 0x10000 0x20000" > /etc/fw_env.config`

   Then setup uboot-env:
   ```
   fw_setenv boot_wait on
   fw_setenv uart_en 1
   fw_setenv flag_boot_rootfs 0
   fw_setenv flag_last_success 1
   fw_setenv flag_boot_success 1
   fw_setenv flag_try_sys1_failed 8
   fw_setenv flag_try_sys2_failed 8
   fw_setenv mtdparts "nmbm0:1024k(bl2),256k(Nvram),256k(Bdata),
   2048k(factory),2048k(fip),256k(crash),256k(crash_log),
   34816k(ubi),34816k(ubi1),32768k(overlay),12288k(data),256k(KF)"
   ```

6. Flash stock-squashfs-sysupgrade.bin
   Use shell command:
   `sysupgrade -n /tmp/stock-squashfs-sysupgrade.bin`
   Or go to luci web.

If you need to change to Openwrt U-Boot layout, do next. If you
do not need, please ignore it.

Change to OpenWrt U-Boot:

1. Flash ubootmod-initramfs-factory.ubi
   Check mtd partitions: `cat /proc/mtd`
   ```
   mtd7: 00040000 00020000 "KF"
   mtd8: 02200000 00020000 "ubi_kernel"
   mtd9: 04e00000 00020000 "ubi"
   ```

   Run following command:
   `ubiformat /dev/mtd8 -y -f /tmp/ubootmod-initramfs-factory.ubi`
   Then reboot your router, it should boot to the openwrt initramfs
   system now.

2. Check mtd again
   ```
   mtd7: 00040000 00020000 "KF"
   mtd8: 07000000 00020000 "ubi"
   ```
   Make sure mtd8 is ubi.

3. Install kmod-mtd-rw
   Run command: `opkg update && opkg install kmod-mtd-rw`
   Or get it in openwrt server, or build it yourself, then install
   it manually

   Then run this command:
   `insmod /lib/modules/$(uname -r)/mtd-rw.ko i_want_a_brick=1`

4. Clean up pstore
   Run Command: `rm -f /sys/fs/pstore/*`

5. Format ubi and create new ubootenv volume
   ```
   ubidetach -p /dev/mtd8; ubiformat /dev/mtd8 -y; ubiattach -p /dev/mtd8
   ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
   ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
   ```

6. (Optional) Add recovery boot feature.
   ```
   ubimkvol /dev/ubi0 -n 2 -N recovery -s 10MiB
   ubiupdatevol /dev/ubi0_2 /tmp/ubootmod-initramfs-recovery.itb
   ```

7. Flash Openwrt U-Boot
   ```
   mtd write /tmp/ubootmod-preloader.bin BL2
   mtd write /tmp/ubootmod-bl31-uboot.fip FIP
   ```

6. Flash ubootmod-squashfs-sysupgrade.itb
   Use shell command:
   `sysupgrade -n /tmp/ubootmod-squashfs-sysupgrade.itb`
   Or go to luci web.

Now everything is done, Enjoy!

Go Back to stock from Openwrt U-Boot:

1. Force flash ubootmod-initramfs-recovery.itb
   Use shell command:
   `sysupgrade -F -n /tmp/ubootmod-initramfs-recovery.itb`
   Or go to luci web.
   Then it should boot to the openwrt initramfs system now.

2. Format ubi and Nvram
   ```
   ubidetach -p /dev/mtd8; ubiformat /dev/mtd8 -y; ubiattach -p /dev/mtd8
   mtd erase Nvram
   ```

3. Install kmod-mtd-rw
   Run command: `opkg update && opkg install kmod-mtd-rw`
   Or get it in openwrt server, or build it yourself, then install
   it manually

   Then run this command:
   `insmod /lib/modules/$(uname -r)/mtd-rw.ko i_want_a_brick=1`

4. Flash stock U-Boot and ubi
   ```
   mtd write /tmp/BL2.bin BL2
   mtd write /tmp/FIP.bin FIP
   mtd write /tmp/ubi.bin ubi
   ```
   Then reboot your router, waiting it finished rollback in minutes.

Go Back to stock from stock layout Openwrt:
   Just run command: `ubiformat /dev/mtd8 -y -f /tmp/ubi.bin`
   Then reboot your router, waiting it finished rollback in minutes.

Notes:
1. Openwrt U-Boot and ubootmod openwrt did not enable NMBM.
   Please make your backup safe.

Signed-off-by: Hank Moretti <mchank9999@gmail.com>
2023-08-07 16:31:27 +01:00
Hank Moretti
d0fc9e96be uboot-mediatek: add support for Xiaomi WR30U
Add a custom uboot build to support openwrt uboot layout.

Signed-off-by: Hank Moretti <mchank9999@gmail.com>
2023-08-07 16:31:27 +01:00
David Bauer
c697057b7c mediatek: add support for Acer Predator W6
Hardware
--------
SOC:   MediaTek MT7986A
RAM:   1GB DDR4
FLASH: 4GB eMMC
WiFi:  2x2 2.4 GHz 802.11 b/g/n/ax MT7916 DBDC
       4x4 5 GHz   802.11 a/n/ac/ax MT7986
       2x2 6 GHz   802.11ax MT7916 DBDC
ETH:   4x LAN 1Gbit/s (MT7531)
       1x WAN 2.5Gbit/s (GPY211)
BTN:   RESET, WPS
LED:   Antenna LEDs (GPIO)
       Mood-LED (Kinetic KTD2601) - unsupported
UART:  Header nest to USB port - 3V3 115200 8N1
       [BUTTON] GND - RX - TX [USB]

Installation
------------

1. Connect to the device using serial console.

2. Interrupt the Autoboot process when promted by sending '0' twice.

3. Serve the OpenWrt initramfs image using TFTP at 192.168.1.66. Name
   the image "predator.bin" and conenct the TFTP server to the routers
   LAN port.

4. Configure U-Boot to allow loading unsigned images from MMC

   $ setenv bootcmd 'mmc read 0x40000000 0x00004400 0x0010000;
     fdt addr $(fdtcontroladdr); fdt rm /signature; bootm 0x40000000';
     saveenv

5. Transfer the image from U-Boot

   $ setenv serverip 192.168.1.66; setenv ipaddr 192.168.1.1;
     tftpboot 0x46000000 predator.bin; fdt addr $(fdtcontroladdr);
     fdt rm /signature; bootm

6. Wait for OpenWrt to boot

7. Transfer the OpenWrt sysupgrade image to the router using scp.

8. Install OpenWrt using sysupgrade.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7e7eb5312d)
2023-08-05 18:49:34 +02:00
John Audia
7efec0acca kernel: bump 5.15 to 5.15.123
Manually rebased:
	bcm4908/patches-5.15/071-v6.1-0001-net-broadcom-bcm4908_enet-handle-EPROBE_DEFER-when-g.patch
	bcm53xx/patches-5.15/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
	ipq40xx/patches-5.15/902-dts-ipq4019-ap-dk04.1.patch[*]
	bcm27xx/patches-5.15/950-0600-xhci-quirks-add-link-TRB-quirk-for-VL805.patch
	bcm27xx/patches-5.15/950-0606-usb-xhci-add-VLI_TRB_CACHE_BUG-quirk.patch
	bcm27xx/patches-5.15/950-0717-usb-xhci-add-a-quirk-for-Superspeed-bulk-OUT-transfe.patch

Removed upstreamed:
	backport-5.15/735-v6.5-net-bgmac-postpone-turning-IRQs-off-to-avoid-SoC-han.patch[1]
	backport-5.15/817-v6.5-01-leds-trigger-netdev-Recheck-NETDEV_LED_MODE_LINKUP-o.patch[2]
	pending-5.15/143-jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsys.patch[3]
	pending-5.15/160-workqueue-fix-enum-type-for-gcc-13.patch[4]
	bcm53xx/patches-5.15/036-v6.5-0003-ARM-dts-BCM5301X-Drop-clock-names-from-the-SPI-node.patch[5]
	bcm53xx/patches-5.15/036-v6.5-0015-ARM-dts-BCM5301X-fix-duplex-full-full-duplex.patch[6]
	ipq807x/patches-5.15/0048-v6.1-clk-qcom-reset-Allow-specifying-custom-reset-delay.patch[7]
	ipq807x/patches-5.15/0049-v6.2-clk-qcom-reset-support-resetting-multiple-bits.patch[8]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.123&id=02474292a44205c1eb5a03634ead155a3c9134f4
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.123&id=86b93cbfe104e99fd3d25a49748b99fb88101573
3. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.123&id=79b9ab357b6f5675007f4c02ff8765cbd8dc06a2
4. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.123&id=d528faa9e828b9fc46dfb684a2a9fd8c2e860ed8
5. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.123&id=5899bc4058e89d5110a23797ff94439c53b77c25
6. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.123&id=95afd2c7c7d26087730dc938709e025a303e5499
7. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.123&id=40844343a8853a08b049d50c967e2a1e28f0ece6
8. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.123&id=6ad5ded420f5d96f7c65b68135f5787a1c7e58d7

Build system: x86/64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: John Audia <therealgraysky@proton.me>
[rebased ipq40xx/patches-5.15/902-dts-ipq4019-ap-dk04.1.patch ]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8590531048)
[Refreshed on top of openwrt-23.05]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-07-31 01:39:50 +02:00
Oli Ze
017827e205 uboot-mvebu: update to version 2023.07.02
Since 2021.07 multiple bugs were introduced that made it impossible to
create a bootable target for mvebu. Those issues should be now fixed since
2023.07-rc1.

References: #11661
Signed-off-by: Oli Ze <olze@trustserv.de>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Tested-by: Andre Heider <a.heider@gmail.com> # espressobin-v3-v5-1gb-2cs
Signed-off-by: Petr Štetiar <ynezz@true.cz> [facelift]
(cherry picked from commit ba7d6dddc7)
2023-07-30 18:06:28 +02:00
Rafał Miłecki
e0c4da1ff0 bcm53xx: backport more DT changes queued for v6.6
Those sort out BCM53573 Ethernet info finally.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ca8868a511)
2023-07-29 19:43:44 +02:00
Rafał Miłecki
3bac348387 bcm53xx: add BCM53573 Ethernet fix sent upstream for v6.6
It seems that DSA-based b53 driver never worked with BCM53573 SoCs and
BCM53125.

In case of swconfig-based b53 this fixes a regression. Switching bgmac
from using mdiobus_register() to of_mdiobus_register() resulted in MDIO
device (BCM53125) having of_node set (see of_mdiobus_register_phy()).
That made downstream b53 driver read invalid data from DT and broke
Ethernet support.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 79fd3e62b4)
2023-07-29 19:43:44 +02:00
Alexander Friese
680a4c7e12 ipq4019: fix support for AVM FRITZ!Repeater 3000
new versions of the device have NAND with 8bit ECC
which was not yet supported before. This change removes
ECC restrictions.

Signed-off-by: Alexander Friese <af944580@googlemail.com>
(cherry picked from commit 6b11f0ec83)
2023-07-27 13:54:55 +02:00
Jo-Philipp Wich
77b8ce64fa libnl-tiny: update to latest Git HEAD
8667347 build: allow passing SOVERSION value for dynamic library

Also adjust packaging of the library to only ship the SOVERSION
suffixed library object, to allow for concurrent installation of
ABI-incompible versions in the future.

Fixes: #13082
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4af0a72a65)
2023-07-27 12:06:02 +02:00
David Bauer
5ded0a3975 scripts: use sep-char for hash nodes
U-Boot with enabled secure-boot will not boot images with the
@-character used for hash node-names.

Use the existing separation character configurable for each device.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2b133ab19c)
2023-07-26 15:39:24 +02:00
David Bauer
897d55bcdf ipq40xx: add support for Teltonika RUTX50
Hardware
--------
CPU:     Qualcomm IPQ4018
RAM:     256M
Flash:   16MB SPI-NOR (W25Q128)
         128MB SPI-NAND (XTX)
WiFi:    2T2R (2GHz 802.11n ; 5 GHz 802.11ac)
ETH:     4x LAN ; 1x WAN (Gigabit)
CELL:    Quectel RG501Q 3G/4G/5G

UART: Available on the goldfinger connector (Pinout silkscreened)
      115200 8N1 3V3 - Only connect RX / TX / GND

Installation
------------

1. Enable SSH in the Teltonika UI
   (System --> Administration --> Access Control)

2. Check from which partition set the device is currently running from.

   $ cat /proc/boot_info/rootfs/primaryboot

   In case this output reads 0, install a Software update from Teltonika
   first. After upgrade completion, check this file now reads 1 before
   continuing.

2. Transfer the OpenWrt factory image to the device using scp. Use the
   same password (user root!) as used for the Web-UI.

   $ scp -O openwrt-factory.bin root@192.168.1.1:/tmp

3. Connect to the device using ssh as the root user.

4. Install OpenWrt by writing the factory image to flash.

   $ ubiformat /dev/mtd16 -y -f /tmp/openwrt-factory.bin

5. Instruct the bootloaer to boot from the first partition set.

   $ echo 0 > /proc/boot_info/rootfs/primaryboot
   $ cat /proc/boot_info/getbinary_bootconfig > /tmp/bootconfig.bin
   $ cat /proc/boot_info/getbinary_bootconfig1 > /tmp/bootconfig1.bin
   $ mtd write /tmp/bootconfig.bin /dev/mtd2
   $ mtd write /tmp/bootconfig1.bin /dev/mtd3

6. Reboot the device.

   $ reboot

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 844bb4bfad)
2023-07-26 15:37:56 +02:00
David Bauer
1face854a2 ipq40xx: move Teltonika RUT STM32 IO to specific DTS
Prepare to re-use the DTS for the RUTX50.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit dbc4be142e)
2023-07-26 15:37:56 +02:00
Etienne Champetier
ee910d1e67 dropbear: add ed25519 for failsafe key
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...

Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 6ac61dead9)
2023-07-26 14:00:52 +02:00
Michał Kwiatek
23953cfa5a ath11k-firmware: update to stable WLAN.HK.2.9.0.1-01837
Changelog from quic:

 Bug fixes, stability improvements from previous releases
  are present. There are no backward comatibility issues
  with this release.

Tested-by: Michał Kwiatek <michal@kwiatek.it> # Xiaomi AX3600
Signed-off-by: Michał Kwiatek <michal@kwiatek.it>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1c56801dd2)
2023-07-26 13:41:59 +02:00
Mathew McBride
21f0ab503c kernel: move NXP DPAA2 SFP patches to generic patches
These are used by both the armsr (EFI boot) and
layerscape targets for phylink-controlled SFP
support on NXP DPAA2 platforms (LS1088,LS2088,LX2160).

This is in place of commit a7bd96c98f
("layerscape: add patches for SFP support on DPAA2 platforms")
in the main branch. armsr in main started at kernel 6.1
so there is not an equivalent 5.15 commit to cherry pick.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2023-07-26 13:36:58 +02:00
Mathew McBride
6a89cfa418 layerscape: base-files: remove redundant RAMFS_COPY_* additions
All the tools (e.g fw_setenv, ubiupdatevol) and config (fw_env.config)
needed for sysupgrade are already included in /lib/upgrade/stage2

Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 094c37708a)
2023-07-26 13:36:58 +02:00
Mathew McBride
cef98caf6e layerscape: remove Traverse LS1043 boards
The Traverse LS1043 boards were not publicly released,
all the production has been going to OEM customers who
do not use the image format defined in the OpenWrt tree.

Only a few samples were circulated outside Traverse
and our OEM customers. The public release (then called
Five64) of this series was cancelled in favour of our
LS1088A based design (Ten64).

It is best to remove these boards to avoid wasting
OpenWrt project and contributor resources.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 8e7ba6fbae)
2023-07-26 13:36:58 +02:00
Mathew McBride
68a4c60b5c layerscape: armv8_64b: add Traverse Ten64 NAND variant
The Ten64 board[1] is based around NXP's Layerscape LS1088A SoC.
It is capable of booting both standard Linux distributions
from disk devices, using EFI, and booting OpenWrt
from NAND.

See the online manual for more information, including the
flash layout[2].

This patchset adds support for generating Ten64 images
for NAND boot.
For disk boot, one can use the EFI support that was
recently added to the armvirt target.

We previously supported NAND users by building
inside our armvirt/EFI target[3], but this approach
is not suitable for OpenWrt upstream. Users who
used our supplied NAND images will be able to upgrade
to this via sysupgrade.

Signed-off-by: Mathew McBride <matt@traverse.com.au>

[1] - https://www.traverse.com.au/hardware/ten64
[2] - https://ten64doc.traverse.com.au/hardware/flash/
[3] - Example:
285e4360e1
(cherry picked from commit af0546da34)
2023-07-26 13:36:58 +02:00
Lech Perczak
e54e5bc415 uqmi: do not start 464xlat for dual-stack configurations
If dual-stack configuration is in use, and dhcpv6 option is set, do not start
464xlat sub-interface for dhcpv6 sub-interace , as the configuration already
provides IPv4 connectivty, be it through single or dual APN configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit a9237c1af9)
2023-07-26 13:32:13 +02:00
Lech Perczak
2b889aa71a uqmi: support split-APN IPv4 and IPv6 dual-stack
Add two new "v6apn" and "v6profile" properties, to support split-APN
dual-stack onfiguration. This extends the existing ipv4v6 PDP type,
allowing simultaneous connection to two distinct APNs,
one for IPv4 and one for IPv6.
The parameters override existing 'apn' and 'profile' respectively,
if set, but only for IPv6 part of the connection.
If unset, they default to their original values, constituting a standard
IPv4v6 setup.

If a different APN is set for IPv6, a corresponding profile MUST also be
configured, with a different ID, than the IPv4 profile, for example,
profile 2.
Both APNs must match ones configured through QMI or through 'AT+CGDCONT'
command.

Example configuration in UCI:

config interface 'wan'
        option proto 'qmi'
        option device '/dev/cdc-wdm0'
        option autoconnect '1'
        option pdptype 'ipv4v6'
        option apn 'internet'
        option v6apn 'internetipv6'
	option profile '1'
	option v6profile '2'

Corresponding profile configuration:
AT+CGDCONT?
+CGDCONT: 1,"IP","internet","0.0.0.0",0,0,0,0
+CGDCONT: 2,"IPV6","internetipv6","0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0",0,0,0,0

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 48e8bf1b8f)
2023-07-26 13:31:43 +02:00
David Bauer
8d6a9051cd mac80211: partly revert force-mac80211 loss detection
This patch will only force mac80211 loss detection upon ath10k by
masking the driver-specific loss-detection bit.

Ref: commit ed816f6ba8 ("mac80211: always use mac80211 loss detection")

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d9070f8d23)
[felix.bau@gmx.de: replace path 6.2 with 5.15, refresh patches]
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
2023-07-26 13:29:44 +02:00
Shiji Yang
ead5860c56 ramips: do not print error log when mdio bus is disabled
The mdio bus is used to control externel switch. In most cases, they are
disabled, which is the normal behavior. Treating this as an error makes
no sense, so we need to change the notification level from error to info.

Fixes: a2acdf9607 ("ramips: mt7620: remove useless GMAC nodes")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 285f0668f4)
2023-07-26 13:28:37 +02:00
Shiji Yang
3ac300c753 ramips: backport upstream mt762x PCIe driver error log fixes
These patches silence some mt762x PCIe driver error messeges by removing
the useless debugging codes and replacing incorrectly used 'dev_err()'
with 'dev_info()':

PCI: mt7621: Use dev_info() to log PCIe card detection [1]
mips: pci-mt7620: do not print NFTS register value as error log [2]
mips: pci-mt7620: use dev_info() to log PCIe device detection result [3]

Patch [1] has already been merged into the Linux 6.3 branch. Patches [2] and
[3] have been merged into the "mips-next" tree, and they will be part of the
upcoming Linux 6.5.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.4-rc7&id=50233e105a0332ec0f3bc83180c416e6b200471e
[2] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=9f9a035e6156a57d9da062b26d2a48d031744a1e
[3] https://git.kernel.org/pub/scm/linux/kernel/git/mips/linux.git/commit/?id=89ec9bbe60b61cc6ae3eddd6d4f43e128f8a88de

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 4e74777fa8)
2023-07-26 13:28:02 +02:00
Aleksander Jan Bajkowski
9d15baee6b lantiq: add patches headers
This commit adds headers to the patches, so they can be applied with the
git am command.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit 5d51079fd0)
2023-07-26 13:26:24 +02:00
Felix Baumann
65c1f418e3 kernel: update patches for mediatek filogic
Fix complaint from actions
Check Kernel patches (mediatek, filogic)
https://github.com/openwrt/openwrt/actions/runs/5569719763/job/15081672586?pr=13072

Signed-off-by: Felix Baumann <felix.bau@gmx.de>
2023-07-26 13:19:49 +02:00
Felix Fietkau
4d880318b0 mt76: update to the latest version
53edfc7aaa34 wifi: mt76: mt7603: fix beacon interval after disabling a single vif
7ef4dd12d982 wifi: mt76: mt7603: fix tx filter/flush function
152608a40aa7 wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC)
cacac3902a63 wifi: mt76: split get_of_eeprom in subfunction
cd3dfe392769 wifi: mt76: add support for providing eeprom in nvmem cells

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 4395236a10)
2023-07-26 11:52:02 +02:00
Felix Fietkau
dc370ad19a mt76: update to the latest version
bb3937d5c3e0 wifi: mt76: mt7915: remove VHT160 capability on MT7915

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 063641f8cf)
2023-07-26 11:52:02 +02:00
Felix Fietkau
339e71cbd3 kernel: drop mips highmem offset start overrides
The maximum offset that can be supported is 0x20000000
Do not override it to to something bigger than that on MT7621, as that could
cause issues based on the fixed memory mappings. This makes the last 64 MB
RAM unusable on MT7621 devices with 512 MB but avoids incurring a heavy
performance hit

Fixes: cd2b74e01e ("ramips: mt7621: disable highmem support and remove highmem offset patch")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a110de8152)
2023-07-24 20:19:11 +02:00
Felix Fietkau
e5dea9e37f ramips: mt7621: disable highmem support and remove highmem offset patch
On MT7621 it was observed, that enabling highmem support causes a significant
performance drop, as documented in: https://github.com/openwrt/openwrt/issues/13151
By adjusting the highmem start offset, we avoid leaving any RAM unaddressable,
even on devices with 512 MB

Fixes: https://github.com/openwrt/openwrt/issues/13151
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit cd2b74e01e)
2023-07-24 20:19:11 +02:00
David Bauer
476bf135fc mediatek: add support for ZyXEL NWA50AX Pro
Hardware
--------
CPU:    Mediatek MT7981
RAM:    512M DDR4
FLASH:  256M NAND
ETH:    MaxLinear GPY211 (2.5GbE N Base-T)
WiFi:   Mediatek MT7981 (2.4GHz 2T2R:2 5GHz 3T3R:2 802.11ax)
BTN:    1x Reset
LED:    1x Multi-Color

UART Console
------------
Available below the rubber cover next to the ethernet port.

Settings: 115200 8N1

Layout:

<12V> <LAN> GND-RX-TX-VCC

Logic-Level is 3V3. Don't connect VCC to your UART adapter!

Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.

As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.

In case this is not the case, OpenWrt will boot only one time, returning
to the ZyXEL firmware the second boot.

If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.

Installation TFTP / Recovery
----------------------------
This installation routine is especially useful in case of a bricked
device.

Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.

The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.

Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to nwa50axpro-openwrt-initramfs.bin.

 $ atnf nwa50axpro-openwrt-initramfs.bin
 $ atna 192.168.1.88
 $ atns "192.168.1.66; tftpboot; setenv fdt_high 0xffffffffffffffff;
   bootm"

Upon booting, set the booted image to the correct slot:

 $ zyxel-bootconfig /dev/mtd9 get-status
 $ zyxel-bootconfig /dev/mtd9 set-image-status 0 valid
 $ zyxel-bootconfig /dev/mtd9 set-active-image 0

Copy the OpenWrt sysupgrade image to the device using scp.
Write the sysupgrade image to NAND using sysupgrade.

 $ sysupgrade -n image.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f0445746f6)
2023-07-23 16:10:08 +02:00
Daniel Golle
b28d74090f mediatek: filogic: set DEVICE_DTS_LOADADDR for BPi-R3
U-Boot complains that the overlayed DT needs relocation, so set
DEVICE_DTS_LOADADDR to have it relocated.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b1d10e0174)
2023-07-22 18:54:03 +01:00
Tony Ambardar
b607cd30c7 libbpf: Update to v1.2.2
Update to the latest upstream release to include recent bugfixes:

Link: https://github.com/libbpf/libbpf/compare/v1.2.0...v1.2.2
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 1d5e7b85cc)
2023-07-20 08:04:11 +02:00
Nick Hainke
0b087073e6 nftables: update to 1.0.8
ChangeLog:
https://www.netfilter.org/projects/nftables/files/changes-nftables-1.0.8.txt

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 58c498247b)
2023-07-20 08:04:11 +02:00