Hardware:
- SoC: Mediatek MT7621 (MT7621AT)
- Flash: 32 MiB SPI-NOR (Macronix MX25L25635E)
- RAM: 128 MiB
- Ethernet: Built-in, 2 x 1GbE
- 3G/4G Modem: MEIG SLM828 (currently only supported with ModemManager)
- SLIC: Si32185 (unsupported)
- Power: 12V via barrel connector
- Wifi 2.4GHz: Mediatek MT7603BE 802.11b/g/b
- Wifi 5GHz: Mediatek MT7613BE 802.11ac/n/a
- LEDs: 8x (7 controllable)
- Buttons: 2x (RESET, WPS)
Installing OpenWrt:
- sysupgrade image is compatible with vendor firmware.
Recovery:
- Connect to any of the Ethernet ports, configure local IP:
10.10.10.3/24 (or 192.168.10.19/24, depending on OEM)
- Provide firmware file named 'mt7621.img' on TFTP server.
- Hold down both, RESET and WPS, then power on the board.
- Watch network traffic using tcpdump or wireshark in realtime to
observe progress of device requesting firmware. Once download has
completed, release both buttons and wait until firmware comes up.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit bc335f2967)
Add configuration to access U-Boot environment on MeiG SLT866.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f8414f1a6f)
In addition to binary and ASCII-formatted MAC addresses, add support
for processing hexadecimal encoded MAC addresses from NVMEM.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7db87d7c68)
Another Qualcomm-based USB-connected modem, offering endpoints
0 : rndis_host (link to voip subsystem listening on 169.254.5.100)
1 : rndis_host (?)
2 : option (?)
3 : option (at)
4 : option (at)
5 : option (?)
6 : GobiNet (qmi)
7 : ?
Add support for this modem in rndis_host, option and qmi_wwan driver
which allows the modem to be used with ModemManager.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f32baf6a65)
Add support for COMFAST CF-EW72 V2
Hardware:
- SoC: Mediatek MT7621 (MT7621DAT or MT7621AT)
- Flash: 16 MiB NOR
- RAM: 128 MiB
- Ethernet: Built-in, 2 x 1GbE
- Power: only 802.3af PD on any port, injector supplied in the box
- PoE passthrough: No
- Wifi 2.4GHz: Mediatek MT7603BE 802.11b/g/b
- Wifi 5GHz: Mediatek MT7613BEN 802.11ac/n/a
- LEDs: 8x (only 1 is both visible and controllable, see below)
- Buttons: 1x (RESET)
Installing OpenWrt:
Flashing is done using Mediatek U-Boot System Recovery Mode
- make wired connection with 2 cables like this:
- - PC (LAN) <-> PoE Injector (LAN)
- - PoE Injector (POE) <-> CF-EW72 V2 (LAN). Leave unconnected to CF-EW72 V2 yet.
- configure 192.168.1.(2-254)/24 static ip address on your PC LAN
- press and keep pressed RESET button on device
- power the device by plugging PoE Injector (POE) <-> CF-EW72 V2 (LAN) cable
- wait for about 10 seconds until wifi led stops blinking and release RESET button
- navigate from your PC to http://192.168.1.1 and upload OpenWrt *-factory.bin firmware file
- proceed until router starts blinking with wifi led again (flashing) and stops (rebooting to OpenWrt)
MAC addresses as verified by OEM firmware:
vendor OpenWrt address
LAN lan\eth0 label
WAN wan label + 1
2g phy0 label + 2
5g phy1 label + 3
The label MAC address was found in 0xe000.
LEDs detailed:
The only both visible and controllable indicator is blue:wlan LED.
It is not bound by default to indicate activity of any wireless interfaces.
Place (WAN->ANT) | Num | GPIO | LED name (LuCI) | Note
-----------------|-----|-----------------------------------------------------------------------------------------
power | 1 | | | POWER LED. Not controlled with GPIO.
hidden_led_2 | 2 | 13 | blue:hidden_led_2 | This LED does not have proper hole in shell.
wan | 3 | | | WAN LED. Not controlled with GPIO.
hidden_led_4 | 4 | 16 | blue:hidden_led_4 | This LED does not have proper hole in shell.
lan | 5 | | | LAN LED. Not controlled with GPIO.
noconn_led_6 | 6 | | | Not controlled with GPIO, possibly not connected
wlan | 7 | 15 | blue:wlan | WLAN LED. Wireless indicator.
noconn_led_8 | 8 | | | Not controlled with GPIO, possibly not connected
mt76-phy0 and mt76-phy1 leds also exist in OpenWrt, but do not exist on board.
Signed-off-by: Alexey D. Filimonov <alexey@filimonic.net>
(cherry picked from commit ff95f859eb)
Add support for ComFast CF-E390AX. It is a 802.11 wifi6 cieling AP, based on MediaTek MT7261AT.
Specifications:
SoC: MediaTek MT7621AT
RAM: 128 MiB
Flash: 16 MiB NOR (Macronix mx25l12805d)
Wireless: MT7915E (2.4G) 802.11ax/b/g/n MT7915E (5G) 802.11ac/ax/n
Ethernet: 2 x 1Gbs
Button: 1 x "Reset" button
LED: 1x Blue LED + 1x Red LED + 1x green LED
Power: PoE
Manufacturer Page:
http://en.comfast.com.cn/index.php?m=content&c=index&a=show&catid=84&id=75
Flash Layout:
0x000000000000-0x000000030000 : "bootloader"
0x000000030000-0x000000040000 : "config"
0x000000050000-0x000000060000 : "factory"
0x000000090000-0x000001000000 : "firmware"
First install:
1. Set device into http firmware fail safe upload mode by pressing the reset button for 10 seconds while powering
it on. Once the LED stops flashing, safe mode will be running.
2. Set PC IP address to 192.168.1.2
3. Browse to 192.168.1.1 and upload the factory image using the web interface.
Signed-off-by: Usama Nassir <usama.nassir@gmail.com>
(cherry picked from commit f24c9b9d86)
With the case of asking an invalid version that is too big, getver.sh
might return an invalid output in the form of HEAD~-2260475641.
This is caused by BASE_REV - GET_REV using a negative number.
Prevent this by checking if BASE_REV - GET_REV actually return 0 or a
positive number and set REV variable accordingly. With the following
change, invalid revision number will result in unknown printed instead
of the invalid HEAD~-NUMBERS output.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 9e49e0a6c4)
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45d72a6da)
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1714087442)
0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 551963662b)
Refresh patches for hostapd using make package/hostapd/refresh.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 05e516b12d)
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.
This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.
Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c9ac57d58)
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b1c7b1bd67)
noscan option for mesh was broken and actually never applied.
This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1b5ea2e199)
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1070fbce6e)
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r-- 1 root root 749 Nov 6 23:14 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 23:14 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6aad5ab099)
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r-- 1 root root 519 Nov 6 22:58 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 22:58 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 929c9a58c9)
Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 531314260d)
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 41d7439af5)
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 64GB eMMC or 128 MB SPI-NAND
RAM: 512MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, Mesh
Power: DC 12V 1A
- UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | GND TX VCC RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface, and download the configuration.
2. Enter fakeroot, decompress the configuration:
tar -zxf cfg_export_config_file.conf
3. Edit 'etc/config/dropbear', set 'enable' to '1'.
4. Edit 'etc/shadow', update (remove) root password:
'root::19523:0:99999:7:::'
5. Repack 'etc' directory:
tar -zcf cfg_export_config_file.conf etc/
* If you find an error about 'etc/wireless/mediatek/DBDC_card0.dat',
just ignore it.
6. Upload new configuration via web interface, now you can SSH to RAX3000M.
Check stroage type:
Check the label on the back of the device:
"CH EC CMIIT ID: xxxx" is eMMC version
"CH CMIIT ID: xxxx" is NAND version
eMMC Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'factory' part.
('data' partition can be ignored, it's useless.)
2. Write new GPT table:
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync
3. Erase and write new BL2:
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync
4. Erase and write new FIP:
dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync
5. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
9. Additionally, if you want to have eMMC recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync
NAND Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'Factory' part.
2. Erase and write new BL2:
mtd erase BL2
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin BL2
3. Erase and write new FIP:
mtd erase FIP
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip FIP
4. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, erase UBI volumes:
ubidetach -p /dev/mtd0
ubiformat -y /dev/mtd0
ubiattach -p /dev/mtd0
8. Create new ubootenv volumes:
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Additionally, if you want to have NAND recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
ubimkvol /dev/ubi0 -n 2 -N recovery -s 20MiB
ubiupdatevol /dev/ubi0_2 openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb
10. Perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 423186d7d8)
[rebased to 23.05]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The OEM U-Boot uses dual boot and signature verification which does not
support by OpenWrt. So add a custom U-Boot build for OpenWrt.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fddd735dd5)
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110
This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk
Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c17cdbc36)
Changes introduced in commit d604a07225 ("build: add CycloneDX SBOM
JSON support") broke ImageBuilder:
Cannot open '/openwrt-imagebuilder-ath79-generic.Linux-x86_64/tmp/.packageinfo': No such file or directory
So lets fix it by wrapping the BOM generation behind condition of IB
feature check.
Fixes: #13881
Fixes: d604a07225 ("build: add CycloneDX SBOM JSON support")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c4259a6586)
Some packages (like wavemon >= 0.9.4) depend on libnl-cli. Add support
for this part of the lib. libnl-cli itself depends on libnl-genl and
libnl-nf. On MIPS, this component adds 81kB.
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(punctuation correction and reorganisation of commit message)
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 4bdd1c1a13)
The MAC-address of gmac0 matches the one printed on the bottom label.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ae500e62e2)
d8118f6 config: make sure timer is not on the timeouts list before freeing
4bbc6e7 add hostsfile output in addition to statefile
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 0221b86032)
With patch 101-03-spi-mtk_spim-get-spi-clk-rate-only-once.patch
a new system to calculate the SPI clocks has been added.
Unfortunately, the do_div macro overrides the global
priv->pll_clk_rate field. This will cause to have a reduced
clock rate on each subsequent SPI call.
Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 8849ccb995)
The output of command_all when inside a nix-shell looks like the below
where /usr does not match:
➜ scripts/command_all.sh pkg-config
/nix/store/ifr6srqgpvygd5vp14748d109ri31isv-pkg-config-wrapper-0.29.2/bin/pkg-config
Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
(cherry picked from commit 86ca7199df)
Implement a GitHub Actions workflow for automated project releases.
The workflow triggers on Git tags, ensuring that a GitHub release is
created whenever a new tag is pushed.
That new release is going to be created in draft and pre-release mode
and needs to be manually promoted to the proper release, once its
decided, that its good enough and prepared.
This is a start of a streamlined and consistent release process for
GitHub, reducing manual intervention.
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 280d9dd758)
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.
The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.
Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6dca88aa4a)
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d604a07225)
There is no standard for ABI versioning, so its not possible to find out
from `libext2fs2`, `libiwinfo20230701` or `libss2` package names if
thats just package name or package name with ABI version included. To
help with the decision, lets make ABI version aviable in package index.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 649655f427)
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
In order for the information to be processed further, it should also be
available in JSON package manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8562c65ff8)
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
In order for the information to be processed further, it should also be
available in package index files.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 33b3fea702)
Remove ABI version, since its format is not accepted by the linker.
Enable rpath to avoid clash with system libraries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 5eb8a21ba5)
