This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.
As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].
An explanation of the impact of the vulnerability is provided from the
advisory[1]:
This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.
[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16042
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add a new utility, omnia-mcutool, which main purpose is to upgrade the
firmware on the microcontroller on the Turris Omnia router. Depends on
omnia-mcu-firmware, and the upgrade process is pretty simple:
omnia-mcutool --upgrade
Besides firmware upgrade, the utility can be used to show and configure
various firmware settings.
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add a new package, omnia-mcu-firmware, containing firmware binaries for
the microcontroller on the Turris Omnia router.
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for the MCU driver on CZ.NIC's Turris Omnia. This adds
the ability to do a true board poweroff, and to configure various
features (for example the user may configure that after poweroff, the
router should automatically wake up at a specific time).
Signed-off-by: Marek Mojík <marek.mojik@nic.cz>
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
Handle the KEY_VENDOR key in gpio-button-hotplug driver. This is used
by Turris Omnia.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
This backports patches
dt-bindings: firmware: add cznic,turris-omnia-mcu binding
platform: cznic: Add preliminary support for Turris Omnia MCU
platform: cznic: turris-omnia-mcu: Add support for MCU connected GPIOs
platform: cznic: turris-omnia-mcu: Add support for poweroff and wakeup
platform: cznic: turris-omnia-mcu: Add support for MCU watchdog
platform: cznic: turris-omnia-mcu: Add support for MCU provided TRNG
ARM: dts: turris-omnia: Add MCU system-controller node
ARM: dts: turris-omnia: Add GPIO key node for front button
platform: cznic: turris-omnia-mcu: Depend on OF
platform: cznic: turris-omnia-mcu: Depend on WATCHDOG
platform: cznic: turris-omnia-mcu: fix Kconfig dependencies
that will be released in 6.11 into mvebu/patches-6.6.
Signed-off-by: Marek Behún <kabel@kernel.org>
Link: https://github.com/openwrt/openwrt/pull/13799
Signed-off-by: Robert Marko <robimarko@gmail.com>
This target doesn't actually use NAND.
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16001
Signed-off-by: Robert Marko <robimarko@gmail.com>
This reverts commit f444dea428.
It seems that some devices using GPIO WDT have really short WDT timeouts
and when using module_platform_driver registration it happens too late
and thus WDT will timeout and reset the board.
So, for now lets return the postcore_initcall hack for now.
Fixes: f444dea428 ("ath79: remove GPIO driver earlier registration hack")
Signed-off-by: Joan Moreau <jom@grosjo.net>
Link: https://github.com/openwrt/openwrt/pull/16035
Signed-off-by: Robert Marko <robimarko@gmail.com>
Layerscape was switched to 6.6 kernel. Now is time to remove 6.1
support.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16037
Signed-off-by: Robert Marko <robimarko@gmail.com>
CI says patches need to be refreshed, so do so.
Fixes: 6bb334c5cf ("mediatek: fix u-boot env layout NVMEM definitions")
Link: https://github.com/openwrt/openwrt/pull/16051
Signed-off-by: Robert Marko <robimarko@gmail.com>
68c8a4f system-linux: re-apply ethtool on phy attachment
890929b wireless: add support for defining wifi interfaces via procd service data
b57e40b wireless: use blobmsg_parse_attr
7a6532f proto-shell: add proto property for skipping device config
33ec3da CMake: bump the minimum required CMake version to 3.5
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Kirkwood was switched to 6.6. We can remove 6.1 support now.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15998
Signed-off-by: Robert Marko <robimarko@gmail.com>
generic.mk was commited by mistake. It isn't used. Let's remove it.
Fixes: ccbdb212f3 ("kirkwood: Add missing package dependency")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15998
Signed-off-by: Robert Marko <robimarko@gmail.com>
Let's switch to kernel 6.6 for wide tests.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15998
Signed-off-by: Robert Marko <robimarko@gmail.com>
Radxa ROCK Pi E v3.0 has a RTL8723DU Wi-Fi 4 on-board device. enable
it.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15910
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Radxa ROCK Pi S has a RTL8723DS Wi-Fi 4 on-board device. enable it.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15910
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Build the amd64-microcode package on all architectures even if it only
makes sense to use it on x86. If the package build is done by a builder
not building for x86 it will not include the package otherwise.
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different target.
Fixes: 24d6abe2d7 ("firmware-utils: new package replacing otrx")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different target.
Fixes: 8619d7af67 ("kirkwood: add D-Link DNS-320L support")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different target.
Fixes: 1eb21b87bd ("kobs-ng: add new package")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mark the package as nonshared to build it in the target specific build
step 1 of the build bots instead of the architecture generic build step
2. In the build step 2 it may be left out if we build it using a
different target.
Fixes: 07043a853a ("imx23: rename imx23 to mxs for upcoming imx23/28 support")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Package the firmware files in the target specific build step and not in
the architecture common step. The architecture common step is not
necessary build for the ipq40xx target. If it is build for a different
target these packages are not packaged at all. This moves the build to
the ipq40xx target specific build step. This change is needed to make
the firmware files show up in the buildbot images.
Fixes: 02db8a19cb ("firmware: add Intel/Lantiq VRX518 ACA firmware package")
Fixes: 07b0e6f3d9 ("firmware: add Intel/Lantiq VRX518 PPE firmware package")
Fixes: 13eb1f564a ("firmware: add Intel/Lantiq VRX518 DSL firmware package")
Link: https://github.com/openwrt/openwrt/pull/16031
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Import patch from mainline Linux to fix issue with PERST# signal
polarity.
Quote from commit message:
"This extra, very short, PERST# assertion + deassertion has been
reported to cause issues with certain WLAN controllers, e.g. RTL8822CE."
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Testing turned out that the HWRNG quality varies greatly on RK3566,
even on supposedly identical boards and SoC revisions.
Hence enable the HWRNG driver only on RK3568 for now.
Allow users to simply tune sample_count and quality to allow easily
testing results on different boards and SoCs.
Link: https://patchwork.kernel.org/project/linux-arm-kernel/cover/cover.1720969799.git.daniel@makrotopia.org/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is a backport of netdev/net [1]/[2], expected to be in kernel 6.11
(if not backported to a stable branch).
Since 4fdc7bb8f1 (2024-06-14, switching ath79 from kernel 6.1 to 6.6),
the rtl8366s driver was made to write to bogus PHY MII registers on
ath79/netgear,wndr3800 and family, and likely on other systems using
this switch in a similar manner. The writes were directed to PHY 4 MII
registers 0x0d (13) and 0x0e (14). The rtl8366s data sheet claims these
registers are reserved. These register writes were causing the device to
not maintain link, track link status, or pass traffic on eth1 (labeled
WAN), as eth1 is connected to PHY 4.
0x0d is MII_MMD_CTRL, and 0x0e is MII_MMD_DATA. rtl8366s doesn't appear
to support MMD in any way, and certainly not via the IEEE 802.3 annex
22D "clause 45 over clause 22" protocol implemented by mmd_phy_indirect.
This patch intercepts those attempted register accesses and returns
-EOPNOTSUPP without touching the switch chip. This is implemented by
defining phy_driver::{read,write}_mmd as
genphy_{read,write}_mmd_unsupported for this PHY. A new PHY driver for
this PHY is introduced to achieve that, because this PHY was previously
using genphy_driver, and there is otherwise no clean way to declare lack
of support for these operations.
This was caused by kernel 9b01c885be36 (2023-02-13, in 6.3). The new
genphy_c45_read_eee_abilities call in genphy_read_abilities (called
during phy_probe) was causing an attempted MMD read of (MMIO_MMD_PCS,
MDIO_PCS_EEE_ABLE), which was transformed into an annex 22D
mmd_phy_indirect operation that performed MII register writes to
MII_MMD_CTRL, MII_MMD_DATA, and MII_MMD_CTRL again, followed by another
read from MII_MMD_DATA. This was enough to "scramble" the state of those
two MII registers, which are in fact not used for annex 22D MMD register
access on this device but are reserved and have some other function,
rendering the PHY unusable while so configured. The result of the
bungled MMD read attempt caused the genphy driver to incorrectly believe
that the PHY supported standard EEE, which led to several more attempted
MMD writes and reads, in turn being transformed into writes to these two
MII registers.
rtl8366s does support some pre-IEEE 802.3az EEE standard form of "Green
Ethernet" which the switch driver (local to OpenWrt) already has some
support for. No attempt is made to map the standard operations for this
device.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=225990c487c1
[2] https://lore.kernel.org/netdev/20240725204147.69730-1-mark@mentovai.com/
Fixes: https://github.com/openwrt/openwrt/issues/15981
Link: https://github.com/openwrt/openwrt/issues/15739
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Link: https://github.com/openwrt/openwrt/pull/16012
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Radxa ROCK Pi E v3.0 is a compact networking SBC[1] using the Rockchip
RK3328 SoC.
Hardware
--------
- Rockchip RK3328 SoC
- Quad A53 CPU
- 512MB/1GB/2GB DDR4 RAM
- 4/8/16/32GB eMMC
- Micro SD Card slot
- WiFi 4 and BT 4, or WiFi 5 and BT 5 (not supported yet)
- 1x 1000M Ethernet with PoE support (additional PoE HAT required)
- 1x 100M Ethernet
- 1x USB 3.0 Type-A port (Host)
- 1x 4-ring 3.5mm headphone jack
- 40 Pin GPIO header
[1] https://radxa.com/products/rockpi/pie
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15984
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is an automatically generated commit which aids following Kernel patch
history, as git will see the move and copy as a rename thus defeating the
purpose.
For the original discussion see:
https://lists.openwrt.org/pipermail/openwrt-devel/2023-October/041673.html
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
This is an automatically generated commit.
When doing `git bisect`, consider `git bisect --skip`.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
The hardware of these two models looks the same. This patch also
disabled unused i2c bus for WE3526.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16009
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
From the kernel log, we are using PCIe port 1 and 2.
dmesg:
```
[ 0.963526] mt7621-pci 1e140000.pcie: pcie0 no card, disable it (RST & CLK)
[ 0.970432] mt7621-pci 1e140000.pcie: PCIE1 enabled
[ 0.975312] mt7621-pci 1e140000.pcie: PCIE2 enabled
[ 1.071442] pci 0000:01:00.0: [14c3:7662] type 00 class 0x028000
[ 1.130382] pci 0000:02:00.0: [14c3:7603] type 00 class 0x028000
```
Fixes: https://github.com/openwrt/openwrt/issues/16000
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/16009
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit adds support for a dual-band AX1800 wall plug manufactured
by Shenzhen Century Xinyang Tech Co., Ltd.
CPU: Mediatek MT7621A (2 cores, 4 threads)
RAM: 256i MiB DDR3 (Samsung K4B2G1646F-BCNB)
ROM: 16 MiB SPI NOR (Winbond W25Q128JVPQ)
Wired: one gigabit RJ45 port (with green/yellow non-GPIO LEDs)
WiFi: Mediatek MT7905DAN + MT7975DN (DBDC 2x 2T2R)
Ant.: four 2 dBi external antennas (two 2.4GHz, two 5 GHz)
GPIO: tri-color status LED (GPIO 13, 14, 16);
reset button (GPIO 18)
Power: 12V 2-pin JST-XH on main PCB
110/220V AC to 12V1A DC on auxiliary PCB
UART: 115200 8n1, SMD pads available on the PCB as J4
pinout is [3v3] (Rx) (Tx) (Gnd)
MAC: 1C:BF:CE:xx:xx:xx (2.4 GHz, label)
1C:BF:CE:xx:xx:xx + 1 (ethernet [1])
1C:BF:CE:xx:xx:xx + 2 (5 GHz)
Original firmware is LEDE Reboot 17.01-SNAPSHOT (kernel 4.4.198)
with a few custom packages and a non-LuCI web interface.
Telnet and SSH are enabled, requiring an unknown root password [2].
Root password is also needed to access the router via UART console,
but passwordless telnet can be enabled via a trivial web exploit [3]
and then the root password can be removed by editing `/etc/shadow`.
Installation: First upload `sysupgrade` binary via web interface at
`http://192.168.188.1/settings.shtml` and wait until getting back to
the home screen (select network to extend). The installation fails
since the original firmware uses `swconfig` and recent versions of
OpenWrt use DSA. However, the sysupgrade file is uploaded correctly
and stored at `/tmp/upgrade.bin`, so it can be written to flash via
the web exploit [4] (both `mtd -r write` and `sysupgrade -Fn` work
fine). Passwordless telnet/ssh is not needed for installation.
Alternatively, use u-boot menu to load image via TFTP.
Notes:
- Device model in LEDE is "MediaTek MT7621 RFB (802.11ax,SNOR)".
- It is sold under several names, among them are Wodesys WD-R1802U,
Fenvi F-AX1802U, and EDUP EP-2971; the Wodesys brand was selected
since it is referenced in `/etc/banner` and `/etc/hosts`, and the
PCB is marked "WD518A V1.0".
- Instead of a standard ethernet transformer, the PCB has a few tiny
SMD coils.
[1] Original firmware sets ethernet MAC to 1C:BF:CE:E7:62:1D based on
offset `0x3fff4` in the Factory partition; since this is the same
MAC for all units, whereas WiFi MACs stored at offsets 0x6 and 0xc
are unique, it was decided to use <label MAC + 1> for ethernet.
[2] root:$1$7rmMiPJj$91iv9LWhfkZE/t7aCBdo.0:18388:0:99999:7:::
[3] curl -X POST http://192.168.188.1/cgi-bin/adm.cgi \
-d page=Lang -d langType="en;killall telnetd;telnetd -l /bin/sh"
[4] curl -X POST http://192.168.188.1/cgi-bin/adm.cgi \
-d page=Lang -d langType="en;mtd -r write /tmp/upgrade.bin firmware"
Signed-off-by: Rani Hod <rani.hod@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15777
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport H616 DVFS support from linux-next.
Tested on the Orange Pi Zero 3 (H618 SoC).
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/15600
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Freescale procesor has Securite Engine driver called Talitos. [1]
This driver is already packaged for OpenWrt since commit
bf57f33f02 ("kernel: Allow talitos crypto
hw module selection"), but many users don't know about it.
Let's include this kernel module package to default packages as it was
recently done for MediaTek in commit 06c4fc6d5e
("kernel: enable inside secure driver for MediaTek platforms")
[1] https://cateee.net/lkddb/web-lkddb/CRYPTO_DEV_TALITOS.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/10557
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These are POSIX standard types
And therefore should be present in any POSIX compliant runtime.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/15952
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
MUSL and eglibc provide these symbols.
Bind needs setresuid() to build properly in recent versions.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/15952
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>