This deactivates the CONFIG_COMPAT kernel option.
With CONFIG_COMPAT the kernel will provide syscall interfaces for arm32
binaries in addition to the interfaces needed for arm64 binaries.
In OpenWrt the complete userspace is compiled for this specific
architecture and support for 32 bit ARM applications is not needed.
This reduces the size and the attack surface for the systems.
On all other targets CONFIG_COMPAT is already deactivated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The legacy (BSD) PTY support could open security problems in a system,
We do not need them in OpenWrt, deactivate this option in all targets.
Debian also deactivates this option.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates the CONFIG_ARM64_SW_TTBR0_PAN option for all arm64
kernels by default.
The CONFIG_ARM64_SW_TTBR0_PAN option prevents the kernel form accessing
user space memory directly. This makes it harder to exploit the kernel.
This is activated by default and was already activate on all other arm64
targets before.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates CONFIG_HARDENED_USERCOPY for the remaining targets. This
adds additional checks in the copy_from_user() and copy_to_user()
functions.
This was not activated for ARCHS38 before because of a bug in the Linux
kernel 5.4 till 5.14, which as fixed and is described here:
https://github.com/foss-for-synopsys-dwc-arc-processors/linux/issues/15
I do not know why this was deactivated for mt7629 and rockchip.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ensure the MAC address for all NanoPi R1 boards is assigned uniquely for
each board.
The vendor ships the device in two variants; one with and one without
eMMC; but both without static mac-addresses.
In order to assign both board types unique MAC addresses, fall back on
the same method used for the NanoPi R2S and R4S in case the EEPROM
chip is not present by generating the board MAC from the SD card CID.
[0] https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R1#Hardware_Spec
Similar too and based on:
commit b5675f500d ("rockchip: ensure NanoPi R4S has unique MAC address")
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Use LZMA compressed kernel to save some space in boot partition.
Fixes: #11197
Tested-by: Tianling Shen <cnsztl@immortalwrt.org> [NanoPi R2S]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Endianness depends on CPU architecture. CONFIG_CPU_(BIG/LITTLE)_ENDIAN should
be enabled on target or subtarget based on SoC architecture.
Fixes warning:
$ make kernel_oldconfig CONFIG_TARGET=subtarget
...
.config:1008:warning: override: CPU_LITTLE_ENDIAN changes choice state
....
Summary:
- ARC - only the CONFIG_CPU_BIG_ENDIAN symbol is defined for this architeture.
If it is disabled then the processor operates in LITTLE_ENDIAN mode (default),
- ARM32 - CONFIG_CPU_LITTLE_ENDIAN symbol available since kernel 5.19. This
option should be enabled after OpenWRT moves to kernel 6.x. After refreshing
the kernel, the symbol disappears,
- ARM64 - enabled CONFIG_CPU_LITTLE_ENDIAN,
- MIPS - enabled relevant symbols,
- POWERPC - enabled CONFIG_CPU_BIG_ENDIAN,
- UML - Symbols are not defined for this architecture,
- X86 - always little endian. Symbols are not defined for this architecture.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
This adds some missing IOMMU related options for x86/64 and moves some
of them to generic for all targets.
On x86 IOMMU_DEFAULT_DMA_LAZY is used by default, on all other platforms
IOMMU_DEFAULT_DMA_STRICT is the default. we just follow the default
kernel configuration here.
Fixes: 8fea4a102c ("x86/64: enable IOMMU support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the aliases sections required to detect LEDs specific to OpenWrt
boot / update indication for the NanoPi R4S.
Signed-off-by: David Bauer <mail@david-bauer.net>
Ensure the MAC address for all NanoPi R4S boards is assigned unique for
each board.
FriendlyElec ship two versions of the R4S: The standard as well as the
enterprise edition with only the enterprise edition including the EEPROM
chip that stores the unique MAC address.
In order to assign both board types unique MAC addresses, fall back on
the same method used for the NanoPi R2S in case the EEPROM chip is not
present by generating the board MAC from the SD card CID.
[0] https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R4S#Differences_Between_R4S_Standard_Version_.26_R4S_Enterprise_Version
Signed-off-by: David Bauer <mail@david-bauer.net>
All targets expect the malta target already activate the CONFIG_GPIOLIB
option. Move it to generic kernel configuration and also activate it for
malta.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_INPUT_MISC does not do any changes to the kernel image, it only
shows some extra kernel configuration options.
Activate it on all targets.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
On the NanoPI R4S it takes an average of 3..5 seconds for the network devices
to appear in '/proc/interrupts'.
Wait up to 10 seconds to ensure that the distribution of the interrupts
really happens.
Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
This is now built-in, enable so it won't propagate on target configs.
Link: https://lkml.org/lkml/2022/1/3/168
Fixes: 79e7a2552e ("kernel: bump 5.15 to 5.15.44")
Fixes: 0ca9367069 ("kernel: bump 5.10 to 5.10.119")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(Link to Kernel's commit taht made it built-in,
CRYPTO_LIB_BLAKE2S[_ARM|_X86] as it's selectable, 5.10 backport)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This enables armv8 crypto extensions version of AES, GHASH, and CRC T10
algorithms in the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Seeing failure to build because of missing symbols related to provisioning
CONFIG_KEXEC and signed images. Without this, if you set
CONFIG_KERNEL_KEXEC=y and try to build, target/linux will hang at:
scripts/kconfig/conf --syncconfig Kconfig
...
kexec system call (KEXEC) [Y/n/?] y
kexec file based system call (KEXEC_FILE) [Y/n/?] y
Verify kernel signature during kexec_file_load() syscall (KEXEC_SIG) [N/y/?] (NEW)
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The NanoPi R4S leaves the SD card in 1.8V signalling when rebooting
while U-Boot requires the card to be in 3.3V mode.
Remove UHS support from the SD controller so the card remains in 3.3V
mode. This reduces transfer speeds but ensures a reboot whether from
userspace or following a kernel panic is always working.
Signed-off-by: David Bauer <mail@david-bauer.net>
Each of
- CRYPTO_AEAD2
- CRYPTO_AEAD
- CRYPTO_GF128MUL
- CRYPTO_GHASH
- CRYPTO_HASH2
- CRYPTO_HASH
- CRYPTO_MANAGER2
- CRYPTO_MANAGER
- CRYPTO_NULL2
either directly required for mac80211 crypto support, or directly
selected by such options. Support for the mac80211 crypto was enabled in
the generic config since c7182123b9 ("kernel: make cryptoapi support
needed by mac80211 built-in"). So move the above options from the target
configs to the generic config to make it clear why do we need them.
CC: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Both CLANG_VERSION and LLD_VERISON are autogenerated runtime
configuration options, so add them to the kernel configuration filter
and remove from generic and per-target configs to keep configs clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Kernel has added the different variants of the Rock Pi 4 in commit
b5edb0467370 ("arm64: dts: rockchip: Mark rock-pi-4 as rock-pi-4a
dts"). The former Rock Pi 4 is now Rock Pi 4A.
For compatibility with kernel 5.4, this rename has been held back
so far. Having switched to kernel 5.10 now, we can finally apply
it in our tree as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The rockchip platform supports squashfs SD card images. However, the
resulting image is not padded to completely fill the rootfs partition.
Because of that, the f2fs overlay might not be erased, resulting in
uci-defaults not bing executed or the configuration not being erased,
even though drop config was selected.
Modify the image generation process so the image is padded to cover the
entire root filesystem partition.
Signed-off-by: David Bauer <mail@david-bauer.net>
The default value for CONFIG_RCU_CPU_STALL_TIMEOUT was changed from 60
seconds to 21 seconds in 2012 in the upstream kernel. Some targets
already use 21 seconds.
This patch changes the default value in the generic configuration to 21
seconds and removes the target specific configuration options.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
CONFIG_RCU_{NEED_SEGCBLIST,STALL_COMMON} are set basically everywhere. Move them
to the generic kconfigs. And resort the generic kconfigs while at it.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Based on the existing documentation [1][2], I dare anyone to demonstrate that
we need to fine-tune these RCU parameters. The (performance) breakage potential
for doing so is immense, so let's just please put down this loaded footgun.
Disable CONFIG_RCU_EXPERT and its dependent symbols. Additionally, remove the
CONFIG_RCU_EXPERT symbol from the target kconfigs which contain it.
[1] https://www.kernel.org/doc/Documentation/RCU/Design/Data-Structures/Data-Structures.html
[2] https://lwn.net/Articles/777214/
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Do not deactivate the kernel configuration symbol CONFIG_STAGING in the
target configurations any more. This prevented the build of the exfat.ko
for example.
Fixes: FS#3979
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hardware
--------
RockChip RK3399 ARM64 (6 cores)
4GB LPDDR4 RAM
2x 1000 Base-T
3 LEDs (LAN / WAN / SYS)
1 Button (Reset)
Micro-SD slot
2x USB 3.0 Port
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card using
dd.
=====================================
NOTICE FOR USERS WHO USE 1GB VERSION:
BY NOW IT IS NOT SUPPORTED
====================================
[initialed target]
Co-developed-by: Marty Jones <mj8263788@gmail.com>
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[fixed bootscript]
Co-developed-by: Jayantajit Gogoi <jayanta.gogoi525@gmail.com>
Signed-off-by: Jayantajit Gogoi <jayanta.gogoi525@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Many people appear to use an unneeded "+" prefix for the increment
when calculating a MAC address with macaddr_add. Since this is not
required and used inconsistently [*], just remove it.
[*] As a funny side-fact, copy-pasting has led to almost all
hotplug.d files using the "+", while nearly all of the
02_network files are not using it.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some targets select HZ=100, others HZ=250. There's no reason to select a higher
timer frequency (and 100 Hz are available in every architecture), so change all
targets to 100 Hz.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Use an alternative path to access the CID of the SD card in MMC0, used
for the generation of MAC addresses. With Kernel 5.10, the device name
of the MMC controller changed, breaking MAC address generation.
The new path is compatible with Kernel 5.4 as well as Kernel 5.10.
Signed-off-by: David Bauer <mail@david-bauer.net>