NAND code uses either "cat" or "zcat" for getting firmware image
content. Code was full of duplicated ${gz}cat calls. Use "cmd" variable
that is determined by a caller and passed to lower level functions. This
avoids code duplication and allows adding support for more formats.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Switch to new nvmem binding.
Also fixes a issue that the MAC address assigned to lan/wan was
reversed on eMMC boards.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The config options that are enabled by default and where other default
packages depends on should not only be set if there is no .config file,
but also if the .config exists but the config option (e.g.
CONFIG_SECCOMP) is missing in the file.
This is relevant, for example, if you are working with .config templates
and then want to complete the configuration using make defconfig.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The fix in commit 847fad476f ("target.mk: improve handling of default
enabled SECCOMP") unfortunately does not work for targets where the ARCH
variable is set in ./$(SUBTARGET)/target.mk.
To get this working, the ./$(SUBTARGET)/target.mk must be included
before the check.
Fixes: 847fad476f ("target.mk: improve handling of default enabled SECCOMP")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Also use env variables exported by export_fitblk_rootdev() in
platform_copy_config().
Fixes: 4448d6325f ("mediatek: make use of common uImage.FIT upgrade functions")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The function was moved to /lib/upgrade/fit.sh which is part of the fitblk
package. Remove it from /lib/upgrade/common.sh to safe space on boards
not using unified uImage.FIT images.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use export_fitblk_bootdev() in /lib/upgrade/fit.sh instead of now
deprecated fitblk_get_bootdev() function. Include /lib/upgrade/fit.sh
instead of /lib/upgrade/common.sh to allow removing the function there.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move shell functions used for sysupgrade into /lib/upgrade/fit.sh.
Introduce improved fitblk boot device detection function which
works also in case ubiblock devices have not yet been created or
even UBI itself not yet being attached.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The target was marked source-only due do the broken Ethernet port on
some devices. With that fixed, it can be enabled again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
The new cpsw-switch driver reserves VLAN 1 for internal use, which
conflicts with the default network configuration of OpenWrt.
Switch back to the older cpsw driver to make the network connection on
the affected devices (BeagleBone Black and AM335x EVM) usable again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Initramfs images are not supported by imagebuilder. With recent changes
to support Per Device Rootfs, we now generate an image and a vmlinux for
each Rootfs and these additional files are all shipped in the
imagebuilder tar.
Drop these new file and any vmlinux-initramfs as they are not used and
increase the final size of the imagebuilder archive.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The eMMC chip used in a small batch of these devices has issues operating
in HS400 mode. Reducing to HS200 mode works around the problem and does
not cause any noticeable performance penalties as smaller chips are not fast
enough to saturate the bus. Root cause analysis is pending.
Signed-off-by: Chad Monroe <chad@monroe.io>
408c2cc libfstools: skip JFFS2 padding when BLOCKSIZE was given
013050f fstools: remove redundant F2FS_MINSIZE definition
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add entry for the BananaPi R3 mini to the platform_check_image()
function where it has been missing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There is no point in hard-coding the UBI volume numbers as we are
dynamically looking up the volume by volume name in all cases by now.
Remove this relict as it causes problems without being useful for
anything.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1. Rename function _do_env_set() to env_do_env_set().
2. Replace kwbimage hack with UBOOT_CUSTOMIZE_CONFIG:
"--disable TOOLS_KWBIMAGE" and "--disable TOOLS_LIBCRYPTO".
3. Disable CONFIG_CMD_BOOTEFI_BOOTMGR for all supported devices
because the newly added UEFI bootmenu entries doesn't work.
4. Enable CONFIG_VERSION_VARIABLE for the OpenWrt One.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
73644a036f5a nl80211: move access to tb array out of uc_nl_convert_attr and below
6e3cf83a77a7 nl80211: add support for multi-attribute arrays
6ff24d5488a9 nl80211: update nl80211.h to latest wireless-next
abc2aef28641 nl80211: add wiphy multi-radio support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Brings lots of driver updates and API changes needed for mt76 updates.
Disable iwlwifi and ath11k on 5.15, since backport is too difficult,
and the only remaining targets won't need those drivers.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There is no reason not to wire up the default netdev trigger for the SFP
LED since we have a separate SFP interface visible.
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since we are trying to get rid of using labels, lets convert RB5009 to the
function/color combo.
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, QCA8081 LED is never configured and the default configuration
has the LED polarity inverted so it will be lit when there is nothing
connected to the PHY.
So lets define the LED as active-low and configure the trigger via 01_leds.
Fixes: 85d9fd6f0e ("mvebu: add support for RB5009UG+S+IN")
Link: https://github.com/openwrt/openwrt/pull/15927
Signed-off-by: Robert Marko <robimarko@gmail.com>
stop "heartbeat" which happens before OpenWrt controls LED. instead,
just turn LED on.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15913
Signed-off-by: Robert Marko <robimarko@gmail.com>
The switch to the upstream mmc-mtk driver caused problems with MT7621
because of unstable too high clock frequency:
[ 49.643291] mmc0: error -88 whilst initialising SD card
[ 49.890047] mmc0: error -88 whilst initialising SD card
[ 50.142414] mmc0: error -88 whilst initialising SD card
[ 50.419218] mmc0: error -88 whilst initialising SD card
...
Fix this by reducing the clock speed to 48 MHz instead of 50 MHz, which
is also the value used in upstream Linux mt7621.dtsi.
With that change applied SD cards work as expected on MT7621 devices
also with the new driver.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1. Override max clock frequency to a stable value 24 MHz.
2. Use voltage regulator to control the power supply.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Now that the SDHC of MT762{0,1,8} has been supported upstream, it's
time to switch the default driver to the upstream one. We will still
keep the old driver for users to choose from.
Tested on HiWiFi HC5861 (MT7620A) and HiWiFi HC5661A (MT7628N).
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Add all essential MTK SDHC properties to support the new mmc-mtk
driver. Since this driver relies on power regulators, we also
need to enable this feature for MT7620, just like MT762{1,8}.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: John Thomson <git@johnthomson.fastmail.com.au>
This is the upstream implementation of the MTK SD/SDIO/MMC card
reader driver. It is an alternative solution for the downstream
driver package "kmod-sdhci-mt7620".
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: John Thomson <git@johnthomson.fastmail.com.au>
"cd-inverted" is an upstream documented property used to indicate
the CD line is actived high. We will introduce a new upstream SDHC
driver, and this change will make them compatible with each other.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>