Commit Graph

53499 Commits

Author SHA1 Message Date
Rui Salvaterra
72d2c54ccb kernel: 5.10: allocate last level PTEs in high memory
Enable support for allocating user space page table entries in high memory [1],
for the targets which support this feature. This saves precious low memory
(permanently mapped, the only type of memory directly accessible by the kernel).

[1] https://www.kernel.org/doc/html/latest/vm/highmem.html

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2022-03-01 22:57:34 +00:00
John Audia
0989b7ad3a kernel: bump 5.10 to 5.10.102
Removed upstreamed:
	bcm4908/patches-5.10/180-i2c-brcmstb-fix-support-for-DSL-and-CM-variants.patch[1]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.102&id=f333c1916fd6b55900029bf8f918cc00009e2111

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <graysky@archlinux.us>
2022-03-01 21:38:36 +01:00
John Audia
a2d4b5711a kernel: bump 5.10 to 5.10.101
Removed upstreamed:
  pending-5.10/841-USB-serial-option-add-ZTE-MF286D-modem.patch[1]
  bcm27xx/950-0592-drm-vc4-Allow-DBLCLK-modes-even-if-horz-timing-is-od.patch[2]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.101&id=7113440a36c741efd7c76e3d70b3634100120cdb
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.101&id=21c890ca8eaecea06cabb92be2a53a6f26f56383

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <graysky@archlinux.us>
2022-03-01 21:38:36 +01:00
Catalin Toda
02e42f0650 kernel: kmod-tcp-scalable: add scalable tcp congestion algorithm
Signed-off-by: Catalin Toda <catalinii@gmail.com>
2022-03-01 21:25:47 +01:00
Florian Eckert
ba6a48366f ipset: update to 7.15
Update to the latest upstream version. In this version there is a new
tool with which you can convert ipsets into nftables sets. Since we are
now using nftables as default firewall, this could be a useful tool for
porting ipsets to nftables sets.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2022-03-01 21:17:30 +01:00
Josef Schlehofer
495c4f4e19 tools/libressl: update to version 3.4.2
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt

```
It includes the following security fix

  * In some situations the X.509 verifier would discard an error on an
    unverified certificate chain, resulting in an authentication bypass.
    Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-03-01 00:08:08 +01:00
Huangbin Zhan
4a19cf3bc7 tools/mkimage: update to 2022.01
- enable dot config
- enable openwrt verbose
- add bison as dependency to avoid failure
```
  bison -oscripts/kconfig/zconf.tab.c -t -l scripts/kconfig/zconf.y
bison: /builder/shared-workdir/build/staging_dir/host/share/bison/m4sugar/m4sugar.m4: cannot open: No such file or directory
```

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
40f91f6a2f tools/fakeroot: update to 1.27
Remove macOS stuff. Upstream has fixed it in the same way.

Add SOL_TCP define. Taken from elsewhere in the code.

Refreshed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
4e13229dd1 tools/expat: update to 2.4.6
Switched to CMake for faster compilation and greater parallel
friendliness.

Added CMake options from the packages feed.

This release fixes various CVEs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
c8fdca4f6f tools/findutils: update to 4.9.0
Add compilation fix for Ubuntu 20.04. Provided by upstream maintainer:

https://github.com/openwrt/packages/issues/17912#issuecomment-1046726426

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
94dd68ff73 tools/zstd: update to 1.5.2
Switched to building with meson as it's faster and does not need a
dependency on cmake, which takes a long time to build.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
2d5f03205a tools/ccache: add cmake dependency
This will be needed for the next commit as ccache's cmake dependency is
satisfied by zstd currenly.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
03f55708cb tools/cmake: update to 3.22.2
Mostly random Python 3.10 fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
63e530a519 tools/mtools: update to 4.0.37
No changelog is available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Rosen Penev
c8b7065f61 tools/mklibs: update to 0.1.45
Refresh 2to3 patch. Upstream partially did this against some older
python version. This is still needed.

Refreshed other patches to be python3 safe.

Remove uClibc patches as only musl is present now.

Refresh others.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-03-01 00:08:08 +01:00
Paul Spooren
038d5bdab1 layerscape: use semantic versions for LSDK
PKG_VERSION should not contain the package name but the version only.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-03-01 00:01:18 +01:00
Josef Schlehofer
d6aa9d9e07 u-boot.mk: add LOCALVERSION (explicitly specify OpenWrt build)
For debugging purposes, we need to know if users are using modified
U-boot versions or not. Currently, the U-boot version is somehow
stripped. This is a little bit problematic when there are
backported/wip/to-upstream patches.

To make it more confusing, there was (before this commit) two U-boot
versioning. U-boot compiled by OpenWrt build bots are missing ``Build:``
This is also the case when the U-boot is compiled locally.

Example:
```
U-Boot SPL 2022.01 (Jan 27 2022 - 00:24:34 +0000)
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000)
```

On the other hand, if you run full build, you can at least see, where it
was compiled. Notice added ``Build:``.

Example:
```
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000), Build: jenkins-turris-os-packages-burstlab-omnia-216
```

In both cases, it is not clear to U-boot developers if it is an unmodified
build. This is also caused that there is a missing ``.git`` file from
U-boot folder, and so there is no history. It leads to that it can not
contain suffix ``-dirty`` (uncommitted modifications) or even something
else like number of commits, etc. [1]

When U-boot is compiled as it should be, the version should look like
this: ``U-Boot 2022.04-rc1-01173-g278195ea1f (Feb 11 2022 - 14:46:50 +0100)``
The date is not changed daily when there are new OpenWrt builds.

This commit adds OpenWrt specific version, which could be verified by
using strings.

```
$ strings bin/targets/mvebu/cortexa9/u-boot-omnia/u-boot-spl.kwb | grep -E "OpenWrt*"
U-Boot SPL 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
arm-openwrt-linux-muslgnueabi-gcc (OpenWrt GCC 11.2.0 r18942+54-cbfce92367) 11.2.0
2022.01-OpenWrt-r18942+54-cbfce92367
U-Boot 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
```

[1] https://u-boot.readthedocs.io/en/latest/develop/version.html

Reported-by: Pali Rohár <pali@kernel.org>
Suggested-by: Karel Kočí <karel.koci@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-02-28 23:54:52 +01:00
Paul Spooren
a9478490d8 image-commands.mk: Use ERROR_MESSAGE for imagesize fails
If a image is bigger than the device can handle, an error message is
printed. This is usually silenced and silently ignored, making it harder
to debug. While it's possible to run the build in verbose mode (via
`make V=s`) and grep for *is too big*, it's more intuitive to print the
error message directly. For that use the newly unlocked `$(call
ERROR_MESSAGE,...)` definition which now also print in non-verbose mode.

Fixes: FS#50 (aka #7604)

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-28 23:52:13 +01:00
Paul Spooren
aee3594ffc verbose.mk: print ERROR messages in non-verbose
Using `make -j9` only prints a subset of messages to follow the build
process progressing. However this silently skips over errors which might
be of interested. Using `make V=s` easily floods the terminal making it
hard to find error messages between the lines.

A compromise is the usage of `$(call ERROR_MESSAGE,...)` which prints a
message in red. This function is silenced in the non-verbose mode, even
if only used at a single place in `package/Makefile` where it notifies
about a OPKG corner case.

This commit moves the `ERROR_MESSAGE` definition outside of the
`OPENWRT_VERBOSE` condition and print error messages in every mode.

With this in place further error messages are possible.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-28 23:52:13 +01:00
John Audia
d4c20ff948 bcm27xx: bcm2710: update defconfig
Ran `make kernel_menuconfig CONFIG_TARGET=bcm2710` having used the snapshot
config for bcm2710[1].  Manually added back two symbols that the make target
removed, namely:
* # CONFIG_SND_SOC_AD193X_I2C is not set
* # CONFIG_SND_SOC_AD193X_SPI is not set

1. https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2710/config.buildinfo

Signed-off-by: John Audia <graysky@archlinux.us>
2022-02-28 21:52:01 +01:00
John Audia
a68dd8057c bcm27xx: bcm2711: update defconfig
Ran `make kernel_menuconfig CONFIG_TARGET=bcm2711` having used the snapshot
config for bcm2711[1].  Manually added back two symbols that the make target
removed, namely:
* # CONFIG_SND_SOC_AD193X_I2C is not set
* # CONFIG_SND_SOC_AD193X_SPI is not set

Without adding these back, the build fails due to unsatisfied deps[2].

Build system: x86_64
Build-tested: bcm2711/multidevices

1. https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/config.buildinfo
2. a478202d74 (commitcomment-67096592)

Signed-off-by: John Audia <graysky@archlinux.us>
2022-02-28 21:52:01 +01:00
John Audia
4a956a06f2 kernel: move CONFIG_ASN1 to generic config
Rather than populating this symbol in the individual configs, move it to the
generic config.

Signed-off-by: John Audia <graysky@archlinux.us>
2022-02-28 21:52:01 +01:00
Etienne Champetier
d95b74f7c9 iptables: bump PKG_RELEASE
Following dependencies rework, bump PKG_RELEASE

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
39d50a2008 iptables: move libiptext* to their own packages
iptables-nft doesn't depend on libip{4,6}tc, so move
libiptext* libs in their own packages to clean up dependencies
Rename libxtables-nft to libiptext-nft

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
795e7155cb iptables: rename to ip(6)tables-legacy, add PROVIDES
Using PROVIDES allows to have other packages continue to
depend on iptables and users to pick between legacy and nft
version.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
316c406e62 iptables: move IPTABLES_{CONNLABEL,NFTABLES} to libxtables
Those 2 configs are not specific to iptables(-legacy)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
d35a573004 iptables: make mod depend on libxtables
'iptables-mod-' can be used directly by firewall3, by
iptables and by iptables-nft. They are not linked to
iptables but to libxtables, so fix the dependencies to allow
to remove iptables(-legacy)

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Etienne Champetier
50d3271966 iptables: fix libnftnl/IPTABLES_NFTABLES dependency
libxtables doesn't depend on libnftnl, iptables-nft does,
so move the dependency to not pull libnftnl with firewall3/iptables-legacy

Also libxtables-nft depends on IPTABLES_NFTABLES

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2022-02-28 21:52:01 +01:00
Petr Štetiar
fb2801b82c mt7620: fix missing kernel config symbol
Fixes following missing kernel config symbol after adding GPIO watchdog:

  Software watchdog (SOFT_WATCHDOG) [M/n/y/?] m
  Watchdog device controlled through GPIO-line (GPIO_WATCHDOG) [Y/n/m/?] y
    Register the watchdog as early as possible (GPIO_WATCHDOG_ARCH_INITCALL) [N/y/?] (NEW)

Fixes: 1a97c03d86 ("rampis: feed zbt-we1026 external watchdog")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-28 21:32:32 +01:00
Stijn Tintel
58212a6194 ubus: bump to git HEAD
66baa44 libubus: introduce new status messages
  b3cd5ab cli: use UBUS_STATUS_PARSE_ERROR
  584f56a cli: improve error logging for call command

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-28 16:18:37 +02:00
Petr Štetiar
fc317a190c ipq806x: base-files: asrock: fix bootcount include
Fixes following warning message during image building process:

 Finalizing root filesystem...
 root-ipq806x/lib/upgrade/asrock.sh: line 1: /lib/functions.sh: No such file or directory
 Enabling boot
 root-ipq806x/lib/upgrade/asrock.sh: line 1: /lib/functions.sh: No such file or directory
 Enabling bootcount

Fixes #9350

Fixes: 98b86296e6 ("ipq806x: add support for ASRock G10")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-28 15:17:11 +01:00
Arvid E. Picciani
1a97c03d86 rampis: feed zbt-we1026 external watchdog
Without feeding the gpio watchdog, the board will reset after 90 seconds

Signed-off-by: Arvid E. Picciani <aep@exys.org>
2022-02-28 15:17:11 +01:00
Petr Štetiar
57f7a86c68 check-toolchain-clean.sh: workaround stray rebuilds
It seems, that there are currently some unhandled corner cases in which
`.toolchain_build_ver` results in empty file and thus forcing rebuilds,
even if the toolchain was build correctly just a few moments ago. Until
proper fix is found, workaround that by checking for this corner case
and simply populate `.toolchain_build_ver` file.

While at it, improve the UX and display version mismatch, so it's more
clear what has forced the rebuild:

 "Toolchain build version changed (11.2.0-1 != ), running make targetclean"

References: https://gitlab.com/ynezz/openwrt/-/jobs/2133332533/raw
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-28 15:17:11 +01:00
Petr Štetiar
9116096c0f check-toolchain-clean.sh: fix shellcheck warnings
Fixes following complaints and suggestions:

 In scripts/check-toolchain-clean.sh line 2:
 eval `grep CONFIG_GCC_VERSION .config`
      ^-- SC2046 (warning): Quote this to prevent word splitting.
      ^-- SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-02-28 15:17:11 +01:00
Stijn Tintel
0dc3566a3b firmware-utils: bump to git HEAD
002cfaf firmware-utils: fix compilation with macOS

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-28 13:12:00 +02:00
Yousong Zhou
43276b60c6 netfilter: add kmod-nft-tproxy
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-02-28 10:24:17 +08:00
Yousong Zhou
0225df1ec8 netfilter: add kmod-nft-socket
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-02-28 10:24:17 +08:00
Yousong Zhou
4f443c885d netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2022-02-28 10:24:17 +08:00
Piotr Dymacz
9c335accfe ath79: add support for TP-Link Archer A9 v6
TP-Link Archer A9 v6 (FCCID: TE7A9V6) is an AC1900 Wave-2 gigabit home
router based on a combination of Qualcomm QCN5502 (most likely a 4x4:4
version of the QCA9563 WiSOC), QCA9984 and QCA8337N.

The vendor's firmware content reveals that the same device might be
available on the US market under name 'Archer C90 v6'. Due to lack of
access to such hardware, support introduced in this commit was tested
only on the EU version (sold under 'Archer A9 v6' name).

Based on the information on the PL version of the vendor website, this
device has been already phased out and is no longer available.

Specifications:

- Qualcomm QCN5502 (775 MHz)
- 128 MB of RAM (DDR2)
- 16 MB of flash (SPI NOR)
- 5x Gbps Ethernet (Qualcomm QCA8337N over SGMII)
- Wi-Fi:
  - 802.11b/g/n on 2.4 GHz: Qualcomm QCN5502* in 4x4:4 mode
  - 802.11a/n/ac on 5 GHz: Qualcomm QCA9984 in 3x3:3 mode
  - 3x non-detachable, dual-band external antennas (~3.5 dBi for 5 GHz,
    ~2.2 dBi for 2.4 GHz, IPEX/U.FL connectors)
  - 1x internal PCB antenna for 2.4 GHz (~1.8 dBi)
- 1x USB 2.0 Type-A
- 11x LED (4x connected to QCA8337N, 7x connected to QCN5502)
- 2x button (reset, WPS)
- UART (4-pin, 2.54 mm pitch) header on PCB (not populated)
- 1x mechanical power switch
- 1x DC jack (12 V)

  *) unsupported due to missing support for QCN550x in ath9k

UART system serial console notice:

The RX signal of the main SOC's UART on this device is shared with the
WPS button's GPIO. The first-stage U-Boot by default disables the RX,
resulting in a non-functional UART input.
If you press and keep 'ENTER' on the serial console during early
boot-up, the first-stage U-Boot will enable RX input.

Vendor firmware allows password-less access to the system over serial.

Flash instruction (vendor GUI):

1. It is recommended to first upgrade vendor firmware to the latest
   version (1.1.1 Build 20210315 rel.40637 at the time of writing).
2. Use the 'factory' image directly in the vendor's GUI.

Flash instruction (TFTP based recovery in second-stage U-Boot):

1. Rename 'factory' image to 'ArcherA9v6_tp_recovery.bin'
2. Setup a TFTP server on your PC with IP 192.168.0.66/24.
3. Press and hold the reset button for ~5 sec while turning on power.
4. The device will download image, flash it and reboot.

Flash instruction (web based recovery in first-stage U-Boot):

1. Use 'CTRL+C' during power-up to enable CLI in first-stage U-Boot.
2. Connect a PC with IP set to 192.168.0.1 to one of the LAN ports.
3. Issue 'httpd' command and visit http://192.168.0.1 in browser.
4. Use the 'factory' image.

If you would like to restore vendor's firmware, follow one of the
recovery methods described above.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-02-27 16:54:55 +01:00
Piotr Dymacz
2d5b596b49 uboot-envtools: ath79: add support for ALFA Network Tube-2HQ
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-02-27 16:54:54 +01:00
Piotr Dymacz
131671bc54 ath79: add support for ALFA Network Tube-2HQ
ALFA Network Tube-2HQ is a successor of the Tube-2H/P series (EOL) which
was based on the Atheros AR9331. The new version uses Qualcomm QCA9531.

Specifications:

- Qualcomm/Atheros QCA9531 v2
- 650/400/200 MHz (CPU/DDR/AHB)
- 64 or 128 MB of RAM (DDR2)
- 16+ MB of flash (SPI NOR)
- 1x 10/100 Mbps Ethernet with passive PoE input (24 V)
  (802.3at/af PoE support with optional module)
- 1T1R 2.4 GHz Wi-Fi with external PA (SE2623L, up to 27 dBm) and LNA
- 1x Type-N (male) antenna connector
- 6x LED (5x driven by GPIO)
- 1x button (reset)
- external h/w watchdog (EM6324QYSP5B, enabled by default)
- UART (4-pin, 2.00 mm pitch) header on PCB

Flash instruction:

You can use sysupgrade image directly in vendor firmware which is based
on LEDE/OpenWrt. Alternatively, you can use web recovery mode in U-Boot:

1. Configure PC with static IP 192.168.1.2/24.
2. Connect PC with one of RJ45 ports, press the reset button, power up
   device, wait for first blink of all LEDs (indicates network setup),
   then keep button for 3 following blinks and release it.
3. Open 192.168.1.1 address in your browser and upload sysupgrade image.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-02-27 16:54:54 +01:00
Piotr Dymacz
53ac6ee552 ath79: utilize ath9k 'nvmem-cells' on ALFA Network boards
Drop custom 'mtd-cal-data' and switch to 'nvmem-cells' based solution
for fetching radio calibration data and its MAC address.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-02-27 15:09:36 +01:00
Piotr Dymacz
f645bacd06 ath79: reduce 'nvmem-cells' definitions on ALFA Network QCA9531 boards
All the QCA9531 based boards from ALFA Network are based on the same
design and share a common DTSI: 'qca9531_alfa-network_r36a.dtsi'.

Instead of defining 'nvmem-cells' for the MAC address in every device's
DTS, move definition to the common DTSI file.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-02-27 15:09:36 +01:00
Paul Spooren
493b60d044 bcm63xx: switch to Kernel 5.10
Bump the last missing target to Kernel 5.10. While this requires a work
around to boot it will allow more people to test the new Kernel before
the upcomming release.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-27 14:41:28 +01:00
Paul Spooren
c3ccc4529d bcm63xx: fix booting with Kernel 5.10
This is a workaround to make the target overall bootable. With this more
people should be able to test the Kernel 5.10 and report further issues.

Suggested-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-02-27 14:41:28 +01:00
Stijn Tintel
a1b8a4d7b3 ramips: support TP-Link EAP615-Wall
Add support for the TP-Link EAP615-Wall, an AX1800 Wall Plate WiFi 6 AP.
The device is very similar to the TP-Link EAP235-Wall.

Hardware:
* SoC: MediaTek MT7621AT
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Ethernet: 4x GbE
  * Back: ETH0 (PoE-PD)
  * Bottom: ETH1, ETH2, ETH3 (PoE passthrough)
* WiFi: MT7905DAN/MT7975DN 2.4/5 GHz 2T2R
* LEDS: 1x white
* Buttons: 1x LED, 1x reset

Stock firmware uses a random MAC address for ethernet. OpenWrt uses the
MAC address that is on the device label for ethernet and the wireless
interfaces. MAC address must not be incremented, as this will cause MAC
address conflicts in case you have two devices with consecutive MAC
addresses. Instead, different locally administered addresses will be
generated automatically, based on the MAC on the label.

Installation via stock firmware:
* Enable SSH in the TP-Link web interface
* SSH to the device
* Run `cliclientd stopcs`
* Upload the OpenWrt factory image via the TP-Link web interface

Installation via bootloader:
* Solder TTL header. Pinout: 1: TX, 2: RX, 3: GND, 4: VCC, with pin 1
  closest to ETH1. Baud rate 115200
* Interrupt boot process by holding a key during boot
* Boot the OpenWrt initramfs:
  # tftpboot 0x84000000 openwrt-ramips-mt7621-tplink_eap615-wall-v1-initramfs-kernel.bin
  # bootm
* Copy openwrt-ramips-mt7621-tplink_eap615-wall-v1-squashfs-sysupgrade.bin
  to /tmp and use sysupgrade to install it

Thanks to Sander Vanheule for his work on the EAP235-Wall, which made
adding support for the EAP615-Wall very easy.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Sander Vanheule <sander@svanheule.net>
Acked-by: Arınç ÜNAL <arinc.unal@arinc9.com>
2022-02-27 12:01:22 +02:00
Stijn Tintel
73dfc9e7d9 firmware-utils: bump to git HEAD
706e9cc tplink-safeloader: support for Archer A6 v3 JP
  497726b firmware-utils: support checksum for AVM fritzbox wasp SOCs
  2ca6462 iptime-crc32: add support for AX8004M
  57d0e31 tplink-safeloader: TP-Link EAP615-Wall v1 support
  8a8da19 tplink-safeloader: add TL-WPA8631P v3 support
  eea4ee7 tplink-safeloader: add TP-Link Archer A9 v6 support

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2022-02-27 12:01:22 +02:00
Christian Lamparter
1753f8c14b firmware: intel-microcode: update to 20220207
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

* upstream changelog: new upstream datafile 20220207
    * Mitigates (*only* when loaded from UEFI firmware through the FIT)
      CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
      debug port, on Pentium, Celeron and Atom processors with signatures
      0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
      https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
    * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
      may cause a system hang, on many processors.
    * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
      to improper sanitization of shared resources (fast-store forward
      predictor), on many processors.
    * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
      Atom Processors may allow information disclosure or denial of service
      via network access.
    * Fixes critical errata (functional issues) on many processors
    * Adds a MSR switch to enable RAPL filtering (default off, once enabled
      it can only be disabled by poweroff or reboot).  Useful to protect
      SGX and other threads from side-channel info leak.  Improves the
      mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
      processors.
    * Disables TSX in more processor models.
    * Fixes issue with WBINDV on multi-socket (server) systems which could
      cause resets and unpredictable system behavior.
    * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
      Lake) processors, to control a fix for (hopefully rare) unpredictable
      processor behavior when HyperThreading is enabled.  This MSR switch
      is enabled by default on *server* processors.  On other processors,
      it needs to be explicitly enabled by an updated UEFI/BIOS (with added
      configuration logic).  An updated operating system kernel might also
      be able to enable it.  When enabled, this fix can impact performance.
    * Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
      sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
      sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
      sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
      sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
      sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
      sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
      sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
      sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
      sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
      sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
      sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
      sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
      sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
      sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
      sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
      sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
      sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
      sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
      sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
      sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
      sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
      sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
      sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
      sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
      sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
      sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
      sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
    * Removed Microcodes:
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
  * update .gitignore and debian/.gitignore.
    Add some missing items from .gitignore and debian/.gitignore.
  * ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
    When the BIOS microcode is older than revision 0x7f (and perhaps in some
    other cases as well), the latest microcode updates for 0x406e3 and
    0x506e3 must be applied using the early update method.  Otherwise, the
    system might hang.  Also: there must not be any other intermediate
    microcode update attempts [other than the one done by the BIOS itself],
    either.  It must go from the BIOS microcode update directly to the
    latest microcode update.
  * source: update symlinks to reflect id of the latest release, 20220207

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2022-02-26 19:52:41 +01:00
Sergey V. Lobanov
e6a4f30ed7 iucode-tool: fix host-compile on macos and non-x86 linux
iucode-tool/host is used by intel-microcode to manipulate with
microcode.bin file. iucode-tool requires cpuid.h at compile time
for autodection feature, but non-x86 build hosts does not have
this header file (e.g. ubuntu 20.04 aarch64) or this header
generates compile time error (#error macro) (e.g. macos arm64).

This patch provides compat cpuid.h to build iucode-tool/host on
non-x86 linux hosts and macos. CPU autodectection is not required
for intel-microcode package build so compat cpuid.h is ok for
OpenWrt purposes.

glibc and argp lib are not present in macos so iucode-tool/host
build fails. This patch adds argp-standalone/host as build
dependency if host os is macos.

Generated ucode (intel-microcode package) is exactly the same on
Linux x86_64 (Ubuntu 20.04), Linux aarch64 (Ubuntu 20.04) and
Darwin arm64 (MacOS 11.6) build hosts.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-26 19:52:41 +01:00
Sergey V. Lobanov
64d159cdad argp-standalone: add host-compile ability
This patch adds host-compile ability to argp-standalone for build
hosts without glibc and argp lib, e.g. MacOS.

iucode-tool/host can not be built on MacOS due to lack of argp.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2022-02-26 19:52:41 +01:00