In userspace, ASLR is enabled, but it's missing to enable KASLR on the
kernel side to improve security as part of SystemReady recommendations.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
The name of the variable holding the pointer to the private struct has
changed between Linux 5.15 and Linux 6.1 and adding the identical patch
fixing PCIe #PERST de-assert broke the build on Linux 6.1.
Also change the name in the patch to fix the build.
Fixes: 6a2e17d5c1 ("mediatek: fix PCIe #PERST being de-asserted too early")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix copy-paste error in migrating NEC Aterm WG2600HP3 to new LED
implementation for the QCA8K switch. Correct define the missing
additional LED pin used for each port and fix wrong color for LED 2 for
each port. Also add the required function-enumerator as all 3 LED have
the same color and function.
Fixes: c707cff6c9 ("ipq806x: add LEDs definition for non-standard qca8k LEDs")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
There are a few targets that mess with the atm kernel headers. To avoid
incompatibility between kernel and user space during compilation, the
correct headers should be used.
Consequently, the package must also be marked as nonshared.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Extreme Networks AP3935i/e -
https://www.extremenetworks.com/support/documentation/access-points-ap3935i-e/
SoC: IPQ8068 QYY AT46279K45060I
RAM: NANYA 1527 NT5CC256M16DP-DI 515073W0EF 7 TW
FLASH: NOR - S25FL256S1 - 32MB
NAND - Macronix MX30UF4G28AB - 512MB
LAN: Atheros AR8035-A J5150WL 1515 CN - RGMII
LAN2: Atheros AR8033-AL1A SKCSR.AJ1 1444 China - SGMII
WLAN2: QCA9990 OVV FNPV209 K451406
WLAN5: QCA9990 OVV FNPV209 K451406
SERIAL: RS232 Port (115200 8n1) Cisco console cable and
4pin Serial Header | 3.3 | GND | RX | TX
MAC address for LAN1/LAN2/WLAN 2G/WLAN 5G in uboot env
* Installation via either RJ45 console or on-board 4 PIN header
Install Method
--------------
1) Setup TFTP server, and place
openwrt-ipq806x-generic-extreme_ap3935-initramfs-uImage image
in /srv/tftp or similar
2) Connect to console on router and connect ethernet port "LAN1" to
your LAN
3) Interupt the boot with any character
4) Login with admin/new2day for default password
(use reset/FactoryDefault if password needs to be reset)
5) Set serverip to TFTP IP: set serverip 192.168.1.2
6) Set ipaddr to another IP: set ipaddr 192.168.1.101
7) Make uboot ping something to activate eth0 on boot:
set bootcmd 'ping 192.168.1.1; run boot_flash'
saveenv
8) TFTP image to RAM:
tftpboot 0x42000000
openwrt-ipq806x-generic-extreme_ap3935i-initramfs-uImage
9) Boot image: bootm 0x42000000
In OpenWRT, "LAN1" is LAN, "LAN2" is WAN
10) SFTP openwrt-ipq806x-generic-extreme_ap3935-squashfs-nand-sysupgrade.bin
image to /tmp
11) sysupgrade /tmp/openwrt-*-nand-sysupgrade.bin
Signed-off-by: Glen Lee <g2lee@yahoo.com>
This script was used to modify the wrong machine type passed
from the boot loader to the kernel. The device tree kernels
does not use the machine type so this script is no longer
needed.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
There is no point in keeping the v5.15 kernel around for Gemini,
we are maintaining the platform with a strong upstream focus and
newer is always better.
Now that OpenWrt can support pure v6.1 kernels, switch up to
v6.1 and drop v5.15 so we don't need to migrate configs and
patches for no reason.
The USB FOTG2 module handling can be simplified as a result.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Fix Spanning Tree Protocol (STP) by changing COPY2CPU which currently
makes switch to ignore Bridge Protocol Data Units (BPDUs).
Tested on Zyxel GS1900-8, 24 and 48.
Signed-off-by: Rudolf Vesely <i@rudolfvesely.com>
[ improve commit description and add new line in different sections ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When cmake is invoked to build a package it usually reports a warning
about unused variables passed to it. This is caused by openwrt passing
all supported variables to cmake, even if they are not all required by
the package being compiled.
To reduce clutter when compiling such packages these warnings are now
suppressed.
Approved-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Tjalling Hattink <t.hattink@fugro.com>
The USXGMII implementation of Realtek switches can not only support
10GbE but also 2.5Gb and 5Gb on top of the usual data rates.
Mark those as supported to allow them to be negotiated.
This change has been tested on a ZyXEL XGS1250-12 with the following link
partners:
- NWA50AX Pro (2.5Gb)
- RTL8152 USB NIC (2.5Gb)
- AQC111 USB NIC (2.5Gb & 5Gb)
Gbit and 10GbE has also been tested to still work fine with a variety of
devices.
Signed-off-by: Tobias Schramm <tobias@t-sys.eu>
This condition was introduced in commit 51c8f76612 ("realtek: Improve
MAC config handling for all SoCs") to correctly report the speed of the
internal serdes ports as 10G, but instead makes all ports read 10G
because the or-operator should have been an and-operator.
Fixes: #9953
Fixes: 51c8f76612 ("realtek: Improve MAC config handling for all SoCs")
Signed-off-by: Peter Körner <git@mazdermind.de>
[ wrap comment to 72 column and improve commit ref ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The driver for MediaTek gen3 PCIe hosts de-asserts all reset
signals at the same time using a single register write operation.
Delay the de-assertion of the #PERST signal by 100ms as some PCIe
devices fail to come up otherwise.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
Add missing PKG_MIRROR_HASH. This is always needed as is used to
generate and use a tar instead of git clone and validate the hash of it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Google WiFi board has what seems as debug version of TZ/QSEE and it is
always enabling SDI (Secure Debug Image) and in order to do a regular
reboot it must be disabled, as otherwise you are stuck in a debug state
where you are supposed to extract debug logs via QCA tooling which is not
helpfull at all for regular users.
So, instead of using our downstream version to disable SDI lets use the
version that was merged upstream and relies on a boolean property in the
SCM node instead of checking the compatible.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Tested-by: Brian Norris <computersforpeace@gmail.com>
Improve and update instructions on how to add board files and both
describe the needed step to upstream a board file or to use it locally.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The PKG_MIRROR_HASH is wrong, fix it.
Found and fixed using this command:
make package download check FIXUP=1
Fixes: c123e4f053 ("rtl8812au-ct: bump to fix kernel 6.1 compile")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commit mt76: drop default eeprom file for mt7986-firmware
(e3aa645b26) breaks eeprom loading for
Mercusys MR90X v1. As a result WiFi is not working at all.
This commit adds Mercusus MR90x to the caldata script (it works after the
commit mentioned above). And we can safely drop "81_fix_eeprom" script
as it's no longer required.
Fixes: e3aa645b26
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Add patch fixing regression from stmmac TX timer.
Refer to the single patch for extensive details on the problem.
This should restore original performance before 4.19 kernel.
Fixes: #11676
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add patch fixing regression from stmmac TX timer.
Refer to the single patch for extensive details on the problem.
This should restore original performance before 4.19 kernel.
Fixes: #11676
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add LEDs definition for devices that use a non-standard qca8k LEDs
configuration.
This is to restore original setup of the LED and be on par with swconfig
old configuration.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Enable and setup multi-cpu for qca8k switch for ipq806x based devices.
Rework each DTS to enable the secondary CPU port on QCA8K switch and
apply the required values originally set by the OEM in the old swconfig
node.
In original firmware the first CPU port was always assigned to the WAN
port and the secondary CPU port was assigned to the rest of the LAN
port. Follow this original implementation using an init.d script.
To setup the CPU port ip tools is required. Add additional default
package ip-tiny to correctly setup the CPU port.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Backport pending patch for multi CPU port support on QCA8K. 6.1 already
supports all the requiredt code to change a DSA master port so only this
patch fixing the driver is required.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Backport various QCA8K fixes patch merged upstream. Refresh any changed
patches due to backports.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Drop and move ASRock G10 preinit script to fix mac address to generic
board.d script and rework for consistency with other devices following a
similar implementation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Convert each ipq806x device to DSA implementation using the qca8k
driver. Rework 02_network to follow the new naming scheme.
Update 01_leds to use netdev trigger with correct DSA port and drop
now unused switch trigger.
Currently secondary CPU is disabled and will be reneabled later.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The mt76 driver usually reads the eeprom on the mtd partition at dts.
For emmc device we need to use caldata_extract script to read the
eeprom. However, the default eeprom file breaks the caldata script
execution, so remove it.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
When adding new router support, I found that uboot
could not recognize flash: "unknown raw ID xxx".
Sync SPI-NAND driver for mediatek to fixes this:
* Add support for Winbond W25N01KV 1Gbit chip.
* Add support for Etron SPI-NAND chip.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The reset button was missing from the Enterasys WS-AP3715i DTS.
Add the node required for making the reset button work.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add support for COMFAST CF-EW72 V2
Hardware:
- SoC: Mediatek MT7621 (MT7621DAT or MT7621AT)
- Flash: 16 MiB NOR
- RAM: 128 MiB
- Ethernet: Built-in, 2 x 1GbE
- Power: only 802.3af PD on any port, injector supplied in the box
- PoE passthrough: No
- Wifi 2.4GHz: Mediatek MT7603BE 802.11b/g/b
- Wifi 5GHz: Mediatek MT7613BEN 802.11ac/n/a
- LEDs: 8x (only 1 is both visible and controllable, see below)
- Buttons: 1x (RESET)
Installing OpenWrt:
Flashing is done using Mediatek U-Boot System Recovery Mode
- make wired connection with 2 cables like this:
- - PC (LAN) <-> PoE Injector (LAN)
- - PoE Injector (POE) <-> CF-EW72 V2 (LAN). Leave unconnected to CF-EW72 V2 yet.
- configure 192.168.1.(2-254)/24 static ip address on your PC LAN
- press and keep pressed RESET button on device
- power the device by plugging PoE Injector (POE) <-> CF-EW72 V2 (LAN) cable
- wait for about 10 seconds until wifi led stops blinking and release RESET button
- navigate from your PC to http://192.168.1.1 and upload OpenWrt *-factory.bin firmware file
- proceed until router starts blinking with wifi led again (flashing) and stops (rebooting to OpenWrt)
MAC addresses as verified by OEM firmware:
vendor OpenWrt address
LAN lan\eth0 label
WAN wan label + 1
2g phy0 label + 2
5g phy1 label + 3
The label MAC address was found in 0xe000.
LEDs detailed:
The only both visible and controllable indicator is blue:wlan LED.
It is not bound by default to indicate activity of any wireless interfaces.
Place (WAN->ANT) | Num | GPIO | LED name (LuCI) | Note
-----------------|-----|-----------------------------------------------------------------------------------------
power | 1 | | | POWER LED. Not controlled with GPIO.
hidden_led_2 | 2 | 13 | blue:hidden_led_2 | This LED does not have proper hole in shell.
wan | 3 | | | WAN LED. Not controlled with GPIO.
hidden_led_4 | 4 | 16 | blue:hidden_led_4 | This LED does not have proper hole in shell.
lan | 5 | | | LAN LED. Not controlled with GPIO.
noconn_led_6 | 6 | | | Not controlled with GPIO, possibly not connected
wlan | 7 | 15 | blue:wlan | WLAN LED. Wireless indicator.
noconn_led_8 | 8 | | | Not controlled with GPIO, possibly not connected
mt76-phy0 and mt76-phy1 leds also exist in OpenWrt, but do not exist on board.
Signed-off-by: Alexey D. Filimonov <alexey@filimonic.net>
Label MAC detection does not work properly, as MAC address is assigned
on preinit. Thus, remove the label-mac definition.
Signed-off-by: David Bauer <mail@david-bauer.net>
This in a single image to run many types of hardware in the AP391x
series (AP3912/AP3915/AP3916/AP3917/AP7662).
Hardware
--------
Qualcomm IPQ4029 WiSoC
2T2R 802.11 abgn
2T2R 802.11 nac
Macronix MX25L25635E SPI-NOR (32M)
512M DDR3 RAM
1-4x Gigabit Ethernet
Senao EXT1025 HD Camera (AP3916 only)
USB 2.0 Port (AP3915e only)
1x Cisco RJ-45 Console port
- except for AP3916 and AP3912 where there is no external serial
console and it is TDB how to solder one. Possibly J12 is UART with
pin1 = 3.3V, pin2 = GND, pin3 = TXD, pin4 = RXD.
- Settings: 115200 8N1
Installation With Serial Console
--------------------------------
1. Attach to the Console port. Power up the device and press the s key
to interrupt autoboot.
2. The default username / password to the bootloader is admin / new2day
3. Check uboot variables using printenv, and update if necessary:
$ setenv AP_MODE 0
$ setenv WATCHDOG_COUNT 0
$ setenv WATCHDOG_LIMIT 0
$ setenv AP_PERSONALITY identifi
$ setenv serverip <SERVER_IPADDR>
$ setenv ipaddr <UNIQUE_IPADDR>
$ setenv MOSTRECENTKERNEL 0; ## OpenWRT only uses the primary image
$ saveenv
$ saveenv ## 2nd time to write the secondary copy
4. On the TFTP server located at <SERVER_IPADDR>, download the OpenWrt
initramfs image. Rename and serve it as vmlinux.gz.uImage.3912
5. TFTP boot the OpenWrt initramfs image from the AP serial console:
$ run boot_net
6. Wait for OpenWrt to start. Internet port sw-eth5 is assiged to LAN
bridge and sw-eth4 (if available) is assigned to WAN. The LAN port
will use default IP address 192.168.1.1 and run a DHCP server.
If you already have a working DHCP server or already have 192.168.1.1
on your network you MUST DISCONNECT the LAN cable from your active
network immediately after the power/status LED turns green!
At this point, you need to temporarily reconfigure the AP to have
a way to transfer the OpenWRT sysupgrade image to it.
Reconfigure the newly converted OpenWRT AP using serial console or
plug in a PC to a sw-eth5 as a separate network. Note -- the LAN/WAN
port assignments were designed to make it possible to convert to
OpenWRT without serial console and using a common firmware
image for many AP models -- they may not make the most sense when
fully deployed.
7. Download and transfer the sysupgrade image to the device using e.g.
SCP.
8. Install OpenWrt to the device using "sysupgrade"
$ sysupgrade -n /path/to/openwrt.bin
9. After it boots up again, as in step 6, connect to AP and reconfigure
for final deployment.
This build supports APs in the AP391x series and similar such as WiNG
AP7662.
Ethernet devices within OpenWRT are named "sw-eth1" thru "sw-eth5".
Mapping from OpenWRT internal naming to external naming on the case is
as follows:
```
|sw-eth1|sw-eth2|sw-eth3|sw-eth4|sw-eth5
------------+-------+-------+-------+-------+-------
AP3917 | | | | GE2 | GE1
------------+-------+-------+-------+-------+-------
AP7662 | | | | GE2 | GE1
------------+-------+-------+-------+-------+-------
AP3916 | | | | CAM* | GE1
------------+-------+-------+-------+-------+-------
AP3915 | | | | | GE1
------------+-------+-------+-------+-------+-------
AP3912 | | P1 | P2 | P3 | LAN1
------------+-------+-------+-------+-------+-------
```
By default sw-eth4 is mapped to WAN. All others are assigned to the
LAN.
CAM* - On AP3916, sw-eth4 is the camera's interface. You should
reconfigure this to be on LAN after OpenWRT boots from flash.
Installation Without Serial Console
-----------------------------------
The main premise is to set u-boot environment variables using the
Extreme Networks firmware's rdwr_boot_cfg program.
$ rdwr_boot_cfg
Utility to manipulate the boot ROM config blocks
All errors are written to the sytem log file (/tmp/log/ap.log)
```
Usage: rdwr_boot_cfg <read_all|read_var|read_var_f|write_var|rm_var> ...
read_all read the entire active block
read_var <var> read a single variable from the active block
read_var_f <var> read a single variable from the active block
(formatted)
write_var <var=val> write a single variable/value pair to both
blocks
rm_var <var> delete a single variable from both blocks
```
WARNING: Be very sure you have set the u-boot environment correctly.
If not, it can only be fixed by attaching serial console!
Be aware that the Extreme Networks shell environment will automatically
reboot every 5 minutes if there is no controller present.
Read and understand these steps fully before attempting. It is easy
to make mistakes!
1. Place the OpenWRT initramfs on the TFTP server and name it as
vmlinux.gz.uImage.3912
2. Boot up to Extreme Networks WING-Campus mode OS. Port GE1/LAN1
will be a DHCP **client**. Find out the IP address from your DHCP
server and SSH in. Default user/passwd is admin/new2day or
admin/admin123.
If it is booting to WING-Distributed mode, use this command to
convert to Campus mode.
$ operational-mode centralized
3. Upon bootup you have about 5mins to changed these u-boot variables
if necessary using the rdwr_boot_cfg command in Linux shell:
$ rdwr_boot_cfg write_var AP_MODE=0
$ rdwr_boot_cfg write_var MOSTRECENTKERNEL=0
$ rdwr_boot_cfg write_var WATCHDOG_COUNT=0
$ rdwr_boot_cfg write_var WATCHDOG_LIMIT=0
$ rdwr_boot_cfg write_var AP_PERSONALITY=identifi
$ rdwr_boot_cfg write_var serverip=<SERVER_IPADDR>
$ rdwr_boot_cfg write_var ipaddr=<UNIQUE_IPADDR>
$ rdwr_boot_cfg write_var bootcmd="run boot_net"
4. Reboot AP.
5. Connect PC with ethernet to GE1/LAN1 port. You should get a
DHCP address in the 192.168.1.x range and should be able to
SSH to the new OpenWRT TFTP recovery/installation shell.
6. At this point, u-boot is still set to TFTP boot, so you have to
replace the TFTP image with the original Extreme Networks image so
that you can change the u-boot environment.
See the instructions for Extracting Extreme Networks firmware
image.
DON'T REBOOT YET!
7. Next you must follow steps 6 thru 8 from the Installation with serial
console. After which you should have OpenWRT installed to primary
flash firmware.
8. Now Reboot. This time it will boot using TFTP into Extreme Networks
image. You may need to reconnect cables at this point -- GE1/LAN1
will be a DHCP **client** and you can SSH in -- just like step 2.
Get the IP address from you own DHCP server.
9. Set u-boot env as follows:
$ rdwr_boot_cfg write_var MOSTRECENTKERNEL=0
$ rdwr_boot_cfg write_var WATCHDOG_COUNT=0
$ rdwr_boot_cfg write_var bootcmd="run boot_flash"
10. Reboot AP. This time it should be into OpenWRT. GE1/LAN1 will be
a DHCP **server** and have static IP 192.168.1.1 -- just like step 5.
11. SSH into the LAN port and reconfigure to final configuration. Don't
make any changes that prevent you from SSH or Luci access!
Restoring Extreme Networks firmware
-----------------------------------
Assuming you have the original Extreme Networks image:
1. Login to OpenWRT shell
2. scp the Extreme Networks packaged firmware image file AP391x-*.img to
/tmp
3. Extract the firmware uimage file:
$ tar xjf AP391x-*.img vmlinux.gz.uImage
4. Force run sysupgrade:
$ sysupgrade -F /tmp/AP391x-*.img /
5. Restore the u-boot varable(s):
$ rdwr_boot_cfg write_var WATCHDOG_LIMIT=3
USB 2.0 Port on AP3915e
-----------------------
Enable this by setting LED "eth:amber_or_usb_enable" to ALWAYS ON.
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Glen Lee <g2lee@yahoo.com>
While adding support for the MF282 Plus, an entry in platform.sh was
overlooked - this fixes sysupgrade on this devices.
Signed-off-by: Andreas Böhler <dev@aboehler.at>