Starting with GCC 12, we have the possibility of mitigating straight-line
speculation vulnerabilities in x86-64 targets. Make it so.
Reported-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Restore CONFIG_I8K + CONFIG_INTEL_INT0002_VGPIO that got
removed when I refreshed the config. Each x86 target gets
its own CONFIG_CRYPTO_BLAKE2S + LIB settings as only the
x86_64 can use the accelerated x86 version.
Also remove two extra spaces that sneaked into geode's config.
Fixes: 539e60539a ("generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM]")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This is now built-in, enable so it won't propagate on target configs.
Link: https://lkml.org/lkml/2022/1/3/168
Fixes: 79e7a2552e ("kernel: bump 5.15 to 5.15.44")
Fixes: 0ca9367069 ("kernel: bump 5.10 to 5.10.119")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(Link to Kernel's commit taht made it built-in,
CRYPTO_LIB_BLAKE2S[_ARM|_X86] as it's selectable, 5.10 backport)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
upstream linux have these watchdogs locked behind X86.
These will not build on other architectures. So move them
to target/linux/x86/modules.mk
drivers/watchdog/Kconfig:
|config F71808E_WDT
| tristate "Fintek F718xx, F818xx Super I/O Watchdog"
| depends on X86
|[...]
|config IT87_WDT
| tristate "IT87 Watchdog Timer"
| depends on X86
|[...]
|config ITCO_WDT
| tristate "Intel TCO Timer/Watchdog"
| depends on (X86 || IA64) && PCI
|[...]
|config W83627HF_WDT
| tristate "Watchdog timer for W83627HF/W83627DHG and compatibles"
| depends on X86
|[...]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Grommish reported the dreaded build error that happend with 5.4
since the kernel didn't have the cgpio v2 interface. His reason
for the removed 5.4 was that the octeon target had a memory leak
issue, so he had to backport the removed 5.4 kernel for his tests.
Chen Minqiang chimed in and noted that no matter what (i.e.
@TARGET_x86 in depends) didn't prevent the package from being build
on other targets.
From what I can tell, the reason for this was that +nu801 meant
that kmod-meraki-mx100 pulled in an unconditional dependency as
part of to the kernel build.
|scripts/package-metadata.pl mk tmp/.packageinfo
|
|$(curdir)/kernel/linux/compile += $(curdir)/firmware/linux-firmware/compile \
| $(curdir)/firmware/prism54-firmware/compile \
| $(curdir)/kernel/gpio-button-hotplug/compile \
| >>> $(curdir)/system/gpio-cdev/nu801/compile <<<
change this by making the dependency conditional on the
meraki-mx100 module itself. Note that the nu801 enables/sets
the KCONFIG for the cgpio v2 interface itself, since the
userspace program and not the kernel meraki-mx100 relies on it.
Reference: <https://github.com/openwrt/openwrt/commit/eeb8fd4ce7e9>
Reported-by: Grommish <grommish@gmail.com>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
QEMU+Libvirt can emulate the ib700wdt watchdogs
which due to its I/O-Port mapping makes it x86
specific.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This commit add some enabled symbols to generic config.
LTO is only supported by clang compiler and therefore should
be disabled in the generic config instead of duplicating this
symbol in each target. CONFIG_LTO_NONE do this job.
The second group of symbols is enabled by the options available
in the generic config and is therefore added here:
* CONFIG_AF_UNIX_OOB is selected by CONFIG_NET && CONFIG_UNIX,
* CONFIG_BINARY_PRINTF is selected by CONFIG_BPF_SYSCALL,
* CONFIG_NET_SOCK_MSG is selected by CONFIG_BPF_SYSCALL && CONFIG_NET.
The other symbols are disabled and should be in the generic config.
This commit also removes these symbols from subtargets.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Fixes following build issues:
Package kmod-r8169 is missing dependencies for the following libraries:
mdio_devres.ko
Package kmod-ixgbe is missing dependencies for the following libraries:
mdio_devres.ko
Package kmod-amd-xgbe is missing dependencies for the following libraries:
mdio_devres.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
So the upcoming changes needed for 5.15 can be reviewed easily.
Removing following patches backported from 5.15:
* 101-v5.15-mfd-lpc_ich-Enable-GPIO-driver-for-DH89xxCC.patch
* 102-v5.15-platform-x86-add-meraki-mx100-platform-driver.patch
Removed upstreamed patch `300-pcengines_apu1_led.patch` in commit
1b40faf7e4ab ("leds: apu: extend support for PC Engines APU1 with newer
firmware")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The inclusion of the kmod-leds-uleds into the userspace
nu801 package causes a circular dependency inside the
buildsystem... which causes it to be picked regardless
of other DEPENDS values.
In case of the mx100, this could be solved by moving the
kmod-leds-uled dependency to the kmod-meraki-mx100.
Bonus: drop @!LINUX_5_4 from kmod-meraki-mx100
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This commit builds on previous efforts to add support
for Sophos devices.
* Add support for Sophos XG 85 with/without wireless
* Add support for Sophos XG 86 with/without wireless
Tested on Sophos XG 85w rev1 and XG 86 rev 1
Signed-off-by: Raylynn Knight <rayknight@me.com>
This reverts commit 80b7a8a7f5.
Now that 5.10 is the default kernel for all platforms, we can
bring back the NU801 userspace driver for platforms that rely
on it. Currently it's used on the MX100 x86_64 target, but
other Meraki platforms use this controller.
Note that we also now change how we load nu801. The way we did
this previously with procd worked, but it meant it didn't load
until everything was up and working.
To fix this, let's call nu801 from boot and re-trigger the
preinit blink sequence. Since nu801 runs as a daemon this is
now something we can do.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
(removed empty line, currently only MX100 uses it so: @TARGET_x86)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This driver is needed to boot from CompactFlash on the Siemens Futro S400.
The device has an AMD NX1500 CPU, which seems to be unsupported by the
geode subtarget, so it must use legacy.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Enable support for allocating user space page table entries in high memory [1],
for the targets which support this feature. This saves precious low memory
(permanently mapped, the only type of memory directly accessible by the kernel).
[1] https://www.kernel.org/doc/html/latest/vm/highmem.html
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.
This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.
This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.
Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Correct typo that caused network interfaces for Sophos
SG/XG wireless devices to not be configured properly.
Tested on Sophos SG 135wr2, Sophos XG 125wr2 and
Sophos SG 105wr1
Signed-off-by: Raylynn Knight <rayknight@me.com>
Module kmod-crypto-hw-geode provides accelerated cbc(aes) and ecb(aes)
but the software implementation is also needed when AES key size isn't
128 so that the operation can fall back. Add the kmod so that it would
all work as expected out of the box.
Tested-by: timur_davletshin
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Fall back to using board_vendor and board_name, if known dummy values
are used for sys_vendor and product_name.
Examples:
To be filled by O.E.M.:To be filled by O.E.M.
--> INTEL Corporation:ChiefRiver
System manufacturer:System Product Name
--> ASUSTeK COMPUTER INC.:P8H77-M PRO
To Be Filled By O.E.M.:To Be Filled By O.E.M.
--> ASRock:Q1900DC-ITX
Gigabyte Technology Co., Ltd.:To be filled by O.E.M.
--> Gigabyte Technology Co., Ltd.:H77M-D3H
empty:empty
--> TYAN Computer Corporation:TYAN Toledo i3210W/i3200R S5211
To Be Filled By O.E.M.:To Be Filled By O.E.M.
--> ASRock:H77 Pro4-M
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
* Add support for Sophos SG/XG-115 r1, r2 with/without wireless
* Add support for Sophos SG/XG-125 r1, r2 with/without wireless
* Add wireless support for SG/XG-105
Signed-off-by: Raylynn Knight <rayknight@me.com>
Each of
- CRYPTO_AEAD2
- CRYPTO_AEAD
- CRYPTO_GF128MUL
- CRYPTO_GHASH
- CRYPTO_HASH2
- CRYPTO_HASH
- CRYPTO_MANAGER2
- CRYPTO_MANAGER
- CRYPTO_NULL2
either directly required for mac80211 crypto support, or directly
selected by such options. Support for the mac80211 crypto was enabled in
the generic config since c7182123b9 ("kernel: make cryptoapi support
needed by mac80211 built-in"). So move the above options from the target
configs to the generic config to make it clear why do we need them.
CC: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Both CLANG_VERSION and LLD_VERISON are autogenerated runtime
configuration options, so add them to the kernel configuration filter
and remove from generic and per-target configs to keep configs clean.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Chen Minqiang reported in his GitHub PR #4733 that:
With CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA=y option set,
the popular x86/amd64 target's initramfs-kernel failed to boot.
The cause for this boot failure is that the LZMA compression
uses a the first bytes to encode the compression parameters.
It does not have a fixed magic. Yes, this only works if the
the existing lzma options in the upstream are not changed.
This patch does away with OpenWrt special LZMA options tuning
since it is rather unlikely that upstream will improve the
compression algorithm detection after all this time. Even
though, the tuning produced a smaller initramfs (~1.1% in a
spot check).
Link: <https://github.com/openwrt/openwrt/pull/4733>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* Better product ID for Sophos SG/XG-105 models
* Add support for Sophos SG/XG-135 r1, r2 with/without wireless
Signed-off-by: Stan Grishin <stangri@melmac.ca>
[Changed subject to x86 - probably eaten somewhere, the PR had it]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Added support to generate dynamic-sized VHDX images for Hyper-V.
Compile-tested on x86 and run-tested on Windows 10 21H2 (Hyper-V).
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
sorting alphabetically default packages
and placing them on their own line.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[fixed whitespaces before tab, double whitespaces]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Gigabit ethernet adapters using BCM5719/5720 chipset
are common on servers and as easy/cheap to get as
Intel based ones.
Usually found in 2-port and 4-port cards.
Also some devices recently added to x86_64 target
like the Meraki MX100 use this chipset for 8 of
their 12 integrated ports.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
This Kernel option allows to run OpenWrt witin a `firecracker` micro VM.
Firecracker is a KVM-based tool for superfast booting VMs on x86_64 and
aarch64. It makes rootfs available to the guest as a virtio-mmio device
and passes its address via the kernel cmdline. A kernel without
CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES will not recognize the rootfs
virtio-mmio device.
Suggested-by: Packet Please <pktpls@systemli.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
This reverts commit f536f5ebdd.
As Hauke commented, this causes builder failures on 5.4 kernels.
This revert includes changes to the mx100 kernel modules
dependency as well as the uci led definitions.
Tested-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This commit will add support for the Meraki MX100 in OpenWRT.
Specs:
* CPU: Intel Xeon E3-1200 Series 1.5GHz 2C/4T
* Memory: 4GB DDR3 1600 ECC
* Storage: 1GB USB NAND, 1TB SATA HDD
* Wireless: None
* Wired: 10x 1Gb RJ45, 2x 1Gb SFP
UART:
The UART header is named CONN11 and is found in the
center of the mainboard. The pinout from Pin 1 (marked
with a black triangle) to pin 4 is below:
Pin 1: VCC
Pin 2: TX
Pin 3: RX
Pin 4: GND
Note that VCC is not required for UART on this device.
Booting:
1. Flash/burn one of the images from this repo to a
flash drive.
2. Take the top off the MX100, and unplug the SATA
cable from the HDD.
3. Hook up UART to the MX100, plug in the USB drive,
and then power up the device.
4. At the BIOS prompt, quickly press F7 and then
scroll to the Save & Exit tab.
5. Scroll down to Boot Override, and select the
UEFI entry for your jumpdrive.
Note: UEFI booting will fail if the SATA cable for
the HDD is plugged in.
The issue is explained under the Flashing instructions.
Flashing:
1. Ensure the MX100 is powered down, and not plugged
into power.
2. Take the top off the MX100, and unplug the SATA
cable from the HDD.
3. Using the Mini USB female port found by the SATA
port on the motherboard,
flash one of the images to the system. Example:
`dd if=image of=/dev/sdb conv=fdatasync` where sdb
is the USB device for the MX100's NAND.
4. Unplug the Mini USB, hook up UART to the MX100,
and then power up the device.
5. At the BIOS prompt, quickly press F7 and then
scroll to the Boot tab.
6. Change the boot order and set UEFI: USB DISK 2.0
as first, and USB DISK 2.0 as second.
Disable the other boot options.
7. Go to Save & Exit, and then select Save Changes and
Reset
Note that OpenWRT will fail to boot in UEFI mode when
the SATA hard drive is plugged in. To fix this, boot
with the SATA disk unplugged and then run the following
command:
`sed -i "s|hd0,gpt1|hd1,gpt1|g" boot/grub/grub.cfg`
Once the above is ran, OpenWRT will boot when the HDD
is plugged into SATA. The reason this happens is the
UEFI implementation for the MX100 will always set
anything on SATA to HD0 instead of the onboard USB
storage, so we have to accomidate it since OpenWRT's
GRUB does not support detecting a boot disk via UUID.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Remove use of DEVICE_TITLE in favor of the
DEVICE_VENDOR and DEVICE_MODEL as used by
all other targets.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
CONFIG_RCU_{NEED_SEGCBLIST,STALL_COMMON} are set basically everywhere. Move them
to the generic kconfigs. And resort the generic kconfigs while at it.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
As x86/64 and x86/generic may be using UEFI, mounting the FAT-32 /boot
is necessary in order not to loose configuration files accross
sysupgrades. Include kmod-fs-vfat by default to make sure /boot can
always be mounted.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
NR_CPUS limits the number of CPUs supported to 8. This makes total sense
on hardware-restircted platforms, but not on x86_64, where CPUs with
more than 8 cores can be easily acquired and with less physical limitaions.
see also: https://forum.openwrt.org/t/x86-64-8-cpu-limitation-on-vanilla-release/100946
Signed-off-by: Edgar Su <sjs333@outlook.com>
Similar to how this is done in the diag.sh found in the base-files
package, we should blink our status LED (if we have one) during the
upgrade process. This follows the same blink pattern as seen at
./package/base-files/files/etc/diag.sh#L36
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
eth0 -> single NIC (i211at)
eth1 -> single NIC (i211at) -> 4-port unmanaged switch (BCM53125U)
Notes
UART is exposed on J4 connector, pinout starting from pin marked 1:
1. GND, 2. NC?, 3. NC?, 4. RX, 5. TX, 6. NC?
baud: 115200, parity: none, flow control: none
The board is setup by coreboot with UEFI. To enter setup screen hold
ESC key on boot.
The 5-LED multicolor matrix is attached on first I2C device named
"Synopsys DesignWare I2C adapter" at address 0x60. Controlling values
are stored in /opt/roqos/etc/rcLED.conf of original firmware.
Remember to backup the original firmware, there are no downloadable
copies.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Compile in MPT SAS driver required to mount rootfs on some VMWare
systems (e.g. required for 1&1 IONOS).
Signed-off-by: Mark Carroll <git@markcarroll.net>
Some targets select HZ=100, others HZ=250. There's no reason to select a higher
timer frequency (and 100 Hz are available in every architecture), so change all
targets to 100 Hz.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
fix the following build error when building with test kernel:
Package kmod-amd-xgbe is missing dependencies for the following libraries:
mdio_devres.ko
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>