The random crashes observed with HARDENED_USERCOPY enabled no longer
seem to occur. Enable HARDENED_USERCOPY to improve security.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch provides support for the Firebox M300 only user-controllable
bi-color LED, and makes the green "shield" LED act as the typical
OpenWrt status led.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Kernel 5.15.49 introduced a new symbol 'LIB_MEMNEQ'. Add it to the
generic 5.15 config.
Fixes: f1cd144482 ("kernel: bump 5.15 to 5.15.49")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Kernel 5.10.124 introduced a new symbol 'LIB_MEMNEQ'. Add it to the
generic 5.10 config.
Fixes: 9e5d743422 ("kernel: bump 5.10 to 5.10.124")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
DGS-1210 switches support dual image, with each image composed of a
kernel and a rootfs partition. For image1, kernel and rootfs are in
sequence. The current OpenWrt image (written using a serial console),
uses those partitions together as the firmware partition, ignoring the
partition division. The current OEM u-boot fails to validate image1 but
it will only trigger firmware recovery if both image1 and image2 fail,
and it does not switch the boot image in case one of them fails the
check.
The OEM factory image is composed of concatenated blocks of data, each
one prefixed with a 0x40-byte cameo header. A normal OEM firmware will
have two of these blocks (kernel, rootfs). The OEM firmware only checks
the header before writing unconditionally the data (except the header)
to the correspoding partition.
The OpenWrt factory image mimics the OEM image by cutting the
kernel+rootfs firmware at the exact size of the OEM kernel partition
and packing it as "the kernel partition" and the rest of the kernel and
the rootfs as "the rootfs partition". It will only work if written to
image1 because image2 has a sysinfo partition between kernel2 and
rootfs2, cutting the kernel code in the middle.
Steps to install:
1) switch to image2 (containing an OEM image), using web or these CLI
commands:
- config firmware image_id 2 boot_up
- reboot
2) flash the factory_image1.bin to image1. OEM web (v6.30.016)
is crashing for any upload (ssh keys, firmware), even applying OEM
firmwares. These CLI commands can upload a new firmware to the other
image location (not used to boot):
- download firmware_fromTFTP <tftpserver> factory_image1.bin
- config firmware image_id 1 boot_up
- reboot
To debrick the device, you'll need serial access. If you want to
recover to an OpenWrt, you can replay the serial installation
instructions. For returning to the original firmware, press ESC during
the boot to trigger the emergency firmware recovery procedure. After
that, use D-Link Network Assistant v2.0.2.4 to flash a new firmware.
The device documentation does describe that holding RESET for 12s
trigger the firmware recovery. However, the latest shipped U-Boot
"2011.12.(2.1.5.67086)-Candidate1" from "Aug 24 2021 - 17:33:09" cannot
trigger that from a cold boot. In fact, any U-Boot procedure that relies
on the RESET button, like reset settings, will only work if started from
a running original firmware. That, in practice, cancels the benefit of
having two images and a firmware recovery procedure (if you are not
consider dual-booting OpenWrt).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
The cameo header is a 0x40-byte header used by D-Link DGS 1210 switches
and Apresia ApresiaLightGS series. cameo-imghdr.py is a clean-room
reimplementation of imghdr present in the DGS-1210-28-GPL package.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[fix board_version argument's help text]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Enabling mbo by default on 802.11ax devices breaks for encryption types
that do not enable 802.11w by default. Disable mbo by default to fix
this. Enabling mbo by default on 802.11ax devices was not explained in
the commit message anyway.
Fixes: 6eee983656 ("hostapd: introduce mbo option")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This model is almost identical to the EAP225 v3.
Major difference is the RTL8211FS PHY Chipset.
Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 3x3
* Wireless 5Ghz (QCA9886): a/n/ac, 2x2 MU-MIMO
* Ethernet (RTL8211FS): 1× 1GbE, 802.3at PoE
Flashing instructions:
* ssh into target device and run `cliclientd stopcs`
* Upgrade with factory image via web interface
Debricking:
* Serial port can be soldered on PCB J4 (1: TXD, 2: RXD, 3: GND, 4: VCC)
* Bridge unpopulated resistors R225 (TXD) and R237 (RXD).
Do NOT bridge R230.
* Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via LuCI web interface
setenv ipaddr 192.168.1.1 # default, change as required
setenv serverip 192.168.1.10 # default, change as required
tftp 0x80800000 initramfs.bin
bootelf $fileaddr
MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
Signed-off-by: Sven Hauer <sven.hauer+github@uniku.de>
Introduce a new option background_radar to toggle hostapd's background
radar feature. Enabling this allows DFS CAC to run on dedicated radio RF
chains while the radio(s) are otherwise running normal AP activities on
other channels.
As OpenWrt configures hostapd to use a channel list even when a single
channel is configured, using this feature requires a list of channels in
/etc/config/wireless. Alternatively, channel can be set to auto.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Support the use of MBO in the bss_transition_request ubus method.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Introduce a new option mbo to toggle Multi Band Operation aka Agile
Multiband for a BSS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Multi Band Operation is required for 802.11ax certification, so let's
enable it if 802.11ax support is enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
Multi Band Operation aka Agile Multiband introduces new Transition
and Transition Rejection Reason Codes that should improve client
steering. Add a config symbol to enable it, and enable it by default for
the full variants.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: David Bauer <mail@david-bauer.net>
In Linux v5.14 an extra feature was introduced for the RTL8211F phy,
allowing to disable a clock output from the phy. Part of that patch is to
always (soft) reset the phy upon initialisation.
This phy reset is required to have a working ethernet on the TP-Link
EAP225-Outdoor v3 and EAP225 v4 after a reboot. Otherwise the ethernet
port will only function properly on cold boots.
Tested-by: Andre Klärner <kandre@ak-online.be> # EAP225-Outdoor v3
Tested-by: Sven Hauer <sven.hauer+github@uniku.de> # EAP225 v4
Signed-off-by: Sander Vanheule <sander@svanheule.net>
The support-list partition for the EAP225-V3 board ID became larger than
the allocated size, resulting in factory image generation for the
EAP225-Outdoor v3 and EAP225 v3 to fail. The make directive
Build/tplink-safeloader ignores this failure however, resulting in a
seemingly successful build with empty factory images.
Included changes:
e609c5d75186 tplink-safeloader: drop unqualified EAP225-V3 IDs
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Enable ath10k offload by default. This improves wireless performance
without requiring user configuration.
This adds ath10k_core to the AUTOLOAD section so that the frame_mode
paramter can be added to /etc/modules.d and passed to the driver.
The frame_mode 2 enables ethernet mode on the firmware/driver.
This parameter is set by passing a different value to the frame_mode
value on kmod insmod.
Link to the original patchset:
https://patchwork.kernel.org/project/linux-wireless/cover/20220516032519.29831-1-ryazanov.s.a@gmail.com/
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
lantiq,bus-clock, interrupt-map-mask and interrupt-map are already
defined with these exact values in vr9.dtsi. Drop them from
vr9_tplink_tdw8980.dts to just have one place where these are
maintained.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Starting with GCC 12, we have the possibility of mitigating straight-line
speculation vulnerabilities in x86-64 targets. Make it so.
Reported-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
No patches required a rebase, just updated checksum.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
Changes:
9c44557 opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages
2edcfad libopkg: set 'const' attribute for argv
This should fix the CI error in the packages repository, which happens with perl.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Mostly backports by a Red Hat employee as 0.62 and newer demands Python
3.7+. Same reason 0.61 is kept here.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
9eabf30 Release version 5.18.
2b3ddcb ethtool: fec: Change the prompt string to adapt to current situations
d660dde pretty: add missing message descriptions for rings
aaeb16a pretty: support u8 enumerated types
6b320b8 rings: add support to set/get cqe size
41fddc0 update UAPI header copies
42e6c28 help: fix alignment of rx-buf-len parameter
e1d0a19 ethtool.8: Fix typo in man page
37f0586 Release version 5.17.
8c2984c strset: do not put a pointer to a local variable to nlctx
8fd02a2 ioctl: add the memory free operation after send_ioctl call fails
b9f25ea ethtool: Add support for OSFP transceiver modules
6e79542 features: add --json support
5ed5ce5 Merge branch 'next' into master
b90abbb man: document recently added parameters
51a9312 tunables: add support to get/set tx copybreak buf size
a081c2a rings: add support to set/get rx buf len
d699bab Merge branch 'master' into next
52db6b9 Merge branch 'review/module-extstate' into next
6407b52 monitor: add option for --show-module/--set-module
1f35786 ethtool: Add transceiver module extended state
2d4c5b7 ethtool: Add ability to control transceiver modules' power mode
005908b Update UAPI header copies
Signed-off-by: Nick Hainke <vincent@systemli.org>
WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have
AES instructions but lack other extensions that are used by WolfSSL
when AES-NI is enabled.
Disable the option by default for now until the issue is properly fixed.
People can enable them in a custom build if they are sure it will work
for them.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Setting up DSA bond silently fails if mode is not 802.3ad. Add log message
to fix it. As we are already here harmonize all logging messages in the
add/delete functions.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
This reverts the airtime scheduler back from the virtual-time based scheduler
to the deficit round robin scheduler implementation.
This reduces burstiness and improves fairness by improving interaction with AQL.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The SFP cages 9F and 10F share the same SCL line. Currently, there
isn't a good way to model this. Thus, only one SFP port can be fully
supported.
Cage 10F is fully supported with an I2C bus and sfp handle. Linux
automatically handles enabling or disabling the TX laser.
Cage 9F is only parially supported, without the sfp handle. The SDA
line is hogged as an input, so that it remains high. SCL transitions
sould not affect modules connected to this cage. The default value of
the tx-disable line is high (active). It is exported as a gpio, but
the laser is off by default. To enable the laser:
echo 0 > /sys/class/gpio/sff-p9-tx-disable/value
Thus, both modules can be used for networking, but only 10F will be
able to detect and identify a plugged in SFP module.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Add support for the Engenius EWS2910P PoE switch. This is an RTL8380
based switch with two SFP slots, and PoE 802.3af one every RJ-45 port.
The specs say 802.3af, but the vendor firmware configures the PSE for
a budget of 31W, indicating 802.3at support.
Specifications:
---------------
* SoC: Realtek RTL8380M
* Flash: 32 MiB SPI flash Macronix MX25L25635E
* RAM: 256 MiB (As reported by bootloader)
* Ethernet: 16x 10/100/1000 Mbps with PoE
2x SFP slots
* Buttons: 1 "Reset" button on front panel
1 "LED mode: button on front panel
1 "On/Off" Toggle switch on the back
* Power: 48V-54V DC barrel jack
* UART: 1 serial header (JP1) with populated 2.54mm pitch header
Labeled GRTV for ground, rx, tx, and 3.3V respectively
* PoE: 1 STM ST32F100 microcontroller
2 BCM59111 PSE chips
Works:
------
- (8) RJ-45 ethernet ports
- Switch functions
- LEDs and buttons
Not yet enabled:
----------------
- SFP ports (will be enabled in a subsequent change)
- Power-over-Ethernet (requires realtek-poe package)
Install via web interface:
-------------------------
The factory firmware will accept and flash the initramfs image. It is
recommended to flash to "Partition 0". Flashing to "Partition 1" is
not supported at this point.
The factory web GUI will show the following warning:
" Warning: The firmware version is v0.00.00-c0.0.00
The firmware image you are uploading is older than the current
firmware of the switch. The device will reset back to default
settings. Are you sure you want to proceed?"
This is expected when flashing OpenWrt. After the initramfs image
boots, flash the -sysupgrade using either the commandline or LuCI.
Install via serial console/tftp:
--------------------------------
The u-boot firmware will not stop the boot, regardless of which key is
pressed. To access the u-boot console, ground out the CLK (pin 16) of
the ROM (U22) when u-boot is reading the linux image. If timed
correctly, the image CRC will fail, and u-boot will drop to a shell:
> rtk network on
> setenv ipaddr <address of tftp server>
> tftp $(freemem) <name-of-initramfs-image.bin>
> bootm
Then flash the -sysupgrade using either the commandline or luci.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
[gpio-led node names, OpenWrt and LuCI capitalization in commit message]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Asus RT-N12+ B1 and Asus RT-N300 B1 are the same device
with a different name.
The OEM firmwares have the same MD5 with Asus RT-N11P B1.
Same instructions for Asus RT-N11P B1 see:
commit c3dc52e39a ("ramips: add support for Asus RT-N10P V3 / RT-N11P B1 / RT-N12 VP B1")
Signed-off-by: Semih Baskan <strstgs@gmail.com>
(Added id from the PR review to commit message)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Specifications:
- Device: ASUS RT-AX53U
- SoC: MT7621AT
- Flash: 128MB
- RAM: 256MB
- Switch: 1 WAN, 3 LAN (10/100/1000 Mbps)
- WiFi: MT7905 2x2 2.4G + MT7975 2x2 5G
- Ports: USB 3.0
- LEDs: 1x POWER (blue, configurable)
3x LAN (blue, configurable)
1x WAN (blue, configurable)
1x USB (blue, not configurable)
1x 2.4G (blue, not configurable)
1x 5G (blue, not configurable)
Flash by U-Boot TFTP method:
- Configure your PC with IP 192.168.1.2
- Set up TFTP server and put the factory.bin image on your PC
- Connect serial port(rate:115200) and turn on AP, then interrupt "U-Boot Boot Menu" by hitting any key
Select "2. Upgrade firmware"
Press enter when show "Run firmware after upgrading? (Y/n):"
Select 0 for TFTP method
Input U-Boot's IP address: 192.168.1.1
Input TFTP server's IP address: 192.168.1.2
Input IP netmask: 255.255.255.0
Input file name: openwrt-ramips-mt7621-asus_rt-ax53u-squashfs-factory.bin
- Restart AP aftre see the log "Firmware upgrade completed!"
Signed-off-by: Chuncheng Chen <ccchen1984@gmail.com>
(replaced led label, added key-* prefix to buttons, added note about
BBT)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Tim Small reported:
| Viewing the 'Network' -> 'Switch' config page in LuCI:
|
| The LuCI LAN 1 port corresponds to the port physically
| labelled 2 at the rear of the device.
| [...]
|
| When a patch cord is attached to the port labelled 1 [...],
| the LED labelled 2 illuminates. [...]
=> Ports, LuCI and LEDs are reversed/don't match.
Reported-by: Tim Small
Fixes: #10111
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Restore CONFIG_I8K + CONFIG_INTEL_INT0002_VGPIO that got
removed when I refreshed the config. Each x86 target gets
its own CONFIG_CRYPTO_BLAKE2S + LIB settings as only the
x86_64 can use the accelerated x86 version.
Also remove two extra spaces that sneaked into geode's config.
Fixes: 539e60539a ("generic: enable CRYPTO_LIB_BLAKE2S[_X86|_ARM]")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>