Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile -basic and
-full variants with support for OCV. This feature can be configured in the
wireless config by setting ocv equal to one of the following values:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
driver indicates support for operating channel validation.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile the -basic and
-full variants of hostapd with this feature, and enable discovery of this
feature for future luci integration. OCV can be configured by setting ocv
equal to one of the following values in the wireless config:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled
2 = enabled in workaround mode - Allow STA that claims OCV capability to
connect even if the STA doesn't send OCI or negotiate PMF.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
c07f45927839 firmware: update mt7622 firmware to version 20220630
af406a2d1c36 mt76: do not use skb_set_queue_mapping for internal purposes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
GPIO 1 on the RTL8231 is used to force the PoE MCU to disable power
outputs. It is not used by any driver, but if accidentally set low,
PoE outputs are disabled. This situation is hard to debug, and
requires knowledge of the Broadcom PoE protocol used by the MCU.
To prevent this situation, hog it as an output high. This is
consistent with the ZyXel GS1900 series handles it.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Fix the wps button to prevent wrongly detected recovery procedures.
In the official banana pi r64 git the wps button is set to
GPIO_ACTIVE_LOW and not GPIO_ACTIVE_HIGH.
Import patch to fix on boot unwanted recovery entering:
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
- failsafe button wps was pressed -
- failsafe -
Signed-off-by: Nick Hainke <vincent@systemli.org>
rtl8366s is used only by dlink_dir-825-b1 and the netgear_wndr family
(wndr3700, wndr3700-v2, wndr3800ch, wndr3800.dts, wndrmac-v1,
wndrmac-v2).
Not tested in real hardware.
With rtl8366rb, rtl8366s, rtl8367 as modules, rtl8366_smi can also be a
loadable module. This change was tested with tl-wr2543-v1.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This external switch driver should be loaded on boot for network
support in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
It looks like rtl8366rb is used only by tplink_tl-wr1043nd-v1 and
buffalo_wzr-hp-g300nh-rb. There is no need to have it built-in as it
works as a loadable module.
Tested both failsafe and normal boot on tl-wr1043nd-v1.
buffalo_wzr-hp-g300nh-rb was not tested.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This external switch driver should be loaded on boot for network
support in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
At least two AX820 hardware variants are known to exist, but they cannot
be distinguished (same hardware revision, no specific markings).
They appear to have the same LED hardware, but wired differently:
- One has a red system LED at GPIO 15, a green wlan2g LED at GPIO 14 and
a blue wlan5g LED at GPIO 16;
- The other only offers a green system LED at GPIO 15, with GPIO 14 and
16 being apparently not connected
Finally, a Yuncore datasheet says the canonical wiring should be:
- Blue wlan2g GPIO 14, green system GPIO 15, red wlan5g GPIO 16
All GPIOs are tied to a single RGB LED which is exposed via lightpipe on
the device front casing.
Considering the above, this patch exposes all three LEDs, preserves the
common system LED (GPIO 15) as the openwrt status LED, and removes the
color information from the LEDs names since it is not consistent across
hardware. The LED naming is made consistent with other YunCore devices.
A note is added in DTS to ensure this information is always available
and prevent unwanted changes in the future.
Fixes: #10131 "YunCore AX820: GPIO LED not correct"
Reviewed-by: Sander Vanheule <sander@svanheule.net>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This avoids a dangling symlink to self when reinstalling the toolchain:
./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib/lib -> lib
This is caused by the fact that in the toolchain dir we have
'lib64 -> lib'
and on executing
'ln lib ./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib64'
ln dereference the symbolic link 'lib64' to 'lib' so the REAL command is
'ln lib ./staging_dir/toolchain-mips_24kc_gcc-9.3.0_musl/lib'
this results in the dangling symlink to self.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
[ add more details to the commit description and fix title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Enable PowerPC Book-E Watchdog Timer support. Having this enabled
in-kernel will result in procd starting it during boot.
This effectively solves the problem of the WDT in the Winbond W83793 chip
potentially resetting the system during sysupgrade, which could result
in an unbootable device. While the driver is modular, resulting in procd
not starting the WDT during boot (because that happens before kmod
load), the WDT handover during sysupgrade results in the WDT being
started. This normally shouldn't be a problem, but the W83793 WDT does
not like procd's defaults, nor the handover happening during sysupgrade.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Due to licensing uncertainty, we do not include the firmwares for the
wireless chips used in the Raspberry Pi Zero 2 W. To have working
wireless, follow the instructions below.
For people building their own images:
mkdir -p files/lib/firmware/brcm
wget -P files/lib/firmware/brcm/ https://github.com/RPi-Distro/firmware-nonfree/raw/bullseye/debian/config/brcm80211/brcm/brcmfmac43436-sdio.bin
wget -P files/lib/firmware/brcm/ https://github.com/RPi-Distro/firmware-nonfree/raw/bullseye/debian/config/brcm80211/brcm/brcmfmac43436-sdio.txt
wget -P files/lib/firmware/brcm/ https://github.com/RPi-Distro/firmware-nonfree/raw/bullseye/debian/config/brcm80211/brcm/brcmfmac43436s-sdio.bin
wget -P files/lib/firmware/brcm/ https://github.com/RPi-Distro/firmware-nonfree/raw/bullseye/debian/config/brcm80211/brcm/brcmfmac43436s-sdio.txt
Now build the OpenWrt image as usual, and it will include the firmware
files in the correct location.
For people using ext4 images:
Write the ext4 image to the sdcard, then mount the 2nd partition and put
the firmware files from the links above in /lib/firmware/brcm relative
from the mount point where the partition is mounted.
For people using squashfs images:
Write the squashfs image to the sdcard, place it in the Raspberry Pi
Zero 2 W, boot it and wait for the overlay filesystem to be created.
Find the offset of the overlay filesystem in sysfs:
# cat /sys/devices/virtual/block/loop0/loop/offset
25755648
Shut down the device, unplug the power and move the SD card to a Linux
computer. Mount the 2nd partition of the sdcard as a loop device with
the offset found earlier.
sudo mount /dev/sdh2 -o loop,offset=25755648 /mnt/temp
Put the firmware files from the links above in /upper/lib/firmware/brcm
relative to the mount point where the loop device is mounted.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Peter van Dijk <peter@7bits.nl>
Asus RP-AC51 Repeater
Category:
AC750 300+433 (OEM w. unstable driver)
AC1200 300+866 (OpenWrt w. stable driver)
Hardware specifications:
Board: AP147
SoC: QCA9531 2.4G b/g/n
WiFi: QCA9886 5G n/ac
DRAM: 128MB DDR2
Flash: gd25q128 16MB SPI-NOR
LAN/WAN: AR8229 1x100M
Clocks: CPU:650MHz, DDR:600MHz, AHB:200MHz
MAC addresses as verified by OEM firmware:
use address source
Lan/W2G *:C8 art 0x1002 (label)
5G *:CC art 0x5006
Installation:
Asus windows recovery tool:
install the Asus firmware restoration utility
unplug the router, hold the reset button while powering it on
release when the power LED flashes slowly
specify a static IP on your computer:
IP address: 192.168.1.75
Subnet mask 255.255.255.0
Start the Asus firmware restoration utility, specify the factory image
and press upload
Do not power off the device after OpenWrt has booted until the LED flashing.
TFTP Recovery method:
set computer to a static ip, 192.168.1.10
connect computer to the LAN 1 port of the router
hold the reset button while powering on the router for a few seconds
send firmware image using a tftp client; i.e from linux:
$ tftp
tftp> binary
tftp> connect 192.168.1.1
tftp> put factory.bin
tftp> quit
Signed-off-by: Tamas Balogh <tamasbalogh@hotmail.com>
Asus PL-AC56 Powerline Range Extender Rev.A1
(in kit with Asus PL-E56P Powerline-slave)
Hardware specifications:
Board: AP152
SoC: QCA9563 2.4G n 3x3
PLC: QCA7500
WiFi: QCA9882 5G ac 2x2
Switch: QCA8337 3x1000M
Flash: 16MB 25L12835F SPI-NOR
DRAM SoC: 64MB w9751g6kb-25
DRAM PLC: 128MB w631gg6kb-15
Clocks: CPU:775.000MHz, DDR:650.000MHz, AHB:258.333MHz, Ref:25.000MHz
MAC addresses as verified by OEM firmware:
use address source
Lan/Wan/PLC *:10 art 0x1002 (label)
2G *:10 art 0x1000
5G *:14 art 0x5000
Important notes:
the PLC firmware has to be provided and copied manually onto the
device! The PLC here has no dedicated flash, thus the firmware file
has to be uploaded to the PLC controller at every system start
the PLC functionality is managed by the script /etc/init.d/plc_basic,
a very basic script based on the the one from Netadair (netadair dot de)
Installation:
Asus windows recovery tool:
have to have the latest Asus firmware flashed before continuing!
install the Asus firmware restoration utility
unplug the router, hold the reset button while powering it on
release when the power LED flashes slowly
specify a static IP on your computer:
IP address: 192.168.1.75
Subnet mask 255.255.255.0
start the Asus firmware restoration utility, specify the factory image
and press upload
do NOT power off the device after OpenWrt has booted until the LED flashing
TFTP Recovery method:
have to have the latest Asus firmware flashed before continuing!
set computer to a static ip, 192.168.1.75
connect computer to the LAN 1 port of the router
hold the reset button while powering on the router for a few seconds
send firmware image using a tftp client; i.e from linux:
$ tftp
tftp> binary
tftp> connect 192.168.1.1
tftp> put factory.bin
tftp> quit
do NOT power off the device after OpenWrt has booted until the LED flashing
Additional notes:
the pairing buttons have to have pressed for at least half a second,
it doesn't matter on which plc device (master or slave) first
it is possible to pair the devices without the button-pairing requirement
simply by pressing reset on the slave device. This will default to the
firmware settings, which is also how the plc_basic script is setting up
the master device, i.e. configuring it to firmware defaults
the PL-E56P slave PLC has its dedicated 4MByte SPI, thus it is capable
to store all firmware currently available. Note that some other
slave devices are not guarantied to have the capacity for the newer
~1MByte firmware blobs!
To have a good overlook about the slave device, here are its specs:
same QCA7500 PLC controller, same w631gg6kb-15 128MB RAM,
25L3233F 4MB SPI-NOR and an AR8035-A 1000M-Transceiver
Signed-off-by: Tamas Balogh <tamasbalogh@hotmail.com>
No patches rebased, just checksum update for this refresh.
Build system: x86_64
Build-tested: ipq806x/R7800
Signed-off-by: John Audia <therealgraysky@proton.me>
In Turris MOX SDIO card [1], which uses Marvell 88W997 and its driver
mwifiex, you might get cryptic messages, which are not helpful to use.
@pali created patch, which improves messages by the driver and he will
send this to Linux kernel soon.
Before:
[ 81.026156] mwifiex_sdio mmc1:0001:1: CMD_RESP: cmd 0x20 error, result=0x1
After:
[ 15.784018] mwifiex_sdio mmc1:0001:1: CMD_RESP: cmd RF_ANTENNA (0x20) error, result=0x1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
SDIO chip 88W9997 from NXP [1] is quite limited by its firmware and
driver. Add hacky patch to allow up to 4 SSID instead of 3 SSID.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Add support for Methode euroDPU which is based on uDPU but does not
have a second SFP cage, instead of which a Maxlinear G.hn IC is used.
PHY mode is set to 1000Base-X despite Maxlinear IC being capable of
2500Base-X since until 5.15 support for mvebu is available trying to use
2500Base-X will cause buffer overruns for which the fix is not easily
backportable.
Installation instructions:
1. Boot the FIT initramfs image (openwrt-mvebu-cortexa53-methode_edpu-initramfs.itb)
2. sysupgrade using the openwrt-mvebu-cortexa53-methode_edpu-firmware.tgz
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
uDPU DTS has pending upstream fixups, so backport those as well as split
the DTS into a DTSI and DTS in preparation for euroDPU support which
uses uDPU as the base.
Ethernet aliases have not yet been sent upstream but will be soon in order
for U-boot to set the correct MAC on both ethernet interfaces instead of
just one.
Since U-boot environment now has its own partition, update the envtools
config script to search for it instead.
Patch hardcoding PHY mode is also not applicable anymore, so drop it and
set in the uDPU DTS directly.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
The MikroTik mAP-2nd (sold as mAP) is an indoor 2.4Ghz AP with
802.3af/at PoE input and passive PoE passthrough.
See https://mikrotik.com/product/RBmAP2nD for more details.
Specifications:
- SoC: QCA9533
- RAM: 64MB
- Storage: 16MB NOR
- Wireless: QCA9533 802.11b/g/n 2x2
- Ethernet: 2x 10/100 ports,
802.3af/at PoE in port 1, 500 mA passive PoE out on port 2
- 7 user-controllable LEDs
Note: the device is a tiny AP and does not distinguish between both
ethernet ports roles, so they are both assigned to lan.
With the current setup, ETH1 is connected to eth1 and ETH2 is connected
to eth0 via the embedded switch port 2.
Flashing:
TFTP boot initramfs image and then perform sysupgrade. The "ETH1" port
must be used to upload the TFTP image. Follow common MikroTik procedure
as in https://openwrt.org/toh/mikrotik/common.
Tested-By: Andrew Powers-Holmes <aholmes@omnom.net>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Linux MTD requires the parent partition be writable for a child
partition to be allowed write permission.
In order for soft_config to be writeable (and modifiable via sysfs),
the parent RouterBoot partition must be writeable
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Linux MTD requires the parent partition be writable for a child
partition to be allowed write permission.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Update this pending patch to remove the untested (variable eraseregions)
section, alongside simplifying the patch.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
[refresh and split out unrelated refreshes]
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Since 4e0c54bc5b ("kernel: add support for kernel 5.4"),
the spi-nor limit 4k erasesize to spi-nor chips below a configured size
patch has not functioned as intended.
For uniform erasesize SPI-NOR devices, both
nor->erase_opcode & mtd->erasesize are used in erase operations.
These are set before, and not modified by, this
CONFIG_MTD_SPI_NOR_USE_4K_SECTORS_LIMIT patch.
Thus, an SPI-NOR device with CONFIG_MTD_SPI_NOR_USE_4K_SECTORS will
always use 4k erasesize (where the device supports it).
If this patch was fixed to function as intended, there would be
cases where devices change from a 4K to a 64K erasesize.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Asus RP-AC87 ac2600 Repeater
2.4GHz 800Mbps
5GHz 1733Mbps
Hardware specifications:
SoC: MT7621A 2 cores 4 threads @880MHz
WiFi2G: MT7615E 2G 4x4 b/g/n
Wifi5G: MT7615E 5G 4x4 n/ac
DRAM: 128MB DDR3 @1200mhz
Flash: 16MB MX25L12805D SPI-NOR
LAN/WAN: MT7530 1x1000M
MAC addresses as verified by OEM firmware:
use address source
Lan/W5G *:B0 factory 0x8004 (label)
W2G *:B4 factory 0x0
Installation:
Asus windows recovery tool:
install the Asus firmware restoration utility
unplug the router, hold the reset button while powering it on
release when the power LED flashes slowly
specify a static IP on your computer:
IP address: 192.168.1.75
Subnet mask 255.255.255.0
Start the Asus firmware restoration utility, specify the factory image
and press upload
Do not power off the device after OpenWrt has booted until the LED flashing.
TFTP Recovery method:
set computer to a static ip, 192.168.1.2
connect computer to the LAN 1 port of the router
hold the reset button while powering on the router for a few seconds
send firmware image using a tftp client; i.e from linux:
$ tftp
tftp> binary
tftp> connect 192.168.1.1
tftp> put factory.bin
tftp> quit
Signed-off-by: Tamas Balogh <tamasbalogh@hotmail.com>
OpenWrt now uses firewall4 (nft) by default,
so iptables should also default to nftables backend.
When multiple packages provide the same virtual package,
opkg pick the first one by alphabetical order,
so we rename iptables-legacy to iptables-zz-legacy and add
iptables-legacy in PROVIDES.
We also need to remove IPTABLES_NFTABLES config as
this cause recursive dependencies.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
The random crashes observed with HARDENED_USERCOPY enabled no longer
seem to occur. Enable HARDENED_USERCOPY to improve security.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This patch provides support for the Firebox M300 only user-controllable
bi-color LED, and makes the green "shield" LED act as the typical
OpenWrt status led.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Kernel 5.15.49 introduced a new symbol 'LIB_MEMNEQ'. Add it to the
generic 5.15 config.
Fixes: f1cd144482 ("kernel: bump 5.15 to 5.15.49")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Kernel 5.10.124 introduced a new symbol 'LIB_MEMNEQ'. Add it to the
generic 5.10 config.
Fixes: 9e5d743422 ("kernel: bump 5.10 to 5.10.124")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
DGS-1210 switches support dual image, with each image composed of a
kernel and a rootfs partition. For image1, kernel and rootfs are in
sequence. The current OpenWrt image (written using a serial console),
uses those partitions together as the firmware partition, ignoring the
partition division. The current OEM u-boot fails to validate image1 but
it will only trigger firmware recovery if both image1 and image2 fail,
and it does not switch the boot image in case one of them fails the
check.
The OEM factory image is composed of concatenated blocks of data, each
one prefixed with a 0x40-byte cameo header. A normal OEM firmware will
have two of these blocks (kernel, rootfs). The OEM firmware only checks
the header before writing unconditionally the data (except the header)
to the correspoding partition.
The OpenWrt factory image mimics the OEM image by cutting the
kernel+rootfs firmware at the exact size of the OEM kernel partition
and packing it as "the kernel partition" and the rest of the kernel and
the rootfs as "the rootfs partition". It will only work if written to
image1 because image2 has a sysinfo partition between kernel2 and
rootfs2, cutting the kernel code in the middle.
Steps to install:
1) switch to image2 (containing an OEM image), using web or these CLI
commands:
- config firmware image_id 2 boot_up
- reboot
2) flash the factory_image1.bin to image1. OEM web (v6.30.016)
is crashing for any upload (ssh keys, firmware), even applying OEM
firmwares. These CLI commands can upload a new firmware to the other
image location (not used to boot):
- download firmware_fromTFTP <tftpserver> factory_image1.bin
- config firmware image_id 1 boot_up
- reboot
To debrick the device, you'll need serial access. If you want to
recover to an OpenWrt, you can replay the serial installation
instructions. For returning to the original firmware, press ESC during
the boot to trigger the emergency firmware recovery procedure. After
that, use D-Link Network Assistant v2.0.2.4 to flash a new firmware.
The device documentation does describe that holding RESET for 12s
trigger the firmware recovery. However, the latest shipped U-Boot
"2011.12.(2.1.5.67086)-Candidate1" from "Aug 24 2021 - 17:33:09" cannot
trigger that from a cold boot. In fact, any U-Boot procedure that relies
on the RESET button, like reset settings, will only work if started from
a running original firmware. That, in practice, cancels the benefit of
having two images and a firmware recovery procedure (if you are not
consider dual-booting OpenWrt).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
The cameo header is a 0x40-byte header used by D-Link DGS 1210 switches
and Apresia ApresiaLightGS series. cameo-imghdr.py is a clean-room
reimplementation of imghdr present in the DGS-1210-28-GPL package.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[fix board_version argument's help text]
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Enabling mbo by default on 802.11ax devices breaks for encryption types
that do not enable 802.11w by default. Disable mbo by default to fix
this. Enabling mbo by default on 802.11ax devices was not explained in
the commit message anyway.
Fixes: 6eee983656 ("hostapd: introduce mbo option")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
