Commit Graph

48051 Commits

Author SHA1 Message Date
David Bauer
ebddc5f984 ath79: add support for Enterasys WS-AP3705i
Hardware
--------
SoC:    Atheros AR9344
RAM:    128M DDR2
FLASH:  2x Macronix MX25L12845EM
        2x 16MiB SPI-NOR
WLAN2:  Atheros AR9344 2x2 2T2R
WLAN5:  Atheros AR9580 2x2 2T2R
SERIAL: Cisco-RJ45 on the back (115200 8n1)

Installation
------------

The U-Boot CLI is password protected (using the same credentials as the
OS). Default is admin/new2day.

1. Download the OpenWrt initramfs-image. Place it into a TFTP server
   root directory and rename it to 1401A8C0.img. Configure the TFTP
   server to listen at 192.168.1.66/24.

2. Connect the TFTP server to the access point.

3. Connect to the serial console of the access point. Attach power and
   interrupt the boot procedure when prompted (bootdelay is 1 second).

4. Configure the U-Boot environment for booting OpenWrt from Ram and
   flash:

   $ setenv boot_openwrt 'setenv bootargs; bootm 0xbf230000'
   $ setenv ramboot_openwrt 'setenv serverip 192.168.1.66;
     tftpboot 0x85000000; bootm'
   $ setenv bootcmd 'run boot_openwrt'
   $ saveenv

5. Load OpenWrt into memory:

   $ run ramboot_openwrt

   Wait for the image to boot.

6. Transfer the OpenWrt sysupgrade image to the device. Write the image
   to flash using sysupgrade:

   $ sysupgrade -n /path/to/openwrt-sysuograde.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-05-22 21:54:30 +02:00
David Bauer
a9f7510150 hostapd: add WEP as queryable build feature
Commit 472fd98c5b ("hostapd: disable support for Wired Equivalent
Privacy by default") made support for WEP optional.

Expose the WEP support to LuCi or other userspace tools using the
existing interface. This way they are able to remove WEP from the
available ciphers if hostapd is built without WEP support.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-05-22 21:54:30 +02:00
Daniele Castro
d6f66dd88e brcm63xx: add support for ADB P.DG A4001N A-000-1A1-AX
ADB P.DG A4001N A-000-1A1-AX a.k.a. Telecom Italia ADSL2+ Wi-Fi N (AGPWI)
has the same PCB as the OpenWrt's ADB P.DG A4001N1 with LEDs connected
to different GPIO PINs in active low configuration.

OpenWrt's ADB P.DG A4001N image is made for the ADB P.DG A4001N A-000-1A1-AE.
It has different LEDs configuration and flash size/layout
w.r.t the ADB P.DG A4001N A-000-1A1-AX.

Hardware:
* Board ID: 96328avng
* SoC: Broadcom BCM6328
* RAM DDR2-800: 32 Mbyte - winbond W9725G6KB-25
* Serial flash: 16 Mbyte - MXIC MX25L 12845EMI-10G
* Ethernet: 4x Ethernet 10/100 baseT
* Wifi 2.4GHz: Broadcom Corporation BCM43224/5 Wireless Network Adapter (rev 01)
* LEDs: 2x Power, 2x ADSL, 2x Internet, 2x Wi-Fi, 2x Service
* Buttons: 1x Reset, 1x WPS (named WiFi/LED)
* UART: 1x TTL 115200n8, TX  NC  RX, on J5 connector (short R192 and R193)
                         NC  GND NC

Installation via CFE:
* Stock CFE has to be overwriten with one for 96328avng boards that can upload
  .bin images with no signature check (cfe-A4001N-V0000_96328avng.bin)
* connect a serial port to the board
* Stop the boot process after power on by pressing enter
* set static IP 192.168.1.2 and subnet mask 255.255.255.0
* navigate to http://192.168.1.1/
* upload the OpenWrt image file

Signed-off-by: Daniele Castro <danielecastro@hotmail.it>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-22 21:23:21 +02:00
Adrian Schmutzler
e3e17b4ed4 bcm63xx: use model part of board name as variable in 01_leds
This extracts the model part of the board name and uses it for the
LED string identifiers in 01_leds. As this makes statements more
generic, it will allow to merge more cases in the future.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-22 18:28:01 +02:00
Adrian Schmutzler
5a7d11fb78 bcm63xx: replace further "ok" with "okay" in DTS files
While "ok" is recognized in DT parsing, only "okay" is actually
mentioned as valid value. Replace it accordingly.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-22 18:26:29 +02:00
Hauke Mehrtens
586661018e ath79: Do not build buffalo_whr-g301n by default
The squashfs partition is getting too big.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 22:16:17 +02:00
Hauke Mehrtens
04b1a11f5c mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
  CC [M]  /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
 typedef _Addr ptrdiff_t;
               ^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
                 from ./include/linux/list.h:5,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
 typedef __kernel_ptrdiff_t ptrdiff_t;
                            ^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed

Fixes: 289c632425 ("mac80211: Update to version 5.7-rc3-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 21:53:14 +02:00
Philip Prindeville
de8b88ce17 firewall: add rule for traceroute support
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.

This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-05-21 20:23:10 +02:00
Hans Dedecker
bc55258464 netifd: ingress/egress vlan qos mapping support
74e0222 vlandev: support setting ingress/egress QoS mappings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-21 20:21:02 +02:00
Álvaro Fernández Rojas
78a0ae9023 bcm63xx: WIP: add Huawei HG253s v2 support
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
5998c8f059 bcm63xx: nand: support CFE partition tags
Introduce support for generating JFFS2 CFE partition tags.
This is used in NAND devices in order to verify the integrity of the JFFS2
partition.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
d90828411a scripts: add CFE Partition Tags support
Some BCM63xx NAND devices require a specific JFFS2 partition tag to verify
the JFFS2 partition validity:
	u32 part_id;
	u32 part_size;
	u16 flags;
	char part_name[33];
	char part_version[21];
	u32 part_crc32;

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
6dc3dce658 bcm63xx: improve rgmii ctrl overrides
There are older devices which require overriding the RGMII ports, so this
shouldn't be limited and forced to BCM63268.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
7a817752f6 bcm63xx: dgnd3700-v1: add NAND support
NAND is used as extra storage on this device.

Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
67861b2a66 bcm63xx: nand: fix v2.1 controller support
Page size shift is different from v2.2+ controllers

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:23 +02:00
Hauke Mehrtens
289c632425 mac80211: Update to version 5.7-rc3-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch
was manually adapted to the changes in kernel 5.7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
64f343a881 mac80211: Update to version 5.6.8-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
9ca21dc7d5 mac80211: Update to version 5.5.19
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
a4b50c4bce mac80211: Update to version 5.4.36-1
This updates the mac80211 backport to the latest minor version.

The removed patch was a backport from the upstream kernel which is now
integrated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Russell King
6593ea23e5 kernel: backport the I2C bus recovery for uDPU
Backport the I2C bus recovery DT configuration for the uDPU that has
been queued for 5.8.

Signed-off-by: Russell King <linux@armlinux.org.uk>
2020-05-21 12:55:31 +02:00
Russell King
714199ec34 kernel: backport v5.8 i2c-pxa updates
Add i2c-pxa updates queued for v5.8, which add bus recovery to this
driver; this is needed for the uDPU platform.

Signed-off-by: Russell King <linux@armlinux.org.uk>
2020-05-21 12:55:31 +02:00
Russell King
72a1d5c3ac kernel: backport gpio emulated open drain output fix
Backport the GPIO emulated open drain output fix from v5.5, which is
required for the i2c-pxa backport.

Signed-off-by: Russell King <linux@armlinux.org.uk>
2020-05-21 12:55:31 +02:00
Daniel Golle
017320ead3 hostapd: bring back mesh patches
Bring back 802.11s mesh features to the level previously available
before the recent hostapd version bump. This is mostly to support use
of 802.11s on DFS channels, but also making mesh forwarding
configurable which is crucial for use of 802.11s MAC with other routing
protocols, such as batman-adv, on top.
While at it, fix new compiler warning by adapting 700-wifi-reload.patch
to upstream changes, now building without any warnings again.

Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-21 10:21:59 +01:00
Jason A. Donenfeld
a860fe2304 wireguard: bump to 1.0.20200520
This version has the various slew of bug fixes and compat fixes and
such, but the most interesting thing from an OpenWRT perspective is that
WireGuard now plays nicely with cake and fq_codel. I'll be very
interested to hear from OpenWRT users whether this makes a measurable
difference. Usual set of full changes follows.

This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.

* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10

These enable the test suite to compile with gcc-10.

* noise: read preshared key while taking lock

Matt noticed a benign data race when porting the Linux code to OpenBSD.

* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter

WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png

* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings

The usual RHEL churn.

* compat: backport renamed/missing skb hash members

The new support for fq_codel and friends meant more backporting work.

* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4

The main motivation for releasing this now: three stable kernels were released
at the same time, with a patch that necessitated updating in our compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-21 08:18:01 +02:00
Petr Štetiar
472fd98c5b hostapd: disable support for Wired Equivalent Privacy by default
Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional
build parameter") has made WEP functionality an optional build parameter
disabled as default, because WEP should not be used for anything
anymore. As a step towards removing it completely, they moved all WEP
related functionality behind CONFIG_WEP blocks and disabled it by
default.

This functionality is subject to be completely removed in a future
release.

So follow this good security advice, deprecation notice and disable WEP
by default, but still allow custom builds with WEP support via
CONFIG_WPA_ENABLE_WEP config option till upstream removes support for
WEP completely.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Petr Štetiar
0a3ec87a66 hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed
Bump package to latest upstream Git HEAD which is commit dd2daf0848ed
("HE: Process HE 6 GHz band capab from associating HE STA"). Since last
update there was 1238 commits done in the upstream tree with 618 files
changed, 53399 insertions, 24928 deletions.

I didn't bothered to rebase mesh patches as the changes seems not
trivial and I don't have enough knowledge of those parts to do/test that
properly, so someone else has to forward port them, ideally upstream
them so we don't need to bother anymore. I've just deleted them for now:

 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch
 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch
 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch
 007-mesh-apply-channel-attributes-before-running-Mesh.patch
 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
 013-mesh-do-not-allow-pri-sec-channel-switch.patch
 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch
 016-mesh-fix-channel-switch-error-during-CAC.patch
 018-mesh-make-forwarding-configurable.patch

Refreshed all other patches, removed upstreamed patches:

 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch
 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch
 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch
 090-wolfssl-fix-crypto_bignum_sum.patch
 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch
 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch
 800-usleep.patch

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Rosen Penev
5ff4b0d024 fuse: move package to packages feed
This package was last updated in 2016. All of the dependent packages
are in the packages feeds, where this will be moved.

Ref: https://github.com/openwrt/packages/pull/12190
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject/description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-20 18:59:46 +02:00
Thibaut VARÈNE
6934b20912 generic: platform/mikrotik: disambiguate SPDX-License-Identifier
I meant it to be GPL-2.0-only, as evidenced by the boilerplate.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-20 17:03:45 +02:00
Thibaut VARÈNE
49eec56bfc generic: routerbootpart.c: disambiguate SPDX-License-Identifier
I meant it to be GPL-2.0-only, as evidenced by the boilerplate.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-20 17:03:45 +02:00
Eneas U de Queiroz
80b350f528 build: have config-clean deal with old temp files
This is a temporary commit to have 'make config-clean' remove
temporary files from the previous scripts/config version.

The .gitignore file is updated to deal with the old files as well.

Cc: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Eneas U de Queiroz
db6c1214e0 build: add option to treat recursive deps as error
Running make with RECURSIVE_DEP_IS_ERROR=1 will cause a hard failure
when a recursive dependency is detected.  This is useful to apply
stricter Ci tests, for example.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Eneas U de Queiroz
9f843b1d43 build: scripts/config - update to kconfig-v5.6
Major changes include:
 - Much more readable reverse dependencies separated in groups
 - Improved recursive dependency report
 - More readable .config files: add comments to signal end of menus
 - More warnings for incorrect Config.in entries, such as a 'choice'
   default not contained in the 'choice'
 - Hability to properly display pseudographics with non-latin locales
 - Recursive dependencies can optionally be treated as errors

Changes from failed dcf3e63a35 attempt:
 - Recursive dependencies are treated as warnings by default
 - The option to treat them as errors is implemented as a command-line
   flag to scripts/config/conf instead of a compile-time definition
 - fixed handling of select with umnet dependencies

Cc: Petr Štetiar <ynezz@true.cz>
Cc: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Eneas U de Queiroz
94e27d62ab sdk: add OpenWrt branding to menuconfig & .config
Set the mainmenu symbol in SDK Config.in to "OpenWrt Configuration", the
same as the main OpenWrt Config.in.  This string is is used as the name
of the top menu in menuconfig, and at the top of the .config file.  If
unset, current kconfig will use "Linux Kernel Configuration".

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Eneas U de Queiroz
f827f947ae build: show make output in scripts/config when V=s
This should make debugging build errors in scripts/config a bit easier.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Eneas U de Queiroz
1f2539a1f4 sdk: fix host menu config targets using ncurses
This applies 965f341aa9 ("build: fix host menu config targets using
ncurses") to the SDK top Makefile.

If there is a pkg-config in the staging dir, it will try to use it
instead of the host system's pkg-config; then it will fail to find the
ncurses package.  Linux's default will be used, which fails in some
cases, such as recent Gentoo systems.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[fixed From: to match SoB]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-20 17:03:45 +02:00
Eneas U de Queiroz
3481f6ffc7 wolfssl: update to 4.4.0-stable
This version adds many bugfixes, including a couple of security
vulnerabilities:
 - For fast math (enabled by wpa_supplicant option), use a constant time
   modular inverse when mapping to affine when operation involves a
   private key - keygen, calc shared secret, sign.
 - Change constant time and cache resistant ECC mulmod. Ensure points
   being operated on change to make constant time.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Karel Kočí
3c1d1d4332 tools: add autoconf-archive
Some autotools based build systems are using autoconf-archive scripts
and are expecting them to almost always be available. This is not
required for regular releases as tar balls generated for releases
commonly have existing configure script. This is rather intended to be
used with autotools.mk's autoreconf and in cases it is not always
possible to get release tar ball.

Including this adds little to no overhead in terms of build time as
those are just m4 scripts copied to an appropriate location.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
[fixed From: to match SoB]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-20 15:37:16 +02:00
Petr Štetiar
1b2fefb244 kernel: bump 5.4 to 5.4.42
Refreshed patches, removed upstreamed patch:

 generic/pending: 001-v5.4-pinctrl-qcom-fix-wrong-write-in-update_dual_edge.patch.patch

Run tested: qemu-x86-64
Build tested: x86/64, ath79/nand, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-20 15:26:22 +02:00
Jeffery To
982d787773 kernel: kmod-ptp-qoriq: Package kernel object file
This updates the package to contain the kernel object (.ko) file instead
of the plain object (.o) file.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-05-20 15:26:22 +02:00
Alberto Bursi
dc7cc60ca3 x86: fix generic kernel 5.4 config
The last kernel update done with commit 500a02bc29 ("x86: Update
configuration") placed most of the updated config only in the x86_64
target.

Move the options needed by the other targets too in the x86 base config,
and add an additional option needed by those targets.

Fixes: 500a02bc29 ("x86: Update configuration")
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[commit subject/description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-20 15:26:22 +02:00
Richard Huynh
f3792690c4 ramips: Add support for Xiaomi Redmi Router AC2100 (RM2100)
Specification:
- CPU: MediaTek MT7621A
- RAM: 128 MB DDR3
- FLASH: 128 MB ESMT NAND
- WIFI: 2x2 802.11bgn (MT7603)
- WIFI: 4x4 802.11ac (MT7615)
- ETH: 3xLAN+1xWAN 1000base-T
- LED: Power, WAN, in Amber and White
- UART: On board near ethernet, opposite side from power
- Modified u-boot

Installation:

1. Run linked exploit to get shell, startup telnet and wget the files over
2. mtd write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-kernel1.bin kernel1
3. nvram set uart_en=1
4. nvram set bootdelay=5
5. nvram set flag_try_sys1_failed=1
6. nvram commit
7. mtd -r write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-rootfs0.bin rootfs0

Restore to stock:

1. Setup PXE and TFTP server serving stock firmware image
(See dhcp-boot option of dnsmasq)
2. Hold reset button down before powering on and wait for flashing amber led
3. Release reset button
4. Wait until status led changes from flashing amber to white

Notes:
This device has dual kernel and rootfs slots like other Xiaomi devices currently
supported (mir3g, etc.) thus, we use the second slot and overwrite the first
rootfs onwards in order to get more space.

Exploit and detailed instructions:

https://openwrt.org/toh/xiaomi/xiaomi_redmi_router_ac2100

An implementation of CVE-2020-8597 against stock firmware version 1.0.14

This requires a computer with ethernet plugged into the wan port and an active
PPPoE session, and if successful will open a reverse shell to 192.168.31.177
on port 31337.

As this shell is somewhat unreliable and likely to be killed in a random amount
of time, it is recommended to wget a static compiled busybox binary onto the
device and start telnetd with it.

The stock telnetd and dropbear unfortunately appear inoperable.
(Disabled on release versions of stock firmware likely)
Ie. wget https://yourip/busybox-mipsel -O /tmp/busybox
chmod a+x /tmp/busybox
/tmp/busybox telnetd -l /bin/sh

Tested-by: David Martinez <bonkilla@gmail.com>
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
2020-05-20 15:26:22 +02:00
Álvaro Fernández Rojas
c93cdf536a bcm63xx: lzma-loader: rely on CHIP_ID for UART address
lzma-loader uart output wasn't working on BCM3380/BCM6362 because these
SoCs have the same processor ID.
Let's use CHIP_ID for establishing the UART base address.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 11:15:29 +02:00
Álvaro Fernández Rojas
8e8920c92f bcm63xx: lzma-loader: remove unused definitions
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 09:26:15 +02:00
Álvaro Fernández Rojas
0836e22a83 bcm63xx: image: add CVG834G CHIP_ID
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 09:23:10 +02:00
Álvaro Fernández Rojas
91b275b6e3 bcm63xx: image: rename CFE_CHIP_ID to CHIP_ID
Rename CFE_CHIP_ID to a generic name that doesn't involve CFE.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 09:21:34 +02:00
Álvaro Fernández Rojas
e0382c50e9 bcm63xx: fix AD1018 WLAN led
Standard AD1018 has lower case LEDs.

Fixes: 5f82691923 ("bcm63xx: add unmodded SERCOMM AD1018 support")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 08:46:13 +02:00
Álvaro Fernández Rojas
e55af8a4b0 bcm63xx-cfe: fix build with CONFIG_AUTOREMOVE
When CONFIG_AUTOREMOVE is enabled, CFE binaries are removed before the
image creation.
Install CFE binaries to kernel directory and let autoremove clean the
files in PKG_BUILD_DIR.
Also drop unneeded tar cmd/options.

Fixes: dcee4eaa42 ("bcm63xx-cfe: add package with CFE RAM binaries")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 08:46:13 +02:00
Jason A. Donenfeld
0727c83a76 wireguard-tools: bump to 1.0.20200513
* ipc: add support for openbsd kernel implementation
* ipc: cleanup openbsd support
* wg-quick: add support for openbsd kernel implementation
* wg-quick: cleanup openbsd support

Very exciting! wg(8) and wg-quick(8) now support the kernel implementation for
OpenBSD. OpenBSD is the second kernel, after Linux, to receive full fledged
and supported WireGuard kernel support. We'll probably send our patch set up
to the list during this next week. `ifconfig wg0 create` to make an interface,
and `wg ...` like usual to configure WireGuard aspects of it, like usual.

* wg-quick: support dns search domains

If DNS= has a non-IP in it, it is now treated as a search domain in
resolv.conf.  This new feature will be rolling out across our various GUI
clients in the next week or so.

* Makefile: simplify silent cleaning
* ipc: remove extra space
* git: add gitattributes so tarball doesn't have gitignore files
* terminal: specialize color_mode to stdout only

Small cleanups.

* highlighter: insist on 256-bit keys, not 257-bit or 258-bit

The highlighter's key checker is now stricter with base64 validation.

* wg-quick: android: support application whitelist

Android users can now have an application whitelist instead of application
blacklist.

* systemd: add wg-quick.target

This enables all wg-quick at .services to be restarted or managed as a unit via
wg-quick.target.

* Makefile: remember to install all systemd units

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-20 08:14:00 +02:00
Álvaro Fernández Rojas
5f82691923 bcm63xx: add unmodded SERCOMM AD1018 support
Until now only HW modded SPI flash version was supported.

BCM6328 with 64M RAM and 128M NAND.
More info: https://openwrt.org/toh/sercomm/ad1018

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-19 13:33:39 +02:00
Álvaro Fernández Rojas
5d3bb7ea9a kernel: mtdsplit: bcm_wfi: add sercomm support
SERCOMM creates separates partitions for cferam.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-19 13:33:39 +02:00