Commit Graph

639 Commits

Author SHA1 Message Date
Daniel Golle
049ac36b2f firmware-utils/ptgen: set GPT partition attributes and name
Allow setting GPT partition names as used by TF-A bl2 to identify the
FIP volume to load from eMMC and SD-card.
While at it, also allow setting 'required' attribute as it should be
used for volumes which are essential for the system to boot.
Also properly handle setting the LEGACY_BOOT flag on the partition
selected as 'active', as this is how it is specified in the spec.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-28 01:23:48 +00:00
Sander Vanheule
1e75909a35 ramips: mt7621: add TP-Link EAP235-Wall support
The TP-Link EAP235-Wall is a wall-mounted, PoE-powered AC1200 access
point with four gigabit ethernet ports.

When connecting to the device's serial port, it is strongly advised to
use an isolated UART adapter. This prevents linking different power
domains created by the PoE power supply, which may damage your devices.

The device's U-Boot supports saving modified environments with
`saveenv`. However, there is no u-boot-env partition, and saving
modifications will cause the partition table to be overwritten. This is
not an issue for running OpenWrt, but will prevent the vendor FW from
functioning properly.

Device specifications:
* SoC: MT7621DAT
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (MT7603EN): b/g/n, 2x2
* Wireless 5GHz (MT7613BEN): a/n/ac, 2x2
* Ethernet: 4× GbE
  * Back side: ETH0, PoE PD port
  * Bottom side: ETH1, ETH2, ETH3
* Single white device LED
* LED button, reset button (available for failsafe)
* PoE pass-through on port ETH3 (enabled with GPIO)

Datasheet of the flash chip specifies a maximum frequency of 33MHz, but
that didn't work. 20MHz gives no errors with reading (flash dump) or
writing (sysupgrade).

Device mac addresses:
Stock firmware uses the same MAC address for ethernet (on device label)
and 2.4GHz wireless. The 5GHz wireless address is incremented by one.
This address is stored in the 'info' ('default-mac') partition at an
offset of 8 bytes.
From OEM ifconfig:
    eth     a4:2b:b0:...:88
    ra0     a4:2b:b0:...:88
    rai0    a4:2b:b0:...:89

Flashing instructions:
* Enable SSH in the web interface, and SSH into the target device
* run `cliclientd stopcs`, this should return "success"
* upload the factory image via the web interface

Debricking:
U-boot can be interrupted during boot, serial console is 57600 baud, 8n1
This allows installing a sysupgrade image, or fixing the device in
another way.
* Access serial header from the side of the board, close to ETH3,
  pin-out is (1:TX, 2:RX, 3:GND, 4:3.3V), with pin 1 closest to ETH3.
* Interrupt bootloader by holding '4' during boot, which drops the
  bootloader into its shell
* Change default 'serverip' and 'ipaddr' variables (optional)
* Download initramfs with `tftpboot`, and boot image with `bootm`
    # tftpboot 84000000 openwrt-initramfs.bin
    # bootm

Revert to stock:
Using the tplink-safeloader utility from the firmware-utils package,
TP-Link's firmware image can be converted to an OpenWrt-compatible
sysupgrade image:
  $ ./staging_dir/host/bin/tplink-safeloader -B EAP235-WALL-V1 \
      -z EAP235-WALLv1_XXX_up_signed.bin -o eap235-sysupgrade.bin

This can then be flashed using the OpenWrt sysupgrade interface. The
image will appear to be incompatible and must be force flashed, without
keeping the current configuration.

Known issues:
- DFS support is incomplete (known issue with MT7613)
- MT7613 radio may stop responding when idling, reboot required.
  This was an issue with the ddc75ff704 version of mt76, but appears to
  have improved/disappeared with bc3963764d.
  Error notice example:
  [ 7099.554067] mt7615e 0000:02:00.0: Message 73 (seq 1) timeout

Hardware was kindly provided for porting by Stijn Segers.

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2021-02-19 14:00:08 +01:00
Alexey Kunitskiy
8d4afab0ab tplink-safeloader: add support for TP-Link Archer A7 v5 (RU)
Although provided in separate zip archives, the firmwares for EU
and RU version are byte-identical. This adds the missing ID compared
to the support-list in the vendor firmware.

Note (since I checked it anyway):

Partitions and support list are unchanged for all three existing
firmware versions:

  * 20200721-rel40773
  * 20201029-rel43238
  * 20201120-rel50399

Signed-off-by: Alexey Kunitskiy <alexey.kv@gmail.com>
[rewrite commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 21:57:20 +01:00
Rafał Miłecki
c31f797527 firmware-utils: bcm4908asus: tool inserting Asus tail into BCM4908 image
Asus looks for an extra data at the end of BCM4908 image, right before
the BCM4908 tail. It needs to be properly filled to make Asus accept
firmware image.

This tool constructs such a tail, writes it and updates CRC32 in BCM4908
tail accordingly.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-22 20:10:38 +01:00
Rafał Miłecki
eaca08ab58 firmware-utils: bcm4908img: tool adding BCM4908 image tail
Flashing image with BCM4908 CFE bootloader requires specific firmware
format. It needs 20 extra bytes with magic numbers and CRC32 appended.

This tools allows appending such a tail to the specified image and also
verifying CRC32 of existing BCM4908 image.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-18 07:39:09 +01:00
Rafał Miłecki
6e7ca70449 firmware-utils: bcm4908kernel: tool adding BCM4908 kernel header
BCM4908 CFE bootloader requires kernel to be prepended with a custom
header. This simple tool implements support for such headers.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-15 07:44:46 +01:00
Gary Cooper
1a775a4fd0 ipq806x: add support for TP-Link Talon AD7200
Device hardware: https://deviwiki.com/wiki/TP-LINK_AD7200_(Talon)

The Talon AD7200 is basically an Archer C2600 with a third PCIe lane
and an 802.11ad radio. It looks like the Archers C2600/5400 but the
housing is slightly larger.

Specifications
--------------

  - IPQ8064 dual-core 1400MHz
  - QCA9988 2.4GHz WiFi
  - QCA9990 5GHz WiFi
  - QCA9500 60GHz WiFi
  - 32MB SPI Flash
  - 512MiB RAM
  - 5 GBit Ports (QCA8337)

Installation
------------

Installation is possible from the OEM web interface.
Sysupgrade is possible.
TFTP recovery is possible.
  - Image: AD7200_1.0_tp_recovery.bin

Notes
  - This will be the first 802.11ad device supported by mainline.

Signed-off-by: Gary Cooper <gaco@bitmessage.de>
2021-01-05 02:16:24 +00:00
Andrew Pikler
40437b18f4 firmware: add tool for signing d-link ru router factory firmware images
Some Russian d-link routers require that their firmware be signed with a
salted md5 checksum followed by the bytes 0x00 0xc0 0xff 0xee. This tool
signs factory images the OEM's firmware accepts them.

Signed-off-by: Andrew Pikler <andrew.pikler@gmail.com>
2020-12-22 19:11:50 +01:00
Roman Kuzmitskii
491ae3357e ath79: add support for Ubiquiti airCube AC
The Ubiquiti Network airCube AC is a cube shaped device supporting
2.4 GHz and 5 GHz with internal 2x2 MIMO antennas.
It can be powered with either one of:
 - 24v power supply with 3.0mm x 1.0mm barrel plug
 - 24v passive PoE on first LAN port
There are four 10/100/1000 Mbps ports (1 * WAN + 3 * LAN).
First LAN port have optional PoE passthrough to the WAN port.

SoC:       Qualcomm / Atheros AR9342
RAM:       64 MB DDR2
Flash:     16 MB SPI NOR
Ethernet:  4x 10/100/1000 Mbps (1 WAN + 3 LAN)
LEDS:      1x via a SPI controller (not yet supported)
Buttons:   1x Reset
Serial:    1x (only RX and TX); 115200 baud, 8N1

Missing features:
 - LED control is not supported

Physical to internal switch port mapping:
 - physical port #1 (poe in) = switchport 2
 - physical port #2 = switchport 3
 - physical port #3 = switchport 5
 - physical port #4 (wan/poe out) = switchport 4

Factory update is tested and is the same as for Ubiquiti AirCube ISP
hence the shared configuration between that devices.

Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
2020-12-22 19:11:50 +01:00
Gioacchino Mazzurco
33ad097606 tplink-safeloader: add support for TP-Link CPE510 v3.20
This adds new strings for the v3.20 to the support list of the
already supported TP-Link CPE510 v3.

The underlying hardware appears to be the same, similar to the
situation with CPE210 v3.20 in 4a2380a1e7 ("tplink-safeloader:
expand support list for TP-Link CPE210 v3")

Signed-off-by: Gioacchino Mazzurco <gio@altermundi.net>
[extended commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-14 15:19:39 +01:00
Sander Vanheule
cb38170f4c
firmware-utils: tplink-safeloader: refactor meta-partition padding
Because some padding values in the TP-Link safeloader image generation
were hardcoded, different values were sometimes used throughout a
factory image. TP-Link's upgrade images use the same value everywhere,
so let's do the same here.

Although a lot of TP-Link's safeloader images have padded partition
payloads, images for the EAP-series of AC devices don't. This padding is
therefore also made optional.

By replacing the type of the padding value byte with a wider datatype,
new values outside of the previously valid range become available. Use
these new values to denote that padding should not be performed.
Because char might be signed, also replace the char literals by a
numeric literal. Otherwise '\xff' might be sign extended to 0xffff.

This results in factory images differing by 1 byte for:
* C2600
* ARCHER-C5-V2
* ARCHERC9
* TLWA850REV2
* TLWA855REV1
* TL-WPA8630P-V2-EU
* TL-WPA8630P-V2-INT
* TL-WPA8630P-V2.1-EU
* TLWR1043NDV4
* TL-WR902AC-V1
* TLWR942NV1
* RE200-V2
* RE200-V3
* RE220-V2
* RE305-V1
* RE350-V1
* RE350K-V1
* RE355
* RE450
* RE450-V2
* RE450-V3
* RE500-V1
* RE650-V1

The following factory images no longer have padding, shrinking the
factory images by a few bytes for:
* EAP225-OUTDOOR-V1
* EAP225-V3
* EAP225-WALL-V2
* EAP245-V1
* EAP245-V3

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-12-07 01:57:19 +01:00
Sander Vanheule
1a211af2cb firmware-utils: tplink-safeloader: refactor meta-partition generation
TP-Link safeloader firmware images contain a number of (small)
partitions with information about the device. These consist of:
* The data length as a 32-bit integer
* A 32-bit zero padding
* The partition data, with its length set in the first field

The OpenWrt factory image partitions that follow this structure are
soft-version, support-list, and extra-para. Refactor the code to put all
common logic into one allocation call, and let the rest of the data be
filled in by the original functions.

Due to the extra-para changes, this patch results in factory images that
change by 2 bytes (not counting the checksum) for three devices:
* ARCHER-A7-V5
* ARCHER-C7-V4
* ARCHER-C7-V5

These were the devices where the extra-para blob didn't match the common
format. The hardcoded data also didn't correspond to TP-Link's (recent)
upgrade images, which actually matches the meta-partition format.

A padding byte is also added to the extra-para partition for EAP245-V3.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-12-07 01:55:28 +01:00
Sander Vanheule
b0ecae504b ath79: support for TP-Link EAP225 v3
TP-Link EAP225 v3 is an AC1350 (802.11ac Wave-2) ceiling mount access
point. Serial port access for debricking requires fine soldering.

Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 3x3
* Wireless 5Ghz (QCA9886): a/n/ac, 2x2 MU-MINO
* Ethernet (AR8033): 1× 1GbE, 802.3at PoE

Flashing instructions:
* ssh into target device and run `cliclientd stopcs`
* Upgrade with factory image via web interface

Debricking:
* Serial port can be soldered on PCB J3 (1: TXD, 2: RXD, 3: GND, 4: VCC)
    * Bridge unpopulated resistors R225 (TXD) and R237 (RXD).
      Do NOT bridge R230.
    * Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via LuCI web interface
    setenv ipaddr 192.168.1.1 # default, change as required
    setenv serverip 192.168.1.10 # default, change as required
    tftp 0x80800000 initramfs.bin
    bootelf $fileaddr

MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From OEM boot log:

    Using interface ath0 with hwaddr b0:...:3e and ssid "..."
    Using interface ath10 with hwaddr b0:...:3f and ssid "..."

Tested by forum user blinkstar88

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-11-23 22:53:15 +01:00
Sander Vanheule
4f86edf477 ath79: support for TP-Link EAP225-Outdoor v1
TP-Link EAP225-Outdoor v1 is an AC1200 (802.11ac Wave-2) pole or wall
mount access point. Debricking requires access to the serial port, which
is non-trivial.

Device specifications:
* SoC: QCA9563 @ 775MHz
* Memory: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n 2x2
* Wireless 5GHz (QCA9886): a/n/ac 2x2 MU-MIMO
* Ethernet (AR8033): 1× 1GbE, PoE

Flashing instructions:
* ssh into target device with recent (>= v1.6.0) firmware
* run `cliclientd stopcs` on target device
* upload factory image via web interface

Debricking:
To recover the device, you need access to the serial port. This requires
fine soldering to test points, or the use of probe pins.
* Open the case and solder wires to the test points: RXD, TXD and TPGND4
  * Use a 3.3V UART, 115200 baud, 8n1
* Interrupt bootloader by holding ctrl+B during boot
* upload initramfs via built-in tftp client and perform sysupgrade
    setenv ipaddr 192.168.1.1 # default, change as required
    setenv serverip 192.168.1.10 # default, change as required
    tftp 0x80800000 initramfs.bin
    bootelf $fileaddr

MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From stock ifconfig:

    ath0      Link encap:Ethernet  HWaddr D8:...:2E
    ath10     Link encap:Ethernet  HWaddr D8:...:2F
    br0       Link encap:Ethernet  HWaddr D8:...:2E
    eth0      Link encap:Ethernet  HWaddr D8:...:2E

Tested by forum user PolynomialDivision on firmware v1.7.0.
UART access tested by forum user arinc9.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-11-23 22:53:15 +01:00
Sander Vanheule
b11ad48764 ath79: support for TP-Link EAP245 v1
TP-Link EAP245 v1 is an AC1750 (802.11ac Wave-1) ceiling mount access point.

Device specifications:
* SoC: QCA9563 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n, 3x3
* Wireless 5Ghz (QCA9880): a/n/ac, 3x3
* Ethernet (AR8033): 1× 1GbE, 802.3at PoE

Flashing instructions:
* Upgrade the device to firmware v1.4.0 if necessary
* Exploit the user management page in the web interface to start telnetd
  by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`.
* Immediately change the malformed username back to something valid
  (e.g. 'admin') to make ssh work again.
* Use the root shell via telnet to make /tmp world writeable (chmod 777)
* Extract /usr/bin/uclited from the device via ssh and apply the binary
  patch listed below. The patch is required to prevent `uclited -u` in
  the last step from crashing.
* Copy the patched uclited programme back to the device at /tmp/uclited
  (via ssh)
* Upload the factory image to /tmp/upgrade.bin (via ssh)
* Run `chmod +x /tmp/uclited && /tmp/uclited -u` to install OpenWrt.

    --- xxd uclited
    +++ xxd uclited-patched
    @@ -53796,7 +53796,7 @@
     000d2240: 8c44 0000 0320 f809 0000 0000 8fbc 0010  .D... ..........
     000d2250: 8fa6 0a4c 02c0 2821 8f82 87b8 0000 0000  ...L..(!........
    -000d2260: 8c44 0000 0c13 45e0 27a7 0018 8fbc 0010  .D....E.'.......
    +000d2260: 8c44 0000 2402 0000 0000 0000 8fbc 0010  .D..$...........
     000d2270: 1040 001d 0000 1821 8f99 8374 3c04 0058  .@.....!...t<..X
     000d2280: 3c05 0056 2484 a898 24a5 9a30 0320 f809  <..V$...$..0. ..

Debricking:
* Serial port can be soldered on PCB J3 (1: TXD, 2: RXD, 3: GND, 4: VCC)
    * Bridge unpopulated resistors R225 (TXD) and R237 (RXD).
      Do NOT bridge R230.
    * Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via the LuCI web interface
    setenv ipaddr 192.168.1.1 # default, change as required
    setenv serverip 192.168.1.10 # default, change as required
    tftp 0x80800000 initramfs.bin
    bootelf $fileaddr

Tested on the EAP245 v1 running the latest firmware (v1.4.0). The binary
patch might not apply to uclited from other firmware versions.

EAP245 v1 device support was originally developed and maintained by
Julien Dusser out-of-tree. This patch and "ath79: prepare for 1-port
TP-Link EAP2x5 devices" are based on that work.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-11-23 22:53:15 +01:00
INAGAKI Hiroshi
65f3e7ce1f firmware-utils: fix mistake and improve logic in nec-enc
this patch fixes/improves follows:

- PATTERN_LEN is defined as a macro but unused
- redundant logic in count-up for "ptn"

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2020-11-12 18:19:44 +01:00
Richard Fröhning
33b76d66d1 ramips: add support for TP-Link RE200 v4
TP-Link RE200 v4 is a wireless range extender with Ethernet and 2.4G and 5G
WiFi with internal antennas.
It's based on MediaTek MT7628AN+MT7610EN like the v2/v3.

Specifications
--------------

- MediaTek MT7628AN (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 1x 10/100 Mbps Ethernet
- 8x LED (GPIO-controlled), 2x button
- UART connection holes on PCB (57600 8n1)

There are 2.4G and 5G LEDs in red and green which are controlled
separately.

MAC addresses
-------------

The MAC address assignment matches stock firmware, i.e.:

LAN : *:8E
2.4G: *:8D
5G  : *:8C

MAC address assignment has been done according to the RE200 v2.

The label MAC address matches the OpenWrt ethernet address.

Installation
------------

Web Interface
-------------

It is possible to upgrade to OpenWrt via the web interface. Simply flash
the -factory.bin from OEM. In contrast to a stock firmware, this will not
overwrite U-Boot.

Recovery
--------

Unfortunately, this devices does not offer a recovery mode or a tftp
installation method. If the web interface upgrade fails, you have to open
your device and attach serial console.

Instructions for serial console and recovery may be checked out in
commit 6d6f36ae78 ("ramips: add support for TP-Link RE200 v2") or on
the device's Wiki page.

Signed-off-by: Richard Fröhning <misanthropos@gmx.de>
[removed empty line, fix commit message formatting]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-20 03:01:13 +02:00
Adrian Schmutzler
e3af1666f4 ath79: rename TP-Link TL-WPA8630P v2 (EU) to v2.0 (EU)
Since we have a v2.1 (EU) with different partitioning now, rename
the v2.0 to make the difference visible to the user more directly.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-04 15:44:05 +02:00
Joe Mullally
7422c7a6fa ath79: add support for TP-Link TL-WPA8630P (EU) v2.1
This adds support for the TP-Link TL-WPA8630P (EU) in its v2.1
version. The only unique aspect for the firmware compared to v2
layout is the partition layout.

Note that while the EU version has different partitioning for
v2.0 and v2.1, the v2.1 (AU) is supported by the v2-int image.

If you plan to use this device, make sure you have a look at
the Wiki page to check whether the device is supported and
which image needs to be taken.

Specifications
--------------

  - QCA9563 750MHz, 2.4GHz WiFi
  - QCA9888 5GHz WiFi
  - 8MiB SPI Flash
  - 128MiB RAM
  - 3 GBit Ports (QCA8337)
  - PLC (QCA7550)

Installation
------------

Installation is possible from the OEM web interface. Make sure to
install the latest OEM firmware first, so that the PLC firmware is
at the latest version. However, please also check the Wiki page
for hints according to altered partitioning between OEM firmware
revisions.

Notes
-----

The OEM firmware has 0x620000 to 0x680000 unassigned, so we leave
this empty as well. It is complicated enough already ...

Signed-off-by: Joe Mullally <jwmullally@gmail.com>
[improve partitions, use v2 DTSI, add entry in 02_network, rewrite
and extend commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-04 15:44:05 +02:00
Sander Vanheule
c9f51a9ad6 ath79: support for TP-Link EAP225-Wall v2
TP-Link EAP225-Wall v2 is an AC1200 (802.11ac Wave-2) wall plate access
point. UART access and debricking require fine soldering.

The device was kindly provided for porting by Stijn Segers.

Device specifications:
* SoC: QCA9561 @ 775MHz
* RAM: 128MiB DDR2
* Flash: 16MiB SPI-NOR (GD25Q127CSIG)
* Wireless 2.4GHz (SoC): b/g/n, 2x2
* Wireless 5Ghz (QCA9886): a/n/ac, 2x2 MU-MIMO
* Ethernet (SoC): 4× 100Mbps
  * Eth0 (back): 802.3af/at PoE in
  * Eth1, Eth2 (bottom)
  * Eth3 (bottom): PoE out (can be toggled by GPIO)
* One status LED
* Two buttons (both work as failsafe)
  * LED button, implemented as KEY_BRIGHTNESS_TOGGLE
  * Reset button

Flashing instructions, requires recent firmware (tested on 1.20.0):
* ssh into target device and run `cliclientd stopcs`
* Upgrade with factory image via web interface

Debricking:
* Serial port can be soldered on PCB J4 (1: TXD, 2: RXD, 3: GND, 4: VCC)
    * Bridge unpopulated resistors R162 (TXD) and R165 (RXD)
      Do NOT bridge R164
    * Use 3.3V, 115200 baud, 8n1
* Interrupt bootloader by holding CTRL+B during boot
* tftp initramfs to flash via sysupgrade or LuCI web interface

MAC addresses:
MAC address (as on device label) is stored in device info partition at
an offset of 8 bytes. ath9k device has same address as ethernet, ath10k
uses address incremented by 1.
From OEM ifconfig:
    br0       Link encap:Ethernet  HWaddr 50:...:04
    eth0      Link encap:Ethernet  HWaddr 50:...:04
    wifi0     Link encap:UNSPEC  HWaddr 50-...-04-...
    wifi1     Link encap:UNSPEC  HWaddr 50-...-05-...

Signed-off-by: Sander Vanheule <sander@svanheule.net>
[fix IMAGE_SIZE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-09-12 19:37:24 +02:00
Sander Vanheule
9dd4ba3d7e ath79: add support for TP-Link EAP245-v3
TP-Link EAP245 v3 is an AC1750 (802.11ac Wave-2) ceiling mount access
point. UART access (for debricking) requires non-trivial soldering.

Specifications:
* SoC: QCA9563 (CPU/DDR/AHB @ 775/650/258 MHz)
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (SoC): b/g/n 3x3
* Wireless 5GHz (QCA9982): a/n/ac 3x3 with MU-MIMO
* Ethernet (QCA8337N switch): 2× 1GbE, ETH1 (802.3at PoE) and ETH2
* Green and amber status LEDs
* Reset switch (GPIO, available for failsafe)

Flashing instructions:
All recent firmware versions (latest is 2.20.0), can disable firmware
signature verification and use a padded firmware file to flash OpenWrt:
* ssh into target device and run `cliclientd stopcs`
* upload factory image via web interface

The stopcs-method is supported from firmware version 2.3.0. Earlier
versions need to be upgraded to a newer stock version before flashing
OpenWrt.

Factory images for these devices are RSA signed by TP-Link. While the
signature verification can be disabled, the factory image still needs to
have a (fake) 1024 bit signature added to pass file checks.

Debricking instructions:
You can recover using u-boot via the serial port:
* Serial port is available from J3 (1:TX, 2:RX, 3:GND, 4:3.3V)
* Bridge R237 to connect RX, located next to J3
* Bridge R225 to connect TX, located inside can on back-side of board
* Serial port is 115200 baud, 8n1, interrupt u-boot by holding ctrl+B
* Upload initramfs with tftp and upgrade via OpenWrt

Device mac addresses:
Stock firmware has the same mac address for 2.4GHz wireless and
ethernet, 5GHz is incremented by one. The base mac address is stored in
the 'default-mac' partition (offset 0x90000) at an offset of 8 bytes.
ART blobs contain no mac addresses.
From OEM ifconfig:
    ath0      Link encap:Ethernet  HWaddr 74:..:E2
    ath10     Link encap:Ethernet  HWaddr 74:..:E3
    br0       Link encap:Ethernet  HWaddr 74:..:E2
    eth0      Link encap:Ethernet  HWaddr 74:..:E2

Signed-off-by: Sander Vanheule <sander@svanheule.net>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-09-09 20:42:10 +03:00
Sander Vanheule
14464e1128 firmware-utils/tplink-safeloader: add compat level
TP-Link has introduced a compatibility level to prevent certain
downgrades. This information is stored in the soft-version partition,
changing the data length from 0xc to 0x10.

The compatibility level doesn't change frequently. For example, it has
the following values for the EAP245v3 (released 2018-Q4):
* FW v2.2.0  (2019-05-30): compat_level=0
* FW v2.3.0  (2019-07-31): compat_level=0
* FW v2.3.1  (2019-10-29): compat_level=1
* FW v2.20.0 (2020-04-23): compat_level=1

Empty flash values (0xffffffff) are interpreted as compat_level=0.
If a firmware upgrade file has a soft-version block without
compatibility level (data length < 0x10), this is also interpreted as
compat_level=0.

By including a high enough compatibility level in factory images, stock
firmware can be convinced to accept the image. A compatibility level
aware firmware will keep the original value.

Example upgrade log of TP-Link EAP245v3 FWv2.3.0 to FWv2.20.0:
    [NM_Debug](nm_fwup_verifyFwupFile) 02073: curSoftVer:2.3.0 Build
        20190731 Rel. 51932,newSoftVer:2.20.0 Build 20200423 Rel. 36779
    ...
    AddiHardwareVer check: NEW(0x1) >= CUR(0x0), Success.
    ...
    [NM_NOTICE](updateDataToNvram) 00575: Restore old additionalHardVer:
    0x0.(new 0x1)
    [NM_NOTICE](updateDataToNvram) 00607: PTN 07: name = soft-version,
        base = 0x00092000, size = 0x00000100 Bytes, upDataType = 1,
        upDataStart = 7690604b, upDataLen = 00000018
    [NM_Debug](updateDataToNvram) 00738: PTN 07: write bytes = 000002eb

Other firmware upgrades have been observed to modify the compabitility
stored level (e.g. TP-Link EAP225-Outdoor FWv1.4.1 to FWv1.7.0).
Therefore, it seems to be the safest option to set the OpenWrt
compatibility level to the highest known value instead of the highest
possible value (0xfffffffe), to ensure users do not get unexpectedly
refused firmware upgrades when using a device reverted back to stock.

To remain compatible with existing devices and not produce different
images, the image builder doesn't store a compatibility level if it is
zero.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-09-09 20:41:50 +03:00
Sander Vanheule
6985a26e59 firmware-utils/tplink-safeloader: soft-version magic is data length
The soft-version partition actually contains a header and trailing data:
* header: {data length, [zero]}
* data: {version, bcd encoded date, revision}

The data length is currently treated as a magic number, but should
contain the length of the partition data.

This header is also present the following partitions (non-exhaustive):
* string-based soft-version
* support-list

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-09-09 20:41:50 +03:00
Adrian Schmutzler
d7fb7ac278 ath79: increase kernel partition for ar9344 TP-Link CPE/WBS
The kernel has become too big again for the ar9344-based TP-Link
CPE/WBS devices which still have no firmware-partition splitter.

Current buildbots produce a kernel size of about 2469 kiB, while
the partition is only 2048 kiB (0x200000). Therefore, increase it
to 0x300000 to provide enough room for this and, hopefully, the
next kernel.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-30 22:20:37 +02:00
Alexander Couzens
6d5d815e3f
tools/tplink-safeloader: use soft_ver 1.9.1 for archer c6 v2
TP-LINK published a firmware update for the archer c6 v2.
This updates also reached the factory devices. Newer software version
rejects downgrading to 1.2.x. Use 1.9.x to allow installing the factory images
and have a little bit time to change it again.

Tested on archer c6 v2 with firmware 1.3.1

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2020-08-19 19:21:24 +02:00
Andreas Böhler
ab74def0db ath79: add support for TP-Link TL-WPA8630P v2
The TL-WPA8630P v2 is a HomePlug AV2 compatible device with a QCA9563 SoC
and 2.4GHz and 5GHz WiFi modules.

Specifications
--------------

  - QCA9563 750MHz, 2.4GHz WiFi
  - QCA9888 5GHz WiFi
  - 8MiB SPI Flash
  - 128MiB RAM
  - 3 GBit Ports (QCA8337)
  - PLC (QCA7550)

MAC address assignment
----------------------

WiFi 2.4GHz and LAN share the same MAC address as printed on the label.
5GHz WiFi uses LAN-1, based on assumptions from similar devices.

LAN Port assignment
-------------------

While there are 3 physical LAN ports on the device, there will be 4
visible ports in OpenWrt. The fourth port (internal port 5) is used
by the PowerLine Communication SoC and thus treated like a regular
LAN port.

Versions
--------

Note that both TL-WPA8630 and TL-WPA8630P, as well as the different
country-versions, differ in partitioning, and therefore shouldn't be
cross-flashed.

This adds support for the two known partitioning variants of the
TL-WPA8630P, where the variants can be safely distinguished via the
tplink-safeloader SupportList. For the non-P variants (TL-WPA8630),
at least two additional partitioning schemes exist, and the same
SupportList entry can have different partitioning.
Thus, we don't support those officially (yet).

Also note that the P version for Germany (DE) requires the international
image version, but is properly protected by SupportList.

In any case, please check the OpenWrt Wiki pages for the device
before flashing anything!

Installation
------------

Installation is possible from the OEM web interface. Make sure to
install the latest OEM firmware first, so that the PLC firmware is
at the latest version. However, please also check the Wiki page
for hints according to altered partitioning between OEM firmware
revisions.

Additional thanks to Jon Davies and Joe Mullally for bringing
order into the partitioning mess.

Signed-off-by: Andreas Böhler <dev@aboehler.at>
[minor DTS adjustments, add label-mac-device, drop chosen, move
common partitions to DTSI, rename de to int, add AU support strings,
adjust TPLINK_BOARD_ID, create common node in generic-tp-link.mk,
adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-10 11:48:08 +02:00
Sander Vanheule
34271d38ae tools/firmware-utils: use UTC for image timestamps
By using localtime() to determine the timestamp that goes into factory
images, the resulting image depends on the timezone of the build system.
Use gmtime() instead, which results in more reproducible images.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2020-08-07 09:48:33 +02:00
Richard Fröhning
009e62c92c ramips: add support for TP-Link RE200 v3
TP-Link RE200 v3 is a wireless range extender with Ethernet and 2.4G and 5G
WiFi with internal antennas. It's based on MediaTek MT7628AN+MT7610EN like the v2.

Specifications
--------------

- MediaTek MT7628AN (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 1x 10/100 Mbps Ethernet
- 8x LED (GPIO-controlled), 2x button

Unverified:
- UART header on PCB (57600 8n1)

There are 2.4G and 5G LEDs in red and green which are controlled
separately.

MAC addresses
-------------

MAC address assignment has been done according to the RE200 v2.

The label MAC address matches the OpenWrt ethernet address.

Installation
------------

Web Interface
-------------

It is possible to upgrade to OpenWrt via the web interface. Simply flash
the -factory.bin from OEM. In contrast to a stock firmware, this will not
overwrite U-Boot.

Recovery
--------

Unfortunately, this devices does not offer a recovery mode or a tftp
installation method. If the web interface upgrade fails, you have to open
your device and attach serial console.

The device has not been opened for adding support. However, it is expected
that the behavior is similar to the RE200 v2. Instructions for serial console
and recovery may be checked out in commit 6d6f36ae78 ("ramips: add support
for TP-Link RE200 v2") or on the device's Wiki page.

Signed-off-by: Richard Fröhning <misanthropos@gmx.de>
[adjust commit title/message, sort support list]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-03 23:34:34 +02:00
Adrian Schmutzler
1deaf695ec ramips: fix/tidy up 4M tplink-v2-image flash layouts
For the TP-Link 4M devices with tplink-v2-image recipe
(mktplinkfw2.c), there are two different flash layouts based
on the size of the (u)boot partition:

device         uboot    OEM firmware  OpenWrt (incl. config)
tl-wr840n-v5   0x20000  0x3c0000      0x3d0000
tl-wr841n-v14  0x10000  0x3d0000      0x3e0000

In both cases, the 0x10000 config partition is used for the firmware
partition as well due to the limited space available and since it's
recreated by the OEM firmware anyway.

However, the TFTP flashing process will only copy data up to the
size of the initial (OEM) firmware size. Therefore, while we can
use the bigger partition to have additional erase blocks on the
device, we have to limit the image sizes to the TFTP limits.

So far, only one layout definition has been set up in mktplinkfw2.c
for 4M mediatek devices. This adds a second one and assigns them
to the devices so the image sizes are correctly restrained.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-08-03 12:17:08 +02:00
Paul Spooren
7c12d5d167 tools/firmware-utils: add PKG_RELEASE
There is no versioning information in the firmware-utils code nor the
Makefile. Consider it as first release by adding PKG_RELEASE.

Motivation is the tracking of changes in the buildsystem, which requires
versioning of packages.

Also update copyright.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-07-23 11:30:09 +02:00
Adrian Schmutzler
4a2380a1e7 tplink-safeloader: expand support list for TP-Link CPE210 v3
This adds new strings to the support list for the TP-Link CPE210 v3
that are supposed to work with the existing setup.

Without it, the factory image won't be accepted by the vendor UI on
these newer revisions.

Tested on a CPE210 v3.20 (EU).

Ref: https://forum.openwrt.org/t/build-for-cpe210-v3-20/68000

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-20 13:43:36 +02:00
Petr Štetiar
61b36ee9ba firmware-utils: mkfwimage: fix memcpy and strncpy usage
Firmware is binary blob, so there are barely any NULL terminated strings
expected, so we should probably convert all chars into u8 types, and
after that it's clear, that using strcpy doesn't make sense anymore.

This is rather theoretical stuff, but `uint8_t name[PART_NAME_LENGTH]`
means, that you can supply PART_NAME_LENGTH sized name, not
PART_NAME_LENGTH-1 name when NULL terminated.

Ref: https://github.com/openwrt/openwrt/pull/2274
Fixes: 04cb651376 ("firmware-utils: mkfwimage: fix more errors reported by gcc-6/7/9")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-11 13:33:28 +02:00
David Woodhouse
dca867c5a3 firmware-utils/ptgen: allow explicit placement of partitions
For Banana Pi R2 we need to place the U-Boot partition at precisely 0x50000.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
Andrea Dalla Costa
d64b20da21 firmware-utils/hcsmakeimage: fix possible memory leak and resource leaks
Add missing calls to `free` for variable `filebuffer`.
Add missing calls to `fclose` for variables `fd` and `fd_out`.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-07-08 16:07:05 +02:00
Christoph Krapp
ba0f4f0cfd ramips: add support for TP-Link RE500 v1
This device uses the same hardware as RE650 v1 which got supported in
8c51dde.

Hardware specification:

- SoC 880 MHz - MediaTek MT7621AT
- 128 MB of DDR3 RAM
- 16 MB - Winbond 25Q128FVSG
- 4T4R 2.4 GHz - MediaTek MT7615E
- 4T4R 5 GHz - MediaTek MT7615E
- 1x 1 Gbps Ethernet - MT7621AT integrated
- 7x LEDs (Power, 2G, 5G, WPS(x2), Lan(x2))
- 4x buttons (Reset, Power, WPS, LED)
- UART header (J1) - 2:GND, 3:RX, 4:TX
  Serial console @ 57600,8n1

Flash instructions:

Upload
openwrt-ramips-mt7621-tplink_re500-v1-squashfs-factory.bin
from the RE500 web interface.

TFTP recovery to stock firmware:

Unfortunately, I can't find an easy way to recover the RE
without opening the device and using modified binaries. The
TFTP upload will only work if selected from u-boot, which
means you have to open the device and attach to the serial
console. The TFTP update procedure does *not* accept the
published vendor firmware binaries. However, it allows to
flash kernel + rootfs binaries, and this works if you have
a backup of the original contents of the flash. It's probably
possible to create special image out of the vendor binaries
and use that as recovery image.

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
[remove dts-v1 in DTSI, do not touch WiFi LEDs for RE650, keep
state_default in DTS files, fix label-mac-device, use lower case
for WiFi LEDs]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-07 00:40:04 +02:00
Rowan Border
33fae8421e ramips: add support for TP-Link RE220 v2
TP-Link RE220 v2 is a wireless range extender with Ethernet and 2.4G and 5G
WiFi with internal antennas. It's based on MediaTek MT7628AN+MT7610EN.

This port of OpenWRT leverages work done by Andreas Böhler <dev@aboehler.at>
for the TP-Link RE200 v2 as both devices share the same SoC, flash layout
and GPIO pinout.

Specifications

MediaTek MT7628AN (580 Mhz)
64 MB of RAM
8 MB of FLASH
2T2R 2.4 GHz and 1T1R 5 GHz
1x 10/100 Mbps Ethernet
UART header on PCB (57600 8n1)
8x LED (GPIO-controlled), 2x button
There are 2.4G and 5G LEDs in red and green which are controlled separately.

Web Interface Installation

It is possible to upgrade to OpenWrt via the web interface. Simply flash
the -factory.bin from OEM. In contrast to a stock firmware, this will not
overwrite U-Boot.

Signed-off-by: Rowan Border <rowanjborder@gmail.com>
2020-06-30 17:23:32 +02:00
Sungbo Eo
7da3c3b491 firmware-utils: sort tools alphabetically
Also remove leading whitespace after comma.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-06-28 02:27:36 +02:00
Andrew Cameron
d93da0d016 ath79: add support for TP-Link CPE610 v2
TP-Link CPE610 v2 is an outdoor wireless CPE for 5 GHz with
one Ethernet port based on Atheros AR9344

Specifications:
 - 560/450/225 MHz (CPU/DDR/AHB)
 - 1x 10/100 Mbps Ethernet
 - 64 MB of DDR2 RAM
 - 8 MB of SPI-NOR Flash
 - 23dBi high-gain directional 2×2 MIMO antenna and a
   dedicated metal reflector
 - Power, LAN, WLAN5G green LEDs
 - 3x green RSSI LEDs

Flashing instructions:
 Flash factory image through stock firmware WEB UI
 or through TFTP
 To get to TFTP recovery just hold reset button while powering on for
 around 4-5 seconds and release.
 Rename factory image to recovery.bin
 Stock TFTP server IP:192.168.0.100
 Stock device TFTP adress:192.168.0.254

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
2020-06-20 13:03:39 +02:00
Joseph C. Lehner
0a73c61cb9 mkchkimg: use higher version code
This patch changes the version code of the image header
from `1.1.99_0.0.0.0` to `99.99.99_99.99.99.99`. This
is neccessary on some devices where the stock firmware
checks the version field, possibly preventing third-party
firmware from being installed.

Reviewed-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
2020-06-09 16:59:33 +02:00
Andreas Wiese
c764c512ac ath79: add support for TP-Link RE450 v3
TP-Link RE450 v3 is a dual band router/range-extender based on
Qualcomm/Atheros QCA9563 + QCA9880.

This device is nearly identical to RE450 v2 besides a modified flash
layout (hence I think force-flashing a RE450v2 image will lead to at
least loss of MAC address).

Specification:

- 775 MHz CPU
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 1x 10/100/1000 Mbps Ethernet (AR8033 PHY)
- 7x LED, 4x button-
- possible UART header on PCB¹

Flash instruction:
Apply factory image in OEM firmware web-gui.

¹ Didn't check to connect as I didn't even manage to connect on
  RE450v2 (AFAIU it requires disconnecting some resistors, which I was
  too much of a coward to do).  But given the similarities to v2 I
  think it's the same or very similar procedure (and most likely also
  the only way to debrick).

Signed-off-by: Andreas Wiese <aw-openwrt@meterriblecrew.net>
[remove dts-v1 and compatible in DTSI]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-31 15:44:05 +02:00
Roger Pueyo Centelles
0486641849 firmware-utils: mkfwimage: add support for Ubiquiti XC devices
This commit adds support for Ubiquiti devices based on the XC board
type, such as the PowerBeam 5AC 500. The factory binary structure is
the same as the WA type.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2020-05-17 21:03:19 +02:00
李国
1963bbaa8f firmware-utils: ptgen: add GPT support
Add GPT support to ptgen, so we can generate EFI bootable images.

Introduced two options:
    -g        generate GPT partition table
    -G GUID   use GUID for disk and increase last bit for all partitions

We drop The alternate partition table to reduce size, This may cause
problems when generate vmdk images or vdi images. We have to pad enough
sectors when generate these images.

Signed-off-by: 李国 <uxgood.org@gmail.com>
[fixed compilation on macOS]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-31 16:20:47 +02:00
Georgi Vlaev
ff75bbc423 tplink-safeloader: update soft_ver for TP-Link Archer C6 v2 (EU)
The last couple of TP-Link firmware releases for Archer C6 v2 (EU)
have switched to version 1.2.x. Bump the soft_ver to "1.2.1" to
allow firmware updates from the vendor web interface.

TP-Link vendor firmware releases supported by this change:
* Archer C6(EU)_V2_200110: soft_ver:1.2.1 Build 20200110 rel.60119
* Archer C6(EU)_V2_191014: soft_ver:1.2.0 Build 20191014 rel.33289

Signed-off-by: Georgi Vlaev <georgi.vlaev@gmail.com>
2020-03-30 01:46:50 +02:00
Adrian Schmutzler
646d95c374 ath79: add support for TP-Link Archer C60 v3
TP-Link Archer C60 v3 is a dual-band AC1350 router,
based on Qualcomm/Atheros QCA9561 + QCA9886.

It seems to be identical to the v2 revision, except that
it lacks a WPS LED and has different GPIO for amber WAN LED.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 6x LED, 2x button
- UART header on PCB

Flash instruction (WebUI):
Download *-factory.bin image and upload it via the firmwary upgrade
function of the stock firmware WebUI.

Flash instruction (TFTP):
1. Set PC to fixed IP address 192.168.0.66
2. Download *-factory.bin image and rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
   directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
   be transferred from the tftp server
8. Wait ~30 second to complete recovery

While TFTP works for OpenWrt images, my device didn't accept the
only available official firmware "Archer C60(EU)_V3.0_190115.bin".

In contrast to earlier revisions (v2), the v3 contains the (same)
MAC address twice, once in 0x1fa08 and again in 0x1fb08.
While the partition-table on the device refers to the latter, the
firmware image contains a different partition-table for that region:

name           device            firmware
factory-boot   0x00000-0x1fb00   0x00000-0x1fa00
default-mac    0x1fb00-0x1fd00   0x1fa00-0x1fc00
pin            0x1fd00-0x1fe00   0x1fc00-0x1fd00
product-info   0x1fe00-0x1ff00   0x1fd00-0x1ff00
device-id      0x1ff00-0x20000   0x1ff00-0x20000

While the MAC address is present twice, other data like the PIN isn't,
so with the partitioning from the firmware image the PIN on the device
would actually be outside of its partition.
Consequently, the patch uses the MAC location from the device (which
is the same as for the v2).

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-03-18 13:49:06 +01:00
Michael T Farnworth
b468353a37 mkrasimage: fix segmentation fault
Code was attempting to determine the size of the file
before it was actually known and allocating insufficient
memory space.  Images above a certain size caused a
segmentation fault.  Moving the calloc() ensured ensured
that large images didn't result in a buffer overflow on
memcpy().

Signed-off-by: Michael T Farnworth <michael@turf.org>
[fixed name in From to match one in SoB]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-01 21:36:00 +01:00
Dan Haab
9aa6569aa6 firmware-utils: add lxlfw tool for generating Luxul firmwares
It's a simple tool prepending image with a Luxul header.

Signed-off-by: Dan Haab <dan.haab@legrand.com>
2020-02-07 09:31:22 +01:00
Andreas Böhler
6d6f36ae78 ramips: add support for TP-Link RE200 v2
TP-Link RE200 v2 is a wireless range extender with Ethernet and 2.4G and 5G
WiFi with internal antennas. It's based on MediaTek MT7628AN+MT7610EN.

Specifications
--------------

- MediaTek MT7628AN (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 1x 10/100 Mbps Ethernet
- UART header on PCB (57600 8n1)
- 8x LED (GPIO-controlled), 2x button

There are 2.4G and 5G LEDs in red and green which are controlled
separately.

MAC addresses
-------------

The MAC address assignment matches stock firmware, i.e.:
LAN : *:0D
2.4G: *:0E
5G  : *:0F

Installation
------------

Web Interface
-------------

It is possible to upgrade to OpenWrt via the web interface. Simply flash
the -factory.bin from OEM. In contrast to a stock firmware, this will not
overwrite U-Boot.

Serial console
--------------

Opening the case is quite hard, since it is welded together. Rename the
OpenWrt factory image to "test.bin", then plug in the device and quickly
press "2" to enter flash mode (no line feed). Follow the prompts until
OpenWrt is installed.

Unfortunately, this devices does not offer a recovery mode or a tftp
installation method. If the web interface upgrade fails, you have to open
your device and attach serial console.

Additonal notes
---------------

It is possible to flash back to stock by using tplink-safeloader to create
a sysupgrade image based on a stock update. After the first boot, it is
necessary upgrade to another stock image, otherwise subsequent boots
fail with LZMA ERROR 1 and you have to attach serial to recover the device.

Signed-off-by: Andreas Böhler <dev@aboehler.at>
[remove DEVICE_VARS change]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-01 19:41:51 +01:00
Adrian Schmutzler
b2102be8a5 ar71xx: use dynamic partitioning for TP-Link TL-WA850RE v2
This moves the TP-Link TL-WA850RE v2 to dynamic partitioning and
will allow to use this for ath79 as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-22 23:52:51 +01:00
Anderson Vulczak
7a8bfbf0ff tools: tplink-safeloader: update soft_ver for TP-Link Archer C6 v2 (EU)
This patch updates "soft_ver" for TP-Link Archer C6 v2 (EU).

It makes possible to upload OpenWrt on lastest vendor's firmware
as the web-based updater checks for major.minor version during upload.

Due to that on next major/minor version update TP-Link will stop
us from using the web-based firmware update tool, so it will
require a new patch on soft_ver to match major and minor version.
Up to today's latest stock firmware the patch (major.minor.patch)
version does not matters, that allows downgrade from 1.1.4 to 1.1.1
but do not allow downgrade from 1.1.X to 1.0.X.

Signed-off-by: Anderson Vulczak <andi@andi.com.br>
2020-01-19 00:19:39 +01:00
Steffen Förster
93a4c8afbf ramips: add support for TP-Link RE305 v1
Specification:

SoC: MediaTek MT7628AN
RAM: 64MiB
Flash: 8MiB
Wifi:
  - 2.4GHz: MT7628AN
  - 5GHz: MT7612EN
LAN: 1x 10/100 Mbps

Flash instructions:
Flash factory image through stock firmware WEB UI.
Back to stock is possible by using TFTP and stripping down the Firmware
provided by TP-Link to a initramfs.

The flash space between 0x650000 and 0x7f0000
is blank in the stock firmware so I left it out as well.

Signed-off-by: Steffen Förster <nemesis@chemnitz.freifunk.net>
2020-01-18 19:39:05 +01:00
Andrea Dalla Costa
8057970d2a firmware-utils/mktitanimg: fix possible resource leak
Add missing call to `fclose` for file pointer `nsp_image`.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-14 17:48:50 +01:00
Andrea Dalla Costa
1775f690d5 firmware-utils/mksenaofw: fix possible memory leak
Add missing calls to `free` for variable `pmodel`.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-14 17:48:50 +01:00
Andrea Dalla Costa
b886d3c8f3 firmware-utils/mkfwimage: fix possible memory and resource leak
Add missing calls to `free` for variable `mem`.
Add missing call to `fclose` for variable `f`.

The same changes were made in both `mkfwimage.c` and `mkfwimage2.c`.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-14 17:48:50 +01:00
Andrea Dalla Costa
8e3b3152e5 firmware-utils/mkchkimg: fix possible resource leaks
Add missing `fclose` calls for file pointers `kern_fp`, `fs_fp`
and `out_fp`.
Not closing files could lead to resource leaks.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-14 17:48:50 +01:00
Andrea Dalla Costa
0ae0f48cec firmware-utils: fix possible memory leak and resource leak
Add missing calls to `free` for variable `buffer`.
This could lead to a memory leak.

Add missing call to `close` for file pointer `fdin`.
This could lead to a resource leak.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-14 17:48:50 +01:00
Andrea Dalla Costa
402b362db4 firmware-utils/dgfirmare: fix possible resource leak
Add missing calls to `fclose` in functions `write_img`, `write_rootfs`
and `write_kernel`.
The not-closed files could lead to resource leaks.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-14 17:48:50 +01:00
Tobias Schramm
d29929be07 firmware-utils: mkfwimage: add support for Ubiquiti SW devices
This commit adds support for Ubiquiti ToughSwitch XP (and probably also
EdgeSwitch XP) devices. They are mostly based on the same hardware as
MX devices.

Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
2020-01-12 14:12:50 +01:00
Andreas Böhler
a3010a7f8d ramips: add support for TP-Link RE200 v1
TP-Link RE200 v1 is a wireless range extender with Ethernet and 2.4G and 5G
WiFi with internal antennas. It's based on MediaTek MT7620A+MT7610EN.

Specifications
--------------

- MediaTek MT7620A (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 1T1R 5 GHz
- 1x 10/100 Mbps Ethernet
- UART header on PCB (57600 8n1)
- 8x LED (GPIO-controlled; only 6 supported), 2x button

There are 2.4G and 5G LEDs in red and green which are controlled
separately. The 5G LED is currently not supported, since the GPIOs couldn't
be determined.

Installation
------------

Web Interface
-------------

It is possible to upgrade to OpenWrt via the web interface. However, the
OEM firmware upgrade file is required and a tool to fix the MD5 sum of
the header. This procedure overwrites U-Boot and there is not failsafe /
recovery mode present! To prepare an image, you need to take the header
and U-Boot (i.e. 0x200 + 0x20000 bytes) from an OEM firmware file and
attach the factory image to it. Then fix the header MD5Sum1.

Serial console
--------------

Opening the case is quite hard, since it is welded together. Rename the
OpenWrt factory image to "test.bin", then plug in the device and quickly
press "2" to enter flash mode (no line feed). Follow the prompts until
OpenWrt is installed.

Unfortunately, this devices does not offer a recovery mode or a tftp
installation method. If the web interface upgrade fails, you have to open
your device and attach serial console. Since the web upgrade overwrites
the boot loader, you might also brick your device.

Additional notes
----------------

MAC address assignment is based on stock-firmware. For me, the device
assigns the MAC on the label to Ethernet and the 2.4G WiFi, while the 5G
WiFi has a separate MAC with +2.

*:88    Ethernet/2.4G    label, uboot 0x1fc00, userconfig 0x0158
*:89    unused           userconfig 0x0160
*:8A    5G               not present in flash

This seems to be the first ramips device with a TP-Link v1 header. The
original firmware has the string "EU" embedded, there might be some region-
checking going on during the firmware upgrade process. The original
firmware also contains U-Boot and thus overwrites the boot loader during
upgrade.
In order to flash back to stock, the first header and U-Boot need to be
stripped from the original firmware.

Signed-off-by: Andreas Böhler <dev@aboehler.at>
2019-12-31 13:23:55 +01:00
Christian Mauderer
5e5e92b7c3 ath79: generate firmware image for aircube-isp
This adds a "factory" image for the aircube-isp devices. Note that the
firmware can't be uploaded without prior special preparation. For the
most recent instructions on how to do that, visit the OpenWRT wiki page
of the Ubiquiti airCube ISP for details:

https://openwrt.org/toh/ubiquiti/ubiquiti_aircube_isp

Current procedure:

With the original firmware 2.5.0 it is possible to upload and execute a
script via the configuration. To do that download and unpack the
original configuration, adapt uhttpd config to execute another lua
handler (placed in the config directory) and pack and upload it again.

The lua handler can call a script that mounts an overlayfs and modifies
the "fwupdate.real" binary so that an unsigned image is accepted. The
overlayfs is necessary because a security system (called tomoyo) doesn't
allow binaries in other locations than /sbin/fwupdate.real (and maybe
some more) to access the flash when executed via network.

A big thanks to Torvald Menningen (Snap) from the OpenWRT forum for
finding out how to patch the binary so that it accepts an unsigned
image.

The current step-by-step procedure is:

- Use a version 2.5.0 of the original firmware. This is important
  because a binary file will be modified.
- Download a configuration.
- Unpack it (it's just a tar gz file without an ending).
- Add the following to uhttpd:

``````
config 'uhttpd' 'other'
	list listen_http    0.0.0.0:8080
	list listen_http    [::]:8080
	option 'home'       '/tmp/persistent/config/patch/www'
	option lua_prefix   '/lua'
	option lua_handler  '/tmp/persistent/config/patch/handler.lua'
``````

- Create a `patch` subfolder.
- Create a `patch/www` subfolder.
- Create a `patch/handler.lua` with the following content:

``````
function handle_request(env)
    uhttpd.send("Status: 200 OK\r\n")
    uhttpd.send("Content-Type: text/plain\r\n\r\n")

    local command = "/bin/sh /tmp/persistent/config/patch/patch.sh 2>&1"

    local proc = assert(io.popen(command))
    for line in proc:lines() do
        uhttpd.send(line.."\r\n")
    end
    proc:close()
end
``````

- Create a `patch/patch.sh` with the following content:

``````
#!/bin/sh -x

set -e
set -u
set -x

UBNTBOX_PATCHED="/tmp/fwupdate.real"
MD5FILE="/tmp/patchmd5"

cat <<EOF > ${MD5FILE}
c33235322da5baca5a7b237c09bc8df1  /sbin/fwupdate.real
EOF

# check md5 of files that will be patched
if ! md5sum -c ${MD5FILE}
then
        echo "******** Error when checking files. Refuse to do anything. ********"
        exit 0
fi

# prepare some overlay functionality
LOWERDIR="/tmp/lower_root"
mkdir -p ${LOWERDIR}
mount -t squashfs -oro /dev/mtdblock3 ${LOWERDIR}
overlay_some_path()
{
        PATH_TO_OVERLAY=$1
        ALIAS=$2
        UPPERDIR="/tmp/over_${ALIAS}"
        WORKDIR="/tmp/over_${ALIAS}_work"

        mkdir -p ${UPPERDIR}
        mkdir -p ${WORKDIR}

        mount -t overlay -o lowerdir=${LOWERDIR}${PATH_TO_OVERLAY},upperdir=${UPPERDIR},workdir=${WORKDIR} overlay ${PATH_TO_OVERLAY}
}

# patch the ubntbox binary.
overlay_some_path "/sbin" "sbin"
echo -en '\x10' | dd of=/sbin/fwupdate.real conv=notrunc bs=1 count=1 seek=24598

echo "******** Done ********"
``````

- Repack the configuration.
- Upload it via the normal web interface.
- Wait about a minute. The webserver should restart.
- Now there is a second web server at port 8080 which can call the lua
  script. Visit the page with a web browser. Link is for example
  http://192.168.1.1:8080/lua
- You should see the output of the script with a "*** Done ***" at the
  end. Note that the patches are not permanent. If you restart the
  router you have to re-visit the link (but not re-upload the config).
- Now you can upload an unsigned binary via the normal web interface.

Signed-off-by: Christian Mauderer <oss@c-mauderer.de>
2019-12-31 01:42:13 +01:00
Adrian Schmutzler
c0b87cf10b tools: tplink-safeloader: fix whitespace issues
This replaces tabs by spaces when preceding an equal sign. This improves
consistency in the file and makes the indent look correct on all platforms.

While at it, also fix one case of inconsistent leading spaces.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-27 22:54:36 +01:00
Anderson Vulczak
9b90dc05f5 ath79: add support for TP-Link Archer C6 v2 (US) and A6 (US/TW)
This patch is based on #1689 and adds support for TP-Link Archer
C6 v2 (US) and A6 (US/TW).

The hardware is the same as EU and RU variant, except for GPIOs
(LEDS/Buttons), flash(chip/partitions) and UART being available
on the board.

- SOC: Qualcomm QCA9563 @ 775MHz
- Flash: GigaDevice GD25Q127CS1G (16MiB)
- RAM: Zentel A3R1GE40JBF (128 MiB DDR2)
- Ethernet: Qualcomm QCA8337N: 4x 1Gbps LAN + 1x 1Gbps WAN
- Wireless:
  - 2.4GHz (bgn) QCA9563 integrated (3x3)
  - 5GHz (ac) Qualcomm QCA9886 (2x2)
- Button: 1x power, 1x reset, 1x wps
- LED: 6x LEDs: power, wlan2g, wlan5g, lan, wan, wps
- UART: 115200, 8n1 (header available on board)

Known issues:
 - Wireless: 5GHz is known to have lower RSSI signal, it affects speed and range.

Flash instructions:

Upload openwrt-ath79-generic-tplink_archer-c6-v2-us-squashfs-factory.bin
via the router Web interface.

Flash instruction using tftp recovery:

1. Connect the computer to one of the LAN ports of the router
2. Set the computer IP to 192.168.0.66
3. Start a tftp server with the OpenWrt factory image in the
   tftp root directory renamed to ArcherA6v2_tp_recovery.bin.
4. Connect power cable to router, press and hold the
   reset button and turn the router on
5. Keep the reset button pressed until the WPS LED lights up
6. Wait ~150 seconds to complete flashing

Flash partitioning: I've followed #1689 for defining the partition layout
for this patch. The partition named as "tplink" @ 0xfd0000 is marked
as read only as it is where some config for stock firmware are stored.
On stock firmware those stock partitions starts at 0xfd9400 however
I had not been able to make it functional starting on the same address as
on stock fw, so it has been partitioned following #1689 and not the stock
partition layout for this specific partition. Due to that firmware/rootfs
partition lenght is 0xf80000 and not 0xf89400 as stock.

According to the GPL code, the EU/RU/JP variant does have different GPIO pins
assignment to LEDs and buttons, also the flash memory layout is different.

GPL Source Code: https://static.tp-link.com/resources/gpl/gpl-A6v2_us.tar.gz

Signed-off-by: Anderson Vulczak <andi@andi.com.br>
[wrap commit message, remove soft_ver change for C6 v2 EU, move LED aliases
to DTS files, remove dts-v1 in DTSI, node/property reorder in DTSI]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-27 22:54:36 +01:00
Bernhard Geier
591a06316d tplink-safeloader: shorten version number of TP-Link WBS210 v2
"2.0" instead of "2.00" is sufficient and more in line with the
other definitions.

Signed-off-by: Bernhard Geier <freifunk@geierb.de>
[commit message/title adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-23 12:03:42 +01:00
Andrew Cameron
20fdfe37d2 ath79: add support for the TP-LINK WBS510 V1
This adds support for a popular low-cost 5GHz N based AP

Specifications:
- SoC: Atheros AR9344
- RAM: 64MB
- Storage: 8 MB SPI NOR
- Wireless: 5GHz 300 Mbps, 2x RP-SMA connector, 27 dBm TX power
- Ethernet: 1x 10/100 Mbps with 24V POE IN, 1x 10/100 Mbps

Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
2019-11-22 11:41:27 +01:00
Andrew Cameron
5b8709d9f2 ath79: add support for the TP-LINK WBS510 V2
This adds support for a popular low-cost 5GHz N based AP

Specifications:
 - SoC: Atheros AR9344
 - RAM: 64MB
 - Storage: 8 MB SPI NOR
 - Wireless: 5GHz 300 Mbps, 2x RP-SMA connector, 27 dBm TX power
 - Ethernet: 1x 10/100 Mbps with 24V POE IN, 1x 10/100 Mbps

Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
2019-11-22 11:41:24 +01:00
Andrew Cameron
bae0d47f2e ath79: add support for the TP-LINK CPE220 V3
This adds support for a popular low-cost 2.4GHz N based AP

Specifications:
SoC: Qualcomm Atheros QCA9533 (650MHz)
RAM: 64MB
Storage: 8 MB SPI NOR
Wireless: 2.4GHz N based built into SoC 2x2
Ethernet: 2x 100/10 Mbps, integrated into SoC

Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254

This also applies some minor changes to the common DTSI:
- use &wmac for label-mac-device, as this one is actually set up in
  common DTSI
- move &eth0 to parent DTSI
- fix several leading spaces, added/removed newlines

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
[DTS style fixes/improvements, updated commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-06 13:37:40 +01:00
Bernhard Geier
3930aab2cb ath79: add support for TP-Link WBS210 v2
TP-Link WBS210 v2 is an outdoor wireless CPE for 2.4 GHz with
two Ethernet ports based on Atheros AR9344

The device is the same as TP-Link CPE220 v2, but with higher TX power (27 dBm
instead of 12 dBm) and two antenna connectors instead of built-in antennas.

Specifications:
 - SoC: Atheros AR9344
 - RAM: 64MB
 - Storage: 8 MB SPI NOR
 - Wireless: 2.4GHz 300 Mbps, 2x RP-SMA connector, 27 dBm TX power
 - Ethernet: 1x 10/100 Mbps with 24V POE IN, 1x 10/100 Mbps

Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP: 192.168.0.100
Stock device TFTP adress: 192.168.0.254

The TP-Link WBS devices use the same GPIOs as the CPE devices,
except for the link4 LED. For this one, WBS devices use "2", while
CPE devices use "16". (Tested on WBS210 v2)

Signed-off-by: Bernhard Geier <freifunk@geierb.de>
[added comment about GPIO]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-03 13:59:18 +01:00
André Valentin
6ae7ee7724 tools/mkrasimage: Add support for 128k header size
128k header size support is needed for ZyXEL NBG6716.

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-10-27 13:38:05 +01:00
Adrian Schmutzler
c79b796280 ar71xx: improve support for TP-Link CPE510 v2
This fixes commit bae927c551 ("ar71xx: add support for TP-LINK CPE510
V2.0") where the support for this device wasn't optimal.

Device support for the CPE510v2 so far has been a hack to enable
flashing with CPE510v1 images. Those even have different hardware (e.g.
additional ethernet port).

With this patch, we provide proper support for this device in ar71xx.

Installation:
- Flash factory image through stock firmware WEB UI or through TFTP
- To get to TFTP recovery just hold reset button while powering on
  for around 4-5 seconds and release.
- Rename factory image to recovery.bin
- Stock TFTP server IP: 192.168.0.100
- Stock device TFTP address: 192.168.0.254

Fixes: bae927c551 ("ar71xx: add support for TP-LINK CPE510 V2.0")
Signed-off-by: Andrew Cameron <apcameron@softhome.net>
[Rebased onto revert commit, changed comments in mach-cpe510.c,
changed commit title and description, fixed eth0 MAC address,
removed eth1 initialization]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[squashed revert, added fixes tag]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-21 21:54:01 +02:00
Ilya Gordeev
5daf094353 tplink-safeloader: fix compilation warnings
Signed-off-by: Ilya Gordeev <Mirraz@users.noreply.github.com>
2019-10-19 13:16:57 +02:00
Adrian Schmutzler
854ab1b045 ath79: add support for TP-Link CPE220 v2
This seems to be identical to CPE210 v1 despite having removable
antennas.

Specifications:

    * SoC: Qualcomm Atheros AR9344 (560 MHz)
    * RAM: 64MB
    * Storage: 8 MB
    * Wireless: 2.4GHz N based built into SoC 2x2
    * Ethernet: 2x 100/10 Mbps, integrated into SoC, 24V POE IN

Installation:

Flash factory image through stock firmware WEB UI
or through TFTP:
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP address:192.168.0.254

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Adrian Schmutzler
8d83a4f545 tplink-safeloader: increase kernel partition for CPE/WBSx10v1
This is a preparation for ath79 support of the CPE210/CPE510 v1.
Kernel size is chosen equal to the latest update for CPE610 v1.

This also updates the partition size in ar71xx target, so code
remains consistent if someone looks up the device. Since CPE210,
CPE510, WBS210 and WBS510 (all v1) share the same partition
layout definition, and are on deprecated target anyway, this
changes them all at once.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-08-07 18:04:03 +02:00
Petr Štetiar
ea1acaf5a6 firmware-utils: uimage_padhdr: fix Coverity issue
Fixes following issue reported by Coverity scan:

 *** CID 1452085:  Security best practices violations  (TOCTOU)
 /tools/firmware-utils/src/uimage_padhdr.c: 100 in main()
 94
 95     	if (!infname || !outfname) {
 96     		usage(argv[0]);
 97     		exit(1);
 98     	}
 99
 >>>     CID 1452085:  Security best practices violations  (TOCTOU)
 >>>     Calling function "stat" to perform check on "infname".
 100     	if (stat(infname, &statbuf) < 0) {

Fixes: a1c6a316d2 ("ramips: add support for Fon FON2601")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-08-04 22:09:20 +02:00
NOGUCHI Hiroshi
a1c6a316d2 ramips: add support for Fon FON2601
FON2601 is a wireless router.

Specification:
- SoC: Mediatek MT7620A (580MHz)
- RAM: 128 MiB
- ROM: 16 MiB SPI Flash
- Wireless:
   for 11b/g/n (upto 300 Mbps):  MT7620A built-in WMAC
   for 11a/n/ac (upto 867 Mbps): MT7662E
- Ethernet LAN: 1 port, upto 100 Mbps
- Ethernet WAN: 1 port, upto 1000 Mbps
- USB: 1 port (USB 2.0 host)
- LEDs: 4 (all can be controlled by SoC's GPIO)
- buttons: 1 (Displayed as "WPS" on enclosure)
- serial port: 57600n8
 pins: Vcc(3.3V), Rx, Tx, GND
(left to right, viewed from outside of board)

Installation (only available via UART):
  1. download sysupgrade binary image by wget command
  2. write sysupgrade binary image to Flash
     command is:
       mtd write sysupgrade.bin firmware
  3. reboot

Important Notice:
  Only one button is displayed as "WPS" on enclosure.
  However, it is configured as "reset" (factory resetting feature).

Signed-off-by: NOGUCHI Hiroshi <drvlabo@gmail.com>
[removed unrelated openwrt-keyring revert, missing -Wall for uimage_padhdr]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-26 08:09:16 +02:00
Petr Štetiar
ff7909f69e firmware-utils: mkfwimage: fix build failure on macOS with gcc 9
Fixes following errors:

 src/mkfwimage.c:279:8: error: format specifies type 'long' but the argument has type 'off_t' (aka 'long long') [-Werror,-Wformat]
                      d->stats.st_size,
                     ^~~~~~~~~~~~~~~~
 src/mkfwimage.c:280:8: error: format specifies type 'long' but the argument has type 'long long' [-Werror,-Wformat]
                      d->partition_length - d->stats.st_size);
                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 src/mkfwimage.c:378:6: error: format specifies type 'unsigned long' but the argument has type 'long long' [-Werror,-Wformat]
                      d->stats.st_size - d->partition_length);
                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-19 23:04:23 +02:00
Petr Štetiar
04cb651376 firmware-utils: mkfwimage: fix more errors reported by gcc-6/7/9
src/mkfwimage.c:276:8: error: format '%lld' expects argument of type 'long long int', but argument 4 has type '__off_t' {aka 'const long int'} [-Werror=format=]
src/fw.h:71:36: error: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__off_t' {aka 'long int'} [-Werror=format=]
    inlined from 'main' at src/mkfwimage.c:543:12:
/string_fortified.h:106:10: error: '__builtin_strncpy' output truncated before terminating nul copying 4 bytes from a string of the same length [-Werror=stringop-truncation]
    inlined from 'write_part' at src/mkfwimage.c:235:2,
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]
    inlined from 'main' at src/mkfwimage.c:477:5:
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation]
    inlined from 'main' at src/mkfwimage.c:496:5:
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
    inlined from 'main' at src/mkfwimage.c:481:5:
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
    inlined from 'main' at src/mkfwimage.c:485:5:
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]

Runtested on ath79 and UBNT Bullet M XW.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-19 22:11:15 +02:00
Kevin Darbyshire-Bryant
90b7dbf7d8 firmware-utils: mkfwimage: fix more errors
Fix 4 errors reported by gcc 9

3 mismatched format type errors
1 unused variable error

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-19 16:56:39 +01:00
Petr Štetiar
9401780c2c firmware-utils: mkfwimage: provide human readable error
While looking at the ath25 build breakage of 19.07 images today I've
encountered following error:

 mkfwimage -B XS5 -v [...] ath25-ubnt5-squashfs-sysupgrade.bin.new
 ERROR: Failed creating firmware layout description - error code: -2

Which is barely human readable and needs poking into the source code, so
this patch makes the error more verbose and usable by mere mortals.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-19 16:16:15 +02:00
Petr Štetiar
83e60f0df6 firmware-utils: mkfwimage: enable extra compiler checks and fix them
Let's enforce additional automatic checks enforced by the compiler in
order to catch possible errors during compilation.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-19 16:15:25 +02:00
Andrew Cameron
cad4132e00 ath79: add support for TP-Link CPE510-v2/v3
TP-Link CPE510-v2/v3 is an outdoor wireless CPE for 5 GHz with
one Ethernet port based on Atheros AR9344

Specifications:
 - Based on the same underlying hardware as the TP-Link CPE510
 - Power, LAN, and 4 green LEDs
 - 1 10/100Mbps Shielded Ethernet Port (Passive PoE in)
 - Built-in 13dBi 2x2 dual-polarized directional MIMO antenna
 - Adjustable transmission power from 0 to 23dBm/200mw

Flashing instructions:
 Flash factory image through stock firmware WEB UI
 or through TFTP
 To get to TFTP recovery just hold reset button while powering on for
 around 4-5 seconds and release.
 Rename factory image to recovery.bin
 Stock TFTP server IP:192.168.0.100
 Stock device TFTP adress:192.168.0.254

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
[whitespace fixes]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-18 00:06:55 +02:00
Georgi Vlaev
8c51ddeff0 ramips: add support for TP-Link RE650 v1
TP-Link RE650 v1 is a dual-band AC2600 range extender,
based on MediaTek MT7621A and MT7615E. According to the
wikidevi entry for RE650 this device is identical with
TP-Link RE500 as hardware. This patch supports only RE650.

Hardware specification:

- SoC 880 MHz - MediaTek MT7621AT
- 128 MB of DDR3 RAM
- 16 MB - Winbond 25Q128FVSG
- 4T4R 2.4 GHz - MediaTek MT7615E
- 4T4R 5 GHz - MediaTek MT7615E
- 1x 1 Gbps Ethernet - MT7621AT integrated
- 7x LEDs (Power, 2G, 5G, WPS(x2), Lan(x2))
- 4x buttons (Reset, Power, WPS, LED)
- UART header (J1) - 2:GND, 3:RX, 4:TX
  Serial console @ 57600,8n1

Flash instructions:

Upload
openwrt-ramips-mt7621-tplink_re650-v1-squashfs-factory.bin
from the RE650 web interface.

TFTP recovery to stock firmware:

Unfortunately, I can't find an easy way to recover the RE
without opening the device and using modified binaries. The
TFTP upload will only work if selected from u-boot, which
means you have to open the device and attach to the serial
console. The TFTP update procedure does *not* accept the
published vendor firmware binaries. However, it allows to
flash kernel + rootfs binaries, and this works if you have
a backup of the original contents of the flash. It's probably
possible to create special image out of the vendor binaries
and use that as recovery image.

Signed-off-by: Georgi Vlaev <georgi.vlaev@gmail.com>
[re-added variables for kernel header]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-07-17 23:14:23 +02:00
Andrew Cameron
d5a38725f8 ath79: increase kernel partition size for CPE610v1
Increase the Kernel partition to address the issue discussed here
https://forum.openwrt.org/t/cpe610-v1-sysupgrade-bin-missing-too-big/39637/5
Switch Back to the okli Loader to support increased partition size

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [add <> for e-mail]
2019-07-07 13:02:06 +02:00
Andrew Cameron
e15049c88b ath79: add support for TP-Link CPE610-v1
TP-Link CPE610-v1 is an outdoor wireless CPE for 5 GHz with
one Ethernet port based on Atheros AR9344

Specifications:
 - Based on the same underlying hardware as the TP-Link CPE510
 - Power, LAN, WLAN5G green LEDs
 - 23dBi high-gain directional 2×2 MIMO antenna and a dedicated metal reflector

Flashing instructions:
 Flash factory image through stock firmware WEB UI
 or through TFTP
 To get to TFTP recovery just hold reset button while powering on for
 around 4-5 seconds and release.
 Rename factory image to recovery.bin
 Stock TFTP server IP:192.168.0.100
 Stock device TFTP adress:192.168.0.254

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
2019-06-24 20:22:24 +02:00
Davide Fioravanti
d95dff162a firmware-utils: jcgimage: add support for 4MiB+ images
The first version of this script allowed just 4Mb factory images.
With this patch is possible to set the maximum size of the payload.

For an 8Mb flash, the corresponding maxsize is:
8 * 1024 * 1024 - 5 * 64 * 1024 = 8388608 - 327680 = 8060928

If the -m argument is not set, the default maximum size will be
used for backward compatibility.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
2019-05-31 10:30:03 +02:00
Davide Fioravanti
1bbd524e84 firmware-utils: jcgimage: fix style and compiler warnings
Fixed some compilation warnings.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
2019-05-31 10:30:03 +02:00
Davide Fioravanti
c349cc5752 tools/firmware-utils: mktplinkfw2: add Qualcomm layouts
This commit adds the partition layout used by the TP-Link Archer D50
and probably by the TP-Link Archer D7 to mktplinkfw2.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
2019-05-18 17:59:49 +02:00
Steve Glennon
6411eac5da ipq40xx: add factory image for EnGenius ENS620EXT
Extended  mksenaofw to support new "capwap" header structure.
This supports flashing from factory 3.0.0, 3.0.1, 3.1.0 and 3.5.5
firmware.

Note that the factory image format changes for 3.1 and later firmware,
and that the 3.1.0 and 3.5.5 Engenius firmware will refuse the
factory_30.bin file. Similarly, the 3.0.0 and 3.0.1 Engenius firmware
will refuse the factory_35.bin file.

Flashing from the Engenius 3.1.0 firmware with the factory_35.bin
firmware has not been tested, as 3.1.0 firmware (Engenius "middleFW")
is only intended as part of the upgrade path to 3.5.5 firmware.

Modified ipq40xx image Makefile to appropriately invoke mksenaofw
with new parameters to configure the capwap header.

Note that there is currently no method to return to factory firmware,
so this is a one-way street.

Path from factory 3.0.0 and 3.0.1 (EnGenius) software to OpenWrt is
to navigate to 192.168.1.1 on the stock firmware and navigate to the
firmware menu. Then copy the URL you have for that page, something like
http://192.168.1.1/cgi-bin/luci/;stok=12345abcdef/admin/system/flashops
and replace the trailing /admin/system/flashops with just /easyflashops

You should then be presented with a simple "Firmware Upgrade" page.
On that page, BE SURE TO CLEAR the "Keep Settings:" checkbox.

Choose the openwrt-ipq40xx-engenius_ens620ext-squashfs-factory_30.bin,
click "Upgrade" and on the following page select "Proceed".

Path from factory 3.5.5 (EnGenius) software to OpenWrt is simply to
use the stock firmware update menu. Choose the
openwrt-ipq40xx-engenius_ens620ext-squashfs-factory_35.bin and click
"Upload" and "Proceed".

The device should then flash the OpenWrt firmware and reboot. Note
that this resets the device to a default configuration with Wi-Fi
disabled, LAN1/PoE acting as a WAN port (running DHCP client) and LAN2
acting as a LAN port with a DHCP server on 192.168.1.x (AP is at
192.168.1.1)

Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[sorry, for unfixing the 80-lines eyesores.]
2019-05-11 16:37:11 +02:00
Christian Lamparter
7f3facfce2 firmware-utils: fix nec-enc build on older architectures
This patch enable gnu99 mode for the nec-enc utility which
fixes the following build-breaking errors on some older
architectures.

nec-enc.c: In function ‘xor_data’:
nec-enc.c:34:2: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode
  for (int i = 0; i < len; i++) {
  ^~~
nec-enc.c:34:2: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
nec-enc.c: In function ‘main’:
nec-enc.c:101:3: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode
   for (int i = 0; i < n; i++) {
   ^~~

Spotted-By: Buildbot
Fixes: fac27643f0 ("firmware-utils: add nec-enc")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-04-06 20:29:35 +02:00
INAGAKI Hiroshi
fac27643f0 firmware-utils: add nec-enc
nec-enc provides firmware encoding/decoding with model specific key
for NEC devices.

known devices:

  - Aterm WF1200CR
  - Aterm WG1200CR
  - Aterm WG2600HS

usage:

  nec-enc -i infile -o outfile -k key

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[checkpatch fixes, marked usage as noreturn, added static function,
moved buf* from stack to the global data segment]
2019-04-06 19:14:06 +02:00
Michael Gray
5198258d10 tools: tplink-safeloader: add C7v5 KR Support
The added entry originates from TP-Links latest Archer C7 v5 KR firmware.

Signed-off-by: Michael Gray <michael.gray@lantisproject.com>
2019-04-06 19:14:06 +02:00
Mario Schroen
5ec205d7ac ath79: Add support for TP-Link CPE210 v3
Specifications:

    * SoC: Qualcomm Atheros QCA9533 (650MHz)
    * RAM: 64MB
    * Storage: 8 MB SPI NOR
    * Wireless: 2.4GHz N based built into SoC 2x2
    * Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN

Installation:
    Flash factory image through stock firmware WEB UI or TFTP
    To get to TFTP recovery just hold reset button while powering
    on for around 4-5 seconds and release.
    Rename factory image to recovery.bin
    Stock TFTP server IP:192.168.0.100
    Stock device TFTP adress:192.168.0.254

Thanks to robimarko for the work inside the ar71xx tree.
Thanks to adrianschmutzler for deep discussion and fixes.

Signed-off-by: Mario Schroen <m.schroen@web.de>
[Split into DTS/DTSI, read-only config partition in DTSI]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[renamed dtsi filename, light subject touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-02 02:10:59 +02:00
Adrian Schmutzler
a2a972b2cf ar71xx: Use dynamic partitions for TP-Link CPE210 v2
This is also helpful to add support in ath79.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-04-02 02:08:37 +02:00
Pawel Dembicki
1f149fcad3 firmware-utils: mkdlinkfw: add kernel image offset
Some boards with JBOOT have partiton between bootloader
and kernel image. This patch add possibility to change kernel
partition start address.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2019-03-24 01:44:24 +01:00
Piotr Dymacz
db91418766 ath79: add support for TP-Link RE350K v1
TP-Link RE350K v1 (FCC ID: TE7RE350K) is a wall-plug AC1200 Wi-Fi range
extender with 'Kasa Smart' support. Device is based on Qualcomm/Atheros
QCA9558 + QCA9882 + AR8035 platform and is available only on US market.

Specification:

- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of flash (SPI NOR)
- 1x 1 Gbps Ethernet (AR8035)
- 2T2R 2.4 GHz (QCA9558), with ext. PA (SE2565T) and LNA (SKY65971-11)
- 2T2R 5 GHz (QCA9882), with ext. PA (SE5003L1-R) and LNA (SKY65981-11)
- 2x U.FL connector on PCB
- 2x dual-band PCB antennas
- 1x LED, 2x dual-color LED (all driven by GPIO)
- 3x button (app config, led, reset)
- 1x mechanical on/off slide switch
- 1x UART (4-pin, 2.54 mm pitch) header on PCB
- 1x JTAG (8-pin, 1.27 mm pitch) header on PCB

Flash instruction:
Use 'factory' image directly in vendor GUI (default IP: 192.168.0.254,
default credentials: admin/admin).

Warning:
This device does not include any kind of recovery mechanism in U-Boot.

Vendor firmware access:
You can access vendor firmware over serial (RX line requires jumper
resistor in R306 place, near XTAL) with: root/sohoadmin credentials.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-03-11 22:00:26 +01:00
Linus Walleij
6cdf08f026 firmware-tools/ptgen: Allow generation 0 size partitions
The firmware on the D-Link DNS-313 NAS require two blank
partitions before the boot partition. Support this if
explicitly requested with a "-n" flag.

Tested on the D-Link DNS-313.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[Broken out from original patch]
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-02-20 18:51:31 +01:00
Skirmantas Lauzikas
9c01273e5e ath79: add support for TP-Link Archer C2 V3 (AC900)
This commit adds support for the TP-link Archer C2 V3 (AC900).

Specifications:

 - CPU: QCA9563 750Mhz
 - Ram: 64MB (DDR2)
 - Flash: 8MB (SPI NOR)
 - Ethernet: 5x 10/100/1000
 - Wifi: QCA9563 bgn + QCA9887 an+ac
 - 9x Leds, 2x buttons

Flash instructions:

Upload openwrt-ath79-generic-tplink_archer-c2-v3-squashfs-factory.bin
via the router Web interface and flash as normal firmware update.

Signed-off-by: Skirmantas Lauzikas <skirmantas.lauzikas@blackraven.lt>
[reorder entries, fix trailing whitespace in dts, add firmware partition
 compatible string, remove led default off states, use default on state
 for system led, reuse tplink-safeloader-uimage image build recipe, squash
 with dynamic partitioning commit, reword commit message, add
 installation instructions]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-27 16:41:10 +01:00
Skirmantas Lauzikas
30f48fb107 firmware-utils: tplink-safeloader: Fix for Archer C2 V3 image generation
Fix for factory image generation, so that stock firmware will accept the
openwrt image.

Ref: https://forum.openwrt.org/t/support-for-tp-link-archer-c2-v3/15617/17
Signed-off-by: Skirmantas Lauzikas <skirmantas.lauzikas@blackraven.lt>
[reword commit message, use correct order for conditions,
 trim trailing whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-27 16:41:05 +01:00
Michael Gray
963a83d82b tools: tplink-safeloader: add C7v5 RU Support
The added entry originates from TP-Links latest Archer C7 v5 RU firmware.

Signed-off-by: Michael Gray <michael.gray@lantisproject.com>
2019-01-27 11:52:24 +01:00
David Bauer
36a091cb07 tools: mktplinkfw2: add split-uboot layout
This commit adds the split-uboot partition layout used by the
Archer C50 v4 to mktplinkfw2.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-01-26 21:46:32 +01:00
Mathias Kresin
26a016731d firmware-utils: mksercommfw: overhaul image creation
Move the zip compression into a build recipe. Pad the image using the
existing build recipes as well to remove duplicate functionality

Change the code to append header and footer in two steps. Allow to use a
fixed filename as the netgear update image does.

Use a fixed timestamp within the zip archive to make the images
reproducible.

Due to the changes we are now compatible to the gnu89 c standard used by
default on the buildbots and we don't need to force a more recent
standard anymore.

Beside all changes, the footer still looks wrong in compare to the
netgear update image.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-15 19:11:54 +01:00
Mathias Kresin
01e95dc0dc firmware-utils: mkdlinkfw: fix build
While we don't need the gnu99 option anymore, we still need to force the
c99 standard to fix the following build error on the build bots:

src/mkdlinkfw.c: In function 'find_auh_headers':
src/mkdlinkfw.c:267:3: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
   for (int i = 0; i < header_counter; i++) {
   ^
src/mkdlinkfw.c:267:3: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-13 19:28:54 +01:00
Mathias Kresin
0e78af22d9 firmware-utils: mkdlinkfw: fix error handling
fread() doesn't set errno, ferror need to be used to check for errors.
While at it, check if we read the expect number of elements.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-13 18:31:10 +01:00
Mathias Kresin
e428b127e7 firmware-utils: mkdlinkfw: create reproducible header
Use the SOURCE_DATE_EPOCH environment variable if set instead of the
current time. The used timestamp matches the timestamp of the latest
commit this way and make the images reproducible.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-13 18:31:10 +01:00
Mathias Kresin
f4aa9d8839 firmware-utils: mkdlinkfw: cleanup code
Drop unused function and macros. With the cleanup the gnu extension
typeof isn't used any longer and the gnu99 compile flag can be dropped.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-13 18:31:10 +01:00
Hans Dedecker
e42a227ee3 tools/firmware-utils: fix sysupgrade typo in mkdapimg2
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-12 19:47:25 +01:00
Hans Dedecker
7197115c25 tools/firmware-utils: fix sysupgrade typo in mkdapimg
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-12 19:44:35 +01:00
Georgi Vlaev
d03aae1a09 ath79: add support for TP-Link Archer C6 v2
This patch adds support for TP-Link Archer C6 v2 (EU)

Hardware specification:
- SOC: Qualcomm QCA9563 @ 775MHz
- Flash: GigaDevice GD25Q64CSIG (8MiB)
- RAM: Zentel A3R1GE40JBF (128 MiB DDR2)
- Ethernet: Qualcomm QCA8337N: 4x 1Gbps LAN + 1x 1Gbps WAN
- Wireless:
  - 2.4GHz (bgn) QCA9563 integrated (3x3)
  - 5GHz (ac) Qualcomm QCA9886 (2x2)
- Button: 1x power, 1x reset, 1x wps
- LED: 6x LEDs: power, wlan2g, wlan5g, lan, wan, wps
- UART: There's no UART header on the board

Flash instructions:

Upload
openwrt-ath79-generic-tplink_archer-c6-v2-squashfs-factory.bin
via the router Web interface.

Flash instruction using tftp recovery:

1. Connect the computer to one of the LAN ports of the router
2. Set the computer IP to 192.168.0.66
3. Start a tftp server with the OpenWrt factory image in the
   tftp root directory renamed to ArcherC6v2_tp_recovery.bin.
4. Connect power cable to router, press and hold the reset
   button and turn the router on
5. Keep the reset button pressed until the WPS LED lights up
6. Wait ~150 seconds to complete flashing

According to the GPL source the non-EU variant has different
GPIOs assigned to some of the LEDs and buttons. The flash
layout might be different as well. The wikidevi entry for
Archer A6/C6 assumes they are identical.

Signed-off-by: Georgi Vlaev <georgi.vlaev@gmail.com>
2018-12-31 16:25:11 +01:00
INAGAKI Hiroshi
9145f5209f firmware-utils: add hex pattern mode for xorimage
This commit adds "hex pattern mode" to xorimage. This mode allows xor
with a hexadecimal pattern that cannot be expressed with ASCII
charactors.

usage (example):
  xorimage -i firmware.bin -o firmware.bin.new -p 6A57190601121E4C -x

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (fix checkpatch)
2018-12-24 19:18:07 +01:00
Karl-Felix Glatzer
1e4ee63cc8 ath79: add support for TP-Link Archer A7
This patch adds support for TP-Link Archer A7

Specification:
- SOC: QCA9563
- Flash: 16 MiB (SPI)
- RAM: 128 MiB (DDR2)
- Ethernet: 4x 1Gbps LAN + 1x 1Gbps WAN
- Wireless:
  - 2.4GHz (bgn) SoC internal
  - 5GHz (ac) QCA988x
- USB: 1x USB 2.0 port
- Button: 1x power, 1x reset, 1x wps
- LED: 10x LEDs
- UART: holes in PCB
  - Vcc, GND, RX, TX from ethernet port side
  - 115200n8

Flash instructions:

Upload openwrt-ath79-generic-tplink_archer-a7-v5-squashfs-factory.bin
via the Webinterface.

Flash instruction using tftp recovery:

1. Connect the computer to one of the LAN ports of the Archer A7
2. Set the computer IP to 192.168.0.66
3. Start a tftp server with the OpenWrt factory image in the tftp
   root directory renamed to ArcherC7v5_tp_recovery.bin
2. Connect power cable to Archer A7, press and hold the reset button
   and turn the router on
3. Keep the reset button pressed for ~5 seconds
4. Wait ~150 seconds to complete flashing

Changes since first revision:

  - Flash instructions using stock image webinterface
  - Changed "Version 5" in model string to "v5"
  - Split DTS file in qca9563_tplink_archer-x7-v5.dtsi
    and qca9563_tplink_archer-a7-v5.dts
  - Firmware image is now build with dynamic partitioning
  - Default to ath10k-ct

Changes since second revision:
  - Changed uboot@0 to uboot@20000 in DTS file
  - Fixed ordering issue in board led script
  - Specify firmware partition format in DTS file
  - Rebased Makefile device definition on common
    Device/tplink-safeloader-uimage definition
  - Merged switch section in network script
    (same configuration as tplink,tl-wdr3600
    and tplink,tl-wdr4300)

Signed-off-by: Karl-Felix Glatzer <karl.glatzer@gmx.de>
2018-12-17 08:09:13 +01:00
Mathias Kresin
262b885b83 ramips: use new image build code for D-Link DCS-930 family
Drop the factory images and the firmware tool to create them. They don't
work any more, since the factory image has an uImage header covering the
whole kernel + rootfs. This way the uImage splitter will not be able to
find the rootfs and the kernel will panic later on.

The factory images were most likely added at a time the board had
distinct partitions for kernel and rootfs.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-12 11:01:59 +01:00
David Bauer
53020ed4b9 tools: tplink-safeloader: add C7v5 EU SupportList
Currently flash from WebIF is broken for Archer C7 v5 EU models as their
SupportList entries are missing.

The added entries originate from TP-Links latest Archer C7 v5 EU
firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-11-23 21:22:51 +00:00
Kevin Darbyshire-Bryant
1a73b2d089 tools: firmware-utils: mksercommfw build on Darwin
asm/byteorder.h & hence __cpu_to_be32() doesn't exist on Darwin

Shamelessly copy some byte swap functions from oseama.c

Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-11-09 13:27:03 +00:00
Koen Vandeputte
b4e17a7440 ramips: fix netgear r6120 factory image generation
as indicated in commit c5bf408ed6 "(ramips: fix image generation for mt76x8")
more rework was needed to fix the other issues.

Building on another machine, but using the same arch, showed
the application failing again for different reasons.

Fix this by completely rewriting the application, fixing following found issues:

- buffer overflows, resulting in stack corruption
- flaws in memory requirement calculations (too small, too large)
- memory leaks
- missing bounds checking on string handling
- non-reproducable images, by using unitilized memory in checksum calculation
- missing error handling, resulting in succes on specific image errors
- endianness errors when building on BE machines
- various minor build warnings
- documentation did not match the code actions (header item locations)
- allowing input to be decimal, hex or octal now

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-08 13:32:22 +01:00
Koen Vandeputte
c5bf408ed6 ramips: fix image generation for mt76x8
Buildbot fails to generate images for targets also generating a
Sercomm binary with following error:

Opening file: /mnt/ramdisk/koen/firmware/builds/owrt_mt76x8/build_dir/target-mipsel_24kc_musl/linux-ramips_mt76x8/tmp/openwrt-ramips-mt76x8-netgear_r6120-squashfs-factory.img.rootfs.zip
Filesize: 3648606 .
mksercommfw: malloc.c:2427: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.
Makefile:287: recipe for target '/mnt/ramdisk/koen/firmware/builds/owrt_mt76x8/build_dir/target-mipsel_24kc_musl/linux-ramips_mt76x8/tmp/openwrt-ramips-mt76x8-netgear_r6120-squashfs-factory.img' failed

Debugging using valgrind shows stack corruption due to a buffer overflow.
The author of the generator assumes the filename ends with "root",
while it should be "rootfs".

Fix this by accounting for the 2 missing characters which solves the build issues.

More work is required to cleanup this source, which will be done later on.

Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-06 15:29:51 +01:00
Koen Vandeputte
f3b80c36bb ar71xx: fix sysupgrade generation for some targets
These targets are already defined as having a dynamic partition
but the safeloader was not adapted for them.

This causes a build warning for the sysupgrade image being too big.

Targets:
- c58-v1
- c60-v1
- c60-v2
- TL-WR1043 v5
- TL-WR902AC v1
- TL-WR942N V1

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-29 11:21:23 +01:00
Koen Vandeputte
7c78be1b74 ar71xx: switch more targets to dynamic partitioning
Targets:
- TP-LINK ER355
- TP-LINK C25 V1
- TP-LINK C59 V1
- TP-LINK C7 V4
- TP-LINK C7 V5

Fixes build issues seen due to the kernel being too big

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-29 11:21:23 +01:00
Radek Dostál
9d35b68776 ar71xx: switch TP-Link RE450 v1 to dynamic partitioning
As mentioned in commit 5f24933 recent changes on ar71xx (switch to 4.14,
memory compaction, ...) cause an increase in kernel size, making it too
big for RE450.

RE450 images were not build due to the following error message:
os-image partition too big (more than 1572864 bytes): Success

Tested on RE450, device boots and was used to send this patch.

Reported-by: Enrico Mioso <mrkiko.rs@gmail.com>
Suggested-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Radek Dostál <rd@radekdostal.com>
[rewrote commit msg keeping it tight + fixed SoB lines]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-10-29 11:21:23 +01:00
Tobias Schramm
8f697e406a mkfwimage: Add image type definition for WA images
This patch adds a new type of ubiquiti image, the WA image. First seen
on the NanoStation AC loco the generic name implies that we will see
this type of image on more ubiquiti devices thus it makes sense to
implement it in mkfwimage.

The main difference is that WA images are signed. The "END" header has
been replaced by a "ENDS" header followed by a 2048 bit RSA signature.
This signature is not being generated by mkfwimage and filled with 0x00.

Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
2018-10-07 10:46:20 +02:00
INAGAKI Hiroshi
7a67b437e7 firmware-utils: mkedimaximg: add "big-endianness mode" option
In addition to the default little-endianness format, I added a mode
so that we can generate firmware with big-endianness format.

example: ELECOM WRC-300GHBK2-I (QCA9563)

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-09-10 09:29:39 +02:00
David Bauer
8e9a59a6b9 build: add mkrasimage
The current make-ras.sh image generation script for the ZyXEL NBG6617
has portability issues with bash. Because of this, factory images are
currently not built correctly by the OpenWRT buildbots.

This commit replaces the make-ras.sh by C-written mkrasimage.

The new mkrasimage is also compatible with other ZyXEL devices using
the ras image-format.
This is not tested with the NBG6616 but it correctly builds the
header for ZyXEL factory image.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-28 11:26:53 +02:00
Ryan Mounce
9c6c7d11c7 firmware-utils/mksercommfw: fix build with clang/macOS
fixes error: non-void function 'main' should return a value

Fixes: FS#1770

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2018-08-14 10:19:37 +02:00
Andy Walsh
22b8237ba1 firmware-utils/mksercommfw: fix musl build
* add missing <sys/types.h> for musl

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-08-13 14:37:04 +02:00
Ludwig Thomeczek
e5b802b9c2 firmware-utils: add sercomm/netgear tool
This adds a tool to generate a firmware file accepted
by Netgear or sercomm devices.

They use a zip-packed rootfs with header and a custom
checksum. The generated Image can be flashed via the
nmrpflash tool or the webinterface of the router.

Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
2018-08-13 08:37:19 +02:00
Andrew Cameron
bae927c551 ar71xx: add support for TP-LINK CPE510 V2.0
Adds Support for the TP-LINK CPE510 V2.0 by TP-Link.
The hardware is almost the same as the CPE510 V1.0
Follow the same processes as for the CPE510 V1.0

Signed-off-by: Andrew Cameron <apcameron@softhome.net>
2018-08-02 07:49:26 +02:00
Keith Maika
4caab80830 ar71xx: add support for TP-Link Archer C59 v2
TP-Link Archer C59v2 is a dual-band AC1350 router based on
Qualcomm/Atheros QCA9561+QCA9886 chips.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- USB 2.0 port
- UART header on PCB

Flash instruction:
  - via web UI:
    1. Download openwrt-ar71xx-generic-archer-c59-v2-squashfs-factory.bin
    2. Login to router and open the Advanced tab
    3. Navigate to System Tools -> Firmware Upgrade
    4. Upload firmware using the Manual Upgrade form
  - via TFTP:
    1. Set PC to fixed ip address 192.168.0.66
    2. Download openwrt-ar71xx-generic-archer-c59-v2-squashfs-factory.bin
       and rename it to tp_recovery.bin
    3. Start a tftp server with the file tp_recovery.bin in its root directory
    4. Turn off the router
    5. Press and hold Reset button
    6. Turn on router with the reset button pressed and wait ~15 seconds
    7. Release the reset button and after a short time
       the firmware should be transferred from the tftp server
    8. Wait ~30 second to complete recovery.

Signed-off-by: Keith Maika <keithm@aoeex.com>
2018-07-30 14:04:45 +02:00
Hyeonsik Song
c2766270ef firmware-utils: tplink-safeloader: add calloc error handling
Signed-off-by: Hyeonsik Song <blogcin@naver.com>
2018-07-04 01:20:01 +02:00
Peter Lundkvist
781ad46206 ath79: add support for TP-Link RE450 v2
TP-Link RE450 v2 is a dual band router/range-extender
based on Qualcomm/Atheros QCA9563 + QCA9880.

Specification:

- 775 MHz CPU
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 1x 10/100/1000 Mbps Ethernet (AR8033 PHY)
- 7x LED, 4x button
- UART header on PCB (needs unmounted R64 & R69 0201 resistors/jumpers)

Flash instruction:
Apply factory image in OEM firmware web-gui.

U-Boot does not seem to have any recovery functions, so
debricking requires connection via UART.

Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
2018-07-02 07:05:33 +02:00
Lucian Cristian
4ec9763ee9 firmware-utils: tplink-safeloader: switch tl-wr1043nd-v4 to dynamic partitions
Use the new dynamic partition split in tplink-safeloader so we no longer
have to worry about kernel size increases.

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-06-27 08:42:54 +02:00
Alex Maclean
97da92b127 firmware-utils: tplink-safeloader: switch RE350 to dynamic partitions
Use the new dynamic partition split in tplink-safeloader so we no longer
have to worry about kernel size increases.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
2018-06-26 07:05:00 +02:00
Alex Maclean
408c54b02f firmware-utils: tplink-safeloader: add dynamic partitions
Add support to dynamically split the firmware partition into os-image
and file-system partitions. This is done by replacing those entries in
the partition table with a single unified firmware partition, which is
then split according to actual kernel image size.

The factory image will have the file-system partition aligned to a 64K
erase block, but the sysupgrade image skips this and aligns only the
JFFS2 EOF marker to squeeze out more space.

This should prevent further creeping updates to the kernel partition
size while maximizing space for the overlay filesystem on smaller
devices.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
2018-06-26 07:04:09 +02:00
Alex Maclean
0a2f21fa71 firmware-utils: mktplinkfw: add rootfs offset for combined images
Add an option (-O) to calculate rootfs offset for combined images.

This is needed for the TP-Link mtdsplit driver to locate the rootfs
when the start is not aligned to an erase block. This will be the
case for sysupgrade images produced by tplink-safeloader with upcoming
dynamic partition splitting.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
2018-06-26 07:03:57 +02:00
Adrian Schmutzler
5c5bf8b865
ar71xx: Add support for TP-Link CPE210 v2
This PR adds support for a popular low-cost 2.4GHz N based AP

Specifications:
 - SoC: Qualcomm Atheros QCA9533 (650MHz)
 - RAM: 64MB
 - Storage: 8 MB SPI NOR
 - Wireless: 2.4GHz N based built into SoC 2x2
 - Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN

Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254

Notes:
TP-Link does not use bootstrap registers so without this patch reference
clock detects as 40MHz while it is actually 25MHz.
This is due to messed up bootstrap resistor configuration on the PCB.
Provided GPL code just forces 25MHz reference clock.
That causes booting with completely wrong clocks, for example, CPU tries
to boot at 1040MHz while the stock is 650MHz.
So this PR depends on PR #672 to remove 40MHz reference clock.
Thanks to Sven Eckelmann <sven@narfation.org> for properly patching that.

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2018-06-23 16:06:31 +02:00
Arvid E. Picciani
bf39d5594b ar71xx: add support for TP-LINK Archer C7 v5
TP-Link Archer C7 v5 is a dual-band AC1750 router, based on Qualcomm/Atheros
QCA9563+QCA9880.

Specification:

- 750/400/250 MHz (CPU/DDR/AHB
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 5x 10/100/1000 Mbps Ethernet
- 10x LED, 2x button
- UART header on PCB

Flash instruction:
1. Upload lede-ar71xx-generic-archer-c7-v5-squashfs-factory.bin via Web interface

Flash instruction using TFTP recovery:
1. Set PC to fixed ip address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c7-v5-squashfs-factory.bin
and rename it to ArcherC7v5_tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.

Signed-off-by: Arvid E. Picciani <aep@exys.org>
2018-06-20 15:36:19 +02:00
Lucian Cristian
71ae0792ba ath79: add tl-wr1043nd-v4 support everything is working
tplink-safeloader: resize kernel partition
kernel 4.14 is much bigger, resize the partition

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-06-18 18:21:20 +02:00
Stefan Lippers-Hollmann
b72b36653a ipq806x: increase kernel partition size for the TP-Link Archer C2600
The default image does not fit 2 MB anymore, expand os-image partition
to 4 MB.

Upgrading works transparently via sysupgrade in both directions.
Another option would have been to merge "os-image" and "rootfs" into a
single "firmware" partition using MTD_SPLIT_TPLINK_FW, but just
changing the sizes of the existing partitioning has been deemed safer
and actually tested on an affected device; the maximum for rootfs
changes from 27 MB to 25 MB.

Run-tested on TP-Link Archer C2600.

Signed-off-by: Joris de Vries <joris@apptrician.nl>
[slh: extend comments and commit message, rename rootfs]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2018-05-22 20:34:14 +02:00
Linus Walleij
20d0dace40 firmware-utils: add DNS-313 image header tool
This tool is used to create headers on images for the
D-Link DNS-313 in gemini target.
Will be used after switching gemini to 4.14 kernel.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2018-05-05 06:57:00 +02:00
Alex Maclean
a31107a97a firmware-utils: tplink-safeloader: increase RE350 kernel size
4.14 increased kernel size, so grow the kernel partition by 128K to compensate.

Fixes FS#1479.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
2018-04-23 22:07:22 +02:00
Matthias Schiffer
e39847ea2f
ar71xx: increase kernel partition size for CPE/WBS 210/510
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-10 18:29:19 +02:00
Matthias Schiffer
373dc11b51
firmware-utils: tplink-safeloader: move CPE/WBS 210/510 version metainfo to the end
Having the metainfo between kernel and rootfs prevents us from resizing
the kernel partition as necessary.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-10 18:29:19 +02:00
Henryk Heisig
c0742307a1 ar71xx: add support for TP-Link Archer C60 v2
TP-Link Archer C60 v2 is a dual-band AC1350 router, based on
Qualcomm/Atheros QCA9561 + QCA9886.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB

Flash instruction (web):

Download lede-ar71xx-generic-archer-c60-v2-squashfs-factory.bin and use
OEM System Tools - Firmware Upgrade site.

Flash instruction (recovery):

1. Set PC to fixed IP address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c60-v2-squashfs-factory.bin and
   rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
   directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
   be transferred from the tftp server
8. Wait ~30 second to complete recovery

Flash instruction (under U-Boot, using UART):

tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
erase 0x9f030000 +$filesize
cp.b $fileaddr 0x9f030000 $filesize
reset

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2018-04-07 00:09:05 +02:00
Nicolò Veronese
0d8a0a6a17
firmware-utils: image generator for D-Link DAP-1330
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
2018-04-05 15:28:56 +02:00
Mathias Kresin
9fc916a40c firmware-utils: mkdlinkfw: compile as gnu99
Compile as gnu99 to fix the build.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-19 08:10:14 +01:00
Pawel Dembicki
84c1b786b9 firmware-utils: add JBOOT bootloader image support
Tested on D-Link DWR-116.
Based on mktplinkfw.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2018-03-18 22:22:38 +01:00
Alexander Couzens
3137622efb
firmware-utils: tplink-safeloader: compile as gnu99
Also fix minor coding style issue and one redeclaration.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-03-15 18:22:36 +01:00
Jo-Philipp Wich
677d8df9b8 firmware-utils: fix erroneous variable redeclaration
Fixes: 638e2193fe ("tplink-safeloader: add support to split & extract firmwares")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-15 18:17:37 +01:00
Alexander Couzens
068ba612db
tplink-safeloader: add support to convert factory into sysupgrade
Those converted factory images can be used to regain the original
tp-link firmware.
Be aware of firmware upgrade which additional require changes of
other partition than os-image (kernel) & file-system (rootfs).
OEM factory images from tplink can change nearly all partitions.
However using those images, OpenWrt's sysupgrade will only
modify the partitions os-image and file-system.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-03-15 17:52:23 +01:00
Alexander Couzens
638e2193fe tplink-safeloader: add support to split & extract firmwares
Split the oem firmware upgrade images into seperate files.
Useful when analysing oem firmware files.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-03-15 17:48:13 +01:00
Henryk Heisig
a338491a30 ar71xx: add support for TP-Link RE355
This device is identical as TP-Link RE450
RE355 is a dual-band AC1200 router, based on Qualcomm/Atheros
QCA9558+QCA9880.

Specification:

720/600/200 MHz (CPU/DDR/AHB)
64/128 MB of RAM (DDR2)
8 MB of FLASH (SPI NOR)
3T3R 2.4 GHz
3T3R 5 GHz
1x 10/100/1000 Mbps Ethernet
7x LED, 3x button
UART header on PCB

Flash instruction:
Web:
Download lede-ar71xx-generic-archer-c60-v2-squashfs-factory.bin
and use OEM System Tools - Firmware Upgrade site.

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2018-02-13 09:21:20 +01:00
Serg Studzinskii
eb58b14d27 ramips: tl-wr840n-v5: increase firmware partition for 4Mmtk layot
According to console log during TP-Link TL-WR840N v5 OEM firmware update
procedure 0x3e0000-0x3f0000 64kB "config" partition, which is used to store
router's configuration settings, is erased and recreated again during every
OEM firmware update procedure, thus does not contain any valuable factory data.
So it is conviniant to use this extra 64kB erase block for jffs overlay due
limited flash size on this device like it used on TP-Link's ar71xx boards.

Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>
2018-01-18 08:04:18 +01:00
Michael Heimpold
498285922e firmware-tools/ptgen: use portable exit codes
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-01-02 07:14:09 +01:00
Michael Heimpold
83f729dfb2 firmware-tools/ptgen: fix minor coding style issues
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-01-02 07:14:09 +01:00