Commit Graph

50286 Commits

Author SHA1 Message Date
Daniel Golle
ffa0ae17f7
arm-trusted-firmware-tools: fix passing of CFLAGS
HOST_CFLAGS were ignored as they were passed on incorrectly which lead
to build failure if OpenSSL wasn't present on the build host.
Fix that by properly passing HOST_CFLAGS when building each tool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-10 01:20:58 +00:00
Hauke Mehrtens
1f559cafe5 wolfssl: Backport fix for CVE-2021-3336
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).

The patch is backported from the upstream wolfssl development branch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-09 23:12:49 +01:00
Daniel Golle
ff076f873f
arm-trusted-firmware-tools: remove tools which require libopenssl
They are anyway not used for now, so only build fiptool and sptool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-09 20:24:58 +00:00
Curtis Deptuck
768d1f763c glibc: update to 2.33
ChangeLog:
https://sourceware.org/pipermail/libc-alpha/2021-February/122207.html

Refresh patch:
None required

Signed-off-by: Curtis Deptuck <curtdept@me.com>
2021-02-09 20:59:28 +01:00
Andrew Pikler
cd2b661453 ramips: add support for Cudy WR1300
Specifications:
 - SoC: MediaTek MT7621AT
 - RAM: 128 MB (DDR3)
 - Flash: 16 MB (SPI NOR)
 - WiFi: MediaTek MT7603E, MediaTek MT7612E
 - Switch: 1 WAN, 4 LAN (Gigabit)
 - Ports: 1 USB 3.0
 - Buttons: Reset, WPS
 - LEDs: Power, System, Wan, Lan 1-4, WiFi 2.4G, WiFi 5G, WPS, USB
 - Power: DC 12V 1A tip positive

UART Serial:
  115200 baud
  Located on unpopulated 4 pin header near J4:

  J4
  [o] Rx
  [o] Tx
  [o] GND
  [ ] Vcc - Do not connect

Installation:

Download and flash the manufacturer's built OpenWRT image available at
http://www.cudytech.com/openwrt_software_download
Install the new OpenWRT image via luci (System -> Backup/Flash firmware)
Be sure to NOT keep settings. The force upgrade may need to be checked
due to differences in router naming conventions.

Recovery:
 - Loads only signed manufacture firmware due to bootloader RSA verification
 - serve tftp-recovery image as /recovery.bin on 192.168.1.88/24
 - connect to any lan ethernet port
 - power on the device while holding the reset button
 - wait at least 8 seconds before releasing reset button for image to
   download
 - See http://www.cudytech.com/newsinfo/547425.html

MAC addresses as verified by OEM firmware:

use   address   source
LAN   *:f0      label
WAN   *:f1      label + 1
2g    *:f0      label
5g    *:f2      label + 2

The label MAC address is found in bdinfo 0xde00.

Signed-off-by: Andrew Pikler <andrew.pikler@gmail.com>
2021-02-09 13:58:18 +01:00
Sebastian Schaper
dc4745da7a ath79: add support for D-Link DAP-3662 A1
Specifications:
 * QCA9557, 16 MiB Flash, 128 MiB RAM, 802.11n 2T2R
 * QCA9882, 802.11ac 2T2R
 * 2x Gigabit LAN (1x 802.11af PoE)
 * IP68 pole-mountable outdoor case

Installation:
 * Factory Web UI is at 192.168.0.50
   login with 'admin' and blank password, flash factory.bin
 * Recovery Web UI is at 192.168.0.50
   connect network cable, hold reset button during power-on and keep it
   pressed until uploading has started (only required when checksum is ok,
   e.g. for reverting back to oem firmware), flash factory.bin

After flashing factory.bin, additional free space can be reclaimed by
flashing sysupgrade.bin, since the factory image requires some padding
to be accepted for upgrading via OEM Web UI.

Both ethernet ports are set to LAN by default, matching the labelling on
the case. However, since both GMAC Interfaces eth0 and eth1 are connected
to the switch (QCA8337), the user may create an additional 'wan' interface
as desired and override the vlan id settings to map br-lan / wan to either
the PoE or non-PoE port, depending on the individual scenario of use.

So, the LAN and WAN ports would then be connected to different GMACs, e.g.

config interface 'lan'
	option ifname 'eth0.1'
	...

config interface 'wan'
	option ifname 'eth1.2'
	...

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '2 6t'

Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
[add configuration example]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-09 13:10:33 +01:00
Chukun Pan
82032f3509 ramips: add support for JCG Y2
JCG Y2 is an AC1300M router

Hardware specs:
  SoC: MediaTek MT7621AT
  Flash: Winbond W25Q128JVSQ 16MiB
  RAM: Nanya NT5CB128M16 256MiB
  WLAN: 2.4/5 GHz 2T2R (1x MediaTek MT7615)
  Ethernet: 10/100/1000 Mbps x5
  LED: POWER, INTERNET, 2.4G, 5G
  Button: Reset
  Power: DC 12V,1A

Flash instructions:
  Upload factory.bin in stock firmware's upgrade page.

MAC addresses map:
  0x0004  *:c8  wlan2g/wlan5g/label
  0xe000  *:c7  lan
  0xe006  *:c6  wan

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2021-02-09 13:10:33 +01:00
Hauke Mehrtens
98d61b516f uboot-envtools: Update to version 2021.01
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-08 22:46:27 +01:00
Hauke Mehrtens
e6ccb40ba5 tools: mkimage: Update U-Boot to version 2021.01
* The fit image is now created with 0666 permission in upstream U-Boot
  remove our patch switch creates it with 0744
* The generated/autoconf.h file is created now as an empty file, it is
  not needed to remove this include any more.
* Upstream lib/rsa/rsa-sign.c now includes stdlib.h instead of malloc.h
* ALIGN_MASK was moved to imagetool.h, own patch should not be needed
  any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-08 22:46:27 +01:00
Andre Heider
3e7c7d4446 ltq-dsl-base: remove usused lantiq_dsl.sh
All users have been converted to ubus.

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
dea953744d ltq-adsl-app: use ubus to provide metrics
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-02-08 21:43:00 +01:00
Andre Heider
5e1a929bf2 ltq-vdsl-app: use ubus to provide metrics
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
42fc827b11 ltq-adsl-app: add ubus support to get metrics
As with ltq-vdsl-app, see previous commit.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-02-08 21:43:00 +01:00
Andre Heider
5372205ca9 ltq-vdsl-app: add ubus support to get metrics
Add a 'dsl' ubus object with a 'metrics' function to replace the
expensive shell parsing done by /etc/init.d/dsl_control [dsl|luci]stat.

All metrics are gathered by using syscalls. An additional thread is started
to handle ubus events.

$ time /etc/init.d/dsl_control dslstat
real	0m 2.66s
user	0m 0.90s
sys	0m 1.76s

$ time ubus call dsl metrics
real	0m 0.02s
user	0m 0.00s
sys	0m 0.01s

Example output:
{
	"api_version": "4.17.18.6",
	"firmware_version": "5.8.1.5.0.7",
	"chipset": "Lantiq-VRX200",
	"driver_version": "1.5.17.6",
	"state": "Showtime with TC-Layer sync",
	"up": true,
	"uptime": 3891,
	"atu_c": {
		"vendor_id": [
			181,
			0,
			66,
			68,
			67,
			77,
			178,
			26
		],
		"vendor": "Broadcom 178.26",
		"system_vendor_id": [
			181,
			0,
			66,
			68,
			67,
			77,
			0,
			0
		],
		"system_vendor": "Broadcom",
		"version": [
			49,
			57,
			46,
			48,
			46,
			51,
			53,
			46,
			50,
			32,
			86,
			69,
			95,
			49,
			49,
			95
		],
		"serial": [
			65,
			65,
			49,
			52,
			52,
			54,
			70,
			69,
			48,
			90,
			87,
			45,
			48,
			56,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0,
			0
		]
	},
	"power_state": "L0 - Synchronized",
	"xtse": [
		0,
		0,
		0,
		0,
		0,
		0,
		0,
		2
	],
	"annex": "B",
	"standard": "G.993.2",
	"profile": "17a",
	"mode": "G.993.2 (VDSL2, Profile 17a, with down- and upstream vectoring)",
	"upstream": {
		"vector": true,
		"trellis": true,
		"bitswap": true,
		"retx": true,
		"virtual_noise": false,
		"interleave_delay": 0,
		"data_rate": 31999000,
		"latn": 8.500000,
		"satn": 8.400000,
		"snr": 12.700000,
		"actps": -90.100000,
		"actatp": 13.400000,
		"attndr": 37180000
	},
	"downstream": {
		"vector": true,
		"trellis": true,
		"bitswap": true,
		"retx": true,
		"virtual_noise": false,
		"interleave_delay": 140,
		"data_rate": 89998000,
		"latn": 9.500000,
		"satn": 9.600000,
		"snr": 13.300000,
		"actps": -90.100000,
		"actatp": -1.600000,
		"attndr": 116315372
	},
	"errors": {
		"near": {
			"es": 1,
			"ses": 0,
			"loss": 3,
			"uas": 424,
			"lofs": 0,
			"fecs": 0,
			"hec": 0,
			"ibe": 0,
			"crc_p": 0,
			"crcp_p": 0,
			"cv_p": 0,
			"cvp_p": 0,
			"rx_corrupted": 27740,
			"rx_uncorrected_protected": 27010,
			"rx_retransmitted": 0,
			"rx_corrected": 730,
			"tx_retransmitted": 16222
		},
		"far": {
			"es": 242,
			"ses": 71,
			"loss": 0,
			"uas": 424,
			"lofs": 0,
			"fecs": 22687,
			"hec": 0,
			"ibe": 0,
			"crc_p": 0,
			"crcp_p": 0,
			"cv_p": 0,
			"cvp_p": 0,
			"rx_corrupted": 1383552,
			"rx_uncorrected_protected": 1220215,
			"rx_retransmitted": 0,
			"rx_corrected": 163337,
			"tx_retransmitted": 1574051
		}
	}
}

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Andre Heider
4ba6fad7f7 ltq-vdsl-app: shutdown upon sigterm
procd sends sigterm to stop daemons, hook it up.

This speeds up the shutdown sequence and gets rid of the following message:
daemon.info procd: Instance dsl_control::instance1 pid 15408 not stopped on SIGTERM, sending SIGKILL instead

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
2021-02-08 21:43:00 +01:00
Michael Pratt
f5f01bcacd ath79: use internal switch for EAP300 v2
Have the port use GMAC1 with internal switch
which fixes the issue of the ethernet LED not functioning
The LED is triggered by the internal switch, not a GPIO.

The GPIO for the ethernet LED was added in ath79
as it was defined in the ar71xx target
but it was not functioning in ath79 for a previously unknown reason.

It is unknown why that GPIO was defined as an LED in ar71xx.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
[drop unrelated changes: model property and SPI max frequency]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-08 16:34:18 +01:00
Michael Pratt
88079bd616 ath79: make all eth ports LAN for Engenius APs
for:
 - ENH202 v1
 - ENS202EXT v1
 - EnstationAC v1
 - EWS511AP

For EWS511AP, have default behavior as static ip
to match the behavior of all other APs in ath79

These boards are sold as
Client Bridge or Point to Point or Access Point
so there is probably no benefit to have WAN by default
for one of the ports, to prevent user confusion.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2021-02-08 16:34:18 +01:00
John Audia
f3b827a965 kernel: bump 5.4 to 5.4.96
Ran update_kernel.sh in a fresh clone without any existing toolchains.

Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
Run-tested [*]: ramips/mt7621 (R6800, DIR-878 A1, EAP235-Wall)

Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Stijn Segers <foss@volatilesystems.org> [*]
2021-02-08 16:34:18 +01:00
Kevin Darbyshire-Bryant
db00f312d3 dnsmasq: Bump to v2.84
dnsmasq v2.84rc2 has been promoted to release.

No functional difference between v2.83test3 and v2.84/v2.84rc2

Backport 2 patches to fix the version reporting

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-02-08 13:16:24 +00:00
Rafał Miłecki
f06c3031a7 bcm4908: add board.d network setup
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-08 12:05:56 +01:00
Rafał Miłecki
81240a9b89 bcm4908: add Ethernet driver
This commit picks up pending netdev patches.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-02-08 11:49:21 +01:00
Daniel Golle
aed95c4cb8 dnsmasq: switch to ubus-based hotplug call
Use new ubus-based hotplug call in dhcp-script.sh
As sysntpd now makes use of the new ubus-based hotplug calls, dnsmasq
no longer needs to ship ACL to cover ntpd-hotplug.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Daniel Golle
29a6a71d52 busybox: sysntpd: make use of new ubus hotplug.ntp object
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Daniel Golle
3010f16f44 procd: add hotplug-call dispatcher ubus objects
Add per-subsystem ubus objects exposing hotplug-call.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-08 00:57:14 +00:00
Ilya Lipnitskiy
3b65b0c13f acx-mac80211: replace dead URLs with OpenWrt CDN
erley.org no longer exists; attempting to connect to it during package
download results in lengthy timeouts. Use the new OpenWrt CDN alias to
download from reliable OpenWrt mirrors.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-07 11:26:36 -10:00
Szabolcs Hubai
1e9afcca56 ramips: disable default build for HooToo HT-TM02
While the latest version of 19.07 release is usable,
the current master is unbootable on the device in a normal way.

"Normal way" installations includes:
- sysupgrade (e.g. from 19.07)
- RESET button recovery with Ron Curry's (Wingspinner) UBoot image
  (10.10.10.3 + "Kernal.bin")
- RESET button recovery with original U-Boot
  (10.10.10.254 + "kernel")

One could flash and boot the latest master sysupgrade image successfully
with serial access to the device. But a sysupgrade from this state still
breaks the U-Boot and soft-bricks the device.

Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
2021-02-07 22:06:57 +01:00
Adrian Schmutzler
1c0e13db43 ramips: mt7621: use preferred logic in lib/upgrade/iodata.sh
shellcheck recommends || and && over "-a" and "-o" because the
latter are not well defined.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-07 21:58:51 +01:00
INAGAKI Hiroshi
88fbddb49d ramips: add support for I-O DATA WN-DX1200GR
I-O DATA WN-DX1200GR is a 2.4/5 GHz band 11ac (WiFi-5) router, based on
MT7621A.

Specification:

- SoC		: MediaTek MT7621A
- RAM		: DDR3 128 MiB
- Flash		: raw NAND 128 MiB
- WLAN		: 2.4/5 GHz 2T2R
  - 2.4 GHz	: MediaTek MT7603E
  - 5 GHz	: MediaTek MT7613BE
- Ethernet	: 10/100/1000 Mbps x5
  - Switch	: MediaTek MT7530 (SoC)
- LEDs/keys	: 2x/3x (2x buttons, 1x slide-switch)
- UART		: through-hole on PCB
  - J5: 3.3V, TX, RX, NC, GND from triangle-mark
  - 57600n8
- Power		: 12 VDC, 1 A

Flash instruction using initramfs image:

1. Boot WN-DX1200GR normally
2. Access to "http://192.168.0.1/" and open firmware update page
   ("ファームウェア")
3. Select the OpenWrt initramfs image and click update ("更新") button
   to perform firmware update
4. On the initramfs image, perform sysupgrade with the
   squashfs-sysupgrade image
5. Wait ~120 seconds to complete flashing

Notes:

- currently, mt7615e driver in mt76 doesn't fully support MT7613
  (MT7663) wifi chip
  - the eeprom data in flash is not used by mt7615e driver and the
    driver reports the tx-power up to 3dBm
  - the correct MAC address for MT7613BE in eeprom data cannot be
    assigned to the phy

- last 0x80000 (512 KiB) in NAND flash is not used on stock firmware

- stock firmware requires "customized uImage header" (called as "combo
  image") by MSTC (MitraStar Technology Corp.), but U-Boot doesn't

  - uImage magic ( 0x0 - 0x3 ) : 0x434F4D43 ("COMC")
  - header crc32 ( 0x4 - 0x7 ) : with "data length" and "data crc32"
  - image name   (0x20 - 0x37) : model ID and firmware versions
  - data length  (0x38 - 0x3b) : kernel + rootfs
  - data crc32   (0x3c - 0x3f) : kernel + rootfs

MAC addresses:

LAN:	50:41:B9:xx:xx:08 (Ubootenv, ethaddr (text) / Factory, 0x1E000 (hex))
WAN:	50:41:B9:xx:xx:0A (Factory,  0x1E006 (hex))
2.4GHz:	50:41:B9:xx:xx:08 (Factory,  0x4     (hex))
5GHz:	50:41:B9:xx:xx:09 (Factory,  0x8004  (hex))

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[add check whether dflag_offset is set]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-07 21:58:51 +01:00
Daniel González Cabanelas
07f4e3b5b2 bcm63xx: kernel: reenable the TRNG
The hardware random number generator driver for bcm63xx was merged with
the one used by the Raspberry Pi. Now this driver is lost.

Reenable the HW_RANDOM kernel config with the new driver.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
[refresh kernel config]
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-07 19:06:52 +01:00
Pawel Dembicki
17fa01bb79 mpc85xx: refresh kernel config
Simple "make kernel_oldconfig" was done.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2021-02-06 17:13:33 +01:00
Paul Spooren
8286f3a3d3 treewide: unify OpenWrt hosted source via @OPENWRT
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.

Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-02-05 12:00:24 -10:00
Thomas Beckler
450ec48d61 kirkwood: use 3 temperature sensors for Zyxel NSA310B
Instead of taking the input of one temperature sensor (temp1), the
script takes into account three temperature sensors to control the
PWM of the cooling fan.

temp1 -> placed on main board
temp2 -> placed on main board
temp3 -> placed on or close to chipset

All three temperatures give valid input for the PWM of the fan on
NSA310 and are actually changing.

Tested on two NSA310.

Signed-off-by: Thomas Beckler <thomas.beckler@hotmail.com>
Reviewed-by: Alberto Bursi <bobafetthotmail@gmail.com>
[commit title/message facelift, code cleanup]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 22:21:08 +01:00
Alexey Kunitskiy
8d4afab0ab tplink-safeloader: add support for TP-Link Archer A7 v5 (RU)
Although provided in separate zip archives, the firmwares for EU
and RU version are byte-identical. This adds the missing ID compared
to the support-list in the vendor firmware.

Note (since I checked it anyway):

Partitions and support list are unchanged for all three existing
firmware versions:

  * 20200721-rel40773
  * 20201029-rel43238
  * 20201120-rel50399

Signed-off-by: Alexey Kunitskiy <alexey.kv@gmail.com>
[rewrite commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 21:57:20 +01:00
Adrian Schmutzler
8a79161a82 ath79: wrap ucidef_add_switch in 02_network
Wrap line to be consistent with all other definitions.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 21:57:19 +01:00
Yanase Yuki
d468ff97b7 build: move elx-header into image-commands.mk
ELECOM WAB-I1750-PS will need this in ath79, so move it to common
Makefile.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
2021-02-05 21:57:19 +01:00
Sungbo Eo
321035420c kirkwood: refresh kernel config
Refresh config with make kernel_oldconfig.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-02-05 19:05:20 +01:00
Aleksander Jan Bajkowski
c9619fe6a5 lantiq: change phy-mode to mii for FRITZ!Box 7412
FRITZ!Box 7412 loads the firmware for fast ethernet PHY and mii is
more accurate in this case.
Gmii is used by Gigabit ethernet PHYs.

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
Reviewed-by: Mathias Kresin <dev@kresin.me>
[minor commit title/message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 18:56:19 +01:00
Adrian Schmutzler
04a0e5c082 ipq806x: replace full-text BSC license by SPDX identifier
This replaces a full-text BSD clause by the corresponding SPDX
identifier.

This should make it easier to identify the license both by humans
and machines.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 18:28:30 +01:00
Adrian Schmutzler
3f4d1dad00 ramips: replace full-text licenses by SPDX identifier
This replaces several full-text and abbreviated licenses found in
DTS files by the corresponding SPDX identifiers.

This should make it easier to identify the license both by humans
and machines.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 18:18:00 +01:00
David Bentham
4a18039785 ramips: add support for UniElec U7621-01
UniElec U7621-01 is a router platform board, the smaller model of
the U7621-06.
The device has the following specifications:

- MT7621AT (880 MHz)
- 256 of RAM (DDR3)
- 16 MB of FLASH (SPI NOR)
- 5x 1 Gbps Ethernet (MT7621 built-in switch)
- 1x 2.4Ghz MT7603E
- 1x 5Ghz MT7612
- 1x miniPCIe slots (PCIe bus only)
- 1x miniSIM slot
- 1x USB 2.0 (uses the usb 3.0 driver)
- 8x LEDs (1x GPIO-controlled)
- 1x reset button
- 1x UART header (4-pins)
- 1x GPIO header (30-pins)
- 1x DC jack for main power (12 V)

The following has been tested and is working:

- Ethernet switch
- 1x 2.4Ghz MT7603E (wifi)
- 1x 5Ghz MT7612 (wifi)
- miniPCIe slots (tested with Wi-Fi cards and LTE modem cards)
- miniSIM slot (works with normal size simcard)
- sysupgrade
- reset button

Installation:

This board has no locked down bootloader. The seller can be asked to
install openwrt v18.06, so upgrades are standard sysupgrade method.

Recovery:

This board contains a Chinese, closed-source bootloader called Breed
(Boot and Recovery Environment for Embedded Devices). Breed supports web
recovery and to enter it, you keep the reset button pressed for around
5 seconds during boot. Your machine will be assigned an IP through DHCP
and the router will use IP address 192.168.1.1. The recovery website is
in Chinese, but is easy to use. Click on the second item in the list to
access the recovery page, then the second item on the next page is where
you select the firmware. In order to start the recovery, you click the
button at the bottom.

LEDs list (left to right):

- ESW_P0_LED_0
- ESW_P1_LED_0
- ESW_P2_LED_0
- ESW_P3_LED_0
- ESW_P4_LED_0
- CTS2_N (GPIO10, configured as "status" LED)
- LED_WLAN# (connected with pin 44 in wifi1 slot)

Signed-off-by: David Bentham <db260179@gmail.com>
[add DEVICE_VARIANT, fix DEVICE_PACKAGES, remove &gpio]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 17:31:51 +01:00
Martin Kennedy
55d2db0e8c ath79: add support for Meraki MR12
Port device support for Meraki MR12 from the ar71xx target to ath79.

Specifications:

  - SoC: AR7242-AH1A CPU
  - RAM: 64MiB (NANYA NT5DS32M16DS-5T)
  - NOR Flash: 16MiB (MXIC MX25L12845EMI-10G)
  - Ethernet: 1 x PoE Gigabit Ethernet Port (SoC MAC + AR8021-BL1E PHY)
  - Ethernet: 1 x 100Mbit port (SoC MAC+PHY)
  - Wi-Fi: Atheros AR9283-AL1A (2T2R, 11n)

Installation:

  1. Requires TFTP server at 192.168.1.101, w/ initramfs & sysupgrade .bins
  2. Open shell case
  3. Connect a USB->TTL cable to headers furthest from the RF shield
  4. Power on the router; connect to U-boot over 115200-baud connection
  5. Interrupt U-boot process to boot Openwrt by running:
       setenv bootcmd bootm 0xbf0a0000; saveenv;
       tftpboot 0c00000 <filename-of-initramfs-kernel>.bin;
       bootm 0c00000;
  6. Copy sysupgrade image to /tmp on MR12
  7. sysupgrade /tmp/<filename-of-sysupgrade>.bin

Notes:

  - kmod-owl-loader is still required to load the ART partition into the
    driver.

  - The manner of storing MAC addresses is updated from ar71xx; it is
    at 0x66 of the 'config' partition, where it was discovered that the
    OEM firmware stores it. This is set as read-only. If you are
    migrating from ar71xx and used the method mentioned above to
    upgrade, use kmod-mtd-rw or UCI to add the MAC back in. One more
    method for doing this is described below.

  - Migrating directly from ar71xx has not been thoroughly tested, but
    one method has been used a couple of times with good success,
    migrating 18.06.2 to a full image produced as of this commit. Please
    note that these instructions are only for experienced users, and/or
    those still able to open their device up to flash it via the serial
    headers should anything go wrong.

    1) Install kmod-mtd-rw and uboot-envtools
    2) Run `insmod mtd-rw.ko i_want_a_brick=1`
    3) Modify /etc/fw_env.config to point to the u-boot-env partition.
       The file /etc/fw_env.config should contain:

       # MTD device   env offset  env size    sector size
       /dev/mtd1      0x00000     0x10000     0x10000

       See https://openwrt.org/docs/techref/bootloader/uboot.config
       for more details.

    4) Run `fw_printenv` to verify everything is correct, as per the
       link above.
    5) Run `fw_setenv bootcmd bootm 0xbf0a0000` to set a new boot address.
    6) Manually modify /lib/upgrade/common.sh's get_image function:
       Change ...

       cat "$from" 2>/dev/null | $cmd

       ... into ...

       (
         dd if=/dev/zero bs=1 count=$((0x66)) ; # Pad the first 102 bytes
         echo -ne '\x00\x18\x0a\x12\x34\x56'  ; # Add in MAC address
         dd if=/dev/zero bs=1 count=$((0x20000-0x66-0x6)) ; # Pad the rest
         cat "$from" 2>/dev/null
       ) | $cmd

       ... which, during the upgrade process, will pad the image by
       128K of zeroes-plus-MAC-address, in order for the ar71xx's
       firmware partition -- which starts at 0xbf080000 -- to be
       instead aligned with the ath79 firmware partition, which
       starts 128K later at 0xbf0a0000.

    7) Copy the sysupgrade image into /tmp, as above
    8) Run `sysupgrade -F /tmp/<sysupgrade>.bin`, then wait

    Again, this may BRICK YOUR DEVICE, so make *sure* to have your
    serial cable handy.

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
[add LED migration and extend compat message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 16:56:08 +01:00
Ewan Parker
ddafcc7947 ramips: add support for Hi-Link HLK-7688A
Specifications:

  - SoC: MediaTek MT7688AN
  - RAM: 128 MB
  - Flash: 32 MB
  - Ethernet: 5x 10/100 (1x WAN, 4x LAN)
  - Wireless: built in 2.4GHz (bgn)
  - USB: 1x USB 2.0 port
  - Buttons: 1x Reset
  - LEDs: 1x (WiFi)

Flash instructions:

  - Configure TFTP server with IP address 10.10.10.3
  - Name the firmware file as firmware.bin
  - Connect any Ethernet port to the TFTP server's LAN
  - Choose option 2 in U-Boot
  - Alternatively choose option 7 to upload firmware to the built-in
    web server

MAC addresses as verified by OEM firmware:

  use   address   source
  2g    *:XX      factory 0x4
  LAN   *:XX+1    factory 0x28
  WAN   *:XX+1    factory 0x2e

Notes:

This board is ostensibly a module containing the MediaTek MT7688AN SoC,
128 MB DDR2 SDRAM and 32 MB flash storage.  The SoC can be operated in
IoT Gateway Mode or IoT Device Mode.

From some vendors the U-Boot that comes installed operates on UART 2
which is inaccessible in gateway mode and operates unreliably in the
Linux kernel when using more than 64 MB of RAM.  For those, updating
U-Boot is recommended.

Signed-off-by: Ewan Parker <ewan@ewan.cc>
[add WLAN to 01_leds]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 14:54:47 +01:00
Paul Spooren
a17b8eaa2e build: use SPDX license tags
The license folder is a core part of OpenWrt and all GPL-2.0 licensed.
Use SPDX license tags to allow machines to check licenses.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, keep some Copyright lines, sharpen commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-05 14:54:47 +01:00
Daniel Golle
381a458d58 selinux-policy: update to version 0.6
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-05 13:17:49 +00:00
Daniel Golle
a21be2a703 kernel: add defaults for new SELinux options
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-05 13:17:49 +00:00
John Audia
36c9cf3e51 kernel: bump 5.4 to 5.4.95
Ran update_kernel.sh in a fresh clone without any existing toolchains.

Removed upstreamed patches:
 imx6: 303-ARM-dts-imx6qdl-gw52xx-fix-duplicate-regulator-namin.patch

Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
2021-02-04 22:07:32 +01:00
Petr Štetiar
43ff6e641e hostapd: add forgotten patch for P2P vulnerability fix
Commit 7c8c4f1be6 ("hostapd: fix P2P group information processing
vulnerability") was missing the actual patch for the vulnerability.

Fixes: 7c8c4f1be6 ("hostapd: fix P2P group information processing vulnerability")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-04 09:11:50 +01:00
Daniel Golle
7c8c4f1be6 hostapd: fix P2P group information processing vulnerability
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-04 01:05:32 +00:00
Daniel Golle
104d60fe94 trusted-firmware-a.mk: add PKG_CPE_ID
Vulnerabilities of Trusted Firmware A are tracked as
cpe:/a:arm:arm_trusted_firmware

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-04 01:05:12 +00:00
Daniel Golle
c3959cd54f arm-trusted-firmware-mediatek: make use of trusted-firmware-a.mk
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-03 15:19:14 +00:00