All hash algorithms use the same base IFX_HASH_CON to access the hash unit.
Parallel threads should not be able to call different hash algorithms and
therefor a global lock is required.
Fixed linker warning, that md5_hmac_init, md5_hmac_update and
md5_hmac_final are static export symbols. The export symbols are not
required, because the functions are exposed using shash_alg structure.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The functions ifx_deu_aes_cfg and ifx_deu_aes_ofb have been part of the
driver ever since. But the functions and definitions to make the
algorithms actually usable were missing.
This patch adds the neccessary code for aes_ofb and aes_cfb algorithms.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
When running cryptomgr tests against the driver, there are several
occurences of different errors for even and uneven splitted data in the
underlying scatterlists for the ctr and ctr_rfc3686 algorithms which are
now fixed.
Fixed error in ctr_rfc3686_aes_decrypt function which was introduced with
the previous commit by using CRYPTO_DIR_ENCRYPT in the decrypt function.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
When running cryptomgr tests against the driver, there are several
occurences of different errors for setkey of des and des3-ede
algorithms.
Those key checks are already implemented in the kernels des
implementation, so this is added as dependency and the kernel methods
are called. It also required adding the kernels des/des3 context
definitions to the des_ctx internal structure to be able to call the
kernel methods.
Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x;
expected_error=-22.
Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0,
actual_error=-22.
Renamed des_ctx internal structure and des_encrypt/des_decrypt methods
because they are already defined in the kernel module.
Fixed wrong DES_xxx constant definitions in crypto_alg definition for
ifxdeu_des3_ede_alg.
Fixed method comment errors.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The <linux/cryptohash.h> was removed with Linux 5.8, because it only
contained the library implementation of SHA1, which was folded
into <crypto/sha.h>.
So switch this driver away from using <linux/cryptohash.h>.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Convert blkcipher to skcipher for the synchronous versions of AES,
DES and ARC4.
The Block Cipher API was depracated for a while and was removed with
Linux 5.5. So switch this driver to the skcipher API.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Some devices initialize AES during boot and AES works out of the box
and the correct endianess is set.
NDC means (No Danube Compatibility Mode) and the endianess setting has
no effect if its set to 0.
NDC 0: OFF ENDI bit cannot be written as in Danube
To make it work for other devices, the NDC control register needs to
be set to 1.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
OpenSSL with cryptdev support uses the data encryption unit (DEU) driver
for hard accelerated processing of ciphers/digests, if the flag
CRYPTO_ALG_KERN_DRIVER_ONLY is set.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Even if the minimum blocksize is set to 16 (AES_BLOCK_SIZE), the crypto
manager tests pass 499 bytes of data to the aes-ctr encryption, from
which only 496 bytes are actually encrypted.
Reading the comment regarding the minimum blocksize, it only states that
it's the "smallest possible unit which can be transformed with this
algorithm". Which doesn't necessarily mean, the data have to be a
multiple of the minimal blocksize.
All kernel hardware crypto driver enforce a minimum blocksize of 1,
which perfect fine works for the lantiq data encryption unit as well.
Lower the blocksize limit to 1, to process not padded data as well.
In AES for processing the remaining bytes, uninitialized pointers
were used.
This patch fixes using uninitialized pointers and wrong offsets.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
When handling non-aligned remaining data (not padded to 16 byte
[AES_BLOCK_SIZE]), a full 16 byte block is read from the input buffer
and written to the output buffer after en-/decryption.
While code already assumes that an input buffer could have less than 16
byte remaining, as it can be seen by the code zeroing the remaining
bytes till AES_BLOCK_SIZE, the full AES_BLOCK_SIZE is read.
An output buffer size of a multiple of AES_BLOCK_SIZE is expected but
never validated.
To get rid of the read/write behind buffer, use a temporary buffer when
dealing with not padded data and only write as much bytes to the output
as we read.
Do not memcpy directly to the register, to make used of the endian swap
macro and to trigger the crypto start operator via the ID0R to trigger
the register. Since we might need an endian swap for the output in
future, use a temporary buffer for the output as well.
The issue could not be observed so far, since all caller of ifx_deu_aes
will ignore the padded (remaining) data. Considering that the minimum
blocksize for the algorithm is set to AES_BLOCK_SIZE, the behaviour
could be called expected.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
The crypto algorithms are registered and available to the system before
the chip is actually powered on and the generic parameter for the DEU
behaviour set.
The issue can mainly be observed if the crypto manager tests are enabled
in the kernel config. The crypto manager test run directly after an
algorithm is registered.
Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
To easy future maintainance, replace the local patch with what has been
accepted into net-next and is likely to end up in Linux 5.17.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
To allows Ethernet phys supporting 2500Base-T mode to announce that
speed, enable the corresponding bit in mtk_eth_soc driver.
This should hopefully unlock 2500Base-T speed on the UniFi 6 LR.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* correctly set system side interface, the original patch was
errornous and there is a follow-up fix for it
* enable phy statistics for AQR112(+R/C) and ARQ412
(ethtool --phy-statistics ethX)
Tested, including phy-statistics, on
- IEI Puzzle M901 (AQR112, AQR112C, AQR112R)
- IEI Puzzle M902 (AQR113, AQR112R)
- Ubiquiti UniFi 6 LR (AQR112C)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The target is in an incomplete state and will not receive Kernel 5.10
support, ego it should be dropped before the next release.
People are working on ipq807x with Kernel 5.15 which is only relevant
for the second next release. Once a working patchset exists the target
can be added again.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Compiling without fPIC causes linking issues for packages using liblua.
Add $(HOST_FPIC) to host builds for both lua and lua5.3.
Suggested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Backport qca8k new feature:
- Ageing configuration support
- Add 2 missing counter on qca8337
- Convert to regmap
- Standardize define and code with GENMASK AND BITFILED macro
- Add mdb add/del support
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Backport 3 additional fixes for qca8k.
- Fix MTU calculation
- Fix a bug with config set to the wrong PAD when secondary cpu port is defined.
- Fix redundant check in parse_port_config
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/mt7621*
*Had to revert 7f1edbd in order to build due to FS#4149
Signed-off-by: John Audia <graysky@archlinux.us>
Properly declare that the g10 is booting from NAND and define its
correct (larger than on other devices-) boot_pages_size, to prevent
the kernel from constantly falling over missing OOB error correction
for the bootloader.
This patch prevents a constant slew of (bogus) read errors reported
by the kernel and keeping the CPU busy and fixes:
blk_update_request: I/O error, dev mtdblock0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 0
blk_update_request: I/O error, dev mtdblock0, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 0
blk_update_request: I/O error, dev mtdblock0, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0
blk_update_request: I/O error, dev mtdblock0, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
blk_update_request: I/O error, dev mtdblock0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
Buffer I/O error on dev mtdblock0, logical block 0, async page read
blk_update_request: I/O error, dev mtdblock0, sector 32 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0
blk_update_request: I/O error, dev mtdblock0, sector 40 op 0x0:(READ) flags 0x80700 phys_seg 7 prio class 0
blk_update_request: I/O error, dev mtdblock0, sector 48 op 0x0:(READ) flags 0x80700 phys_seg 6 prio class 0
blk_update_request: I/O error, dev mtdblock0, sector 56 op 0x0:(READ) flags 0x80700 phys_seg 5 prio class 0
blk_update_request: I/O error, dev mtdblock0, sector 64 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 0
Buffer I/O error on dev mtdblock0, logical block 1, async page read
Buffer I/O error on dev mtdblock1, logical block 0, async page read
Buffer I/O error on dev mtdblock1, logical block 1, async page read
Buffer I/O error on dev mtdblock2, logical block 0, async page read
Buffer I/O error on dev mtdblock2, logical block 1, async page read
Buffer I/O error on dev mtdblock3, logical block 0, async page read
Buffer I/O error on dev mtdblock3, logical block 0, async page read
Buffer I/O error on dev mtdblock4, logical block 0, async page read
Buffer I/O error on dev mtdblock4, logical block 1, async page read
Suggested-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Arch Linux users have encountered problems with packages that have a dependency on binutils. This error happens when libtool is doing:
libtool: relink: ...
So change PKG_FIXUP to "patch-libtool".
Fixes error in the form of:
libtool: install: error: relink `libctf.la' with the above command
before installing it
Upstream Bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=28545
OpenWrt Bug:
https://bugs.openwrt.org/index.php?do=details&task_id=4149
Acked-by: John Audia <graysky@archlinux.us>
Signed-off-by: Nick Hainke <vincent@systemli.org>
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
RT-AC57U and RT-AC1200GU are the same models sold in different countries.
The purpose of this commit is to allow users to easily find the
corresponding firmware through the model number on the device label.
More specifications: 14e0e4f138 ("ramips: add support for ASUS RT-AC57U")
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
[reword commit title/message]
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
ipTIME T5004 is a 5-port Gigabit Ethernet router, based on MediaTek MT7621A.
Specifications:
* SoC: MT7621AT
* RAM: 128 MiB
* Flash: NAND 128 MiB
* Ethernet: 5x 1GbE
* Switch: SoC built-in
* UART: J4 (57600 baud)
* Pinout: [3V3] (TXD) (RXD) (GND)
Installation via web interface:
1. Flash **initramfs** image through the stock web interface.
2. Boot into OpenWrt and perform sysupgrade with sysupgrade image.
Revert to stock firmware via recovery mode:
1. Press reset button, power up the device, wait >15s for CPU LED
to stop blinking.
2. Upload stock image to TFTP server at 192.168.0.1.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Recently the hostapd has undergone many changes. The patches were not refreshed.
Refreshed with
make package/hostapd/{clean,refresh}
Refreshed:
- 380-disable_ctrl_iface_mib.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 720-iface_max_num_sta.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
This is required to be able to use flow offloading on devices with
ifnames that start with a digit, like 6in4-wan6.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* Add support for Sophos SG/XG-115 r1, r2 with/without wireless
* Add support for Sophos SG/XG-125 r1, r2 with/without wireless
* Add wireless support for SG/XG-105
Signed-off-by: Raylynn Knight <rayknight@me.com>
On startup the USB of QCA9531 board can't be initialized successfully.
lsusb result as below:
root@OpenWrt:~# lsusb unable to initialize libusb: -99
This is because usb-phy-analog is not added to reset list.
Signed-off-by: Jinfan Lei <153869379@qq.com>
(added linebreaks and small little changes to the commit message)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
mtd: spi-nor: locking support for MX25L6405D
Macronix MX25L6405D supports locking with four block-protection bits.
Currently, the driver only sets three bits. If the bootloader does not
sustain the flash chip in an unlocked state, the flash might be
non-writeable. Add the corresponding flag to enable locking support with
four bits in the status register.
mtd: spi-nor: disable 16-bit-sr for macronix
Macronix flash chips seem to consist of only one status register.
These chips will not work with the "16-bit Write Status (01h) Command".
Disable SNOR_F_HAS_16BIT_SR for all Macronix chips.
Refreshed:
- 0052-mtd-spi-nor-use-4-bit-locking-for-MX25L12805D.patch
Fixes: 15aa53d7ee ("ath79: switch to Kernel 5.10")
Signed-off-by: Nick Hainke <vincent@systemli.org>
Chromium based web-browsers (version >58) checks x509v3 extended attributes.
If this check fails then chromium does not allow to click "Proceed to ...
(unsafe)" link. This patch add three x509v3 extended attributes to self-signed
certificate:
1. SAN (Subject Alternative Name) (DNS Name) = CN (common name)
2. Key Usage = Digital Signature, Non Repudiation, Key Encipherment
3. Extended Key Usage = TLS Web Server Authentication
SAN will be added only if CONFIG_WOLFSSL_ALT_NAMES=y
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)
It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
ipTIME A3004T is a 2.4/5GHz band router, based on Mediatek MT7621.
Specifications:
- SoC: MT7621 (880MHz)
- RAM: DDR3 256M
- Flash: NAND 128MB (Macronix NAND 128MiB 3,3V 8-bit)
- WiFi:
- 2.4GHz: MT7615E
- 5GHz : MT7615E
- Ethernet:
- 4x LAN
- 1x WAN
- USB: 1 * USB3.0 port
- UART:
- 3.3V, TX, RX, GND / 57600 8N1
Installation via web interface:
1. Flash initramfs image using OEM's Recovery mode
2. Boot into OpenWrt and perform sysupgrade with sysupgrade image.
Revert to stock firmware:
- Flash stock firmware via OEM's Recovery mode
How to use OEM's Recovery mode:
1. Power up with holding down the reset key until CPU LED stop blinking.
2. Set fixed ip with `192.168.0.2` with subnet mask `255.255.255.0`
3. Flash image via tftp to `192.168.0.1`
Additional Notes:
This router shares one MT7915E chip for both 2.4Ghz/5Ghz.
radio0 will not working on 5Ghz as it's not connected to the antenna.
Signed-off-by: WonJung Kim <git@won-jung.kim>
(added led dt-bindings)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
WeVO AIR DUO is a 1-bay NAS & 802.11ac (Wi-Fi 5) router, based on
MediaTek MT7620A.
Specifications:
* SoC: MT7620A
* RAM: 64 MiB
* Flash: SPI NOR 16 MiB
* USB & SATA bridge controller: JMicron JMS567
* SATA 6Gb/s: 2.5" drive slot
* USB 3.0: Micro-B
* USB 2.0: connected to SoC
* Wi-Fi:
* 2.4 GHz: SoC built-in
* 5 GHz: MT7612EN
* Ethernet: 5x 1GbE
* Switch: MT7530WU
* UART: 4-pin 1.27 mm pitch through-hole (57600 baud)
* Pinout: (3V3)|(RXD) (TXD) (GND)
Notes:
* The drive is accessible through the external USB port only when the
router is turned off.
Installation via web interface:
1. Flash **initramfs** image through the stock web interface.
The image filename should have ".upload" extension.
2. Boot into OpenWrt and perform sysupgrade with sysupgrade image.
Revert to stock firmware:
1. Perform sysupgrade with stock image.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
According to the vendor [1] these HATs share the same DT overlay:
hifiberry-dacplus. The PCM512x-compatible control unit is attached to
I2C, so the additional snd-soc-pcm512x-i2c kernel module is required.
Also explicitly note the Amp2 support to reduce confusion for those
users.
[1] <https://www.hifiberry.com/docs/software/configuring-linux-3-18-x/>
Signed-off-by: Torsten Duwe <duwe@lst.de>
(added bcm27xx tag, changed commit message)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
NETGEAR ReadyNAS Duo v2 is a NAS based on Marvell kirkwood SoC.
Specification:
- Processor Marvell 88F6282 (1.6 GHz)
- 256MB RAM
- 128MB NAND
- 1x GBE LAN port (PHY: Marvell 88E1318)
- 1x USB 2.0
- 2x USB 3.0
- 2x SATA
- 3x button
- 5x leds
- serial on J5 connector accessible from rear panel
(115200 8N1) (VCC,TX,RX,GND) (3V3 LOGIC!)
Installation by USB + serial:
- Copy initramfs image to fat32 usb drive
- Connect pendrive to USB 2.0 front socket
- Connect serial console
- Stop booting in u-boot
- Do:
usb reset
setenv bootargs 'console=ttyS0,115200n8 earlyprintk'
setenv bootcmd 'nand read.e 0x1200000 0x200000 0x600000;bootm 0x1200000'
saveenv
fatload usb 0:1 0x1200000 openwrt-kirkwood-netgear_readynas-duo-v2-initramfs-uImage
bootm 0x1200000
- copy sysupgrade image via ssh.
- run sysupgrade
Installation by TFTP + serial:
- Setup TFTP server and copy initramfs image
- Connect serial console
- Stop booting in u-boot
- Do:
setenv bootargs 'console=ttyS0,115200n8 earlyprintk'
setenv bootcmd 'nand read.e 0x1200000 0x200000 0x600000;bootm 0x1200000'
saveenv
setenv serverip 192.168.1.1
setenv ipaddr 192.168.1.2
tftpboot 0x1200000 openwrt-kirkwood-netgear_readynas-duo-v2-initramfs-uImage
bootm 0x1200000
- copy sysupgrade image via ssh.
- run sysupgrade
Known issues:
- Power button and PHY INTn pin are connected to the same GPIO. It
causes that every network restart button is pressed in system.
As workaround, button is used as regular BTN_1.
For more info please look at file:
RND_5.3.13_WW.src/u-boot/board/mv_feroceon/mv_hal/usibootup/usibootup.c
from Netgear GPL sources.
Tested-by: Raylynn Knight <rayknight@me.com>
Tested-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Linkstation poweroff driver was added to mvebu target, but is required
for kirkwood target too.
This commit make two changes:
- move linkstation-poweroff support patch from mvebu to generic and
replace upstream accepted version
- backport small linkstation-poweroff fix from 5.12
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
This patch adds kernel module for Global Mixed-mode Technology Inc
G762 and G763 fan speed PWM controller chips.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
This commits adds the ability to print Kernel versions of all
targets/subtargets. If a testing Kernel is set print that version as
well.
Example output:
apm821xx/nand 5.10
apm821xx/sata 5.10
arc770/generic 5.4
archs38/generic 5.4
armvirt/32 5.10
armvirt/64 5.10
at91/sam9x 5.10
at91/sama5 5.10
ath25/generic 5.4
ath79/generic 5.4 5.10
ath79/mikrotik 5.4 5.10
--- %< ---
This should help to get a quick update on the state of Kernels.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The GPIO expander is connected via I2C, thus the can_sleep flag has to
be set to true. This should fix spurious "scheduling while atomic" bugs
in the kernel ringbuffer.
Signed-off-by: David Bauer <mail@david-bauer.net>
The build fails when the openssl/sha.h header file is not installed on
the host system. Fix this by setting the HOSTCCFLAGS variable to the
OpenWrt HOST_CFLAGS variable, without setting this the include paths and
other modifications in the host flags done by OpenWrt will be ignored by
the build.
This fixes the following build problem:
gcc -c -D_GNU_SOURCE -D_XOPEN_SOURCE=700 -Wall -Werror -pedantic -std=c99 -O2 -I../../include/tools_share fiptool.c -o fiptool.o
In file included from fiptool.h:16,
from fiptool.c:19:
fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
19 | # include <openssl/sha.h>
| ^~~~~~~~~~~~~~~
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The build of the manpages needs the pandoc tool, this is not in the
minimal requirements of OpenWrt, just remove the build of the restool
manpage. This fixes the build on systems without pandoc like the OpenWrt build bots.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upon comment of Russell King ('Oh no, not this "-1 disease" again.')
clean up mdio read and write return type and value in mtk_eth_soc
driver and also use appropriate return values for bus-busy-timeout-
errors in newly added Clause 45 access code.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Up to now the WPS script triggered WPS on the stations only if it
could not trigger it successfully on any hostapd instance.
In a Multi-AP context, there can be a need (to establish a new
wireless backhaul link) to trigger WPS on the stations, regardless of
whether there is already a hostapd instance configured or not. The
current script makes it impossible, as if hostapd is running and
configured, WPS would always be triggered on hostapd only.
To allow both possibilities, the following changes are made:
- Change the "pressed" action to "release", so that we can make use of
the "$SEEN" variables (to know for how long the button was pressed).
- If the button is pressed for less than 3 seconds, keep the original
behavior.
- If the button is pressed for 3 seconds or more, trigger WPS on the
stations, regardless of the status of any running hostapd instance.
- Add comments explaining both behaviors.
- While at it, replace the usage of '-a' with a '[] && []'
construct (see [1]).
This gives users a "fallback" mechanism to onboard a device to a
Multi-AP network, even if the device already has a configured hostapd
instance running.
[1]: https://github.com/koalaman/shellcheck/wiki/SC2166
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>