After a long time QCA has pushed an updated release of 2.9.0.1 firmware
for IPQ8074 and QCN9074, so lets update to 2.9.0.1-01977.
Sadly, still nothing new for IPQ6018.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Many can kernel modules are now gated by the newly introduced
CONFIG_CAN_NETLINK configuration option. Activate it to build the can
drivers again.
This was changed in this upstream Linux commit:
https://git.kernel.org/linus/df6ad5dd838e0fa543ca28ca6154901fa65a9443
This should fix these warnings with kernel 6.1 and 6.6:
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-c-can is not available in the kernel config - generating empty package
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-c-can-pci is not available in the kernel config - generating empty package
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-c-can-platform is not available in the kernel config - generating empty package
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-mcp251x is not available in the kernel config - generating empty package
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-slcan is not available in the kernel config - generating empty package
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-usb-8dev is not available in the kernel config - generating empty package
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-usb-ems is not available in the kernel config - generating empty package
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-usb-kvaser is not available in the kernel config - generating empty package
logs/package/kernel/linux/compile.txt:WARNING: kmod-can-usb-peak is not available in the kernel config - generating empty package
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The algif_rng.ko kernel module depends on the rng.ko kernel module with
kernel 6.6 when compiling for MIPS malta.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Debian changelog:
intel-microcode (3.20240312.1) unstable; urgency=medium
* New upstream microcode datafile 20240312 (closes: #1066108)
- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
Protection mechanism failure of bus lock regulator for some Intel
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.
- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
Non-transparent sharing of return predictor targets between contexts in
some Intel Processors may allow an authorized user to potentially
enable information disclosure via local access. Affects SGX as well.
- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
Information exposure through microarchitectural state after transient
execution from some register files for some Intel Atom Processors and
E-cores of Intel Core Processors may allow an authenticated user to
potentially enable information disclosure via local access. Enhances
VERW instruction to clear stale register buffers. Affects SGX as well.
Requires kernel update to be effective.
- Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
Processors when using Intel SGX or Intel TDX may allow a privileged
user to potentially enable escalation of privilege via local access.
NOTE: effective only when loaded by firmware. Allows SMM firmware to
attack SGX/TDX.
- Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
Incorrect calculation in microcode keying mechanism for some Intel
Xeon D Processors with Intel SGX may allow a privileged user to
potentially enable information disclosure via local access.
* Fixes for other unspecified functional issues on many processors
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
* New microcodes:
sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
* source: update symlinks to reflect id of the latest release, 20240312
* changelog, debian/changelog: fix typos
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Mar 2024 20:28:17 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.
Fixes: 838a27f64f ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
libevent2's cmake use absolute path, then cmake cannot find it when cross compiling:
```
-- Found libevent include directory: /builder/staging_dir/target-mips_24kc_musl/usr/include
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_core.so
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_extra.so
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_openssl.so
-- Found libevent 2.1.12 in /builder/staging_dir/target-mips_24kc_musl/usr
CMake Error at /builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventTargets-shared.cmake:102 (message):
The imported target "libevent::core" references the file
"/usr/lib/libevent_core-2.1.so.7.0.1"
but this file does not exist. Possible reasons include:
* The file was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and contained
"/builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventTargets-shared.cmake"
but not all the files it references.
Call Stack (most recent call first):
/builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventConfig.cmake:168 (include)
CMakeLists.txt:34 (find_package)
```
This patch make cmake use relative imported path, so it can find libevent.
Signed-off-by: Liu Dongmiao <liudongmiao@gmail.com>
For certain lldp_class scenarios (2 & 3) a policy must be set also.
Class 4 is default, although it's good to handle the policy eventuality.
Here, set a default lldp_policy for all lldp_class scenarios. Any
lldp_policy can now be set.
Depends on PR #14584 (which introduced an `if` block)
Tested on 22.03.5, 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
Recent changes for Linux 6.6 broke things when building with older
kernels:
Package kmod-fs-jfs is missing dependencies for the following libraries:
nls_base.ko
Fix this by adding NLS dependencies after the added dependency applying
on Linux 6.6.
Fixes: f9198480da ("kernel: modules: fs: adapt for kernel 6.6")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
A commit introduced in kernel 6.6 has splitted page_pool.h into
several headers. Thus the included header must be modified for a
successful build.
Ref: a9ca9f9ceff3 (page_pool: split types and declarations from
page_pool.h)
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Now that geniv is packaged separately for kernel 6.6, we need to add it
as a dependency to kmod-crypto-seqiv and kmod-crypto-echainiv that require
it under kernel 6.6.
Signed-off-by: Robert Marko <robimarko@gmail.com>
geniv was separated intentionally from aead in kernel 6.5, and since
we now have it packaged separately as well remove it from kmod-aead
in 6.6.
Signed-off-by: Robert Marko <robimarko@gmail.com>
In kernel 6.5 geniv was split from AEAD config symbol, in order to manage
its dependencies on other code.
So, lets do the same in OpenWrt and split it from aead module so others
can depend on geniv directly.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Adapt hwmon kmods for building under kernel 6.6:
* ad7418 now requires regmap
* Invert criteria to allow adt7410 be built with Linux 6.1 as well
as Linux 6.6.
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Adapt crypto kmods for building under kernel 6.6:
* mpi.ko moved from lib/mpi/mpi.ko to lib/crypto/mpi/mpi.ko
* jitterentropy_rng requires SHA3 support for kernel 6.6
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt video kmods for building under kernel 6.6:
* Add drm_exec.ko and drm_suballoc_helper.ko for kmod-drm as they
are added since 6.6 and 6.4
* Add uvc.ko for kmod-video-uvc as related contents was split as a
new module since 6.3
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt block kmods for building under kernel 6.6:
* To build scsi_transport_iscsi.ko, change CONFIG_SCSI_ISCSI_ATTRS
from =y to =m as this config is always tristate since 2.6.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt fs kmods for building under kernel 6.6:
* Add kmod-fs-netfs as dependency for kmod-fs-9p
* Add kmod-fs-netfs as dependency for fs-smbfs-common as netfs is
required for cifs since 6.3
* Add new kmod-nls-ucs2-utils as dependency for smbfs/jfs as UCS2
support was split as new module since 6.6.
* Add kmod-lib-zlib-deflate and kmod-lib-zlib-inflate as
dependencies for kmod-pstore due to crypto API compression was
replaced with zlib_deflate library calls since 6.6
* Remove nfs_ssc.ko from kmod-fs-nfs-common. The nfs_ssc was no
longer a kernel module described by NFS_V4_2_SSC_HELPER since 5.13 [1]
Link:
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/Kconfig?id=d9092b4bb2109502eb8972021a3f74febc931a63
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt usb kmods for building under kernel 6.6:
* Add kmod-phylink as dependency for usb-net-asix
* Add kmod-net-selftests as dependency for usb-net-smsc95xx
* Add kmod-iio-core as dependency for usb-hid-mcp2221 as ADC/DAC
support was added since 6.2 which requires IIO.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt netdevices kmods for building under kernel 6.6:
* Add missing module dependency for kmod-stmmac-core on kmod-of-mdio.
* Invert criteria to allow Airoha EN8811H PHY driver to build with
Linux 6.1 as well as Linux 6.6.
* Mellanox mlx5 driver started exposing thermal sensors and now it requires
hwmon
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adapt netsupport kmods for building under kernel 6.6:
* common part of mqprio was split into a new Kconfig since 6.3.
Add new kmod-sched-mqprio-common as dependency for kmod-sched-mqprio.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt input kmods for building under kernel 6.6:
* kmod-input-touchscreen-edt-ft5x06 depends on kmod-regmap-i2c
from 6.3 as it starts to use regmap to access registers
* CONFIG_HID_SUPPORT needs to be set in addition to CONFIG_HID.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt iio kmods for building under kernel 6.6:
* kmod-iio-lsm6dsx depends on kmod-kmod-industrialio-triggered-buffer
from 6.2
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Make sure patch sequence number is unique by moving patch
440-add-jdcloud_re-cp-03.patch -> 441-add-jdcloud_re-cp-03.patch
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Previously only partially implemented. After commit
5007f488bb lldp_location was never removed
Now, add the value of lldp_location to the generated config.
The location param has a few syntaxes, so the config acquires the first
usage from the man page: 'address country EU'
Supplementary fix for PR #14193 (this param was included in the original
PR #13018 but the lldp_location fixes were absent from PR #14193).
Tested on 22.03.5, 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit 3ce909914a
The lldpd man page says that "configure lldp tx-interval" can
specify an interval value in milliseconds by appending a "ms" suffix to
the figure. Thus mandating string handling, and not integer comparison.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit 909f063066
Now pass two params to get_config_cid_ifaces() for:
cid_interface
interface
Each of which is a CSV of interfaces.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit ac771313eb
portidsubtype takes 1 of 2 possible keywords which do not need quoting:
configure lldp portidsubtype ifname | macaddress
The third keyword 'local' is used in the syntax when individual ports
are being defined:
configure [ports ethX [,…]] lldp portidsubtype local value
When this syntax is used, quoting is useful (see test cases for lldpd).
In the init file, the 'local' syntax is unused.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit c98ee4dbb3
agent-type takes 1 of 3 possible keywords which do not require quoting:
configure lldp agent-type nearest-bridge | nearest-non-tpmr-bridge
| nearest-customer-bridge
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
As the Visionfive V1 board has an Ampak module connected via SDIO, enable
support for SDIO in the brcmfmac module.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
CDNS3 is a SuperSpeed (SS) USB 3.0 Dual-Role-Device (DRD) controller from
Cadence. Add support for this device, and add the required symbols into
the generic configs.
Compile-tested: apm821xx, bcm4908, imx, mpc85xx, pistachio, starfive
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Contrary to common ipTIME NOR devices, the "Config" partition of T5004
and AX2004M contain normal U-Boot environment variables. Renaming the
partition into "u-boot-env" serves for better description, and it also
conforms to common naming practice in OpenWrt.
This patch might also be extended to A3004T, but its u-boot-env
partition layout has not been confirmed yet.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Realtek RTL8188F is an 802.11n 1x1 USB Wi-Fi adapter. It has been
supported by the upstream rtl8xxxu driver since Linux 6.2 kernel.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Probing of the fitblk driver in some situations happens after Linux
attempts to mount rootfs, which then fails.
Always use 'rootwait' kernel parameter when using fitblk for rootfs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The AQL limit for buffered broadcast packets is higher than the maximum
total pending airtime limit. This can get unicast data stuck whenever there
is too much pending broadcast data. Fix this by excluding broadcast AQL from
the total limit.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes libssh, which requires it. Bump ABI_VERSION, since enabling this
option affects data structures in mbedtls include files.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA256 as I knew it supports the optional Crypto Extensions.
However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.
Signed-off-by: Robert Marko <robimarko@gmail.com>
At start I only set qualcommax to use the Crypto Extensions optimized
version of SHA1 as I knew it supports the optional Crypto Extensions.
However, after looking into the tree there are more targets/subtargets
that I could find at least a specification sheet that says the support
Cryptographic Extensions, so lets add them.
Signed-off-by: Robert Marko <robimarko@gmail.com>
ath25 has been on life support for the last couple of releases, eventually
leading to marking it as source-only in 2023.
It has been basically only touched to do a kernel bump so that we can make
the new OpenWrt release which was a challenge due to small RAM amount.
However, with the attempt of kernel 6.1 update it turns out that kernel
cannot even finish booting due to RAM constraints, so its time to let this
target go.
Signed-off-by: Robert Marko <robimarko@gmail.com>
It was announced [1] that the original staging repositories are no longer
used for staging of new firmware binaries. And that the old repository will
be removed [2] in June 2024.
The ath11k-firmware package must therefore point to the new repository
before the old one is no longer accessible.
[1] https://lore.kernel.org/r/bac97f31-4a70-4c4c-8179-4ede0b32f869@quicinc.com
[2] 8d2cc160f3
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Kernel has an ASM optimized version of SHA512 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.
There is a Cryptographic Extension based version as well, but that relies
on ARMv8.2 ISA which I am not aware any of the OpenWrt supported SoC-s use.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has optimized version of SHA2(224 and 256) using the ARMv8 Crypto
Extensions, so lets package it.
Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has an ASM optimized version of SHA256 that was ported from
OpenSSL, so lets package it as it provides significant perfomance
improvement compared to the generic implementation.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Kernel has optimized version of SHA1 using the ARMv8 Crypto Extensions,
so lets package it.
Use it by default for qualcommax as it uses Cortex-A53 core and has ARMv8
CE extensions present.
Signed-off-by: Robert Marko <robimarko@gmail.com>
SHA3 is now required by jitterentropy_rng in kernel 6.6, so lets start
preparing by packaging SHA3 support as its supported in 5.15 and 6.1
kernels as well.
AFAIK, only ARMv8.2 has a crypto extension for SHA3, however I am not aware
of any SoC we support that uses ARMv8.2 ISA so its not enabled currently.
Signed-off-by: Robert Marko <robimarko@gmail.com>
1. Return error if any step of generating tar file fails
2. Use pipefail to avoid calling "gzip" if tar failed
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Reported-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Netgear WAX214 is a 802.11 ax dual-band AP
with PoE. (similar to Engenius EWS357APV3)
Specifications:
• CPU: Qualcomm IPQ6010 Quad core Cortex-A53
• RAM: 512MB of DDR3
• Storage: 128MB NAND (Macronix MX30UF1G18AC)
• Ethernet: 1x 1G RJ45 port (QCA8072) PoE
• WIFI:
2.4GHz: Qualcomm QCN5022 2x2 802.11b/g/n/ax 574 Mbps PHY rate
5GHz: Qualcomm QCN5052 2x2 802.11a/b/g/n/ac/ax 1201 PHY rate
• LEDs:
4 x GPIO-controlled LEDs
- 1 Power LED (orange)
- 1 LAN LED (blue)
- 1 WIFI 5g LED (blue)
- 1 WIFI 2g LED (blue)
black_small_square Buttons: 1x soft reset
black_small_square Power: 12V DC jack or PoE (802.3af )
An populated serial header is onboard, format is
1.25mm 4p (DF13A-4P-1.25H)
RX/TX is working, bootwait is active, secure boot is not
enabled.
The root password of the stock firmware is unknown,
but failsafe mode can be entered to reset the password.
Installation Instructions:
- obtain serial access
- stop auto boot (press "4", Entr boot command line
interface)
- setenv active_fw 0 (to boot from the primary rootfs,
or set to 1 to boot from the secondary rootfs
partition)
- saveenv
- tftpboot the initramfs image
- bootm
- copy
openwrt-qualcommax-ipq60xx-netgear_wax214-squashfs-factory.ubi
to the device
- write the image to the NAND:
- cat /proc/mtd and look for rootfs partition (should
be mtd11,
or mtd12 if you choose active_fw 1)
- ubiformat /dev/mtd11 -f -y
openwrt-qualcommax-ipq60xx-netgear_wax214-squashfs-factory.ubi
- reboot
Note: the firmware is senao-based. But I was unable to build
a valid senao-header into the image.
Maybe they changed the header format and senaoFW isn't
working any more.
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
The dependency can't be satisfied when building using the SDK, breaking
package builds. As the staging and bin dirs are distributed with the SDK
archive, ignoring the dependency is fine when SDK is set.
Fixes: fbb924abff ("build: add $(STAGING_DIR) and $(BIN_DIR) ...")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Some platforms like Raspberry Pi require patching some backup files like
cmdline.txt in order to set the correct root PARTUUID.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Due to previous refactoring in sysupgrade, writing backup archives to
stdout became impossible since the hardcoded gzip output redirection
did not account for the `-` special case filename.
Fix this issue by substituting `-` with `/proc/self/fd/1` in the tar
archive output path variable.
Also remove a redundant `rm -f` of the target file path that occurs
before the file could've possibly been written.
Fixes: #14773
Fixes: https://github.com/openwrt/luci/issues/6961
Fixes: e36cc53092 ("base-files: sysupgrade: use tar helper to include installed_packages.txt")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
In a pristine build, these directories are created as dependencies of
the tools subdir compile, however this step never runs when the tools
compile stamp already exists. Since commit ed6ba2801c ("tools: keep
stamp file in $(STAGING_DIR_HOST)"), this will happen after `make clean`:
$(STAGING_DIR) has been deleted, but the tools stamp still exists, so
the next build will fail because $(STAGING_DIR) has not been set up
correctly.
Fix builds after `make clean` by adding the preparation as dependencies
for the target and package directories as well.
Fixes: ed6ba2801c ("tools: keep stamp file in $(STAGING_DIR_HOST)")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
asterisk-chan-lantiq is by now the only user of the VMMC interface.
And asterisk runs as user 'asterisk' which doesn't give it permission
to open the /dev/vmmc* devices.
Introduce a new user group 'vmmc' and give permission to access the
/dev/vmmc* devices to that group.
Another commit for asterisk-chan-lantiq will add the 'asterisk' user
to that group.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
hostpkg python from packages feed can be picked when do a incremental
build because hostpkg has higher priority in PATH. It may lead build
faliure as it's heavily trimmed (e.g. lacks necessary modules).
For uboot which uses binman and intree dtc, this is forced as hostpkg
python will never provide those modules by default.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The Kirkwood SoCs all have an onchip RTC that can hold the time
over e.g. a reboot which will help if no NTP servers are available.
Create a kernel module package for the Marvell RTC, and add it to
all Kirkwood devices that do not have their own discrete
battery-backed RTC. Adding it to platforms with a proper RTC
is just surplus.
All Kirkwoods have at least one RTC so add RTC to the features
list for Kirkwood as well.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Add u-boot bootloader based on 2023.01 to support D1-based boards, currently:
- Dongshan Nezha STU
- LicheePi RV Dock
- MangoPi MQ-Pro
- Nezha D1
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
U-boot on D1 also uses OpenSBI as its payload. As the current version of
OpenSBI already supports D1 with no further patches required, allow
building it on the upcoming TARGET_d1 too.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.
Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Replace mount + overlay with manually built tar archive that gets
prepended to the actual config files backup. This allows more
flexibility with including extra backup files. They can be included at
any paths and don't require writing to flash or mounting an overlay
which has its own limitations (mount points).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
This allows building uncompressed tar archives from shell scripts (and
compressing them later if needed)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[rmilecki: adapt to sysupgrade needs]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It should be "BananaPi BPi-R3 Mini" instead of just "BananaPi BPi-R3".
Fixes: bc25519f98 ("uboot-mediatek: add builds for BananaPi BPi-R3 mini")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
this patch separates libe2p from e2fsprogs package, like all other
provided libraries are their own packages. Also some development headers
were missing so I added those along with pkg-config files.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
After commit ad62247800 ("base-files: improve lib/upgrade/common.sh")
behavior of export_bootdevice has been made consistent in such way that
always the whole disk device is exported (as that was the case already
when matching via UUID) rather than the partition device.
Do the same for the device holding the fitblk backing partition.
Fixes: 5992f976b3 ("base-files: recognize bootdevice on devices using fitblk")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Boards using the fitblk driver need special treatment when it comes to
detecting the actual block device used to store the image used to boot
from. Transparently handle this in 'export_bootdevice' and provide new
'fitblk_get_bootdev' function to replace implementations in
/lib/upgrade/platform.sh.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use the new fitblk driver on the BananaPi R2 as well as UniElec U7623.
Introduce boot device selection for fitblk's /chosen/rootdisk
handle, similar to how it is already done on MT7622, MT7986 and MT7988.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The default environment for the Linksys E8450 and Belkin RT3200 got
truncated by one line due to a broken patch. While the impact was
luckily only cosmetic, fix it so bootmenu title also shows U-Boot
version again.
Fixes: 6aec3c7b5b ("mediatek: mt7622: modernize Linksys E8450 / Belkin RT3200 UBI build")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
**Netgear LBR20** is a router with two gigabit ethernets , three wifi radios and integrated LTE cat.18 modem.
SoC Type: Qualcomm IPQ4019
RAM: 512 MiB
Flash: 256 MiB , SLC NAND, 2 Gbit (Macronix MX30LF2G18AC)
Bootloader: U-Boot
Modem: LTE CAT.18 Quectel EG-18EA , Max. 1.2Gbps downlink / 150Mbps uplink
WiFi class AC2200:
- radio0 : 5G on QCA9888 , WiFi5- 802.11a/n/ac MU-MIMO 2x2 , 887Mbps , 80MHz - limited for low channels
- radio1: 2,4G on IPQ4019 ,WiFi4- 802.11b/g/n MIMO2x2 300Mbps 40Mhz
- radio2: 5G on IPQ4019 , WiFi5- 802.11a/n/ac MU-MIMO 2x2 , 887Mbps ,80Mhz - limited for high channels (from 100 up to 165) . Becouse of DFS remember to set country before turning on.
Ethernet: 2x1GbE (WAN/LAN1, LAN2)
LEDs: section power : green and red , section on top (orbi) drived by TLC59208F: red, green ,blue and white
USB ports: No
Buttons: 2 Reset and SYNC(WPS)
Power: 12 VDC, 2,5 A
Connector type: Barrel
OpenWRT Installation
1. Simplest way is just do upgrade from webpage with *factory.img
2. You can also do it with standard tool for Netgear's debricking - NMPRFlash
3. Most advanced way is to open device , connect to UART console and :
- Prepare OpenWrt initramfs image in TFTP server root (server IP 192.168.1.10)
- Connect serial console (115200,8n1) to UART connector
- Connect TFTP server to RJ-45 port
- Stop in u-Boot and run u-Boot command:
> setenv serverip 192.168.1.10
> set fdt_high 0x85000000
> tftpboot 0x83000000 openwrt-ipq40xx-generic-netgear_lbr20-initramfs-zImage.itb
> bootm 0x83000000
- Login via ssh
- upload or download *sysupgrade.bin ( like wget ... or scp transfer)
- Install image via "sysupgrade -n" (like “sysupgrade -n /tmp/openwrt-ipq40xx-generic-netgear_lbr20-squashfs-sysupgrade.bin”)
Back to Stock
- Download firmware from official Netgear's webpage , it will be *.img file after decompressing.
- Use NMRPFlash tool ( detailed insructions on project page https://github.com/jclehner/nmrpflash )
Open the case
- Unscrew nuts and remove washers from antenna's conectors.
- There are two Torx T10 screws under the label next to antenna conectors. You have to unglue this label from left and right corner to get it
- Two parts of shell covers will slide out from eachother , you have to unglue two small rubber pads and namplate sticker on bottom to do that.
- PCB is screwed with 4Pcs of Torx T10 screws
- Before lifting up PCB remove pigtiles for LTE antennas and release them from PCB and radiator (black and white wires)
- On other side of PCB ,in left bottom corner there is already soldered with 4 pins UART connector for console. Counting from left it is +3,3V , TX , RX ,GND (reffer to this picture: https://i.ibb.co/Pmrf9KB/20240116-103524.jpg )
BDF's files are in firmware_qca-wireless https://github.com/openwrt/firmware_qca-wireless/ and in parallel sent to ath10k@lists.infradead.org.
Signed-off-by: Marcin Gajda <mgajda@o2.pl>
It seems that ipq-wifi bump included and incorrect PKG_MIRROR_HASH value,
so fix it by using:
make package/firmware/ipq-wifi/check FIXUP=1
Fixes: 70fd815e57 ("qualcommax: ipq807x: add support for Linksys MX5300")
Signed-off-by: Robert Marko <robimarko@gmail.com>
When both variants of ath10k drivers are selected, any driver that is
selected along is being built twice, one for each ath10k variant.
Avoid these redundant builds by introducing an optional second parameter
to config_package that lists the variants for which the package is to be
built.
If the symbol is to be set for all of the variants, $(ALL_VARIANTS) can
be used. This is the case for the mac80211 and cfg80211 modules. If
the parameter is empty, then the module will be selected and thus built
when the first variant is compiled.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Having different build directories is the default when the package
Makefile defines more than one variant.
Mac80211 overrides PKG_BUILD_DIR, not taking different variants in
consideration, which causes clobbering the directories when both
variants are built.
When compiled with AUTOREMOVE=y, the effect is that the package is
unnecessarily rebuilt when the package is compiled again.
Wihout AUTOREMOVE, the problem is worse: the second variant will not be
rebuilt, and you end up with the smallbuffers variant being a copy of
the regular one.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Usage of word "add" was somehow misleading in those functions:
1. They don't really add (as in: append) anything. Result files are
created from scratch.
2. It wasn't clear what adding files means. It could be understood as
adding actual files somewhere (to existing archive?).
Also the word "add" was also a bit ambiguous.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rename function to more accurate and self-explanatory name:
1. Use "archive" in name as this functions creates tar archive
2. Avoid "conffiles" as this function may archive more than that
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit 4fa9aaf0be.
That seemed like a good idea allowing us to include any runtime
generated file in archive. Unfortuantely it broke backups with files
from mounted directories.
When mounting overlay with / as lowerdir its mounts don't propagete in
the mountpoint. That resulted in empty directories:
/tmp/overlay.XXXXXX/backup/tmp/
/tmp/overlay.XXXXXX/backup/var/
/tmp/overlay.XXXXXX/backup/dev/
/tmp/overlay.XXXXXX/backup/proc/
etc.
As some platforms / users try to backup files like /var/dhcp.leases or
/boot/cmdline.txt it means we can't use that solution.
Link: http://lists.openwrt.org/pipermail/openwrt-devel/2024-February/042320.html
Link: https://lore.kernel.org/linux-fsdevel/67bb0571-a6e0-44ea-9ab6-91c267d0642f@gmail.com/T/#u
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This reverts commit bf304d10e9.
That uci-defaults script worked great but generating it required
mounting root dir as overlay lowerdir that needs to be reverted.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In some situations (slow protocol or interfaces with auto 0), the
interfaces are not available during the dnsmasq initialization and
hence, the ignore setting will be skipped.
Install an interface trigger for ignored interfaces in case their
ifname cannot be resolved.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When QCA8072 is used in PSGMII mode with IPQ6018, PCS used for second
PHY port would overlap with one used by SGMII+ port. SoC has register
to select different PCS in such case.
Original code used PHY_ID for this decision, which also had other
issues, but is no longer viable since we moved to upstream QCA807x
driver.
Introduce DT property port3_pcs_channel to allow describing this in DT.
Default value is <2>, and for some QCA8072 designs <4> would be needed.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Currently there are no atf/tpl blobs for rk3566 SoCs
so this commit adds the prebuilt firmware from the vendor.
Signed-off-by: Marius Durbaca <mariusd84@gmail.com>
FriendlyElec renamed the NanoPi R4S board with EEPROM (mac address)
to "enterprise" edition, and it was added as a "new" board in upstream
kernel.
This patch switched to use that upstreamed dts and removed local
EEPROM patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Disabled services should be kept disabled after sysupgrade. This can be
easily handled using a proper uci-defaults script.
Extend sysupgrade to check for disabled services, generate uci-defaults
script disabling them and include it in backup.
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Setting overlay while creating backup allows including extra files in
archive without actually writing them to flash. Right now this feature
is limited to /etc/backup/ directory and is used only for including
installed_packages.txt.
Extend this solution to make it more generic:
1. Always mount overlay while creating backup
2. Overlay whole / to don't limit it to /etc/backup/
This allows including any additional files in backups and adding more
sysupgrade features.
Cc: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Cc: Christian Marangi <ansuelsmth@gmail.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
When tar was failing, it was exiting immediately. Some files and the
tmpfs mount (-k) would remain breaking the next backup attempt.
Also remove redundant $? from exit builtin call as exit already returns
the last command exit code when called.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
tar stderr was probably discarded only to remove this message:
tar: removing leading '/' from member names
However, together with that, any other error would also be discarded.
It is easier to fix that allowing the error message to be printed.
In sysupgrade, the backup file list only uses absolute paths. That way,
the solution is to remove the leading '/' from all files (sed) and chdir
to / (option -C /)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Fix NAND flash layout which was out-of-sync with the definition in
ARM TrustedFirmware-A which expects UBI to start at 0x200000.
Fixes: b03d3644cf ("mediatek: filogic: add BananaPi BPi-R3 mini")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hardware specification
----------------------
SoC: MediaTek MT7986A 4x A53
Flash: 128MB SPI-NAND, 8GB eMMC
RAM: 2GB DDR4
Ethernet: 2x 2.5GbE (Airoha EN8811H)
WiFi: MediaTek MT7976C 2x2 2.4G + 3x3 5G
Interfaces:
* M.2 Key-M: PCIe 2.0 x2 for NVMe SSD
* M.2 Key-B: USB 3.0 with SIM slot
* front USB 2.0 port
LED: Power, Status, WLAN2G, WLAN5G, LTE, SSD
Button: Reset, internal boot switch
Fan: PWM-controlled 5V fan
Power: 12V Type-C PD
Installation instructions for eMMC
----------------------------------
0. Set boot switch to boot from SPI-NAND (assuming stock rom or immortalwrt
running there).
1. Write GPT partition table to eMMC
Move openwrt-mediatek-filogic-bananapi_bpi-r3-mini-emmc-gpt.bin to
the device /tmp using scp and write it to /dev/mmcblk0:
dd if=/tmp/openwrt-*-r3-mini-emmc-gpt.bin of=/dev/mmcblk0
2. Reboot (to reload partition table)
3. Write bootloader and OpenWrt images
Move files to the device /tmp using scp:
- openwrt-*-bananapi_bpi-r3-mini-emmc-preloader.bin
- openwrt-*-bananapi_bpi-r3-mini-emmc-bl31-uboot.fip
- openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
- openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb
Write them to the appropriate partitions:
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-emmc-preloader.bin of=/dev/mmcblk0boot0
dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-emmc-bl31-uboot.fip of=/dev/mmcblk0p3
dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb of=/dev/mmcblk0p4
dd if=/tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb of=/dev/mmcblk0p5
sync
4. Remove the device from power, set boot switch to eMMC and boot into
OpenWrt. The device will come up with IP 192.168.1.1 and assume the
Ethernet port closer to the USB-C power connector as LAN port.
5. If you like to have Ethernet support inside U-Boot (eg. to boot via
TFTP) you also need to write the PHY firmware to /dev/mmcblk0boot1:
echo 0 > /sys/block/mmcblk0boot1/force_ro
dd if=/lib/firmware/airoha/EthMD32.dm.bin of=/dev/mmcblk0boot1
dd if=/lib/firmware/airoha/EthMD32.DSP.bin bs=16384 seek=1 of=/dev/mmcblk0boot1
Installation instructions for NAND
----------------------------------
0. Set boot switch to boot from eMMC (assuming OpenWrt is installed there
by instructions above. Using stock rom or immortalwrt does NOT work!)
1. Write things to NAND
Move files to the device /tmp using scp:
- openwrt-*-bananapi_bpi-r3-mini-snand-preloader.bin
- openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip
- openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
- openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb
Write them to the appropriate locations:
mtd write /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-preloader.bin /dev/mtd0
ubidetach -m 1
ubiformat /dev/mtd1
ubiattach -m 1
volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip)
ubimkvol /dev/ubi0 -N fip -n 0 -s $volsize -t static
ubiupdatevol /dev/ubi0_0 /tmp/openwrt-*-bananapi_bpi-r3-mini-snand-bl31-uboot.fip
cd /lib/firmware/airoha
cat EthMD32.dm.bin EthMD32.DSP.bin > /tmp/en8811h-fw.bin
ubimkvol /dev/ubi0 -N en8811h-firmware -n 1 -s 147456 -t static
ubiupdatevol /dev/ubi0_1 /tmp/en8811h-fw.bin
ubimkvol /dev/ubi0 -n 2 -N ubootenv -s 126976
ubimkvol /dev/ubi0 -n 3 -N ubootenv2 -s 126976
volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb)
ubimkvol /dev/ubi0 -n 4 -N recovery -s $volsize
ubiupdatevol /dev/ubi0_4 /tmp/openwrt-*-bananapi_bpi-r3-mini-initramfs-recovery.itb
volsize=$(wc -c < /tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb)
ubimkvol /dev/ubi0 -n 4 -N recovery -s $volsize
ubiupdatevol /dev/ubi0_4 /tmp/openwrt-*-bananapi_bpi-r3-mini-squashfs-sysupgrade.itb
3. Remove the device from power, set boot switch to NAND, power up and
boot into OpenWrt.
Partially based on immortalwrt support for the R3 mini, big thanks for
doing the ground work!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add PHY driver for Airoha EN8811H PHY and package it as kernel module.
The PHY needs to load firmware from rootfs, so there is no point in
having the driver built-into the kernel.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The R3 mini comes with two Airoha EN8811H PHYs for 2.5G Ethernet.
The driver added to U-Boot expects the firmware for the PHY to be
stored inside UBI volume en8811h-fw or MMC boot1 hardware partition.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add package with firmware for Airoha EN8811H 2.5G Ethernet PHY which
needs to be loaded via MDIO before the PHY can be used.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Firmware for the built-in 2.5G Ethernet PHY of the MediaTek MT7988 SoC
is now part of linux-firmware, so we can package it.
Only a single file is needed with recent driver.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move fip and factory into UBI static volumes.
Use fitblk instead of partition parser.
!! RUN INSTALLER FIRST !!
Existing users of previous OpenWrt releases or snapshot builds will
have to **re-run the updated installer** before upgrading to firmware
after this commit.
DO NOT flash or run even just the initramfs image unless you have
run the updated installer which moves the content of the 'factory'
partition into a UBI volume.
tl;dr: DON'T USE YET!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Modernize bootloader and flash memory layout of the BPi-R64 similar to
how it has also been done for the BPi-R3.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use custom UBI start address 0x80000 on MT7622 which is more than
enough for a single bl2 (MT7622 BootROM doesn't support redundant bl2).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Modernize U-Boot to provide a better reference:
* store fip image in UBI now that TF-A supports that
* switch from uImage.FIT partition parser to new fitblk
virtual firmware block driver (root=/dev/fit0)
* automatically set root device according to boot_mode register
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add environment settings for the BananaPi BPI-R4 router board which
can boot from (and store its bootloader environment on) micro SD card,
SPI-NAND and eMMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use function instead of duplicating the env settings on UBI for
OpenWrt-built U-Boot over and over.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rebase local patches on top of quarterly timed release, allowing to
drop numerous patches which have been accepted upstream since the
release of U-Boot 2023.07.02.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If nodes /chosen/rootdisk-${bootdevice} exists, set /chosen/rootdisk
phandle according to boot device selected by the bootstrap pins.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When erasing large amounts of blocks at once this can take a long
time on slow cards. Instead of a fixed timeout, wait longer if more
blocks are being erased.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add basic U-Boot drop-in replacement compatible with the flash layout
of the vendor loader of the Zbtlink WG3526 (16M) MT7621 router board.
The idea here is a to have a reference build of uboot-mediatek also for
a simple MIPS boards more popular than MT7621 RFB.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add minimalistic tool to allow releasing /dev/fit* devices which is
needed on sysupgrade when using the fitblk driver.
The package is hidden in menuconfig, it should only be selected by
adding it to the default package selection of boards using it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make use of recently added UBI support in MediaTek's ARM
TrustedFirmware-A on new MT7988 SoC.
Load fip from static UBI volume instead of fixed offset on SPIM-NAND
and SNFI.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hide arm-trusted-firmware-mediatek packages from interactive config.
Exposing them only causes confusion and needed variants are anyway
selected as dependencies by uboot-mediatek packages.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Now that Malibu (QCA807x) PHY-s use an upstream driver we dont need support
for defining address of the first PHY in the package so drop the patch.
Signed-off-by: Robert Marko <robimarko@gmail.com>
PoE devices in the realtek target have the possibility to add PSE info
to the board description via 02_network. Make this available for all
targets, by moving the uci_set_poe() function to the globally available
uci-default.sh script.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Drop deprecated Xiaomi LEDs quirk patches as they are not needed anymore
as LEDs are now supported by the upstream qca807x driver.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
If a PHY doesn't use the integrated driver, SSDK use poll the phydev to
get the real PHY mode. qca807x use PSGMII as PHY mode and this specific
mode is not detected in qca SSDK while used in the entire driver.
Add support for it in the hsl_port_phydev_interface_mode_status_get
function used to translate PHY mode to the internal SSDK value.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Disable Malibu PHY driver in Qca SSDK in favor of the upstream version.
The same workaround are applied and the version upstream is just a drop
in replacement and is well tested from the ipq40xx target.
Also using the upstream version permits further support for LEDs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
IPQ60xx uses a different codename for SSDK, so lets pass the correct one
as otherwise SSDK asumes we are building for the old MIPS SoC-s.
Signed-off-by: Robert Marko <robimarko@gmail.com>
[ drop outdated commit description info ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- introduce 'DirectInterface' option to bind exactly to specified interface;
fixes#9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
e.g. verify count of listening endpoints due to dropbear limit (10 for now)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.
schedule 'rsakeyfile' removal for next year release.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
these options allow one to configure U2F/FIDO support in more granular way
inspired by upstream commit aa6559db
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
reduces binary/package size and increases overall performance
also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]
It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]
1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
which is more likely to be than values with commas;
use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.
improves e1bd9645
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- update dropbear to latest stable 2022.83;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
- 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
- 901-bundled-libs-cflags.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
Add the possibility that colored LEDs can also be configured via the uci.
config led 'led1'
option name '<name>'
option sysfs '<path>'
option trigger 'default-on'
option default '1'
--> option color_{$color} '<0-255>'
The supported names of the variable "${color}" for the selected LED can be
queried in the file with the name 'multi_index'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Setting the trigger and checking whether the trigger can be set belong
together and should not be interrupted by other lines of code.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
There are monochrome LEDs that can only display one color. However, there
are also LEDs that can display multiple colors. This can be tested in the
led subsystem of the kernel if the files 'multi_index' and 'multi_intensity'
are present in the folder '/sys/class/leds/<ledname>'.
Until now it was not possible to reset the default color. This commit adds
the missing information in the file '/var/run/led.state' so that the bootup
color can be seen on the LED again when the LED configuration has been changed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
v4l2-common.ko was merged into videodev.ko and no longer exists.
Fixes: ac5671f46c ("kernel: remove obsolete kernel version switches for 4.19")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The maintainer and repository of wireless-regdb has changed.
https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
Changes:
37dcea0 wireless-regdb: Update keys and maintainer information
9e0aee6 wireless-regdb: Makefile: Reproducible signatures
8c784a1 wireless-regdb: Update regulatory rules for China (CN)
149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
4541300 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The coda kernel modules were moved between 5.15 and 6.1.
Adapt the coda-vpu and imx-vdoa modules for that.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Linux 6.1 changed DRM_GEM_DMA_HELPER to a module (drm_dma_helper.ko).
Add this to the drm-imx to fix module dependencies.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Linux 6.1 wraps core video drivers in a MEDIA_PLATFORM_DRIVERS submenu.
Enable that for 6.1 and add some new necessary undefines to
target/linux/generic/config-6.1 to avoid build failures.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
kmod-drm-imx-hdmi depends on kmod-drm-display-helper since 6.1. Include
that in OpenWrt's recipes.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
This adds support for the Fritzbox 7490 device. It contains two
SoCs, one Lantiq without WiFi and one QCA9558 with 2.4GHz
and 5 GHz WiFi. Only the Lantiq has access to the flash memory,
the Atheros runs fully from RAM and is booted by using a remoteproc
kernel module and is not supported with this commit.
The devices were manufactured with varying NAND chips which
requires Micron and non-Micron versions of the images.
Specifications:
- SoC: Lantiq 500 MHz
- RAM: 256 MB
- Storage: 512 MB NAND, 1MB FLASH
- Wireless, separate SOC QCA9558 with 128MB RAM (not supported yet):
· Qualcomm-QCA9558 w/ 3×3 MIMO for 2.4GHz 802.11b/g/n
· Qualcomm-QCA9880 w/ 3×3 MIMO for 5GHz 802.11a/ac
· AG71xx ethernet
- Ethernet: Built-in AR 803x, 7 port 4 phy switch,
4x 1000/100/10 port, Port 5 is fixed and connected to the WASP SOC
- Renesas µPD720202 USB3 PCIe, requires firmware binary on the device
- VDSL2 modem
Unsupported:
- DECT and ISDN telephony
Installation:
Check which NAND the device has by using the following procedure with
stock firmware:
Go to to http://<fritzbox_ip>/support.lua, download the support data
file and search for string "NAND device" to get the manufacturer kernel
output.
Use Micron image if Micron is displayed otherwise the non-Micron image.
Use the eva_ramboot.py script to boot the initramfs image. Follow the
procedure to interrupt booting by ftp into 192.168.178.1 within
5 seconds after poweron.
Then transfer the sysupgrade image to the device and run sysupgrade to
flash it to the NAND.
For making USB work, an renesas xhci firmware file (e.g. v2026) is
needed and it should be copied to /lib/firmware/ (file name
renesas_usb_fw.mem).
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
Comfast CF-E393AX is a dual-band Wi-Fi 6 POE ceiling mount access point.
Oem firmware is a custom openwrt 21.02 snapshot version.
We can gain access via ssh once we remove the root password.
Hardware specification:
SoC: MediaTek MT7981A 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB DDR3
Ethernet: 1x 10/100/1000 Mbps built-in PHY (WAN)
1x 10/100/1000/2500 Mbps MaxLinear GPY211C (LAN)
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976D
LEDS: 1x (Red, Blue and Green)
Button: Reset
UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | VCC GND TX RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface (http://apipaddress/computer/login.html),
and download the
configuration(http://apipaddress/computer/config.html).
2. Rename downloaded backup config - 'backup.file to backup.tar.gz',
Enter 'fakeroot' command then decompress the configuration:
tar -zxf backup.tar.gz
3. Edit 'etc/shadow', update (remove) root password:
With password =
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
'root:$1$xf7D0Hfg$5gkjmvgQe4qJbe1fi/VLy1:19362:0:99999:7:::'
to
Without password =
'root::0:99999:7:::'
'root::0:99999:7:::'
4. Repack 'etc' directory back to a new backup file:
tar -zcf backup-ssh.tar.gz etc/
5. Rename new config tar.gz file to 'backup-ssh.file'
Exit fakeroot - 'exit'
6. Upload new configuration via web interface, now you
can SSH with the following:
'ssh -vv -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa root@192.168.10.1'.
Backup the mtd partitions
- https://openwrt.org/docs/guide-user/installation/generic.backup
7. Copy openwrt factory firmware to the tmp folder to install via ssh:
'scp -o HostKeyAlgorithms=+ssh-rsa \
-o PubkeyAcceptedAlgorithms=+ssh-rsa \
*-mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin \
root@192.168.10.1:/tmp/'
'sysupgrade -n -F \
/tmp/*--mediatek-filogic-comfast_cf-e393ax-squashfs-factory.bin'
8. Once led has stopped flashing - Connect via ssh with the
default openwrt ip address - 'ssh root@192.168.1.1'
9. SSH copy the openwrt sysupgrade firmware and upgrade
as per the default instructions.
Signed-off-by: David Bentham <db260179@gmail.com>
Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]
* Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q parameter
value ([CVE-2023-5678])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Bump PKG_RELEASE which should have been done by commit 7b1c3068b7
("uhttpd: restart when interface to listen becomes available").
Fixes: 7b1c3068b7 ("uhttpd: restart when interface to listen becomes available")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Since we have the 'GPIO support' menu, it is strange to look up
gpio related modules in 'Other modules' menu. So move these
modules and put them in the gpio menu.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Send error output of umount to /dev/null to mute error in case
ubiblock device has already been unmounted (which is usually the
case).
Gets rid of bogus error message:
umount: can't unmount /dev/ubiblock0_4: Invalid argument
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently uhttpd won't start with a listening interface configured if
the interface isn't already up at the time uhttpd starts. Make sure we
attempt to start uhttpd when it comes up.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changelog:
edddd80 Release libbsd 0.11.8
dd0bdb5 test: Close all descriptors before initializing them for closefrom()
0813f37 build: Check out-of-tree builds in CI
df116b5 Adjust strlcpy() and strlcat() per glibc adoption
ecb44e1 Do not add a pointer to the NULL constant
459b7f7 Do not confuse code analyzers with out-of-bounds array access look alike
a44f885 test: Fix short-lived memory leak
3f5ca0a build: Add a coverage regex to the CI job
9d3e59a man: Use VARIANTS instead of ALTERNATIVES in libbsd(7)
f02562d man: Markup function references with Xr instead of Fn
b7367c9 build: Add missing dash to macro title bar
6777eb6 pwcache: Do not declare uidtb and gidtb when not used
d4e0cdc fgetln: Include <stdio.h> after <sys/*>
f41d6c1 build: Refactor GNU .init_array support check into a new m4 function
30b48ed build: Refactor linker script detection into a new m4 function
d0d8d01 build: Do not provide prototypes for arc4random() on Solaris
cf61ebb build: Do not build the progname module if it is not needed
73b25a8 build: Sort entries alphabetically
5434ba1 build: Conditionalize wcslcpy() and wcslcat() functions on macOS
dc1bd1a build: Conditionalize only id-from-name functions not the entire pwcache
edc746e build: Conditionalize getprogname()/setprogname on macOS
8f998d1 progname: Include <procinfo.h> if available
d08163b build: Check whether we need libperfstat on AIX
1186cf8 build: Annotate droppable functions for musl on next SOVERSION bump
6385ccc build: Conditionalize bsd_getopt() on macOS
c120681 Move the version script comments before the symbols
9fa0676 Port getprogname() to AIX
92337b1 Make getprogname() porting mandatory
90b7f3a test: Do not use /dev/null as compiler output file
426bf45 build: Add generated *.sym files to .gitignore
21d12b0 build: On macOS do not build functions provided by the system
bc65806 build: Select whether to include funopen() in the build system
8b7a4d9 build: Move Windows OS detection to the OS features section
ccbfd1c build: Remove __MUSL__ definition from configure
e0976d7 build: Add a new libbsd_strong_alias() macro and switch users to it
49c7dd1 build: Only emit link warnings for ELF objects
8622767 build: Use an export symbols file if there is no version script support
8f61036 build: Add -no-undefined libtool flag
ae7942b build: Do not override the default DEPENDENCIES for libbsd
a5faf17 Only use <stdio_ext.h> if present
06e8a1b Define _NSIG if it is not defined by the system
44824ac Declare environ if the system does not do so
1fb6c3f Use lockf() when flock() is not available
fe16f38 test: Use open_memstream() only if available
7c652a9 test: Do not hardcode root:root user and group names
ed2eb31 test: Fix closefrom() test on macOS
0f8bcdf test: Fix closefrom() test to handle open file descriptor limits
07192b3 test: Disable blank_stack_side_effects() on non-Hurd systems
ca3db5e build: Do not enable ASAN for musl CI pipelines
ff46386 man: Add HISTORY section to arc4random(3bsd)
4c6da57 man: Switch arc4random(3bsd) man page from OpenBSD to NetBSD
830dd88 doc: Remove written-by attribution
257800a build: Add support for sanitizer compiler flags
536a7d4 test: Exempt blank_stack_side_effects() from sanitizer checks
7ed5de0 test: Import explicit_bzero() sanitizer support changes from OpenBSD
05a802a test: Fix memory leaks in fpurge test
5962e03 man: Fix BSD and glibc versions
59a21c7 man: Update STANDARDS and HISTORY sections
7b4ebd6 include: Adjust closefrom() per glibc adoption
0dfbe76 build: Switch to debian:latest Docker image
dec783d build: Fix version script linker support detection
fe21244 include: Use __has_builtin to detect __builtin_offsetof support
ec88b7b funopen: Replace off64_t with off_t in funopen_seek()
2337719 man: Prune unneeded <sys/types.h> include in setproctitle(3)
5dea9da build: Improve C99 compatibility of __progname configure check
b9bf42d build: Enable -Wall for automake
e57c078 build: Add missing AM_PROG_AR macro call to configure.ac
80f1927 build: Fix configure.ac indentation
b7a8bc2 build: Require automake 1.11
e508962 build: Do not require funopen() to be ported
00b538f build: Terminate lists in variables with «# EOL»
5cfa39e build: Use «yes» instead of «true» for AC_CHECK_FUNCS cache value
Signed-off-by: Nick Hainke <vincent@systemli.org>
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
Disable compiling qca8081 PHY driver in favor of upstream to better
support it and add better control of attached LEDs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>