**Hardware specification:**
- SoC: MediaTek MT7981B 2x A53
- Flash: ESMT F50L1G41LB 128MB
- RAM: Nanya NT5CC128M16JR-EK 256MB
- Ethernet: 4 x 10/100/1000 Mbps
- Switch: MediaTek MT7531AE
- WiFi: MediaTek MT7976C
- Button: Reset, Mesh
- Power: DC 12V 1A
- UART: 3.3v, 115200n8
| Layout: |
| :-------- |
| <Antenna> |
| VCC |
| GND |
| Tx |
| Rx |
**Flash instructions:**
1. Rename `openwrt-mediatek-filogic-cetron_ct3003-squashfs-factory.bin` to `factory.bin`.
2. Upload the `factory.bin` using the device's Web interface.
3. Click the upgrade button and wait for the process to finish.
4. Access the OpenWrt interface using the same password.
5. Use the 'Restore' function to reset the firmware to its initial state.
**Notes:**
If you plan to recovery the stock firmware in the future, it's advisable
to connect the device via the serial port and enter failsafe mode to
back up all the MTD partitions before proceeding the steps above.
Signed-off-by: Patricia Lee <patricialee320@gmail.com>
(cherry picked from commit 907e9e0bd3)
Telenor quirks
--------------
The operator specific firmware running on the Telenor branded
ZyXEL EX5700 includes U-Boot modifications affecting the OpenWrt
installation.
Notable changes to U-Boot include
- environment is stored in RAM and reset to defaults when power
cycled
- dual partition scheme with "nomimal" or "rescue" systems, falling
back to "rescue" unless the OS signals success in 3 attempts
- several runtime additions to the device-tree
Some of these modifications have side effects requiring workarounds
- U-Boot modifies /chosen/bootargs in an unsafe manner, and will crash
unless this node exists
- U-Boot verifies that the selected rootfs UBI volume exists, and
refuses to boot if it doesn't. The chosen "rootfs" volume must contain
a squashfs signature even for tftp or initramfs booting.
- U-Boot parses the "factoryparams" UBI volume, setting the "ethaddr"
variable to the label mac. But "factoryparams" does not always
exist. Instead there is a "RIP" volume containing all the factory
data. Copying the "RIP" volume to "factoryparams" will fix this
Hardware
--------
SOC: MediaTek MT7986
RAM: 1GB DDR4
FLASH: 512MB SPI-NAND (Mikron xxx)
WIFI: Mediatek MT7986 802.11ax 5 GHz
Mediatek MT7916 DBDC 802.11ax 2.4 + 6 GHz
ETH: MediaTek MT7531 Switch + SoC
3 x builtin 1G phy (lan1, lan2, lan3)
2 x MaxLinear GPY211C 2.5 N-Base-T phy (lan4, wan)
USB: 1 x USB 3.2 Enhanced SuperSpeed port
UART: 3V3 115200 8N1 (Pinout: GND KEY RX TX VCC)
Installation
------------
1. Download the OpenWrt initramfs image. Copy the image to a TFTP server
reachable at 192.168.1.2/24. Rename the image to C0A80101.img.
2. Connect the TFTP server to lan1, lan2 or lan3. Connect to the serial
console, Interrupt the autoboot process by pressing ESC when prompted.
3. Download and boot the OpenWrt initramfs image.
$ env set uboot_bootcount 0
$ env set firmware nominal
$ tftpboot
$ bootm
4. Wait for OpenWrt to boot. Transfer the sysupgrade image to the device
using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Missing features
----------------
- The "lan1", "lan2" and "lan3" port LEDs are driven by the switch but
OpenWrt does not correctly configure the output.
- The "lan4" and "wan" port LEDs are driven by the GPH211C phys and
not configured by OpenWrt.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 6cc14bf66a)
The 'label' property in led node has been deprecated and we'd better
to avoid using it. This patch allows us to extract DT OF LED name
from the newly introduced LED properties "color", "function" and
"function-enumerator".
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit e814acc599)
The no-map property was incorrectly added, which kept the system-memory
available on the WS-AP3825 limited to 190MB. We are allowed to map the
page containing the CPU1 spin-table, we are just not allowed to write to
it.
Fixes: 57d7382cb1 ("mpc85xx: increase available RAM on Extreme Networks WS-AP3825i")
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d9271aa5b7)
The system-mamory size was page-aligned prior to this commit, only
enabling to use 192MB of system memory of the 256 available.
This was due to the system-memory being manually shrinked to reserve the
upper 1MB for the second-core bootpage in the loader as well as the OS.
Fix this properly in the loader and in Linux using reserved-memory
definitions. This enables the device to use 250MB of system memory.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 57d7382cb1)
1d42292d8063 tplink-safeloader: Add TP-Link Archer A6 V3.20
3338f5389d72 tplink-safeloader: add TL-WPA8635P v3
17ca5eeb1c10 tplink-safeloader: add TL-WPA8631P v4
f730ad2fa0b4 bcmblob: new tool for reading Broadcom's BLOBs
cb1ddac98124 firmware-utils: fix typo in error message when no OpenSSL library found
916633160dc9 bcmclm: new tool for reading Broadcom's CLM data
a2d49fb1e188 tplink-safeloader: add RU support-list entry for Archer C6U v1
bb12cf5c3fa9 tplink-safeloader: Add support for TP-Link Deco M5 The special_id values are the same for EU and Asian models, and they apply to all models: v1, v2, and v3. They are not sorted as they are currently in the same order as extracted from the official firmware image.
9e2de8515be1 tplink-safeloader: add EAP610 v3 and EAP613 v1
a170683c0e11 firmware-utils: fix use of NULL string progname
89875fc18b57 tplink-safeloader: CPE510: add Canadian support
9e211d2980fe mktplinkfw2: add support to extract bootloader images
c18f662f3c74 mktplinkfw2: add support to pack bootloader
3dc133915f87 mktplinkfw2: show exact exceed bytes when the image is to big
d16ff798d58a tplink-safeloader: WPA8631: add v4 AU, US
0fa1cc51013f zytrx: add LTE5398-M904
635466123429 firmware-utils: ptgen: add SiFive GPT partition support
ba5bc4e1ae9d add dlink-sge-image for D-Link devices by SGE
3b114de29cf7 lxlfw: move code opening LXL to helper function
8e149e480391 lxlfw: move code copying data to helper function
16fa89076122 lxlfw: fix struct lxl_hdr attribute
d770cab82e58 lxlfw: support embedding blobs
eaf2ea28dbe6 lxlfw: support extracting image
12bf1a99bd6e lxlfw: support certificate & signature blobs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b117e7244f)
This commit adds support for following wireless routers:
- Rostelecom RT-FL-1 (Serсomm RT-FL-1)
- Rostelecom S1010 (Serсomm S1010.RT)
The devices are almost identical and the only difference is one bit in the
factory image PID (thanks to Maximilian Weinmann <x1@disroot.org>
(@MaxS0niX) for the info and idea to make one PR for two devices at once).
Devices specification
---------------------
SoC: MediaTek MT7620A, MIPS
RAM: 64 MB
Flash: 16 MB SPI NOR
Wireless 2.4: MT7620 (b/g/n, 2x2)
Wireless 5: MT7612EN (a/n/ac, 2x2)
Ethernet: 5xFE (WAN, LAN1-4)
BootLoader: U-Boot
Buttons: 2 (wps, reset)
LEDs: 1 amber and 1 green status GPIO leds
5 green ethernet GPIO leds
1 green GPIO 2.4 GHz WLAN led
1 green PHY 5 GHz WLAN led
1 green unmanaged power led
USB ports: No
Power: 12 VDC, 1 A
Connector: Barrel
OEM easy installation
---------------------
1. Remove all dots from the factory image filename (except the dot
before file extension)
2. Upload and update the firmware via the original web interface
3. Wait until green status led stops blinking (can take several minutes)
4. Login to OpenWrt initramsfs. It's recommended to make a backup of the
mtd partitions at this point.
4. Perform sysupgrade using the following command (or use Luci):
sysupgrade -n sysupgrade.bin
5. Wait until green status les stops blinking (can take several minutes)
6. Mission acomplished
Return to Stock
---------------
Option 1. Restore firmware Slot1 from a backup (firmware2.bin):
cd /tmp
mtd -e Firmware2 write firmware2.bin Firmware2
printf 1 | dd bs=1 seek=$((0x18007)) count=1 of=/dev/mtdblock2
reboot
Option 2. Decrypt, ungzip and split stock firmware image into the parts,
take Slot1 parts (kernel2.bin, rootfs2.bin) and write them:
cd /tmp
mtd -e Kernel2 write kernel2.bin Kernel2
mtd -e RootFS2 write rootfs2.bin RootFS2
printf 1 | dd bs=1 seek=$((0x18007)) count=1 of=/dev/mtdblock2
reboot
More about stock firmware decryption:
Link: https://github.com/Psychotropos/sercomm_fwutils/
Debricking
----------
Use sercomm-recovery tool. You can use "ALL" mtd partition backup as a
recovery image.
Link: https://github.com/danitool/sercomm-recovery
MAC addresses
-------------
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| label | 48:3e:xx:xx:xx:1e | label |
| LAN | 48:3e:xx:xx:xx:1e | label |
| WAN | 48:3e:xx:xx:xx:28 | label+10 |
| WLAN 2g | 48:3e:xx:xx:xx:20 | label+2 |
| WLAN 5g | 48:3e:xx:xx:xx:24 | label+6 |
+---------+-------------------+-----------+
Co-authored-by: Vadzim Vabishchevich <bestmc2009@gmail.com>
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit 1b091311aa)
[fix rt2800_wmac eeprom load]
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
This commit makes a common recipe to set bit in Sercomm factory pid since
this is necessary for several devices (WiFire S1500.nbn, Rostelecom
RT-FL-1) at different offsets.
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit e900c45211)
It's required by bcm53xx. This allows dropping separated oseama package
and avoids some code duplication.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1d9d0ca376)
Some of firmware utils may be required on target devices. It's useful
e.g. for dealing with some firmware formats. That is often required
(supporting specific format) to provide an option to revert to original
firmware.
So far we had packaged "otrx" util only for use on Broadcom targets.
Refactor that to package the whole firmware-utils project so we can
package any single util needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 24d6abe2d7)
Add new function to dump-targer-info.pl to DUMP devices provided a
matching target/subtarget.
Example:
./scripts/dump-targer-info.pl devices ipq806x/generic
will produce the sorted list of devices defined in the following format:
device_id device_name
Devices may have alternative names, the script will dump each
alternative name in the same line of device_id.
Following the pattern:
device_id "PRIMARY DEVICE NAME" "ALT0 DEVICE NAME" "ALT1 DEVICE NAME" ...
Example:
tplink_ad7200 "TP-Link AD7200 v1/v2" "TP-Link Talon AD7200 v1/v2"
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 943c153cdd)
A previous commit supposed to mask out excess host bits in route targets
failed to correctly calculate the mask value, causing it to produce
improper results for certain mask lengths.
Fixes: https://github.com/openwrt/netifd/issues/17
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hardware:
- SoC: Mediatek MT7621 (MT7621AT)
- Flash: 32 MiB SPI-NOR (Macronix MX25L25635E)
- RAM: 128 MiB
- Ethernet: Built-in, 2 x 1GbE
- 3G/4G Modem: MEIG SLM828 (currently only supported with ModemManager)
- SLIC: Si32185 (unsupported)
- Power: 12V via barrel connector
- Wifi 2.4GHz: Mediatek MT7603BE 802.11b/g/b
- Wifi 5GHz: Mediatek MT7613BE 802.11ac/n/a
- LEDs: 8x (7 controllable)
- Buttons: 2x (RESET, WPS)
Installing OpenWrt:
- sysupgrade image is compatible with vendor firmware.
Recovery:
- Connect to any of the Ethernet ports, configure local IP:
10.10.10.3/24 (or 192.168.10.19/24, depending on OEM)
- Provide firmware file named 'mt7621.img' on TFTP server.
- Hold down both, RESET and WPS, then power on the board.
- Watch network traffic using tcpdump or wireshark in realtime to
observe progress of device requesting firmware. Once download has
completed, release both buttons and wait until firmware comes up.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit bc335f2967)
Add configuration to access U-Boot environment on MeiG SLT866.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f8414f1a6f)
In addition to binary and ASCII-formatted MAC addresses, add support
for processing hexadecimal encoded MAC addresses from NVMEM.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7db87d7c68)
Another Qualcomm-based USB-connected modem, offering endpoints
0 : rndis_host (link to voip subsystem listening on 169.254.5.100)
1 : rndis_host (?)
2 : option (?)
3 : option (at)
4 : option (at)
5 : option (?)
6 : GobiNet (qmi)
7 : ?
Add support for this modem in rndis_host, option and qmi_wwan driver
which allows the modem to be used with ModemManager.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f32baf6a65)
Add support for COMFAST CF-EW72 V2
Hardware:
- SoC: Mediatek MT7621 (MT7621DAT or MT7621AT)
- Flash: 16 MiB NOR
- RAM: 128 MiB
- Ethernet: Built-in, 2 x 1GbE
- Power: only 802.3af PD on any port, injector supplied in the box
- PoE passthrough: No
- Wifi 2.4GHz: Mediatek MT7603BE 802.11b/g/b
- Wifi 5GHz: Mediatek MT7613BEN 802.11ac/n/a
- LEDs: 8x (only 1 is both visible and controllable, see below)
- Buttons: 1x (RESET)
Installing OpenWrt:
Flashing is done using Mediatek U-Boot System Recovery Mode
- make wired connection with 2 cables like this:
- - PC (LAN) <-> PoE Injector (LAN)
- - PoE Injector (POE) <-> CF-EW72 V2 (LAN). Leave unconnected to CF-EW72 V2 yet.
- configure 192.168.1.(2-254)/24 static ip address on your PC LAN
- press and keep pressed RESET button on device
- power the device by plugging PoE Injector (POE) <-> CF-EW72 V2 (LAN) cable
- wait for about 10 seconds until wifi led stops blinking and release RESET button
- navigate from your PC to http://192.168.1.1 and upload OpenWrt *-factory.bin firmware file
- proceed until router starts blinking with wifi led again (flashing) and stops (rebooting to OpenWrt)
MAC addresses as verified by OEM firmware:
vendor OpenWrt address
LAN lan\eth0 label
WAN wan label + 1
2g phy0 label + 2
5g phy1 label + 3
The label MAC address was found in 0xe000.
LEDs detailed:
The only both visible and controllable indicator is blue:wlan LED.
It is not bound by default to indicate activity of any wireless interfaces.
Place (WAN->ANT) | Num | GPIO | LED name (LuCI) | Note
-----------------|-----|-----------------------------------------------------------------------------------------
power | 1 | | | POWER LED. Not controlled with GPIO.
hidden_led_2 | 2 | 13 | blue:hidden_led_2 | This LED does not have proper hole in shell.
wan | 3 | | | WAN LED. Not controlled with GPIO.
hidden_led_4 | 4 | 16 | blue:hidden_led_4 | This LED does not have proper hole in shell.
lan | 5 | | | LAN LED. Not controlled with GPIO.
noconn_led_6 | 6 | | | Not controlled with GPIO, possibly not connected
wlan | 7 | 15 | blue:wlan | WLAN LED. Wireless indicator.
noconn_led_8 | 8 | | | Not controlled with GPIO, possibly not connected
mt76-phy0 and mt76-phy1 leds also exist in OpenWrt, but do not exist on board.
Signed-off-by: Alexey D. Filimonov <alexey@filimonic.net>
(cherry picked from commit ff95f859eb)
Add support for ComFast CF-E390AX. It is a 802.11 wifi6 cieling AP, based on MediaTek MT7261AT.
Specifications:
SoC: MediaTek MT7621AT
RAM: 128 MiB
Flash: 16 MiB NOR (Macronix mx25l12805d)
Wireless: MT7915E (2.4G) 802.11ax/b/g/n MT7915E (5G) 802.11ac/ax/n
Ethernet: 2 x 1Gbs
Button: 1 x "Reset" button
LED: 1x Blue LED + 1x Red LED + 1x green LED
Power: PoE
Manufacturer Page:
http://en.comfast.com.cn/index.php?m=content&c=index&a=show&catid=84&id=75
Flash Layout:
0x000000000000-0x000000030000 : "bootloader"
0x000000030000-0x000000040000 : "config"
0x000000050000-0x000000060000 : "factory"
0x000000090000-0x000001000000 : "firmware"
First install:
1. Set device into http firmware fail safe upload mode by pressing the reset button for 10 seconds while powering
it on. Once the LED stops flashing, safe mode will be running.
2. Set PC IP address to 192.168.1.2
3. Browse to 192.168.1.1 and upload the factory image using the web interface.
Signed-off-by: Usama Nassir <usama.nassir@gmail.com>
(cherry picked from commit f24c9b9d86)
With the case of asking an invalid version that is too big, getver.sh
might return an invalid output in the form of HEAD~-2260475641.
This is caused by BASE_REV - GET_REV using a negative number.
Prevent this by checking if BASE_REV - GET_REV actually return 0 or a
positive number and set REV variable accordingly. With the following
change, invalid revision number will result in unknown printed instead
of the invalid HEAD~-NUMBERS output.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 9e49e0a6c4)
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45d72a6da)
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1714087442)
0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 551963662b)
Refresh patches for hostapd using make package/hostapd/refresh.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 05e516b12d)
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.
This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.
Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c9ac57d58)
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b1c7b1bd67)
noscan option for mesh was broken and actually never applied.
This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1b5ea2e199)
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1070fbce6e)
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r-- 1 root root 749 Nov 6 23:14 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 23:14 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6aad5ab099)
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r-- 1 root root 519 Nov 6 22:58 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 22:58 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 929c9a58c9)
Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 531314260d)
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 41d7439af5)
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 64GB eMMC or 128 MB SPI-NAND
RAM: 512MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, Mesh
Power: DC 12V 1A
- UART: 3.3v, 115200n8
--------------------------
| Layout |
| ----------------- |
| 4 | GND TX VCC RX | <= |
| ----------------- |
--------------------------
Gain SSH access:
1. Login into web interface, and download the configuration.
2. Enter fakeroot, decompress the configuration:
tar -zxf cfg_export_config_file.conf
3. Edit 'etc/config/dropbear', set 'enable' to '1'.
4. Edit 'etc/shadow', update (remove) root password:
'root::19523:0:99999:7:::'
5. Repack 'etc' directory:
tar -zcf cfg_export_config_file.conf etc/
* If you find an error about 'etc/wireless/mediatek/DBDC_card0.dat',
just ignore it.
6. Upload new configuration via web interface, now you can SSH to RAX3000M.
Check stroage type:
Check the label on the back of the device:
"CH EC CMIIT ID: xxxx" is eMMC version
"CH CMIIT ID: xxxx" is NAND version
eMMC Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'factory' part.
('data' partition can be ignored, it's useless.)
2. Write new GPT table:
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync
3. Erase and write new BL2:
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync
4. Erase and write new FIP:
dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync
5. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
9. Additionally, if you want to have eMMC recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync
NAND Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'Factory' part.
2. Erase and write new BL2:
mtd erase BL2
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin BL2
3. Erase and write new FIP:
mtd erase FIP
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip FIP
4. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, erase UBI volumes:
ubidetach -p /dev/mtd0
ubiformat -y /dev/mtd0
ubiattach -p /dev/mtd0
8. Create new ubootenv volumes:
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Additionally, if you want to have NAND recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
ubimkvol /dev/ubi0 -n 2 -N recovery -s 20MiB
ubiupdatevol /dev/ubi0_2 openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb
10. Perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 423186d7d8)
[rebased to 23.05]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The OEM U-Boot uses dual boot and signature verification which does not
support by OpenWrt. So add a custom U-Boot build for OpenWrt.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fddd735dd5)
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110
This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk
Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c17cdbc36)