Allow for single (external-data) FIT image to hold kernel, dtb and
squashfs. In that way, the bootloader verifies the system integrity
including the rootfs, because what's the point of checking that the
hash of the kernel is correct if it won't boot in case of squashfs
being corrupted? Better allow bootloader to check everything needed
to make it at least up to failsafe mode. As a positive side effect
this change also makes the sysupgrade process on nand potentially
much easier as it is now.
In short: mkimage has a parameter '-E' which allows generating FIT
images with 'external' data rather than embedding the data into the
device-tree blob itself. In this way, the FIT structure itself remains
small and can be parsed easily (rather than having to page around
megabytes of image content). This patch makes use of that and adds
support for adding sub-images of type 'filesystem' which are used to
store the squashfs. Now U-Boot can verify the whole OS and the new
partition parsers added in the Linux kernel can detect the filesystem
sub-images, create partitions for them, and select the active rootfs
volume based on the configuration in FIT (passing configuration via
device tree could be implemented easily at a later stage).
This new FIT partition parser works for NOR flash (on top of mtdblock),
NAND flash (on top of ubiblock) as well as classic block devices
(ie. eMMC, SDcard, SATA, NVME, ...).
It could even be used to mount such FIT images via `losetup -P` on a
user PC if this patch gets included in Linux upstream one day ;)
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Marvell mv88e6xxx switch series cannot perform MAC learning from
CPU-injected (FROM_CPU) DSA frames, which results in 2 issues.
- excessive flooding, due to the fact that DSA treats those addresses
as unknown
- the risk of stale routes, which can lead to temporary packet loss
Backport those patch series from netdev mailing list, which solve these
issues by adding and clearing static entries to the switch's FDB.
Add a hack patch to set default VID to 1 in port_fdb_{add,del}. Otherwise
the static entries will be added to the switch's private FDB if VLAN
filtering disabled, which will not work.
The switch may generate an "ATU violation" warning when a client moves
from the CPU port to a switch port because the static ATU entry added by
DSA core still points to the CPU port. DSA core will then clear the static
entry so it is not fatal. Disable the warning so it will not confuse users.
Link: https://lore.kernel.org/netdev/20210106095136.224739-1-olteanv@gmail.com/
Link: https://lore.kernel.org/netdev/20210116012515.3152-1-tobias@waldekranz.com/
Ref: https://gitlab.nic.cz/turris/turris-build/-/issues/165
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
Add symbol to generic config (this was added between 5.4 and 5.10),
and remove it from the targets where it was added by kernel_oldconfig
in the meantime.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This will make the specific kconfig smaller.
Reviewed-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[improved commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Broadcom CFE bootloader relies on a tag for identifying the current firmware,
such as version, image start address, kernel address and size, rootfs size,
board id, signatures, etc.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This was done by executing this script:
find . -name "config-*" > ../configs.txt
for config in $(cat ../configs.txt); do
./scripts/kconfig.pl '+' $config /dev/null > $config-new
mv $config-new $config
done
rm ../configs.txt
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
This patch allows devices without a high resolution timer to boot up faster.
It should speed up boots for bcm2708 and bcm63xx.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Ran update_kernel.sh in a fresh clone without any existing toolchains.
No manual changes needed.
Build system: x86_64
Build-tested: bcm27xx/bcm2711
Signed-off-by: John Audia <graysky@archlinux.us>
When recursively deleting partitions, don't acquire the masters
partition lock twice. Otherwise the process endy up in a deadlocked
state.
Signed-off-by: David Bauer <mail@david-bauer.net>
This patch has been added to 5.4, but not been copied to 5.10:
7495acb555 ("kernel: backport mtd commit converting partitions doc syntax")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This applies another patch from 5.4 to 5.10 as well:
de09355f74 ("kernel/hack-5.4: make UDP tunneling user-selectable")
UDP tunneling support isn't user-selectable, but it's required by WireGuard
which is, for the time being, an out-of-tree module. We currently work around
this issue by selecting an unrelated module which depends on UDP tunnelling
(VXLAN). This is inconvenient, as it implies this unrelated module needs to be
built-in when doing a monolithic build.
Fix this inconvenience by making UDP tunneling user-selectable in the kernel
configuration.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
File extension was truncated for
pending-5.4/770-11-net-ethernet-mtk_eth_soc-avoid-rearming-interrupt-if.pa
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reapply changes added to 5.4 but not copied to 5.10:
3da4acaa7b ("kernel: fix busy wait loop in mediatek PPE code")
The intention is for the loop to timeout if the body does not succeed.
The current logic calls time_is_before_jiffies(timeout) which is false
until after the timeout, so the loop body never executes.
time_is_after_jiffies(timeout) will return true until timeout is less
than jiffies, which is the intended behavior here.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Kernel has changed the of_get_phy_mode API in commit 0c65b2b90d13
("net: of_get_phy_mode: Change API to solve int/unit warnings").
This is already included in kernel 5.5, so fix the version switch
(though this will not actually matter for the versions we support).
Similar driver adjustments to account for the API change will
probably be necessary to various other local drivers.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds quirks support to the "ofpart" parser. It's required to
support fixed partitions that require some extra logic.
Right now only BCM4908 binding is supported (BCM4908 requires detecting
currently used "firmware" partition).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The intention is for the loop to timeout if the body does not succeed.
The current logic calls time_is_before_jiffies(timeout) which is false
until after the timeout, so the loop body never executes.
time_is_after_jiffies(timeout) will return true until timeout is less
than jiffies, which is the intended behavior here.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Enable support for the Ubiquiti UniFi Outdoor+ RF filter via
device-tree. The old way of using platform data is not required anymore,
as it was only used on the now removed ar71xx target.
Signed-off-by: David Bauer <mail@david-bauer.net>
The "edimax,uimage"" parser can be replaced by the generic
parser using device specific openwrt,partition-magic and
openwrt,offset properties.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Some devices prepend a standard U-Boot Image with a vendor specific
header, having its own magic. Adding two new properties will support
validation of such images, including the additional magic.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
The "netgear,uimage" parser can be replaced by the generic
parser using device specific openwrt,ih-magic and
openwrt,ih-type properties.
Device tree properties for the following devices have not
been set, as they have been dropped from OpenWrt with the
removal of the ar71xx target:
FW_MAGIC_WNR2000V1 0x32303031
FW_MAGIC_WNR2000V4 0x32303034
FW_MAGIC_WNR1000V2_VC 0x31303030
FW_MAGIC_WPN824N 0x31313030
Tested-by: Sander Vanheule <sander@svanheule.net> # WNDR3700v2
Tested-by: Stijn Segers <foss@volatilesystems.org> # WNDR3700v1
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Convert users to the generic "openwrt,uimage" using device specific
"openwrt,ih-magic" properties, and remove "allnet,uimage".
Signed-off-by: Bjørn Mork <bjorn@mork.no>
The only difference between the "openwrt,okli" and the generic
parser is the magic. Set this in device tree for all affected
devices and remove the "openwrt,okli" parser.
Tested-by: Michael Pratt <mcpratt@protonmail.com> # EAP300 v2, ENS202EXT and ENH202
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Convert users of the "fonfxc" and "sge" parsers to the generic
"openwrt,uimage", using device specific "openwrt,padding" properties.
Tested-by: Stijn Segers <foss@volatilesystems.org> [DIR-878 A1]
Signed-off-by: Bjørn Mork <bjorn@mork.no>
It's required for BCM4908. It cannot use "bcm-wfi-fw" parser because
that one requires *two* JFFS2 partitions which is untested / unsupported
on the BCM4908 architecture. With a single JFFS2 partition "bcm-wfi-fw"
parser will:
1. Fail to find "vmlinux.lz" as it doesn't follow "1-openwrt" file
2. Create partitions that don't precisely match bootfs layout
The new parser is described in details in the MTD_SPLIT_CFE_BOOTFS
symbol help message.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
1. It's useful for developing & validating DTS files inside OpenWrt
2. This will allow backporting later changes that depend on it
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
The heartbeat trigger is used by luci-mod-system, which is installed
as a part of the standard luci package set. It seems the LED trigger
will be required quite often, so let's enable it by default.
This increases uncompressed kernel size by about 100 bytes on ath79/generic.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.
Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
This allows libnetfilter_queue to access connection tracking information
by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
provided in the NFQA_CT attribute.
CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
nf_queue and nf_conntrack_netlink. Without this option, trying to access
connection tracking information results in "Operation not supported".
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
Enable the ability to use segment routing based on IPv6. It allows the
packet to specify a path that the packet should take through the
network.
Lwtunnel allow an easy encapsulation of a package. You can just install
ip-full package and use it:
ip -6 route add 2003::/64 dev eth0 encap seg6 mode encap \
segs 2001::1,2002::2
An IPv6 package looks like this:
[IPv6 HDR][IPv6 RH][IPv6 HDR][Data...]
Netifd support:
https://git.openwrt.org/?p=project/netifd.git;
a=commit;h=458b1a7e9473c150a40cae5d8be174f4bb03bd39
Increases imagesize by 24.125 KiB. Therefore, only enable for devices
with enough flash.
Signed-off-by: Nick Hainke <vincent@systemli.org>
UDP tunneling support isn't user-selectable, but it's required by WireGuard
which is, for the time being, an out-of-tree module. We currently work around
this issue by selecting an unrelated module which depends on UDP tunnelling
(VXLAN). This is inconvenient, as it implies this unrelated module needs to be
built-in when doing a monolithic build.
Fix this inconvenience by making UDP tunneling user-selectable in the kernel
configuration.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>