By default nand_do_upgrade() can only deal with raw and gzipped firmware
files. Vendors often use custom firmware containers. Allow passing
custom extraction command to allow using nand_do_upgrade() with vendor
firmwares.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hardware specification:
SoC: MediaTek MT7986A 4x A53
Flash: ESMT F50L1G41LB 128MB
RAM: MT40A512M16TB-062ER 1GB
Ethernet: 2x 2.5G, 4x 1G Lan
WiFi1: MT7976GN 2.4GHz 4T4R
WiFi2: MT7976AN 5.2GHz 4T4R
WiFi3: MT7915AN 5.8GHz 4T4R
Button: Reset, WPS, Turbo
USB: 1 x USB 3.0
Power: DC 12V 5A
Flash instructions:
1. Execute the following operation to open nc shell:
https://openwrt.org/inbox/toh/tp-link/xdr-6086#rooting
2. Replace the stock bootloader to OpenWrt's:
dd bs=131072 conv=sync of=/dev/mtdblock9 if=/tmp/xxx-preloader.bin
dd bs=131072 conv=sync of=/dev/mtdblock9 seek=28 if=/tmp/xxx-bl31-uboot.fip
3. Connect to your PC via the Gigabit port of the router,
set a static ip on the ethernet interface of your PC.
4. Download the initramfs image, and restart the router,
waiting for tftp recovery to complete.
5. After openwrt boots up, perform sysupgrade.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/15930
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Same as TP-Link TL-XDR608x, this router comes with locked vendor
loader. Add U-Boot build for replacement loader for this device.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/15930
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ubiquiti has a set of UniFi 802.11ax (Wi-Fi 6) AP devices. All models
include "U6" in their names and also have code names with no special
characters (including spaces).
Examples:
1. U6 Lite (codename U6-Lite)
2. U6 Long-Range (codename U6-LR)
3. U6+ (codename U6-PLUS)
4. U6 Pro (codename U6-Pro)
5. U6 Mesh (codename U6-Mesh)
6. U6 Mesh Pro (codename U6-Mesh-Pro)
7. U6 Enterprise (codename U6-Enterprise)
Use proper full names for those devices. Names in OpenWrt/DTS code may
need updating too but it can be handled later.
Cc: Elbert Mai <code@elbertmai.com>
Cc: Daniel Golle <daniel@makrotopia.org>
Cc: Henrik Riomar <henrik.riomar@gmail.com>
Cc: David Bauer <mail@david-bauer.net>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Radxa ROCK Pi S is a small in size, full in features SBC[1] using the
Rockchip RK3308B SoC.
Hardware
--------
- Rockchip RK3308B SoC
- Quad A35 CPU
- 256/512MB DDR3 RAM
- Optional 4/8GB eMMC
- Micro SD Card slot
- Optional WiFi 4 and BT 4 (not supported yet)
- 1x 100M Ethernet with PoE support (additional PoE HAT required)
- 1x USB 2.0 Type-A port (Host)
- 1x USB 2.0 Type-C port (OTG)
- 2x 26 Pin GPIO header
[1] https://radxa.com/products/rockpi/pis
Installation
------------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.
Signed-off-by: FUKAUMI Naoki <naoki@radxa.com>
Link: https://github.com/openwrt/openwrt/pull/15933
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is required by the DSL CPE API driver.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This firmware is used by the vrx518 tc driver.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This firmware is used by the vrx518 ep driver.
Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
[update for new license]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15550
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Keenetic KN-3510 is a 2.4/5 Ghz band 11ax access point
Specification:
- System-On-Chip: MT7621AT
- CPU/Speed: 880 MHz
- Flash-Chip: Macronix MX30LF1G28AD-TI
- Flash size: 128 MiB
- RAM: 256 MiB
- 2x 10/100/1000 Mbps Ethernet
- PoE, 802.3af/at
- 4x internal antennas
- UART (J1) header on PCB (115200 8n1)
- WiFi: MT7915 2x2 2.4G 573.5Mbps + 2x2 5G 1201Mbps
- 2x LED, 2x button, 1x mode switch
Notes:
- The device supports dual boot mode
- The firmware partitions were concatinated into one
Flash instruction:
The only way to flash OpenWrt image is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24 and tftp server.
2. Rename "openwrt-ramips-mt7621-keenetic_kn-3510-squashfs-factory.bin"
to "KN-3510_recovery.bin" and place it in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed until power led start blinking.
4. Router will download file from server, write it to flash and reboot
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15744
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add the package for the Pixart PAC7302 USB Camera Driver kernel module.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15886
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This device is exactly the same as WL-WN531G3 but with different partition layout and different MAC layout. Labeled as Quantum D4G Rev.: A2.
Hardware
--------
SoC: Mediatek MT7620A
RAM: 64MB
FLASH: 8MB NOR (GigaDevice GD25Q64CS)
ETH:
- 2x 10/100/1000 Mbps Ethernet (RTL8211F)
- 3x 10/100 Mbps Ethernet (integrated in SOC)
WIFI:
- 2.4GHz: 1x (integrated in SOC) (2x2:2)
- 5GHz: 1x MT7612E (2x2:2)
- 4 external antennas
BTN:
- 1x Reset button
- 1x Touchlink button
- 1x Turbo button
- 1x Wps button
- 1x ON/OFF switch
LEDS:
- 1x Red led (system status)
- 1x Blue led (system status)
- 5x Blue leds (ethernet ports)
- 1x Power led
- 1x Wifi led
UART:
- 57600-8-N-1
Everything works correctly.
Installation
------------
Flash the initramfs image in the OEM firmware interface
When Openwrt boots, flash the sysupgrade image otherwise you won't be
able to keep configuration between reboots.
Notes
-----
1) Router mac addresses:
LAN XX:XX:XX:XX:XX:0F (factory @ 0x28)
WAN XX:XX:XX:XX:XX:10 (factory @ 0x2e)
WIFI 2G XX:XX:XX:XX:XX:11 (factory @ 0x04)
WIFI 5G XX:XX:XX:XX:XX:12 (factory @ 0x8004)
LABEL XX:XX:XX:XX:XX:11
Signed-off-by: Eros Brigmann <erosbrigmann@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15876
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In make menuconfig the name is [Amplifi Router HD], and
is missing Ubiquiti. Lets fix that by adding
DEVICE_VENDOR := Ubiquiti to generic-ubnt.mk so the name is:
[Ubiquiti Amplifi Router HD].
Signed-off-by: Kristian Skramstad <kristian+github@83.no>
Link: https://github.com/openwrt/openwrt/pull/15932
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If we're being paranoid and quote all the arguments to ipcalc.sh,
it's possible to pass in empty start and range arguments. This
should be handled the same as their being absent.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/15946
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Huawei AP6010DN is a dual-band, dual-radio 802.11a/b/g/n 2x2 MIMO
enterprise access point with one Gigabit Ethernet port and PoE
support.
Hardware highlights:
- CPU: AR9344 SoC at 480MHz
- RAM: 128MB DDR2
- Flash: 32MB SPI-NOR
- Wi-Fi 2.4GHz: AR9344-internal radio
- Wi-Fi 5GHz: AR9580 PCIe WLAN SoC
- Ethernet: 10/100/1000 Mbps Ethernet through Atheros AR8035 PHY
- PoE: yes
- Standalone 12V/2A power input
- Serial console externally available through RJ45 port
- External watchdog: CAT706SVI (1.6s timeout)
Serial console:
9600n8 (9600 baud, no stop bits, no parity, 8 data bits)
MAC addresses:
Each device has 32 consecutive MAC addresses allocated by
the vendor, which don't overlap between devices.
This was confirmed with multiple devices with consecutive
serial numbers.
The MAC address range starts with the address on the label.
To be able to distinguish between the interfaces,
the following MAC address scheme is used:
- eth0 = label MAC
- radio0 (Wi-Fi 2.4GHz) = label MAC + 1
- radio1 (Wi-Fi 5GHz) = label MAC + 2
Installation:
0. Connect some sort of RJ45-to-USB adapter to "Console" port of the AP
1. Power up the AP
2. At prompt "Press f or F to stop Auto-Boot in 3 seconds",
do what they say.
Log in with default admin password "admin@huawei.com".
3. Boot the OpenWrt initramfs from TFTP using the hidden script "run ramboot".
Replace IP address as needed:
> setenv serverip 192.168.1.10
> setenv ipaddr 192.168.1.1
> setenv rambootfile openwrt-ath79-generic-huawei_ap6010dn-initramfs-kernel.bin
> saveenv
> run ramboot
4. Optional but recommended as the factory firmware cannot be downloaded publicly:
Back up contents of "firmware" partition using the web interface or ssh:
$ ssh root@192.168.1.1 cat /dev/mtd11 > huawei_ap6010dn_fw_backup.bin
5. Run sysupgrade using sysupgrade image. OpenWrt
shall boot from flash afterwards.
Return to factory firmware (using firmware upgrade package downloaded from non-public Huawei website):
1. Start a TFTP server in the directory where
the firmware upgrade package is located
2. Boot to u-boot as described above
3. Install firmware upgrade package and format the config partitions:
> update system FatAP6X10XN_SOMEVERSION.bin
> format_fs
Return to factory firmware (from previously created backup):
1. Copy over the firmware partition backup to /tmp,
for example using scp
2. Use sysupgrade with force to restore the backup:
sysupgrade -F huawei_ap6010dn_fw_backup.bin
3. Boot AP to U-Boot as described above
Quirks and known issues:
- The stock firmware has a semi dual boot concept where the primary
kernel uses a squashfs as root partition and the secondary kernel uses
an initramfs. This dual boot concept is circumvented on purpose to gain
more flash space and since the stock firmware's flash layout isn't
compatible with mtdsplit.
- The external watchdog's timeout of 1.6s is very hard to satisfy
during bootup. This is why the GPIO15 pin connected to the watchdog input
is configured directly in the LZMA loader to output the AHB_CLK/2 signal
which keeps the watchdog happy until the wdt-gpio kernel driver takes
over. Because it would also take too long to read the whole kernel image
from flash, the uImage header only includes the loader which then reads
the kernel image from flash after GPIO15 is configured.
Signed-off-by: Marco von Rosenberg <marcovr@selfnet.de>
Link: https://github.com/openwrt/openwrt/pull/15941
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, Mesh
Power: DC 12V 1A
Gain telnet access:
1. Login into web interface, and download the configuration.
2. Decode and uncompress the configuration:
* Enter fakeroot if you are not login as root.
base64 -d e-xxxxxxxxxxxx-cfg.tar.gz | tar -zx
3. Edit 'etc/passwd', remove root password: 'root::1:0:99999:7:::'.
4. Edit 'etc/rc.local', insert telnetd command before 'exit 0':
( sleep 3s; /usr/sbin/telnetd; ) &
5. Repack the configuration:
tar -zc etc/ | base64 > e-xxxxxxxxxxxx-cfg.tar.gz
6. Upload new configuration via web interface, now you can connect to
ASR3000 via telnet.
Flash instructions:
1. Connect to ASR3000, backup everything, especially 'Factory' part.
2. Write new BL2:
mtd write openwrt-mediatek-filogic-abt_asr3000-preloader.bin BL2
3. Write new FIP:
mtd write openwrt-mediatek-filogic-abt_asr3000-bl31-uboot.fip FIP
4. Set static IP on your PC:
IP 192.168.1.254/24, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/15887
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Remove kmod-switch-rtl8366-smi from the package list, as it is still loaded
because kmod-switch-rtl8367b depends on it
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/15757
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit fixes all errors reported by the checkpatch script. This
should make it easier to accept upstream this patch.
There should be no functional changes.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/15939
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch fixes two issues in the driver detach:
* double free of the same descriptor (upstream bug, backported in 66177c081f),
* releasing tx descriptor instead of rx (downstream bug).
The driver is compiled into the kernel that is why the error
is not visible in normal use.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Link: https://github.com/openwrt/openwrt/pull/15939
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch cleans up the following warnings during build:
"warning: format not a string literal"
```
conf.c: In function 'conf_askvalue':
conf.c:89:17: warning: format not a string literal and no format arguments [-Wformat-security]
89 | printf(_("(NEW) "));
| ^~~~~~
conf.c: In function 'conf_choice':
conf.c:285:33: warning: format not a string literal and no format arguments [-Wformat-security]
285 | printf(_(" (NEW)"));
| ^~~~~~
conf.c: In function 'check_conf':
conf.c:440:41: warning: format not a string literal and no format arguments [-Wformat-security]
440 | printf(_("*\n* Restart config...\n*\n"));
| ^~~~~~
conf.c: In function 'main':
conf.c:617:41: warning: format not a string literal and no format arguments [-Wformat-security]
617 | _("\n*** The configuration requires explicit update.\n\n"));
| ^
conf.c:669:25: warning: format not a string literal and no format arguments [-Wformat-security]
669 | fprintf(stderr, _("\n*** Error during writing of the configuration.\n\n"));
| ^~~~~~~
conf.c:673:25: warning: format not a string literal and no format arguments [-Wformat-security]
673 | fprintf(stderr, _("\n*** Error during update of the configuration.\n\n"));
| ^~~~~~~
conf.c:684:25: warning: format not a string literal and no format arguments [-Wformat-security]
684 | fprintf(stderr, _("\n*** Error during writing of the configuration.\n\n"));
| ^~~~~~~
```
And POSIX Yacc warnings
```
lex -ozconf.lex.c -L zconf.l
yacc -ozconf.tab.c -t -l zconf.y
zconf.y:34.1-7: warning: POSIX Yacc does not support %expect [-Wyacc]
34 | %expect 32
| ^~~~~~~
zconf.y:97.1-11: warning: POSIX Yacc does not support %destructor [-Wyacc]
97 | %destructor {
| ^~~~~~~~~~~
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o zconf.tab.o zconf.tab.c
gcc conf.o zconf.tab.o -o conf
```
After:
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o conf.o conf.c
yacc -Wno-yacc -ozconf.tab.c -t -l zconf.y
gcc -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -DKBUILD_NO_NLS -c -o zconf.tab.o zconf.tab.c
gcc conf.o zconf.tab.o -o conf
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15953
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
NAND code uses either "cat" or "zcat" for getting firmware image
content. Code was full of duplicated ${gz}cat calls. Use "cmd" variable
that is determined by a caller and passed to lower level functions. This
avoids code duplication and allows adding support for more formats.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Switch to new nvmem binding.
Also fixes a issue that the MAC address assigned to lan/wan was
reversed on eMMC boards.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The config options that are enabled by default and where other default
packages depends on should not only be set if there is no .config file,
but also if the .config exists but the config option (e.g.
CONFIG_SECCOMP) is missing in the file.
This is relevant, for example, if you are working with .config templates
and then want to complete the configuration using make defconfig.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The fix in commit 847fad476f ("target.mk: improve handling of default
enabled SECCOMP") unfortunately does not work for targets where the ARCH
variable is set in ./$(SUBTARGET)/target.mk.
To get this working, the ./$(SUBTARGET)/target.mk must be included
before the check.
Fixes: 847fad476f ("target.mk: improve handling of default enabled SECCOMP")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Also use env variables exported by export_fitblk_rootdev() in
platform_copy_config().
Fixes: 4448d6325f ("mediatek: make use of common uImage.FIT upgrade functions")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The function was moved to /lib/upgrade/fit.sh which is part of the fitblk
package. Remove it from /lib/upgrade/common.sh to safe space on boards
not using unified uImage.FIT images.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use export_fitblk_bootdev() in /lib/upgrade/fit.sh instead of now
deprecated fitblk_get_bootdev() function. Include /lib/upgrade/fit.sh
instead of /lib/upgrade/common.sh to allow removing the function there.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move shell functions used for sysupgrade into /lib/upgrade/fit.sh.
Introduce improved fitblk boot device detection function which
works also in case ubiblock devices have not yet been created or
even UBI itself not yet being attached.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The target was marked source-only due do the broken Ethernet port on
some devices. With that fixed, it can be enabled again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
The new cpsw-switch driver reserves VLAN 1 for internal use, which
conflicts with the default network configuration of OpenWrt.
Switch back to the older cpsw driver to make the network connection on
the affected devices (BeagleBone Black and AM335x EVM) usable again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Initramfs images are not supported by imagebuilder. With recent changes
to support Per Device Rootfs, we now generate an image and a vmlinux for
each Rootfs and these additional files are all shipped in the
imagebuilder tar.
Drop these new file and any vmlinux-initramfs as they are not used and
increase the final size of the imagebuilder archive.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The eMMC chip used in a small batch of these devices has issues operating
in HS400 mode. Reducing to HS200 mode works around the problem and does
not cause any noticeable performance penalties as smaller chips are not fast
enough to saturate the bus. Root cause analysis is pending.
Signed-off-by: Chad Monroe <chad@monroe.io>