Commit Graph

59172 Commits

Author SHA1 Message Date
Nick Hainke
d83231603c wolfssl: update to 5.6.4
Releae Notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.4-stable

Remove upstreamed patch:
- 001-fix-detection-of-cut-tool-in-configure.ac.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-11-10 19:28:27 +01:00
John Audia
4196a4b5ae kernel: bump 6.1 to 6.1.62
Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.62

All patches automatically rebased.

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-11-10 17:37:12 +01:00
John Audia
573c8c3d78 kernel: bump 5.15 to 5.15.138
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.138

Removed upstreamed:
	generic/backport-5.15/819-v6.6-0018-nvmem-imx-correct-nregs-for-i.MX6SLL.patch[1]
	generic/backport-5.15/819-v6.6-0019-nvmem-imx-correct-nregs-for-i.MX6UL.patch[2]
	generic/backport-5.15/819-v6.6-0020-nvmem-imx-correct-nregs-for-i.MX6ULL.patch[3]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.138&id=6e22bf6f00d593b0a7e0b2f418fde89317424671
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.138&id=6efd498009b987a92f57f3bdae476f0503364fb7
3. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.138&id=6e22bf6f00d593b0a7e0b2f418fde89317424671

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-11-10 17:33:59 +01:00
Felix Fietkau
d45d72a6da netifd: update to the latest version
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-10 15:37:42 +01:00
Christian Marangi
07b5b3978d
ipq-wifi: update to Git HEAD (2023-11-10)
0c2e810e71ed qcn9074: fix prpl Foundation Haze BDF for old mac80211 version

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 13:20:31 +01:00
Christian Marangi
4fdd5530a7
ipq806x: setup DSA port conduit in board.d
Now that netifd and uci-defaults.sh supports a way to setup DSA port
conduit without using iproute2 tool, set DSA port conduit directly in
board.d, that will fill board.d and will instruct netifd to setup the
port.

Drop special init.d qca8k_set_port script and ip-tiny from target dep as
they are not required anymore.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:34 +01:00
Christian Marangi
01d675687c
base-files: add additional uci-defaults function for GRO and conduit
Add additional uci-defaults function for configuring GRO settings and
conduit for network devices.

Tweaking the GRO values might increase performance on some low spec
device that lack some offload feature on gmac.

Tweaking conduit interface is specific to DSA based devices and is
useful for multi-CPU scenario where one CPU is dedicated to one single
port.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:34 +01:00
Christian Marangi
da7ad22931
base-files: generalize ucidef_set_network_device
Generalize ucidef_set_network_device functions to use a more generic
_ucidef_set_network_device_common that takes as args the option and the
value to apply instead of hardcoding.

This is to reduce duplicated code in preparation for addition of
additional option for board.d usage.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:33 +01:00
Christian Marangi
1714087442
netifd: update to Git HEAD (2023-11-09)
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:33 +01:00
Hannu Nyman
f79de8ec65 gdb: Update to 13.2
Update the devel/gdb package to version 13.2

* Remove the upstreamed patch 001-Add-support-for-readline-8.2.patch
* Adjust 130-gdb-ctrl-c.patch to upstream changes

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-11-10 08:39:38 +01:00
Hannu Nyman
a7a94bc4f0 toolchain/gdb: update to 13.2
Update the toolchain gdb to version 13.2.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-11-10 08:39:38 +01:00
Rafał Miłecki
4fb8e68bc4 kernel: provide better control & help for SLUB configuration
Allow selecting KERNEL_SLUB_DEBUG and KERNEL_SLUB_DEBUG_ON manually and
provide detailed help for both.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-09 21:23:01 +01:00
Rafał Miłecki
3b63208443 treewide: disable CONFIG_SLUB_DEBUG in target configs
From the symbol help message:
> SLUB has extensive debug support features. Disabling these can result
> in significant savings in code size.

There seems to be no need to enable those debugging features for
standard use.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-09 21:23:01 +01:00
Isaev Ruslan
3763a6a075
ipq807x: add support for Yuncore AX880
SPECIFICATION:
    - Chipset:  IPQ8072A +QCN5054+QCN5024+QCA8081*2
    - Flash NOR-8MB AND NAND-128MB
    - RAM 1Gb DDR
    - IEEE 802.11:  802.11ax/ac/b/g/n
    - 4*4 2.4G Wi-Fi standard   802.11b/g/n/ax
    - 4*4 5.8G Wi-Fi Standard   802.11 a/n/ac/ax
    - 2x 1 Gbps Ethernet (QCA8081) with 802.3at PoE input support
    - 1x  Reset
    - 1x  Bluetooth(optional)
    - 1x  DC Port 12V 3A
    - 4x Antenna    IPEX Connector, 3dBi omni antennas
    - Data Rate:    3657Mbps ( 2.4G: 1182Mbps (11ax 4x4); 5.8G: 2475Mbps (11ax 4x4))
    - RF Power: 2.4g ≤ 20dBm; 5.8g ≤ 19dBm
    - LED light:    Sys; 5.8G wifi; 2.4G wifi; WAN; LAN
    - Max Power Consumption:    ≤ 22W
    - Size: 198mm * 198mm * 41.02mm

BACKUP YOUR STOCK FIRMWARE:
```
export device=ax880
mkdir -p /tmp/fw_dump_$device
cd /tmp/fw_dump_$device
dmesg > dmesg_$device.log
dtc -I fs /sys/firmware/devicetree/base > $device.dts
cat /proc/device-tree/model > model
cat /proc/mtd > proc_mtd
while read p; do
mtd_dev=$(echo $p | cut -d: -f1)
echo $mtd_dev
dd if=/dev/$mtd_dev of=$mtd_dev
done < proc_mtd
md5sum * > md5sum.log
tar -cvzf ../$device.tar.gz .
export sum=$(md5sum /tmp/$device.tar.gz | cut -d' ' -f1)
mv ../$device.tar.gz /tmp/${device}_${sum}.tar.gz
echo fw backup saved to: /tmp/${device}_${sum}.tar.gz
```
Upload your backup via tftp to the safe place.

INSTALLATION:
1. stock firmware web ui
Rename factory.bin fw image file to factory.ubin. Flash this image
like ordinary stock fw upgrade.

2. stock firmware telnet method
Enter telnet cli (login: root, password: 476t*_f0%g09y) and upload
 factory.bin fw image and rename it to factory.ubin
`cd /tmp && wget <your_web_server_ip>/factory.ubin`
`sysupgrade factory.ubin

3. initramfs method
    Put openwrt-ipq807x-generic-yuncore_ax880-initramfs-uImage.itb to your
    TFTP server and rename it to ax880.initram
    Enable serial console and enter to the u-boot cli.
    Exec these commands:
    `tftpboot <your_tftp_server_ip>:ax880.initram`
    `dhcp`

    When downloading is finished:
    `bootm`
    After booting the device, you need to upload to the device factory.ubi fw image.
    ```
    cd /tmp && wget <your_web_server_ip>/factory.ubi`
    export rootfs=$(cat /proc/mtd | grep rootfs | cut -d: -f1)
    export rootfs_1=$(cat /proc/mtd | grep rootfs_1 | cut -d: -f1)
    ubiformat /dev/${rootfs} -y -f factory.ubi
    ubiformat /dev/${rootfs_1} -y -f factory.ubi
    reboot
    ```

4. u-boot factory.ubi image method
    Put openwrt-ipq807x-generic-yuncore_ax880-squashfs-factory.ubi to your
    TFTP server and rename it to ax880.ubi
    Enter u-boot cli and exec these commands:
    `tftpboot <your_tftp_server_ip>:ax880.ubi`
    `dhcp`
    After downloading is finished:
    `flash rootfs`
    `flash rootfs_1`
    `reset`

5. u-boot factory.bin method
    Put openwrt-ipq807x-generic-yuncore_ax880-squashfs-factory.bin to your
    TFTP server and rename it to ax880.bin
    Enter u-boot cli and exec these commands:
    `tftpboot <your_tftp_server_ip>:ax880.bin`
    `dhcp`
    After downloading is finished:
    `imgaddr=$fileaddr && nand device 0`
    Erase rootfs memory:
    `nand erase 0x00000000 0x03400000`
    Write rootfs:
    `nand write $fileaddr 0x00000000 $filesize`
    Erase rootfs_1 memory:
    `nand erase 0x3c00000 0x3400000`
    Write rootfs_1
    `nand write $fileaddr 0x3c00000 $filesize`
    `reset`

STOCK FIRMWARE RECOVERY:
Boot initramfs image.
Upload your rootfs mtd partition to the device using scp or download
it from the device using wget.
Enter device ssh cli and exec:
```
cd /tmp && wget <your_web_server_ip>/mtd21`
export rootfs=$(cat /proc/mtd | grep rootfs | cut -d: -f1)
export rootfs_1=$(cat /proc/mtd | grep rootfs_1 | cut -d: -f1)
ubiformat /dev/${rootfs} -y -f /tmp/mtd21
ubiformat /dev/${rootfs_1} -y -f /tmp/mtd21
reboot
```

Signed-off-by: Isaev Ruslan <legale.legale@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2023-11-09 16:52:10 +01:00
Christian Marangi
05e516b12d
hostapd: refresh patches
Refresh patches for hostapd using make package/hostapd/refresh.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 16:07:55 +01:00
Christian Marangi
6c9ac57d58
hostapd: permit 40MHz in 802.1s only also for 2.4GHz g/n with noscan
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.

This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.

Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:38 +01:00
Christian Marangi
b1c7b1bd67
hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:37 +01:00
Christian Marangi
1b5ea2e199
hostapd: fix broke noscan option for mesh
noscan option for mesh was broken and actually never applied.

This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:37 +01:00
Christian Marangi
1070fbce6e
mac80211: fix not set noscan option for wpa_supplicant
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:34 +01:00
Robert Marko
eea264fead
kernel: qca-ssdk: update to 12.4
Update SSDK version to 12.4, this fixes weird SFP port link up/downs
while there is no SFP module plugged in.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-09 13:21:55 +01:00
Robert Marko
033c6001c7
qualcommax: backport missing SMEM ID-s for SSDK
SSDK has switched to using the upstream SMEM helper to get the SoC ID and
then look it up in the QCA SMEM ID header, so we need these in order for
SSDK to compile as they are currently undefined.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-09 13:21:52 +01:00
Nick Hainke
a82c9699c4 tools/mkimage: update to 2023.10
Update to latest version.

Remove "100-increase-tmpfile-name-length-limit.patch" because project
is now using limits.h with PATH_MAX [0].

Automatically refreshed:
- 030-allow-to-use-different-magic.patch

[0] - 99d430f344

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-11-09 12:50:04 +01:00
Jo-Philipp Wich
551963662b ucode: update to Git HEAD (2023-11-07)
0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-09 12:40:42 +01:00
Daniel Golle
c63e3c98e8 fstools: bump to git HEAD
3a07943 block: support skipping uuid check
 56a9b4e block: consider currently mounted root device first
 9cd09d4 block: try to find the root device on both / and /rom
 c1a8d95 block: support extroot on already mounted overlay

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-09 11:15:42 +00:00
Daniel Golle
d6a06acaa5 arm-trusted-firmware-mediatek: update to release 2023-10-13
Drop local patches now upstream.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-09 00:34:38 +00:00
Robert Marko
a78c4e0c57
gemini: usb-fotg210: remove uneeded dependency on @USB_SUPPORT
$(call AddDepends/usb) will add the dependency on @USB_SUPPORT so there
is no need to duplicate it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-08 22:01:44 +01:00
Robert Marko
7e87e2f83d
gemini: usb-fotg210: add missing module name to AutoLoad
AutoLoad expects the module name to be present after the load index.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-08 22:01:44 +01:00
Robert Marko
67c6be5d3b
gemini: dont select USB driver as module via config
The FOTG210 USB driver is currently being selected as a module directly via
the target kernel config which should not be done and via kmod as well.

So, lets drop the driver selection in the target kernel module as kmod is
sufficient.

Fixes: 585360f0c0 ("gemini: refresh kernel config")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-08 22:01:44 +01:00
Robert Marko
4695778865
gemini: usb-fotg210: enable OTG support
The usb-fotg210 does not currently select CONFIG_USB_FOTG210_UDC which
enable OTG support, but it was previously selected directly in the target
kernel config so lets enable it to keep the functionality identical.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-08 22:01:43 +01:00
Robert Marko
2bdec11903
gemini: usb-fotg210: fix FOTG210_HCD setting
CONFIG_USB_FOTG210_HCD is a boolean symbol, so it must be set to "y"
instead of the default which is to set it as "m".

Otherwise you will get prompted to set the symbol during kernel building.

Fixes: 585360f0c0 ("gemini: refresh kernel config")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-08 22:01:40 +01:00
Filip Milivojevic
168beef1dd
ramips: Cudy WR1300v2 fix mt7613 calibration data length
Since MT7613 is handled by MT7615 driver, and other devices using MT7615
have reg = <0x8000 0x4da8>; this needs updating or eeprom data fails to load.

Signed-off-by: Filip Milivojevic <zekica@gmail.com>
2023-11-08 17:16:18 +01:00
Felix Fietkau
c2a30b6e01 hostapd: use rtnl to set up interfaces
In wpa_supplicant, set up wlan interfaces before adding them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-08 12:46:29 +01:00
Felix Fietkau
531314260d wifi: fix applying mesh parameters when wpa_supplicant is in use
Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-08 12:46:29 +01:00
Robert Marko
91169898ce
qualcommax: refresh patches
It seems that patches were not refreshed during last kernel bump, so lets
refresh them.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-08 00:11:05 +01:00
Robert Marko
7deb73e6ed
qualcommax: fixup patch numbering
It seems that I forgot one zero in the patch numbering while marking these
as backports, so lets fix it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-08 00:11:03 +01:00
Hauke Mehrtens
6aad5ab099 px5g-wolfssl: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r--    1 root     root           749 Nov  6 23:14 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 23:14 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-07 21:55:55 +01:00
Hauke Mehrtens
929c9a58c9 px5g-mbedtls: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r--    1 root     root           519 Nov  6 22:58 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 22:58 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-07 21:55:55 +01:00
Rafał Miłecki
7a8424827f rockchip: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-07 13:39:40 +01:00
Rafał Miłecki
585360f0c0 gemini: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-07 13:39:40 +01:00
Rafał Miłecki
f784fe88a6 sifiveu: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-07 13:39:40 +01:00
Rafał Miłecki
34dbd02c12 qoriq: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-07 13:39:40 +01:00
Felix Fietkau
41d7439af5 netifd: update to the latest version
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-07 13:36:54 +01:00
Hauke Mehrtens
a15eb1cda0 bpf-headers: Fix download URL with kernel 6.1
This fixes the download of the kernel 5.15 for the bpf-headers when
kernel 6.1 is build for the target.

Even if kernel 6.1 was selected for the target we still use kernel 5.15
for the bpf-headers. The download script tried to download the 5.15
kernel from the 6.x directory on kernel,org and this failed. Define
PKG_SOURCE_URL based on PKG_PATCHVER and not KERNEL_BASE like done in
kernel.mk.

Without this change it tries to download the kernel from this URL:
ttps://cdn.kernel.org/pub/linux/kernel/v6.x/linux-5.15.129.tar.xz

Fixes: #13190
Fixes: #13671
Fixes: #13814
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-06 23:20:14 +01:00
Hauke Mehrtens
3c17cdbc36 mbedtls: Activate secp521r1 curve by default
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110

This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk

Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-06 23:04:00 +01:00
Rafał Miłecki
f6e35efbfe bcm53xx: refresh kernel config for 6.1
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-06 13:25:59 +01:00
Petr Štetiar
c4259a6586
image: fix image generation within ImageBuilder
Changes introduced in commit d604a07225 ("build: add CycloneDX SBOM
JSON support") broke ImageBuilder:

  Cannot open '/openwrt-imagebuilder-ath79-generic.Linux-x86_64/tmp/.packageinfo': No such file or directory

So lets fix it by wrapping the BOM generation behind condition of IB
feature check.

Fixes: #13881
Fixes: d604a07225 ("build: add CycloneDX SBOM JSON support")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-06 08:59:03 +00:00
David Bauer
ae500e62e2 mediatek: add label-mac for GL.iNet GL-MT3000
The MAC-address of gmac0 matches the one printed on the bottom label.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-11-03 23:06:33 +01:00
Łukasz M
5a603c7a31 mediatek: mt7981: improve fan behaviour
This doubles the number of cooling-levels.
In addition the fan is turned on with a low speed at lower temperatures
and with a higher speed at higher temperatures.
This also attempts to reduce the likelihood of constant start-stop actions.

The change only affects the GL.iNet MT3000 and has been tested with it.

Signed-off-by: Łukasz M <lukasz1992m@gmail.com>
2023-11-03 23:06:07 +01:00
Lech Perczak
0c47bdb902 ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.

Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
  in the top row, 2nd column from the right.
Label MAC address: eth0

FCC ID: TVE-220102

Serial port pinout:
3 - TxD
4 - GND
6 - RxD

Installation: The same methods apply as for already supported FAP-221-B.

For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.

(a) Using factory image:

1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
   Enter them appropriately.
   The defaults are:
   Server IP: 192.168.1.1 # Update accordingly
   Device IP: 192.168.1.2 # Update accordingly
   Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
   verification passes, press "D" to continue installation. The device
   will reboot on completion.

(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:

   > setenv serverip 192.168.1.1 # Your PC IP
   > setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
   > tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
   > bootm 81000000

10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
    partitions, to allow restoring factory firmware in future:

    # cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
    # cat /dev/mtd2 > /tmp/mtd2_loader.bin
    # cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin

    and then SCP them over to safety at your PC.

11. When the device boots, copy over the sysupgrade image, and execute
    normal upgrade:

    # sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin

Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:

   # mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
   # mtd write /tmp/mtd2_loader.bin loader
   # mtd write /tmp/mtd3_fwconcat1.bin fwconcat1

4. Erase the reserved partition:

   # mtd erase reserved

5. Reboot the device

Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
  to very slow serial console, which prints a lot during boot compared
  to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
  stored in U-boot partition, because it expects the colons as delimiters,
  which this address lacks. Addresses found in ART partition are used
  instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
  while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
  contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
  with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
  evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
  breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
  The same is true for serial console, both drop straight to the Busybox
  shell.
- The web interface drops to the login page again, after successfull
  login.
- Whole image authentication boils down to comparing a device ID against
  one stored in U-boot.
- And this device is apparently made by a security company.

Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-11-03 23:06:07 +01:00
Lech Perczak
6c12c88d2e ath79: image: extract common part for Fortinet FAP series
In preparation for FAP-220-B support, extract the common part of image
recipe for FAP-221-B.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-11-03 23:06:07 +01:00