firmware-utils: mkfwimage: add support for Ubiquiti XC devices
This commit adds support for Ubiquiti devices based on the XC board
type, such as the PowerBeam 5AC 500. The factory binary structure is
the same as the WA type.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Installation
------------
The “factory” openwrt image can be flashed directly from OEM stock
firmware. After the flash the router will reboot automatically.
However, due to the dual boot system, the first installation could fail
(if you want to know why, read the footnotes).
If the flash succeed and you can reach OpenWrt through the web
interface or ssh, you are done.
Otherwise the router will try to boot 3 times and then will
automatically boot the OEM firmware (don’t turn off the router.
Simply wait and try to reach the router through the web interface
every now and then, it will take few minutes).
After this, you should be back in the OEM firmware.
Now you have to flash the OEM Firmware over itself using the OEM web
interface (I tested it using the FW_EA7500v2_2.0.8.194281_prod.img
downloaded from the Linksys website).
When the router reboots flash the “factory” OpenWrt image and this
time it should work.
After the OpenWrt installation you have to use the sysupgrade image
for future updates.
Restore OEM Firmware
--------------------
After the OpenWrt flash, the OEM firmware is still stored in the
second partition thanks to the dual boot system.
You can switch from OpenWrt to OEM firmware and vice-versa failing
the boot 3 times in a row:
1) power on the router
2) wait 15 seconds
3) power off the router
4) repeat steps 1-2-3 twice more.
5) power on the router and you should be in the “other” firmware
If you want to completely remove OpenWrt from your router, switch to
the OEM firmware and then flash OEM firmware from the web interface
as a normal update.
This procedure will overwrite the OpenWrt partition.
Footnotes
---------
The Linksys EA7500-v2 has a dual boot system to avoid bricks.
This system works using 2 pair of partitions:
1) "kernel" and "rootfs"
2) "alt_kernel" and "alt_rootfs".
After 3 failed boot attempts, the bootloader tries to boot the other
pair of partitions and so on.
This system is managed by the bootloader, which writes a bootcount in
the s_env partition, and if successfully booted, the system add a
"zero-bootcount" after the previous value.
A system update performed from OEM firmware, writes the firmware on the
other pair of partitions and sets the bootloader to boot the new pair
of partitions editing the “boot_part” variable in the bootloader vars.
Effectively it's a quick and safe system to switch the selected boot
partition.
Another way to switch the boot partition is:
1) power on the router
2) wait 15 seconds
3) power off the router
4) repeat steps 1-2-3 twice more.
5) power on the router and you should be in the “other” firmware
In this OpenWrt port, this dual boot system is partially working
because the bootloader sets the right rootfs partition in the cmdline
but unfortunately OpenWrt for ramips platform overwrites the cmdline
so is not possible to detect the right rootfs partition.
Because all of this, I preferred to simply use the first pair of
partitions and set read-only the other pair.
However this solution is not optimal because is not possible to know
without opening the case which is the current booted partition.
Let’s take for example a router booting the OEM firmware from the first
pair of partitions. If we flash the OpenWrt image, it will be written
on the second pair. In this situation the router will bootloop 3 times
and then will automatically come back to the first pair of partitions
containg the OEM firmware.
In this situation, to flash OpenWrt correctly is necessary to switch
the booting partition, flashing again the OEM firmware over itself.
At this point the OEM firmware is on both pair of partitions but the
current booted pair is the second one.
Now, flashing the OpenWrt factory image will write the firmware on
the first pair and then will boot correctly.
If this limitation in the ramips platform about the cmdline will be
fixed, the dual boot system can also be implemented in OpenWrt with
almost no effort.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> Co-Developed-by: Jackson Lim <jackcolentern@gmail.com> Signed-off-by: Jackson Lim <jackcolentern@gmail.com>
MAC addresses in factory partition:
0x0004: LAN, WiFi 2.4GHz (label_mac-6)
0x0028: not used (label_mac-1)
0x002e: WAN (label_mac)
0x8004: WiFi 5GHz (label_mac+2)
Installation via web interface:
1. Flash **initramfs** image through the stock web interface.
2. Boot into OpenWrt and perform sysupgrade with sysupgrade image.
Revert to stock firmware:
1. Perform sysupgrade with stock image.
Reviewed-by: Pawel Dembicki <paweldembicki@gmail.com> Signed-off-by: Sungbo Eo <mans0n@gorani.run>
1. Download the ASUS Firmware Restoration Tool but don't open it yet
2. Unplug your computer from the router
3. Put the router into Rescue Mode by: turning the power off, using a pin
to press and hold the reset button, then turning the router back on while
keeping the reset button pressed for ~5 secs until the power LED starts
flashing slowly (which indicates the router has entered Rescue Mode)
4. Important (if you don't do this next step the Asus Firmware
Restoration Tool will wrongly assume that the router is not in Rescue Mode
and will refuse to flash it): go to the Windows Control Panel and
temporarily disable ALL other network adapters except the one you will use
to connect your computer to the router
5. For the single adapter you left enabled, temporarily give it the
static IP 192.168.1.10 and the subnet mask 255.255.255.0
6. Connect a LAN cable between your computer (make sure to use the
Ethernet port of the adapter you've just set up) and port 1 of the router
(not the router's WAN port)
7. Rename sysupgrade.bin to factory.trx
8. Open the Asus Firmware Restoration Tool, locate factory.trx and click
upload (if Windows shows a compatibility prompt, confirm that the tool worked fine)
9. Flashing and reboot is finished when the power LED stops blinking and
stays on
MAC assignment based on vendor firmware:
2g 0x4 label
5g 0x8004 label +4
lan 0x22 label +4
wan 0x28 label
Signed-off-by: Zhijun You <hujy652@gmail.com>
[rebased due to DTSI patch, minor commit message adjustments, fix
label MAC address (lan->wan), do spi frequency increase separately] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
lantiq: drop outdated kernel version switches from patches-5.4
This drops some ancient kernel version switches from patches on
lantiq target. The patch only adjusts the latest kernel 5.4, as
doing it a second time for an older kernel seems a waste of time
for a cosmetic change.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
bcm27xx: drop outdated kernel version switches from patches-5.4
This drops some ancient kernel version switches from patches on
bcm27xx target. The patch only adjusts the latest kernel 5.4, as
doing it a second time for an older kernel seems a waste of time
for a cosmetic change.
Refresh remaining target patches.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
kernel: drop outdated kernel version switches for local code
This drops kernel version switches for versions not supported by
OpenWrt master at the moment. This only adjusts local code, but
doesn't touch patches to existing external packages.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Daniel Golle [Sat, 16 May 2020 21:23:41 +0000 (23:23 +0200)]
hostapd: backport wolfssl bignum fixes
crypto_bignum_rand() use needless time-consuming filtering
which resulted in SAE no longer connecting within time limits.
Import fixes from hostap upstream to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Thibaut VARÈNE [Sat, 16 May 2020 15:12:06 +0000 (17:12 +0200)]
generic: platform/mikrotik: fix LZOR support
31e99fe3da which introduced this code was unfortunately untested.
This commit fixes a number of issues and works around the fact that in
this particular scheme, the LZO payload may be padded at the end which
will trigger a harmless lzo decompression error.
This commit also disambiguates the debug printks.
Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> Fixes: 31e99fe3da ("generic: platform/mikrotik: support LZOR encoding")
Thanks Sebastian Ortwein for adding 7360SL.
The dts file is derived from avm_fritz7360sl.dts.
Firmware can be flashed with this method:
1.) Set your client IP to 192.168.178.2
2.) Power on your your Fritzbox and connect to 192.168.178.1
via ftp in the first 5 seconds.
3.) login with adam2/adam2
4.) type into the ftp prompt:
passive
binary
debug 1
quote MEDIA FLSH // (not FLASH)
put openwrt-lantiq-xrx200-avm_fritz7360v2-squashfs-sysupgrade.bin mtd1
// using the correct location for the squashfs-sysupgrade-firmware.bin
5.) wait till red light flashing turns off.
6.) type: exit
Run tested with kernel 4.19 and 5.4 on Fritzbox 7360 V2.
Issue:
Ethernet speed is slow, (iperf between a Xiaomi mir3g
and this router results in <80Mbits throughput
with a wired cable when using the gbit ports.)
Daniel Golle [Mon, 13 Apr 2020 02:19:01 +0000 (03:19 +0100)]
procd: jail: fix segfault and add console feature
2e73848 jail: SIGSEGV must not be forwarded to the child process 7e150f6 jail: unnamed jails can not have netns (fix segfault) 1ab539b jail: add option to provide /dev/console to containers
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In file included from ./arch/mips/include/asm/io.h:34,
from ./arch/mips/include/asm/mmiowb.h:5,
from ./include/linux/spinlock.h:60,
from ./include/linux/irq.h:14,
from drivers/irqchip/irq-bcm6345-ext.c:10:
drivers/irqchip/irq-bcm6345-ext.c: In function 'bcm6345_ext_intc_of_init':
./arch/mips/include/asm/mach-bcm63xx/ioremap.h:48:9: warning: 'base' may be used uninitialized in this function [-Wmaybe-uninitialized]
return is_bcm63xx_internal_registers((unsigned long)addr);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/irqchip/irq-bcm6345-ext.c:255:16: note: 'base' was declared here
void __iomem *base;
^~~~
drivers/irqchip/irq-bcm6345-periph.c: In function 'bcm6345_periph_irq_handle':
drivers/irqchip/irq-bcm6345-periph.c:55:21: warning: 'block' may be used uninitialized in this function [-Wmaybe-uninitialized]
struct intc_block *block;
^~~~~
drivers/mtd/parsers/redboot.c: In function 'parse_redboot_partitions':
drivers/mtd/parsers/redboot.c:194:59: warning: suggest parentheses around '-' in operand of '&' [-Wparentheses]
fis_origin = (buf[i].flash_base & (master->size << 1) - 1);
~~~~~~~~~~~~~~~~~~~~^~~
Hans Dedecker [Wed, 13 May 2020 19:52:47 +0000 (21:52 +0200)]
glibc: update to latest 2.31 commit
1094741224 aarch64: Accept PLT calls to __getauxval within libc.so a98b8b221c NEWS: Mention fixes for BZ 25810/25896/25902/25966 4c833bbebe x86-64: Use RDX_LP on __x86_shared_non_temporal_threshold [BZ #25966] 3b9ceb3320 NEWS: Mention bug 25639 fixed in 2.31 branch bb44fe7711 oc_FR locale: Fix spelling of April (bug 25639) f2ac792047 oc_FR locale: Fix spelling of Thursday (bug 25639) 18fdba553d Add a C wrapper for prctl [BZ #25896] 7c9e054afd powerpc: Rename argN to _argN in LOADARGS_N [BZ #25902] 9c5ae39a64 Add C wrappers for process_vm_readv/process_vm_writev [BZ #25810] 63c3696a4a Mark unsigned long arguments with U in more syscalls [BZ #25810]
Robert Marko [Tue, 12 May 2020 20:18:33 +0000 (22:18 +0200)]
libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592
Addresses CVE-2020-12762
Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit removes the target-specific diag.sh script. This way, the
generic one is used for the target, which uses DT-aliases to specify the
LEDs used.
Though generic diag.sh allows to use different LEDs to indicate different
states, this patch just moves the old assignment and does not try to
"improve" the assignment by using additional colors.
However, individual proposals to do so are welcome.
For the few cases where status_led2 was used in old diag.sh, only the
primary LED was migrated.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Thibaut VARÈNE [Fri, 8 May 2020 11:39:10 +0000 (13:39 +0200)]
ar71xx: mikrotik: bypass id check in __rb_get_wlan_data()
The id parameter in __rb_get_wlan_data() was incorrectly used on the
assumption that id "0" would always be tied to ath9k with RLE encoding
and positive id (in fact, only id "1" was valid) would always be tied to
("external") ath10k with LZO encoding.
Newer hardware revisions of supported devices prove this assumption to
be invalid, with ath9k caldata being now wrapped in MAGIC_ERD and LZO
compressed, so disable this check to allow newer hardware to correctly
decode caldata for ath9k. Since ath10k caldata is no longer pulled from
this implementation, this commit also disables the publication in sysfs
to avoid wasting memory.
Note: this patch assumes that ath9k caldata is never stored with the new
"LZOR" encoding scheme found on some ath10k devices.
Daniel Golle [Tue, 12 May 2020 09:48:50 +0000 (10:48 +0100)]
fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
at fstools-2020-05-06-eec16e2f/block.c:1193
1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) {
Fixes: c3a43753b9 ("fstools: update to the latest version") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The USB port on the device is (in contrast to other Aruba boards) real
USB. The AP uses a CP2101 USB TTY converter on the board.
Console baudrate is 9600 8n1.
To enable a full list of commands in the U-Boot "help" command, execute
the literal "diag" command.
Installation
------------
1. Get the OpenWrt initramfs image. Rename it to ipq40xx.ari and put it
into the TFTP server root directory. Configure the TFTP server to
be reachable at 192.168.1.75/24. Connect the machine running the TFTP
server to the ethernet port of the access point.
2. Connect to the serial console. Interrupt autobooting by pressing
Enter when prompted.
3. Configure the bootargs and bootcmd for OpenWrt.
$ setenv bootargs_openwrt "setenv bootargs console=ttyMSM1,9600n8"
$ setenv nandboot_openwrt "run bootargs_openwrt; ubi part aos1;
ubi read 0x85000000 kernel; bootm 0x85000000"
$ setenv ramboot_openwrt "run bootargs_openwrt;
setenv ipaddr 192.168.1.105; setenv serverip 192.168.1.75;
netget; set fdt_high 0x87000000; bootm"
$ setenv bootcmd "run nandboot_openwrt"
$ saveenv
4. Load OpenWrt into RAM:
$ run ramboot_openwrt
5. After OpenWrt booted, transfer the OpenWrt sysupgrade image to the
/tmp folder on the device.
6. Flash OpenWrt:
Make sure you use the mtd partition with the label "ubi" here!
Hotplug scripts are sourced so the #!/bin/sh is superfluous/deceptive.
Re-arrange script to only source 'procd' if we get to the stage of
needing to signal the process, reduce hotplug processing load a little.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
mac80211: distance config: allow "auto" as a value
The user can now enable the ACK timeout estimation algorithm (dynack)
for drivers that support it.
It is also expected that the distance config accepts the same values as:
$ iw phyX set distance XXX
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
Sungbo Eo [Thu, 7 May 2020 14:34:22 +0000 (23:34 +0900)]
ramips: dts: fix incorrect flash reg property
Most work was done in commit 021c8936584d ("ramips: fix size-cells on spi
nodes"), but a few more DTS files using the old reg style have been added
since then. This commit fixes them.
Sungbo Eo [Thu, 7 May 2020 14:15:27 +0000 (23:15 +0900)]
ramips: dts: use generic node name for flash
In DTS Checklist[1] we're now demanding proper generic node names, as
the name of a node should reflect the function of the device and use
generic name for that[2]. Everybody seems to be copy&pasting from DTS
files available in the repository today, so let's unify that naming
there as well and provide proper examples.
While at it, remove unused m25p80 label.
Tested on rt5350 (for spi-nor) and rt3662 (for cfi-flash).
mvebu: uDPU: switch default kernel and U-Boot PHY mode
Certain SFP modules (most notably Nokia GPON ones) first check
connectivity on 1000base-x, and switch to 2500base-x afterwards. This
is considered a quirk so the phylink switches the interface to
2500base-x as well.
However, after power-cycling the uDPU device, network interface/SFP module
will not work correctly until the module is re-seated. This patch
resolves this issue by forcing the interface to be brought up in
2500base-x mode by default.
Signed-off-by: Jakov Petrina <jakov.petrina@sartura.hr> Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr> Cc: Luka Perkov <luka.perkov@sartura.hr>
Lech Perczak [Thu, 7 May 2020 22:41:36 +0000 (00:41 +0200)]
ath79: dts: add missing 'serial0' alias for TP-Link TL-MR3040v2
Out of all devices currently supported based on AR9331 chipset,
this one had the 'serial0' alias missing. Add it to fix setting of
/dev/console and login shell on the onboard UART.
Sungbo Eo [Fri, 8 May 2020 16:21:06 +0000 (01:21 +0900)]
ramips: tidy up image subtarget Makefiles
- use tab indent in image build recipes for consistency
- harmonize line wrapping
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[use different line wrapping for one recipe] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
ramips/mt7621: mikrotik: don't use mtd-mac-address in DTS
As evidenced here[1] the device MAC address can be stored at a random
offset in the hard_config partition. Rely on sysfs to update the MAC
address correctly.
Adjust config so that WAN is base MAC and LAN is base MAC +1 to better
match label and vendor OS.
This commit takes advantages of base-files 220 which introduces routines
to perform caldata loading directly via the kernel sysfs loader helper.
This has the benefits of not wasting flash space to store caldata.
Memory footprint is reduced to the bare minimum: for devices that don't
need MAC patching, the caldata is loaded directly, for devices that do
need MAC patching, the caldata is extracted to /tmp, patched and then
loaded.
Rationale:
1/ This tool is no longer necessary following the implementation of a
sysfs driver
2/ The upstream author, Robert Marko, stated[1] that this tool had been
taken from his tree in an unfinished state not suitable for merging
As evidenced here[1] the device MAC address can be stored at a random
offset in the hard_config partition. Rely on sysfs to update the MAC
address correctly.
To match sticker and vendor OS behavior, WAN MAC is set to the device
base MAC and LAN MAC is incremented from that.
Note: this will trigger a harmless kernel message during boot:
ag71xx 19000000.eth: invalid MAC address, using random address
There is no clean workaround to prevent this message from being emitted.
Thibaut VARÈNE [Fri, 27 Mar 2020 13:33:48 +0000 (14:33 +0100)]
generic: platform/mikrotik: support LZOR encoding
Some newer MikroTik RouterBOARD devices use a new encoding scheme
for their WLAN calibration data. This patch provides support for
decoding this new scheme.
Thibaut VARÈNE [Sun, 22 Mar 2020 20:46:42 +0000 (21:46 +0100)]
generic: routerboot sysfs platform driver
This driver exposes the data encoded in the "hard_config" flash segment
of MikroTik RouterBOARDs devices. It presents the data in a sysfs folder
named "hard_config". The WLAN calibration data is available on demand via
the 'wlan_data' sysfs file in that folder.
This driver permanently allocates a chunk of RAM as large as the
"hard_config" MTD partition (typically 4KB), although it is technically
possible to operate entirely from the MTD device without using a local
buffer (except when requesting WLAN calibration data), at the cost of a
performance penalty.
This driver does not reuse any of the existing code previously found in
routerboot.c.
This driver has been successfully tested on BE (ath79) and LE (ipq40xx
and ramips) hardware.
Tested-by: Roger Pueyo Centelles <roger.pueyo@guifi.net> Tested-by: Baptiste Jonglez <git@bitsofnetworks.org> Tested-by: Tobias Schramm <t.schramm@manjaro.org> Tested-by: Christopher Hill <ch6574@gmail.com> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Thibaut VARÈNE [Fri, 20 Mar 2020 21:38:51 +0000 (22:38 +0100)]
generic: routerbootpart MTD parser for RouterBoot
This driver provides an OF MTD parser to properly assign the RouterBoot
partitions on the flash. This parser builds from the "fixed-partitions"
one (see ofpart.c), but it can handle dynamic partitions as found on
routerboot devices.
The parent node must contain the following:
compatible = "mikrotik,routerboot-partitions";
#address-cells = <1>;
#size-cells = <1>;
Children routerbootpart DTS nodes are defined as follows:
For fixed partitions
node-name@unit-address {
reg = <prop-encoded-array>;
label = <string>;
read-only;
lock;
};
size property is mandatory unless the next partition is a fixed one or
a "well-known" one (matched from the strings defined below) in which case
it can be omitted or set to 0; other properties are optional.
By default dynamic partitions are appended after the preceding one, except
for "well-known" ones which are automatically located on flash.
Well-known partitions (matched via label or node-name):
- "hard_config"
- "soft_config"
- "dtb_config"
This parser requires the DTS to list partitions in ascending order as
expected on the MTD device.
This parser has been successfully tested on BE (ath79) and LE (ipq40xx
and ramips) hardware.
Tested-by: Baptiste Jonglez <git@bitsofnetworks.org> Tested-by: Roger Pueyo Centelles <roger.pueyo@guifi.net> Tested-by: Tobias Schramm <t.schramm@manjaro.org> Tested-by: Christopher Hill <ch6574@gmail.com> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
I have reproduced on ramips as well as mvebu in the past.
Samba 4 is an alternative available in the packages repo.
cifsd is a lightweight alternative available in the packages repo. It is
also a faster alternative to both Samba versions (lower CPU usage). It
was renamed to ksmbd.
To summarize, here are the alternatives:
- ksmbd + luci-app-cifsd
- samba4 + luci-app-samba4
Yangbo Lu [Sat, 14 Mar 2020 06:32:39 +0000 (14:32 +0800)]
layerscape: define only one package for ls-dpl
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-dpl with only one package
installing all 4 files as intermediate files.
Yangbo Lu [Sat, 14 Mar 2020 06:25:33 +0000 (14:25 +0800)]
layerscape: define only one package for ls-mc
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-mc with only one package
installing all two images as intermediate files.
Yangbo Lu [Sat, 14 Mar 2020 06:11:12 +0000 (14:11 +0800)]
layerscape: define only one package for fman-ucode
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain fman-ucode with only one package
installing all two binaries as intermediate files.
Yangbo Lu [Wed, 1 Apr 2020 08:47:41 +0000 (16:47 +0800)]
layerscape: define only one package for ls-rcw
We do not have to define package for each board, and
consider variant's building/installing.
It is easier to maintain ls-rcw with only one package
installing all boards RCW binaries as intermediate
files, each of which is just about hundreds of bytes.
projects / thirdparty / openwrt.git / log
