Some regression were reported with the backported upstream version. Old
kernel require an additional flush in some case and this was handled in
the old downstream patch.
Reintroduce the flush to fix the regression and refresh affected patch.
The ATS SFP GT-T quirk patch was backported to stable kernel 6.6 but
was not notice while bumping the kernel version as they listed the quirk
at the bottom of the SFP quirk table while our hack patch put it at the
top.
With migrating to the upstream version, the duplication was made more
apparent.
Drop the double entry for the SFP module as it's already there and not
needed and refresh patches.
Chukun Pan [Tue, 4 Mar 2025 15:18:38 +0000 (23:18 +0800)]
kernel: add missing submenu for diag modules
The submenu of two diag modules is missing, fix it.
Fixes: 65de1e0 ("kernel: add missing symbols for lxc") Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn> Link: https://github.com/openwrt/openwrt/pull/18480 Signed-off-by: Robert Marko <robimarko@gmail.com>
generic: replace ARM gc sections patch with upstream version
Replace ARM gc sections patch with upstream version. It seems this
feature is finally supported upstream with some minor difference.
In theory the upstream version should cut even more stuff, this really
needs to be evaluated if it's OK also to handle regression with the
kernel 6.12 update.
Rudy Andram [Thu, 27 Mar 2025 10:55:59 +0000 (10:55 +0000)]
dnsmasq: bump release to 2.91
updated 200-ubus_dns.patch
all remaining patches not required
Changelog for version 2.91 - https://thekelleys.org.uk/dnsmasq/CHANGELOG
version 2.91
Fix spurious "resource limit exceeded messages". Thanks to
Dominik Derigs for the bug report.
Fix out-of-bounds heap read in order_qsort().
We only need to order two server records on the ->serial field.
Literal address records are smaller and don't have
this field and don't need to be ordered on it.
To actually provoke this bug seems to need the same server-literal
to be repeated twice, e.g., --address=/a/1.1.1.1 --address-/a/1.1.1.1
which is clearly rare in the wild, but if it did exist it could
provoke a SIGSEGV. Thanks to Daniel Rhea for fuzzing this one.
Fix buffer overflow when configured lease-change script name
is too long.
Thanks to Daniel Rhea for finding this one.
Improve behaviour in the face of non-responsive upstream TCP DNS
servers. Without shorter timeouts, clients are blocked for too long
and fail with their own timeouts.
Set --fast-dns-retries by default when doing DNSSEC. A single
downstream query can trigger many upstream queries. On an
unreliable network, there may not be enough downstream retries
to ensure that all these queries complete.
Improve behaviour in the face of truncated answers to queries
for DNSSEC records. Getting these answers by TCP doesn't now
involve a faked truncated answer to the downstream client to
force it to move to TCP. This improves performance and robustness
in the face of broken clients which can't fall back to TCP.
No longer remove data from truncated upstream answers. If an
upstream replies with a truncated answer, but the answer has some
RRs included, return those RRs, rather than returning and
empty answer.
Fix handling of EDNS0 UDP packet sizes.
When talking upstream we always add a pseudo header, and set the
UDP packet size to --edns-packet-max. Answering queries from
downstream, we get the answer (either from upstream or local
data) If local data won't fit the advertised size (or 512 if
there's not an EDNS0 header) return truncated. If upstream
returns truncated, do likewise. If upstream is OK, but the
answer is too big for downstream, truncate the answer.
Modify the behaviour of --synth-domain for IPv6.
When deriving a domain name from an IPv6 address, an address
such as 1234:: would become 1234--.example.com, which is
not legal in IDNA2008. Stop using the :: compression method,
so 1234:: becomes
1234-0000-0000-0000-0000-0000-0000-0000.example.com
Fix broken dhcp-relay on *BSD. Thanks to Harold for finding
this problem.
Add --dhcp-option-pxe config. This acts almost exactly like
--dhcp-option except that the defined option is only sent when
replying to PXE clients. More importantly, these options are sent
in reply PXE clients when dnsmasq in acting in PXE proxy mode. In
PXE proxy mode, the set of options sent is defined by the PXE standard
and the normal set of options is not sent. This config allows arbitrary
options in PXE-proxy replies. A typical use-case is to send option
175 to iPXE. Thanks to Jason Berry for finding the requirement for
this.
Support PXE proxy-DHCP and DHCP-relay at the same time.
When using PXE proxy-DHCP, dnsmasq supplies PXE information to
the client, which also talks to another "normal" DHCP server
for address allocation and similar. The normal DHCP server may
be on the local network, but it may also be remote, and accessed via
a DHCP relay. This change allows dnsmasq to act as both a
PXE proxy-DHCP server AND a DHCP relay for the same network.
Fix erroneous "DNSSEC validated" state with non-DNSSEC
upstream servers. Thanks to Dominik Derigs for the bug report.
Handle queries with EDNS client subnet fields better. If dnsmasq
is configured to add an EDNS client subnet to a query, it is careful
to suppress use of the cache, since a cached answer may not be valid
for a query with a different client subnet. Extend this behaviour
to queries which arrive a dnsmasq already carrying an EDNS client
subnet.
Handle DS queries to auth zones. When dnsmasq is configured to
act as an authoritative server and has an authoritative zone
configured, and receives a query for that zone _as_forwarder_
it answers the query directly rather than forwarding it. This
doesn't affect the answer, but it saves dnsmasq forwarding the
query to the recursor upstream, which then bounces it back to dnsmasq
in auth mode. The exception should be when the query is for the root
of zone, for a DS RR. The answer to that has to come from the parent,
via the recursor, and will typically be a proof-of-non-existence
since dnsmasq doesn't support signed zones. This patch suppresses
local answers and forces forwarding to the upstream recursor for such
queries. It stops breakage when a DNSSEC validating client makes
queries to dnsmasq acting as forwarder for a zone for which it is
authoritative.
Implement "DNS-0x20 encoding", for extra protection against
reply-spoof attacks. Since DNS queries are case-insensitive,
it's possible to randomly flip the case of letters in a query
and still get the correct answer back.
This adds an extra dimension for a cache-poisoning attacker
to guess when sending replies in-the-blind since it's expected
that the legitimate answer will have the same pattern of upper
and lower case as the query, so any replies which don't can be
ignored as malicious. The amount of extra entropy clearly depends
on the number of a-z and A-Z characters in the query, and this
implementation puts a hard limit of 32 bits to make resource
allocation easy. This about doubles entropy over the standard
random ID and random port combination. This technique can interact
badly with rare broken DNS servers which don't preserve the case
of the query in their reply. The first time a reply is returned
which matches the query in all respects except case, a warning
will be logged. In this release, 0x020-encoding is default-off
and must be explicitly enabled with --do-0x20-encoding. In future
releases it may default on. You can avoid a future release
changing the behaviour of an installation with --no-x20-encode.
Fix a long-standing problem when two queries which are identical
in every repect _except_ case, get combined by dnsmasq. If
dnsmasq gets eg, two queries for example.com and Example.com
in quick succession it will get the answer for example.com from
upstream and send that answer to both requestors. This means that
the query for Example.com will get an answer for example.com, and
in the modern DNS, that answer may not be accepted.
* Update Mozilla certificate authority bundle to version 2.70.
The following certificate authorities were added (+):
+ Telekom Security TLS ECC Root 2020
+ Telekom Security TLS RSA Root 2023
+ FIRMAPROFESIONAL CA ROOT-A WEB
+ TWCA CYBER Root CA
+ SecureSign Root CA12
+ SecureSign Root CA14
+ SecureSign Root CA15
The following certificate authorities were removed (-):
- Security Communication Root CA (closes: #1063093)
ath79: fix initramfs execution for NEC Aterm devices
Fix execution of initramfs image on NEC Aterm devices by increasing
available memory for lzma extraction of lzma-loader.
The size of initramfs image of v24.10.0 exceeds available memory
(LZMA_TEXT_START - LOADADDR) and loader data running at LZMA_TEXT_START
will be overwritten by extracted data. As a result, LZMA extraction will
be broken and stuck (or unexpectedly reset).
Fix that issue by setting higher LZMA_TEXT_START address to increase
available memory for LZMA extraction by lzma-loader.
Zoltan HERPAI [Mon, 24 Feb 2025 12:18:01 +0000 (12:18 +0000)]
include: move generic riscv64 ISA to rv64gc
The current CFLAGS (rv64imafdc) for the riscv64 targets do not contain
the full generic compute extension (g), as that also includes the
zicsr and zifencei extensions/instructions. Rename the default ISA to
'generic' to add distinction to the current binaries (although it's very
minimal), and use rv64gc for CFLAGS.
This is also a prep step for the upcoming gcv (vector-extension supporting)
targets like the Spacemit K1, and the thead-cores like the TH1520.
Robert Marko [Fri, 11 Apr 2025 22:07:16 +0000 (00:07 +0200)]
layerscape: armv7: drop skipped packages
Now that all packages that relied on the skip mechanism are selected
via BUILD_DEVICES or by defaulting for the subtarget drop them from
individual DEVICE_PACKAGES so that Image Builder works again for armv7.
Robert Marko [Fri, 11 Apr 2025 22:06:02 +0000 (00:06 +0200)]
ls-rcw: select by default for layerscape/armv7
Currently, ls-rcw package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in: 377b66990b97 ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~ls-rcw' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the ls-rcw package in DEVICE_PACKAGES lets select it when
layerscape/armv7 target is selected.
Robert Marko [Fri, 11 Apr 2025 19:06:18 +0000 (21:06 +0200)]
layerscape: armv8_64b: drop skipped packages
Now that all packages that relied on the skip mechanism are selected
via BUILD_DEVICES or by defaulting for the subtarget drop them from
individual DEVICE_PACKAGES so that Image Builder works again for armv8_64b.
Robert Marko [Fri, 11 Apr 2025 21:33:57 +0000 (23:33 +0200)]
ls-ddr-phy: select by default for layerscape/armv8_64b
Currently, ls-ddr-phy package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in: 377b66990b97 ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~ls-ddr-phy' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the ls-ddr-phy package in DEVICE_PACKAGES lets select it when
layerscape/armv8_64b target is selected.
Robert Marko [Fri, 11 Apr 2025 21:33:24 +0000 (23:33 +0200)]
ls-dpl: select by default for layerscape/armv8_64b
Currently, ls-dpl package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in: 377b66990b97 ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~ls-dpl' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the ls-dpl package in DEVICE_PACKAGES lets select it when
layerscape/armv8_64b target is selected.
Robert Marko [Fri, 11 Apr 2025 21:32:41 +0000 (23:32 +0200)]
ls-mc: select by default for layerscape/armv8_64b
Currently, ls-mc package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in: 377b66990b97 ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~ls-mc' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the ls-mc package in DEVICE_PACKAGES lets select it when
layerscape/armv8_64b target is selected.
Robert Marko [Fri, 11 Apr 2025 21:18:30 +0000 (23:18 +0200)]
fman-ucode: select by default for layerscape/armv8_64b
Currently, fman-ucode package is being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in: 377b66990b97 ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~fman-ucode' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the fman-ucode package in DEVICE_PACKAGES lets select it when
layerscape/armv8_64b target is selected.
Robert Marko [Fri, 11 Apr 2025 20:57:27 +0000 (22:57 +0200)]
tfa-layerscape: set BUILD_DEVICES
Currently, tfa-layerscape packages are being included in the individual
profile DEVICE_PACKAGES but using the feature that allows skipping their
inclusion in the end image package list if prefixed with a tilde(~) which
was added in: 377b66990b97 ("build: introduce support to declare skip package")
But it not added to Image Builder so currently trying to build layerscape
device images in Image Builder will fail with:
ERROR: '~trusted-firmware-a-ls1012a-frdm' is not a valid world dependency, format is name(@tag)([<>~=]version)
So, instead of having to rely on support for skipping package installation
and declaring the individual TFA packages in DEVICE_PACKAGES we can just
do what other targets do and set BUILD_DEVICES so that TFA packages are
automatically set.
Robert Marko [Fri, 11 Apr 2025 22:32:23 +0000 (00:32 +0200)]
bcm63xx-cfe: install into image staging dir
Currently, bcm63xx-cfe is being installed into kernel build dir, however
that does not work for Image Builder as only certain artifacts from kernel
build dir are included in Image Builder.
So, simply install bcm63xx-cfe into image staging dir so its artifacts can
be used in Image Builder as well.
Schneider Azima [Mon, 10 Mar 2025 01:42:51 +0000 (18:42 -0700)]
mediatek: add support for Mercusys MR80X v3
This commit adds support for Mercusys MR80X(EU) v3 router.
Device specification:
- SoC: Mediatek MT7981b, Cortex-A53, 64-bit
- RAM: 512MB
- Flash: SPI NAND GigaDevice GD5F1GQ5UEYIGY (128 MB)
- Ethernet: 4x 100/1000 Mbps LAN1,LAN2,LAN3 & WAN
- Wireless: 2.4GHz (802.11 b/g/n/ax)
- Wireless: 5GHz (802.11 a/n/ac/ax)
- LEDs: 1 orange and 1 green status LEDs, 4 green gpio-controlled LEDs
on ethernet ports
- Buttons: 1 (Reset)
- Bootloader: Main U-Boot - U-Boot 2022.01-rc4. Additionally, both UBI
slots contain "seconduboot" (also U-Boot 2022.01-rc4)
Installation (UART):
- Place OpenWrt initramfs-kernel image on tftp server with IP 192.168.1.2
- Attach UART, switch on the router and interrupt the boot process by
pressing 'Ctrl-C'.
- Set the uboot environment for startup.
setenv tp_boot_idx 0; setenv bootcmd bootm 0x46000000; saveenv
If the bootarg is set to boot from ubi1, also change it to ubi0.
- Load and run OpenWrt initramfs image.
setenv serverip 192.168.1.2; setenv ipaddr 192.168.1.1; tftpboot initramfs-kernel.bin; bootm
- Browse IP 192.168.1.1, upload the 'sysupgrade' image and do upgrade.
Recovery:
- Press Reset button and power on the router.
- Navigate to U-Boot recovery web server (http://192.168.1.1/) and
upload the OEM firmware.
wifi-scripts: add hotplug handler for slow-to-initialize ath12k radios
Some ath12k radios can take long time to initialize and register a
phy. This can cause netifd to fail to detect them during initial scan.
To address this issue, a hotplug script has been added to retry
configuration once they have registered their phy.
Paul Donald [Wed, 26 Mar 2025 17:43:45 +0000 (18:43 +0100)]
lldpd: enable hardware inventory information (TLV) management
lldpd can send several hardware inventory TLV fields. Extend the init
script to provide these when the existing flag 'lldpmed_no_inventory' is
disabled. Five new methods provide default values for some of them,
taken from /etc/os-release and /etc/board.json.
There is no homogeneous method to determine the hardware serial number,
so it can be provided manually, as can asset ID.
Note: properties >= 32 characters are truncated at send time (by lldpd),
and some (Cisco) equipment displays junk after strings >= 32 characters.
So truncate to 31.
Tested on: 24.10.0 (known compatible with 22 and 23 also)
generic: fix kernel warning no previous prototype for ...
It seems new kernel version introduced -Wmissing-prototypes. This new
warning reported drivers that define non static function that are used
statically in the driver.
Fix this by declaring making those function actually static if not
defined in any header and not used outside of the single driver.
It seems new kernel linux version reorganized the header include and now
of.h needs to be explicitly included. This should have been done from
when the driver was introduced.
Add the missing of.h header to fix compilation error in later kernel
version.
Yang Xiwen [Thu, 10 Apr 2025 11:09:42 +0000 (19:09 +0800)]
qualcommax: eap623od-hd-v1: fix phy node and LED config
The reason phy fails to probe without explicitly overrided phy id is
that the reset timing fails to match. Fix it with proper `reset-delay-us` and
`reset-post-delay-us`.
While at it, change LED settings to match EAP610-Outdoor.
Serial Interface:
TP10 - 3.3V can be used for level shifter, if needed
TP9 - TX
TP8 - RX
TP11 - GND
Interface properties: 115200, 8N1
Access to console using serial port for OEM firmware:
Username: admin
Password: 1234
Flashing via TFTP (no disassembling or soldering required):
1. Connect your PC and router to port LAN
2. Configure PC interface using static IP 192.168.1.225, mask
255.255.255.0
3. Place OpenWRT firmware image (*-squashfs-tftp-recovery.bin) to TFTP
root folder and renamed it to tp_recovery.bin
4. Unplug power from router
5. Press and hold Reset/WPS button
6. Power up the router
7. Wait until TFTP started uploading image (~10 seconds after power up)
and release Reset/WPS button
8. Wait until image uploaded, i.e. until LAN LED start lighting
9. Enable DHCP address on PC interface and wait for assigning address
10. Use ssh (root@192.168.1.1) to configure router properties
Depends on patch for firmware-utils package:
https://github.com/openwrt/firmware-utils/commit/2051fe5b
Connect to the router using ssh or telnet,
username: useradmin, password is the web
login password of the router.
Use scp to upload bl31-uboot.fip and flash:
"mtd write xxx-bl31-uboot.fip FIP"
"mtd erase ubi"
Connect to the router via the Lan port,
set a static ip of your PC.
(ip 192.168.1.254, gateway 192.168.1.1)
Download initramfs image, reboot router,
waiting for tftp recovery to complete.
After openwrt boots up, perform sysupgrade.
CONFIG_QCOM_IPA kernel cofig was enabled by mistake and conflicts with
mac80211 as it indirectly selects QMI HELPERS. Backports project provid
his own version of QMI HELPERS hence it should not be built-in.
Make the RPM partition read-only. This was a mistake and a leftover from
staging branch but I can take this mistake as an excuse to document the
current problem with RPM.
It might happen that a board ship with a broken RPM .mbn, broken not in
the sense that the board doesn't boot or it's a brick but broken in the
sense that it's outdaed and suffer from a bug fixed in new version.
This bug consist in a problem with the regulators between USB and NSS.
The old RPM mess with the NSS regulator (l2) and change the voltage for
it while configuring the USB regulator (l5).
This cause the ethernet subsystem to malfunction with the port not
working.
To workaround this, it's needed to disable RPM handling and CPUFreq.
With these 2 disabled, the old RPM doesn't touch regulators and Ethernet
works correctly.
New RPM correctly handle regulators for USB (l5) and doesn't suffer from
this problem. A solution for this is getting discussed with QCOM hoping
to get some good feedback for it.
Add pending patch fixing NSSCC boot stall. These patch are needed to
prevent the ICC to disable critical clock for NSSCC NOC.
Without these the system will stall and reboot with watchdog.
While at it also remove an extra clock from DTSI as it currently have no
use. Original patch is not modified to keep consistency with series
proposed upstream.
qualcommbe: ipq95xx: Refresh dts SPI-NAND patch to v14
Refresh dts SPI-NAND patch to to v14. This is to keep stuff synced with
current pending patch revision and make it easier to replace patch
later (and discover something broke in the meantime)
qualcommbe: ipq95xx: Refresh the NSSCC and PORT patch for new PCIe patches
Refresh the NSSCC patch for new PCIe patches. To keep track of fuzz
changes for the IPQ95xx patches, patch are not refreshed currently.
For the specific case of NSSCC patch, quilt gets confused and apply the
patch in the wrong node, putting it in the RPM node (causing all kind of
funny errors at runtime)
Correctly fix the patch to put the node right after the PCIe nodes.
Also the PORT patch need to be refreshed as the gpio header is added by
the PCIe patch.
generic: move QCOM SPI NAND driver to generic backports
QCOM SPI NAND driver got merged upstream hence we can drop the special
patch from qualcommax and qualcommbe target and move them to the generic
backports directory to reduce patch maintenance.
While at it refresh any affected patch and target and also backport other
minor fixup for the SPI NAND driver merged upstream later.
Adds latest 6.6 patches from the Raspberry Pi repository.
These patches were generated from:
https://github.com/raspberrypi/linux/commits/rpi-6.6.y/
With the following command:
git format-patch -N v6.6.85..HEAD
(HEAD -> bba53a117a4a5c29da892962332ff1605990e17a)
Linus Walleij [Sun, 11 Jun 2023 22:15:18 +0000 (00:15 +0200)]
gemini: Activate serial USB console on the DNS-313
This brings up a serial console on the USB device port of
the DNS-313 by:
- Activating the usbgadget feature
- Selecting the usbgadget-acm package
- Adding an inittab that opens a console at ttyGS0 which is
the device side of ttyACMn of a connected host
Sync jitterentropy source code with linux-6.12 to solve the
issue of jitterentropy initialization failed:
[ 9.523489] jitterentropy: Initialization failed with host not compliant with requirements: 9
[ 9.661916] kmodloader: 1 module could not be probed
[ 9.662377] kmodloader: - jitterentropy_rng - 0
In linux upstream commit cf27d9475f37 ("crypto: jitter - use
permanent health test storage"), when FIPS crypto is disabled,
the health test results are always explicitly skipped. That means
it will never return error code 9 (health test failed) again.
Fixes: https://github.com/openwrt/openwrt/issues/16684 Signed-off-by: Shiji Yang <yangshiji66@outlook.com> Link: https://github.com/openwrt/openwrt/pull/18399 Signed-off-by: Robert Marko <robimarko@gmail.com>
build: bpf: fix LLVM tool paths with host toolchain
Do not assume that the various tools like llc can be found under the
same path as clang; instead, look them up through BPF_PATH (while still
preferring ones found next to clang).
This fixes build in common setups with ccache, where clang resolves to a
path like /usr/lib/ccache/bin/clang, but no other tools can be found at
that location.
Yang Xiwen [Mon, 31 Mar 2025 00:48:23 +0000 (08:48 +0800)]
ipq60xx: add support for TP-Link EAP623-Outdoor HD v1
Specifications:
* SoC: Qualcomm IPQ6018 (64-bit Quad-core Arm Cortex-A53 @ 1800MHz)
* Memory: 1 GiB
* Serial Port: 3v3 TTL 115200n8
* Wi-Fi: QCN9074 (4x4 5 GHz 802.11ax)
* Wi-Fi: IPQ6018 (4x4 2.4 GHz 802.11b/g/n/ax)
* Ethernet: RTL8211F (10/100/1GBASE-T)
* Flash: ESMT F59D1G81MB (128 MiB)
* LEDs: 1x Green Status (GPIO 37 Active High), 1x Yellow Status (GPIO 32
Active High) and an LED global control GPIO (GPIO 36 Active High, set
up by U-Boot)
* Buttons: 1x Reset (GPIO 9 Active Low)
Installation Instructions (Serial+TFTP):
1. Solder 4 pin header to the pads near T32 and T31.
2. Connect 3V3 TTL port to TX, RX, and GND, which are pad T31, T32 and
the pad near T31 respectively. Be sure not to connect VCC and
crossover TX and RX.
3. Copy RAM firmware image
openwrt-qualcommax-ipq60xx-tplink_eap623od-hd-v1-initramfs-uImage.itb
to TFTP server root, available at 192.168.0.1.
4. Connect PoE ethernet cable to the RJ45 port and hold Ctrl+B in the
serial console (115200 baud) until autoboot is halted.
5. Run the following commands in the U-boot prompt:
# setenv serverip 192.168.0.1
# setenv ipaddr 192.168.0.99
# tftpboot 0x44000000 openwrt-qualcommax-ipq60xx-tplink_eap623od-hd-v1-initramfs-uImage.itb
# bootm
You may need to type Ctrl+C and Enter before running these commands
to clear invisible characters from the buffer.
6. Run the following command in a terminal to copy the sysupgrade image
to be installed (check IP address):
$ scp openwrt-qualcommax-ipq60xx-tplink_eap623od-hd-v1-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/
7. Activate the OpenWrt serial console and run the following commands:
# cd /tmp
# sysupgrade -n openwrt-qualcommax-ipq60xx-tplink_eap623od-hd-v1-squashfs-sysupgrade.bin
8. The AP will reboot and OpenWrt will be successfully installed.
generic: qca8k: backport bridge port isolation support
Bridge port isolation offload support has been added to the bridge core
and many DSA drivers. mt7530 support was backported in OpenWrt commit c4e6a147a6c0 ("generic: 6.6: mt7530: add support for bridge port
isolation").
This patch adds support for D-Link DGS-1210-26 rev. F1
Hardware specification
----------------------
* RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
* 128MB DRAM
* 32MB NOR Flash (MX25L25635E)
* 24 x 10/100/1000BASE-T ports
* 2 x SFP ports
* Power LED
* Reset button on front panel
Installation using OEM webinterface
-----------------------------------
1. Make sure you are running OEM firmware from secondary slot. If not, switch to image2 using the menus
System > Firmware Information > Boot from image2
Tools > reboot
2. Upload image squashfs-factory_image1.bin via Tools > Backup / Upgrade Firmware > image1
3. Toggle startup image via System > Firmware Information > Boot from image1
4. Tools > reboot
Known working firmware version for this procedure: 6.20.007
Installation using TFTP and serial console
------------------------------------------
1. Prepare a TFTP server with the OpenWrt *initramfs-kernel.bin and assign it an IP from 10.90.90.0/24 (except 10.90.90.90)
2. Connect the TFTP server to one of switch's ports
3. Connect to the serial console (115200 baud) and power on the switch
4. Press the ESC key once you see "Hit Esc key to stop autoboot" in the console output
5. Press CTRL+C keys to get into the real U-Boot prompt
6. Init the network with the command "rtk network on"
7. Load the OpenWrt image with the command "tftpboot 0x8f000000 <TFTP_SERVER_IP>:<IMAGE_FILE>"
(<TFTP_SERVER_IP> is the TFTP server's IP, e.g. 10.90.90.100; <IMAGE_FILE> is the name of the image provided by the TFTP server)
8. Boot the OpenWrt image with the command "bootm"
9. Browse to https://192.168.1.1/cgi-bin/luci/admin/system/flash
10. Upload the the OpenWrt *squashfs-sysupgrade.bin to the switch
11. Wait for it to reboot
Matthias Franck [Fri, 31 Jan 2025 09:00:46 +0000 (10:00 +0100)]
busybox: use external libtirpc when using glibc
In recent glibc versions rpc functionality has been moved to a separate
library instead of glibc itself.
Depend on this library when rpc functionality is needed and glibc is
used.
Ming Kuang [Fri, 21 Mar 2025 15:21:05 +0000 (23:21 +0800)]
wifi-scripts: mac80211.sh: add EHT and HE160 support to iw_htmode
For WIFI7 devices (such as mt7925e), the dev width is currently
always "20 MHz (no HT)" in monitor mode.
Add EHT and HE160 support to iw_htmode to fix this issue.
Additionally, the following changes are made:
1. Set iw_htmode to 160MHz for VHT160. The reason for the current
VHT160 setting is unclear and seems to have been in place for
over a decade (ibss_htmode [1]). If anyone knows its impact,
please inform me so I can restore it.
2. Modify MHZ to MHz. The original matching table in the current
iw tool uses MHz. Although the match is case-insensitive,
correcting this won't hurt.
Flash instruction using initramfs-factory.bin image:
1. Connect and open serial console
2. Power on WG2200HP and interrupt bootloader by ESC key
3. Login to the bootloader CLI with a password "chiron"
4. Start TFTP server by "tftpd" command
5. Upload initramfs-factory.bin via tftp from your computer
example (Windows): tftp -i 192.168.0.1 PUT initramfs-factory.bin
6. Boot initramfs image by "boot" command
7. On the initramfs image, back up the stock bootloader and firmware if
needed
8. Upload (or download) uboot.bin and sysupgrade.bin image to the device
9. Rplace the bootloader with a uboot.bin image
mtd write <uboot.bin image> bootloader
10. Perform sysupgrade with a sysupgrade.bin image
11. Wait ~120 seconds to complete flashing
Notes:
- All LEDs are connected to the Diodes PI4IOE5V9539LE I2C Expander chip.
(compatible with NXP PCA9539)
- The stock bootloader requires an unknown filesystem on firmware area
in the flash. Booting of OpenWrt from that filesystem cannot be
handled, so the bootloader needs to be replaced to mainline U-Boot
before OpenWrt installation.
- The data length of blocks in firmware image will be checked
(4M < threshold < 6M) on the stock WebUI of all versions, and
initramfs-factory.bin image of OpenWrt has the larger block data for
initramfs image. So that image cannot be applied to the stock WebUI
at all.
INAGAKI Hiroshi [Sat, 11 Jan 2025 16:40:19 +0000 (01:40 +0900)]
uboot-ath79: build U-Boot/qca9558_nec_aterm for NEC Aterm WG2200HP
Enable building U-Boot/qca9558_nec_aterm profile for NEC Aterm WG2200HP.
This model has almost the same hardware as the other Aterm devices based
on Qualcomm Atheros QCA9558.
Installation
------------
1. Connect to the router using ssh (user: admin, pass: web interface
password)
2. Make mtd backup:
cat /dev/mtd0 | gzip -1 -c > /tmp/mtd0_spi0.0.bin.gz
cat /dev/mtd1 | gzip -1 -c > /tmp/mtd1_BL2.bin.gz
cat /dev/mtd2 | gzip -1 -c > /tmp/mtd2_u-boot-env.bin.gz
cat /dev/mtd3 | gzip -1 -c > /tmp/mtd3_Factory.bin.gz
cat /dev/mtd4 | gzip -1 -c > /tmp/mtd4_FIP.bin.gz
cat /dev/mtd5 | gzip -1 -c > /tmp/mtd5_ubi.bin.gz
3. Download mtd backup from the /tmp dir of the router to your PC using
scp protocol
4. Upload OpenWrt 'bl31-uboot.fip', 'preloader.bin' images to the /tmp
dir of the router using scp protocol
5. Write FIP and BL2 (replace bootloader):
mtd write /tmp/openwrt-mediatek-filogic-netis_nx31-bl31-uboot.fip FIP
mtd write /tmp/openwrt-mediatek-filogic-netis_nx31-preloader.bin BL2
6. Place OpenWrt
'openwrt-mediatek-filogic-netis_nx31-initramfs-recovery.itb' image on
the tftp server (IP: 192.168.1.254)
7. Erase 'ubi' partition and reboot the router:
mtd erase ubi
reboot
8. U-Boot automatically boot OpenWrt recovery image from tftp server to
the RAM
9. Upload OpenWrt 'sysupgrade.itb' image to the /tmp dir of the router
(IP: 192.168.1.1) using scp protocol
10. Connect to the router using ssh and run:
sysupgrade -n openwrt-mediatek-filogic-netis_nx31-squashfs-sysupgrade.itb
Return to stock
---------------
1. Unpack stock BL2 and FIP partitions backup
2. Upload stock BL2 and FIP partitions backup to the /tmp dir of the
router using scp protocol
3. Connect to the router using ssh and run:
apk update && apk add kmod-mtd-rw
insmod mtd-rw i_want_a_brick=1
mtd unlock BL2
mtd unlock FIP
4. Restore backup:
mtd write /tmp/mtd4_FIP.bin FIP
mtd write /tmp/mtd1_BL2.bin BL2
5. Erase ubi and reboot:
mtd erase ubi
reboot
6. Power off the router
7. Press Reset button and power on the router. Release the button after
~10 sec
8. Navigate to U-Boot recovery web server (http://192.168.1.1/) and
upload the OEM firmware
Recovery
--------
1. Place OpenWrt
'openwrt-mediatek-filogic-netis_nx31-initramfs-recovery.itb' image on
the tftp server (IP: 192.168.1.254)
2. Press “Reset” button and power on the router. After ~10 sec release
the button.
3. Use OpenWrt initramfs system for recovery
MAC addresses
-------------
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| LAN | dc:xx:xx:d1:xx:18 | label |
| WAN | dc:xx:xx:d1:xx:1a | label+2 |
| WLAN 2g | de:xx:xx:11:xx:19 | |
| WLAN 5g | de:xx:xx:71:xx:19 | |
+---------+-------------------+-----------+
The LAN MAC was found in 'Factory', 0x1fef20
The WAN MAC was found in 'Factory', 0x1fef26
The WLAN 2g/5g MAC prototype was found in 'Factory', 0x4
Fil Dunsky [Mon, 10 Mar 2025 23:57:43 +0000 (06:57 +0700)]
mediatek: filogic: add support for Huasifei WH3000
**Huasifei WH3000 eMMC / Fudy MT3000**
Portable Wi-Fi 6 travel router based on MediaTek MT7981A SoC.
MT7981B+MT7976CN+RTL8221B Dual Core 1.3GHZ
**Specifications**
SoC: Filogic 820 MT7981A (1.3GHz)
RAM: DDR4 1GB
Flash: eMMC 8GB
WiFi: 2.4GHz and 5GHz with 3 antennas
Ethernet:
1x WAN (10/100/1000M)
1x LAN (10/100/1000/2500M)
USB: 1x USB 3.0 port
Two buttons: power/reset and mode (BTN_0)
LEDS: blue, red, blue+red=pink
UART: 3.3V, TX, RX, GND / 115200 8N1
**Installation via U-Boot rescue**
1. Set static IP 192.168.1.2 on your computer and default route as 192.168.1.1
2. Connect to the WAN port and hold the reset button while booting the device.
3. Wait for the LED to blink 5 times, and release the reset button.
4. Open U-boot web page on your browser at http://192.168.1.1
5. Select the OpenWRT sysupgrade image, upload it, and start the upgrade.
6. Wait for the router to flash the new firmware.
7. Wait for the router to reboot itself.
**Installation via sysupgrade**
Just flash sysupgrade file via [LuCI upgrade page](http://192.168.1.1/cgi-bin/luci/admin/system/flash) without saving the settings.
**Installation via SSH**
Upload the file to the router `/tmp` directory, `ssh root@192.168.1.1` and issue a command:
```
sysupgrade -n /tmp/openwrt-mediatek-filogic-huasifei_wh3000-emmc-squashfs-sysupgrade.bin
```
**Factory MAC**
You can find your Factory MAC which is mentioned on the box at `/dev/mmcblck0p2` partition `factory` starting from `0x4`
```
dd if=/dev/mmcblk0p2 bs=1 skip=4 count=6 | hexdump -C
```
**Enlarging a partition**
Though device has 8GB eMMC, it uses only 2GB `/dev/mmcblck0p6` as `rootfs` for `/rom` and `/overlay` leaving `/dev/mmcblck0p7` as empty unused space.
```
sgdisk -p /dev/mmcblk0
```
```
Disk /dev/mmcblk0: 15269888 sectors, 7.3 GiB
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): 2BD17853-102B-4500-AA1A-8A21D4D7984D
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 14942174
Partitions will be aligned on 1024-sector boundaries
Total free space is 11197 sectors (5.5 MiB)
You can fix that by loading into `initramfs-kernel`, deleting empty `mmcblck0p7` partition and resizing `mmcblck0p6`
```
sysupgrade -F /tmp/openwrt-initramfs-kernel.bin
```
Install and run cfdisk
```
opkg update && opkg install cfdisk
cfdisk /dev/mmcblck0
```
- Select `mmcblck0p7` -> Delete
- Select `mmcblck0p6` -> Resize -> Write -> yes -> Quit
You will not see any difference in `cat /proc/partitions` after that but just flash a `sysupgrade` and you'll get the whole 7.3GB space for the `/overlay`.
Stijn Tintel [Tue, 18 Mar 2025 08:56:25 +0000 (10:56 +0200)]
arm-trusted-firmware-rockchip: support rk3588
ATF supports rk3588 since version 2.12, so let's enable it in
arm-trusted-firmware-rockchip.
We still need the TPL to initialize RAM, but keeping rk3588 in rkbin
would cause a duplicate package name, so rename rk3588 to rk3588-tpl in
rkbin.
Finally, point uboot-rockchip for rk3588 to bl31 built by this package,
and add a dependency on the new trusted-firmware-a-rk3588-tpl pacakge.
While this doesn't necessarily add features, we now no longer rely on
the rk3588_bl31_v1.45.elf blob provided by Rockchip, which is always a
good thing.
Stijn Tintel [Tue, 18 Mar 2025 08:53:46 +0000 (10:53 +0200)]
arm-trusted-firmware-rockchip: bump to 2.12.1 LTS
And remove no-warn-rwx-segments hack, as this is no longer needed and
actually causes build to fail. See also commit c117d7a37a74
("include/trusted-firmware-a.mk: remove the no-warn-rwx-segments hack").
Stijn Tintel [Mon, 24 Mar 2025 22:20:32 +0000 (00:20 +0200)]
include/trusted-firmware-a.mk: support LTS releases
TF-A LTS releases have an lts- prefix in their version tag. Introduce a
PKG_LTS variable to support these.
As the non-LTS tarbals do not contain the version prefix in the
directory, we need different PKG_BUILD_DIR for each variant:
➜ tar --list --file dl/trusted-firmware-a-v2.12.tar.gz | head -n1
trusted-firmware-a-2.12/
➜ tar --list --file dl/trusted-firmware-a-lts-v2.12.1.tar.gz | head -n1
trusted-firmware-a-lts-v2.12.1/
projects / thirdparty / openwrt.git / log
