Daniel Golle [Sun, 27 Nov 2022 12:33:31 +0000 (12:33 +0000)]
dnsmasq: add option to expose additional paths to jail
Add new UCI list 'addn_mount' allowing the expose additional filesystem
paths to the jailed dnsmasq process. This is useful e.g. in case of
manually configured includes to the configuration file or symlinks
pointing outside of the exposed paths as used by e.g. the safe-search
package in the packages feed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ipq40xx: add support for Mikrotik wAP R ac / LTE / LTE6
The Mikrotik wAP R AC is an outdoor, dual band, dual radio (802.11ac) AP
with a miniPCIe slot for a LTE modem.
The wAP R AC is similar to the wAP AC but with the miniPCIe slot.
The wAP R AC requires installing a LTE modem.
The wAP LTE and wAP LTE6 comes with a LTE modem installed.
See https://mikrotik.com/product/wap_r_ac for more info.
Specifications:
- SoC: Qualcomm Atheros IPQ4018
- CPU: 4x ARM Cortex A7
- RAM: 128MB
- Storage: 16MB NOR flash
- Wireless:
- Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, internal antenna
- Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, internal antenna
- Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 2x 1000/100/10 ports
one with 802.3af/at PoE in
- 1x Mini PCI-E port (USB2)
Installation:
Boot the initramfs image via TFTP, then flash the sysupgrade image using
sysupgrade. Details at https://openwrt.org/toh/mikrotik/common.
Swconfig isn't used by this target and can be disabled for
this reason. Airoha doesn't even have an Ethernet driver.
In the future, this target should get a DSA driver.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Pawel Dembicki [Sat, 29 Oct 2022 20:59:50 +0000 (22:59 +0200)]
layerscape: kmod-ppfe: Use ppfe driver as module
In 8274451cb86 kmod-ppfe was changed to built-in because CONFIG_FSL_PPFE
was binary. In 5.10 and 5.15 kernel, PPFE driver can be build as module.
This patch switch kmod-ppfe from build-in to loadable module.
Loadable module helps to avoid hazard: driver is looking for firmware
file before mount root.
Pawel Dembicki [Sat, 29 Oct 2022 21:42:03 +0000 (23:42 +0200)]
layerscape: Fix SPI-NOR issues with vendor patches
For some reason LS1012A and LS1046A devboards don't work well with
Spansion SPI NOR flash. It cause read and write errors like:
[ 27.285887] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x025ae000
[ 27.468922] jffs2: Newly-erased block contained word 0x0 at offset 0x02573000
[ 27.502615] jffs2: Newly-erased block contained word 0xe723f41e5823f110 at offset 0x02572000
[ 27.541550] jffs2: Newly-erased block contained word 0x1a7d266ee6 at offset 0x02571000
[ 27.577195] jffs2: Newly-erased block contained word 0x5d000bae8d52fec6 at offset 0x02570000
[ 27.611800] jffs2: Newly-erased block contained word 0x63515aee63515a4b at offset 0x0256f000
[ 27.651749] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x0256e000
[ 27.825593] jffs2: Newly-erased block contained word 0xc20031985 at offset 0x0252e000
NXP have found workarround and applied in their vendor kernel version.
They force 1x tx and 1x rx lines in qspi. That method fix issues.
This patch ports patches from NXP LSDK tree.
Will Moss [Thu, 10 Nov 2022 19:55:11 +0000 (19:55 +0000)]
ath79: D-Link DIR-825 B1 add factory.bin recipe
- Bring back factory.bin image which was missing after porting device to ath79 target
- Use default sysupgrade.bin image recipe
- Adjust max image size according to new firmware partition size after
"ath79: expand rootfs for DIR-825-B1 with unused space (aca8bb5)" changes
- Remove support of upgrading from version 19.07, because partition size changes mentioned above
MAC addresses are labeled as ETH, 2.4G, and 5GHz
Only one Vendor MAC address in flash
eth0 ETH *:fb art 0x0
phy1 2.4G *:fc ---
phy0 5GHz *:fd ---
**Serial Access:**
the RX line on the board for UART is shorted to ground by resistor R176
therefore it must be removed to use the console
but it is not necessary to remove to view boot log
optionally, R175 can be replaced with a solder bridge short
the resistors R175 and R176 are next to the UART RX pin at J10
**Installation:**
2 ways to flash factory.bin from OEM:
Method 1: Firmware upgrade page:
OEM webpage at 192.168.1.1
username and password "admin"
Navigate to "Firmware Upgrade" page from left pane
Click Browse and select the factory.bin image
Upload and verify checksum
Click Continue to confirm and wait 3 minutes
Method 2: Serial to load Failsafe webpage:
After connecting to serial console and rebooting...
Interrupt uboot with any key pressed rapidly
execute `run failsafe_boot` OR `bootm 0x9fd70000`
wait a minute
connect to ethernet and navigate to
"192.168.1.1/index.htm"
Select the factory.bin image and upload
wait about 3 minutes
**Return to OEM:**
If you have a serial cable, see Serial Failsafe instructions
otherwise, uboot-env can be used to make uboot load the failsafe image
ssh into openwrt and run
`fw_setenv rootfs_checksum 0`
reboot, wait 3 minutes
connect to ethernet and navigate to 192.168.1.1/index.htm
select OEM firmware image from Engenius and click upgrade
**TFTP recovery:**
Requires serial console, reset button does nothing
rename initramfs to 'vmlinux-art-ramdisk'
make available on TFTP server at 192.168.1.101
power board, interrupt boot
execute tftpboot and bootm 0x81000000
NOTE: TFTP is not reliable due to bugged bootloader
set MTU to 600 and try many times
if your TFTP server supports setting block size
higher block size is better.
**Format of OEM firmware image:**
The OEM software of EAP1750H is a heavily modified version
of Openwrt Kamikaze. One of the many modifications
is to the sysupgrade program. Image verification is performed
simply by the successful ungzip and untar of the supplied file
and name check and header verification of the resulting contents.
To form a factory.bin that is accepted by OEM Openwrt build,
the kernel and rootfs must have specific names...
and begin with the respective headers (uImage, squashfs).
Then the files must be tarballed and gzipped.
The resulting binary is actually a tar.gz file in disguise.
This can be verified by using binwalk on the OEM firmware images,
ungzipping then untaring.
Newer EnGenius software requires more checks but their script
includes a way to skip them, otherwise the tar must include
a text file with the version and md5sums in a deprecated format.
The OEM upgrade script is at /etc/fwupgrade.sh.
OKLI kernel loader is required because the OEM software
expects the kernel to be no greater than 1536k
and the factory.bin upgrade procedure would otherwise
overwrite part of the kernel when writing rootfs.
Note on PLL-data cells:
The default PLL register values will not work
because of the external AR8035 switch between
the SOC and the ethernet port.
For QCA955x series, the PLL registers for eth0 and eth1
can be see in the DTSI as 0x28 and 0x48 respectively.
Therefore the PLL registers can be read from uboot
for each link speed after attempting tftpboot
or another network action using that link speed
with `md 0x18050028 1` and `md 0x18050048 1`.
The clock delay required for RGMII can be applied
at the PHY side, using the at803x driver `phy-mode`.
Therefore the PLL registers for GMAC0
do not need the bits for delay on the MAC side.
This is possible due to fixes in at803x driver
since Linux 5.1 and 5.3
Edward Chow [Tue, 22 Nov 2022 10:49:21 +0000 (18:49 +0800)]
ath79: calibrate TP-LINK TL-WR2543ND with nvmem
Driver for and pci wlan card now pull the calibration data from the nvmem
subsystem.
This allows us to move the userspace caldata extraction for the pci-e ath9k
supported wifi into the device-tree definition of the device.
The wifi mac address remains correct after these changes, because When both
"mac-address" and "calibration" are defined, the effective mac address
comes from the cell corresponding to "mac-address" and
mac-address-increment.
Shiji Yang [Sun, 20 Nov 2022 03:15:16 +0000 (11:15 +0800)]
scripts: remove redundant character '0x0a' from Linksys image signature
The redundant character '0x0a' after the 192 bytes '0x00' padding broke
the factory image. We need to remove it to make things work again.
Fixes: e6769d11f3 scripts: fix missing character '0' issue in linksys image Tested-by: Tony Butler <spudz76@gmail.com> Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Nick Hainke [Wed, 16 Nov 2022 07:48:02 +0000 (08:48 +0100)]
wolfssl: update to v5.5.3
Remove "200-ecc-rng.patch" because it was upstramed by:
https://github.com/wolfSSL/wolfssl/commit/e2566bab2122949a6a0bb2276d0a52598794d7d0
Refreshed "100-disable-hardening-check.patch".
Rosen Penev [Tue, 22 Nov 2022 01:02:31 +0000 (17:02 -0800)]
nls.mk: fixup cmake packages
Instead of manually overriding every cmake package that uses iconv or
gettext's paths, add the prefix in here so that at least FindIconv.cmake
works. Fixes compilation with BUILD_NLS.
ipq806x: disable cache and fabric devfreq driver to improve stability
It was tested that cache scaling currently cause instability problem.
This is probably caused by a latent misconfiguration that cause the L2
cache to be sourced from the wrong source and runs at an unstable freq
compared to the original QSDK fw.
To improve stability while the problem is bisected, disable the devfreq
drivers with minimal perf penality.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Daniel Golle [Thu, 17 Nov 2022 02:03:59 +0000 (02:03 +0000)]
ipq40xx: remove '-fit' string from kernel filenames
The type of those images is already distinguishable by the '.itb'
extension, there is no need for an additional '-fit' string in the
filenames. Remove it to behave more like other targets.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Thu, 17 Nov 2022 01:52:50 +0000 (01:52 +0000)]
ipq40xx: remove 'nand-' string from image filenames
Only on the ipq40xx subtarget different filenames were used for NAND-
based devices. This is unneeded, confusing and breaks downstream tools
such as luci-app-attendedsysupgrade and auc.
Remove the 'nand-' string from image filenames to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
John Audia [Sat, 19 Nov 2022 13:41:25 +0000 (08:41 -0500)]
bcm27xx: disable duplicate sdhost driver
Enabling both CONFIG_MMC_BCM2835 and CONFIG_MMC_BCM2835_SDHOST causes this
error in dmesg:
Error: Driver 'sdhost-bcm2835' is already registered, aborting...
Disabling CONFIG_MMC_BCM2835 and leaving CONFIG_MMC_BCM2835_SDHOST enabled
avoids this error.
When compiling OpenWRT on a compressed btrfs volume the build fails in
libtool.
The file `libltdl/config/ltmain.m4sh` from `libtool-2.4.2.tar.xz` is
missing write permissions, therefore patch falls back to copying the
file and patching that. During this patch tries to preserve all file
attribute on the new copy.
However the attribute `btrfs.compression` is privileged and btrfs return
EACCES.
While patch ignores multiple other error codes during the copy of xattr
copy it is not prepared for EACCES and aborts.
EACCES should be ignored the same way as the other errors.
Notes:
- The device supports dual boot mode
- The firmware partitions were concatinated into one
- The FN button led indicator has been reassigned as the 2.4GHz
wifi indicator.
Flash instruction:
The only way to flash OpenWrt image is to use tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24 and tftp server.
2. Rename "openwrt-ramips-mt7621-keenetic_kn-3010-squashfs-factory.bin"
to "KN-3010_recovery.bin" and place it in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed until power led start blinking.
4. Router will download file from server, write it to flash and reboot.
Xiaopo Zhang [Thu, 17 Nov 2022 13:17:36 +0000 (21:17 +0800)]
x86/64: enable Intel PINCTRL in 64bit target
Intel PINCTRL is not enable in the 64bit build, while it is enabled in
the x86/general target, which disables the ability of controlling GPIO
in the 64 bit build.
This commit copies the corresponding part of x86/general config, since
it is already there, so it should be fine to enable the same settings
here.
ath79: disable image building for Ubiquiti EdgeSwitch 8XP
The downstream OpenWrt driver for the BCM53128 switch ceased to work,
rendering the 8 LAN ports of the device unusable. This commit disables
image building while the problem is being solved.
See issue #10374 for more details.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Edward Chow [Sun, 20 Nov 2022 03:22:31 +0000 (11:22 +0800)]
ath79: calibrate nand netgear wndrxxxx with nvmem
Driver for both soc (2.4GHz Wifi) and pci (5 GHz) now pull the calibration
data from the nvmem subsystem.
This allows us to move the userspace caldata extraction for the pci-e ath9k
supported wifi into the device-tree definition of the device.
wmac's nodes are also changed over to use nvmem-cells over OpenWrt's
custom mtd-cal-data property.
The wifi mac address remains correct after these changes, because When both
"mac-address" and "calibration" are defined, the effective mac address
comes from the cell corresponding to "mac-address" and
mac-address-increment.
Test passed on my wndr3700v4 and wndr4500v3. Signed-off-by: Edward Chow <equu@openmail.cc>
Edward Chow [Wed, 9 Nov 2022 09:18:17 +0000 (17:18 +0800)]
ath79: calibrate all ar9344 tl-WDRxxxx with nvmem
Driver for both soc (2.4GHz Wifi) and pci (5 GHz) now pull the calibration
data from the nvmem subsystem.
This allows us to move the userspace caldata extraction for the pci-e ath9k
supported wifi into the device-tree definition of the device.
wmac's nodes are also changed over to use nvmem-cells over OpenWrt's
custom mtd-cal-data property.
The wifi mac address remains correct after these changes, because When both
"mac-address" and "calibration" are defined, the effective mac address
comes from the cell corresponding to "mac-address" and
mac-address-increment.
Jonas Albrecht [Fri, 28 May 2021 10:28:35 +0000 (12:28 +0200)]
lantiq: ltq-tapi: add customer pulse digit time
With this patch you can change the pulse digit time by loading the Lantiq
FXS driver kernel module called ltq-tapi. This is relevant for old
rotaryphones that uses pulsedialing.
The default values are:
30-80ms for the low pulse
30-80ms for the high pulse
300ms for minimum Interdigit time
this is OK but on some Phones it can be usefull to customize the values
If you want to change the values to high and low pulse to 40-90ms and
minimum interdigit time to 400ms
than change /etc/modules.d/20-ltq-tapi to (without linebrakes):
drv_tapi min_digit_low=40 min_digit_high=90 max_digit_low=40 \
max_digit_high=90 min_interdigit=400
Signed-off-by: Jonas Albrecht <plonkbong100@protonmail.com>
Daniel Golle [Tue, 15 Nov 2022 21:23:06 +0000 (21:23 +0000)]
uboot-mediatek: optimize MMC erase
Fix mmc_write_vol hush script used by many boards to avoid timeouts on
slow SD cards:
Instead of erasing a complete partition, only erase blocks for the
to-be-written image when writing to MMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Kuan-Yi Li [Thu, 20 Oct 2022 03:31:19 +0000 (11:31 +0800)]
linux-firmware: offer two versions of firmware for CYW4339
According to commit 6f6c2fb321, AP6335 module used in PICO-PI-IMX7D works
only with firmware from `linux-firmware`. However, firmware from
`cypress-firmware` suite is directly from the chip company (Infineon) and
is actually newer.
Instead of dropping the firmware from Infineon, create a package named
`brcmfmac-firmware-4339-sdio`, and keep the Infineon version of
`cypress-firmware-4339-sdio` around.
This gives us devs the option to choose. Also, it means that
- packages `brcmfmac-firmware-*` uniformly come from `linux-firmware`
- packages `cypress-firmware-*` uniformly come from `cypress-firmware`
so hopefully brings more clarity.
Tested-by: Lech Perczak <lech.perczak@gmail.com> Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
Kuan-Yi Li [Thu, 20 Oct 2022 02:26:44 +0000 (10:26 +0800)]
linux-firmware: broadcom: use symlink to provide NVRAM for some RPis
This is to align the implementation with upstream `linux-firmware`.
Some Raspberry Pi boards do not have dedicated NVRAM in `linux-firmware`
source repository, their NVRAM is provided through a symbolic link to
NVRAM of another board with an identical wireless design.
Kuan-Yi Li [Thu, 20 Oct 2022 02:26:13 +0000 (10:26 +0800)]
cypress-firmware: use symlink to provide firmware in brcm
This is to align the implementation with upstream `linux-firmware`.
Instead of moving these firmware files to `brcm` subdirectory and changing
their names, leave them in `cypress` subdirectory, keep their names intact
and use symbolic links to provide compatibility with Broadcom FullMAC
driver.
This gives more context to where the firmware comes from.
Kuan-Yi Li [Sat, 22 Oct 2022 15:09:19 +0000 (23:09 +0800)]
cypress-nvram: use symlink to provide NVRAM for some RPis
This is to align the implementation with upstream `linux-firmware`.
Some Raspberry Pi boards do not have dedicated NVRAM in `linux-firmware`
source repository, their NVRAM is provided through a symbolic link to
NVRAM of another board with an identical wireless design.
Kuan-Yi Li [Sat, 22 Oct 2022 15:04:30 +0000 (23:04 +0800)]
cypress-nvram: remove PROVIDES in NVRAM packages
PROVIDES for these packages will cause ambiguity and circular dependency
in planned changes.
For example, if there is a package `brcmfmac-firmware-43455-sdio-rpi-cm4`
that depends on `brcmfmac-firmware-43455-sdio-rpi-4b`, there is no way to
tell which one of below packages the system will go for.
- package named `brcmfmac-firmware-43455-sdio-rpi-4b`
- package named `cypress-nvram-43455-sdio-rpi-4b` that PROVIDES
`brcmfmac-firmware-43455-sdio-rpi-4b`
When ambiguity is unacceptable, PROVIDES (aliases) shall be removed and
packages shall only be used through their exact name.
Daniel Golle [Tue, 15 Nov 2022 18:45:52 +0000 (18:45 +0000)]
kernel: modules: package Marvell gigE PHY driver
Some copper SFP modules come with Marvell's 88E1xxx PHY and need this
module to function. Package it, so users can easily install this PHY
driver and use e.g. FINISAR CORP. FCLF-8521-3-HC SFP.
Without marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: validation with support 0000000,00000000,00000000 failed: -22
sfp sfp2: sfp_add_phy failed: -22
With marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: switched to inband/sgmii link mode
mt7530 mdio-bus:1f sfp2: PHY [i2c:sfp2:16] driver [Marvell 88E1111] (irq=POLL)
mt7530 mdio-bus:1f sfp2: Link is Up - 1Gbps/Full - flow control rx/tx
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Andre Heider [Sat, 12 Nov 2022 08:50:36 +0000 (09:50 +0100)]
scripts: fix dl_cleanup.py argument handling
The -w|--whitelist and -D|--download-dir arguments pass an additional value,
properly evaluate that.
Also allow to pass the download directory without -D|--download-dir, just as
the usage describes.
Finally fix spitting out the wrong error messages about those args.
Ruckus ZoneFlex 7025 is a single 2.4GHz radio 802.11n 1x1 enterprise
access point with built-in Ethernet switch, in an electrical outlet form factor.
Hardware highligts:
- CPU: Atheros AR7240 SoC at 400 MHz
- RAM: 64MB DDR2
- Flash: 16MB SPI-NOR
- Wi-Fi: AR9285 built-in 2.4GHz 1x1 radio
- Ethernet: single Fast Ethernet port inside the electrical enclosure,
coupled with internal LSA connector for direct wiring,
four external Fast Ethernet ports on the lower side of the device.
- PoE: 802.3af PD input inside the electrical box.
802.3af PSE output on the LAN4 port, capable of sourcing
class 0 or class 2 devices, depending on power supply capacity.
- External 8P8C pass-through connectors on the back and right side of the device
- Standalone 48V power input on the side, through 2/1mm micro DC barrel jack
Serial console: 115200-8-N-1 on internal JP1 header.
Pinout:
---------- JP1
|5|4|3|2|1|
----------
Pin 1 is near the "H1" marking.
1 - RX
2 - n/c
3 - VCC (3.3V)
4 - GND
5 - TX
Installation:
There are two methods of installation:
- Using serial console [1] - requires some disassembly, 3.3V USB-Serial
adapter, TFTP server, and removing a single T10 screw,
but with much less manual steps, and is generally recommended, being
safer.
- Using stock firmware root shell exploit, SSH and TFTP [2]. Does not
work on some rare versions of stock firmware. A more involved, and
requires installing `mkenvimage` from u-boot-tools package if you
choose to rebuild your own environment, but can be used without
disassembly or removal from installation point, if you have the
credentials.
If for some reason, size of your sysupgrade image exceeds 13312kB,
proceed with method [1]. For official images this is not likely to
happen ever.
[1] Using serial console:
0. Connect serial console to H1 header. Ensure the serial converter
does not back-power the board, otherwise it will fail to boot.
1. Power-on the board. Then quickly connect serial converter to PC and
hit Ctrl+C in the terminal to break boot sequence. If you're lucky,
you'll enter U-boot shell. Then skip to point 3.
Connection parameters are 115200-8-N-1.
2. Allow the board to boot. Press the reset button, so the board
reboots into U-boot again and go back to point 1.
3. Set the "bootcmd" variable to disable the dual-boot feature of the
system and ensure that uImage is loaded. This is critical step, and
needs to be done only on initial installation.
> setenv bootcmd "bootm 0x9f040000"
> saveenv
4. Boot the OpenWrt initramfs using TFTP. Replace IP addresses as needed:
[2] Using stock root shell:
0. Reset the device to factory defaullts. Power-on the device and after
it boots, hold the reset button near Ethernet connectors for 5
seconds.
1. Connect the device to the network. It will acquire address over DHCP,
so either find its address using list of DHCP leases by looking for
label MAC address, or try finding it by scanning for SSH port:
$ nmap 10.42.0.0/24 -p22
From now on, we assume your computer has address 10.42.0.1 and the device
has address 10.42.0.254.
2. Set up a TFTP server on your computer. We assume that TFTP server
root is at /srv/tftp.
3. Obtain root shell. Connect to the device over SSH. The SSHD ond the
frmware is pretty ancient and requires enabling HMAC-MD5.
Locate partitions for primary and secondary firmware image.
NEVER blindly copy over MTD nodes, because MTD indices change
depending on the currently active firmware, and all partitions are
writable!
# grep rcks_wlan /proc/mtd
Copy over both images using TFTP, this will be useful in case you'd
like to return to stock FW in future. Make sure to backup both, as
OpenWrt uses bot firmwre partitions for storage!
When the command finishes, copy over the dump to a safe place for
storage.
$ cp /srv/tftp/ruckus_zf7025_firmware{1,2}.bin ~/
5. Ensure the system is running from the BACKUP image, i.e. from
rcks_wlan.bkup partition or "image 2". Otherwise the installation
WILL fail, and you will need to access mtd0 device to write image
which risks overwriting the bootloader, and so is not covered here
and not supported.
Switching to backup firmware can be achieved by executing a few
consecutive reboots of the device, or by updating the stock firmware. The
system will boot from the image it was not running from previously.
Stock firmware available to update was conveniently dumped in point 4 :-)
6. Prepare U-boot environment image.
Install u-boot-tools package. Alternatively, if you build your own
images, OpenWrt provides mkenvimage in host staging directory as well.
It is recommended to extract environment from the device, and modify
it, rather then relying on defaults:
Now, write the images in place. Write U-boot environment last, so
unit still can boot from backup image, should power failure occur during
this. Replace MTD placeholders with real MTD nodes:
Finally, reboot the device. The device should directly boot into
OpenWrt. Look for the characteristic power LED blinking pattern.
# reboot -f
After unit boots, it should be available at the usual 192.168.1.1/24.
Return to factory firmware:
1. Boot into OpenWrt initramfs as for initial installation. To do that
without disassembly, you can write an initramfs image to the device
using 'sysupgrade -F' first.
2. Unset the "bootcmd" variable:
fw_setenv bootcmd ""
3. Concatenate the firmware backups, if you took them during installation using method 2:
3. Write factory images downloaded from manufacturer website into
fwconcat0 and fwconcat1 MTD partitions, or restore backup you took
before installation:
# mtd write ruckus_zf7025_backup.bin /dev/mtd1
4. Reboot the system, it should load into factory firmware again.
Quirks and known issues:
- Flash layout is changed from the factory, to use both firmware image
partitions for storage using mtd-concat, and uImage format is used to
actually boot the system, which rules out the dual-boot capability.
- The 2.4 GHz radio has its own EEPROM on board, not connected to CPU.
- The stock firmware has dual-boot capability, which is not supported in
OpenWrt by choice.
It is controlled by data in the top 64kB of RAM which is unmapped,
to avoid the interference in the boot process and accidental
switch to the inactive image, although boot script presence in
form of "bootcmd" variable should prevent this entirely.
- On some versions of stock firmware, it is possible to obtain root shell,
however not much is available in terms of debugging facitilies.
1. Login to the rkscli
2. Execute hidden command "Ruckus"
3. Copy and paste ";/bin/sh;" including quotes. This is required only
once, the payload will be stored in writable filesystem.
4. Execute hidden command "!v54!". Press Enter leaving empty reply for
"What's your chow?" prompt.
5. Busybox shell shall open.
Source: https://alephsecurity.com/vulns/aleph-2019014
Lech Perczak [Mon, 10 Aug 2020 19:40:37 +0000 (21:40 +0200)]
uboot-envtools: ath79: add support for Ubiquiti XM devices
Inspired by commit 9565c5726a34da7c9c953d2293b70fdbfef0e0be, and by
facts that all Ubiquiti XM devices share flash layout, and images are
mostly compatible between all of them - enable uboot-envtools support for
whole XM line.
Flash instructions:
OpenWrt can be installed via D-Link Recovery GUI:
Push and hold reset button (on the bottom of the device) until power led starts flashing (about 10 secs or so) while plugging in the power cable.
Give it ~30 seconds, to boot the recovery mode GUI
Connect your client computer to LAN1 of the device
Set your client IP address manually to 192.168.0.2 / 255.255.255.0.
Call the recovery page for the device at http://192.168.0.1/
Use the provided emergency web GUI to upload and flash a new firmware to the device
Daniel Fuchs [Tue, 25 Oct 2022 01:13:30 +0000 (01:13 +0000)]
ramips: add support for Amped Wireless B1200EX
This device is almost identical to the already supported Edimax
EW-7476RP5, the only differences are:
- There is no mode selection slider switch on this device
- The two wireless LEDs are green instead of blue
- Model name in the CSYS header is RN10
Additional changes:
- Moved WiFi LEDs and the slider switch to the individual dt files
- Added ieee80211-freq-limit to the mt7612e radio to properly disable
2.4GHz band on this radio
Device specifications:
SoC: MediaTek MT7620a @ 580MHz
RAM: 64M (Winbond W9751G6KB-25)
FLASH: 8MB (Macronix)
WiFi: SoC-integrated: MediaTek MT7620a bgn
WiFi: MediaTek MT7612EN nac
GbE: 1x (RTL8211E)
BTN: WPS/RESET
LED: - WiFi 5G (green)
- WiFi 2.4G (green)
- Signal Strength (green)
- Power (green)
- WPS (green)
- LAN (green)
UART: UART is present as Pads with throughholes on the PCB. They are
located next to the WPS button
3.3V - RX - GND - TX / 57600-8N1
3.3V is the square pad
Installation:
Upload the sysupgrade image via the default web interface
Signed-off-by: Daniel Fuchs <software@sagacioussuricata.com>
Installation
-----------------
1. Remove dots from the OpenWrt factory image filename
2. Login to the router web interface
3. Update firmware using web interface with the OpenWrt factory image
4. If OpenWrt is booted, then no further steps are required. Enjoy!
Otherwise (Stock firmware has booted again) proceed to the next step.
5. Update firmware using web interface with any version of the Stock
firmware
6. Update firmware using web interface with the OpenWrt factory image
Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
Recovery
--------
Use sercomm-recovery tool. Link: https://github.com/danitool/sercomm-recovery
MAC Addresses
-------------
+-----+------------+------------+
| use | address | example |
+-----+------------+------------+
| LAN | label | *:72, *:d2 |
| WAN | label + 11 | *:7d, *:dd |
| 2g | label + 2 | *:74, *:d4 |
| 5g | label + 3 | *:75, *:d5 |
+-----+------------+------------+
The label MAC address was found in Factory 0x21000
Andrew Ammerlaan [Sun, 30 Oct 2022 14:56:14 +0000 (15:56 +0100)]
procd: service: pass all arguments to service
Passing all arguments to /etc/init.d/$service restores the
behaviour of openwrt 21.02. This is relevant for services
such as etherwake which take more then one argument, e.g.:
"service etherwake start <list of devices to wake>"
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Lech Perczak [Thu, 6 Oct 2022 22:56:00 +0000 (00:56 +0200)]
ipq40xx: dts: remove leftover nodes after DSA conversion
Remove ess-psgmii@98000, edma@c080000 and ess-switch@c000000 nodes.
These nodes are not used after the DSA conversion, but were left over
in a few devices added recently.
ZTE MF289F is omitted on purpose, as for it, these nodes will be removed
together with DSA conversion.
Build tested only, as I only have MF286D from those devices.
Reviewed-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Sven Eckelmann [Mon, 24 Oct 2022 16:55:44 +0000 (18:55 +0200)]
ipq40xx: Convert plasmacloud,pa2200 to DSA
* ethernet1:
- physical port label "Ethernet 1"
- its mac address is printed on the device label
* ethernet2:
- physical port label "Ethernet 2"
- can be used to power the device
Both ports are not marked by there role (because the vendor firmware
automatically detects roles) but the "Ethernet 2" port was used in the past
for "WAN" functionality in OpenWrt.
Tested-by: Michaël BILCOT <michael.bilcot@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Tue, 25 Oct 2022 07:12:16 +0000 (09:12 +0200)]
ipq40xx: utilize nvmem-cells for plasmacloud,pa2200
The calibration data and mac addresses on this device are stored in the
0:ART partition. It is therefore possible to move the code to handle them
directly to the devicetree instead of the various scripts.
But the actual relevant information about the partition layout is provided
by the bootloader via bootargs (mtdparts) and not via the devicetree
itself. Instead of using a fixed-partition template, the mtd dynamic
partitions support from the upstream kernel is used.
Reported-by: Robert Marko <robert.marko@sartura.hr> Tested-by: Michaël BILCOT <michael.bilcot@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Mon, 24 Oct 2022 16:55:44 +0000 (18:55 +0200)]
ipq40xx: Convert plasmacloud,pa1200 to DSA
* ethernet1:
- physical port label "Ethernet 1"
- its mac address is printed on the device label
* ethernet2:
- physical port label "Ethernet 2"
- can be used to power the device
Both ports are not marked by there role (because the vendor firmware
automatically detects roles) but the "Ethernet 2" port was used in the past
for "WAN" functionality in OpenWrt.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Tue, 25 Oct 2022 07:12:16 +0000 (09:12 +0200)]
ipq40xx: utilize nvmem-cells for plasmacloud,pa1200
The calibration data and mac addresses on this device are stored in the
0:ART partition. It is therefore possible to move the code to handle them
directly to the devicetree instead of the various scripts.
But the actual relevant information about the partition layout is provided
by the bootloader via bootargs (mtdparts) and not via the devicetree
itself. Instead of using a fixed-partition template, the mtd dynamic
partitions support from the upstream kernel is used.
Reported-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Sven Eckelmann <sven@narfation.org>
projects / thirdparty / openwrt.git / log
