6. Encode the configuration. For example, using cfgtool.py tool:
cfgtool.py -p configurationBackup.xml
7. Upload the changed configuration (configurationBackup_changed.cfg) to
the router
8. Login to the router web interface (superadmin:xxxxxxxxxx, where
xxxxxxxxxx is a new password from the p.5)
9. Enable SSH access to the router (Settings -> Access control -> SSH)
10. Connect to the router using SSH shell using superadmin account
11. Run in SSH shell:
sh
12. Make a mtd backup (optional, see related section)
13. Change bootflag to Sercomm1 and reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
reboot
14. Login to the router web interface under admin account
15. Remove dots from the OpenWrt factory image filename
16. Update firmware via web using OpenWrt factory image
Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
mtd backup
----------
1. Set up a tftp server (e.g. tftpd64 for windows)
2. Connect to a router using SSH shell and run the following commands:
cd /tmp
for i in 0 1 2 3 4 5 6 7 8 9; do nanddump -f mtd$i /dev/mtd$i; \
tftp -l mtd$i -p 192.168.0.2; md5sum mtd$i >> mtd.md5; rm mtd$i; done
tftp -l mtd.md5 -p 192.168.0.2
MAC Addresses
-------------
+-----+------------+---------+
| use | address | example |
+-----+------------+---------+
| LAN | label | f4:*:66 |
| WAN | label + 11 | f4:*:71 |
| 2g | label + 2 | f4:*:68 |
| 5g | label + 3 | f4:*:69 |
+-----+------------+---------+
The label MAC address was found in Factory, 0x21000
Robert Senderek [Sun, 10 Dec 2023 12:49:10 +0000 (13:49 +0100)]
mediatek: enable mt7981-wo-firmware package by default
Add support for wireless offload package in default configuration for
-Cudy WR3000
-Confiabits MT7981
For some reason those ware missing. I confirm this work for my Cudy WR3000
Felix Fietkau [Wed, 3 Jan 2024 14:13:32 +0000 (15:13 +0100)]
mac80211: fix a race condition related to enabling fast-xmit
fast-xmit must only be enabled after the sta has been uploaded to the driver,
otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls
to the driver, leading to potential crashes because of uninitialized drv_priv
data.
Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.
Felix Fietkau [Thu, 4 Jan 2024 12:46:34 +0000 (13:46 +0100)]
netifd: update to Git openwrt-23.05 (2024-01-04)
c739dee0a37b system-linux: refresh MAC address on DSA port conduit change 8587c074f1eb interface-ip: fix IPv4 route target masking 33d6c261aacb system-linux: fix bogus debug error messages on adding bridge members 0832e8f04778 wireless: add bridge_isolate option 5ca7a9058e98 bridge: fix reload on bridge vlan changes be4ffb3b78bc bridge: rework config change pvid handling 923c4370a1d4 system-linux: set master early on apply settings b9442415c785 system-linux: skip refreshing MAC on master change if custom MAC b635a09cdadf system-linux: set pending to 0 on ifindex found or error for if_get_master 2bbe49c36224 device: Log error message if device initialization failed 2703f740a23e Revert "system-linux: set pending to 0 on ifindex found or error for if_get_master" 9cb0cb418303 system-linux: fix race condition in netlink socket error handing c18cc79d5000 device: restore cleared flags on device down
David Bauer [Thu, 28 Dec 2023 22:16:02 +0000 (23:16 +0100)]
dropbear: increase default receive window size
Increasing the receive window size improves throughout on higher-latency
links such as WAN connections. The current default of 24KB caps out at
around 500 KB/s.
Increasing the receive buffer to 256KB increases the throughput to at
least 11 MB/s.
Daniel Golle [Mon, 18 Dec 2023 21:22:12 +0000 (21:22 +0000)]
mvebu: fix RTC of IEI-World Puzzle M90x devices
The Puzzle devices come with an I2C-connected Epson RX8130 RTC.
Disable the (dysfunctional) RTC units of the SoC and add driver
kmod-rtc-ds1307 to support the Epson RX8130 instead.
Tested-by: Thomas Huehn <thomas.huehn@hs-nordhausen.de> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6d546b3b4cdae3ffcdad71fb6cc414f3a39bc09e)
MAC addresses in stock firmware and in this commit:
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| WAN | 00:0c:43:xx:xx:e1 | label+1 |
| LAN | 00:0c:43:xx:xx:e0 | label |
| WLAN 2g | 00:0c:43:xx:xx:e0 | label |
| WLAN 5g | 02:0c:43:xx:xx:e0 | |
+---------+-------------------+-----------+
The label MAC was found in 'Factory', 0x4
Installation:
The stock firmware is OpenWrt-based. If you can reach LuCI or SSH, just use the sysupgrade image
with the 'Keep settings' option turned off.
Adds the 2 required firmware files for MT7922 chips.
Signed-off-by: Daniel Danzberger <dd@embedd.com>
(cherry picked from commit 9eecf4905375777e2048177dbe4d83fee5da9ee1) Signed-off-by: Anya Lin <hukk1996@gmail.com>
Pawel Dembicki [Fri, 8 Dec 2023 08:32:41 +0000 (09:32 +0100)]
kirkwood: fix Ctera C200 V1 ubi part name
In 749237967a12 downstream dts was replaced with upstream accepted
patch. But in upstream version last partition was called "rootfs"
instead "ubi". OpenWrt require "ubi" label for ubi rootfs.
This patch restore proper label.
Fixes: 749237967a12 ("kirkwood: Replace dtses with upstream accepted") Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit 9075cfd609e905bc7162574a24a7fb457e65a374)
Dirk Buchwalder [Fri, 24 Nov 2023 14:56:39 +0000 (15:56 +0100)]
ipq807x: fix edgecore EAP102 lan/wan
We have a report in the forum, that lan/wan is non-functional
on the EAP102 (https://forum.openwrt.org/t/edgecore-eap102/178449)
Fixing that by swapping label and phy-handle of the dp-nodes and
updating the lan/wan bmp.
Note: the original commiter of the device support seems absent for a
long time in the forum and on the OpenWrt github group.
Tested-by: Antonio Della Selva <antonio.dellaselva@uniurb.it> Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de> Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9b598ec8d5585ca81cd472ca1d1b4f93d18dc3d5)
[ fix conflicts errors ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Rafał Miłecki [Mon, 20 Nov 2023 10:46:26 +0000 (11:46 +0100)]
mediatek: filogic: add Acelink EW-7886CAX support
Acelink EW-7886CAX is an MT7986A (AKA Filogic 830) based access point.
It has 512 MiB of RAM, one 2.5 Gbps PoE (802.3at) Ethernet port and
on-SoC Wi-Fi. There is no printed MAC label (on my unit).
My unit came with Mediatek's firmware (based on OpenWrt 21.02)
installed. It was possible to simply upgrade using OpenWrt's sysupgrade
tool.
Another verified upgrade method is using U-Boot (requires UART). During
every boot there is "U-Boot Boot Menu". Selecting option "2. Upgrade
firmware" allows using U-Boot's tftp client to load and flash factory
image.
Rani Hod [Wed, 22 Nov 2023 17:38:06 +0000 (19:38 +0200)]
mediatek: fiilogic: device tree `switch@1f` fix
Quite a few `fiilogic` devices use the `mt7531` switch.
Some of them have a DT node that looks like:
```
switch: switch@0 {
compatible = "mediatek,mt7531";
reg = <31>;
...
};
```
This commit changes the DT node name to `switch@1f`.
Chen Minqiang [Fri, 25 Aug 2023 22:38:18 +0000 (06:38 +0800)]
mediatek: fix the name of buswidth to bus-width
Fix the issue of dts buswidth cannot be applied properly with spi driver.
Fix the name of buswidth to bus-width in dts in order to fit the format
in linux spi kernel[1] so that spi-tx-bus-width & spi-rx-bus-width can be
parsed properly.
Daniel Golle [Sat, 9 Dec 2023 12:39:53 +0000 (13:39 +0100)]
mediatek: add support for Zbtlink ZBT-Z8102AX
Specifications:
SoC: MediaTek MT7981B
RAM: 1024MiB
Flash: SPI-NAND 128 MiB
Switch: 1 WAN, 4 LAN (Gigabit)
USB: two M.2 slots for 5G modems via USB 3.0 hub, external USB 3.0 port
Buttons: Reset, Mesh
Power: DC 12V 1A
WiFi: MT7976CN
UART: 115200n8
UART Layout:
VCC-RX-TX-GND
Installation:
A. Through OpenWrt Dashboard:
If your router comes with OpenWrt preinstalled (modified by the seller),
you can easily upgrade by going to the dashboard (192.168.1.1) and then
navigate to System -> Backup/Flash firmware, then flash the firmware
B. Through TFTP
Standard installation via UART:
1. Connect USB Serial Adapter to the UART, (NOTE: Don't connect the VCC pin).
2. Power on the router. Make sure that you can access your router via UART.
3. Restart the router then repeatedly press ctrl + c to skip default boot.
4. Type > bootmenu
5. Press '2' to select upgrade firmware
6. Press 'Y' on 'Run image after upgrading?'
7. Press '0' and hit 'enter' to select TFTP client (default)
8. Fill the U-Boot's IP address and TFTP server's IP address.
9. Finally, enter the 'firmware' filename.
Based on patch adding support for similar Zbtlink ZBT-Z8103AX device by
Ian Ishmael C. Oderon.
Flash instructions:
1. Connect to your PC via the Gigabit port of the router,
set a static ip on the ethernet interface of your PC.
(ip 192.168.1.254, gateway 192.168.1.1)
2. Attach UART, pause at u-boot menu.
3. Select "Upgrade ATF BL2", then use preloader.bin
4. Select "Upgrade ATF FIP", then use bl31-uboot.fip
5. Download the initramfs image, and type "reset",
waiting for tftp recovery to complete.
6. After openwrt boots up, perform sysupgrade.
Note:
1. Since NMBM is disabled, we must back up all partitions.
2. Although we can upgrade new firmware in the stock firmware,
we need the special fit image signature of MediaTek and
dual boot (hack kernel) to make u-boot boot it. So just
abandon these hacks and flash it via the serial port.
Download the OpenWrt initramfs image. Copy the image to a TFTP server
reachable at 192.168.1.70/24. Rename the image to TUF-AX6000.bin.
Connect to the serial console, interrupt the auto boot process by
pressing '4' when prompted or press '1' and set client IP, server
IP and name of the image.
yOU don't need to open the case or even soldering anything.
use three goldpin wires, remove their plastic cover and connect
them to the console pinout via the case holes.
You can see three holes
From Bottom: RX, TX, Ground - partially covered
Download & Boot the OpenWrt initramfs image.
In case of option '4'
$ setenv ipaddr 192.168.1.1
$ setenv serverip 192.168.1.70
$ tftpboot 0x46000000 TUF-AX6000.bin
$ bootm 0x46000000
In case of option '1'
1: Load System code to SDRAM via TFTP.
Please Input new ones /or Ctrl-C to discard
Input device IP (192.168.1.1) ==:
Input server IP (192.168.1.70) ==:
Input Linux Kernel filename (TUF-AX6000.trx) ==:
Wait for OpenWrt to boot. Transfer the sysupgrade
image to the device using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Missing features
================
2.5Gb LAN port LED is ON during boot or when the LAN cable is disconnected
The cover yellow light is not supported. (only blue one)
Commit mt76: drop default eeprom file for mt7986-firmware
(e3aa645b267ca4f08773b5366583e9b0020fc3e9) breaks eeprom loading for
Mercusys MR90X v1. As a result WiFi is not working at all.
This commit adds Mercusus MR90x to the caldata script (it works after the
commit mentioned above). And we can safely drop "81_fix_eeprom" script
as it's no longer required.
Fixes: 5a0bdab24c0f ("mt76: drop default eeprom file for mt7986-firmware") Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit 85b0d7592c454f2e4e02be043a1e433c67df4e41)
[rmilecki: fix commit hash in Fixes] Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Chukun Pan [Thu, 4 May 2023 15:10:03 +0000 (23:10 +0800)]
mt76: drop default eeprom file for mt7986-firmware
The mt76 driver usually reads the eeprom on the mtd partition at dts.
For emmc device we need to use caldata_extract script to read the
eeprom. However, the default eeprom file breaks the caldata script
execution, so remove it.
If you want to use u-boot from OpenWrt, you can upgrade it safely.
* bl2: openwrt-mediatek-filogic-glinet_gl-mt6000-preloader.bin
* fip: openwrt-mediatek-filogic-glinet_gl-mt6000-bl31-uboot.fip
`openwrt-mediatek-filogic-glinet_gl-mt6000-squashfs-factory.bin` is used in OpenWrt's u-boot.
Elbert Mai [Sun, 17 Sep 2023 14:59:48 +0000 (07:59 -0700)]
mediatek: filogic: add support for Ubiquiti UniFi 6 Plus (U6+)
Ubiquiti U6+ is a dual-band WiFi 6 PoE access point.
It is a drop-in upgrade of the U6 lite.
Specifications
---
- SoC: MediaTek MT7981A dual-core ARM Cortex-A53 1.3 GHz
- RAM: 256 MB DDR3-2133 RAM
- Flash: 16 MB SPI NOR and 4 GB eMMC
- LAN: 1x Gigabit Ethernet with 802.3af/at support
- WLAN: MediaTek MT7976C 2x2 MIMO dual-band WiFi 6
- LEDs: 1x blue and 1x white
- Buttons: 1x reset button
Installation
---
1. Power device using a PoE injector or switch
2. Connect via Ethernet to the device with static IP 192.168.1.2
3. SSH into the device with password: ubnt
1. Rename `openwrt-mediatek-filogic-cetron_ct3003-squashfs-factory.bin` to `factory.bin`.
2. Upload the `factory.bin` using the device's Web interface.
3. Click the upgrade button and wait for the process to finish.
4. Access the OpenWrt interface using the same password.
5. Use the 'Restore' function to reset the firmware to its initial state.
**Notes:**
If you plan to recovery the stock firmware in the future, it's advisable
to connect the device via the serial port and enter failsafe mode to
back up all the MTD partitions before proceeding the steps above.
Bjørn Mork [Tue, 28 Mar 2023 13:04:21 +0000 (15:04 +0200)]
filogic: support Telenor branded ZyXEL EX5700
Telenor quirks
--------------
The operator specific firmware running on the Telenor branded
ZyXEL EX5700 includes U-Boot modifications affecting the OpenWrt
installation.
Notable changes to U-Boot include
- environment is stored in RAM and reset to defaults when power
cycled
- dual partition scheme with "nomimal" or "rescue" systems, falling
back to "rescue" unless the OS signals success in 3 attempts
- several runtime additions to the device-tree
Some of these modifications have side effects requiring workarounds
- U-Boot modifies /chosen/bootargs in an unsafe manner, and will crash
unless this node exists
- U-Boot verifies that the selected rootfs UBI volume exists, and
refuses to boot if it doesn't. The chosen "rootfs" volume must contain
a squashfs signature even for tftp or initramfs booting.
- U-Boot parses the "factoryparams" UBI volume, setting the "ethaddr"
variable to the label mac. But "factoryparams" does not always
exist. Instead there is a "RIP" volume containing all the factory
data. Copying the "RIP" volume to "factoryparams" will fix this
Installation
------------
1. Download the OpenWrt initramfs image. Copy the image to a TFTP server
reachable at 192.168.1.2/24. Rename the image to C0A80101.img.
2. Connect the TFTP server to lan1, lan2 or lan3. Connect to the serial
console, Interrupt the autoboot process by pressing ESC when prompted.
3. Download and boot the OpenWrt initramfs image.
$ env set uboot_bootcount 0
$ env set firmware nominal
$ tftpboot
$ bootm
4. Wait for OpenWrt to boot. Transfer the sysupgrade image to the device
using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Missing features
----------------
- The "lan1", "lan2" and "lan3" port LEDs are driven by the switch but
OpenWrt does not correctly configure the output.
- The "lan4" and "wan" port LEDs are driven by the GPH211C phys and
not configured by OpenWrt.
Shiji Yang [Tue, 31 Oct 2023 10:47:49 +0000 (18:47 +0800)]
base-files: support parse DT LED color and function
The 'label' property in led node has been deprecated and we'd better
to avoid using it. This patch allows us to extract DT OF LED name
from the newly introduced LED properties "color", "function" and
"function-enumerator".
David Bauer [Mon, 4 Dec 2023 12:54:56 +0000 (13:54 +0100)]
mpc85xx: allow mapping of cpu1 spin-table page
The no-map property was incorrectly added, which kept the system-memory
available on the WS-AP3825 limited to 190MB. We are allowed to map the
page containing the CPU1 spin-table, we are just not allowed to write to
it.
Fixes: 57d7382cb159 ("mpc85xx: increase available RAM on Extreme Networks WS-AP3825i") Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d9271aa5b7ddcef20ebe64d1d80c8ddcd6cd7fb7)
Rafał Miłecki [Tue, 21 Nov 2023 15:30:22 +0000 (16:30 +0100)]
firmware-utils: update to Git HEAD (2023-11-21)
1d42292d8063 tplink-safeloader: Add TP-Link Archer A6 V3.20 3338f5389d72 tplink-safeloader: add TL-WPA8635P v3 17ca5eeb1c10 tplink-safeloader: add TL-WPA8631P v4 f730ad2fa0b4 bcmblob: new tool for reading Broadcom's BLOBs cb1ddac98124 firmware-utils: fix typo in error message when no OpenSSL library found 916633160dc9 bcmclm: new tool for reading Broadcom's CLM data a2d49fb1e188 tplink-safeloader: add RU support-list entry for Archer C6U v1 bb12cf5c3fa9 tplink-safeloader: Add support for TP-Link Deco M5 The special_id values are the same for EU and Asian models, and they apply to all models: v1, v2, and v3. They are not sorted as they are currently in the same order as extracted from the official firmware image. 9e2de8515be1 tplink-safeloader: add EAP610 v3 and EAP613 v1 a170683c0e11 firmware-utils: fix use of NULL string progname 89875fc18b57 tplink-safeloader: CPE510: add Canadian support 9e211d2980fe mktplinkfw2: add support to extract bootloader images c18f662f3c74 mktplinkfw2: add support to pack bootloader 3dc133915f87 mktplinkfw2: show exact exceed bytes when the image is to big d16ff798d58a tplink-safeloader: WPA8631: add v4 AU, US 0fa1cc51013f zytrx: add LTE5398-M904 635466123429 firmware-utils: ptgen: add SiFive GPT partition support ba5bc4e1ae9d add dlink-sge-image for D-Link devices by SGE 3b114de29cf7 lxlfw: move code opening LXL to helper function 8e149e480391 lxlfw: move code copying data to helper function 16fa89076122 lxlfw: fix struct lxl_hdr attribute d770cab82e58 lxlfw: support embedding blobs eaf2ea28dbe6 lxlfw: support extracting image 12bf1a99bd6e lxlfw: support certificate & signature blobs
Mikhail Zhilkin [Sun, 12 Nov 2023 07:58:26 +0000 (07:58 +0000)]
ramips: add support for Sercomm CPJ routers
This commit adds support for following wireless routers:
- Rostelecom RT-FL-1 (Serсomm RT-FL-1)
- Rostelecom S1010 (Serсomm S1010.RT)
The devices are almost identical and the only difference is one bit in the
factory image PID (thanks to Maximilian Weinmann <x1@disroot.org>
(@MaxS0niX) for the info and idea to make one PR for two devices at once).
Devices specification
---------------------
SoC: MediaTek MT7620A, MIPS
RAM: 64 MB
Flash: 16 MB SPI NOR
Wireless 2.4: MT7620 (b/g/n, 2x2)
Wireless 5: MT7612EN (a/n/ac, 2x2)
Ethernet: 5xFE (WAN, LAN1-4)
BootLoader: U-Boot
Buttons: 2 (wps, reset)
LEDs: 1 amber and 1 green status GPIO leds
5 green ethernet GPIO leds
1 green GPIO 2.4 GHz WLAN led
1 green PHY 5 GHz WLAN led
1 green unmanaged power led
USB ports: No
Power: 12 VDC, 1 A
Connector: Barrel
OEM easy installation
---------------------
1. Remove all dots from the factory image filename (except the dot
before file extension)
2. Upload and update the firmware via the original web interface
3. Wait until green status led stops blinking (can take several minutes)
4. Login to OpenWrt initramsfs. It's recommended to make a backup of the
mtd partitions at this point.
4. Perform sysupgrade using the following command (or use Luci):
sysupgrade -n sysupgrade.bin
5. Wait until green status les stops blinking (can take several minutes)
6. Mission acomplished
Return to Stock
---------------
Option 1. Restore firmware Slot1 from a backup (firmware2.bin):
cd /tmp
mtd -e Firmware2 write firmware2.bin Firmware2
printf 1 | dd bs=1 seek=$((0x18007)) count=1 of=/dev/mtdblock2
reboot
Option 2. Decrypt, ungzip and split stock firmware image into the parts,
take Slot1 parts (kernel2.bin, rootfs2.bin) and write them:
cd /tmp
mtd -e Kernel2 write kernel2.bin Kernel2
mtd -e RootFS2 write rootfs2.bin RootFS2
printf 1 | dd bs=1 seek=$((0x18007)) count=1 of=/dev/mtdblock2
reboot
More about stock firmware decryption: Link: https://github.com/Psychotropos/sercomm_fwutils/
Debricking
----------
Use sercomm-recovery tool. You can use "ALL" mtd partition backup as a
recovery image. Link: https://github.com/danitool/sercomm-recovery
MAC addresses
-------------
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| label | 48:3e:xx:xx:xx:1e | label |
| LAN | 48:3e:xx:xx:xx:1e | label |
| WAN | 48:3e:xx:xx:xx:28 | label+10 |
| WLAN 2g | 48:3e:xx:xx:xx:20 | label+2 |
| WLAN 5g | 48:3e:xx:xx:xx:24 | label+6 |
+---------+-------------------+-----------+
Mikhail Zhilkin [Sun, 12 Nov 2023 07:52:45 +0000 (07:52 +0000)]
ramips: sercomm.mk: make common recipe to set a bit in pid
This commit makes a common recipe to set bit in Sercomm factory pid since
this is necessary for several devices (WiFire S1500.nbn, Rostelecom
RT-FL-1) at different offsets.
Mikhail Zhilkin [Sun, 12 Nov 2023 07:46:11 +0000 (07:46 +0000)]
scripts: sercomm-pid.py: use uppercase hwid in pid
Sercomm uses uppercase for hexadecimal representation of the device
hardware IDs in factory image PID. This commit brings the sercomm-pid.py
script into compliance with the original Sercomm algorithm.
Signed-off-by: John Audia <therealgraysky@proton.me>
[Refresh on top of OpenWrt 23.05] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit df167450a5094034bf4c5ad6fbfce502b09662bb)
Rafał Miłecki [Mon, 22 May 2023 08:31:33 +0000 (10:31 +0200)]
firmware-utils: new package replacing otrx
Some of firmware utils may be required on target devices. It's useful
e.g. for dealing with some firmware formats. That is often required
(supporting specific format) to provide an option to revert to original
firmware.
So far we had packaged "otrx" util only for use on Broadcom targets.
Refactor that to package the whole firmware-utils project so we can
package any single util needed.
Signed-off-by: John Audia <therealgraysky@proton.me>
[Refreshed on top of OpenWrt 23.05] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 573c8c3d78cdf494156f763c7182c0f16a8d7263)
Jo-Philipp Wich [Tue, 14 Nov 2023 13:38:11 +0000 (14:38 +0100)]
netifd: fix IPv4 route target masking
A previous commit supposed to mask out excess host bits in route targets
failed to correctly calculate the mask value, causing it to produce
improper results for certain mask lengths.
Installing OpenWrt:
- sysupgrade image is compatible with vendor firmware.
Recovery:
- Connect to any of the Ethernet ports, configure local IP:
10.10.10.3/24 (or 192.168.10.19/24, depending on OEM)
- Provide firmware file named 'mt7621.img' on TFTP server.
- Hold down both, RESET and WPS, then power on the board.
- Watch network traffic using tcpdump or wireshark in realtime to
observe progress of device requesting firmware. Once download has
completed, release both buttons and wait until firmware comes up.
ramips: cf-ew72-v2: Add support for COMFAST CF-EW72 V2
Add support for COMFAST CF-EW72 V2
Hardware:
- SoC: Mediatek MT7621 (MT7621DAT or MT7621AT)
- Flash: 16 MiB NOR
- RAM: 128 MiB
- Ethernet: Built-in, 2 x 1GbE
- Power: only 802.3af PD on any port, injector supplied in the box
- PoE passthrough: No
- Wifi 2.4GHz: Mediatek MT7603BE 802.11b/g/b
- Wifi 5GHz: Mediatek MT7613BEN 802.11ac/n/a
- LEDs: 8x (only 1 is both visible and controllable, see below)
- Buttons: 1x (RESET)
Installing OpenWrt:
Flashing is done using Mediatek U-Boot System Recovery Mode
- make wired connection with 2 cables like this:
- - PC (LAN) <-> PoE Injector (LAN)
- - PoE Injector (POE) <-> CF-EW72 V2 (LAN). Leave unconnected to CF-EW72 V2 yet.
- configure 192.168.1.(2-254)/24 static ip address on your PC LAN
- press and keep pressed RESET button on device
- power the device by plugging PoE Injector (POE) <-> CF-EW72 V2 (LAN) cable
- wait for about 10 seconds until wifi led stops blinking and release RESET button
- navigate from your PC to http://192.168.1.1 and upload OpenWrt *-factory.bin firmware file
- proceed until router starts blinking with wifi led again (flashing) and stops (rebooting to OpenWrt)
MAC addresses as verified by OEM firmware:
vendor OpenWrt address
LAN lan\eth0 label
WAN wan label + 1
2g phy0 label + 2
5g phy1 label + 3
The label MAC address was found in 0xe000.
LEDs detailed:
The only both visible and controllable indicator is blue:wlan LED.
It is not bound by default to indicate activity of any wireless interfaces.
Place (WAN->ANT) | Num | GPIO | LED name (LuCI) | Note
-----------------|-----|-----------------------------------------------------------------------------------------
power | 1 | | | POWER LED. Not controlled with GPIO.
hidden_led_2 | 2 | 13 | blue:hidden_led_2 | This LED does not have proper hole in shell.
wan | 3 | | | WAN LED. Not controlled with GPIO.
hidden_led_4 | 4 | 16 | blue:hidden_led_4 | This LED does not have proper hole in shell.
lan | 5 | | | LAN LED. Not controlled with GPIO.
noconn_led_6 | 6 | | | Not controlled with GPIO, possibly not connected
wlan | 7 | 15 | blue:wlan | WLAN LED. Wireless indicator.
noconn_led_8 | 8 | | | Not controlled with GPIO, possibly not connected
mt76-phy0 and mt76-phy1 leds also exist in OpenWrt, but do not exist on board.
Wireless: MT7915E (2.4G) 802.11ax/b/g/n MT7915E (5G) 802.11ac/ax/n
Ethernet: 2 x 1Gbs
Button: 1 x "Reset" button
LED: 1x Blue LED + 1x Red LED + 1x green LED
Power: PoE
First install:
1. Set device into http firmware fail safe upload mode by pressing the reset button for 10 seconds while powering
it on. Once the LED stops flashing, safe mode will be running.
2. Set PC IP address to 192.168.1.2
3. Browse to 192.168.1.1 and upload the factory image using the web interface.
scripts/getver.sh: prevent asking for negative rev-parse
With the case of asking an invalid version that is too big, getver.sh
might return an invalid output in the form of HEAD~-2260475641.
This is caused by BASE_REV - GET_REV using a negative number.
Prevent this by checking if BASE_REV - GET_REV actually return 0 or a
positive number and set REV variable accordingly. With the following
change, invalid revision number will result in unknown printed instead
of the invalid HEAD~-NUMBERS output.
Felix Fietkau [Fri, 10 Nov 2023 14:37:32 +0000 (15:37 +0100)]
netifd: update to the latest version
eee02ccca8c8 device: add support to configure eee bb28f6a291d9 wireless: fix sign comparison warning 35facc8306f5 wireless: fix premature removal of hotplug devices due to down state
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported 5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static 2dc7f450f3a2 system-linux: add option to configure DSA conduit device 838f815db5ef system-linux: add support for configurable GRO option
hostapd: permit 40MHz in 802.1s only also for 2.4GHz g/n with noscan
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.
This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.
Hauke Mehrtens [Mon, 6 Nov 2023 23:33:38 +0000 (00:33 +0100)]
px5g-wolfssl: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r-- 1 root root 749 Nov 6 23:14 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 23:14 /etc/uhttpd.key
Hauke Mehrtens [Sun, 5 Nov 2023 22:05:24 +0000 (23:05 +0100)]
px5g-mbedtls: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r-- 1 root root 519 Nov 6 22:58 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 22:58 /etc/uhttpd.key
Felix Fietkau [Tue, 7 Nov 2023 12:36:39 +0000 (13:36 +0100)]
netifd: update to the latest version
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call b6e75eafc1af device: send notifications for device events via ubus cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled 827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false 40ed7363caf2 device: fix build error on 32 bit systems 516ab774cc16 system-linux: fix race condition on bringing up wireless devices
Gain SSH access:
1. Login into web interface, and download the configuration.
2. Enter fakeroot, decompress the configuration:
tar -zxf cfg_export_config_file.conf
3. Edit 'etc/config/dropbear', set 'enable' to '1'.
4. Edit 'etc/shadow', update (remove) root password:
'root::19523:0:99999:7:::'
5. Repack 'etc' directory:
tar -zcf cfg_export_config_file.conf etc/
* If you find an error about 'etc/wireless/mediatek/DBDC_card0.dat',
just ignore it.
6. Upload new configuration via web interface, now you can SSH to RAX3000M.
Check stroage type:
Check the label on the back of the device:
"CH EC CMIIT ID: xxxx" is eMMC version
"CH CMIIT ID: xxxx" is NAND version
eMMC Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'factory' part.
('data' partition can be ignored, it's useless.)
2. Write new GPT table:
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync
3. Erase and write new BL2:
echo 0 > /sys/block/mmcblk0boot0/force_ro
dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync
4. Erase and write new FIP:
dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync
5. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
9. Additionally, if you want to have eMMC recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
dd if=openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync
NAND Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'Factory' part.
2. Erase and write new BL2:
mtd erase BL2
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin BL2
3. Erase and write new FIP:
mtd erase FIP
mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip FIP
4. Set static IP on your PC:
IP 192.168.1.254, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, erase UBI volumes:
ubidetach -p /dev/mtd0
ubiformat -y /dev/mtd0
ubiattach -p /dev/mtd0
8. Create new ubootenv volumes:
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Additionally, if you want to have NAND recovery boot feature:
(Don't worry! You will always have TFTP recovery boot feature.)
ubimkvol /dev/ubi0 -n 2 -N recovery -s 20MiB
ubiupdatevol /dev/ubi0_2 openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb
10. Perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 423186d7d8b4f23aee91fca4f1774a195eba00d8)
[rebased to 23.05] Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Hauke Mehrtens [Sun, 5 Nov 2023 22:05:24 +0000 (23:05 +0100)]
mbedtls: Activate secp521r1 curve by default
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110
This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk
Some packages (like wavemon >= 0.9.4) depend on libnl-cli. Add support
for this part of the lib. libnl-cli itself depends on libnl-genl and
libnl-nf. On MIPS, this component adds 81kB.
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(punctuation correction and reorganisation of commit message) Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 4bdd1c1a135b5c816a01055f3cc9fc158bbc840a)
Nicolò Veronese [Mon, 2 Oct 2023 20:17:09 +0000 (22:17 +0200)]
uboot-mediatek: fix global pll clock override on mtk_spim
With patch 101-03-spi-mtk_spim-get-spi-clk-rate-only-once.patch
a new system to calculate the SPI clocks has been added.
Unfortunately, the do_div macro overrides the global
priv->pll_clk_rate field. This will cause to have a reduced
clock rate on each subsequent SPI call.
Petr Štetiar [Thu, 19 Oct 2023 04:09:25 +0000 (04:09 +0000)]
ci: add workflow for automated GitHub release
Implement a GitHub Actions workflow for automated project releases.
The workflow triggers on Git tags, ensuring that a GitHub release is
created whenever a new tag is pushed.
That new release is going to be created in draft and pre-release mode
and needs to be manually promoted to the proper release, once its
decided, that its good enough and prepared.
This is a start of a streamlined and consistent release process for
GitHub, reducing manual intervention.
Acked-by: Christian Marangi <ansuelsmth@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 280d9dd75874ef4c4e2407366eda987cda8efd25)
Petr Štetiar [Fri, 27 Oct 2023 07:37:52 +0000 (07:37 +0000)]
hostapd: fix broken WPS on broadcom-wl and ath11k
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.
The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.
Petr Štetiar [Tue, 24 Oct 2023 08:27:13 +0000 (08:27 +0000)]
build: add CycloneDX SBOM JSON support
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Petr Štetiar [Thu, 26 Oct 2023 16:11:47 +0000 (16:11 +0000)]
package-dumpinfo,metadata: add ABI version information to package index
There is no standard for ABI versioning, so its not possible to find out
from `libext2fs2`, `libiwinfo20230701` or `libss2` package names if
thats just package name or package name with ABI version included. To
help with the decision, lets make ABI version aviable in package index.
projects / thirdparty / openwrt.git / log
