Goetz Goerisch [Sat, 24 Aug 2024 12:07:23 +0000 (14:07 +0200)]
CI: update actions/labeler to v5
* Version 5 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.
Goetz Goerisch [Fri, 7 Jun 2024 12:42:32 +0000 (14:42 +0200)]
treewide: rename ZyXEL to Zyxel
The company Zyxel rebranded some years ago.
Currently the casing is according to the old branding even
for newer devices which already use the new branding.
This commit aligns the casing of Zyxel everywhere.
Mark Mentovai [Fri, 28 Jun 2024 17:14:59 +0000 (13:14 -0400)]
armsr: use console=tty1 to make console more readily available
Like x86, armsr is frequently virtualized, and is used for development
and debugging. Kernel messages should be more readily apparent by
default. This can be achieved by adding console=tty1 to the kernel
command line, enabling the console on a (possibly virtual) display and
keyboard, in addition to a serial port.
This also enables failsafe on tty1. Failsafe mode operates on consoles
known by the kernel, without regard to /etc/inittab.
armsr's /etc/inittab is also updated to specify tty1 instead of tty0.
tty1 is technically more correct: tty1 is the first virtual console,
where tty0 reflects the current active virtual console (which is likely
to be tty1).
This configuration matches x86, which is another target commonly used
for virtualization, development, and debugging in the same way. x86's
kernel command line had specified console=tty0, although console=tty1 is
more correct for the reasons given above. This also brings x86's kernel
command line console= into agreement with its /etc/inittab, which
already used tty1.
Forward client mac address and subnet on dns queries. Pi-hole and Adguard use this feature to send the originators ip address/subnet so it can be logged and not just the nat address of the router. This feature has been added since version 2.56 of dnsmasq and would be nice to expose this feature in openwrt.
Flash instructions:
* Assign static IP 192.168.1.100 to PC
* Unplug the power source
* Press the RESET button at the router, don't release it yet!
* Plug the power source. Wait for some seconds
* Release the RESET button
* Browse to http://192.168.1.1
* Upload the openwrt-bmips-bcm6318-tp-link_td-w8968-v3-squashfs-cfe.bin file
* Wait some minutes until the firmware upgrade finish.
xiaobo tian [Wed, 21 Aug 2024 06:40:27 +0000 (14:40 +0800)]
rockchip: add support for nanopc t6
SoC: Rockchip RK3588
CPU: Quad-core ARM Cortex-A76(up to 2.4GHz) and quad-core Cortex-A55 CPU (up to 1.8GHz)
GPU: Mali-G610 MP4, compatible with OpenGLES 1.1, 2.0, and 3.2, OpenCL up to 2.2 and Vulkan1.2
VPU: 8K@60fps H.265 and VP9 decoder, 8K@30fps H.264 decoder, 4K@60fps AV1 decoder, 8K@30fps H.264 and H.265 encoder
NPU: 6TOPs, supports INT4/INT8/INT16/FP16
RAM: 64-bit 4GB/8GB/16GB LPDDR4X at 2133MHz
Flash: 32GB/64GB/256GB eMMC, at HS400 mode
microSD: support up to SDR104 mode
Ethernet: 2x PCIe 2.5G Ethernet
On latest Intel x86 CPUs, DMC firmware is required for the iGPU to reach
its lowest power states. If the driver cannot load it, it will print a
warning and unnecessarily make the iGPU draw a bit more power when idle.
GUC firmware (various "offload" mechanisms that deal with scheduling GPU
workloads) and HUC firmware (required for accelerated media codec
operations for HEVC/H.265) are probably more niche, but could also
provde useful for some - for example, when building an
Intel/OpenWrt-based security camera.
ath79: update Sophos AP15 to indicate that it uses an QCA9557 SoC
Device support for Sophos AP15 is based on Sophos AP55(C) and AP100(C).
Those other Sophos access points uss a QCA9558 SoC (some of them with
one of the three chains on the built-in SoC's wifi disabled) while the
AP15 uses a QCA9557 SoC (which only has two chains enabled in the
package or silicon).
This is mostly cosmetic since QCA9558 and QCA9557 are virtually
identical and all differences are automatically detected and/or managed
by the ART calibration.
Robert Marko [Thu, 22 Aug 2024 09:45:16 +0000 (11:45 +0200)]
generic: 5.15, 6.1: enable CNP support
Ever since CONFIG_ARM64_PAN was enabled Common Not Private (CNP) is now
visible and kernel builds will stop as they are not set in kernel config
for 5.15 and 6.1.
So, lets enable Common Not Private (CNP) which is ARMv8.2 feature and will
be NOP of CPU-s that dont support it.
Fixes: a2662309aae1 ("kernel: Enable CONFIG_ARM64_PAN to restrict kernel access to user space memory") Link: https://github.com/openwrt/openwrt/pull/16211 Signed-off-by: Robert Marko <robimarko@gmail.com>
Daniel Golle [Wed, 21 Aug 2024 23:10:13 +0000 (00:10 +0100)]
kernel: add missing config symbols
Kconfig symbols CONFIG_ARM64_CNP and CONFIG_ARM64_EPAN got exposed
by enabling CONFIG_ARM64_PAN. Enable them as well, as just like for
PAN, also EPAN and CNP will be detected at runtime at no cost.
Fixes: a2662309aa ("kernel: Enable CONFIG_ARM64_PAN to restrict kernel access to user space memory") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Mark Mentovai [Wed, 31 Jul 2024 20:51:01 +0000 (16:51 -0400)]
x86: enable console keyboard
The kernel support necessary to use a console keyboard was not built on
x86, affecting real and virtual machines alike. The console keyboard
would function properly in GRUB, but would not work at all once Linux
booted. It appeared that the console was intended to work because
console video appeared on the display, including prompts to enter
failsafe or select the debug log level from the keyboard, and the prompt
to "Press Enter to activate this console", but there was no way to
provide input to it. All keystrokes were ignored.
This enables several kernel configuration options to enable HID and USB
HID support (CONFIG_HID, CONFIG_HID_SUPPORT, CONFIG_HID_GENERIC, and
CONFIG_USB_HID), making the keyboard functional. For alignment with
armsr, CONFIG_USB_HIDDEV is also added, although not strictly necessary
for keyboard support. Note that this change also causes
CONFIG_HID_HYPERV_MOUSE to be enabled for x86/64 and x86/generic: it was
already set in these subarchitectures' kernel configurations, but was
ineffective due to CONFIG_HID being absent.
The omission of keyboard support on x86 may not have been widely noticed
because USB HID is not used on production OpenWrt x86 machines such as
pc-engines,apu2 which only have a serial console, or with the default
x86 configuration used by scripts/qemustart, which uses -nographic and
does not configure a virtual physical console but instead uses a serial
console.
This configuration change results in, for x86_64, +40kB in kernel.bin
and just over +40kB in gzip-compressed "combined" images. This should
not be a problem for the non-storage-constrained x86 target.
Until 2a86425de107, CONFIG_HID, CONFIG_USB_HID, and CONFIG_USB_HIDDEV
were set in the target-level kernel configuration, and
CONFIG_HID_GENERIC was set at the subtarget level. These are
reintroduced strictly at the subtarget level by request. This applies to
the 64, generic, and legacy subtargets, omitting geode.
Fixes: https://github.com/openwrt/openwrt/issues/16157 Signed-off-by: Mark Mentovai <mark@mentovai.com> Link: https://github.com/openwrt/openwrt/pull/16208 Signed-off-by: Robert Marko <robimarko@gmail.com>
Hauke Mehrtens [Sat, 17 Aug 2024 13:12:31 +0000 (15:12 +0200)]
kernel: Enable CONFIG_ARM64_PAN to restrict kernel access to user space memory
Enable the CONFIG_ARM64_PAN kernel security option, which leverages the
ARMv8.1 Privileged Access Never (PAN) extension to prevent the kernel
from directly accessing user space memory.
Instead, copy_to_user and similar functions must be used for data
transfer between kernel and user space. This feature is automatically
disabled at runtime on CPUs without PAN support, making it a no-op in
those cases.
Hauke Mehrtens [Sat, 17 Aug 2024 12:42:50 +0000 (14:42 +0200)]
kernel: Activate CONFIG_LIST_HARDENED
Activate the kernel option CONFIG_LIST_HARDENED for all targets.
This adds some inline checks to list_add() and list_del() operations
in the kernel. Before kernel 6.6 these checks were only available with
CONFIG_DEBUG_LIST option, but now a light version is available which
should only add very few extra instructions to such operations.
The performance penalty is very low from my point of view. It should
make it much harder to use bugs in Linux kernel list handling when
exploiting the Linux kernel.
Tianling Shen [Mon, 5 Aug 2024 08:51:25 +0000 (16:51 +0800)]
rockchip: add Radxa ROCK 5B support
Hardware
--------
RockChip RK3588 ARM64 (8 cores)
4/8/16/32GB LPDDR4X RAM
2500 Base-T
RGB LED
eMMC Connector
SPI-NOR 16MB
Micro-SD Slot
2x USB 2.0 Port
2x USB 3.0 Port
Headphone Jack
M.2 E-Key
M.2 M-Key
USB PD 5/9/12/15/20V Power
Install
--------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.
Tianling Shen [Mon, 5 Aug 2024 08:22:47 +0000 (16:22 +0800)]
rockchip: add Radxa ROCK 5A support
Hardware
--------
RockChip RK3588 ARM64 (8 cores)
4/8/16/32GB LPDDR4X RAM
1000 Base-T
Status LED
eMMC/SPI Connector
Micro-SD Slot
2x USB 3.0 Port
2x USB 2.0 Port
Headphone Jack
M.2 E-Key
USB PD/QC 5/9/12/15/20V Power
Install
--------
Uncompress the OpenWrt sysupgrade and write it to a micro SD card or
internal eMMC using dd.
John Audia [Fri, 16 Aug 2024 19:16:04 +0000 (15:16 -0400)]
kernel: bump 6.6 to 6.6.46
This commit makes three changes all needed for the update of the 6.6 kernel.
1. Upstream kernel bump to 6.6.46
Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.46
Manually rebased:
bcm27xx/patches-6.6/950-0320-spi-spidev-Restore-loading-from-Device-Tree.patch
All other patches automatically rebased.
2. Adjusted the following for new ksym[1] enabling it:
Samuele Longhi [Fri, 16 Aug 2024 10:38:42 +0000 (12:38 +0200)]
bmips: bcm6328: add support for D-Link DSL-2750B rev B1
The D-Link DSL-2750B rev B1 (AW4339U) is a wifi fast ethernet router, 2.4 GHz single band
with two external antennas.
This ports the device from old target bcm63xx/generic to bmips/bcm6328.
The hardware is the same of D-Link DSL-2740B rev F1 and DSL-2741B rev F1, plus a usb2 port.
Installation via CFE web UI:
1. Power off the router.
2. Press reset button near the power switch.
3. Keep it pressed while powering up during ~20+ seconds.
4. Browse to http://192.168.1.1 and upload the firmware.
5. Wait a few minutes for it to finish.
gpio-leds doesn't have reg property and pin number is not an address, so "-"
should be used instead of "@".
https://github.com/torvalds/linux/blob/6e4436539ae182dc86d57d13849862bcafaa4709/Documentation/devicetree/bindings/leds/leds-gpio.yaml#L24
Mark Mentovai [Mon, 6 Jun 2022 18:53:31 +0000 (14:53 -0400)]
failsafe: fix console failsafe shell
When running a failsafe shell on a console, job control was unavailable,
and ^C did not function correctly.
This change invokes console failsafe shells via `setsid`, making them
session leaders and allowing them to claim controlling terminals, which
makes job control function properly. To support this, the busybox
`setsid` utility is enabled. This has a minimal 149-byte size impact on
a test x86_64 squashfs rootfs image.
^C was ignored in subprocesses of failsafe shells: it was not possible
to ^C out of a program that would not exit on its own, such as many
typical `ping` invocations. As job control was unavailable, it was not
possible to suspend these subprocesses either, causing a hung program to
tie up a console indefinitely, unless another means to signal the
program was available. This was caused by SIGINT being placed at
disposition SIG_IGN by the shell running preinit, which it did because
the console shell was executed asynchronously with &. That disposition
was inherited by the console shell and its subprocesses, generally
causing ^C to have no effect.
As there is no way in busybox `ash` to reset the disposition of a signal
already ignored at shell entry, and no apparent way to avoid SIGINT
being placed at SIG_IGN when & is used in preinit, an alternative
construct is needed. Now, `start-stop-daemon` is used to start (-S) the
console failsafe shell in the background (-b). This approach does not
alter SIGINT, allowing the console shell to be started with that
signal's handling intact, and normal ^C processing to occur.
busybox `ash` has some behaviors conditional on SHLVL, and while the
console shells ought to run at SHLVL=1, they were not by virtue of being
started by the shell-based preinit system. Additionally, a variety of
detritus was present in the console shell's environment, carried over
from preinit. These conditions are corrected by running the console
shell via `env -i` to clear the environment and establish a minimum and
correct set of environment variables for operation, in the same manner
as `login`. HOME is not explicitly set, because it's addressed in
/etc/profile. For non-failsafe console shells when
system.@system[0].ttylogin = 0, `login -f root` achieves a similar
effect. (`login` already started non-failsafe console shells when
ttylogin = 1 and behaved correctly. This brings the ttylogin = 0 case to
parity.) Note that even `login -f` is somewhat undesirable for failsafe
shells because it requires a viable /etc/passwd, hence the `env -i`
construct in that case.
The TERM environment variable from the preinit environment, with value
"linux", would rarely be correct for serial consoles. Now, the preinit
TERM value is preserved (or set to "linux" if unset) only when the
console is /dev/console or /dev/tty[0-9]*. Otherwise, it will be set to
a safe default appropriate for serial consoles, "vt102", as used for
serial consoles by busybox init. This "linux"/"vt102" TERM setting is
also duplicated for non-failsafe console shells.
This also indicates failsafe mode by showing "- failsafe -" on all
consoles (not just the last-defined one). It sets a hostname of
"OpenWrt-failsafe" in failsafe mode which is rendered in the shell's
prompt as a reminder of the mode during interactive failsafe use.
Previously, no hostname was set, which resulted in the kernel-default
hostname, "(none)", appearing in failsafe shell prompts.
Sylvain Monné [Mon, 5 Aug 2024 13:40:12 +0000 (15:40 +0200)]
uhttpd: restart daemon if certificate has changed
Fixes #16075
When the SSL certificate used by uhttpd has been changed, calling
`/etc/init.d/uhttpd reload` will now have the effect of restarting the
daemon to make the change effective.
r8168, r8125 and r8126 have been transferred from https://github.com/noltari to
https://github.com/openwrt.
The old URL should still work after the transfer, but let's update it anyway.
There are unpopulated areas on the board for 5 GHz WiFi via PCIe as well
as (most likely) Quectel EG25-G 4G module. As both are not populated on
my board support for both is missing for now.
Installation:
The installation can be done via the recovery HTTP server which is built
into the bootloader. Hold down the reset button while connecting the
device to power and keep holding a bit more than 3 seconds. Connect to
http://192.168.188.253/ and upload sysupgrade.bin file.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Romanov Danila [Wed, 14 Aug 2024 12:58:43 +0000 (15:58 +0300)]
kernel: Fix section mismatch in ubi
Fix ubiblock_create_from_param() ubiblock_create_auto_rootfs section mismatch.
Without this, the system upgrade will not work if the kernel was compiled with clang-18.
Marek Behún [Mon, 22 Jul 2024 14:57:50 +0000 (16:57 +0200)]
config: kernel: Add support for configuring BTRFS to be built-in
Add the KERNEL_BTRFS_FS config option so that targets can select
whether BTRFS support must be built-in.
Select this option (alongside KERNEL_BTRFS_FS_POSIX_ACL) from the
layerscape/armv8_64b subtarget instead of enabling it in
target/linux/layerscape/armv8_64b/config-* files.
Move disabling of CONFIG_BTRFS_FS_CHECK_INTEGRITY into generic configs.
This makes it possible for OpenWRT to be built with built-in BTRFS
support on specific boards, instead of whole targets.
Roland Reinl [Thu, 18 Jul 2024 14:10:53 +0000 (16:10 +0200)]
mediatek: Add support for Linksys EA7500 v3
Specification:
- MT7629 CPU
- MT7531 switch
- MT7761N and MT7762N wifi
- 256 MB RAM
- 128 MB NAND flash with dual-boot partitions
- 2 buttons: WPS and reset
- 1 WAN port (1G)
- 4 LAN ports (1G)
- 1 USB port
Limitations (same as other MT7629/MT7761N/MT7762N devices):
- Wifi is not working
- Second core is not working (kernel error message "CPU1: failed to come online")
Disassembly:
- There are two screws under the front rubber feet and two under the label on the bottom (in the corners towards the back, you should be able to feel them).
Serial Interface:
- UART pin header is already soldered on the board. Pinning from front to back:
1 - VCC
2 - TX
3 - RX
4 - n/a
5 - GND
GPIO:
- 1 white LED, connected to GPIO 52
- 1 reset button, connected to GPIO 60
- 1 WPS button, connected to GPIO 58
MAC Adresses:
- The MAC address printed on the device label is used for LAN and WAN
- The MAC address is stored in the devinfo partition in ASCII format (hw_mac_addr=aa:bb:cc:dd:ee)
- 2.4 GHz wifi uses MAC of the device label + 1
- 5 GHz wifi uses MAC of the device label + 2
Flashing:
- OpenWrt is only runnig in the first partition of dual boot
- To ensure to be able to go back to the factory image, flash the last OEM firmware via OEM web interface. This will ensure that the OEM firmware is present on both partitions
- Because of dual boot partitions, flashing via OEM interface is not supported
- Start a TFTP server and provide the initramfs image. Default settings:
- Router IP: 192.168.1.1
- TFTP server IP: 192.168.1.100
- TFTP file name: 7531.bin
- Open the device, connect UART and select " 1. System Load Linux to SDRAM via TFTP." during startup
- Adapt the settings to your environment, if required
- After initramfs is booted, flash the sysupgrade image
Return to OEM firmware:
- Run the following commands in OpenWrt to switch to the second partition
fw_setenv boot_part 2
fw_setenv bootimage 2
- Reboot the device. OEM firmware will start up again
Linus Walleij [Wed, 14 Aug 2024 08:26:26 +0000 (10:26 +0200)]
bmips: inteno-xg6846: Add DSA LED definitions
This adds the LED definitons for the XG6846 DSA port LEDs.
These are standard properties compatible with the existing
Marvell 88e6xxx DT bindings and fully standardized so this
is fine to add. They will be used by the in-flight Marvell
88e6xxx LEDs support patch.
Hannu Nyman [Wed, 1 May 2024 10:53:34 +0000 (13:53 +0300)]
uhttpd: Decrease the default validity time of certificate
The recommended maximum validity period is currently 397 days
and some browsers throw warning with longer periods.
Reference to
https://cabforum.org/working-groups/server/baseline-requirements/
6.3.2 Certificate operational periods and key pair usage periods
Subscriber Certificates issued on or after 1 September 2020
SHOULD NOT have a Validity Period greater than 397 days and
MUST NOT have a Validity Period greater than 398 days.
Pat Fruth [Wed, 1 May 2024 10:50:23 +0000 (13:50 +0300)]
uhttpd: Include new extensions in uhttpd self-signed certs
The introduction of MacOS Catalina includes new requirements for self-signed certificates.
See: https://support.apple.com/en-us/HT210176
These new requirements include the addition of two TLS server certificate extensions.
- extendedKeyUsage
- subjectAltName
The extendedKeyUsage must be set to serverAuth.
The subjectAltName must be set to the DNS name of the server.
In the absense of these new extensions, when the LUCI web interface is configured to use HTTPS and
self-signed certs, MacOS user running Google Chrome browsers will not be able to access the LUCI web enterface.
If you are generating self-signed certs which do not include that extension, Chrome will
report "NET::ERR_CERT_INVALID" instead of "NET::ERR_CERT_AUTHORITY_INVALID". You can click through to
ignore the latter, but not the former.
This change updates the uhttpd init script to generate self-signed cert that meets the new requirements. Signed-off-by: Pat Fruth <pat@patfruth.com> Link: https://github.com/openwrt/openwrt/pull/15366 Signed-off-by: Robert Marko <robimarko@gmail.com>
Hannu Nyman [Wed, 1 May 2024 11:49:46 +0000 (14:49 +0300)]
px5g-mbedtls: add subjectAltName and extendedKeyUsage to SSL certs
To better acommodate with the current browsers' requirements, also
self-signed certificates should have subjectAltName and
extendedKeyUsage defined in the self-signed x509 SSL certificates.
The following case sensitive options are now possible:
-addext subjectAltName=DNS:...
-addext subjectAltName=EMAIL:...
-addext subjectAltName=IP:...
-addext subjectAltName=URI:...
-addext extendedKeyUsage=serverAuth OR -addext extendedKeyUsage=any
Marek Behún [Tue, 13 Aug 2024 07:24:11 +0000 (09:24 +0200)]
firmware: omnia-mcu-firmware: Bump to 4.1
Bump `omnia-mcu-firmware` to version 4.1.
This version fixes the following issue on boards with GD32 MCU:
* the user has old GD32 MCU bootloader and application (version 2.0)
* the user upgraded MCU application firmware to newer version (from
2.99 to 4.0)
* the user wants to upgrade application again, but it is impossible,
because when MCU application firmware jumps into the old MCU
bootloader firmware (2.0), the old bootloader firmware gets stuck in
exception
* the user has to restart the board and upgrade the bootloader firmware
first, which is not ideal, since if bootloader firmware upgrade is
interrupted, the board gets bricked
Therefore the `omnia-mcutool` utility version 0.3-rc3 will refuse to
upgrade MCU application firmware to versions 2.99 to 4.0 if the MCU
bootloader firmware is at version 2.0.
For users to be able to upgrade MCU application firmware on GD32
boards, they will need this new 4.1 version.
Users that already upgraded the MCU application firmware to a version
version between 2.99 and 4.0 (using a previous version of the
`omnia-mcutool` utility) have no other choice but to upgrade MCU
bootloader firmware as well.
Rosen Penev [Mon, 12 Aug 2024 17:23:06 +0000 (10:23 -0700)]
mpc85xx: fix wdr4900 ethernet
997acc7f86ca985cba52f7ea8b72f0661a1e3c52 split this PHY driver up such
that external QCA switches now use CONFIG_QCA83XX_PHY. Fix it here so
that ethernet works again.
5. Flash new firmware
router# run mtd -r write /tmp/fw.bin OS1
6. Check result
Wait about 5-10 minutes after flash. Router should reboot itself and
turn left led from orange to blue.
In case of failure one can use Xiaomi 4a 100m debrick tool
(it uploads special image via tftpd in recovery mode)
After that you can start again from step 1.
Another actions are very similar to original Mi Router 4A 100M
1 mm: restrict the pcp batch scale factor to avoid too long latency
a new kconfig option (PCP_BATCH_SCALE_MAX) is added to
set the max batch scale factor.Whose default value is 5,
and users can reduce it when necessary.
uboot-envtools: Add support for Orange Pi R1 Plus & LTS
Add support this boards to envtools config
This commit integrates the latest changes from new U-Boot, which includes important updates to the DTSI files for the Orange Pi R1 Plus and Orange Pi R1 Plus LTS boards.
projects / thirdparty / openwrt.git / log
