The ImageBuilder downloads pre-built packages and adds them to images.
This process uses `opkg` which has the capability to verify package list
signatures via `usign`, as enabled per default on running OpenWrt
devices.
Until now this was disabled for ImageBuilders because neither the `opkg`
keys nor the `opkg-add` script was present during first packagelist
update.
To harden the ImageBuilder against *drive-by-download-attacks* both keys
and verification script are added to the ImageBuilder allowing `opkg` to
verify downloaded package indices.
This commit adds `opkg-add` to the ImageBuilder scripts folder. The keys
folder is added to ImageBuilder $TOPDIR to have an obvious place for users to
store their own keys. The `option check_signature` is appended to the
repositories.conf file. All of the above only happens if the Buildbot
runs with the SIGNATURE_CHECK option.
The keys stored in the ImageBuilder keys/ are the same as included in
the openwrt-keyring package. To avoid the chicken-egg problem of
downloading and verifying a package, containing signing keys, the keys
are added during the ImageBuilder generation. They are same as in
shipped images (stored at `/etc/opkg/keys/`).
To allow a local package feed in which the user can add additional
packages, a local set of `usign` and `ucert` keys is generated, same as
building OpenWrt from source. The private key signs the local repository
inside the packages/ folder. The local public key is added to the keys/
folder to be considered by `opkg` when updating repositories. This way a
local package feed can be modified while requiring `opkg` to check
signatures for remote feed, making HTTPS optional.
The new option `ADD_LOCAL_KEY` allows to add the local key inside the
created images, adding the advantage that sysupgrades can validate the
ImageBuilders local key.
Signed-off-by: Paul Spooren <mail@aparcar.org>
This patch adds support for the WiFi Pineapple Mark 7, a wireless
penetration testing tool.
Specifications:
* SoC: MediaTek MT7628 (580MHz)
* RAM: 256MiB (DDR2)
* Storage 1: 32MiB NOR (SPI)
* Storage 2: 2GB eMMC
* Wireless 1: 802.11b/g/n 2.4GHz (Built In)
* Wireless 2: 802.11b/g/n 2.4GHz (MT7601)
* Wireless 3: 802.11b/g/n 2.4GHz (MT7601)
* USB: 1x USB Type-A 2.0 Host Port
* Ethernet: 1x USB Type-C AX88772C Ethernet
* UART: 57600 8N1 on PCB
* Inputs: 1x Reset Button
* Outputs: 1x RGB LED
* FCCID: 2AA52MK7
Flash Instructions:
Original firmware is based on OpenWRT.
Use sysupgrade via SSH to flash.
Signed-off-by: Marc Egerton <foxtrot@realloc.me>
[pepe2k@gmail.com: set only required/used gpio groups to gpio function]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
New batches of the R36A board series might no longer keep separated
Ethernet MAC addresses stored in flash. Use same approach as on the
N2Q and calculate Ethernet MACs from WLAN one which is kept in ART.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
ALFA Network Pi-WiFi4 is a Qualcomm QCA9531 v2 based, high-power 802.11n
WiFi board in Raspberry Pi 3B shape, equipped with 1x FE and 4x USB 2.0.
Specifications:
- Qualcomm/Atheros QCA9531 v2
- 650/400/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16+ MB of flash (SPI NOR)
- 1x 10/100 Mbps Ethernet
- 2T2R 2.4 GHz Wi-Fi with Qorvo RFFM8228P FEM
- 2x IPEX/U.FL connectors on PCB
- 4x USB 2.0 Type-A
- Genesys Logic GL850G 4-port USB HUB
- USB power is controlled by GPIO
- 5x LED (3x on PCB, 2x in RJ45, 4x driven by GPIO)
- 1x button (reset)
- external h/w watchdog (EM6324QYSP5B, enabled by default)
- 1x micro USB Type-B for power and system console (Holtek HT42B534)
- UART and GPIO (8-pin, 1.27 mm pitch) header on PCB
Flash instruction:
You can use sysupgrade image directly in vendor firmware which is based
on LEDE/OpenWrt. Alternatively, you can use web recovery mode in U-Boot:
1. Configure PC with static IP 192.168.1.2/24.
2. Connect PC with one of RJ45 ports, press the reset button, power up
device, wait for first blink of all LEDs (indicates network setup),
then keep button for 3 following blinks and release it.
3. Open 192.168.1.1 address in your browser and upload sysupgrade image.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The Xiaomi Mi Router 4A Gigabit model has a race condition on bootup
causing the SQUASHFS data errors to appear and create a bootloop
scenario.
Adding the m25p,fast-read property resolves this issue.
Suggested-by: David Bentham <db260179@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
CPU: Atheros AR9342 rev 3 SoC
RAM: 64 MB DDR2
Flash: 16 MB NOR SPI
WLAN 2.4GHz: Atheros AR9342 v3 (ath9k)
WLAN 5.0GHz: QCA988X
Ports: 2x GbE
Flashing procedure is identical to other ubnt devices.
https://openwrt.org/toh/ubiquiti/common
Flashing through factory firmware
1. Ensure firmware version v8.7.0 is installed.
Up/downgrade to this exact version.
2. Patch fwupdate.real binary using
`hexdump -Cv /bin/ubntbox | sed 's/14 40 fe 27/00 00 00 00/g' | \
hexdump -R > /tmp/fwupdate.real`
3. Make the patched fwupdate.real binary executable using
`chmod +x /tmp/fwupdate.real`
4. Copy the squashfs factory image to /tmp on the device
5. Flash OpenWrt using `/tmp/fwupdate.real -m <squashfs-factory image>`
6. Wait for the device to reboot
(copied from Ubiquiti NanoBeam AC and modified)
To keep it consistent, we will add the gen1 variant to
the nanobeam ac gen1.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This adds a missing ";;" in the switch-case in 11-ath10k-caldata.
Fixes: 4d36569b9cab ("ath79: fix ath10k caldata extraction on some
D-Link DIR-842 C3 devices")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
According to forum threads [0][1] and a report on IRC by Doc-Saintly
some of those boards have calibration data in a different place. Only
one alternative location is known.
Without proper board calibration data (board.bin having all 0xff bytes)
ath10k firmware still tries to load but crashes on startup with a
confusing error message.
If you're applying this patch manually on your device do not forget to
remove /lib/firmware/ath10k/pre-cal-pci-0000:00:00.0.bin and reboot to
force caldata re-extraction.
[0] https://forum.openwrt.org/t/support-for-d-link-dir842-rev-c3/41654
[1] https://forum.openwrt.org/t/d-link-dir-842-cant-access-firmware-upload-form/65454
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
All targets that used mvsw61xx have switched to upstream mv88e6xxx DSA
driver, so it can be removed.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
mediatek frequently had mixed indent (tabs vs. spaces) in DTS files
and DTS file kernel patches (probably due to careless copy/paste).
The harmonizes these cases to tabs-only, as usual for DTS(I).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Both bcm2709 and bcm2710 firmware can run on the same RaspberryPi
models, varying however in 32 and 64 Bit architectures. The model name
alone does not include the architecture information, which becomes
problematic if looking at a overview that only contains the names. By
adding a variant it is possible to tell the architecture.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The original patch from QCA over rode the nf_conntrack_un/register_notifier API, which
will break other modules relying on the API. Reworked the notification APIs to play nice
with others.
This pci@40000000 node from upstream was dropped when the device
was converted from local DTS(I) files to kernel patches in [1] to
ensure that change was purely cosmetic.
However, the DK04.1 has a PCI-E slot by default, so let's keep
(i.e. not remove) the kernel definition now.
[1] c4beac9ea2e1 ("ipq40xx: use upstream DTS files for IPQ4019/AP-DK04.1")
Suggested-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
A lot of patches are outdated versions of upstreamed patches and
drivers.
So lets pull in the upstreamed patches and reorder remaining ones.
This drops the unnecessary 721-dts-ipq4019-add-ethernet-essedma-node.patch
which adds nodes for not yet in OpenWrt IPQESS driver.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
[do not touch 902-dts-ipq4019-ap-dk04.1.patch here]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Define wildcard patterns for filtering in target/linux/generic/config-filter
Preparation for supporting newer kernels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
MikroTik recently changed again the way they store wlan calibration data
on devices. Prior to this change, ERD calibration data for all available
radios was stored within a single identifier node ("tag" in RouterBoot
parlance).
Recent devices have been seen with calibration (and BDF) data stored in
separate identifiers within LZOR packing for each radio: this patch
addresses this by:
1) ensuring that both variants are properly supported,
2) preserving backward compatibility with existing data consumers,
3) allowing for more than 2 calibration blobs to be exposed via sysfs.
Specifically, before this patch, the driver would provide a single sysfs
file named /sys/firmware/mikrotik/hard_config/wlan_data that contained
whatever calibration data found on the device's flash. After this patch,
when executed on a device that uses the old style storage, this behavior
is unchanged, but when executed on a device that uses new style storage
(for either traditional "ERD" packing or "LZOR" packing), the driver
replaces that single file with a folder containing one or more files
each containing the data encoded within individual identifiers.
As far as OpenWRT is concerned, this means that for devices which are
known to exist with both styles of data storage, a suitable hotplug stub
could look like this for e.g. the second radio:
wdata="/sys/firmware/mikrotik/hard_config/wlan_data"
( [ -f "$wdata" ] && caldata_sysfsload_from_file "$wdata" 0x8000 0x2f20 ) || \
( [ -d "$wdata" ] && caldata_sysfsload_from_file "$wdata/data_2" 0x0 0x2f20 )
This patch has been tested with LZOR old and new style packing on ipq4019,
and with old style on ath79.
Tested-by: John Thomson <git@johnthomson.fastmail.com.au>
Tested-by: Шебанов Алексей <admin@ublaze.ru>
Tested-by: Alen Opačić <subixonfire@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Tested-by: Robert Marko <robimarko@gmail.com>
CONFIG_EFI_VARS has been disabled in
64bit x86 target in 2018 by the following commit
b0a51dab8c5b8d40828a00b0c6d66450bf90f217
the same reasons apply to Generic target, so
now it's disabled here too.
Leaving it enabled is also blocking compile as
a new symbol was added
EFI_CUSTOM_SSDT_OVERLAYS
that depends from CONFIG_EFI_VARS
and the build system stops and waits for
user input on what to do about it.
The Legacy and Geode targets never
had any EFI_xxx configs enabled so they
don't have this issue
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
This adds support for RTL839x SoCs in the ethernet and switch
drivers of the rtl838x architecture.
Reviewed-by: Andreas Oberritter <obi@saftware.de>
Signed-off-by: Birger Koblitz <git@birger-koblitz.de>
This device has previously been supported by the image
for Xiaomi Mi Router 3G v2. Since this is not obvious, the
4A is marketed as a new major revision and it also seems to
have a different bootloader, this will be both more tidy and
more helpful for the users.
Apart from that, note that there also is a 100M version of
the device that uses mt7628 platform, so a specifically named
image will also prevent confusion in this area.
Specifications:
- SoC: MediaTek MT7621
- Flash: 16 MiB NOR SPI
- RAM: 128 MiB DDR3
- Ethernet: 3x 10/100/1000 Mbps (switched, 2xLAN + WAN)
- WIFI0: MT7603E 2.4GHz 802.11b/g/n
- WIFI1: MT7612E 5GHz 802.11ac
- Antennas: 4x external (2 per radio), non-detachable
- LEDs: Programmable "power" LED (two-coloured, yellow/blue)
Non-programmable "internet" LED (shows WAN activity)
- Buttons: Reset
Installation:
Bootloader won't accept any serial input unless "boot_wait" u-boot
environment variable is changed to "on".
Vendor firmware won't accept any serial input until "uart_en" is
set to "1".
Using the https://github.com/acecilia/OpenWRTInvasion exploit you
can gain access to shell to enable these options:
To enable uart keyboard actions - 'nvram set uart_en=1'
To make uboot delay boot work - 'nvram set boot_wait=on'
Set boot delay to 5 - 'nvram set bootdelay=5'
Then run 'nvram commit' to make the changes permanent.
Once in the shell (following the OpenWRTInvasion instructions) you
can then run the following to flash OpenWrt and then reboot:
'cd /tmp; curl https://downloads.openwrt.org/...-sysupgrade.bin
--output firmware.bin; mtd -e OS1 -r write firmware.bin OS1'
Suggested-by: David Bentham <db260179@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
E600G v2 based on Qualcomm/Atheros QCA9531
Specification:
- 650/600/200 MHz (CPU/DDR/AHB)
- 128/64 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz
- 2 x 10/100 Mbps Ethernet(RJ45)
- 1 x MiniPCI-e
- 1 x SIM (3G/4G)
- 5 x LED , 1 x Button(SW2-Reset Buttun), 1 x power input
- UART(J100) header on PCB(115200 8N1)
E600GAC v2 based on Qualcomm/Atheros QCA9531 + QCA9887
Specification:
- 650/600/200 MHz (CPU/DDR/AHB)
- 128/64 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz
- 1T1R 5 GHz
- 2 x 10/100 Mbps Ethernet(RJ45)
- 6 x LED (one three-color led), 2 x Button(SW2-Reset Buttun),1 x power input
- UART (J100)header on PCB(115200 8N1)
Flash instruction:
1.Using tftp mode with UART connection and original OpenWrt image
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "openwrt-ath79-generic-xxx-squashfs-sysupgrade.bin"
to "firmware.bin" and place it in tftp server directory.
- Connect PC with one of LAN ports, power up the router and press
key "Enter" to access U-Boot CLI.
- Use the following commands to update the device to OpenWrt:
run lfw
- After that the device will reboot and boot to OpenWrt.
- Wait until all LEDs stops flashing and use the router.
2.Using httpd mode with Web UI connection and original OpenWrt image
- Configure PC with static IP 192.168.1.xxx(2-255) and tftp server.
- Connect PC with one of LAN ports,press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
leds flashing.
- Open your browser and enter 192.168.1.1,You will see the upgrade
interface, select "openwrt-ath79-generic-xxx-squashfs-
sysupgrade.bin" and click the upgrade button.
- After that the device will reboot and boot to OpenWrt.
- Wait until all LEDs stops flashing and use the router.
Signed-off-by: 张鹏 <sd20@qxwlan.com>
[rearrange in generic.mk, fix one case in 04_led_migration, update
commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The file lacks executable permissions, which makes it not being applied
during the first boot.
While at it, drop unneeded include.
Signed-off-by: Piotr Jurkiewicz <piotr.jerzy.jurkiewicz@gmail.com>
[do not touch board name handling, update commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This patch adds support for D-Link DIR-2640 A1.
Specifications:
* Board: AP-MTKH7-0002
* SoC: MediaTek MT7621AT
* RAM: 256 MB (DDR3)
* Flash: 128 MB (NAND)
* WiFi: MediaTek MT7615N (x2)
* Switch: 1 WAN, 4 LAN (Gigabit)
* Ports: 1 USB 2.0, 1 USB 3.0
* Buttons: Reset, WPS
* LEDs: Power (blue/orange), Internet (blue/orange), WiFi 2.4G (blue),
WiFi 5G (blue), USB 3.0 (blue), USB 2.0 (blue)
Notes:
* WiFi 2.4G and WiFi 5G LEDs are wired directly to the wireless chips
Installation:
* D-Link Recovery GUI: power down the router, press and hold the reset
button, then re-plug it. Keep the reset button pressed until the power
LED starts flashing orange, manually assign a static IP address under
the 192.168.0.xxx subnet (e.g. 192.168.0.2) and go to http://192.168.0.1
* Some modern browsers may have problems flashing via the Recovery GUI,
if that occurs consider uploading the firmware through cURL:
curl -v -i -F "firmware=@file.bin" 192.168.0.1
MAC addresses:
lan factory 0xe000 *:a7 (label)
wan factory 0xe006 *:aa
2.4 factory 0xe000 +1 *:a8
5.0 factory 0xe000 +2 *:a9
Seems like vendor didn't replace the dummy entries in the calibration data.
Signed-off-by: James McGuire <jamesm51@gmail.com>
[fix device definition title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The comment content can be useful for readers of both the log and code
Previously when dd command "records in/out" messages are not filtered
like now with get_image_dd, it's not clear that these messages are for
extracting boot sectors. E.g.
Before
== upgrade: Reading partition table from bootdisk...
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
After
== upgrade: Reading partition table from bootdisk...
== upgrade: Extract boot sector from the image
37+26 records in
37+26 records out
== upgrade: Reading partition table from image...
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Manually rebased patches:
bcm27xx:
patches-5.4/950-0267-xhci-add-quirk-for-host-controllers-that-don-t-updat.patch
bcm53xx:
patches-5.4/180-usb-xhci-add-support-for-performing-fake-doorbell.patch
layerscape:
patches-5.4/802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch
patches-5.4/808-i2c-0002-MLK-10893-i2c-imx-add-irqf_no_suspend.patch
patches-5.4/820-usb-0016-MLK-16735-usb-host-add-XHCI_CDNS_HOST-flag.patch
Removed since could be reverse-applied by quilt:
mediatek:
patches-5.4/0700-arm-dts-mt7623-add-missing-pause-for-switchport.patch
All modifications made by update_kernel.sh
Build system: x86_64
Build-tested: ipq806x/R7800, ath79/generic, bcm27xx/bcm2711, x86_64
Run-tested: ipq806x/R7800, x86_64
No dmesg regressions, everything functional
Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86_64]
Rebase of 802-can-0025-can-flexcan-add-LPSR-mode-support-for-i.MX7D.patch
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Althought most of the switches aren't routers, they can be used as such,
so let's add some of the packages from the router's DEVICE_TYPE. While
at it, remove swconfig package which is not needed on DSA targets.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Without an absolute path to staging_dir/host/bin/sstrip the Makefile
tries to run a host installed version of sstrip, which is likely not
available.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fixes following dtc warning:
../dts/rtl838x.dtsi:38.3-145.3: Warning (reg_format): /: Root node has a "reg" property
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Hardware specification
----------------------
* RTL8382M SoC, 1 MIPS 4KEc core @ 500MHz
* 128MB DRAM
* 32MB NOR Flash (MX25L25635E)
* 24 x 10/100/1000BASE-T ports
- Internal PHY with 8 ports (RTL8218B)
- Two external PHYs with 8 ports each (RTL8218B)
* 4 x Gigabit RJ45/SFP Combo ports
- External PHY with 4 SFP ports (RTL8214FC)
* Power LED
* Reset button on front panel
* UART (115200 8N1) via unpopulated standard 0.1" pin header marked J6
UART pinout
-----------
[oooo]J3 [o]ooo|J6
| ^ ||`------ GND
| | |`------- RX
| | `-------- TX
| `---------- Vcc (3V3)
|
`------------------ J3 is power input connector nearby J6 UART
Boot initramfs image from U-Boot
--------------------------------
1. Press Escape key during `Hit Esc key to stop autoboot` prompt
2. Press CTRL+C keys to get into real U-Boot prompt
3. Init network with `rtk network on` command
4. Load image with `tftpboot 0x8f000000 openwrt-rtl838x-generic-d-link_dgs-1210-28-initramfs-kernel.bin` command
5. Boot the image with `bootm` command
To install, upload the sysupgrade image to the OEM webpage or sysupgrade
from the system running from initramfs image.
It has been developed and tested on device with F1 revision.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
So the common bits can be easily shared with other boards in the family
and while at it add missing SPDX license identifiers into the DTS files
and fixed alphabetic sorting of the devices in the images.
Signed-off-by: Petr Štetiar <ynezz@true.cz>