This PR adds support for netis NX31 router.
Specification
-------------
- SoC : MediaTek MT7981BA dual-core ARM Cortex-A53 1.3 GHz
- RAM : 256 MiB DDR3
- Flash : SPI-NAND 128 MiB (ESMT)
- WLAN : MediaTek MT7976CN dual-band WiFi 6
- 2.4 GHz : b/g/n/ax, MIMO 2x2
- 5 GHz : a/n/ac/ax, MIMO 2x2
- Ethernet : 10/100/1000 Mbps x3 (LAN, MediaTek MT7531AE)
10/100/1000 Mbps x1 (WAN, SoC internal phy)
- USB : No
- Buttons : Mesh, Reset
- LEDs : 1x Power (blue), unmanaged
1x Status (blue), gpio-controlled
1x WiFi 2.4 GHz (blue), gpio-controlled
1x WiFi 5 GHz (blue), gpio-controlled
3x LAN activity (blue), switch-controlled
1x WAN activity (blue), gpio-controlled
- Power : 12 VDC, 1 A
Installation
------------
1. Connect to the router using ssh (user: admin, pass: web interface
password)
2. Make mtd backup:
cat /dev/mtd0 | gzip -1 -c > /tmp/mtd0_spi0.0.bin.gz
cat /dev/mtd1 | gzip -1 -c > /tmp/mtd1_BL2.bin.gz
cat /dev/mtd2 | gzip -1 -c > /tmp/mtd2_u-boot-env.bin.gz
cat /dev/mtd3 | gzip -1 -c > /tmp/mtd3_Factory.bin.gz
cat /dev/mtd4 | gzip -1 -c > /tmp/mtd4_FIP.bin.gz
cat /dev/mtd5 | gzip -1 -c > /tmp/mtd5_ubi.bin.gz
3. Download mtd backup from the /tmp dir of the router to your PC using
scp protocol
4. Upload OpenWrt 'bl31-uboot.fip', 'preloader.bin' images to the /tmp
dir of the router using scp protocol
5. Write FIP and BL2 (replace bootloader):
mtd write /tmp/openwrt-mediatek-filogic-netis_nx31-bl31-uboot.fip FIP
mtd write /tmp/openwrt-mediatek-filogic-netis_nx31-preloader.bin BL2
6. Place OpenWrt
'openwrt-mediatek-filogic-netis_nx31-initramfs-recovery.itb' image on
the tftp server (IP: 192.168.1.254)
7. Erase 'ubi' partition and reboot the router:
mtd erase ubi
reboot
8. U-Boot automatically boot OpenWrt recovery image from tftp server to
the RAM
9. Upload OpenWrt 'sysupgrade.itb' image to the /tmp dir of the router
(IP: 192.168.1.1) using scp protocol
10. Connect to the router using ssh and run:
sysupgrade -n openwrt-mediatek-filogic-netis_nx31-squashfs-sysupgrade.itb
Return to stock
---------------
1. Unpack stock BL2 and FIP partitions backup
2. Upload stock BL2 and FIP partitions backup to the /tmp dir of the
router using scp protocol
3. Connect to the router using ssh and run:
apk update && apk add kmod-mtd-rw
insmod mtd-rw i_want_a_brick=1
mtd unlock BL2
mtd unlock FIP
4. Restore backup:
mtd write /tmp/mtd4_FIP.bin FIP
mtd write /tmp/mtd1_BL2.bin BL2
5. Erase ubi and reboot:
mtd erase ubi
reboot
6. Power off the router
7. Press Reset button and power on the router. Release the button after
~10 sec
8. Navigate to U-Boot recovery web server (http://192.168.1.1/) and
upload the OEM firmware
Recovery
--------
1. Place OpenWrt
'openwrt-mediatek-filogic-netis_nx31-initramfs-recovery.itb' image on
the tftp server (IP: 192.168.1.254)
2. Press “Reset” button and power on the router. After ~10 sec release
the button.
3. Use OpenWrt initramfs system for recovery
MAC addresses
-------------
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| LAN | dc:xx:xx:d1:xx:18 | label |
| WAN | dc:xx:xx:d1:xx:1a | label+2 |
| WLAN 2g | de:xx:xx:11:xx:19 | |
| WLAN 5g | de:xx:xx:71:xx:19 | |
+---------+-------------------+-----------+
The LAN MAC was found in 'Factory', 0x1fef20
The WAN MAC was found in 'Factory', 0x1fef26
The WLAN 2g/5g MAC prototype was found in 'Factory', 0x4
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18324
(cherry picked from commit d8002cb627edcbef27dedf9768a45ab0435ac55e)
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18438
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport two commits to resolve issues with ath1kk causing it to fail
driver registration on iommuless systems with DRAM outside of 32bit
addressing such as a 4GiB imx8mm:
commit 1bcd20981834 ("wifi: ath11k: Fix DMA buffer allocation
to resolve SWIOTLB issues")
commit eeadc6baf8b3 ("wifi: ath11k: Use dma_alloc_noncoherent
for rx_tid buffer allocation")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Link: https://github.com/openwrt/openwrt/pull/17751
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit fa50e53aa92e4db9dfe091e7dd55c3fc2024ad13)
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
(This was a real problem I encountered with a nanopi R6S device and
an external rtl8152 usb3 network controller - the USB controller would
claim the eth1 name, causing much confusion).
Signed-off-by: Michel Lespinasse <michel@lespinasse.org>
Link: https://github.com/openwrt/openwrt/pull/17638
(cherry picked from commit effcb6e4c3f6638ad4dde7a7e9218c4f7189019b)
Link: https://github.com/openwrt/openwrt/pull/18347
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix compilation error for old stable version caused by
genlmsg_multicast_allns backport fix pushed middle version.
Version 5.15 version 0-169, 6.1 version 0-115, 6.6 version 0-58 have the
old genlmsg_multicast_allns version with flags variable.
Compiling backport project with these version result in a compilation
error. To handle this, introduce a backport function for the affected
kernel version.
Link: https://github.com/openwrt/openwrt/pull/18373
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 40393881491aa5fd23e715d0bedf591e3b152ddd)
Do not verify the format of TLV. Leave that to lldpd.
These lldpd config entries:
config custom-tlv
list ports 'eth0'
option tlv 'replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55'
config custom-tlv
option tlv 'oui 33,44,44 subtype 232'
list ports 'br-lan'
list ports 'eth0'
config custom-tlv # oui-info truncated
option tlv 'add oui 33,44,33 subtype 66 oui-info 5555555555'
config custom-tlv
option tlv 'add oui 33,44,31 subtype 44'
config custom-tlv # invalid oui
option tlv 'add oui 3322 subtype 79'
config custom-tlv # invalid oui
option tlv 'oui 3312 subtype 74'
Produce the following lldpd.conf content:
configure ports eth0 lldp custom-tlv replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55
configure ports br-lan,eth0 lldp custom-tlv oui 33,44,44 subtype 232
configure lldp custom-tlv add oui 33,44,33 subtype 66 oui-info 5555555555
configure lldp custom-tlv add oui 33,44,31 subtype 44
configure lldp custom-tlv add oui 3322 subtype 79
configure lldp custom-tlv oui 3312 subtype 74
And lldpd (v1.0.13 on v22) logs the following:
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op replace oui 33:44:55 subtype fe
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:44 subtype e8
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3322'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3312'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: lldpd should resume operations
( The last two TLV are invalid: their oui must be three hex bytes, comma
separated. Only the first hex byte of oui-info 5555555555 is used )
Depends on #14867 and its release version bump
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
(cherry picked from commit 8d1fe32c2c46a8de519f9926be2bc062cef66f24)
Link: https://github.com/openwrt/openwrt/pull/18343
Signed-off-by: Robert Marko <robimarko@gmail.com>
where csv = comma separated value(s)
Make the function more generic. Can use it for not only 'config'.
Now it can be used to parse interfaces for additional lldpd settings,
e.g. custom-tlv.
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
(cherry picked from commit a015f59880c72a1bdd07de32491f85ce7f8d2a1c)
Link: https://github.com/openwrt/openwrt/pull/18343
Signed-off-by: Robert Marko <robimarko@gmail.com>
Apparently U-Boot will discard whole node if requested pin function is
unknown to the driver. This resulted in inability to interact with
U-Boot on the said board, as U-Boot always assumed the recovery key
pressed and issued recovery procedure. Log snippet:
button_gpio gpio-keys: pinctrl_select_state_full: pinctrl_config_one: err=-38
reset button found
button pushed, resetting environment
Recovery procedure also booted recovery image, which didn't affect much
the 23.05.x release, since the root fs argument was valid, so changes
persisted. But as 24.10.x hit with fitblk, the board will boot only
recovery image (initramfs) because of default bootargs will reset on each
boot and U-Boot provided bootargs took precedence.
Fixes: 42eeb22450f2 ("uboot-mediatek: fix factory/reset button")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250304164507.60511-1-tmn505@terefe.re/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f8a2e1c68b48d72234172543f4232e77f065ca4d)
Debian Changelogs from 20240531:
local access.
- Mitigations for INTEL-SA-01079 (CVE-2024-23918)
Potential security vulnerabilities in some Intel Xeon processors
using Intel SGX may allow escalation of privilege. Intel disclosed
that some processor models were already fixed by a previous
microcode update.
- Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
Improper finite state machines (FSMs) in hardware logic in some
Intel Processors may allow an privileged user to potentially enable a
denial of service via local access.
- Mitigations for INTEL-SA-01103 (CVE-2024-23984)
A potential security vulnerability in the Running Average Power Limit
(RAPL) interface for some Intel Processors may allow information
disclosure. Added mitigations for more processor models.
* Updated Microcodes:
sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800
sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603
sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603
sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603
sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603
sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256
sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037
sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037
sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037
sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232
sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435
sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240
sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123
sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123
sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128
sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283
* source: update symlinks to reflect id of the latest release, 20241112
* Update changelog for 3.20240910.1 and 3.20240813.1 with new information:
INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models,
and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for
some processor models.
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 14 Nov 2024 15:37:40 -0300
intel-microcode (3.20241029.1) UNRELEASED; urgency=medium
* New upstream microcode datafile 20241029
- Not relevant for operating system microcode updates
- Only when loaded from firmware, this update fixes the critical,
potentially hardware-damaging errata RPL061: Incorrect Internal
Voltage Request on Raptor Lake (Core 13th/14th gen) Intel
processors.
* Updated Microcodes:
sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 14 Nov 2024 14:49:03 -0300
intel-microcode (3.20240910.1) unstable; urgency=medium
* New upstream microcode datafile 20240910 (closes: #1081363)
- Mitigations for INTEL-SA-01097 (CVE-2024-24968)
Improper finite state machines (FSMs) in hardware logic in some
Intel Processors may allow an privileged user to potentially enable a
denial of service via local access.
- Fixes for unspecified functional issues on several processor models
- The processor voltage limit issue on Core 13rd/14th gen REQUIRES A
FIRMWARE UPDATE. It is present in this release for sig 0xb0671, but
THE VOLTAGE ISSUE FIX ONLY WORKS WHEN THE MICROCODE UPDATE IS LOADED
THROUGH THE FIT TABLE IN FIRMWARE. Contact your system vendor for a
firmware update that includes the appropriate microcode update for
your processor.
* Updated Microcodes:
sig 0x00090672, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256
sig 0x00090675, pf_mask 0x07, 2024-02-22, rev 0x0036
sig 0x000b06f2, pf_mask 0x07, 2024-02-22, rev 0x0036
sig 0x000b06f5, pf_mask 0x07, 2024-02-22, rev 0x0036
sig 0x000906a3, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208
sig 0x000906a4, pf_mask 0x80, 2024-02-22, rev 0x0434
sig 0x000a06a4, pf_mask 0xe6, 2024-06-17, rev 0x001f, size 137216
sig 0x000b0671, pf_mask 0x32, 2024-07-18, rev 0x0129, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2024-02-22, rev 0x4122
sig 0x000b06a8, pf_mask 0xe0, 2024-02-22, rev 0x4122
sig 0x000b06e0, pf_mask 0x19, 2024-03-25, rev 0x001a, size 138240
* Update changelog for 3.20240813.1 with new information
* Update changelog for 3.20240514.1 with new information
* source: update symlinks to reflect id of the latest release, 20240910
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 21 Sep 2024 16:40:07 -0300
intel-microcode (3.20240813.2) unstable; urgency=high
* Merge changes from intel-microcode/3.20240531.1+nmu1, which were left out
from 3.20240813.1 by an oversight, regressing merged-usr. Closes: #1060200
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 17 Aug 2024 11:31:32 -0300
intel-microcode (3.20240813.1) unstable; urgency=medium
* New upstream microcode datafile 20240813 (closes: #1078742)
- Mitigations for INTEL-SA-01083 (CVE-2024-24853)
Incorrect behavior order in transition between executive monitor and SMI
transfer monitor (STM) in some Intel Processors may allow a privileged
user to potentially enable escalation of privilege via local access.
- Mitigations for INTEL-SA-01118 (CVE-2024-25939)
Mirrored regions with different values in 3rd Generation Intel Xeon
Scalable Processors may allow a privileged user to potentially enable
denial of service via local access.
- Mitigations for INTEL-SA-01100 (CVE-2024-24980)
Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
Xeon Processors may allow a privileged user to potentially enable
escalation of privilege via local access.
- Mitigations for INTEL-SA-01038 (CVE-2023-42667)
Improper isolation in the Intel Core Ultra Processor stream cache
mechanism may allow an authenticated user to potentially enable
escalation of privilege via local access. Intel disclosed that some
processor models were already fixed by the previous microcode update.
- Mitigations for INTEL-SA-01046 (CVE-2023-49141)
Improper isolation in some Intel Processors stream cache mechanism may
allow an authenticated user to potentially enable escalation of
privilege via local access. Intel disclosed that some processor models
were already fixed by the previous microcode update.
- Mitigations for INTEL-SA-01079 (CVE-2024-23918)
Potential security vulnerabilities in some Intel Xeon processors
using Intel SGX may allow escalation of privilege. Intel released this
information during the full disclosure for the 20241112 update.
Processor signatures 0x606a6 and 0x606c1.
- Mitigations for INTEL-SA-01103 (CVE-2024-23984)
A potential security vulnerability in the Running Average Power Limit
(RAPL) interface for some Intel Processors may allow information
disclosure. Intel released this information during the full disclosure
for the 20240910 update. Processor signatures 0x5065b, 0x606a6,
0x606c1.
- Fix for unspecified functional issues on several processor models
- Fix for errata TGL068/ADL075/ICL088/... "Processor may hang during a
microcode update". It is not clear which processors were fixed by this
release, or by one of the microcode updates from 2024-05.
- Mitigations for INTEL-SA-01213 (CVE-2024-36293)
Improper access control in the EDECCSSA user leaf function for some
Intel Processors with Intel SGX may allow an authenticated user to
potentially enable denial of service via local access. Intel released
this information during the full disclosure for the 20250211 update.
Processor signature 0x906ec (9th Generation Intel Core processor).
* Updated microcodes:
sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
* source: update symlinks to reflect id of the latest release, 20240813
* postinst, postrm: switch to dpkg-trigger to run update-initramfs
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 15 Aug 2024 14:41:50 -0300
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/18197
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f4801cffc3697d57a6d47e325d2f43c785ce3416)
d8b43985e4d7 ubus: fix token_create policy
7326459bd743 ubus: dump service information on network_get
6c9c8fbd8128 service: add @all as alias for all members, unless defined differently
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 84909c62c8455a08fb8bb29bd7809ab22c927bf0)
The fixes are only for the WRT1900X and WRT1200AC.
It contains:
Deletes the driver's ability to modify the debit table.
Remove skb_get(done_skb) in txdone
Reworking ISR
clean code
Napi replaces tasklet
Add rx_decrypt feature
Signed-off-by: Michael Trinidad <trinidude4@hotmail.com>
Link: https://github.com/openwrt/openwrt/pull/17997
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18145
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for Genexis Pulse EX400 / Inteno Pulse EX400. A branded
variant for the Finnish ISP DNA has already been added in fea2264d9fdd
(ramips: mt7621: Add DNA Valokuitu Plus EX400, 2023-07-31). This commit
adds support for the generic variants with Inteno and Genexis branding.
Inteno changed its name to Genexis and both brandings exist.
In terms of electronics, there is no difference between the DNA-branded
version and other brandings. LED markings on the case are different,
though. While the DNA-version has a "software-update" LED, the other
versions have a WPS LED. To reduce user confusion, create a separate
image.
Add the different device-tree with the different LED and rename things
to work the same way for both variants.
Specifications:
- Device: Genexis Pulse EX400 / Inteno Pulse EX400
- SoC: MT7621A
- Flash: 256 MB NAND
- RAM: 256 MB
- Ethernet: Built-in, 2 x 1 GbE
- Wifi: MT7603 2.4 GHz 2x2 MIMO, MT7615 5 GHz 4x4 MU-MIMO
- USB: 1x 2.0
- LEDs (GPIO): green/red status, green WPS
- LEDs (SX9512, unsupported): Broadband, Wi-Fi 2.4G, Wi-Fi 5G
- Buttons (GPIO): Reset
- Buttons (SX9512, unsupported): Wi-Fi 2.4G, Wi-Fi 5G, WPS
MAC addresses:
- LAN: U-Boot 'ethaddr' (label)
- WAN: label + 1
- 2.4 GHz: label + 6
- 5 GHz: label + 7
Serial:
There is a black block connector next to the red ethernet connector. It
is accessible also through holes in the casing.
Pinout (TTL 3.3V)
+---+---+
|Tx |Rx |
+---+---+
|Vcc|Gnd|
+---+---+
Firmware:
The vendor firmware is a fork of OpenWrt (Reboot) with a kernel version
4.4.93. The flash is arranged as below and there is a dual boot
mechanism alternating between rootfs_0 and rootfs_1.
+-------+------+------+-----------+-----------+
| | env1 | env2 | rootfs_0 | rootfs_1 |
| +------+------+-----------+-----------+
| | UBI volumes |
+-------+-------------------------------------+
|U-Boot | UBI |
+-------+-------------------------------------+
|mtd0 | mtd1 |
+-------+-------------------------------------+
| NAND |
+---------------------------------------------+
In OpenWrt rootfs_0 will be used as a boot partition that will contain the
kernel and the dtb. The squashfs rootfs and overlay are standard OpenWrt
behaviour.
+-------+------+------+-----------+--------+------------+
| | env1 | env2 | rootfs_0 | rootfs | rootfs_data|
| +------+------+-----------+--------+------------+
| | UBI volumes |
+-------+-----------------------------------------------+
|U-Boot | UBI |
+-------+-----------------------------------------------+
|mtd0 | mtd1 |
+-------+-----------------------------------------------+
| NAND |
+-------------------------------------------------------+
U-boot:
With proper serial access, booting can be halted to U-boot by pressing
any key. TFTP and flash writes are available, but only the first one has
been tested.
NOTE: Recovery mode can be accessed by holding down the reset button while
powering on the device. The led 'Update' will show a solid green light
once ready. A web server will be running at 192.168.1.1:80 and it will
allow flashing a firmware package. You can cycle between rootfs_0 and
rootfs_1 by pressing the reset button once.
Root password:
With the vendor web UI create a backup of your settings and download the
archive to your computer. Within the archive in the file
/etc/shadow replace the password hash for root with that of a password you
know. Restore the configuration with the vendor web UI and you will have
changed the root password.
SSH access:
You might need to enable the SSH service for LAN interface as by default
it's enabled for WAN only.
Installing OpenWrt:
With the vendor web UI, or from the U-Boot recovery UI, install the
OpenWrt factory image. Alternatively, ssh to the device and use
sysupgrade -n from cli.
Finalize by installing the OpenWrt sysupgrade image to get a fully
functioning system.
Reverting to the vendor firmware:
Boot with OpenWrt initramfs image
- Remove volumes rootfs_0, rootfs and rootfs_data and create vendor
volumes.
ubirmvol /dev/ubi0 -n 2
ubirmvol /dev/ubi0 -n 3
ubirmvol /dev/ubi0 -n 4
ubimkvol /dev/ubi0 -N rootfs_0 -S 990
ubimkvol /dev/ubi0 -N rootfs_1 -S 990
Power off and enter to the U-boot recovery to install the vendor
firmware.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/17551
(cherry picked from commit 3e7337feead8e0a0f5a05f5b91d7d0fd7f14ec56)
Link: https://github.com/openwrt/openwrt/pull/18238
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is an industrial 4G router equipped with OpenWrt 14.07 OEM
customized version
WARNING: The original firmware device tree is common to multiple
boards, and the device tree name is H9350. This submitted device
tree is a modified version, which deletes the non-this-device parts
and adds GPIO watchdog.
Specification:
- SoC: MediaTek MT7620A
- Flash: 16 MB
- RAM: 128 MB
- Power: DC 5V-36V 1.5A
- Ethernet: 1x WAN, 4x LAN (10/100 Mbps)
- Wireless radio: 802.11n 2.4g-only
- LED:
System/Power (RUN): GPIO/26 active-low
Ethernet: 1x WAN, 4x LAN
Modem 1: GPIO/66 active-low
RF 1 (Modem 1 Signal): GPIO/67 active-low
Modem 2: GPIO 71 active-low
RF 2 (Modem 2 Signal): GPIO/24 active-low
WLAN: GPIO/72 active-low
WPS: GPIO/12 active-low
- Button:
WPS / RESET: GPIO/34 active-low
- UART: 1x UART on PCB - 115200 8N1
- GPIO Watchdog: GPIO/62 mode=toggle timeout=1s
- PCIe: 2x miniPCIe for modem
- SIM Slots: 2x SIM Slots
Issue:
- No factory partition, eeprom is located
at /lib/firmware/mt7620a.eeprom
Flash instruction:
Using UART:
1. Configure PC with a static IP address and setup an TFTP server.
2. Put rootfs into the tftp directory.
3. Connect the UART line as described on the PCB.
4. Power up the device and press Ctrl+C to break auto boot.
5. Use `system 6` command and follow the instruction to set device
and tftp server IP address and input the rootfs file name.
U-boot will then load the rootfs and write it into
the flash.
6. Use `system 1` command and follow the instruction to set device
and tftp server IP address and input the firmware file name.
U-boot will then load the firmware once.
7. Login to LuCI and use LuCI upgrade firmware.
Original Firmware Dump / More details:
https://blog.gov.cooking/archives/research-hongdian-h8922-and-flash.html
Signed-off-by: Coia Prant <coiaprant@gmail.com>
Tested-by: Coia Prant <coiaprant@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17472
Link: https://github.com/openwrt/openwrt/pull/18221
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6a1bdcf545eec8f9ed5130e7f5794fca6ee54cb3)
This board is also as known as SuperElectron ZN-M5 and ZN-M8. However,
for ZN-M5 and ZN-M8, there's another version uses ZX279128 as CPU
chip, which is unsupported.
You can check it in "高级设置" > "系统日志" > "内核日志" page from webUI.
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, WPS
Power: DC 12V 1A
Stock layout flash instructions:
Login into webUI and upload sysupgrade firmware in "系统管理" > "升级固件" page.
Remember to unselect "保留配置" ("Keep configurations") first before doing that.
OpenWrt U-Boot layout flash instructions:
1. Flash stock layout firmware first.
2. Connect to the device via SSH, and backup everything,
especially 'Factory' partition.
3. Unlock MTD partitions:
opkg update && opkg install kmod-mtd-rw
insmod mtd-rw i_want_a_brick=1
4. Write new BL2 and FIP:
mtd write openwrt-mediatek-filogic-cmcc_a10-ubootmod-preloader.bin BL2
mtd write openwrt-mediatek-filogic-cmcc_a10-ubootmod-bl31-uboot.fip FIP
5. Set static IP on your PC:
IP 192.168.1.254/24, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/18121
(cherry picked from commit 96c6608346758ceffebf30d74cab00db58874bb9)
[sync uboot defconfigs with 24.10 branch, change apk to opkg]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/18218
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Trying to tcpdump DSA conduits results in errors such as
"unsupported DSA tag: mtk".
Backport two commits adding support for various DSA tags to libpcap.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fad94e8cda573389164827dc74e583d10eeae2e5)
Currently, enabling USB, BT or Netfilter support after initial compilation
will not trigger a rebuild, so add the missing PKG_CONFIG_DEPENDS so
that rebuild gets triggered.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit fe37574be63ef7c6c1c1e611f052ed25c99a8aa1)
`ucv_array_set` releases the array's reference to the object being cleared.
If this is the last reference to the object, it will be freed, making our
pointer `val` invalid.
To avoid this, we need to obtain our own reference to the object so we
can safely return `val`.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
(cherry picked from commit 6a10da2934441a59283394a84917edf4983e3043)
Since `wpa_ucode_registry_add` collects its own reference to the values added, the
two functions `hostapd_ucode_bss_get_uval` and `hostapd_ucode_iface_get_uval` would
sometimes return a referenced object (from `uc_resource_new`) and sometimes return
an unreferenced object (from `wpa_ucode_registry_get`). Now, both functions always
return a referenced object.
This change also indirectly fixes `hostapd_ucode_bss_get_uval`, ensuring it now
always returns a referenced object.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7729f960933a03c9eebd2b65a695ea57718ccb77)
Remove extra ucv_get calls when passing a referenced value to an object
without using it further.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 22eaf1864731dd29918357b26565dbd9420fd314)
This fixes a common reference counting bug typically along the lines of:
```
uc_value_push(ucv_get(ucv_string_new(...)));
```
This would leave our new string with a reference count of 2, one from
the construction of the string, the other from `ucv_get`. This would
prevent the strings from being correctly cleaned up when it goes out
of scope.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
(cherry picked from commit f79968ee0f76c41414fb0c08980b9c2a259964d3)
75a236be122a service: add missing null pointer check
f5341f327539 ubus: add api for generating and validating security tokens
3fab99eab4d5 add udebug support
28d86bd30e97 pex: only respond to update requests when we have network data
8e6f37cc361e pex-msg: ignore no-data responses if version is zero
12e6cf7f63e1 pex: create pex host from update responses
edc8fdae463a ubus: show the local addresses in network status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit ce68f61cb67a4701a108f838f510e72ca63ed78e)
ethtool since version 6.9 introduced support for getting/setting RSS
input transformation supported in Linux since version 6.8.
The now changed kernel ioctl ABI, however, cannot be detected from
userland, and ethtool since version 6.9 simply assumes that a previously
reserved field is now used to set the input transformation.
Unfortunately the default value RXH_XFRM_NO_CHANGE (0xff) used by ethtool
userland creates an incompatibility with older kernels which cannot be
resolved easily without introducing even more ABI breakage.
Work-around the issue and fix support for --set-rxfh and --set-rxfh-indir
ethtool userland tool commands by making the support for input_xfrm
conditional on compile time, and keep it disabled for Linux 6.6.
Fixes: 8c2dcd1518 ("ethtool: update to 6.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit 3a7467ffde413677de5465dde78a62dfa8d6774f)
Version 6.11 - October 8, 2024
* Feature: cmis: print active and inactive firmware versions
* Feature: flash transceiver module firmware (--flash-module-firmware)
* Feature: add T1BRR 10Mb/s mode to link mode tables
* Feature: support for disabling netlink from command line
* Fix: fix lanes parameter format specifier
* Fix: add missing clause 33 PSE manual description
* Fix: qsf: Better handling of Page A2h netlink read failure
* Fix: rss: retrieve ring count using ETHTOOL_GRXRINGS ioctl (-x)
* Misc: man page formatting fix
* changelog here: https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/NEWS?id=c0ea4b70c71334ef038f7a3416b228a50dada406
Tested on gl.inet MT6000, retrieve ring count is now working
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17607
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9454331b7fc896704a2c60b28767c282eb9ca0bd)
Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
1. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17947
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b4e6fd7b76440076eeff3a0789d40acbb5363ecf)
b43aeb5 wireless-regdb: assert and correct maximum bandwidth within frequency difference
68588bf wireless-regdb: Update regulatory info for Syria (SY) for 2020
0dda57e wireless-regdb: Update regulatory info for Moldova (MD) on 6GHz for 2022
b19ab0b wireless-regdb: Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024
f67f40d wireless-regdb: Update regulatory info for Oman (OM)
bd70876 wireless-regdb: Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz
6c7cbcc wireless-regdb: Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT
f9f6b30 wireless-regdb: Update regulatory rules for Austria (AT)
39b47ea wireless-regdb: Update regulatory info for Cayman Islands (KY) for 2024
3dd7ceb wireless-regdb: allow NO-INDOOR flag in db.txt
4d754a1 wireless-regdb: Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021
8c8308a wireless-regdb: Update frequency range with NO-INDOOR for Oman (OM)
c2f11e2 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Rudy Andram <rmandrad@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17957
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit da2cc98458f46745de95e88b6066620fbd02b190)
Check the return value of malloc and pread in case they fail.
Signed-off-by: Qiyuan Zhang <zhang.github@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/16070
(cherry picked from commit 3f014543cd4bd099dc089cbb9b9b2d7b0db8a021)
Signed-off-by: Rafal Boni <rafal.boni@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17889
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fix a bug in linksys_bootcount.c that resetbc won't work on nand
with min I/O size> 2048.
Check the boot-log entry's intergrity with checksum.
Signed-off-by: Qiyuan Zhang <zhang.github@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/16070
(cherry picked from commit 62da99e6d506f3517f50c1efd61e1911df507ae3)
Signed-off-by: Rafal Boni <rafal.boni@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17889
Signed-off-by: Robert Marko <robimarko@gmail.com>
`$(( ))` will convert uninitialized variable to "0". If we want to
use "-n" to check the string length, it's necessary to make sure the
converted variable is not empty.
Fixes: 652a6677d5fa ("base-files: Add new functions for ath11k caldata")
Fixes: https://github.com/openwrt/openwrt/issues/17818
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/17892
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 094b6f593fb4943005e13e2f8581e66bb7c2c8cf)
When eeprom name is not defined, the file load function should
return an error code so that it can fallthrough to read eeprom
form NIC inside eFuse.
Fixes: https://github.com/openwrt/openwrt/issues/17854
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/17892
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 693108a31835d43d5e92f116b4dbd9fbed06b7ed)
It seems the that this was forgotten during initial adding of the
device in 0688cf5aebe1dc9a2e7f3820861783c2a7a75d44
Thanks to
https://forum.openwrt.org/t/zyxel-gs1900-10hp-revision-b1-support-openwrt-firmware/131841/32
for putting me on the right track for this problem
Error that is being fixed - running fw_printenv results in:
"Warning: Bad CRC, using default environment"
and not showing boardmodel
Workaround, manually changing /etc/fw_env.config to
"/dev/mtd1 0x0 0x400 0x10000"
Signed-off-by: Klaas Demter <psychic-stool-cozy@duck.com>
Link: https://github.com/openwrt/openwrt/pull/17920
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 71a966c480432febcc5dd120e5b01662fa8ec328)
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c286170d ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8118b2dace06de839e1e23f018059995f4af5e11)
The 00 address_mask needs to be inverted, otherwise the mac address
allocation will modify the last byte instead of the first one.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 1ee44825ad0d00527c8850446affc820d74c6e8b)
93458ac dns: fix response to TYPE_PTR query
68af311 fix unicast response port and timeout
a2b4979 service: announce all services in single dns answer
4537734 display announced services in ubus call umdns browse
0b50c29 display more srv attributes in output of ubus browse function
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit d162fd5ed44af7a33c9aefd72479c1c77f3234e4)
c293afa01c13 network: add support for the local_network option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c34eee5f39827ca38c9d4d0acef46848098867fe)
322500403615 service: add default group @ to match all nodes
5f7860306200 ubus: rename unetd_ubus_notify to unetd_ubus_network_notify
d13752814651 enroll: add PEX sub-protocol to support enrolling new nodes into a network
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c0f06cb6ac002ce90c10839b3d98aed8b41a2da5)
