| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specification:
CPU: MT7628 580 MHz. MIPS 24K
RAM: 128 MB
Flash: 32 MB
WIFI: 802.11n/g/b 20/40 MHz
Ethernet: 5 Port ethernet switch
UART: 2x
Flash instruction:
The U-boot is based on Ralink SDK so we can flash the firmware using UART:
1. Configure PC with a static IP address and setup an TFTP server.
2. Put the firmware into the tftp directory.
3. Connect the UART0 line as described on the PCB.
4. Power up the device and press 2, follow the instruction to
set device and tftp server IP address and input the firmware
file name. U-boot will then load the firmware and write it into
the flash.
5. After firmware is started connect via ethernet at 192.168.1.1
Signed-off-by: Liu Yu <f78fk@live.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [removed dupped subject]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specification:
- Qualcomm Atheros SoC QCA9558
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100/1000 Mbps Ethernet
- 3T3R 2.4 GHz (QCA9558 WMAC)
- 3T3R 5.8 Ghz (QCA9880-BR4A, Senao PCE4553AH)
https://fccid.io/A8J-ECB1750
Tested and working:
- lan, wireless, leds, sysupgrade (tftp)
Flash instructions:
1.) tftp recovery
- use a 1GbE switch or direct attached 1GbE link
- setup client ip address 192.168.1.10 and start tftpd
- save "openwrt-ath79-generic-engenius_ecb1750-initramfs-kernel.bin" as "ap.bin" in tfpd root directory
- plugin powercord and hold reset button 10secs.. "ap.bin" will be downloaded and executed
- afterwards login via ssh and do a sysuprade
2.) oem webinterface factory install (not tested)
Use normal webinterface upgrade page und select "openwrt-ath79-generic-engenius_ecb1750-squashfs-factory.bin".
3.) oem webinterface command injection
OEM Firmware already running OpenWrt (Attitude Adjustment 12.09).
Use OEM webinterface and command injection. See wiki for details.
https://openwrt.org/toh/engenius/engenius_ecb1750_1
Signed-off-by: sven friedmann <sf.openwrt@okay.ms>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[use interrupt-driven "gpio-keys" binding]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Linksys EA8300 is based on QCA4019 and QCA9888 and provides three,
independent radios. NAND provides two, alternate kernel/firmware
images with fail-over provided by the OEM U-Boot.
Installation:
"Factory" images may be installed directly through the OEM GUI.
Hardware Highlights:
* IPQ4019 at 717 MHz (4 CPUs)
* 256 MB NAND (Winbond W29N02GV, 8-bit parallel)
* 256 MB RAM
* Three, fully-functional radios; `iw phy` reports (FCC/US, -CT):
* 2.4 GHz radio at 30 dBm
* 5 GHz radio on ch. 36-64 at 23 dBm
* 5 GHz radio on ch. 100-144 at 23 dBm (DFS), 149-165 at 30 dBm
#{ managed } <= 16, #{ AP, mesh point } <= 16, #{ IBSS } <= 1
* All two-stream, MCS 0-9
* 4x GigE LAN, 1x GigE Internet Ethernet jacks with port lights
* USB3, single port on rear with LED
* WPS and reset buttons
* Four status lights on top
* Serial pads internal (unpopulated)
"Linksys Dallas WiFi AP router based on Qualcomm AP DK07.1-c1"
Implementation Notes:
The OEM flash layout is preserved at this time with 3 MB kernel and
~69 MB UBIFS for each firmware version. The sysdiag (1 MB) and
syscfg (56 MB) partitions are untouched, available as read-only.
Serial Connectivity:
Serial connectivity is *not* required to flash.
Serial may be accessed by opening the device and connecting
a 3.3-V adapter using 115200, 8n1. U-Boot access is good,
including the ability to load images over TFTP and
either run or flash them.
Looking at the top of the board, from the front of the unit,
J3 can be found on the right edge of the board, near the rear
|
J3 |
|-| |
|O| | (3.3V seen, open-circuit)
|O| | TXD
|O| | RXD
|O| |
|O| | GND
|-| |
|
Unimplemented:
* serial1 "ttyQHS0" (serial0 works as console)
* Bluetooth; Qualcomm CSR8811 (potentially conected to serial1)
Other Notes:
https://wikidevi.com/wiki/Linksys_EA8300 states
FCC docs also cover the Linksys EA8250. According to the
RF Test Report BT BR+EDR, "All models are identical except
for the EA8300 supports 256QAM and the EA8250 disable 256QAM."
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Consistently handle boot-count reset and upgrade across
ipq40xx, ipq806x, kirkwood, mvebu
Dual-firmware devices often utilize a specific MTD partition
to record the number of times the boot loader has initiated boot.
Most of these devices are NAND, typically with a 2k erase size.
When this code was ported to the ipq40xx platform, the device in hand
used NOR for this partition, with a 16-byte "record" size. As the
implementation of `mtd resetbc` is by-platform, the hard-coded nature
of this change prevented proper operation of a NAND-based device.
* Unified the "NOR" variant with the rest of the Linksys variants
* Added logging to indicate success and failure
* Provided a meaningful return value for scripting
* "Protected" the use of `mtd resetbc` in start-up scripts so that
failure does not end the boot sequence
* Moved Linksys-specific actions into common `/etc/init.d/bootcount`
For upgrade, these devices need to determine which partition to flash,
as well as set certain U-Boot envirnment variables to change the next
boot to the newly flashed version.
* Moved upgrade-related environment changes out of bootcount
* Combined multiple flashes of environment into single one
* Current-partition detection now handles absence of `boot_part`
Runtime-tested: Linksys EA8300
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[checkpatch.pl fixes, traded split strings for 80+ chars per line]
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify the title to match the following format, as it's enough
to uniquely identify a device:
<manufacturer> <model>
This matches what's done for other targets and has the
added benefit of creating a sorted-by-manufacturer list
of devices on menuconfig
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ZBT WE826-E is a dual-SIM version of the ZBT WE826. The router has the
following specifications:
- MT7620A (580 MHz)
- 128MB RAM
- 32MB of flash (SPI NOR)
- 5x 10/100Mbps Ethernet (MT7620A built-in switch)
- 1x microSD slot
- 1x miniPCIe slot (only USB2.0 bus)
- 2x SIM card slots (standard size)
- 1x USB2.0 port
- 1x 2.4GHz wifi (rt2800)
- 10x LEDs (4 GPIO-controlled)
- 1x reset button
The following have been tested and working:
- Ethernet switch
- wifi
- miniPCIe slot
- USB port
- microSD slot
- sysupgrade
- reset button
Installation and recovery:
In order to install OpenWRT the first time or recover the router, you
can use the web-based recovery system. Keep the reset button pressed
during boot and access 192.168.1.1 in your browser when your machine
obtains an IP address. Upload the firmware to start the recovery
process.
How to swap SIMs:
You control which SIM slot to use by writing 0/1 to
/sys/class/gpio/gpio13/value. In order for the change to take effect,
you can either use AT-commands (AT+CFUN) or power-cycle the modem (write
0/1 to /sys/class/gpio/gpio14/value).
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Head Weblink HDRM200 is a dual-sim router based on MT7620A. The detailed
specifications are:
- MT7620A (580MHz)
- 64MB RAM
- 16MB of flash (SPI NOR)
- 6x 10/100Mbps Ethernet (MT7620A built-in switch)
- 1x microSD slot
- 1x miniPCIe slot (only USB2.0 bus). Device is shipped with a SIMCOM
SIM7100E LTE modem.
- 2x SIM slots (standard size)
- 1x USB2.0 port
- 1x 2.4GHz wifi (rt2800)
- 1x 5GHz wifi (mt7612)
- 1x reset button
- 1x WPS button
- 3x GPIO-controllable LEDs
- 1x 10 pin terminal block (RS232, RS485, 4 x GPIO)
Tested:
- Ethernet switch
- Wifi
- USB slot
- SD card slot
- miniPCIe-slot
- sysupgrade
- reset button
Installation instructions:
Installing OpenWRT for the first time requires a bit of work, as the
board does not ship with OpenWRT. In addition, the bootloader
automatically reboots when installing an image over tftp. In order to
install OpenWRT on the HDRM200, you need to do the following:
* Copy the initramfs-image to your tftp-root (default filename is
test.bin) and configure networking accordingly (default server IP is
10.10.10.3, client 10.10.10.123). Start your tftp server.
* Open the board and connect to UART. The pins are exposed and clearly
marked.
* Boot the board and press 1.
* Either use the default filename and client/server IP-addresses, or
specify your own.
The image should now be loaded to memory and board boot. If the router
reboots while the image is loading, you need to try again. Once the
board has booted, copy the sysupgrade-image to the router and run
sysupgrade in order to install OpenWRT to the flash.
Notes:
- You control which SIM slot to use by writing 0/1 to
/sys/class/gpio/gpio0/value. In order for the change to take
effect, you can either use AT-commands (AT+CFUN) or power-cycle the
modem (write 0/1 to /sys/class/gpio/gpio21/value).
- RS485 is available on /dev/ttyS0.
- RS232 is available on /dev/ttyS1.
- The name of the ioX-gpios map to the labels on the casing.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[fixed whitespace issue and merge conflict in target.mk]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
| |
These dts itself are incomplete (e.g. missing mtd partitions) and its
deivce support is never added to ath79 target.
Drop these unused dts for now.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit e9652e1696d9 ("ath79: fix pinmux for ar933x devices") I've
wrongly changed desired register value to 0xf8 although it should've
been set to 0x0.
0xf8 value sets bits 3-7 (ETH_SWITCH_LEDx_EN) to 1 which actually
enables ethernet switch LEDs, so 0x0 is correct value in order to use
the pins as GPIO.
Fixes: e9652e1696d9 ("ath79: fix pinmux for ar933x devices")
Reported-by: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
Simply dumped content of this regs in ar71xx and wrote them to DTS, as a
result port 6 on the switch will appear disconnected as on Archer C7v4.
[AS: testing and PORT6_STATUS fix]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a new variable DISABLED_SERVICES to ImageBuilder Makefile, which
defines a list of services (installed as /etc/init.d/*) to be disabled
during the build of a custom image (normally all are enabled).
It comes handy when a particular service should not be run under normal
circumstances, but should be ready in the image for situations when it
might be needed.
Signed-off-by: Richard Musil <risa2000x@gmail.com>
|
|
|
|
|
|
|
|
| |
Reset button support seems to be missing in ath79.
Run-tested on CPE210 v2.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Properly disable the SoC's internal Switch LEDs on the pinmux.
Devices that previously called ath79_gpio_function_disable for
the switch LEDs, just need to reference switch_led_pins in the
pinctrl-0 property of the gpio-leds node.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
[changed desired pinctrl register value from 0x1f to proper 0xf8]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
[renamed pinmux name to switch_led_disable_pins to make purpose more clear]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
| |
This devices have LEDs connected to the SoC's GPIOs, so it makes no
sense to fiddle with ar8327 LED regs.
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
Network for the Archer C25 v1 is set up without switch for no
obvious reason. The LED setup is even done switch-based.
This patch changes network setup so a switch is created.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
| |
for better identification. Also create SUPPORTED_DEVICES string from it
which corresponds to dts compatible string.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
|
| |
The driver is for the I2C mux.
Schematic available at https://doc.turris.cz/doc/_media/rtrom01-schema.pdf
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit eae6cac6a3 ("lantiq: add support for AVM FRITZ!Box 7362 SL"), but
one needs an initramfs image to flash OpenWrt from stock firmware (as
described in the commit log). This patch has the initramfs image built
by default.
Thanks to blogic (for pointing to the FEATURES declaration in the target
Makefiles) and Musashino on the forum for suggesting
config/Config-images.in needed editing too. While at it, reorder the
TARGET_INITRAMFS_COMPRESSION_LZMA declarations alphabetically.
This patch will result in initramfs images for all lantiq subtargets
that have the ramdisk flag set. I tested on the falcon and ase
subtargets, which lack that flag, to confirm they don't produce any
initramfs images with this patch - which they do not.
Given the limited scope of the lantiq (sub)target(s), blogic indicated
this should be OK.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[fixed the wrong reference to eae6cac6a3 commit]
|
|
|
|
|
|
|
|
|
| |
OpenWrt is completely compiled from sources using a 64 bit compiler, we
do not need support for the old 32 bit MIPS interface on 64 Bit CPUs,
deactivate it.
Fixes: 46af22de16b2 ("kernel: Remove CONFIG_COMPAT")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
OpenWrt is completely compiled from sources using a 64 bit compiler, we
do not need support for the old 32 bit MIPS interface on 64 Bit CPUs,
deactivate it.
Fixes: 46af22de16b2 ("kernel: Remove CONFIG_COMPAT")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
This refreshes the kernel configuration with "make kernel_oldconfig"
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
This moves some new configuration options to the generic kernel
configuration instead of configuring them for each target on our own.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the following compilation issue that was introduced with the bump
to 4.14.118:
CC drivers/gpio/gpiolib-of.o
drivers/gpio/gpiolib-of.c: In function 'of_gpiochip_add':
drivers/gpio/gpiolib-of.c:510:12: error: too few arguments to function 'of_gpiochip_scan_gpios'
status = of_gpiochip_scan_gpios(chip);
^~~~~~~~~~~~~~~~~~~~~~
drivers/gpio/gpiolib-of.c:247:5: note: declared here
int of_gpiochip_scan_gpios(struct gpio_chip *chip, unsigned int start,
^~~~~~~~~~~~~~~~~~~~~~
scripts/Makefile.build:326: recipe for target 'drivers/gpio/gpiolib-of.o' failed
Fixes: 09050b6fe228 ("kernel: bump 4.14 to 4.14.118")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 060-v5.1-serial-ar933x_uart-Fix-build-failure-with-disabled-c.patch
- 400-v5.2-leds-trigger-netdev-fix-refcnt-leak-on-interface-ren.patch
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 060-v5.1-serial-ar933x_uart-Fix-build-failure-with-disabled-c.patch
Altered:
- 143-gpio-fix-device-tree-gpio-hogs-on-dual-role-gpio-pin.patch
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar7
Runtime-tested on: none
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
|
| |
This target got bumped to 4.14 a long time ago
in commit: 2308b87204206d84b6bf3dbc3d72591611cc6b78
Remove all leftover 4.9 files.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
|
|
| |
CONFIG_HW_RANDOM_OMAP is not set to any value after kmod-random-omap was
removed, add the configuration option to the generic configuration.
Fixes: cd3b29853380 ("omap24xx: Remove unmaintained target")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support for different iterations of ESPRESSObin.
The added variants are:
ESPRESSObin with soldered eMMC,
ESPRESSObin V7, compared to V5 some passive elements changed and ethernet
ports labels positions have been reversed,
ESPRESSObin V7 with soldered eMMC.
Please refer to:
584d7c5 ("mvebu: new subtarget cortex A53")
for instruction how to boot OpenWrt image placed on SD card. It is
advised for owners of V5 and previous with bootloader based on U-Boot
2015.01, to upgrade the latest version available at:
http://espressobin.net/tech-spec.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
|
| |
Convert whole target to Device Tree based board detection instead of
identifying devices by dts file name. With this we can drop mvebu.sh
translation script and rely on common method for model detection.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
|
|
|
| |
Add vendors in device names and also rename few device names, for easier
identyfying potential firmware to flash. The vendor and device string is
mainly derived from model/compatipble string in dts from particular
device, but since not all devices are well described, some of the renames
follow marketing names.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
| |
Use make syntax to pass the U-Boot image location and boot with root
partitions size, instead of relying on shell functions and variables.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
|
| |
Drop overly complex amount of defines wich are referenced in the same
devices pool and move image recipes to common define, since devices not
using them overwrite it.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
|
|
|
|
|
| |
All of U-Boot scripts repeat the same pattern with only Device Tree blob
name changing for respective device. Therefore create generic scripts
which will be altered on demad by image build process, and create
BOOT_SCRIPT variable which can be added to device recipe and will allow
referencing the same script by many device recipes. This will allow to
slim down the ammount of files in buildroot tree and avoid needlessly
incrementing amount of boot scripts if new devices will be added.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
| |
All of arm64 devices have part of variables repeatedly defined. Stack
them to common define, and reference it in each device recipe.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
|
|
| |
Even if dts is not included in upstream Makefile, it is built anyway by
recipe specified in include/image.mk. Also remove Build/dtb, it's not
used since 3f72f3a ("mvebu: clearfog: include DTB for all variants in
image").
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch backports verbatim the commits from Linux 5.0 and 5.1
that implemented support for GigaDevice SPI NAND A and E variants.
Supported only in Linux 4.19 and later as based on the upstream
drivers/mtd/nand/spi/ framework.
mtd-spinand-add-support-for-GigaDevice-GD5FxGQ4xA.patch
commit c93c613214ac (5.0)
mtd-spinand-Add-support-for-GigaDevice-GD5F1GQ4UExxG.patch
commit c40c7a990a46 (5.1)
Run-tested-on: GL.iNet AR750S
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
|
|
|
|
|
|
|
|
| |
This was done like this:
./scripts/kconfig.pl '+' target/linux/generic/config-4.14 /dev/null > target/linux/generic/config-4.14-new
mv target/linux/generic/config-4.14-new target/linux/generic/config-4.14
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
This is activate for all other targets except gemini, also activate it
there.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
This is already activated for all other ARM targets
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
This activates "Supervisor Mode Access Prevention". modern CPUs will
prevent the kernel code from accessing any data from the userspace
without the usage of copy_to_user() or copy_from_user()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
| |
CONFIG_BINFMT_MISC allows it to add support for new executable formats
to the kernel from user space, the kernel will then detect for example a
java binary and call the java execution program automatically. I am not
aware that this feature is used in OpenWrt and this could be used to
exploit something. Deactivate it for all targets for now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
This is deactivated by default and should be manually activated in the
OpenWrt kernel configuration
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
| |
Some targets deactivated CONFIG_SYN_COOKIES, for unknown reasons, use
the default setting from the generic configuration which activates
CONFIG_SYN_COOKIES.
This should prevent SYN flooding.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
| |
These were renamed to CONFIG_STRICT_KERNEL_RWX and CONFIG_STRICT_MODULE_RWX and are
activated in kernel 4.14 and later by default.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
| |
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This adds additional checks to the copy_from_user() and copy_to_user()
functions. The details are described in this article:
https://lwn.net/Articles/695991/
This should only have a very small performance impact on system calls
and should not affect routing performance.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
Add some read-only properties to protect partitions from
accidental changes.
Also fixed two whitespaces error on the way.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
| |
The factory firmware omits the JFFS2 end-marker while flashing via
web-interface. Add a 64k padding after the marker fixes this problem.
When the end-marker is not present, OpenWRT won't save the overlayfs
after initial flash.
Reported-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
|