Update build_features.h

Update Makefile
Update Config.in
2025-03-03 22:34:56 +08:00 · 2025-03-03 22:34:25 +08:00 · 2025-03-03 22:32:34 +08:00 · 2025-02-26 20:10:01 +08:00 · 2024-11-22 09:31:49 +00:00 · 2024-10-15 02:41:07 +00:00
13380 changed files with 1456305 additions and 1418321 deletions
--- a/.github/workflows/openwrt-ci.yml
+++ b/.github/workflows/openwrt-ci.yml
@@ -5,6 +5,13 @@
 #
 # Copyright (C) 2020 KFERMercer
 #
+# 
+# <https://github.com/KFERMercer/OpenWrt-CI>
+#
+# Copyright (C) 2019 P3TERX
+#
+# Copyright (C) 2020 KFERMercer
+#
 name: OpenWrt-CI

 on:
@@ -12,44 +19,83 @@ on:
    - cron: 0 20 * * *
  release:
    types: [published]
+  repository_dispatch:
+  workflow_dispatch:
+    
+permissions:
+  contents: read

 jobs:

  build_openwrt:

+    permissions:
+      contents: write # for release creation
+
    name: Build OpenWrt firmware

    runs-on: ubuntu-latest

-    if: github.event.repository.owner.id == github.event.sender.id
+    if: github.event.repository.owner.id == github.event.sender.id || ! github.event.sender.id

    steps:

      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
-          ref: master
+          ref: stable

      - name: Space cleanup
        env:
          DEBIAN_FRONTEND: noninteractive
        run: |
          docker rmi `docker images -q`
-          sudo rm -rf /usr/share/dotnet /etc/mysql /etc/php /etc/apt/sources.list.d
-          sudo -E apt-get -y purge azure-cli ghc* zulu* hhvm llvm* firefox google* dotnet* powershell openjdk* mysql* php* android*
-          sudo -E apt-get update
-          sudo -E apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs gcc-multilib g++-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler antlr3 gperf swig
+          sudo rm -rf /usr/share/dotnet /etc/mysql /etc/php /etc/apt/sources.list.d /usr/local/lib/android
+          sudo -E apt-get -y purge azure-cli ghc* zulu* hhvm llvm* firefox google* dotnet* powershell openjdk* adoptopenjdk* mysql* php* mongodb* dotnet* moby* snapd* || true
+          sudo -E apt-get update 
+          sudo -E apt-mark hold grub-efi-amd64-signed
+          sudo -E apt-get -y install ack antlr3 aria2 asciidoc autoconf automake autopoint binutils bison build-essential bzip2 ccache cmake cpio curl device-tree-compiler fastjar flex gawk gettext gcc-multilib g++-multilib git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libglib2.0-dev libgmp3-dev libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libreadline-dev libssl-dev libtool lrzsz mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip libpython3-dev qemu-utils rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
+          pip3 install pyelftools
          sudo -E apt-get -y autoremove --purge
          sudo -E apt-get clean
-
          df -h

      - name: Update feeds
        run: |
-          sed -i 's/#src-git helloworld/src-git helloworld/g' ./feeds.conf.default
          ./scripts/feeds update -a
-          ./scripts/feeds install -a
-
+          ./scripts/feeds install -a -f
+          echo '
+          CONFIG_TARGET_rockchip=y
+          CONFIG_TARGET_rockchip_armv8=y
+          CONFIG_TARGET_MULTI_PROFILE=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_doornet1=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_doornet2=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-1=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-1n=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-2=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-2n=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-4=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-5=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopc-t6=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r2c=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r2s=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r4s=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r4se=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r5c=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r5s=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r6c=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r6s=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_hinlink_h88k=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_hinlink_opc-h66k=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_hinlink_opc-h68k=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_hinlink_opc-h69k=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_radxa_zero-3e=y
+          CONFIG_TARGET_KERNEL_PARTSIZE=64
+          CONFIG_TARGET_ROOTFS_PARTSIZE=512
+          CONFIG_TARGET_ROOTFS_TARGZ=y
+          CONFIG_TARGET_ROOTFS_EXT4FS=y
+          CONFIG_TARGET_ROOTFS_SQUASHFS=y
+          ' >> .config
      - name: Generate configuration file
        run: make defconfig

@@ -69,7 +115,6 @@ jobs:
          du -h --max-depth=1 ./ --exclude=build_dir --exclude=bin
          du -h --max-depth=1 ./build_dir
          du -h --max-depth=1 ./bin
-
      - name: Prepare artifact
        run: |
          mkdir -p ./artifact/firmware
@@ -79,21 +124,21 @@ jobs:
          cp -rf $(find ./bin/targets/ -type f) ./artifact/firmware/
          cp -rf $(find ./bin/packages/ -type f -name "*.ipk") ./artifact/package/
          cp -rf $(find ./bin/targets/ -type f -name "*.buildinfo" -o -name "*.manifest") ./artifact/buildinfo/
-
+          
      - name: Deliver buildinfo
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
        with:
          name: OpenWrt_buildinfo
          path: ./artifact/buildinfo/

      - name: Deliver package
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
        with:
          name: OpenWrt_package
          path: ./artifact/package/

      - name: Deliver firmware
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
        with:
          name: OpenWrt_firmware
          path: ./bin/targets/
--- a/.gitignore
+++ b/.gitignore
@@ -1,33 +1,32 @@
-*.o
-.DS_Store
-.*.swp
-/env
-/dl
-/.config
-/.config.old
-/bin
-/build_dir
-/staging_dir
-/tmp
-/logs
-/feeds
-/feeds.conf
-/files
-/overlay
-/package/feeds
-/package/openwrt-packages
-key-build*
-*.orig
-*.rej
-*~
-.#*
-*#
-.emacs.desktop*
-TAGS*~
-git-src
-.git-credentials
-/*.log
-.project
-.cproject
-.ccache
-.vscode*
+*.o
+.DS_Store
+.*.swp
+/env
+/dl
+/.config
+/.config.old
+/bin
+/build_dir
+/staging_dir
+/tmp
+/logs
+/feeds
+/feeds.conf
+/files
+/overlay
+/package/feeds
+/package/openwrt-packages
+/*.patch
+key-build*
+*.orig
+*.rej
+*~
+.#*
+*#
+.emacs.desktop*
+TAGS*~
+git-src
+.project
+.cproject
+.ccache
+.vscode*
--- a/Config.in
+++ b/Config.in
@@ -5,7 +5,7 @@
 mainmenu "OpenWrt Configuration"

 config MODULES
-	option modules
+	modules
 	bool
 	default y

@@ -13,6 +13,14 @@ config HAVE_DOT_CONFIG
 	bool
 	default y

+HOST_OS := $(shell, uname)
+
+config HOST_OS_LINUX
+	def_bool $(shell, ./config/check-uname.sh Linux)
+
+config HOST_OS_MACOS
+	def_bool $(shell, ./config/check-uname.sh Darwin)
+
 source "target/Config.in"

 source "config/Config-images.in"
--- a/23
+++ b/23
@@ -14,8 +14,8 @@ $(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the OpenWrt dir

 world:

-DISTRO_PKG_CONFIG:=$(shell which -a pkg-config | grep -E '\/usr' | head -n 1)
-export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
+DISTRO_PKG_CONFIG:=$(shell $(TOPDIR)/scripts/command_all.sh pkg-config | grep '/usr' -m 1)
+export PATH:=$(if $(STAGING_DIR),$(abspath $(STAGING_DIR)/../host/bin),$(TOPDIR)/staging_dir/host/bin):$(PATH)

 ifneq ($(OPENWRT_BUILD),1)
  _SINGLE=export MAKEFLAGS=$(space);
@@ -38,7 +38,7 @@ else
  include tools/Makefile
  include toolchain/Makefile

-$(toolchain/stamp-compile): $(tools/stamp-compile)
+$(toolchain/stamp-compile): $(tools/stamp-compile) $(if $(CONFIG_BUILDBOT),toolchain_rebuild_check)
 $(target/stamp-compile): $(toolchain/stamp-compile) $(tools/stamp-compile) $(BUILD_DIR)/.prepared
 $(package/stamp-compile): $(target/stamp-compile) $(package/stamp-cleanup)
 $(package/stamp-install): $(package/stamp-compile)
@@ -50,14 +50,23 @@ printdb:

 prepare: $(target/stamp-compile)

-clean: FORCE
-	rm -rf $(BUILD_DIR) $(STAGING_DIR) $(BIN_DIR) $(OUTPUT_DIR)/packages/$(ARCH_PACKAGES) $(BUILD_LOG_DIR) $(TOPDIR)/staging_dir/packages
+_clean: FORCE
+	rm -rf $(BUILD_DIR) $(STAGING_DIR) $(BIN_DIR) $(OUTPUT_DIR)/packages/$(ARCH_PACKAGES) $(TOPDIR)/staging_dir/packages

-dirclean: clean
-	rm -rf $(STAGING_DIR_HOST) $(STAGING_DIR_HOSTPKG) $(TOOLCHAIN_DIR) $(BUILD_DIR_BASE)/host $(BUILD_DIR_BASE)/hostpkg $(BUILD_DIR_TOOLCHAIN)
+clean: _clean
+	rm -rf $(BUILD_LOG_DIR)
+
+targetclean: _clean
+	rm -rf $(TOOLCHAIN_DIR) $(BUILD_DIR_BASE)/hostpkg $(BUILD_DIR_TOOLCHAIN)
+
+dirclean: targetclean clean
+	rm -rf $(STAGING_DIR_HOST) $(STAGING_DIR_HOSTPKG) $(BUILD_DIR_BASE)/host
 	rm -rf $(TMP_DIR)
 	$(MAKE) -C $(TOPDIR)/scripts/config clean

+toolchain_rebuild_check:
+	$(SCRIPT_DIR)/check-toolchain-clean.sh
+
 cacheclean:
 ifneq ($(CONFIG_CCACHE),)
 	$(STAGING_DIR_HOST)/bin/ccache -C
--- a/65
+++ b/65
@@ -1,65 +0,0 @@
-Welcome to Lean's  git source of OpenWrt and packages
-
-中文：如何编译自己需要的 OpenWrt 固件
-
-注意：
-1. 不要用 root 用户进行编译！！！
-2. 国内用户编译前最好准备好梯子
-3. 默认登陆IP 192.168.1.1, 密码 password
-
-编译命令如下:
-
-1. 首先装好 Ubuntu 64bit，推荐  Ubuntu  14 LTS x64
-
-2. 命令行输入 sudo apt-get update ，然后输入
-sudo apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3.5 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs git-core gcc-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler g++-multilib linux-libc-dev:i386
-
-3. git clone https://github.com/coolsnowwolf/lede 命令下载好源代码，然后 cd lede 进入目录
-
-4. ./scripts/feeds update -a 
-   ./scripts/feeds install -a
-   make menuconfig 
-
-5. 最后选好你要的路由，输入 make -j1 V=s （-j1 后面是线程数。第一次编译推荐用单线程，国内请尽量全局科学上网）即可开始编译你要的固件了。
-
-本套代码保证肯定可以编译成功。里面包括了 R9 所有源代码，包括 IPK 的。
-
-你可以自由使用，但源码编译二次发布请注明我的 GitHub 仓库链接。谢谢合作！
-
-特别提示：
-1.源代码中绝不含任何后门和可以监控或者劫持你的 HTTPS 的闭源软件，SSL 安全是互联网最后的壁垒。安全干净才是固件应该做到的；
-2.如有技术问题需要讨论，欢迎加入 QQ 讨论群：OP共享技术交流群 ,号码 297253733 ，加群链接: 点击链接加入群聊【OP共享技术交流群】：https://jq.qq.com/?_wv=1027&k=5yCRuXL
-3. 想学习OpenWrt开发，但是摸不着门道？自学没毅力？基础太差？怕太难学不会？跟着佐大学OpenWrt开发入门培训班助你能学有所成
-报名地址：http://forgotfun.org/2018/04/openwrt-training-2018.html
-
-去广告订阅地址默认内置来自以下源，如有去广告的误杀漏杀问题可以到这里报告：
-
-https://github.com/privacy-protection-tools/anti-AD
-
-
-Please use "make menuconfig" to choose your preferred
-configuration for the toolchain and firmware.
-
-You need gcc, binutils, bzip2, flex, python3.5+, perl, make, find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers installed.
-
-Run "./scripts/feeds update -a" to get all the latest package definitions
-defined in feeds.conf / feeds.conf.default respectively
-and "./scripts/feeds install -a" to install symlinks of all of them into
-package/feeds/.
-
-Use "make menuconfig" to configure your image.
-
-Simply running "make" will build your firmware.
-It will download all sources, build the cross-compile toolchain, 
-the kernel and all choosen applications.
-
-To build your own firmware you need to have access to a Linux, BSD or MacOSX system
-(case-sensitive filesystem required). Cygwin will not be supported because of
-the lack of case sensitiveness in the file system.
-
-
-
-Note: Addition Lean's private package source code in ./package/lean directory. Use it under GPL v3.
-
-GPLv3 is compatible with more licenses than GPLv2: it allows you to make combinations with code that has specific kinds of additional requirements that are not in GPLv3 itself. Section 7 has more information about this, including the list of additional requirements that are permitted.
-
--- a/README.md
+++ b/README.md
@@ -1,44 +1,69 @@
-欢迎来到Lean的Openwrt源码仓库！
-=
+## The source code is suitable for Rockchip OpenWrt SDK
+### Only supported devices:
+```
+embedfire_doornet1
+embedfire_doornet2
+embedfire_lubancat1
+embedfire_lubancat1n
+embedfire_lubancat2
+embedfire_lubancat2n
+friendlyarm_nanopi-r2c
+friendlyarm_nanopi-r2s
+friendlyarm_nanopi-r4s
+friendlyarm_nanopi-r4se
+friendlyarm_nanopi-r5s
+friendlyarm_nanopi-r5c
+friendlyarm_nanopi-r6c
+friendlyarm_nanopi-r6s
+friendlyarm_nanopc-t6
+hinlink_opc-h66k
+hinlink_opc-h68k
+hinlink_opc-h69k
+```

-[English](./README_EN.md)
-
-如何编译自己需要的 OpenWrt 固件
+### Next plan to add equipment:
+```
+hinlink_h88k
+```
+How to compile the OpenWrt firmware you need
 -
-注意：
+Notice:
 -
-1. **不**要用 **root** 用户进行编译！！！
-2. 国内用户编译前最好准备好梯子
-3. 默认登陆IP 192.168.1.1 密码 password
+1. **NOT** compile with **root** user! ! !
+2. Domestic users had better prepare a ladder before compiling
+3. Default login IP 192.168.1.1 password password

+2. First install the Linux system, Debian 11 or Ubuntu LTS is recommended
+3. Install compilation dependencies

-编译命令如下:
-
-1. 首先装好 Ubuntu 64bit，推荐 Ubuntu 20.04 LTS x64
+   ```bash
+   sudo apt update -y
+   sudo apt install -y ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential \
+   bzip2 ccache cmake cpio curl device-tree-compiler fastjar flex gawk gettext gcc-multilib g++-multilib \
+   git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libfuse-dev libglib2.0-dev libgmp3-dev \
+   libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libpython3-dev libreadline-dev \
+   libssl-dev libtool lrzsz mkisofs msmtp ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 \
+   python3-pyelftools python3-setuptools qemu-utils rsync scons squashfs-tools subversion swig texinfo \
+   uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
+   ```

-2. 命令行输入 `sudo apt-get update` ，然后输入
-   `
-   sudo apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3 python2.7 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs git-core gcc-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler g++-multilib antlr3 gperf wget curl swig rsync
-   `
+3. Download source code, update feeds and choose configuration

-3. 使用 `git clone https://github.com/coolsnowwolf/lede` 命令下载好源代码，然后 `cd lede` 进入目录
-
-4. ```bash
+   ```bash
+   git clone https://github.com/DHDAXCW/lede-rockchip
+   cd lede-rockchip
   ./scripts/feeds update -a
   ./scripts/feeds install -a
   make menuconfig
   ```

-5. `make -j8 download V=s` 下载dl库（国内请尽量全局科学上网）
+5. `make -j8 download V=s` download dl library

-6. 输入 `make -j1 V=s` （-j1 后面是线程数。第一次编译推荐用单线程）即可开始编译你要的固件了。
+6. Enter `make -j10 V=s` (-j1 is followed by the number of threads. It is recommended to use single thread for the first compilation) to start compiling the firmware you want.

-本套代码保证肯定可以编译成功。里面包括了 R21 所有源代码，包括 IPK 的。
+This set of code is guaranteed to compile successfully. It includes all source codes of R24, including IPK.

-你可以自由使用，但源码编译二次发布请注明我的 GitHub 仓库链接。谢谢合作！
-=
-
-二次编译：
+Second compilation:
 ```bash
 cd lede
 git pull
@@ -48,52 +73,13 @@ make -j8 download
 make -j$(($(nproc) + 1)) V=s
 ```

-如果需要重新配置：
+If reconfiguration is required:
 ```bash
 rm -rf ./tmp && rm -rf .config
 make menuconfig
 make -j$(($(nproc) + 1)) V=s
 ```

-编译完成后输出路径：bin/targets
+- Output path after compilation is complete：bin/targets

-如果你使用WSL或WSL2进行编译：
------
-由于wsl的PATH路径中包含带有空格的Windows路径，有可能会导致编译失败，请在将make -j1 V=s或make -j$(($(nproc) + 1)) V=s改为
-
-首次编译：
-```bash
-PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make -j1 V=s 
-```
-二次编译：
-```bash
-PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin make -j$(($(nproc) + 1)) V=s
-```
-
-特别提示：
------
-1. 源代码中绝不含任何后门和可以监控或者劫持你的 HTTPS 的闭源软件， SSL 安全是互联网最后的壁垒。安全干净才是固件应该做到的；
-
-2. 如有技术问题需要讨论，欢迎加入 QQ 讨论群： OP 共享技术交流群 ,号码 297253733 ，加群链接: 点击链接加入群聊【 OP 共享技术交流群】：[点击加入](https://jq.qq.com/?_wv=1027&k=5yCRuXL "OP共享技术交流群")
-
-3. 想学习 OpenWrt 开发，但是摸不着门道？自学没毅力？基础太差？怕太难学不会？跟着佐大学 OpenWrt 开发入门培训班助你能学有所成
-报名地址：[点击报名](http://forgotfun.org/2018/04/openwrt-training-2018.html "报名")
-
-## 软路由介绍
-友情推荐不恰饭：如果你在寻找一个低功耗小体积性能不错的 x86 / x64 路由器，我个人建议可以考虑 
-小马v1 的铝合金版本 ( N3710 4千兆)：[页面介绍](https://item.taobao.com/item.htm?spm=a230r.1.14.20.144c763fRkK0VZ&id=561126544764 " 小马v1 的铝合金版本")
-
-![xm1](doc/xm5.jpg)
-![xm2](doc/xm6.jpg)
-
-## 捐贈
-
-如果你觉得此项目对你有帮助，可以捐助我们，以鼓励项目能持续发展，更加完善
-
-### 支付宝
-
-![alipay](doc/alipay_donate.jpg)
-
-### 微信
-
-![wechat](doc/wechat_donate.jpg)
+- from upstream source code https://github.com/coolsnowwolf/lede
--- a/README_EN.md
+++ b/README_EN.md
@@ -1,88 +0,0 @@
-Welcome to Lean's git source of OpenWrt and packages
-=
-
-How to build your Openwrt firmware.
-
-Note:
--
-1. DO **NOT** USE **root** USER FOR COMPILING!!!
-
-2. Users within China should prepare proxy before building.
-
-3. Web admin panel default IP is 192.168.1.1 and default password is "password".
-
-Let's start!
---
-1. First, install Ubuntu 64bit (Ubuntu 20.04 LTS x86 is recommended).
-
-2. Run `sudo apt-get update` in the terminal, and then run
-    `
-    sudo apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3 python2.7 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs git-core gcc-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler g++-multilib antlr3 gperf wget curl swig rsync
-    `
-
-3. Run `git clone https://github.com/coolsnowwolf/lede` to clone the source code, and then `cd lede` to enter the directory
-
-4. ```bash
-   ./scripts/feeds update -a
-   ./scripts/feeds install -a
-   make menuconfig
-   ```
-
-5. Run `make -j8 download V=s` to download libraries and dependencies (user in China should use global proxy when possible)
-
-6. Run `make -j1 V=s` (integer following -j is the thread count, single-thread is recommended for the first build) to start building your firmware.
-
-This source code is promised to be compiled successfully.
-
-You can use this source code freely, but please link this GitHub repository when redistributing. Thank you for your cooperation!
-=
-
-Rebuild:
-```bash
-cd lede
-git pull
-./scripts/feeds update -a && ./scripts/feeds install -a
-make defconfig
-make -j8 download
-make -j$(($(nproc) + 1)) V=s
-```
-
-If reconfiguration is need:
-```bash
-rm -rf ./tmp && rm -rf .config
-make menuconfig
-make -j$(($(nproc) + 1)) V=s
-```
-
-Build result will be produced to `bin/targets` directory.
-
-Special tips:
------
-1. This source code doesn't contain any backdoors or close source applications that can monitor/capture your HTTPS traffic, SSL is the final castle of cyber security. Safety is what a firmware should achieve.
-
-2. If you have any technical problem, you may join the QQ discussion group: 297253733, link: click [here](https://jq.qq.com/?_wv=1027&k=5yCRuXL)
-
-3. Want to learn OpenWrt development but don't know how? Can't motivate yourself for self-learning? Not enough fundamental knowledge? Learn OpenWrt development with Mr. Zuo through his Beginner OpenWrt Training Course. Click [here](http://forgotfun.org/2018/04/openwrt-training-2018.html) to register.
-
-## Router Recommendation
-Not Sponsored: If you are finding a low power consumption, small and performance promising x86/x64 router, I personally recommend the 
-EZPROv1 Alumium Edition (N3710 4000M): [Details](https://item.taobao.com/item.htm?spm=a230r.1.14.20.144c763fRkK0VZ&id=561126544764)
-
-![xm1](doc/xm5.jpg)
-![xm2](doc/xm6.jpg)
-
-## Donation
-
-If this project does help you, please consider donating to support the development of this project.
-
-### Alipay
-
-![alipay](doc/alipay_donate.jpg)
-
-### WeChat
-
-![wechat](doc/wechat_donate.jpg)
-
-## Note: Addition Lean's private package source code in `./package/lean` directory. Use it under GPL v3.
-
-## GPLv3 is compatible with more licenses than GPLv2: it allows you to make combinations with code that has specific kinds of additional requirements that are not in GPLv3 itself. Section 7 has more information about this, including the list of additional requirements that are permitted.
--- a/1
+++ b/1
@@ -0,0 +1 @@
+ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential bzip2 ccache cmake cpio curl device-tree-compiler fastjar flex gawk gettext git gperf haveged help2man intltool libelf-dev libglib2.0-dev libgmp3-dev libltdl-dev vpnc libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libreadline-dev libssl-dev libtool lrzsz aria2 mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip libpython3-dev qemu-utils rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev libfuse-dev
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -14,14 +14,14 @@ config EXPERIMENTAL
 	  positive and negative). But do so only if you know how to
 	  recover your device in case of flashing potentially non-working
 	  firmware.
-	
+
 	  If you plan to use this build in production, say NO!

 menu "Global build settings"

 	config JSON_OVERVIEW_IMAGE_INFO
 		bool "Create JSON info file overview per target"
-		default BUILDBOT
+		default y
 		help
 		  Create a JSON info file called profiles.json in the target
 		  directory containing machine readable list of built profiles
@@ -58,6 +58,10 @@ menu "Global build settings"
 		bool "Enable signature checking in opkg"
 		default SIGNED_PACKAGES

+	config DOWNLOAD_CHECK_CERTIFICATE
+		bool "Enable TLS certificate verification during package download"
+		default y
+
 	comment "General build options"

 	config TESTING_KERNEL
@@ -107,7 +111,7 @@ menu "Global build settings"
 		default n
 		help
 		  This makes file checksums part of package metadata. It increases size
-		  but provides you with pkg_check command to check for flash coruptions.
+		  but provides you with pkg_check command to check for flash corruptions.

 	config INCLUDE_CONFIG
 		bool "Include build configuration in firmware" if DEVEL
@@ -148,19 +152,29 @@ menu "Global build settings"
 		default n
 		help
 		  Adds -g3 to the CFLAGS.
+		  
+	config USE_GC_SECTIONS
+		bool
+		prompt "Dead code and data elimination for all packages (EXPERIMENTAL)"
+		help
+		  Places functions and data items into its own sections to use the linker's
+		  garbage collection capabilites.
+		  Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-gc-sections
+
+	config USE_LTO
+		bool
+		prompt "Use the link-time optimizer for all packages (EXPERIMENTAL)"
+		help
+		  Adds LTO flags to the CFLAGS and LDFLAGS.
+		  Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-lto

 	config IPV6
-		bool
-		prompt "Enable IPv6 support in packages"
-		default y
-		help
-		  Enables IPv6 support in kernel (builtin) and packages.
+		def_bool y

 	comment "Stripping options"

 	choice
 		prompt "Binary stripping method"
-		default USE_STRIP   if EXTERNAL_TOOLCHAIN
 		default USE_STRIP   if USE_GLIBC
 		default USE_SSTRIP
 		help
@@ -217,20 +231,6 @@ menu "Global build settings"
 		  make the system libraries incompatible with most of the packages that are
 		  not selected during the build process.

-	choice
-		prompt "Preferred standard C++ library"
-		default USE_LIBSTDCXX if USE_GLIBC
-		default USE_UCLIBCXX
-		help
-		  Select the preferred standard C++ library for all packages that support this.
-
-		config USE_UCLIBCXX
-			bool "uClibc++"
-
-		config USE_LIBSTDCXX
-			bool "libstdc++"
-	endchoice
-
 	comment "Hardening build options"

 	config PKG_CHECK_FORMAT_SECURITY
@@ -386,4 +386,16 @@ menu "Global build settings"

 	endchoice

+	config SECCOMP
+		bool "Enable SECCOMP"
+		select KERNEL_SECCOMP
+		select PACKAGE_procd-seccomp
+		depends on (aarch64 || arm || armeb || mips || mipsel || mips64 || mips64el || i386 || powerpc || x86_64)
+		depends on !TARGET_uml
+		default y
+		help
+		  This option enables seccomp kernel features to safely
+		  execute untrusted bytecode and selects the seccomp-variants
+		  of procd
+
 endmenu
--- a/config/Config-devel.in
+++ b/config/Config-devel.in
@@ -17,6 +17,20 @@ menuconfig DEVEL
 		  Store built firmware images and filesystem images in this directory.
 		  If not set, uses './bin/$(BOARD)'

+	config DOWNLOAD_TOOL_CUSTOM
+		string "Use custom download tool" if DEVEL
+		default ""
+		help
+		  Use and force custom download tool instead of relying on autoselection
+		  between curl if available and wget as a fallback.
+
+		  download.pl supports 3 tools officially aria2c, curl and wget.
+		  If one of the tool is used in this config, download.pl will use the
+		  default args to make use of them.
+
+		  If the provided string is different than aria2c, curl or wget, the command
+		  is used as is and the download url will be appended at the end of such command.
+
 	config DOWNLOAD_FOLDER
 		string "Download folder" if DEVEL
 		default ""
@@ -45,6 +59,13 @@ menuconfig DEVEL
 		  This allows you to symlink build_dir into a scratch location, e.g. a ramdisk,
 		  which does not have enough space to keep a complete build_dir.

+	config BUILD_ALL_HOST_TOOLS
+		bool "Compile all host tools" if DEVEL
+		default n
+		help
+		  Compile all host host tools even if not needed. This is needed to prepare a
+		  universal precompiled host tools archive to use in another buildroot.
+
 	config BUILD_SUFFIX
 		string "Build suffix to append to the target BUILD_DIR variable" if DEVEL
 		default ""
@@ -74,6 +95,11 @@ menuconfig DEVEL
 		  Store ccache in this directory.
 		  If not set, uses './.ccache'

+	config KERNEL_CFLAGS
+		string "Kernel extra CFLAGS" if DEVEL
+		default "-falign-functions=32" if TARGET_bcm53xx
+		default ""
+
 	config EXTERNAL_KERNEL_TREE
 		string "Use external kernel tree" if DEVEL
 		default ""
--- a/config/Config-images.in
+++ b/config/Config-images.in
@@ -17,7 +17,7 @@ menu "Target Images"
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_lantiq
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_mpc85xx
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_ramips
-			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_ipq40xx
+			default TARGET_INITRAMFS_COMPRESSION_ZSTD if TARGET_qualcommax
 			default TARGET_INITRAMFS_COMPRESSION_XZ if USES_SEPARATE_INITRAMFS
 			default TARGET_INITRAMFS_COMPRESSION_NONE
 			depends on TARGET_ROOTFS_INITRAMFS
@@ -37,18 +37,16 @@ menu "Target Images"
 				bool "lzma"

 			config TARGET_INITRAMFS_COMPRESSION_LZO
-				depends on !TARGET_ROOTFS_INITRAMFS_SEPARATE
 				bool "lzo"

 			config TARGET_INITRAMFS_COMPRESSION_LZ4
-				depends on !TARGET_ROOTFS_INITRAMFS_SEPARATE
 				bool "lz4"

 			config TARGET_INITRAMFS_COMPRESSION_XZ
 				bool "xz"

 			config TARGET_INITRAMFS_COMPRESSION_ZSTD
-				depends on !LINUX_5_4 && !LINUX_4_19
+				depends on !LINUX_5_4
 				bool "zstd"
 		endchoice

@@ -152,7 +150,7 @@ menu "Target Images"
 		bool "squashfs"
 		default y if USES_SQUASHFS
 		help
-		  Build a squashfs-lzma root filesystem.
+		  Build a squashfs root filesystem.

 		config TARGET_SQUASHFS_BLOCK_SIZE
 			int "Block size (in KiB)"
@@ -160,6 +158,9 @@ menu "Target Images"
 			default 64 if LOW_MEMORY_FOOTPRINT
 			default 1024 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
 			default 1024
+			help
+			  Select squashfs block size, must be one of:
+			    4, 8, 16, 32, 64, 128, 256, 512, 1024

 	menuconfig TARGET_ROOTFS_UBIFS
 		bool "ubifs"
@@ -197,18 +198,21 @@ menu "Target Images"
 			default ""

 	config GRUB_IMAGES
-		bool "Build GRUB images (Linux x86 or x86_64 host only)"
+		bool "Build GRUB images"
 		depends on TARGET_x86
 		depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS
 		select PACKAGE_grub2
 		default n

 	config GRUB_EFI_IMAGES
-		bool "Build GRUB EFI images (Linux x86 or x86_64 host only)"
-		depends on TARGET_x86
+		bool "Build GRUB EFI images"
+		depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 || TARGET_phytium_armv8
 		depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS
-		select PACKAGE_grub2
-		select PACKAGE_grub2-efi
+		select PACKAGE_grub2 if TARGET_x86
+		select PACKAGE_grub2-efi if TARGET_x86
+		select PACKAGE_grub2-bios-setup if TARGET_x86
+		select PACKAGE_grub2-efi-arm if TARGET_armvirt
+		select PACKAGE_grub2-efi-arm if TARGET_phytium_armv8
 		select PACKAGE_kmod-fs-vfat
 		default y

@@ -271,38 +275,42 @@ menu "Target Images"
 		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		select PACKAGE_kmod-e1000

-	config VHDX_IMAGES
-		bool "Build Hyper-V image files (VHDX)"
-		depends on TARGET_x86
-		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
-		select PACKAGE_kmod-tulip
-
 	config VMDK_IMAGES
 		bool "Build VMware image files (VMDK)"
-		depends on TARGET_x86
+		depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64
 		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		default y
 		select PACKAGE_kmod-e1000

+	config VHDX_IMAGES
+		bool "Build Hyper-V image files (VHDX)"
+		depends on TARGET_x86
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
+		select PACKAGE_kmod-e1000
+
 	config TARGET_IMAGES_GZIP
 		bool "GZip images"
-		depends on TARGET_ROOTFS_EXT4FS || TARGET_x86 || TARGET_armvirt || TARGET_malta
-		default n
+		depends on TARGET_ROOTFS_EXT4FS || TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 || TARGET_malta
+		default y

 	comment "Image Options"

 	source "target/linux/*/image/Config.in"

 	config TARGET_KERNEL_PARTSIZE
-		int "Kernel partition size (in MB)"
+		int "Kernel partition size (in MiB)"
 		depends on USES_BOOT_PART
 		default 8 if TARGET_apm821xx_sata
 		default 64 if TARGET_bcm27xx
-		default 16
+		default 32 if TARGET_rockchip
+		default 128 if TARGET_armvirt
+		default 32

 	config TARGET_ROOTFS_PARTSIZE
-		int "Root filesystem partition size (in MB)"
-		depends on USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS || TARGET_omap || TARGET_sunxi || TARGET_uml
+		int "Root filesystem partition size (in MiB)"
+		depends on USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS
+		default 232 if TARGET_loongarch64
+		default 400 if TARGET_x86
 		default 160
 		help
 		  Select the root filesystem partition size.
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -24,11 +24,6 @@ config KERNEL_PRINTK
 	bool "Enable support for printk"
 	default y

-config KERNEL_CRASHLOG
-	bool "Crash logging"
-	depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
-	default y
-
 config KERNEL_SWAP
 	bool "Support for paging of anonymous memory (swap)"
 	default y if !SMALL_FLASH
@@ -48,14 +43,27 @@ config KERNEL_DEBUG_FS

 config KERNEL_MIPS_FP_SUPPORT
 	bool
-	default y
-	depends on (mips || mipsel || mips64 || mips64el)
+	default y if TARGET_pistachio

 config KERNEL_ARM_PMU
 	bool
 	default n
 	depends on (arm || aarch64)

+config KERNEL_ARM_PMUV3
+	bool
+	default y if TARGET_armsr_armv8
+	depends on (arm_v7 || aarch64) && LINUX_6_6
+
+config KERNEL_RISCV_PMU
+	bool
+	select KERNEL_RISCV_PMU_SBI
+	depends on riscv64
+
+config KERNEL_RISCV_PMU_SBI
+	bool
+	depends on riscv64
+
 config KERNEL_X86_VSYSCALL_EMULATION
 	bool "Enable vsyscall emulation"
 	default n
@@ -78,6 +86,8 @@ config KERNEL_PERF_EVENTS
 	bool "Compile the kernel with performance events and counters"
 	default n
 	select KERNEL_ARM_PMU if (arm || aarch64)
+	select KERNEL_ARM_PMUV3 if (arm_v7 || aarch64) && LINUX_6_6
+	select KERNEL_RISCV_PMU if riscv64

 config KERNEL_PROFILING
 	bool "Compile the kernel with profiling enabled"
@@ -87,6 +97,11 @@ config KERNEL_PROFILING
 	  Enable the extended profiling support mechanisms used by profilers such
 	  as OProfile.

+config KERNEL_RPI_AXIPERF
+	bool "Compile the kernel with RaspberryPi AXI Performance monitors"
+	default y
+	depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
+
 config KERNEL_UBSAN
 	bool "Compile the kernel with undefined behaviour sanity checker"
 	help
@@ -115,6 +130,16 @@ config KERNEL_UBSAN_ALIGNMENT
 	  Enabling this option on architectures that support unaligned
 	  accesses may produce a lot of false positives.

+config KERNEL_UBSAN_BOUNDS
+	bool "Perform array index bounds checking"
+	depends on KERNEL_UBSAN
+	help
+	  This option enables detection of directly indexed out of bounds array
+	  accesses, where the array size is known at compile time. Note that
+	  this does not protect array overflows via bad calls to the
+	  {str,mem}*cpy() family of functions (that is addressed by
+	  FORTIFY_SOURCE).
+
 config KERNEL_UBSAN_NULL
 	bool "Enable checking of null pointers"
 	depends on KERNEL_UBSAN
@@ -122,6 +147,19 @@ config KERNEL_UBSAN_NULL
 	  This option enables detection of memory accesses via a
 	  null pointer.

+config KERNEL_UBSAN_TRAP
+	bool "On Sanitizer warnings, abort the running kernel code"
+	depends on KERNEL_UBSAN
+	help
+	  Building kernels with Sanitizer features enabled tends to grow the
+	  kernel size by around 5%, due to adding all the debugging text on
+	  failure paths. To avoid this, Sanitizer instrumentation can just
+	  issue a trap. This reduces the kernel size overhead but turns all
+	  warnings (including potentially harmless conditions) into full
+	  exceptions that abort the running kernel code (regardless of context,
+	  locks held, etc), which may destabilize the system. For some system
+	  builders this is an acceptable trade-off.
+
 config KERNEL_KASAN
 	bool "Compile the kernel with KASan: runtime memory debugger"
 	select KERNEL_SLUB_DEBUG
@@ -148,6 +186,30 @@ config KERNEL_KASAN_EXTRA
 	  compile time.
 	  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more

+config KERNEL_KASAN_VMALLOC
+	bool "Back mappings in vmalloc space with real shadow memory"
+	depends on KERNEL_KASAN
+	help
+	  By default, the shadow region for vmalloc space is the read-only
+	  zero page. This means that KASAN cannot detect errors involving
+	  vmalloc space.
+
+	  Enabling this option will hook in to vmap/vmalloc and back those
+	  mappings with real shadow memory allocated on demand. This allows
+	  for KASAN to detect more sorts of errors (and to support vmapped
+	  stacks), but at the cost of higher memory usage.
+
+	  This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
+	  depend on that in here, so it is possible that enabling this
+	  will have no effect.
+
+if KERNEL_KASAN
+	config KERNEL_KASAN_GENERIC
+	def_bool y
+
+	config KERNEL_KASAN_SW_TAGS
+	def_bool n
+endif

 choice
 	prompt "Instrumentation type"
@@ -303,6 +365,19 @@ config KERNEL_PREEMPT_TRACER
 	  enabled. This option and the irqs-off timing option can be
 	  used together or separately.)

+config KERNEL_HIST_TRIGGERS
+	bool "Histogram triggers"
+	depends on KERNEL_FTRACE
+	help
+	  Hist triggers allow one or more arbitrary trace event fields to be
+	  aggregated into hash tables and dumped to stdout by reading a
+	  debugfs/tracefs file. They're useful for gathering quick and dirty
+	  (though precise) summaries of event activity as an initial guide for
+	  further investigation using more advanced tools.
+
+	  Inter-event tracing of quantities such as latencies is also
+	  supported using hist triggers under this option.
+
 config KERNEL_DEBUG_KERNEL
 	bool
 	default n
@@ -314,6 +389,45 @@ config KERNEL_DEBUG_INFO
 	help
 	  This will compile your kernel and modules with debug information.

+config KERNEL_DEBUG_INFO_BTF
+
+	bool "Enable additional BTF type information"
+	default n
+	depends on !HOST_OS_MACOS
+	depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
+	select DWARVES
+	help
+	  Generate BPF Type Format (BTF) information from DWARF debug info.
+	  Turning this on expects presence of pahole tool, which will convert
+	  DWARF type info into equivalent deduplicated BTF type info.
+
+	  Required to run BPF CO-RE applications.
+
+config KERNEL_DEBUG_INFO_REDUCED
+	bool "Reduce debugging information"
+	default y
+	depends on KERNEL_DEBUG_INFO
+	help
+	  If you say Y here gcc is instructed to generate less debugging
+	  information for structure types. This means that tools that
+	  need full debugging information (like kgdb or systemtap) won't
+	  be happy. But if you merely need debugging information to
+	  resolve line numbers there is no loss. Advantage is that
+	  build directory object sizes shrink dramatically over a full
+	  DEBUG_INFO build and compile times are reduced too.
+	  Only works with newer gcc versions.
+
+config KERNEL_FRAME_WARN
+	int
+	range 0 8192
+	default 1280 if KERNEL_KASAN && !ARCH_64BIT
+	default 1024 if !ARCH_64BIT
+	default 2048 if ARCH_64BIT
+	help
+	  Tell the compiler to warn at build time for stack frames larger than this.
+	  Setting this too low will cause a lot of warnings.
+	  Setting it to 0 disables the warning.
+
 config KERNEL_DEBUG_LL_UART_NONE
 	bool
 	default n
@@ -327,6 +441,14 @@ config KERNEL_DEBUG_LL
 	help
 	  ARM low level debugging.

+config KERNEL_DEBUG_VIRTUAL
+	bool "Compile the kernel with VM translations debugging"
+	select KERNEL_DEBUG_KERNEL
+	default n
+	help
+	  Enable checks sanity checks to catch invalid uses of
+	  virt_to_phys()/phys_to_virt() against the non-linear address space.
+
 config KERNEL_DYNAMIC_DEBUG
 	bool "Compile the kernel with dynamic printk"
 	select KERNEL_DEBUG_FS
@@ -368,6 +490,21 @@ config KERNEL_KPROBE_EVENTS
 	bool
 	default y if KERNEL_KPROBES

+config KERNEL_BPF_EVENTS
+	bool "Compile the kernel with BPF event support"
+	default n
+	select KERNEL_KPROBES
+	help
+	  Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
+	  This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
+	  for sending data from BPF programs to user-space for post-processing
+	  or logging.
+
+config KERNEL_BPF_KPROBE_OVERRIDE
+	bool
+	default n
+	depends on KERNEL_KPROBES
+
 config KERNEL_AIO
 	bool "Compile the kernel with asynchronous IO support"
 	default y if !SMALL_FLASH
@@ -437,34 +574,22 @@ config KERNEL_PROVE_LOCKING
 	select KERNEL_DEBUG_KERNEL
 	default n

-config KERNEL_LOCKUP_DETECTOR
-	bool "Compile the kernel with detect Hard and Soft Lockups"
+config KERNEL_SOFTLOCKUP_DETECTOR
+	bool "Compile the kernel with detect Soft Lockups"
 	depends on KERNEL_DEBUG_KERNEL
 	help
 	  Say Y here to enable the kernel to act as a watchdog to detect
-	  hard and soft lockups.
+	  soft lockups.

 	  Softlockups are bugs that cause the kernel to loop in kernel
 	  mode for more than 20 seconds, without giving other tasks a
 	  chance to run.  The current stack trace is displayed upon
 	  detection and the system will stay locked up.

-	  Hardlockups are bugs that cause the CPU to loop in kernel mode
-	  for more than 10 seconds, without letting other interrupts have a
-	  chance to run.  The current stack trace is displayed upon detection
-	  and the system will stay locked up.
-
-	  The overhead should be minimal.  A periodic hrtimer runs to
-	  generate interrupts and kick the watchdog task every 4 seconds.
-	  An NMI is generated every 10 seconds or so to check for hardlockups.
-
-	  The frequency of hrtimer and NMI events and the soft and hard lockup
-	  thresholds can be controlled through the sysctl watchdog_thresh.
-
 config KERNEL_DETECT_HUNG_TASK
 	bool "Compile the kernel with detect Hung Tasks"
 	depends on KERNEL_DEBUG_KERNEL
-	default KERNEL_LOCKUP_DETECTOR
+	default KERNEL_SOFTLOCKUP_DETECTOR
 	help
 	  Say Y here to enable the kernel to detect "hung tasks",
 	  which are bugs that cause the task to be stuck in
@@ -545,6 +670,7 @@ config KERNEL_CRASH_DUMP

 config USE_RFKILL
 	bool "Enable rfkill support"
+	default y if TARGET_rockchip
 	default RFKILL_SUPPORT

 config USE_SPARSE
@@ -681,7 +807,7 @@ if KERNEL_CGROUPS
 		bool "Memory Resource Controller for Control Groups"
 		default y
 		select KERNEL_FREEZER
-		depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
+		depends on KERNEL_RESOURCE_COUNTERS
 		help
 		  Provides a memory resource controller that manages both anonymous
 		  memory and page cache. (See Documentation/cgroups/memory.txt)
@@ -944,6 +1070,26 @@ config KERNEL_IP_MROUTE
 	  Multicast routing requires a multicast routing daemon in
 	  addition to kernel support.

+if KERNEL_IP_MROUTE
+
+	config KERNEL_IP_MROUTE_MULTIPLE_TABLES
+		def_bool y
+
+	config KERNEL_IP_PIMSM_V1
+		def_bool y
+
+	config KERNEL_IP_PIMSM_V2
+		def_bool y
+
+endif
+
+config KERNEL_MPTCP
+	bool "Enable IPv4 MultiPath TCP support"
+	default y
+	depends on !(LINUX_4_4||LINUX_5_4)
+	help
+	  IPv4 MultiPath TCP to kernel support.
+
 #
 # IPv6 configuration
 #
@@ -966,8 +1112,15 @@ if KERNEL_IPV6
 		  Multicast routing requires a multicast routing daemon in
 		  addition to kernel support.

-	config KERNEL_IPV6_PIMSM_V2
-		def_bool n
+	if KERNEL_IPV6_MROUTE
+
+		config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
+			def_bool y
+
+		config KERNEL_IPV6_PIMSM_V2
+			def_bool y
+
+	endif

 	config KERNEL_IPV6_SEG6_LWTUNNEL
 		bool "Enable support for lightweight tunnels"
@@ -978,8 +1131,41 @@ if KERNEL_IPV6
 	config KERNEL_LWTUNNEL_BPF
 		def_bool n

+	config KERNEL_MPTCP_IPV6
+		bool "Enable IPv6 MultiPath TCP support"
+		default y
+		depends on KERNEL_MPTCP
+		depends on !(LINUX_4_4||LINUX_5_4)
+		help
+		  IPv6 MultiPath TCP to kernel support.
+
 endif

+#
+# Miscellaneous network configuration
+#
+
+config KERNEL_NET_L3_MASTER_DEV
+	bool "L3 Master device support"
+	help
+	  This module provides glue between core networking code and device
+	  drivers to support L3 master devices like VRF.
+
+config KERNEL_XDP_SOCKETS
+	bool "XDP sockets support"
+	default y if KERNEL_DEBUG_INFO_BTF
+	help
+	  XDP sockets allows a channel between XDP programs and
+	  userspace applications.
+
+config KERNEL_PAGE_POOL
+	def_bool n
+
+config KERNEL_PAGE_POOL_STATS
+	bool "Page pool stats support"
+	depends on KERNEL_PAGE_POOL
+	depends on !(LINUX_5_4||LINUX_5_10)
+
 #
 # NFS related symbols
 #
@@ -1125,7 +1311,7 @@ config KERNEL_SQUASHFS_XATTR
 	bool "Squashfs XATTR support"

 #
-# compile optimiziation setting
+# compile optimization setting
 #
 choice
 	prompt "Compiler optimization level"
--- a/config/check-uname.sh
+++ b/config/check-uname.sh
@@ -0,0 +1 @@
+[ "$(uname)" = "$1" ] && echo y || echo n
--- a/doc/alipay_donate.jpg
+++ b/doc/alipay_donate.jpg
--- a/doc/wechat_donate.jpg
+++ b/doc/wechat_donate.jpg
--- a/doc/xm5.jpg
+++ b/doc/xm5.jpg
--- a/doc/xm6.jpg
+++ b/doc/xm6.jpg
--- a/feeds.conf.default
+++ b/feeds.conf.default
@@ -1,8 +1,5 @@
-src-git packages https://github.com/coolsnowwolf/packages
-src-git luci https://github.com/coolsnowwolf/luci
-src-git routing https://git.openwrt.org/feed/routing.git
+src-git packages https://github.com/DHDAXCW/packages
+src-git luci https://github.com/DHDAXCW/luci
+src-git routing https://github.com/coolsnowwolf/routing
 src-git telephony https://git.openwrt.org/feed/telephony.git
-#src-git video https://github.com/openwrt/video.git
-#src-git targets https://github.com/openwrt/targets.git
-#src-git oldpackages http://git.openwrt.org/packages.git
-#src-link custom /usr/src/openwrt/custom-feed
+src-git istore https://github.com/linkease/istore;main
--- a/include/autotools.mk
+++ b/include/autotools.mk
@@ -35,7 +35,7 @@ define autoreconf
 		$(patsubst %,rm -f %;,$(2)) \
 		$(foreach p,$(3), \
 			if [ -f $(p)/configure.ac ] || [ -f $(p)/configure.in ]; then \
-				[ -d $(p)/autom4te.cache ] && rm -rf autom4te.cache; \
+				[ -d $(p)/autom4te.cache ] && rm -rf $(p)/autom4te.cache; \
 				[ -e $(p)/config.rpath ] || \
 						ln -s $(SCRIPT_DIR)/config.rpath $(p)/config.rpath; \
 				touch NEWS AUTHORS COPYING ABOUT-NLS ChangeLog; \
@@ -113,7 +113,7 @@ ifneq ($(filter patch-libtool,$(PKG_FIXUP)),)
 endif

 ifneq ($(filter libtool,$(PKG_FIXUP)),)
-  PKG_BUILD_DEPENDS += libtool gettext libiconv
+  PKG_BUILD_DEPENDS += libtool
 ifeq ($(filter no-autoreconf,$(PKG_FIXUP)),)
  Hooks/Configure/Pre += autoreconf_target
 endif
@@ -124,7 +124,7 @@ ifneq ($(filter libtool-abiver,$(PKG_FIXUP)),)
 endif

 ifneq ($(filter libtool-ucxx,$(PKG_FIXUP)),)
-  PKG_BUILD_DEPENDS += libtool gettext libiconv
+  PKG_BUILD_DEPENDS += libtool
 ifeq ($(filter no-autoreconf,$(PKG_FIXUP)),)
  Hooks/Configure/Pre += autoreconf_target
 endif
--- a/include/bpf.mk
+++ b/include/bpf.mk
@@ -0,0 +1,85 @@
+BPF_DEPENDS := @HAS_BPF_TOOLCHAIN
+LLVM_VER:=
+
+CLANG_MIN_VER:=12
+
+ifneq ($(CONFIG_USE_LLVM_HOST),)
+  BPF_TOOLCHAIN_HOST_PATH:=$(call qstrip,$(CONFIG_BPF_TOOLCHAIN_HOST_PATH))
+  ifneq ($(BPF_TOOLCHAIN_HOST_PATH),)
+    BPF_PATH:=$(BPF_TOOLCHAIN_HOST_PATH)/bin:$(PATH)
+  else
+    BPF_PATH:=$(PATH)
+  endif
+  CLANG:=$(firstword $(shell PATH='$(BPF_PATH)' command -v clang clang-13 clang-12 clang-11))
+  LLVM_VER:=$(subst clang,,$(notdir $(CLANG)))
+endif
+ifneq ($(CONFIG_USE_LLVM_PREBUILT),)
+  CLANG:=$(TOPDIR)/llvm-bpf/bin/clang
+endif
+ifneq ($(CONFIG_USE_LLVM_BUILD),)
+  CLANG:=$(STAGING_DIR_HOST)/llvm-bpf/bin/clang
+endif
+
+LLVM_PATH:=$(dir $(CLANG))
+LLVM_LLC:=$(LLVM_PATH)/llc$(LLVM_VER)
+LLVM_DIS:=$(LLVM_PATH)/llvm-dis$(LLVM_VER)
+LLVM_OPT:=$(LLVM_PATH)/opt$(LLVM_VER)
+LLVM_STRIP:=$(LLVM_PATH)/llvm-strip$(LLVM_VER)
+
+BPF_KARCH:=mips
+BPF_ARCH:=mips$(if $(CONFIG_ARCH_64BIT),64)$(if $(CONFIG_BIG_ENDIAN),,el)
+BPF_TARGET:=bpf$(if $(CONFIG_BIG_ENDIAN),eb,el)
+
+BPF_HEADERS_DIR:=$(STAGING_DIR)/bpf-headers
+
+BPF_KERNEL_INCLUDE := \
+	-nostdinc -isystem $(TOOLCHAIN_DIR)/include \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include/asm/mach-generic \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include/generated \
+	-I$(BPF_HEADERS_DIR)/include \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include/uapi \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include/generated/uapi \
+	-I$(BPF_HEADERS_DIR)/include/uapi \
+	-I$(BPF_HEADERS_DIR)/include/generated/uapi \
+	-I$(BPF_HEADERS_DIR)/tools/lib \
+	-I$(BPF_HEADERS_DIR)/tools/testing/selftests \
+	-I$(BPF_HEADERS_DIR)/samples/bpf \
+	-include linux/kconfig.h -include asm_goto_workaround.h
+
+BPF_CFLAGS := \
+	$(BPF_KERNEL_INCLUDE) -I$(PKG_BUILD_DIR) \
+	-D__KERNEL__ -D__BPF_TRACING__ -DCONFIG_GENERIC_CSUM \
+	-D__TARGET_ARCH_${BPF_KARCH} \
+	-m$(if $(CONFIG_BIG_ENDIAN),big,little)-endian \
+	-fno-stack-protector -Wall \
+	-Wno-unused-value -Wno-pointer-sign \
+	-Wno-compare-distinct-pointer-types \
+	-Wno-gnu-variable-sized-type-not-at-end \
+	-Wno-address-of-packed-member -Wno-tautological-compare \
+	-Wno-unknown-warning-option \
+	-fno-asynchronous-unwind-tables \
+	-Wno-uninitialized -Wno-unused-variable \
+	-Wno-unused-label \
+	-O2 -emit-llvm -Xclang -disable-llvm-passes
+
+ifneq ($(CONFIG_HAS_BPF_TOOLCHAIN),)
+ifeq ($(DUMP)$(filter download refresh,$(MAKECMDGOALS)),)
+  CLANG_VER:=$(shell $(CLANG) -dM -E - < /dev/null | grep __clang_major__ | cut -d' ' -f3)
+  CLANG_VER_VALID:=$(shell [ "$(CLANG_VER)" -ge "$(CLANG_MIN_VER)" ] && echo 1 )
+  ifeq ($(CLANG_VER_VALID),)
+    $(error ERROR: LLVM/clang version too old. Minimum required: $(CLANG_MIN_VER), found: $(CLANG_VER))
+  endif
+endif
+endif
+
+define CompileBPF
+	$(CLANG) -g -target $(BPF_ARCH)-linux-gnu $(BPF_CFLAGS) $(2) \
+		-c $(1) -o $(patsubst %.c,%.bc,$(1))
+	$(LLVM_OPT) -O2 -mtriple=$(BPF_TARGET) < $(patsubst %.c,%.bc,$(1)) > $(patsubst %.c,%.opt,$(1))
+	$(LLVM_DIS) < $(patsubst %.c,%.opt,$(1)) > $(patsubst %.c,%.S,$(1))
+	$(LLVM_LLC) -march=$(BPF_TARGET) -mcpu=v3 -filetype=obj -o $(patsubst %.c,%.o,$(1)) < $(patsubst %.c,%.S,$(1))
+	$(CP) $(patsubst %.c,%.o,$(1)) $(patsubst %.c,%.debug.o,$(1))
+	$(LLVM_STRIP) --strip-debug $(patsubst %.c,%.o,$(1))
+endef
+
--- a/include/cmake.mk
+++ b/include/cmake.mk
@@ -18,12 +18,13 @@ endif
 CMAKE_BINARY_DIR = $(PKG_BUILD_DIR)$(if $(CMAKE_BINARY_SUBDIR),/$(CMAKE_BINARY_SUBDIR))
 CMAKE_SOURCE_DIR = $(PKG_BUILD_DIR)$(if $(CMAKE_SOURCE_SUBDIR),/$(CMAKE_SOURCE_SUBDIR))
 HOST_CMAKE_SOURCE_DIR = $(HOST_BUILD_DIR)$(if $(CMAKE_SOURCE_SUBDIR),/$(CMAKE_SOURCE_SUBDIR))
+HOST_CMAKE_BINARY_DIR = $(HOST_BUILD_DIR)$(if $(CMAKE_BINARY_SUBDIR),/$(CMAKE_BINARY_SUBDIR))
 MAKE_PATH = $(firstword $(CMAKE_BINARY_SUBDIR) .)

 ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
  cmake_tool=$(TOOLCHAIN_DIR)/bin/$(1)
 else
-  cmake_tool=$(shell which $(1))
+  cmake_tool=$(shell command -v $(1))
 endif

 ifeq ($(CONFIG_CCACHE),)
@@ -51,20 +52,21 @@ CMAKE_RANLIB:=$(call cmake_tool,$(TARGET_RANLIB))
 CMAKE_FIND_ROOT_PATH:=$(STAGING_DIR)/usr;$(TOOLCHAIN_DIR)$(if $(CONFIG_EXTERNAL_TOOLCHAIN),;$(CONFIG_TOOLCHAIN_ROOT))
 CMAKE_HOST_FIND_ROOT_PATH:=$(STAGING_DIR)/host;$(STAGING_DIR_HOSTPKG);$(STAGING_DIR_HOST)
 CMAKE_SHARED_LDFLAGS:=-Wl,-Bsymbolic-functions
+CMAKE_HOST_INSTALL_PREFIX = $(HOST_BUILD_PREFIX)

 ifeq ($(HOST_USE_NINJA),1)
  CMAKE_HOST_OPTIONS += -DCMAKE_GENERATOR="Ninja"

  define Host/Compile/Default
-	+$(NINJA) -C $(HOST_BUILD_DIR) $(1)
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) $(1)
  endef

  define Host/Install/Default
-	+$(NINJA) -C $(HOST_BUILD_DIR) install
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) install
  endef

  define Host/Uninstall/Default
-	+$(NINJA) -C $(HOST_BUILD_DIR) uninstall
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) uninstall
  endef
 endif

@@ -133,7 +135,8 @@ endef
 Build/InstallDev = $(if $(CMAKE_INSTALL),$(Build/InstallDev/cmake))

 define Host/Configure/Default
-	(cd $(HOST_BUILD_DIR); \
+	mkdir -p "$(HOST_CMAKE_BINARY_DIR)"
+	(cd $(HOST_CMAKE_BINARY_DIR); \
 		CFLAGS="$(HOST_CFLAGS)" \
 		CXXFLAGS="$(HOST_CFLAGS)" \
 		LDFLAGS="$(HOST_LDFLAGS)" \
@@ -155,7 +158,7 @@ define Host/Configure/Default
 			-DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY \
 			-DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=ONLY \
 			-DCMAKE_STRIP=: \
-			-DCMAKE_INSTALL_PREFIX=$(HOST_BUILD_PREFIX) \
+			-DCMAKE_INSTALL_PREFIX=$(CMAKE_HOST_INSTALL_PREFIX) \
 			-DCMAKE_PREFIX_PATH=$(HOST_BUILD_PREFIX) \
 			-DCMAKE_SKIP_RPATH=TRUE  \
 			-DCMAKE_INSTALL_LIBDIR=lib \
--- a/include/depends.mk
+++ b/include/depends.mk
@@ -12,6 +12,7 @@
 DEP_FINDPARAMS := -x "*/.svn*" -x ".*" -x "*:*" -x "*\!*" -x "* *" -x "*\\\#*" -x "*/.*_check" -x "*/.*.swp" -x "*/.pkgdir*"

 find_md5=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) -printf "%p%T@\n" | sort | $(MKHASH) md5
+find_md5_reproducible=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) -print0 | xargs -0 $(MKHASH) md5 | sort | $(MKHASH) md5

 define rdep
  .PRECIOUS: $(2)
@@ -27,7 +28,7 @@ ifneq ($(wildcard $(2)),)
 		{ [ \! -f "$(3)" ] || diff $(3) $(3).1 >/dev/null; } && \
 	) \
 	{ \
-		[ -f "$(2)_check.1" ] && mv "$(2)_check.1"; \
+		[ -f "$(2)_check.1" ] && mv "$(2)_check.1" "$(2)_check"; \
 	    $(TOPDIR)/scripts/timestamp.pl $(DEP_FINDPARAMS) $(4) -n $(2) $(1) && { \
 			$(call debug_eval,$(SUBDIR),r,echo "No need to rebuild $(2)";) \
 			touch -r "$(2)" "$(2)_check"; \
--- a/include/download.mk
+++ b/include/download.mk
@@ -18,6 +18,10 @@ endif

 DOWNLOAD_RDEP=$(STAMP_PREPARED) $(HOST_STAMP_PREPARED)

+# Export options for download.pl
+export DOWNLOAD_CHECK_CERTIFICATE:=$(CONFIG_DOWNLOAD_CHECK_CERTIFICATE)
+export DOWNLOAD_TOOL_CUSTOM:=$(CONFIG_DOWNLOAD_TOOL_CUSTOM)
+
 define dl_method_git
 $(if $(filter https://github.com/% git://github.com/%,$(1)),github_archive,git)
 endef
@@ -59,6 +63,21 @@ define dl_tar_pack
 		$$$${TAR_TIMESTAMP:+--mtime="$$$$TAR_TIMESTAMP"} -c $(2) | $(call dl_pack,$(1))
 endef

+gen_sha256sum = $(shell $(MKHASH) sha256 $(DL_DIR)/$(1))
+
+# Used in Build/CoreTargets and HostBuild/Core as an integrity check for
+# downloaded files.  It will add a FORCE rule if the sha256 hash does not
+# match, so that the download can be more thoroughly handled by download.pl.
+define check_download_integrity
+  expected_hash:=$(strip $(if $(filter-out x,$(HASH)),$(HASH),$(MIRROR_HASH)))
+  $$(if $$(and $(FILE),$$(wildcard $(DL_DIR)/$(FILE)), \
+	       $$(filter undefined,$$(flavor DownloadChecked/$(FILE)))), \
+    $$(eval DownloadChecked/$(FILE):=1) \
+    $$(if $$(filter-out $$(call gen_sha256sum,$(FILE)),$$(expected_hash)), \
+      $(DL_DIR)/$(FILE): FORCE) \
+  )
+endef
+
 ifdef CHECK
 check_escape=$(subst ','\'',$(1))
 #')
@@ -74,8 +93,6 @@ else
  check_warn = $(if $(filter-out undefined,$(origin F_$(1))),$(filter ,$(shell $(call F_$(1),$(2),$(3),$(4)) >&2)),$(check_warn_nofix))
 endif

-gen_sha256sum = $(shell $(MKHASH) sha256 $(DL_DIR)/$(1))
-
 ifdef FIXUP
 F_hash_deprecated = $(SCRIPT_DIR)/fixup-makefile.pl $(CURDIR)/Makefile fix-hash $(3) $(call gen_sha256sum,$(1)) $(2)
 F_hash_mismatch = $(F_hash_deprecated)
--- a/include/host-build.mk
+++ b/include/host-build.mk
@@ -21,7 +21,7 @@ include $(INCLUDE_DIR)/depends.mk
 include $(INCLUDE_DIR)/quilt.mk

 BUILD_TYPES += host
-HOST_STAMP_PREPARED=$(HOST_BUILD_DIR)/.prepared$(if $(HOST_QUILT)$(DUMP),,$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(HOST_PREPARED_DEPENDS)))
+HOST_STAMP_PREPARED=$(HOST_BUILD_DIR)/.prepared$(if $(HOST_QUILT)$(DUMP),,$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(HOST_PREPARED_DEPENDS)))
 HOST_STAMP_CONFIGURED:=$(HOST_BUILD_DIR)/.configured
 HOST_STAMP_BUILT:=$(HOST_BUILD_DIR)/.built
 HOST_BUILD_PREFIX?=$(if $(IS_PACKAGE_BUILD),$(STAGING_DIR_HOSTPKG),$(STAGING_DIR_HOST))
@@ -51,6 +51,7 @@ HOST_CONFIGURE_VARS = \
 	CFLAGS="$(HOST_CFLAGS)" \
 	CXX="$(HOSTCXX)" \
 	CPPFLAGS="$(HOST_CPPFLAGS)" \
+	CXXFLAGS="$(HOST_CXXFLAGS)" \
 	LDFLAGS="$(HOST_LDFLAGS)" \
 	CONFIG_SHELL="$(SHELL)"

@@ -180,7 +181,7 @@ ifndef DUMP
    clean-build: host-clean-build
  endif

-  $(DL_DIR)/$(FILE): FORCE
+  $(call check_download_integrity)

  $(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
  $(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
@@ -197,13 +198,17 @@ ifndef DUMP

    ifneq ($(CONFIG_AUTOREMOVE),)
      host-compile:
-		$(FIND) $(HOST_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' | \
-			$(XARGS) rm -rf
+		$(FIND) $(HOST_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -print0 | \
+			$(XARGS) -0 rm -rf
    endif
  endef
 endif

 define HostBuild
  $(HostBuild/Core)
-  $(if $(if $(PKG_HOST_ONLY),,$(STAMP_PREPARED)),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
+  $(if $(if $(PKG_HOST_ONLY),,$(if $(and $(filter host-%,$(MAKECMDGOALS)),$(PKG_SKIP_DOWNLOAD)),,$(STAMP_PREPARED))),,
+	$(if $(and $(CONFIG_AUTOREMOVE), $(wildcard $(HOST_STAMP_INSTALLED), $(wildcard $(HOST_STAMP_BUILT)))),,
+		$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default))
+	)
+  )
 endef
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -4,7 +4,7 @@ IMAGE_KERNEL = $(word 1,$^)
 IMAGE_ROOTFS = $(word 2,$^)

 define ModelNameLimit16
-$(shell expr substr "$(word 2, $(subst _, ,$(1)))" 1 16)
+$(shell printf %.16s "$(word 2, $(subst _, ,$(1)))")
 endef

 define rootfs_align
@@ -27,8 +27,21 @@ define Build/append-kernel
 	dd if=$(IMAGE_KERNEL) >> $@
 endef

+define Build/package-kernel-ubifs
+	mkdir $@.kernelubifs
+	cp $@ $@.kernelubifs/kernel
+	$(STAGING_DIR_HOST)/bin/mkfs.ubifs \
+		$(KERNEL_UBIFS_OPTS) \
+		-r $@.kernelubifs $@
+	rm -r $@.kernelubifs
+endef
+
 define Build/append-image
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
 endef

 ifdef IB
@@ -37,8 +50,13 @@ define Build/append-image-stage
 endef
 else
 define Build/append-image-stage
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) of=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	mkdir -p "$(STAGING_DIR_IMAGE)"
+	dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)"
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
 endef
 endif

@@ -72,6 +90,7 @@ metadata_json = \

 define Build/append-metadata
 	$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json) | fwtool -I - $@)
+	sha256sum "$@" | cut -d" " -f1 > "$@.sha256sum"
 	[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
 		cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
 		usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
@@ -94,6 +113,15 @@ define Build/append-squashfs-fakeroot-be
 	cat $@.fakesquashfs >> $@
 endef

+define Build/append-squashfs4-fakeroot
+	rm -rf $@.fakefs $@.fakesquashfs
+	mkdir $@.fakefs
+	$(STAGING_DIR_HOST)/bin/mksquashfs4 \
+		$@.fakefs $@.fakesquashfs \
+		-nopad -noappend -root-owned
+	cat $@.fakesquashfs >> $@
+endef
+
 define Build/append-string
 	echo -n $(1) >> $@
 endef
@@ -103,7 +131,7 @@ define Build/append-ubi
 		$(if $(UBOOTENV_IN_UBI),--uboot-env) \
 		$(if $(KERNEL_IN_UBI),--kernel $(IMAGE_KERNEL)) \
 		$(foreach part,$(UBINIZE_PARTS),--part $(part)) \
-		$(IMAGE_ROOTFS) \
+		--rootfs $(IMAGE_ROOTFS) \
 		$@.tmp \
 		-p $(BLOCKSIZE:%k=%KiB) -m $(PAGESIZE) \
 		$(if $(SUBPAGESIZE),-s $(SUBPAGESIZE)) \
@@ -113,6 +141,18 @@ define Build/append-ubi
 	rm $@.tmp
 endef

+define Build/ubinize-kernel
+	cp $@ $@.tmp
+	sh $(TOPDIR)/scripts/ubinize-image.sh \
+		--kernel $@.tmp \
+		$@ \
+		-p $(BLOCKSIZE:%k=%KiB) -m $(PAGESIZE) \
+		$(if $(SUBPAGESIZE),-s $(SUBPAGESIZE)) \
+		$(if $(VID_HDR_OFFSET),-O $(VID_HDR_OFFSET)) \
+		$(UBINIZE_OPTS)
+	rm $@.tmp
+endef
+
 define Build/append-uboot
 	dd if=$(UBOOT_PATH) >> $@
 endef
@@ -170,11 +210,20 @@ define Build/check-size
 	@imagesize="$$(stat -c%s $@)"; \
 	limitsize="$$(($(subst k,* 1024,$(subst m, * 1024k,$(if $(1),$(1),$(IMAGE_SIZE))))))"; \
 	[ $$limitsize -ge $$imagesize ] || { \
-		echo "WARNING: Image file $@ is too big: $$imagesize > $$limitsize" >&2; \
+		$(call ERROR_MESSAGE,    WARNING: Image file $@ is too big: $$imagesize > $$limitsize); \
 		rm -f $@; \
 	}
 endef

+define Build/copy-file
+	cat "$(1)" > "$@"
+endef
+
+define Build/edimax-header
+	$(STAGING_DIR_HOST)/bin/mkedimaximg -i $@ -o $@.new $(1)
+	@mv $@.new $@
+endef
+
 define Build/elecom-product-header
 	$(eval product=$(word 1,$(1)))
 	$(eval fw=$(if $(word 2,$(1)),$(word 2,$(1)),$@))
@@ -187,6 +236,19 @@ define Build/elecom-product-header
 	mv $(fw).new $(fw)
 endef

+define Build/elecom-wrc-gs-factory
+	$(eval product=$(word 1,$(1)))
+	$(eval version=$(word 2,$(1)))
+	$(eval hash_opt=$(word 3,$(1)))
+	$(MKHASH) md5 $(hash_opt) $@ >> $@
+	( \
+		echo -n "ELECOM $(product) v$(version)" | \
+			dd bs=32 count=1 conv=sync; \
+		dd if=$@; \
+	) > $@.new
+	mv $@.new $@
+endef
+
 define Build/elx-header
 	$(eval hw_id=$(word 1,$(1)))
 	$(eval xor_pattern=$(word 2,$(1)))
@@ -215,7 +277,9 @@ endef
 define Build/initrd_compression
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_BZIP2),.bzip2) \
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),.gzip) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),.lz4) \
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA),.lzma) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),.lzo) \
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),.xz) \
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD),.zstd)
 endef
@@ -223,16 +287,20 @@ endef
 define Build/fit
 	$(TOPDIR)/scripts/mkits.sh \
 		-D $(DEVICE_NAME) -o $@.its -k $@ \
-		-C $(word 1,$(1)) $(if $(word 2,$(1)),\
-		$(if $(DEVICE_DTS_OVERLAY),-d $(KERNEL_BUILD_DIR)/image-$$(basename $(word 2,$(1))),\
-			-d $(word 2,$(1)))) \
+		-C $(word 1,$(1)) \
+		$(if $(word 2,$(1)),\
+			$(if $(findstring 11,$(if $(DEVICE_DTS_OVERLAY),1)$(if $(findstring $(KERNEL_BUILD_DIR)/image-,$(word 2,$(1))),,1)), \
+				-d $(KERNEL_BUILD_DIR)/image-$$(basename $(word 2,$(1))), \
+				-d $(word 2,$(1)))) \
 		$(if $(findstring with-rootfs,$(word 3,$(1))),-r $(IMAGE_ROOTFS)) \
 		$(if $(findstring with-initrd,$(word 3,$(1))), \
 			$(if $(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE), \
 				-i $(KERNEL_BUILD_DIR)/initrd.cpio$(strip $(call Build/initrd_compression)))) \
 		-a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
 		$(if $(DEVICE_FDT_NUM),-n $(DEVICE_FDT_NUM)) \
-		$(if $(DEVICE_DTS_OVERLAY),$(foreach dtso,$(DEVICE_DTS_OVERLAY), -O $(dtso):$(KERNEL_BUILD_DIR)/image-$(dtso).dtb)) \
+		$(if $(DEVICE_DTS_DELIMITER),-l $(DEVICE_DTS_DELIMITER)) \
+		$(if $(DEVICE_DTS_LOADADDR),-s $(DEVICE_DTS_LOADADDR)) \
+		$(if $(DEVICE_DTS_OVERLAY),$(foreach dtso,$(DEVICE_DTS_OVERLAY), -O $(dtso):$(KERNEL_BUILD_DIR)/image-$(dtso).dtbo)) \
 		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
 		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage $(if $(findstring external,$(word 3,$(1))),\
@@ -240,11 +308,25 @@ define Build/fit
 	@mv $@.new $@
 endef

-define Build/gzip
-	gzip -f -9n -c $@ $(1) > $@.new
+define Build/libdeflate-gzip
+	$(STAGING_DIR_HOST)/bin/libdeflate-gzip -f -12 -c $@ $(1) > $@.new
 	@mv $@.new $@
 endef

+define Build/gzip
+	$(STAGING_DIR_HOST)/bin/gzip -f -9n -c $@ $(1) > $@.new
+	@mv $@.new $@
+endef
+
+define Build/gzip-filename
+	@mkdir -p $@.tmp
+	@cp $@ $@.tmp/$(word 1,$(1))
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $@.tmp/$(word 1,$(1)) $(word 2,$(1)))
+	$(STAGING_DIR_HOST)/bin/gzip -f -9 -N -c $@.tmp/$(word 1,$(1)) $(word 2,$(1)) > $@.new
+	@mv $@.new $@
+	@rm -rf $@.tmp
+endef
+
 define Build/install-dtb
 	$(call locked, \
 		$(foreach dts,$(DEVICE_DTS), \
@@ -256,6 +338,16 @@ define Build/install-dtb
 	)
 endef

+define Build/iptime-crc32
+	$(STAGING_DIR_HOST)/bin/iptime-crc32 $(1) $@ $@.new
+	mv $@.new $@
+endef
+
+define Build/iptime-naspkg
+	$(STAGING_DIR_HOST)/bin/iptime-naspkg $(1) $@ $@.new
+	mv $@.new $@
+endef
+
 define Build/jffs2
 	rm -rf $(KDIR_TMP)/$(DEVICE_NAME)/jffs2 && \
 		mkdir -p $(KDIR_TMP)/$(DEVICE_NAME)/jffs2/$$(dirname $(1)) && \
@@ -318,6 +410,19 @@ define Build/netgear-dni
 	mv $@.new $@
 endef

+define Build/netgear-encrypted-factory
+	$(TOPDIR)/scripts/netgear-encrypted-factory.py \
+		--input-file $@ \
+		--output-file $@ \
+		--model $(NETGEAR_ENC_MODEL) \
+		--region $(NETGEAR_ENC_REGION) \
+		--version V1.0.0.0.$(VERSION_DIST).$(firstword $(subst -, ,$(REVISION))) \
+		--encryption-block-size 0x20000 \
+		--openssl-bin "$(STAGING_DIR_HOST)/bin/openssl" \
+		--key 6865392d342b4d212964363d6d7e7765312c7132613364316e26322a5a5e2538 \
+		--iv 4a253169516c38243d6c6d2d3b384145
+endef
+
 define Build/openmesh-image
 	$(TOPDIR)/scripts/om-fwupgradecfg-gen.sh \
 		"$(call param_get_default,ce_type,$(1),$(DEVICE_NAME))" \
@@ -360,7 +465,7 @@ define Build/patch-cmdline
 endef

 # Convert a raw image into a $1 type image.
-# E.g. | qemu-image vdi
+# E.g. | qemu-image vdi <optional extra arguments to qemu-img binary>
 define Build/qemu-image
 	if command -v qemu-img; then \
 		qemu-img convert -f raw -O $1 $@ $@.new; \
@@ -370,16 +475,16 @@ define Build/qemu-image
 	fi
 endef

-define Build/qsdk-ipq-factory-mmc
+define Build/qsdk-ipq-factory-nand
 	$(TOPDIR)/scripts/mkits-qsdk-ipq-image.sh \
-		$@.its kernel $(IMAGE_KERNEL) rootfs $(IMAGE_ROOTFS)
+		$@.its ubi $@
 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
 	@mv $@.new $@
 endef

-define Build/qsdk-ipq-factory-nand
+define Build/qsdk-ipq-factory-mmc
 	$(TOPDIR)/scripts/mkits-qsdk-ipq-image.sh \
-		$@.its ubi $@
+		$@.its kernel $(IMAGE_KERNEL) rootfs $(IMAGE_ROOTFS)
 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
 	@mv $@.new $@
 endef
@@ -476,6 +581,7 @@ define Build/tplink-v2-image
 endef

 define Build/uImage
+	$(if $(UIMAGE_TIME),SOURCE_DATE_EPOCH="$(UIMAGE_TIME)") \
 	mkimage \
 		-A $(LINUX_KARCH) \
 		-O linux \
@@ -496,12 +602,12 @@ define Build/xor-image
 endef

 define Build/zip
+	rm -rf $@.tmp
 	mkdir $@.tmp
-	mv $@ $@.tmp/$(1)
-
-	zip -j -X \
-		$(if $(SOURCE_DATE_EPOCH),--mtime="$(SOURCE_DATE_EPOCH)") \
-		$@ $@.tmp/$(if $(1),$(1),$@)
+	mv $@ $@.tmp/$(word 1,$(1))
+	TZ=UTC $(STAGING_DIR_HOST)/bin/zip -j -X \
+		$(wordlist 2,$(words $(1)),$(1)) \
+		$@ $@.tmp/$(if $(word 1,$(1)),$(word 1,$(1)),$$(basename $@))
 	rm -rf $@.tmp
 endef

--- a/include/image.mk
+++ b/include/image.mk
@@ -137,14 +137,6 @@ define Image/BuildKernel/MkuImage
 		-n '$(call toupper,$(ARCH)) $(VERSION_DIST) Linux-$(LINUX_VERSION)' -d $(4) $(5)
 endef

-define Image/BuildKernel/MkFIT
-	$(TOPDIR)/scripts/mkits.sh \
-		-D $(1) -o $(KDIR)/fit-$(1).its -k $(2) $(if $(3),-d $(3)) -C $(4) -a $(5) -e $(6) \
-		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
-		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
-	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $(KDIR)/fit-$(1).its $(KDIR)/fit-$(1)$(7).itb
-endef
-
 ifdef CONFIG_TARGET_IMAGES_GZIP
  define Image/Gzip
 	rm -f $(1).gz
@@ -154,7 +146,7 @@ endif


 # Disable noisy checks by default as in upstream
-DTC_FLAGS += \
+DTC_WARN_FLAGS := \
  -Wno-unit_address_vs_reg \
  -Wno-simple_bus_reg \
  -Wno-unit_address_format \
@@ -167,6 +159,9 @@ DTC_FLAGS += \
  -Wno-graph_port \
  -Wno-unique_unit_address

+DTC_FLAGS += $(DTC_WARN_FLAGS)
+DTCO_FLAGS += $(DTC_WARN_FLAGS)
+
 define Image/pad-to
 	dd if=$(1) of=$(1).new bs=$(2) conv=sync
 	mv $(1).new $(1)
@@ -182,20 +177,30 @@ endef
 # $(2) target dtb file
 # $(3) extra CPP flags
 # $(4) extra DTC flags
-define Image/BuildDTB
+define Image/BuildDTB/sub
 	$(TARGET_CROSS)cpp -nostdinc -x assembler-with-cpp \
+		$(DTS_CPPFLAGS) \
 		-I$(DTS_DIR) \
 		-I$(DTS_DIR)/include \
 		-I$(LINUX_DIR)/include/ \
+		-I$(LINUX_DIR)/scripts/dtc/include-prefixes \
 		-undef -D__DTS__ $(3) \
 		-o $(2).tmp $(1)
 	$(LINUX_DIR)/scripts/dtc/dtc -O dtb \
-		-i$(dir $(1)) $(DTC_FLAGS) $(4) \
+		-i$(dir $(1)) $(4) \
 	$(if $(CONFIG_HAS_DT_OVERLAY_SUPPORT),-@) \
 		-o $(2) $(2).tmp
 	$(RM) $(2).tmp
 endef

+define Image/BuildDTB
+	$(call Image/BuildDTB/sub,$(1),$(2),$(3),$(DTC_FLAGS) $(DEVICE_DTC_FLAGS) $(4))
+endef
+
+define Image/BuildDTBO
+	$(call Image/BuildDTB/sub,$(1),$(2),$(3),$(DTCO_FLAGS) $(DEVICE_DTCO_FLAGS) $(4))
+endef
+
 define Image/mkfs/jffs2/sub-raw
 	$(STAGING_DIR_HOST)/bin/mkfs.jffs2 \
 		$(2) \
@@ -229,8 +234,7 @@ $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))
 define Image/mkfs/squashfs-common
 	$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
 		-nopad -noappend -root-owned \
-		-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
-		-processors $(shell nproc)
+		-comp $(SQUASHFSCOMP) $(SQUASHFSOPT)
 endef

 ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
@@ -341,6 +345,8 @@ define Device/InitProfile
  DEVICE_ALT0_TITLE = $$(DEVICE_ALT0_VENDOR) $$(DEVICE_ALT0_MODEL)$$(if $$(DEVICE_ALT0_VARIANT), $$(DEVICE_ALT0_VARIANT))
  DEVICE_ALT1_TITLE = $$(DEVICE_ALT1_VENDOR) $$(DEVICE_ALT1_MODEL)$$(if $$(DEVICE_ALT1_VARIANT), $$(DEVICE_ALT1_VARIANT))
  DEVICE_ALT2_TITLE = $$(DEVICE_ALT2_VENDOR) $$(DEVICE_ALT2_MODEL)$$(if $$(DEVICE_ALT2_VARIANT), $$(DEVICE_ALT2_VARIANT))
+  DEVICE_ALT3_TITLE = $$(DEVICE_ALT3_VENDOR) $$(DEVICE_ALT3_MODEL)$$(if $$(DEVICE_ALT3_VARIANT), $$(DEVICE_ALT3_VARIANT))
+  DEVICE_ALT4_TITLE = $$(DEVICE_ALT4_VENDOR) $$(DEVICE_ALT4_MODEL)$$(if $$(DEVICE_ALT4_VARIANT), $$(DEVICE_ALT4_VARIANT))
  DEVICE_VENDOR :=
  DEVICE_MODEL :=
  DEVICE_VARIANT :=
@@ -353,6 +359,12 @@ define Device/InitProfile
  DEVICE_ALT2_VENDOR :=
  DEVICE_ALT2_MODEL :=
  DEVICE_ALT2_VARIANT :=
+  DEVICE_ALT3_VENDOR :=
+  DEVICE_ALT3_MODEL :=
+  DEVICE_ALT3_VARIANT :=
+  DEVICE_ALT4_VENDOR :=
+  DEVICE_ALT4_MODEL :=
+  DEVICE_ALT4_VARIANT :=
  DEVICE_PACKAGES :=
  DEVICE_DESCRIPTION = Build firmware images for $$(DEVICE_TITLE)
 endef
@@ -367,6 +379,7 @@ define Device/Init
  ARTIFACTS :=
  DEVICE_IMG_PREFIX := $(IMG_PREFIX)-$(1)
  DEVICE_IMG_NAME = $$(DEVICE_IMG_PREFIX)-$$(1)-$$(2)
+  FACTORY_IMG_NAME :=
  IMAGE_SIZE :=
  KERNEL_PREFIX = $$(DEVICE_IMG_PREFIX)
  KERNEL_SUFFIX := -kernel.bin
@@ -394,14 +407,19 @@ define Device/Init

  DEVICE_DTS :=
  DEVICE_DTS_CONFIG :=
+  DEVICE_DTS_DELIMITER :=
  DEVICE_DTS_DIR :=
+  DEVICE_DTS_LOADADDR :=
  DEVICE_DTS_OVERLAY :=
  DEVICE_FDT_NUM :=
+  DEVICE_DTC_FLAGS :=
+  DEVICE_DTCO_FLAGS :=
  SOC :=

  BOARD_NAME :=
  UIMAGE_MAGIC :=
  UIMAGE_NAME :=
+  UIMAGE_TIME :=
  DEVICE_COMPAT_VERSION := 1.0
  DEVICE_COMPAT_MESSAGE :=
  SUPPORTED_DEVICES := $(subst _,$(comma),$(1))
@@ -418,16 +436,20 @@ endef
 DEFAULT_DEVICE_VARS := \
  DEVICE_NAME KERNEL KERNEL_INITRAMFS KERNEL_INITRAMFS_IMAGE KERNEL_SIZE \
  CMDLINE UBOOTENV_IN_UBI KERNEL_IN_UBI BLOCKSIZE PAGESIZE SUBPAGESIZE \
-  VID_HDR_OFFSET UBINIZE_OPTS UBINIZE_PARTS MKUBIFS_OPTS DEVICE_DTS \
-  DEVICE_DTS_CONFIG DEVICE_DTS_DIR DEVICE_DTS_OVERLAY DEVICE_FDT_NUM \
-  DEVICE_IMG_PREFIX SOC BOARD_NAME UIMAGE_MAGIC UIMAGE_NAME \
-  SUPPORTED_DEVICES IMAGE_METADATA KERNEL_ENTRY KERNEL_LOADADDR \
+  VID_HDR_OFFSET UBINIZE_OPTS UBINIZE_PARTS MKUBIFS_OPTS DEVICE_DTC_FLAGS \
+  DEVICE_DTCO_FLAGS DEVICE_DTS DEVICE_DTS_CONFIG DEVICE_DTS_DELIMITER \
+  DEVICE_DTS_DIR DEVICE_DTS_OVERLAY DEVICE_DTS_LOADADDR \
+  DEVICE_FDT_NUM DEVICE_IMG_PREFIX SOC BOARD_NAME UIMAGE_MAGIC UIMAGE_NAME \
+  UIMAGE_TIME SUPPORTED_DEVICES IMAGE_METADATA KERNEL_ENTRY KERNEL_LOADADDR \
  UBOOT_PATH IMAGE_SIZE \
+  FACTORY_IMG_NAME FACTORY_SIZE \
  DEVICE_PACKAGES DEVICE_COMPAT_VERSION DEVICE_COMPAT_MESSAGE \
  DEVICE_VENDOR DEVICE_MODEL DEVICE_VARIANT \
  DEVICE_ALT0_VENDOR DEVICE_ALT0_MODEL DEVICE_ALT0_VARIANT \
  DEVICE_ALT1_VENDOR DEVICE_ALT1_MODEL DEVICE_ALT1_VARIANT \
-  DEVICE_ALT2_VENDOR DEVICE_ALT2_MODEL DEVICE_ALT2_VARIANT
+  DEVICE_ALT2_VENDOR DEVICE_ALT2_MODEL DEVICE_ALT2_VARIANT \
+  DEVICE_ALT3_VENDOR DEVICE_ALT3_MODEL DEVICE_ALT3_VARIANT \
+  DEVICE_ALT4_VENDOR DEVICE_ALT4_MODEL DEVICE_ALT4_VARIANT

 define Device/ExportVar
  $(1) : $(2):=$$($(2))
@@ -492,11 +514,11 @@ define Device/Build/initramfs
  $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json: $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE)
 	@mkdir -p $$(shell dirname $$@)
 	DEVICE_ID="$(1)" \
-	BIN_DIR="$(BIN_DIR)" \
 	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
-	DEVICE_IMG_NAME="$$(notdir $$^)" \
-	IMAGE_TYPE="kernel" \
-	IMAGE_FILESYSTEM="initramfs" \
+	FILE_NAME="$$(notdir $$^)" \
+	FILE_DIR="$(KDIR)/tmp" \
+	FILE_TYPE="kernel" \
+	FILE_FILESYSTEM="initramfs" \
 	DEVICE_IMG_PREFIX="$$(DEVICE_IMG_PREFIX)" \
 	DEVICE_VENDOR="$$(DEVICE_VENDOR)" \
 	DEVICE_MODEL="$$(DEVICE_MODEL)" \
@@ -510,6 +532,12 @@ define Device/Build/initramfs
 	DEVICE_ALT2_VENDOR="$$(DEVICE_ALT2_VENDOR)" \
 	DEVICE_ALT2_MODEL="$$(DEVICE_ALT2_MODEL)" \
 	DEVICE_ALT2_VARIANT="$$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$$(DEVICE_ALT4_VARIANT)" \
 	DEVICE_TITLE="$$(DEVICE_TITLE)" \
 	DEVICE_PACKAGES="$$(DEVICE_PACKAGES)" \
 	TARGET="$(BOARD)" \
@@ -524,7 +552,8 @@ endif
 define Device/Build/compile
  $$(_COMPILE_TARGET): $(KDIR)/$(1)
  $(eval $(call Device/Export,$(KDIR)/$(1)))
-  $(KDIR)/$(1):
+  $(KDIR)/$(1): FORCE
+	rm -f $(KDIR)/$(1)
 	$$(call concat_cmd,$(COMPILE/$(1)))

 endef
@@ -536,19 +565,36 @@ define Device/Build/dtb
  $(KDIR)/image-$(1).dtb: FORCE
 	$(call Image/BuildDTB,$(strip $(2))/$(strip $(3)).dts,$$@)

-  image_prepare: $(KDIR)/image-$(1).dtb
+  compile-dtb: $(KDIR)/image-$(1).dtb
+  endif
+
+endef
+
+define Device/Build/dtbo
+  ifndef BUILD_DTSO_$(1)
+  BUILD_DTSO_$(1) := 1
+  $(KDIR)/image-$(1).dtbo: FORCE
+	$(call Image/BuildDTBO,$(strip $(2))/$(strip $(3)).dtso,$$@)
+
+  compile-dtb: $(KDIR)/image-$(1).dtbo
  endif

 endef
 endif

 define Device/Build/kernel
-  $$(eval $$(foreach dts,$$(DEVICE_DTS) $$(DEVICE_DTS_OVERLAY), \
+  $$(eval $$(foreach dts,$$(DEVICE_DTS), \
 	$$(call Device/Build/dtb,$$(notdir $$(dts)), \
 		$$(if $$(DEVICE_DTS_DIR),$$(DEVICE_DTS_DIR),$$(DTS_DIR)), \
 		$$(dts) \
 	) \
  ))
+  $$(eval $$(foreach dtso,$$(DEVICE_DTS_OVERLAY), \
+	$$(call Device/Build/dtbo,$$(notdir $$(dtso)), \
+		$$(if $$(DEVICE_DTS_DIR),$$(DEVICE_DTS_DIR),$$(DTS_DIR)), \
+		$$(dtso) \
+	) \
+  ))

  $(KDIR)/$$(KERNEL_NAME):: image_prepare
  $$(_TARGET): $$(if $$(KERNEL_INSTALL),$(BIN_DIR)/$$(KERNEL_IMAGE))
@@ -599,11 +645,11 @@ define Device/Build/image
  $(BUILD_DIR)/json_info_files/$(call DEVICE_IMG_NAME,$(1),$(2)).json: $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))$$(GZ_SUFFIX)
 	@mkdir -p $$(shell dirname $$@)
 	DEVICE_ID="$(DEVICE_NAME)" \
-	BIN_DIR="$(BIN_DIR)" \
 	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
-	DEVICE_IMG_NAME="$(DEVICE_IMG_NAME)" \
-	IMAGE_TYPE=$(word 1,$(subst ., ,$(2))) \
-	IMAGE_FILESYSTEM="$(1)" \
+	FILE_NAME="$(DEVICE_IMG_NAME)" \
+	FILE_DIR="$(KDIR)/tmp" \
+	FILE_TYPE=$(word 1,$(subst ., ,$(2))) \
+	FILE_FILESYSTEM="$(1)" \
 	DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \
 	DEVICE_VENDOR="$(DEVICE_VENDOR)" \
 	DEVICE_MODEL="$(DEVICE_MODEL)" \
@@ -617,6 +663,12 @@ define Device/Build/image
 	DEVICE_ALT2_VENDOR="$(DEVICE_ALT2_VENDOR)" \
 	DEVICE_ALT2_MODEL="$(DEVICE_ALT2_MODEL)" \
 	DEVICE_ALT2_VARIANT="$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$(DEVICE_ALT4_VARIANT)" \
 	DEVICE_TITLE="$(DEVICE_TITLE)" \
 	DEVICE_PACKAGES="$(DEVICE_PACKAGES)" \
 	TARGET="$(BOARD)" \
@@ -629,7 +681,9 @@ define Device/Build/image
 endef

 define Device/Build/artifact
-  $$(_TARGET): $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)
+  $$(_TARGET): $(if $(CONFIG_JSON_OVERVIEW_IMAGE_INFO), \
+	  $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json, \
+	  $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1))
  $(eval $(call Device/Export,$(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1)))
  $(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1): $$(KDIR_KERNEL_IMAGE) $(2)-images
 	@rm -f $$@
@@ -640,6 +694,41 @@ define Device/Build/artifact
  $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1): $(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1)
 	cp $$^ $$@

+  $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json: $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)
+	@mkdir -p $$(shell dirname $$@)
+	DEVICE_ID="$(DEVICE_NAME)" \
+	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+	FILE_NAME="$(DEVICE_IMG_PREFIX)-$(1)" \
+	FILE_DIR="$(KDIR)/tmp" \
+	FILE_TYPE="$(1)" \
+	DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \
+	DEVICE_VENDOR="$(DEVICE_VENDOR)" \
+	DEVICE_MODEL="$(DEVICE_MODEL)" \
+	DEVICE_VARIANT="$(DEVICE_VARIANT)" \
+	DEVICE_ALT0_VENDOR="$(DEVICE_ALT0_VENDOR)" \
+	DEVICE_ALT0_MODEL="$(DEVICE_ALT0_MODEL)" \
+	DEVICE_ALT0_VARIANT="$(DEVICE_ALT0_VARIANT)" \
+	DEVICE_ALT1_VENDOR="$(DEVICE_ALT1_VENDOR)" \
+	DEVICE_ALT1_MODEL="$(DEVICE_ALT1_MODEL)" \
+	DEVICE_ALT1_VARIANT="$(DEVICE_ALT1_VARIANT)" \
+	DEVICE_ALT2_VENDOR="$(DEVICE_ALT2_VENDOR)" \
+	DEVICE_ALT2_MODEL="$(DEVICE_ALT2_MODEL)" \
+	DEVICE_ALT2_VARIANT="$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$(DEVICE_ALT4_VARIANT)" \
+	DEVICE_TITLE="$(DEVICE_TITLE)" \
+	DEVICE_PACKAGES="$(DEVICE_PACKAGES)" \
+	TARGET="$(BOARD)" \
+	SUBTARGET="$(if $(SUBTARGET),$(SUBTARGET),generic)" \
+	VERSION_NUMBER="$(VERSION_NUMBER)" \
+	VERSION_CODE="$(VERSION_CODE)" \
+	SUPPORTED_DEVICES="$(SUPPORTED_DEVICES)" \
+	$(TOPDIR)/scripts/json_add_image_info.py $$@
+
 endef

 define Device/Build
@@ -672,6 +761,8 @@ $(if $(strip $(DEVICE_ALT0_TITLE)),Alternative device titles:
 - $(DEVICE_ALT0_TITLE))
 $(if $(strip $(DEVICE_ALT1_TITLE)),- $(DEVICE_ALT1_TITLE))
 $(if $(strip $(DEVICE_ALT2_TITLE)),- $(DEVICE_ALT2_TITLE))
+$(if $(strip $(DEVICE_ALT3_TITLE)),- $(DEVICE_ALT3_TITLE))
+$(if $(strip $(DEVICE_ALT4_TITLE)),- $(DEVICE_ALT4_TITLE))
@@

 endef
@@ -689,6 +780,14 @@ ifneq ($$(strip $$(DEVICE_ALT2_TITLE)),)
 DEVICE_DISPLAY = $$(DEVICE_ALT2_TITLE) ($$(DEVICE_TITLE))
 $$(info $$(call Device/DumpInfo,$(1)))
 endif
+ifneq ($$(strip $$(DEVICE_ALT3_TITLE)),)
+DEVICE_DISPLAY = $$(DEVICE_ALT3_TITLE) ($$(DEVICE_TITLE))
+$$(info $$(call Device/DumpInfo,$(1)))
+endif
+ifneq ($$(strip $$(DEVICE_ALT4_TITLE)),)
+DEVICE_DISPLAY = $$(DEVICE_ALT4_TITLE) ($$(DEVICE_TITLE))
+$$(info $$(call Device/DumpInfo,$(1)))
+endif
 DEVICE_DISPLAY = $$(DEVICE_TITLE)
 $$(eval $$(if $$(DEVICE_TITLE),$$(info $$(call Device/DumpInfo,$(1)))))
 endef
@@ -714,24 +813,27 @@ define BuildImage
  download:
  prepare:
  compile:
+  compile-dtb:
  clean:
  image_prepare:

  ifeq ($(IB),)
-    .PHONY: download prepare compile clean image_prepare kernel_prepare install install-images
+    .PHONY: download prepare compile compile-dtb clean image_prepare kernel_prepare install install-images
    compile:
 		$(call Build/Compile)

    clean:
 		$(call Build/Clean)

-    image_prepare: compile
+    compile-dtb:
+    image_prepare: compile compile-dtb
 		mkdir -p $(BIN_DIR) $(KDIR)/tmp
 		rm -rf $(BUILD_DIR)/json_info_files
 		$(call Image/Prepare)

  else
    image_prepare:
+		rm -rf $(KDIR)/tmp
 		mkdir -p $(BIN_DIR) $(KDIR)/tmp
  endif

--- a/include/kernel-5.10
+++ b/include/kernel-5.10
@@ -0,0 +1,2 @@
+LINUX_VERSION-5.10 = .220
+LINUX_KERNEL_HASH-5.10.220 = 7cc3aff924e9707a5dbf1200c79a7f01617e097b9b175d02bda8ca762aeee19b
--- a/include/kernel-5.15
+++ b/include/kernel-5.15
@@ -0,0 +1,2 @@
+LINUX_VERSION-5.15 = .162
+LINUX_KERNEL_HASH-5.15.162 = 91bfc0ea152ce7b102a0b79d35a7c92843874ebf085c99d2ba8b4d85e62b1a7c
--- a/include/kernel-5.4
+++ b/include/kernel-5.4
@@ -0,0 +1,2 @@
+LINUX_VERSION-5.4 = .278
+LINUX_KERNEL_HASH-5.4.278 = e5a00606115545f444ef2766af5652f5539e3c96f46a9778bede89b98ffb8588
--- a/include/kernel-6.1
+++ b/include/kernel-6.1
@@ -0,0 +1,2 @@
+LINUX_VERSION-6.1 = .98
+LINUX_KERNEL_HASH-6.1.98 = 97cdc9127c7700556ea0891267a0c24cf372f4b81636fb8203a914f3a69f3406
--- a/include/kernel-6.6
+++ b/include/kernel-6.6
@@ -0,0 +1,2 @@
+LINUX_VERSION-6.6 = .62
+LINUX_KERNEL_HASH-6.6.62 = e2c35611775534941b9d4dd871f3ae5b988b6594dc9033b5ca784366e07d9336
--- a/include/kernel-build.mk
+++ b/include/kernel-build.mk
@@ -10,7 +10,7 @@ ifneq ($(DUMP),1)
 endif

 KERNEL_FILE_DEPENDS=$(GENERIC_BACKPORT_DIR) $(GENERIC_PATCH_DIR) $(GENERIC_HACK_DIR) $(PATCH_DIR) $(GENERIC_FILES_DIR) $(FILES_DIR)
-STAMP_PREPARED=$(LINUX_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,$(KERNEL_FILE_DEPENDS),)))
+STAMP_PREPARED=$(LINUX_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),$(KERNEL_FILE_DEPENDS),)))
 STAMP_CONFIGURED:=$(LINUX_DIR)/.configured
 include $(INCLUDE_DIR)/download.mk
 include $(INCLUDE_DIR)/quilt.mk
@@ -132,6 +132,7 @@ define BuildKernel
  $(LINUX_DIR)/.modules: export STAGING_PREFIX=$$(STAGING_DIR_HOST)
  $(LINUX_DIR)/.modules: export PKG_CONFIG_PATH=$$(STAGING_DIR_HOST)/lib/pkgconfig
  $(LINUX_DIR)/.modules: export PKG_CONFIG_LIBDIR=$$(STAGING_DIR_HOST)/lib/pkgconfig
+  $(LINUX_DIR)/.modules: export FAIL_ON_UNCONFIGURED=1
  $(LINUX_DIR)/.modules: $(STAMP_CONFIGURED) $(LINUX_DIR)/.config FORCE
 	$(Kernel/CompileModules)
 	touch $$@
@@ -155,13 +156,16 @@ define BuildKernel
  compile: $(LINUX_DIR)/.modules
 	$(MAKE) -C image compile TARGET_BUILD=

+  dtb: $(STAMP_CONFIGURED)
+	$(_SINGLE)$(KERNEL_MAKE) scripts_dtc
+	$(MAKE) -C image compile-dtb TARGET_BUILD=
+
  oldconfig menuconfig nconfig xconfig: $(STAMP_PREPARED) $(STAMP_CHECKED) FORCE
 	rm -f $(LINUX_DIR)/.config.prev
 	rm -f $(STAMP_CONFIGURED)
 	$(LINUX_RECONF_CMD) > $(LINUX_DIR)/.config
 	$(_SINGLE)$(KERNEL_MAKE) \
 		$(if $(findstring Darwin,$(HOST_OS)), \
-			HOST_LOADLIBES="-L$(STAGING_DIR_HOST)/lib -lncurses" \
 			HOSTLDLIBS_mconf="-L$(STAGING_DIR_HOST)/lib -lncurses" \
 			filechk_conf_cfg="	:" \
 		) \
--- a/include/kernel-defaults.mk
+++ b/include/kernel-defaults.mk
@@ -21,7 +21,7 @@ Kernel/Patch:=$(Kernel/Patch/Default)
 ifneq (,$(findstring .xz,$(LINUX_SOURCE)))
  LINUX_CAT:=xzcat
 else
-  LINUX_CAT:=gzip -dc
+  LINUX_CAT:=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc
 endif

 ifeq ($(strip $(CONFIG_EXTERNAL_KERNEL_TREE)),"")
@@ -75,6 +75,7 @@ endif
 	rm -f $(LINUX_DIR)/.config.prev
 	mv $(LINUX_DIR)/.config $(LINUX_DIR)/.config.old
 	$(call Kernel/SetInitramfs/PreConfigure)
+	echo "# CONFIG_INITRAMFS_PRESERVE_MTIME is not set" >> $(LINUX_DIR)/.config
  ifneq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
 	echo 'CONFIG_INITRAMFS_ROOT_UID=$(shell id -u)' >> $(LINUX_DIR)/.config
 	echo 'CONFIG_INITRAMFS_ROOT_GID=$(shell id -g)' >> $(LINUX_DIR)/.config
@@ -99,6 +100,7 @@ define Kernel/SetNoInitramfs
 	grep -v INITRAMFS $(LINUX_DIR)/.config.old > $(LINUX_DIR)/.config.set
 	echo 'CONFIG_INITRAMFS_SOURCE=""' >> $(LINUX_DIR)/.config.set
 	echo '# CONFIG_INITRAMFS_FORCE is not set' >> $(LINUX_DIR)/.config.set
+	echo "# CONFIG_INITRAMFS_PRESERVE_MTIME is not set" >> $(LINUX_DIR)/.config.set
 endef

 define Kernel/Configure/Default
@@ -117,7 +119,7 @@ define Kernel/Configure/Default
 		cp $(LINUX_DIR)/.config.set $(LINUX_DIR)/.config; \
 		cp $(LINUX_DIR)/.config.set $(LINUX_DIR)/.config.prev; \
 	}
-	$(_SINGLE) [ -d $(LINUX_DIR)/user_headers ] || $(KERNEL_MAKE) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
+	$(_SINGLE) [ -d $(LINUX_DIR)/user_headers ] || $(KERNEL_MAKE) $(if $(findstring uml,$(BOARD)),ARCH=$(ARCH)) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
 	grep '=[ym]' $(LINUX_DIR)/.config.set | LC_ALL=C sort | $(MKHASH) md5 > $(LINUX_DIR)/.vermagic
 endef

@@ -127,7 +129,12 @@ endef

 define Kernel/CompileModules/Default
 	rm -f $(LINUX_DIR)/vmlinux $(LINUX_DIR)/System.map
+	+$(KERNEL_MAKE) olddefconfig
 	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
+	# If .config did not change, use the previous timestamp to avoid package rebuilds
+	cmp -s $(LINUX_DIR)/.config $(LINUX_DIR)/.config.modules.save && \
+		mv $(LINUX_DIR)/.config.modules.save $(LINUX_DIR)/.config; \
+	$(CP) $(LINUX_DIR)/.config $(LINUX_DIR)/.config.modules.save
 endef

 OBJCOPY_STRIP = -R .reginfo -R .notes -R .note -R .comment -R .mdebug -R .note.gnu.build-id
@@ -164,20 +171,21 @@ ifneq ($(CONFIG_TARGET_ROOTFS_INITRAMFS),)
 define Kernel/CompileImage/Initramfs
 	$(call Kernel/Configure/Initramfs)
 	$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
-	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR)/init)
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR) $(TARGET_DIR)/init)
 	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*
 ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
-ifeq ($(CONFIG_EXTERNAL_CPIO),y)
+ifneq ($(qstrip $(CONFIG_EXTERNAL_CPIO)),)
 	$(CP) $(CONFIG_EXTERNAL_CPIO) $(KERNEL_BUILD_DIR)/initrd.cpio
 else
-	( cd $(TARGET_DIR); find . | $(STAGING_DIR_HOST)/bin/cpio -o -H newc -R 0:0 > $(KERNEL_BUILD_DIR)/initrd.cpio )
+	( cd $(TARGET_DIR); find . | LC_ALL=C sort | $(STAGING_DIR_HOST)/bin/cpio --reproducible -o -H newc -R 0:0 > $(KERNEL_BUILD_DIR)/initrd.cpio )
 endif
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(KERNEL_BUILD_DIR)/initrd.cpio)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_BZIP2),bzip2 -9 -c < $(KERNEL_BUILD_DIR)/initrd.cpio > $(KERNEL_BUILD_DIR)/initrd.cpio.bzip2)
-	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),gzip -f -S .gzip -9n $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),gzip -n -f -S .gzip -9n $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),$(STAGING_DIR_HOST)/bin/lz4c -l -c1 -fz --favor-decSpeed $(KERNEL_BUILD_DIR)/initrd.cpio)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA),$(STAGING_DIR_HOST)/bin/lzma e -lc1 -lp2 -pb2 $(KERNEL_BUILD_DIR)/initrd.cpio $(KERNEL_BUILD_DIR)/initrd.cpio.lzma)
-# ?	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),)
-	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),$(STAGING_DIR_HOST)/bin/xz -9 -fz --check=crc32 $(KERNEL_BUILD_DIR)/initrd.cpio)
-# ?	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),$(STAGING_DIR_HOST)/bin/lzop -9 -f $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),$(STAGING_DIR_HOST)/bin/xz -T$(if $(filter 1,$(NPROC)),2,0) -9 -fz --check=crc32 $(KERNEL_BUILD_DIR)/initrd.cpio)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD),$(STAGING_DIR_HOST)/bin/zstd -T0 -f -o $(KERNEL_BUILD_DIR)/initrd.cpio.zstd $(KERNEL_BUILD_DIR)/initrd.cpio)
 endif
 	+$(KERNEL_MAKE) $(KERNEL_MAKEOPTS_IMAGE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
--- a/include/kernel-version.mk
+++ b/include/kernel-version.mk
@@ -6,11 +6,21 @@ ifdef CONFIG_TESTING_KERNEL
  KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif

-LINUX_VERSION-5.4 = .156
-LINUX_VERSION-5.10 = .78
+KERNEL_DETAILS_FILE=$(INCLUDE_DIR)/kernel-$(KERNEL_PATCHVER)
+ifeq ($(wildcard $(KERNEL_DETAILS_FILE)),)
+  $(error Missing kernel version/hash file for $(KERNEL_PATCHVER). Please create $(KERNEL_DETAILS_FILE))
+endif

-LINUX_KERNEL_HASH-5.4.156 = 06fe73e4623fcf1b3c0d0e1983d8286a2ff5b8fffbcb2163f4c01696a1c377fe
-LINUX_KERNEL_HASH-5.10.78 = be806c98e222ea581530727a8e83b0b96fcd678afd12944eb530e58776a6050f
+include $(KERNEL_DETAILS_FILE)
+
+ifdef KERNEL_TESTING_PATCHVER
+  KERNEL_TESTING_DETAILS_FILE=$(INCLUDE_DIR)/kernel-$(KERNEL_TESTING_PATCHVER)
+  ifeq ($(wildcard $(KERNEL_TESTING_DETAILS_FILE)),)
+    $(error Missing kernel version/hash file for $(KERNEL_TESTING_PATCHVER). Please create $(KERNEL_TESTING_DETAILS_FILE))
+  endif
+
+  include $(KERNEL_TESTING_DETAILS_FILE)
+endif

 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
--- a/include/kernel.mk
+++ b/include/kernel.mk
@@ -86,10 +86,14 @@ else ifneq (,$(findstring $(ARCH) , arceb ))
  LINUX_KARCH := arc
 else ifneq (,$(findstring $(ARCH) , armeb ))
  LINUX_KARCH := arm
+else ifneq (,$(findstring $(ARCH) , loongarch64 ))
+  LINUX_KARCH := loongarch
 else ifneq (,$(findstring $(ARCH) , mipsel mips64 mips64el ))
  LINUX_KARCH := mips
 else ifneq (,$(findstring $(ARCH) , powerpc64 ))
  LINUX_KARCH := powerpc
+else ifneq (,$(findstring $(ARCH) , riscv64 ))
+  LINUX_KARCH := riscv
 else ifneq (,$(findstring $(ARCH) , sh2 sh3 sh4 ))
  LINUX_KARCH := sh
 else ifneq (,$(findstring $(ARCH) , i386 x86_64 ))
@@ -101,7 +105,7 @@ endif
 KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)

 KERNEL_MAKE_FLAGS = \
-	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR)))" \
+	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR))) $(filter-out -fno-plt,$(call qstrip,$(CONFIG_EXTRA_OPTIMIZATION))) $(call qstrip,$(CONFIG_KERNEL_CFLAGS))" \
 	HOSTCFLAGS="$(HOST_CFLAGS) -Wall -Wmissing-prototypes -Wstrict-prototypes" \
 	CROSS_COMPILE="$(KERNEL_CROSS)" \
 	ARCH="$(LINUX_KARCH)" \
@@ -110,8 +114,7 @@ KERNEL_MAKE_FLAGS = \
 	KBUILD_BUILD_HOST="$(call qstrip,$(CONFIG_KERNEL_BUILD_DOMAIN))" \
 	KBUILD_BUILD_TIMESTAMP="$(KBUILD_BUILD_TIMESTAMP)" \
 	KBUILD_BUILD_VERSION="0" \
-	HOST_LOADLIBES="-L$(STAGING_DIR_HOST)/lib" \
-	KBUILD_HOSTLDLIBS="-L$(STAGING_DIR_HOST)/lib" \
+	KBUILD_HOSTLDFLAGS="-L$(STAGING_DIR_HOST)/lib" \
 	CONFIG_SHELL="$(BASH)" \
 	$(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') \
 	$(if $(PKG_BUILD_ID),LDFLAGS_MODULE=--build-id=0x$(PKG_BUILD_ID)) \
@@ -126,17 +129,17 @@ ifeq ($(call qstrip,$(CONFIG_EXTERNAL_KERNEL_TREE))$(call qstrip,$(CONFIG_KERNEL
 	KERNELRELEASE=$(LINUX_VERSION)
 endif

-KERNEL_MAKEOPTS := -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
+ifneq ($(HOST_OS),Linux)
+  KERNEL_MAKE_FLAGS += CONFIG_STACK_VALIDATION=
+  export SKIP_STACK_VALIDATION:=1
+endif
+
+KERNEL_MAKEOPTS = -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)

 ifdef CONFIG_USE_SPARSE
  KERNEL_MAKEOPTS += C=1 CHECK=$(STAGING_DIR_HOST)/bin/sparse
 endif

-ifneq ($(HOST_OS),Linux)
-  KERNEL_MAKEOPTS += CONFIG_STACK_VALIDATION=
-  export SKIP_STACK_VALIDATION:=1
-endif
-
 PKG_EXTMOD_SUBDIRS ?= .

 PKG_SYMVERS_DIR = $(KERNEL_BUILD_DIR)/symvers
@@ -235,7 +238,7 @@ $(call KernelPackage/$(1)/config)
  $(call KernelPackage/depends)
  $(call KernelPackage/hooks)

-  ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(filter-out %=y %=n %=m,$(KCONFIG)),$($(c)))),.),)
+  ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(call version_filter,$(filter-out %=y %=n %=m,$(KCONFIG))),$($(c)))),.),)
    define Package/kmod-$(1)/install
 		  @for mod in $$(call version_filter,$$(FILES)); do \
 			if grep -q "$$$$$$$${mod##$(LINUX_DIR)/}" "$(LINUX_DIR)/modules.builtin"; then \
--- a/include/meson.mk
+++ b/include/meson.mk
@@ -0,0 +1,146 @@
+# To build your package using meson:
+#
+# include $(INCLUDE_DIR)/meson.mk
+# MESON_ARGS+=-Dfoo -Dbar=baz
+#
+# To pass additional environment variables to meson:
+#
+# MESON_VARS+=FOO=bar
+#
+# Default configure/compile/install targets are provided, but can be
+# overwritten if required:
+#
+# define Build/Configure
+#   $(call Build/Configure/Meson)
+#   ...
+# endef
+#
+# same for Build/Compile and Build/Install
+#
+# Host packages are built in the same fashion, just use these vars instead:
+#
+# MESON_HOST_ARGS+=-Dfoo -Dbar=baz
+# MESON_HOST_VARS+=FOO=bar
+
+MESON_DIR:=$(STAGING_DIR_HOST)/lib/meson
+
+MESON_HOST_BUILD_DIR:=$(HOST_BUILD_DIR)/openwrt-build
+MESON_HOST_VARS:=
+MESON_HOST_ARGS:=
+
+MESON_BUILD_DIR:=$(PKG_BUILD_DIR)/openwrt-build
+MESON_VARS:=
+MESON_ARGS:=
+
+ifneq ($(findstring i386,$(CONFIG_ARCH)),)
+MESON_ARCH:="x86"
+else ifneq ($(findstring powerpc64,$(CONFIG_ARCH)),)
+MESON_ARCH:="ppc64"
+else ifneq ($(findstring powerpc,$(CONFIG_ARCH)),)
+MESON_ARCH:="ppc"
+else ifneq ($(findstring mips64el,$(CONFIG_ARCH)),)
+MESON_ARCH:="mips64"
+else ifneq ($(findstring mipsel,$(CONFIG_ARCH)),)
+MESON_ARCH:="mips"
+else ifneq ($(findstring armeb,$(CONFIG_ARCH)),)
+MESON_ARCH:="arm"
+else
+MESON_ARCH:=$(CONFIG_ARCH)
+endif
+
+# this is undefined for just x64_64
+ifeq ($(origin CPU_TYPE),undefined)
+MESON_CPU:="generic"
+else
+MESON_CPU:="$(CPU_TYPE)$(if $(CPU_SUBTYPE),+$(CPU_SUBTYPE))"
+endif
+
+define Meson
+	$(2) $(STAGING_DIR_HOST)/bin/$(PYTHON) $(STAGING_DIR_HOST)/bin/meson.py $(1)
+endef
+
+define Meson/CreateNativeFile
+	$(STAGING_DIR_HOST)/bin/sed \
+		-e "s|@CC@|$(foreach BIN,$(HOSTCC),'$(BIN)',)|" \
+		-e "s|@CXX@|$(foreach BIN,$(HOSTCXX),'$(BIN)',)|" \
+		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
+		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \
+		-e "s|@CFLAGS@|$(foreach FLAG,$(HOST_CFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
+		-e "s|@CXXFLAGS@|$(foreach FLAG,$(HOST_CXXFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
+		-e "s|@LDFLAGS@|$(foreach FLAG,$(HOST_LDFLAGS),'$(FLAG)',)|" \
+		-e "s|@PREFIX@|$(HOST_BUILD_PREFIX)|" \
+		< $(MESON_DIR)/openwrt-native.txt.in \
+		> $(1)
+endef
+
+define Meson/CreateCrossFile
+	$(STAGING_DIR_HOST)/bin/sed \
+		-e "s|@CC@|$(foreach BIN,$(TARGET_CC),'$(BIN)',)|" \
+		-e "s|@CXX@|$(foreach BIN,$(TARGET_CXX),'$(BIN)',)|" \
+		-e "s|@AR@|$(TARGET_AR)|" \
+		-e "s|@STRIP@|$(TARGET_CROSS)strip|" \
+		-e "s|@NM@|$(TARGET_NM)|" \
+		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
+		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \
+		-e "s|@CFLAGS@|$(foreach FLAG,$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
+		-e "s|@CXXFLAGS@|$(foreach FLAG,$(TARGET_CXXFLAGS) $(EXTRA_CXXFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
+		-e "s|@LDFLAGS@|$(foreach FLAG,$(TARGET_LDFLAGS) $(EXTRA_LDFLAGS),'$(FLAG)',)|" \
+		-e "s|@ARCH@|$(MESON_ARCH)|" \
+		-e "s|@CPU@|$(MESON_CPU)|" \
+		-e "s|@ENDIAN@|$(if $(CONFIG_BIG_ENDIAN),big,little)|" \
+		< $(MESON_DIR)/openwrt-cross.txt.in \
+		> $(1)
+endef
+
+define Host/Configure/Meson
+	$(call Meson/CreateNativeFile,$(HOST_BUILD_DIR)/openwrt-native.txt)
+	$(call Meson, \
+		--native-file $(HOST_BUILD_DIR)/openwrt-native.txt \
+		$(MESON_HOST_ARGS) \
+		$(MESON_HOST_BUILD_DIR) \
+		$(MESON_HOST_BUILD_DIR)/.., \
+		$(MESON_HOST_VARS))
+endef
+
+define Host/Compile/Meson
+	+$(NINJA) -C $(MESON_HOST_BUILD_DIR) $(1)
+endef
+
+define Host/Install/Meson
+	+$(NINJA) -C $(MESON_HOST_BUILD_DIR) install
+endef
+
+define Host/Uninstall/Meson
+	+$(NINJA) -C $(MESON_HOST_BUILD_DIR) uninstall || true
+endef
+
+define Build/Configure/Meson
+	$(call Meson/CreateNativeFile,$(PKG_BUILD_DIR)/openwrt-native.txt)
+	$(call Meson/CreateCrossFile,$(PKG_BUILD_DIR)/openwrt-cross.txt)
+	$(call Meson, \
+		--buildtype plain \
+		--native-file $(PKG_BUILD_DIR)/openwrt-native.txt \
+		--cross-file $(PKG_BUILD_DIR)/openwrt-cross.txt \
+		$(MESON_ARGS) \
+		$(MESON_BUILD_DIR) \
+		$(MESON_BUILD_DIR)/.., \
+		$(MESON_VARS))
+endef
+
+define Build/Compile/Meson
+	+$(NINJA) -C $(MESON_BUILD_DIR) $(1)
+endef
+
+define Build/Install/Meson
+	+DESTDIR="$(PKG_INSTALL_DIR)" $(NINJA) -C $(MESON_BUILD_DIR) install
+endef
+
+Host/Configure=$(call Host/Configure/Meson)
+Host/Compile=$(call Host/Compile/Meson)
+Host/Install=$(call Host/Install/Meson)
+Host/Uninstall=$(call Host/Uninstall/Meson)
+Build/Configure=$(call Build/Configure/Meson)
+Build/Compile=$(call Build/Compile/Meson)
+Build/Install=$(call Build/Install/Meson)
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -48,8 +48,6 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comme
 $(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster))

 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_common))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_V4)nf_log_ipv4))
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
 $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time))
@@ -156,7 +154,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV6, $(P_V6)

 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6,lt 5.13),))

 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))

@@ -172,11 +170,21 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
 $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
 $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))

+# log
+
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_COMMON, $(P_XT)nf_log_common, lt 5.13))
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_IPV4, $(P_V4)nf_log_ipv4, lt 5.13))
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_SYSLOG, $(P_XT)nf_log_syslog, ge 5.13))
+# $(eval $(if $(NF_KMOD),$(call nf_add,NF_LOG6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6,lt 5.13),))
+
 # nat

 # kernel only
 $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))

+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4, lt 5.1)))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6, lt 5.1)))
+
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_NAT, $(P_V6)ip6table_nat),))
@@ -206,6 +214,8 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE, $(P_XT)nf_conntrack_proto_gre, lt 5.1))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE, $(P_V4)nf_nat_proto_gre, lt 5.0))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_H323, $(P_V4)nf_nat_h323))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_PPTP, $(P_XT)nf_conntrack_pptp))
@@ -220,11 +230,6 @@ $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_connt
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_IRC, $(P_XT)nf_nat_irc))


-# ulog
-
-$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
-
-
 # nflog

 $(eval $(call nf_add,IPT_NFLOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG))
@@ -239,14 +244,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N

 $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))

-# tproxy
+# socket
+$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
+$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
+$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))

-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
+# tproxy
+$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
+$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
 $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))

 # led
 $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED))
@@ -310,7 +316,6 @@ $(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))

 # watchers
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
-$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue))

@@ -332,6 +337,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft

 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_EBT)nf_conntrack_bridge),))

 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),))
@@ -349,6 +355,14 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib

 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),))

+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_TPROXY,CONFIG_NFT_TPROXY, $(P_XT)nft_tproxy),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_XFRM,CONFIG_NFT_XFRM, $(P_XT)nft_xfrm),))
+
 # userland only
 IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)
 IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
@@ -373,7 +387,6 @@ IPT_BUILTIN += $(IPT_NAT6-y)
 IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
 IPT_BUILTIN += $(NF_NATHELPER-y)
 IPT_BUILTIN += $(NF_NATHELPER_EXTRA-y)
-IPT_BUILTIN += $(IPT_ULOG-y)
 IPT_BUILTIN += $(IPT_TPROXY-y)
 IPT_BUILTIN += $(NFNETLINK-y)
 IPT_BUILTIN += $(NFNETLINK_LOG-y)
--- a/include/nls.mk
+++ b/include/nls.mk
@@ -10,27 +10,38 @@ ifeq ($(CONFIG_BUILD_NLS),y)
 	INTL_PREFIX:=$(STAGING_DIR)/usr/lib/libintl-full
 	INTL_FULL:=1

-# iconv stub
+	CMAKE_OPTIONS += -DCMAKE_PREFIX_PATH="$(ICONV_PREFIX);$(INTL_PREFIX)"
 else
-	ICONV_PREFIX:=$(STAGING_DIR)/usr/lib/libiconv-stub
+	ICONV_PREFIX:=
 	ICONV_FULL:=

-	INTL_PREFIX:=$(STAGING_DIR)/usr/lib/libintl-stub
+	INTL_PREFIX:=
 	INTL_FULL:=
 endif

 PKG_CONFIG_DEPENDS += CONFIG_BUILD_NLS
-PKG_BUILD_DEPENDS += !BUILD_NLS:libiconv !BUILD_NLS:gettext

 ICONV_DEPENDS:=+BUILD_NLS:libiconv-full
-ICONV_CFLAGS:=-I$(ICONV_PREFIX)/include
-ICONV_CPPFLAGS:=-I$(ICONV_PREFIX)/include
-ICONV_LDFLAGS:=-L$(ICONV_PREFIX)/lib -Wl,-rpath-link=$(ICONV_PREFIX)/lib
+ifeq ($(CONFIG_BUILD_NLS),y)
+	ICONV_CFLAGS:=-I$(ICONV_PREFIX)/include
+	ICONV_CPPFLAGS:=-I$(ICONV_PREFIX)/include
+	ICONV_LDFLAGS:=-L$(ICONV_PREFIX)/lib -Wl,-rpath-link=$(ICONV_PREFIX)/lib
+else
+	ICONV_CFLAGS:=
+	ICONV_CPPFLAGS:=
+	ICONV_LDFLAGS:=
+endif

 INTL_DEPENDS:=+BUILD_NLS:libintl-full
-INTL_CFLAGS:=-I$(INTL_PREFIX)/include
-INTL_CPPFLAGS:=-I$(INTL_PREFIX)/include
-INTL_LDFLAGS:=-L$(INTL_PREFIX)/lib -Wl,-rpath-link=$(INTL_PREFIX)/lib
+ifeq ($(CONFIG_BUILD_NLS),y)
+	INTL_CFLAGS:=-I$(INTL_PREFIX)/include
+	INTL_CPPFLAGS:=-I$(INTL_PREFIX)/include
+	INTL_LDFLAGS:=-L$(INTL_PREFIX)/lib -Wl,-rpath-link=$(INTL_PREFIX)/lib
+else
+	INTL_CFLAGS:=
+	INTL_CPPFLAGS:=
+	INTL_LDFLAGS:=
+endif

 TARGET_CFLAGS += $(ICONV_CFLAGS) $(INTL_CFLAGS)
 TARGET_CPPFLAGS += $(ICONV_CPPFLAGS) $(INTL_CPPFLAGS)
--- a/include/openssl-module.mk
+++ b/include/openssl-module.mk
@@ -0,0 +1,79 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2022-2023 Enéas Ulir de Queiroz
+
+ENGINES_DIR=engines-3
+
+define Package/openssl/module/Default
+  SECTION:=libs
+  CATEGORY:=Libraries
+  SUBMENU:=SSL
+  DEPENDS:=libopenssl +libopenssl-conf
+endef
+
+define Package/openssl/engine/Default
+  $(Package/openssl/module/Default)
+  DEPENDS+=@OPENSSL_ENGINE
+endef
+
+
+# 1 = moudule type (engine|provider)
+# 2 = module name
+# 3 = directory to save .so file
+# 4 = [ package name, defaults to libopenssl-$(2) ]
+define Package/openssl/add-module
+  $(eval MOD_TYPE:=$(1))
+  $(eval MOD_NAME:=$(2))
+  $(eval MOD_DIR:=$(3))
+  $(eval OSSL_PKG:=$(if $(4),$(4),libopenssl-$(MOD_NAME)))
+  $(info Package/openssl/add-module 1='$(1)'; 2='$(2)'; 3='$(3)' 4='$(4)')
+  $(info MOD_TYPE='$(MOD_TYPE)'; MOD_NAME='$(MOD_NAME)'; MOD_DIR='$(MOD_DIR)' OSSL_PKG='$(OSSL_PKG)')
+  Package/$(OSSL_PKG)/conffiles:=/etc/ssl/modules.cnf.d/$(MOD_NAME).cnf
+
+  define Package/$(OSSL_PKG)/install
+	$$(INSTALL_DIR)  $$(1)/$(MOD_DIR)
+	$$(INSTALL_BIN)  $$(PKG_INSTALL_DIR)/$(MOD_DIR)/$(MOD_NAME).so \
+			 $$(1)/$(MOD_DIR)
+	$$(INSTALL_DIR)  $$(1)/etc/ssl/modules.cnf.d
+	$$(INSTALL_DATA) ./files/$(MOD_NAME).cnf $$(1)/etc/ssl/modules.cnf.d/
+  endef
+
+  define Package/$(OSSL_PKG)/postinst
+#!/bin/sh
+OPENSSL_UCI="$$$${IPKG_INSTROOT}/etc/config/openssl"
+
+[ -z "$$$${IPKG_INSTROOT}" ] \
+	&& uci -q get openssl.$(MOD_NAME) >/dev/null \
+	&& exit 0
+
+cat << EOF >> "$$$${OPENSSL_UCI}"
+
+config $(MOD_TYPE) '$(MOD_NAME)'
+	option enabled '1'
+EOF
+
+[ -n "$$$${IPKG_INSTROOT}" ] || /etc/init.d/openssl reload
+exit 0
+  endef
+
+  define Package/$(OSSL_PKG)/postrm
+#!/bin/sh
+[ -n "$$$${IPKG_INSTROOT}" ] && exit 0
+uci -q delete openssl.$(MOD_NAME) && uci commit openssl
+/etc/init.d/openssl reload
+exit 0
+  endef
+endef
+
+# 1 = engine name
+# 2 - package name, defaults to libopenssl-$(1)
+define Package/openssl/add-engine
+  $(call Package/openssl/add-module,engine,$(1),/usr/lib/$(ENGINES_DIR),$(2))
+endef
+
+# 1 = provider name
+# 2 = [ package name, defaults to libopenssl-$(1) ]
+define Package/openssl/add-provider
+  $(call Package/openssl/add-module,provider,$(1),/usr/lib/ossl-modules,$(2))
+endef
+
--- a/include/package-bin.mk
+++ b/include/package-bin.mk
@@ -4,7 +4,8 @@

 ifeq ($(DUMP),)
  define BuildTarget/bin
-    ifeq ($(if $(VARIANT),$(BUILD_VARIANT)),$(VARIANT))
+    TARGET_VARIANT=$(if $(ALL_VARIANTS),$(if $(VARIANT),$(filter-out *,$(VARIANT)),$(firstword $(ALL_VARIANTS))))
+    ifeq ($(if $(TARGET_VARIANT),$(BUILD_VARIANT)),$(TARGET_VARIANT))
    ifdef Package/$(1)/install
      ifneq ($(CONFIG_PACKAGE_$(1))$(DEVELOPER),)
        $(_pkg_target)compile: $(PKG_BUILD_DIR)/.pkgdir/$(1).installed
--- a/include/package-defaults.mk
+++ b/include/package-defaults.mk
@@ -2,7 +2,7 @@
 #
 # Copyright (C) 2006-2020 OpenWrt.org

-PKG_DEFAULT_DEPENDS = +libc +USE_GLIBC:librt +USE_GLIBC:libpthread
+PKG_DEFAULT_DEPENDS = +libc

 ifneq ($(PKG_NAME),toolchain)
  PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))
--- a/include/package-ipkg.mk
+++ b/include/package-ipkg.mk
@@ -105,7 +105,8 @@ ifeq ($(DUMP),)
    IDIR_$(1):=$(PKG_BUILD_DIR)/ipkg-$(PKGARCH)/$(1)
    KEEP_$(1):=$(strip $(call Package/$(1)/conffiles))

-    ifeq ($(BUILD_VARIANT),$$(if $$(VARIANT),$$(VARIANT),$(BUILD_VARIANT)))
+    TARGET_VARIANT:=$$(if $(ALL_VARIANTS),$$(if $$(VARIANT),$$(filter-out *,$$(VARIANT)),$(firstword $(ALL_VARIANTS))))
+    ifeq ($(BUILD_VARIANT),$$(if $$(TARGET_VARIANT),$$(TARGET_VARIANT),$(BUILD_VARIANT)))
    do_install=
    ifdef Package/$(1)/install
      do_install=yes
@@ -263,7 +264,7 @@ $(_endef)
    endif

 	$(INSTALL_DIR) $$(PDIR_$(1))
-	$(FAKEROOT) $(SCRIPT_DIR)/ipkg-build -m "$(FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
+	$(FAKEROOT) $(STAGING_DIR_HOST)/bin/bash $(SCRIPT_DIR)/ipkg-build -m "$(FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
 	@[ -f $$(IPKG_$(1)) ]

    $(1)-clean:
--- a/include/package.mk
+++ b/include/package.mk
@@ -11,8 +11,7 @@ include $(INCLUDE_DIR)/download.mk
 PKG_BUILD_DIR ?= $(BUILD_DIR)/$(if $(BUILD_VARIANT),$(PKG_NAME)-$(BUILD_VARIANT)/)$(PKG_NAME)$(if $(PKG_VERSION),-$(PKG_VERSION))
 PKG_INSTALL_DIR ?= $(PKG_BUILD_DIR)/ipkg-install
 PKG_BUILD_PARALLEL ?=
-PKG_USE_MIPS16 ?= 1
-PKG_IREMAP ?= 1
+PKG_SKIP_DOWNLOAD=$(USE_SOURCE_DIR)$(USE_GIT_TREE)$(USE_GIT_SRC_CHECKOUT)

 MAKE_J:=$(if $(MAKE_JOBSERVER),$(MAKE_JOBSERVER) $(if $(filter 3.% 4.0 4.1,$(MAKE_VERSION)),-j))

@@ -23,17 +22,52 @@ PKG_JOBS?=-j1
 else
 PKG_JOBS?=$(if $(PKG_BUILD_PARALLEL),$(MAKE_J),-j1)
 endif
-ifdef CONFIG_USE_MIPS16
-  ifeq ($(strip $(PKG_USE_MIPS16)),1)
-    TARGET_ASFLAGS_DEFAULT = $(filter-out -mips16 -minterlink-mips16,$(TARGET_CFLAGS))
-    TARGET_CFLAGS += -mips16 -minterlink-mips16
-  endif
+
+PKG_BUILD_FLAGS?=
+# TODO remove this when all packages moved to PKG_BUILD_FLAGS=no-mips16
+PKG_USE_MIPS16?=1
+ifneq ($(strip $(PKG_USE_MIPS16)),1)
+  PKG_BUILD_FLAGS+=no-mips16
 endif
-ifeq ($(strip $(PKG_IREMAP)),1)
+
+__unknown_flags=$(filter-out no-iremap no-mips16 gc-sections no-gc-sections lto no-lto no-mold,$(PKG_BUILD_FLAGS))
+ifneq ($(__unknown_flags),)
+  $(error unknown PKG_BUILD_FLAGS: $(__unknown_flags))
+endif
+
+# $1=flagname, $2=default (0/1)
+define pkg_build_flag
+$(if $(filter no-$(1),$(PKG_BUILD_FLAGS)),0,$(if $(filter $(1),$(PKG_BUILD_FLAGS)),1,$(2)))
+endef
+
+ifeq ($(call pkg_build_flag,iremap,1),1)
  IREMAP_CFLAGS = $(call iremap,$(PKG_BUILD_DIR),$(notdir $(PKG_BUILD_DIR)))
  TARGET_CFLAGS += $(IREMAP_CFLAGS)
 endif

+ifdef CONFIG_USE_MIPS16
+  ifeq ($(call pkg_build_flag,mips16,1),1)
+    TARGET_ASFLAGS_DEFAULT = $(filter-out -mips16 -minterlink-mips16,$(TARGET_CFLAGS))
+    TARGET_CFLAGS += -mips16 -minterlink-mips16
+    TARGET_CXXFLAGS += -mips16 -minterlink-mips16
+  endif
+endif
+ifeq ($(call pkg_build_flag,gc-sections,$(if $(CONFIG_USE_GC_SECTIONS),1,0)),1)
+  TARGET_CFLAGS+= -ffunction-sections -fdata-sections
+  TARGET_CXXFLAGS+= -ffunction-sections -fdata-sections
+  TARGET_LDFLAGS+= -Wl,--gc-sections
+endif
+ifeq ($(call pkg_build_flag,lto,$(if $(CONFIG_USE_LTO),1,0)),1)
+  TARGET_CFLAGS+= -flto=auto -fno-fat-lto-objects
+  TARGET_CXXFLAGS+= -flto=auto -fno-fat-lto-objects
+  TARGET_LDFLAGS+= -flto=auto -fuse-linker-plugin
+endif
+ifdef CONFIG_USE_MOLD
+  ifeq ($(call pkg_build_flag,mold,1),1)
+    TARGET_LINKER:=mold
+  endif
+endif
+
 include $(INCLUDE_DIR)/hardening.mk
 include $(INCLUDE_DIR)/prereq.mk
 include $(INCLUDE_DIR)/unpack.mk
@@ -84,7 +118,7 @@ ifneq ($(PREV_STAMP_PREPARED),)
  STAMP_PREPARED:=$(PREV_STAMP_PREPARED)
  CONFIG_AUTOREBUILD:=
 else
-  STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(PKG_PREPARED_DEPENDS)))
+  STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(PKG_PREPARED_DEPENDS)))
 endif
 STAMP_CONFIGURED=$(PKG_BUILD_DIR)/.configured$(if $(DUMP),,_$(call confvar,$(PKG_CONFIG_DEPENDS)))
 STAMP_CONFIGURED_WILDCARD=$(PKG_BUILD_DIR)/.configured_*
@@ -183,7 +217,7 @@ define Build/CoreTargets
  $(call Build/Autoclean)
  $(call DefaultTargets)

-  $(DL_DIR)/$(FILE): FORCE
+  $(call check_download_integrity)

  download:
 	$(foreach hook,$(Hooks/Download),
@@ -258,13 +292,13 @@ define Build/CoreTargets
  ifneq ($(CONFIG_AUTOREMOVE),)
    compile:
 		-touch -r $(PKG_BUILD_DIR)/.built $(PKG_BUILD_DIR)/.autoremove 2>/dev/null >/dev/null
-		$(FIND) $(PKG_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -and -not -name '.pkgdir' | \
-			$(XARGS) rm -rf
+		$(FIND) $(PKG_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -and -not -name '.pkgdir'  -print0 | \
+			$(XARGS) -0 rm -rf
  endif
 endef

 define Build/DefaultTargets
-  $(if $(USE_SOURCE_DIR)$(USE_GIT_TREE)$(USE_GIT_SRC_CHECKOUT),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
+  $(if $(PKG_SKIP_DOWNLOAD),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
  $(if $(DUMP),,$(Build/CoreTargets))

  define Build/DefaultTargets
--- a/include/prereq-build.mk
+++ b/include/prereq-build.mk
@@ -49,10 +49,16 @@ $(eval $(call TestHostCommand,working-g++, \
 		g++ -x c++ -o $(TMP_DIR)/a.out - -lstdc++ && \
 		$(TMP_DIR)/a.out))

-$(eval $(call TestHostCommand,ncurses, \
+$(eval $(call RequireCHeader,ncurses.h, \
 	Please install ncurses. (Missing libncurses.so or ncurses.h), \
-	echo 'int main(int argc, char **argv) { initscr(); return 0; }' | \
-		gcc -include ncurses.h -x c -o $(TMP_DIR)/a.out - -lncurses))
+	initscr(), -lncurses))
+
+$(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
+	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule, \
+	git submodule --help | grep -- --recursive))
+
+$(eval $(call SetupHostCommand,rsync,Please install 'rsync', \
+	rsync --version </dev/null))
 endif # IB

 ifeq ($(HOST_OS),Linux)
@@ -130,13 +136,21 @@ $(eval $(call SetupHostCommand,getopt, \
 	Please install an extended getopt version that supports --long, \
 	gnugetopt -o t --long test -- --test | grep '^ *--test *--', \
 	getopt -o t --long test -- --test | grep '^ *--test *--', \
-	/usr/local/opt/gnu-getopt/bin/getopt -o t --long test -- --test | grep '^ *--test *--'))
+	/usr/local/opt/gnu-getopt/bin/getopt -o t --long test -- --test | grep '^ *--test *--', \
+	/opt/local/bin/getopt -o t --long test -- --test | grep '^ *--test *--'))
+
+$(eval $(call SetupHostCommand,realpath,Please install a 'realpath' utility, \
+	grealpath /, \
+	realpath /))

 $(eval $(call SetupHostCommand,stat,Cannot find a file stat utility, \
 	gnustat -c%s $(TOPDIR)/Makefile, \
 	gstat -c%s $(TOPDIR)/Makefile, \
 	stat -c%s $(TOPDIR)/Makefile))

+$(eval $(call SetupHostCommand,gzip,Please install 'gzip', \
+	gzip --version </dev/null))
+
 $(eval $(call SetupHostCommand,unzip,Please install 'unzip', \
 	unzip 2>&1 | grep zipfile, \
 	unzip))
@@ -157,38 +171,62 @@ $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \
 $(eval $(call CleanupPython2))

 $(eval $(call SetupHostCommand,python,Please install Python >= 3.6, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
+	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.[6-9]\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|[0-9][0-9])\.?'))

 $(eval $(call SetupHostCommand,python3,Please install Python >= 3.6, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
+	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.[6-9]\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|[0-9][0-9])\.?'))

-$(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
-	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule))
+$(eval $(call TestHostCommand,python3-distutils, \
+	Please install the Python3 distutils module, \
+	$(STAGING_DIR_HOST)/bin/python3 -c 'from distutils import util'))
+
+$(eval $(call TestHostCommand,python3-stdlib, \
+	Please install the Python3 stdlib module, \
+	$(STAGING_DIR_HOST)/bin/python3 -c 'import ntpath'))

 $(eval $(call SetupHostCommand,file,Please install the 'file' package, \
 	file --version 2>&1 | grep file))

-$(eval $(call SetupHostCommand,rsync,Please install 'rsync', \
-	rsync --version </dev/null))
-
 $(eval $(call SetupHostCommand,which,Please install 'which', \
-	which which | grep which))
+	/usr/bin/which which, \
+	/bin/which which, \
+	which which))
+
+ifeq ($(HOST_OS),Linux)
+  $(eval $(call RequireCHeader,argp.h, \
+	Missing argp.h Please install the argp-standalone package if musl libc))
+
+  $(eval $(call RequireCHeader,fts.h, \
+	Missing fts.h Please install the musl-fts-dev package if musl libc))
+
+  $(eval $(call RequireCHeader,obstack.h, \
+	Missing obstack.h Please install the musl-obstack-dev package if musl libc))
+
+  $(eval $(call RequireCHeader,libintl.h, \
+	Missing libintl.h Please install the musl-libintl package if musl libc))
+endif

 $(STAGING_DIR_HOST)/bin/mkhash: $(SCRIPT_DIR)/mkhash.c
 	mkdir -p $(dir $@)
 	$(CC) -O2 -I$(TOPDIR)/tools/include -o $@ $<

-prereq: $(STAGING_DIR_HOST)/bin/mkhash
+$(STAGING_DIR_HOST)/bin/xxd: $(SCRIPT_DIR)/xxdi.pl
+	$(LN) $< $@
+
+prereq: $(STAGING_DIR_HOST)/bin/mkhash $(STAGING_DIR_HOST)/bin/xxd

 # Install ldconfig stub
 $(eval $(call TestHostCommand,ldconfig-stub,Failed to install stub, \
-	touch $(STAGING_DIR_HOST)/bin/ldconfig && \
-	chmod +x $(STAGING_DIR_HOST)/bin/ldconfig))
+	$(LN) $(SCRIPT_DIR)/noop.sh $(STAGING_DIR_HOST)/bin/ldconfig))
--- a/include/prereq.mk
+++ b/include/prereq.mk
@@ -49,7 +49,7 @@ endef

 define RequireCommand
  define Require/$(1)
-    which $(1)
+    command -v $(1)
  endef

  $$(eval $$(call Require,$(1),$(2)))
@@ -63,6 +63,18 @@ define RequireHeader
  $$(eval $$(call Require,$(1),$(2)))
 endef

+# 1: header to test
+# 2: failure message
+# 3: optional compile time test
+# 4: optional link library test (example -lncurses)
+define RequireCHeader
+  define Require/$(1)
+    echo 'int main(int argc, char **argv) { $(3); return 0; }' | gcc -include $(1) -x c -o $(TMP_DIR)/a.out - $(4)
+  endef
+
+  $$(eval $$(call Require,$(1),$(2)))
+endef
+
 define CleanupPython2
  define Require/python2-cleanup
 	if [ -f "$(STAGING_DIR_HOST)/bin/python" ] && \
@@ -103,7 +115,7 @@ define SetupHostCommand
 	           $(call QuoteHostCommand,$(11)) $(call QuoteHostCommand,$(12)); do \
 		if [ -n "$$$$$$$$cmd" ]; then \
 			bin="$$$$$$$$(PATH="$(subst $(space),:,$(filter-out $(STAGING_DIR_HOST)/%,$(subst :,$(space),$(PATH))))" \
-				which "$$$$$$$${cmd%% *}")"; \
+				command -v "$$$$$$$${cmd%% *}")"; \
 			if [ -x "$$$$$$$$bin" ] && eval "$$$$$$$$cmd" >/dev/null 2>/dev/null; then \
 				mkdir -p "$(STAGING_DIR_HOST)/bin"; \
 				ln -sf "$$$$$$$$bin" "$(STAGING_DIR_HOST)/bin/$(strip $(1))"; \
--- a/include/quilt.mk
+++ b/include/quilt.mk
@@ -116,7 +116,7 @@ define Quilt/RefreshDir
 endef

 define Quilt/Refresh/Host
-	$(call Quilt/RefreshDir,$(HOST_BUILD_DIR),$(PATCH_DIR))
+	$(call Quilt/RefreshDir,$(HOST_BUILD_DIR),$(HOST_PATCH_DIR))
 endef

 define Quilt/Refresh/Package
--- a/include/scan.mk
+++ b/include/scan.mk
@@ -11,7 +11,7 @@ TARGET_STAMP:=$(TMP_DIR)/info/.files-$(SCAN_TARGET).stamp
 FILELIST:=$(TMP_DIR)/info/.files-$(SCAN_TARGET)-$(SCAN_COOKIE)
 OVERRIDELIST:=$(TMP_DIR)/info/.overrides-$(SCAN_TARGET)-$(SCAN_COOKIE)

-export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
+export PATH:=$(STAGING_DIR_HOST)/bin:$(PATH)

 define feedname
 $(if $(patsubst feeds/%,,$(1)),,$(word 2,$(subst /, ,$(1))))
@@ -72,7 +72,7 @@ endif

 $(FILELIST): $(OVERRIDELIST)
 	rm -f $(TMP_DIR)/info/.files-$(SCAN_TARGET)-*
-	find -L $(SCAN_DIR) $(SCAN_EXTRA) -mindepth 1 $(if $(SCAN_DEPTH),-maxdepth $(SCAN_DEPTH)) -name Makefile | xargs grep -aHE 'call $(GREP_STRING)' | sed -e 's#^$(SCAN_DIR)/##' -e 's#/Makefile:.*##' | uniq | awk -v of=$(OVERRIDELIST) -f include/scan.awk > $@
+	find -L $(SCAN_DIR) -mindepth 1 $(if $(SCAN_DEPTH),-maxdepth $(SCAN_DEPTH)) $(SCAN_EXTRA) -name Makefile | xargs grep -aHE 'call $(GREP_STRING)' | sed -e 's#^$(SCAN_DIR)/##' -e 's#/Makefile:.*##' | uniq | awk -v of=$(OVERRIDELIST) -f include/scan.awk > $@

 $(TMP_DIR)/info/.files-$(SCAN_TARGET).mk: $(FILELIST)
 	( \
--- a/include/site/loongarch64
+++ b/include/site/loongarch64
@@ -0,0 +1,30 @@
+#!/bin/sh
+. $TOPDIR/include/site/linux
+ac_cv_c_littleendian=${ac_cv_c_littleendian=yes}
+ac_cv_c_bigendian=${ac_cv_c_bigendian=no}
+
+ac_cv_sizeof___int64=0
+ac_cv_sizeof_char=1
+ac_cv_sizeof_int=4
+ac_cv_sizeof_int16_t=2
+ac_cv_sizeof_int32_t=4
+ac_cv_sizeof_int64_t=8
+ac_cv_sizeof_long_int=8
+ac_cv_sizeof_long_long=8
+ac_cv_sizeof_long=8
+ac_cv_sizeof_off_t=8
+ac_cv_sizeof_short_int=2
+ac_cv_sizeof_short=2
+ac_cv_sizeof_size_t=8
+ac_cv_sizeof_ssize_t=8
+ac_cv_sizeof_u_int16_t=2
+ac_cv_sizeof_u_int32_t=4
+ac_cv_sizeof_u_int64_t=8
+ac_cv_sizeof_uint16_t=2
+ac_cv_sizeof_uint32_t=4
+ac_cv_sizeof_uint64_t=8
+ac_cv_sizeof_unsigned_int=4
+ac_cv_sizeof_unsigned_long=8
+ac_cv_sizeof_unsigned_long_long=8
+ac_cv_sizeof_unsigned_short=2
+ac_cv_sizeof_void_p=8
--- a/include/site/riscv64
+++ b/include/site/riscv64
@@ -0,0 +1,30 @@
+#!/bin/sh
+. $TOPDIR/include/site/linux
+ac_cv_c_littleendian=${ac_cv_c_littleendian=yes}
+ac_cv_c_bigendian=${ac_cv_c_bigendian=no}
+
+ac_cv_sizeof___int64=8
+ac_cv_sizeof_char=1
+ac_cv_sizeof_int=4
+ac_cv_sizeof_int16_t=2
+ac_cv_sizeof_int32_t=4
+ac_cv_sizeof_int64_t=8
+ac_cv_sizeof_long_int=8
+ac_cv_sizeof_long_long=8
+ac_cv_sizeof_long=8
+ac_cv_sizeof_off_t=8
+ac_cv_sizeof_short_int=2
+ac_cv_sizeof_short=2
+ac_cv_sizeof_size_t=8
+ac_cv_sizeof_ssize_t=8
+ac_cv_sizeof_u_int16_t=2
+ac_cv_sizeof_u_int32_t=4
+ac_cv_sizeof_u_int64_t=8
+ac_cv_sizeof_uint16_t=2
+ac_cv_sizeof_uint32_t=4
+ac_cv_sizeof_uint64_t=8
+ac_cv_sizeof_unsigned_int=4
+ac_cv_sizeof_unsigned_long=8
+ac_cv_sizeof_unsigned_long_long=8
+ac_cv_sizeof_unsigned_short=2
+ac_cv_sizeof_void_p=8
--- a/include/subdir.mk
+++ b/include/subdir.mk
@@ -5,6 +5,9 @@
 ifeq ($(MAKECMDGOALS),prereq)
  SUBTARGETS:=prereq
  PREREQ_ONLY:=1
+# For target/linux related target add dtb to selectively compile dtbs
+else ifneq ($(filter target/linux/%,$(MAKECMDGOALS)),)
+  SUBTARGETS:=$(DEFAULT_SUBDIR_TARGETS) dtb
 else
  SUBTARGETS:=$(DEFAULT_SUBDIR_TARGETS)
 endif
@@ -27,14 +30,16 @@ lastdir=$(word $(words $(subst /, ,$(1))),$(subst /, ,$(1)))
 diralias=$(if $(findstring $(1),$(call lastdir,$(1))),,$(call lastdir,$(1)))

 subdir_make_opts = \
-	-r -C $(1) \
+	$(if $(SUBDIR_MAKE_DEBUG),-d) -r -C $(1) \
 		BUILD_SUBDIR="$(1)" \
-		BUILD_VARIANT="$(4)"
+		BUILD_VARIANT="$(4)" \
+		ALL_VARIANTS="$(5)"

 # 1: subdir
 # 2: target
 # 3: build type
 # 4: build variant
+# 5: all variants
 log_make = \
 	 $(if $(call debug,$(1),v),,@)+ \
 	 $(if $(BUILD_LOG), \
@@ -62,15 +67,15 @@ define subdir
    $(foreach target,$(SUBTARGETS) $($(1)/subtargets),
      $(foreach btype,$(buildtypes-$(bd)),
        $(call warn_eval,$(1)/$(bd),t,T,$(1)/$(bd)/$(btype)/$(target): $(if $(NO_DEPS)$(QUILT),,$($(1)/$(bd)/$(btype)/$(target)) $(call $(1)//$(btype)/$(target),$(1)/$(bd)/$(btype))))
-		  $(call log_make,$(1)/$(bd),$(target),$(btype),$(filter-out __default,$(variant))) \
+		  $(call log_make,$(1)/$(bd),$(target),$(btype),$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)) \
 			|| $(call ERROR,$(2),   ERROR: $(1)/$(bd) [$(btype)] failed to build.,$(findstring $(bd),$($(1)/builddirs-ignore-$(btype)-$(target))))
        $(if $(call diralias,$(bd)),$(call warn_eval,$(1)/$(bd),l,T,$(1)/$(call diralias,$(bd))/$(btype)/$(target): $(1)/$(bd)/$(btype)/$(target)))
      )
      $(call warn_eval,$(1)/$(bd),t,T,$(1)/$(bd)/$(target): $(if $(NO_DEPS)$(QUILT),,$($(1)/$(bd)/$(target)) $(call $(1)//$(target),$(1)/$(bd))))
-        $(foreach variant,$(if $(BUILD_VARIANT),$(BUILD_VARIANT),$(if $(strip $($(1)/$(bd)/variants)),$($(1)/$(bd)/variants),$(if $($(1)/$(bd)/default-variant),$($(1)/$(bd)/default-variant),__default))),
+        $(foreach variant,$(filter-out *,$(if $(BUILD_VARIANT),$(BUILD_VARIANT),$(if $(strip $($(1)/$(bd)/variants)),$($(1)/$(bd)/variants),$(if $($(1)/$(bd)/default-variant),$($(1)/$(bd)/default-variant),__default)))),
 			$(if $(BUILD_LOG),@mkdir -p $(BUILD_LOG_DIR)/$(1)/$(bd)/$(filter-out __default,$(variant)))
-			$(if $($(1)/autoremove),$(call rebuild_check,$(1)/$(bd),$(target),,$(filter-out __default,$(variant))))
-			$(call log_make,$(1)/$(bd),$(target),,$(filter-out __default,$(variant))) \
+			$(if $($(1)/autoremove),$(call rebuild_check,$(1)/$(bd),$(target),,$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)))
+			$(call log_make,$(1)/$(bd),$(target),,$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)) \
 				|| $(call ERROR,$(1),   ERROR: $(1)/$(bd) failed to build$(if $(filter-out __default,$(variant)), (build variant: $(variant))).,$(findstring $(bd),$($(1)/builddirs-ignore-$(target)))) 
        )
      $(if $(PREREQ_ONLY)$(DUMP_TARGET_DB),,
--- a/include/target.mk
+++ b/include/target.mk
@@ -12,6 +12,7 @@ DEVICE_TYPE?=router
 # Default packages - the really basic set
 DEFAULT_PACKAGES:=\
 	base-files \
+	ca-bundle \
 	dropbear \
 	fstools \
 	libc \
@@ -23,7 +24,8 @@ DEFAULT_PACKAGES:=\
 	opkg \
 	uci \
 	uclient-fetch \
-	urandom-seed
+	urandom-seed \
+	urngd

 ifneq ($(CONFIG_SELINUX),)
 DEFAULT_PACKAGES+=busybox-selinux procd-selinux
@@ -31,6 +33,16 @@ else
 DEFAULT_PACKAGES+=busybox procd
 endif

+# include ujail on systems with enough storage
+ifeq ($(CONFIG_SMALL_FLASH),)
+DEFAULT_PACKAGES+=procd-ujail
+endif
+
+# include seccomp ld-preload hooks if kernel supports it
+ifneq ($(CONFIG_SECCOMP),)
+DEFAULT_PACKAGES+=procd-seccomp
+endif
+
 # For the basic set
 DEFAULT_PACKAGES.basic:=
 # For nas targets
@@ -41,16 +53,12 @@ DEFAULT_PACKAGES.nas:=\
 	mdadm
 # For router targets
 DEFAULT_PACKAGES.router:=\
-	dnsmasq-full \
-	firewall \
-	iptables \
-	ppp \
-	ppp-mod-pppoe \
-	luci-newapi block-mount coremark kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw \
-	default-settings luci luci-app-ddns luci-app-upnp luci-app-autoreboot \
-	luci-app-filetransfer luci-app-vsftpd luci-app-ssr-plus luci-app-unblockmusic luci-app-arpbind \
-	luci-app-vlmcsd luci-app-wol luci-app-ramfree \
-	luci-app-turboacc luci-app-nlbwmon luci-app-accesscontrol ddns-scripts_aliyun ddns-scripts_dnspod
+	dnsmasq-full firewall iptables ppp ppp-mod-pppoe odhcp6c odhcpd-ipv6only \
+	block-mount coremark kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw kmod-tun \
+	iptables-mod-tproxy iptables-mod-extra ipset ip-full default-settings luci luci-proto-ipv6 \
+	ddns-scripts_aliyun ddns-scripts_dnspod luci-app-ddns luci-app-upnp luci-app-autoreboot \
+	luci-app-arpbind luci-app-filetransfer luci-app-vsftpd luci-app-ssr-plus luci-app-vlmcsd \
+	luci-app-accesscontrol luci-app-nlbwmon luci-app-turboacc luci-app-wol curl ca-certificates

 ifneq ($(DUMP),)
  all: dumpinfo
@@ -58,7 +66,7 @@ endif

 target_conf=$(subst .,_,$(subst -,_,$(subst /,_,$(1))))
 ifeq ($(DUMP),)
-  PLATFORM_DIR:=$(TOPDIR)/target/linux/$(BOARD)
+  PLATFORM_DIR:=$(firstword $(wildcard $(TOPDIR)/target/linux/feeds/$(BOARD) $(TOPDIR)/target/linux/$(BOARD)))
  SUBTARGET:=$(strip $(foreach subdir,$(patsubst $(PLATFORM_DIR)/%/target.mk,%,$(wildcard $(PLATFORM_DIR)/*/target.mk)),$(if $(CONFIG_TARGET_$(call target_conf,$(BOARD)_$(subdir))),$(subdir))))
 else
  PLATFORM_DIR:=${CURDIR}
@@ -163,22 +171,30 @@ USE_SUBTARGET_CONFIG = $(if $(wildcard $(LINUX_TARGET_CONFIG)),,$(if $(LINUX_SUB
 LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG) $(if $(USE_SUBTARGET_CONFIG),$(LINUX_SUBTARGET_CONFIG)))
 LINUX_RECONFIG_TARGET = $(if $(USE_SUBTARGET_CONFIG),$(LINUX_SUBTARGET_CONFIG),$(LINUX_TARGET_CONFIG))

+CFG_TARGET = $(CONFIG_TARGET)
+ifeq ($(CFG_TARGET),platform)
+  CFG_TARGET = target
+  $(warning Deprecation warning: use CONFIG_TARGET=target instead.)
+else ifeq ($(CFG_TARGET),subtarget_platform)
+  CFG_TARGET = subtarget_target
+  $(warning Deprecation warning: use CONFIG_TARGET=subtarget_target instead.)
+endif
+
 # select the config file to be changed by kernel_menuconfig/kernel_oldconfig
-ifeq ($(CONFIG_TARGET),platform)
+ifeq ($(CFG_TARGET),target)
  LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG))
  LINUX_RECONFIG_TARGET = $(LINUX_TARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),subtarget)
+else ifeq ($(CFG_TARGET),subtarget)
  LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG) $(LINUX_SUBTARGET_CONFIG))
  LINUX_RECONFIG_TARGET = $(LINUX_SUBTARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),subtarget_platform)
+else ifeq ($(CFG_TARGET),subtarget_target)
  LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_SUBTARGET_CONFIG) $(LINUX_TARGET_CONFIG))
  LINUX_RECONFIG_TARGET = $(LINUX_TARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),env)
+else ifeq ($(CFG_TARGET),env)
  LINUX_RECONFIG_LIST = $(LINUX_KCONFIG_LIST)
  LINUX_RECONFIG_TARGET = $(TOPDIR)/env/kernel-config
+else ifneq ($(strip $(CFG_TARGET)),)
+  $(error CONFIG_TARGET=$(CFG_TARGET) is invalid. Valid: target|subtarget|subtarget_target|env)
 endif

 __linux_confcmd = $(2) $(patsubst %,+,$(wordlist 2,9999,$(1))) $(1)
@@ -217,12 +233,14 @@ ifeq ($(DUMP),1)
  ifeq ($(ARCH),powerpc)
    CPU_CFLAGS_603e:=-mcpu=603e
    CPU_CFLAGS_8540:=-mcpu=8540
+    CPU_CFLAGS_8548:=-mcpu=8548
    CPU_CFLAGS_405:=-mcpu=405
    CPU_CFLAGS_440:=-mcpu=440
    CPU_CFLAGS_464fp:=-mcpu=464fp
  endif
  ifeq ($(ARCH),powerpc64)
    CPU_TYPE ?= powerpc64
+    CPU_CFLAGS_e5500:=-mcpu=e5500
    CPU_CFLAGS_powerpc64:=-mcpu=powerpc64
  endif
  ifeq ($(ARCH),sparc)
@@ -240,6 +258,15 @@ ifeq ($(DUMP),1)
    CPU_CFLAGS_arc700 = -mcpu=arc700
    CPU_CFLAGS_archs = -mcpu=archs
  endif
+  ifeq ($(ARCH),riscv64)
+    CPU_TYPE ?= riscv64
+    CPU_CFLAGS_riscv64:=-mabi=lp64d -march=rv64imafdc
+  endif
+  ifeq ($(ARCH),loongarch64)
+    CPU_TYPE ?= generic
+    CPU_CFLAGS := -O2 -pipe
+    CPU_CFLAGS_generic:=-march=loongarch64
+  endif
  ifneq ($(CPU_TYPE),)
    ifndef CPU_CFLAGS_$(CPU_TYPE)
      $(warning CPU_TYPE "$(CPU_TYPE)" doesn't correspond to a known type)
--- a/include/toolchain-build.mk
+++ b/include/toolchain-build.mk
@@ -18,6 +18,6 @@ define FixupLibdir
 		mkdir -p $(1)/lib; \
 		mv $(1)/lib64/* $(1)/lib/; \
 		rm -rf $(1)/lib64; \
+		ln -sf lib $(1)/lib64; \
 	fi
-	ln -sf lib $(1)/lib64
 endef
--- a/include/toplevel.mk
+++ b/include/toplevel.mk
@@ -51,11 +51,12 @@ path:=$(subst :,$(space),$(PATH))
 path:=$(filter-out .%,$(path))
 path:=$(subst $(space),:,$(path))
 export PATH:=$(path)
+export STAGING_DIR_HOST:=$(if $(STAGING_DIR),$(abspath $(STAGING_DIR)/../host),$(TOPDIR)/staging_dir/host)

 unexport TAR_OPTIONS

 ifeq ($(FORCE),)
-  .config scripts/config/conf scripts/config/mconf: staging_dir/host/.prereq-build
+  .config scripts/config/conf scripts/config/mconf: $(STAGING_DIR_HOST)/.prereq-build
 endif

 SCAN_COOKIE?=$(shell echo $$$$)
@@ -65,7 +66,7 @@ SUBMAKE:=umask 022; $(SUBMAKE)

 ULIMIT_FIX=_limit=`ulimit -n`; [ "$$_limit" = "unlimited" -o "$$_limit" -ge 1024 ] || ulimit -n 1024;

-prepare-mk: staging_dir/host/.prereq-build FORCE ;
+prepare-mk: $(STAGING_DIR_HOST)/.prereq-build FORCE ;

 ifdef SDK
  IGNORE_PACKAGES = linux
@@ -74,10 +75,10 @@ endif
 _ignore = $(foreach p,$(IGNORE_PACKAGES),--ignore $(p))

 prepare-tmpinfo: FORCE
-	@+$(MAKE) -r -s staging_dir/host/.prereq-build $(PREP_MK)
+	@+$(MAKE) -r -s $(STAGING_DIR_HOST)/.prereq-build $(PREP_MK)
 	mkdir -p tmp/info
 	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="packageinfo" SCAN_DIR="package" SCAN_NAME="package" SCAN_DEPTH=5 SCAN_EXTRA=""
-	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPTH=2 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
+	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPTH=3 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
 	for type in package target; do \
 		f=tmp/.$${type}info; t=tmp/.config-$${type}.in; \
 		[ "$$t" -nt "$$f" ] || ./scripts/$${type}-metadata.pl $(_ignore) config "$$f" > "$$t" || { rm -f "$$t"; echo "Failed to build $$t"; false; break; }; \
@@ -101,7 +102,7 @@ ifneq ($(DISTRO_PKG_CONFIG),)
 scripts/config/%onf: export PATH:=$(dir $(DISTRO_PKG_CONFIG)):$(PATH)
 endif
 scripts/config/%onf: CFLAGS+= -O2
-scripts/config/%onf:
+scripts/config/%onf: FORCE
 	@$(_SINGLE)$(SUBMAKE) $(if $(findstring s,$(OPENWRT_VERBOSE)),,-s) \
 		-C scripts/config $(notdir $@)

@@ -151,7 +152,7 @@ xconfig: scripts/config/qconf prepare-tmpinfo FORCE

 prepare_kernel_conf: .config toolchain/install FORCE

-ifeq ($(wildcard staging_dir/host/bin/quilt),)
+ifeq ($(wildcard $(STAGING_DIR_HOST)/bin/quilt),)
  prepare_kernel_conf:
 	@+$(SUBMAKE) -r tools/quilt/compile
 else
@@ -175,7 +176,7 @@ kernel_nconfig: prepare_kernel_conf
 kernel_xconfig: prepare_kernel_conf
 	$(_SINGLE)$(NO_TRACE_MAKE) -C target/linux xconfig

-staging_dir/host/.prereq-build: include/prereq-build.mk
+$(STAGING_DIR_HOST)/.prereq-build: include/prereq-build.mk
 	mkdir -p tmp
 	@$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f $(TOPDIR)/include/prereq-build.mk prereq 2>/dev/null || { \
 		echo "Prerequisite check failed. Use FORCE=1 to override."; \
@@ -198,7 +199,7 @@ else
  DOWNLOAD_DIRS = package/download
 endif

-download: .config FORCE $(if $(wildcard $(TOPDIR)/staging_dir/host/bin/flock),,tools/flock/compile)
+download: .config FORCE $(if $(wildcard $(STAGING_DIR_HOST)/bin/flock),,tools/flock/compile)
 	@+$(foreach dir,$(DOWNLOAD_DIRS),$(SUBMAKE) $(dir);)

 clean dirclean: .config
@@ -262,7 +263,7 @@ distclean:
 	@$(_SINGLE)$(SUBMAKE) -C scripts/config clean

 ifeq ($(findstring v,$(DEBUG)),)
-  .SILENT: symlinkclean clean dirclean distclean config-clean download help tmpinfo-clean .config scripts/config/mconf scripts/config/conf menuconfig staging_dir/host/.prereq-build tmp/.prereq-package prepare-tmpinfo
+  .SILENT: symlinkclean clean dirclean distclean config-clean download help tmpinfo-clean .config scripts/config/mconf scripts/config/conf menuconfig $(STAGING_DIR_HOST)/.prereq-build tmp/.prereq-package prepare-tmpinfo
 endif
 .PHONY: help FORCE
 .NOTPARALLEL:
--- a/include/trusted-firmware-a.mk
+++ b/include/trusted-firmware-a.mk
@@ -1,5 +1,5 @@
 PKG_NAME ?= trusted-firmware-a
-PKG_CPE_ID ?= cpe:/a:arm:arm_trusted_firmware
+PKG_CPE_ID ?= cpe:/a:arm:trusted_firmware-a

 ifndef PKG_SOURCE_PROTO
 PKG_SOURCE = trusted-firmware-a-$(PKG_VERSION).tar.gz
@@ -68,13 +68,20 @@ define Build/Trusted-Firmware-A/Target
  endef
 endef

+define Build/Configure/Trusted-Firmware-A
+	$(INSTALL_DIR) $(STAGING_DIR)/usr/include
+endef
+
+DTC=$(wildcard $(LINUX_DIR)/scripts/dtc/dtc)

 define Build/Compile/Trusted-Firmware-A
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 		CROSS_COMPILE=$(TARGET_CROSS) \
 		OPENSSL_DIR=$(STAGING_DIR_HOST) \
+		$(if $(DTC),DTC="$(DTC)") \
 		PLAT=$(PLAT) \
 		BUILD_STRING="OpenWrt v$(PKG_VERSION)-$(PKG_RELEASE) ($(VARIANT))" \
+		$(if $(CONFIG_BINUTILS_VERSION_2_37)$(CONFIG_BINUTILS_VERSION_2_38),,LDFLAGS="-no-warn-rwx-segments") \
 		$(TFA_MAKE_FLAGS)
 endef

--- a/include/u-boot.mk
+++ b/include/u-boot.mk
@@ -1,3 +1,5 @@
+include $(INCLUDE_DIR)/prereq.mk
+
 PKG_NAME ?= u-boot

 ifndef PKG_SOURCE_PROTO
@@ -16,7 +18,32 @@ PKG_FLAGS:=nonshared
 PKG_LICENSE:=GPL-2.0 GPL-2.0+
 PKG_LICENSE_FILES:=Licenses/README

-PKG_BUILD_PARALLEL:=1
+PKG_BUILD_PARALLEL ?= 1
+
+ifdef UBOOT_USE_BINMAN
+  $(eval $(call TestHostCommand,python3-pyelftools, \
+    Please install the Python3 elftools module, \
+    $(STAGING_DIR_HOST)/bin/python3 -c 'import elftools'))
+endif
+
+ifdef UBOOT_USE_INTREE_DTC
+  $(eval $(call TestHostCommand,python3-dev, \
+    Please install the python3-dev package, \
+    python3.11-config --includes 2>&1 | grep 'python3', \
+    python3.10-config --includes 2>&1 | grep 'python3', \
+    python3.9-config --includes 2>&1 | grep 'python3', \
+    python3.8-config --includes 2>&1 | grep 'python3', \
+    python3.7-config --includes 2>&1 | grep 'python3', \
+    python3-config --includes 2>&1 | grep -E 'python3\.([7-9]|[0-9][0-9])\.?'))
+
+  $(eval $(call TestHostCommand,python3-setuptools, \
+    Please install the Python3 setuptools module, \
+    $(STAGING_DIR_HOST)/bin/python3 -c 'import setuptools'))
+
+  $(eval $(call TestHostCommand,swig, \
+    Please install the swig package, \
+    swig -version))
+endif

 export GCC_HONOUR_COPTS=s

@@ -42,9 +69,15 @@ endef
 TARGET_DEP = TARGET_$(BUILD_TARGET)$(if $(BUILD_SUBTARGET),_$(BUILD_SUBTARGET))

 UBOOT_MAKE_FLAGS = \
+	PATH=$(STAGING_DIR_HOST)/bin:$(PATH) \
 	HOSTCC="$(HOSTCC)" \
 	HOSTCFLAGS="$(HOST_CFLAGS) $(HOST_CPPFLAGS) -std=gnu11" \
 	HOSTLDFLAGS="$(HOST_LDFLAGS)" \
+	LOCALVERSION="-OpenWrt-$(REVISION)" \
+	STAGING_PREFIX="$(STAGING_DIR_HOST)" \
+	PKG_CONFIG_PATH="$(STAGING_DIR_HOST)/lib/pkgconfig" \
+	PKG_CONFIG_LIBDIR="$(STAGING_DIR_HOST)/lib/pkgconfig" \
+	PKG_CONFIG_EXTRAARGS="--static" \
 	$(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='')

 define Build/U-Boot/Target
@@ -78,9 +111,14 @@ endef

 define Build/Configure/U-Boot
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) $(UBOOT_CONFIGURE_VARS) $(UBOOT_CONFIG)_config
+	$(if $(strip $(UBOOT_CUSTOMIZE_CONFIG)),
+		$(PKG_BUILD_DIR)/scripts/config --file $(PKG_BUILD_DIR)/.config $(UBOOT_CUSTOMIZE_CONFIG)
+		+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) $(UBOOT_CONFIGURE_VARS) oldconfig)
 endef

-DTC=$(wildcard $(LINUX_DIR)/scripts/dtc/dtc)
+ifndef UBOOT_USE_INTREE_DTC
+  DTC=$(wildcard $(LINUX_DIR)/scripts/dtc/dtc)
+endif

 define Build/Compile/U-Boot
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
--- a/include/uclibc++.mk
+++ b/include/uclibc++.mk
@@ -1,16 +1,2 @@
-ifndef DUMP
-  ifdef __package_mk
-    $(error uclibc++.mk must be included before package.mk)
-  endif
-endif
-
-PKG_PREPARED_DEPENDS += CONFIG_USE_UCLIBCXX
-CXX_DEPENDS = +USE_UCLIBCXX:uclibcxx +USE_LIBSTDCXX:libstdcpp
-
-ifneq ($(CONFIG_USE_UCLIBCXX),)
- ifneq ($(CONFIG_CCACHE),)
-  TARGET_CXX_NOCACHE=g++-uc
- else
-  TARGET_CXX=g++-uc
- endif
-endif
+$(warn uclibc++.mk is deprecated. Please remove it and CXX_DEPENDS)
+CXX_DEPENDS = +libstdcpp
--- a/include/unpack.mk
+++ b/include/unpack.mk
@@ -18,7 +18,7 @@ ifeq ($(strip $(UNPACK_CMD)),)

    ifeq ($(filter gz tgz,$(EXT)),$(EXT))
      EXT:=$(call ext,$(PKG_SOURCE:.$(EXT)=))
-      DECOMPRESS_CMD:=gzip -dc $(DL_DIR)/$(PKG_SOURCE) |
+      DECOMPRESS_CMD:=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc $(DL_DIR)/$(PKG_SOURCE) |
    endif
    ifeq ($(filter bzip2 bz2 bz tbz2 tbz,$(EXT)),$(EXT))
      EXT:=$(call ext,$(PKG_SOURCE:.$(EXT)=))
@@ -56,7 +56,7 @@ ifeq ($(strip $(UNPACK_CMD)),)
    endif
    # replace zcat with $(ZCAT), because some system don't support it properly
    ifeq ($(PKG_CAT),zcat)
-      UNPACK_CMD=gzip -dc $(DL_DIR)/$(PKG_SOURCE) | $(TAR_CMD)
+      UNPACK_CMD=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc $(DL_DIR)/$(PKG_SOURCE) | $(TAR_CMD)
    endif
  endif
 endif
--- a/include/verbose.mk
+++ b/include/verbose.mk
@@ -29,15 +29,15 @@ ifeq ($(IS_TTY),1)
  endif
 endif

+define ERROR_MESSAGE
+  printf "$(_R)%s$(_N)\n" "$(1)" >&8
+endef
+
 ifeq ($(findstring s,$(OPENWRT_VERBOSE)),)
  define MESSAGE
 	printf "$(_Y)%s$(_N)\n" "$(1)" >&8
  endef

-  define ERROR_MESSAGE
-	printf "$(_R)%s$(_N)\n" "$(1)" >&8
-  endef
-
  ifeq ($(QUIET),1)
    ifneq ($(CURDIR),$(TOPDIR))
      _DIR:=$(patsubst $(TOPDIR)/%,%,${CURDIR})
@@ -60,5 +60,4 @@ else
  define MESSAGE
    printf "%s\n" "$(1)"
  endef
-  ERROR_MESSAGE=$(MESSAGE)
 endif
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -23,6 +23,8 @@ PKG_LICENSE:=GPL-2.0
 PKG_CONFIG_DEPENDS += \
 	CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE \
 	CONFIG_NAND_SUPPORT \
+	CONFIG_LEGACY_SDCARD_SUPPORT \
+	CONFIG_EMMC_SUPPORT \
 	CONFIG_CLEAN_IPKG \
 	CONFIG_PER_FEED_REPO \
 	$(foreach feed,$(FEEDS_AVAILABLE),CONFIG_FEED_$(feed))
@@ -88,6 +90,19 @@ define ImageConfigOptions
 	echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
+ifeq ($(CONFIG_TARGET_DEFAULT_LAN_IP_FROM_PREINIT),y)
+	mkdir -p $(1)/etc/board.d
+	echo '. /lib/functions/uci-defaults.sh' >$(1)/etc/board.d/99-lan-ip
+	echo 'logger -t 99-lan-ip "setting custom default LAN IP"' >>$(1)/etc/board.d/99-lan-ip
+	echo 'board_config_update' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select network' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select lan' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_add_string ipaddr $(if $(CONFIG_TARGET_PREINIT_IP),$(CONFIG_TARGET_PREINIT_IP),"192.168.1.1")' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_add_string netmask $(if $(CONFIG_TARGET_PREINIT_NETMASK),$(CONFIG_TARGET_PREINIT_NETMASK),"255.255.255.0")' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip
+	echo 'board_config_flush' >>$(1)/etc/board.d/99-lan-ip
+endif
 endef

 define Build/Prepare
@@ -124,10 +139,24 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
  endef
 endif

+ifeq ($(CONFIG_LEGACY_SDCARD_SUPPORT),)
+  define Package/base-files/legacy-sdcard-support
+	rm -f $(1)/lib/upgrade/legacy-sdcard.sh
+  endef
+endif
+
+ifeq ($(CONFIG_EMMC_SUPPORT),)
+  define Package/base-files/emmc-support
+	rm -f $(1)/lib/upgrade/emmc.sh
+  endef
+endif
+
 define Package/base-files/install
 	$(CP) ./files/* $(1)/
 	$(Package/base-files/install-key)
 	$(Package/base-files/nand-support)
+	$(Package/base-files/legacy-sdcard-support)
+	$(Package/base-files/emmc-support)
 	if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
 		$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
 	fi
--- a/package/base-files/files/bin/config_generate
+++ b/package/base-files/files/bin/config_generate
@@ -192,6 +192,14 @@ generate_network() {
 				EOF
 			}
 		;;
+
+		qmi|\
+		mbim)
+			uci -q batch <<-EOF
+				set network.$1.proto='${protocol}'
+				set network.$1.pdptype='ipv4'
+			EOF
+		;;
 	esac
 }

@@ -296,11 +304,11 @@ generate_static_system() {
 		delete system.ntp
 		set system.ntp='timeserver'
 		set system.ntp.enabled='1'
-		set system.ntp.enable_server='0'
-		add_list system.ntp.server='ntp.aliyun.com'
-		add_list system.ntp.server='time1.cloud.tencent.com'
-		add_list system.ntp.server='time.ustc.edu.cn'
-		add_list system.ntp.server='cn.pool.ntp.org'
+		set system.ntp.enable_server='1'
+		add_list system.ntp.server='time.apple.com'
+		add_list system.ntp.server='time.google.com'
+		add_list system.ntp.server='time.windows.com'
+		add_list system.ntp.server='time.cloudflare.com'
 	EOF

 	if json_is_a system object; then
--- a/package/base-files/files/etc/banner
+++ b/package/base-files/files/etc/banner
@@ -1,10 +1,12 @@
-     _________
-    /        /\      _    ___ ___  ___
-   /  LE    /  \    | |  | __|   \| __|
-  /    DE  /    \   | |__| _|| |) | _|
- /________/  LE  \  |____|___|___/|___|
- \        \   DE /
-  \    LE  \    /  -------------------------------------------
-   \  DE    \  /    %D %V, %C
-    \________\/    -------------------------------------------
-
+ ▒█████   ██▓███  ▓█████  ███▄    █  █     █░ ██▀███  ▄▄▄█████▓
+▒██▒  ██▒▓██░  ██▒▓█   ▀  ██ ▀█   █ ▓█░ █ ░█░▓██ ▒ ██▒▓  ██▒ ▓▒
+▒██░  ██▒▓██░ ██▓▒▒███   ▓██  ▀█ ██▒▒█░ █ ░█ ▓██ ░▄█ ▒▒ ▓██░ ▒░
+▒██   ██░▒██▄█▓▒ ▒▒▓█  ▄ ▓██▒  ▐▌██▒░█░ █ ░█ ▒██▀▀█▄  ░ ▓██▓ ░ 
+░ ████▓▒░▒██▒ ░  ░░▒████▒▒██░   ▓██░░░██▒██▓ ░██▓ ▒██▒  ▒██▒ ░ 
+░ ▒░▒░▒░ ▒▓▒░ ░  ░░░ ▒░ ░░ ▒░   ▒ ▒ ░ ▓░▒ ▒  ░ ▒▓ ░▒▓░  ▒ ░░   
+  ░ ▒ ▒░ ░▒ ░      ░ ░  ░░ ░░   ░ ▒░  ▒ ░ ░    ░▒ ░ ▒░    ░    
+░ ░ ░ ▒  ░░          ░      ░   ░ ░   ░   ░    ░░   ░   ░      
+    ░ ░              ░  ░         ░     ░       ░              
+  -------------------------------------------------------------
+      %D %V, %C
+  -------------------------------------------------------------
--- a/package/base-files/files/etc/init.d/boot
+++ b/package/base-files/files/etc/init.d/boot
@@ -48,6 +48,7 @@ boot() {

 	/bin/config_generate
 	uci_apply_defaults
+	sync
 	
 	# temporary hack until configd exists
 	/sbin/reload_config
--- a/package/base-files/files/etc/init.d/sysfixtime
+++ b/package/base-files/files/etc/init.d/sysfixtime
@@ -8,23 +8,33 @@ RTC_DEV=/dev/rtc0
 HWCLOCK=/sbin/hwclock

 boot() {
-	start && exit 0
-
-	local maxtime="$(maxtime)"
+	hwclock_load
+	local maxtime="$(find_max_time)"
 	local curtime="$(date +%s)"
-	[ $curtime -lt $maxtime ] && date -s @$maxtime
+	if [ $curtime -lt $maxtime ]; then
+		date -s @$maxtime
+		hwclock_save
+	fi
 }

 start() {
-	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV
+	hwclock_load
 }

 stop() {
+	hwclock_save
+}
+
+hwclock_load() {
+	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV
+}
+
+hwclock_save(){
 	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -w -u -f $RTC_DEV && \
 		logger -t sysfixtime "saved '$(date)' to $RTC_DEV"
 }

-maxtime() {
+find_max_time() {
 	local file newest

 	for file in $( find /etc -type f ) ; do
--- a/package/base-files/files/etc/init.d/system
+++ b/package/base-files/files/etc/init.d/system
@@ -4,8 +4,7 @@
 START=10
 USE_PROCD=1

-validate_system_section()
-{
+validate_system_section() {
 	uci_load_validate system system "$1" "$2" \
 		'hostname:string:OpenWrt' \
 		'conloglevel:uinteger' \
@@ -23,8 +22,9 @@ system_config() {
 	echo "$hostname" > /proc/sys/kernel/hostname
 	[ -z "$conloglevel" -a -z "$buffersize" ] || dmesg ${conloglevel:+-n $conloglevel} ${buffersize:+-s $buffersize}
 	echo "$timezone" > /tmp/TZ
-	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/$zonename" ] && \
-		ln -sf "/usr/share/zoneinfo/$zonename" /tmp/localtime && rm -f /tmp/TZ
+	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/${zonename// /_}" ] \
+		&& ln -sf "/usr/share/zoneinfo/${zonename// /_}" /tmp/localtime \
+		&& rm -f /tmp/TZ

 	# apply timezone to kernel
 	hwclock -u --systz
@@ -35,8 +35,7 @@ reload_service() {
 	config_foreach validate_system_section system system_config
 }

-service_triggers()
-{
+service_triggers() {
 	procd_add_reload_trigger "system"
 	procd_add_validation validate_system_section
 }
--- a/package/base-files/files/etc/profile
+++ b/package/base-files/files/etc/profile
@@ -3,7 +3,7 @@
 [ -f /etc/banner ] && cat /etc/banner
 [ -n "$FAILSAFE" ] && cat /etc/banner.failsafe

-fgrep -sq '/ overlay ro,' /proc/mounts && {
+grep -Fsq '/ overlay ro,' /proc/mounts && {
 	echo 'Your JFFS2-partition seems full and overlayfs is mounted read-only.'
 	echo 'Please try to remove files from /overlay/upper/... and reboot!'
 }
--- a/package/base-files/files/etc/shadow
+++ b/package/base-files/files/etc/shadow
@@ -1,4 +1,4 @@
-root::0:0:99999:7:::
+root:::0:99999:7:::
 daemon:*:0:0:99999:7:::
 ftp:*:0:0:99999:7:::
 network:*:0:0:99999:7:::
--- a/package/base-files/files/etc/sysctl.conf
+++ b/package/base-files/files/etc/sysctl.conf
@@ -1 +1,5 @@
 # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
+
+net.bridge.bridge-nf-call-arptables = 0
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
--- a/package/base-files/files/lib/functions.sh
+++ b/package/base-files/files/lib/functions.sh
@@ -313,6 +313,19 @@ find_mtd_part() {
 	echo "${INDEX:+$PREFIX$INDEX}"
 }

+find_mmc_part() {
+	local DEVNAME PARTNAME
+
+	if grep -q "$1" /proc/mtd; then
+		echo "" && return 0
+	fi
+
+	for DEVNAME in /sys/block/mmcblk*/mmcblk*p*; do
+		PARTNAME="$(grep PARTNAME ${DEVNAME}/uevent | cut -f2 -d'=')"
+		[ "$PARTNAME" = "$1" ] && echo "/dev/$(basename $DEVNAME)" && return 0
+	done
+}
+
 group_add() {
 	local name="$1"
 	local gid="$2"
--- a/package/base-files/files/lib/functions/caldata.sh
+++ b/package/base-files/files/lib/functions/caldata.sh
@@ -48,6 +48,19 @@ caldata_extract_ubi() {
 		caldata_die "failed to extract calibration data from $ubi"
 }

+caldata_extract_mmc() {
+	local part=$1
+	local offset=$(($2))
+	local count=$(($3))
+	local mmc_part
+
+	mmc_part=$(find_mmc_part $part)
+	[ -n "$mmc_part" ] || caldata_die "no mmc partition found for partition $part"
+
+	caldata_dd $mmc_part /lib/firmware/$FIRMWARE $count $offset || \
+		caldata_die "failed to extract calibration data from $mmc_part"
+}
+
 caldata_extract_reverse() {
 	local part=$1
 	local offset=$2
@@ -168,4 +181,4 @@ ath10k_patch_mac() {
 	local target=$2

 	caldata_patch_mac "$mac" 0x6 0x2 "$target"
-}
+}
--- a/package/base-files/files/lib/functions/system.sh
+++ b/package/base-files/files/lib/functions/system.sh
@@ -61,11 +61,21 @@ find_mtd_chardev() {
 	echo "${INDEX:+$PREFIX$INDEX}"
 }

+get_mac_ascii() {
+	local part="$1"
+	local key="$2"
+	local mac_dirty
+
+	mac_dirty=$(strings "$part" | sed -n 's/^'"$key"'=//p')
+
+	# "canonicalize" mac
+	[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
+}
+
 mtd_get_mac_ascii() {
 	local mtdname="$1"
 	local key="$2"
 	local part
-	local mac_dirty

 	part=$(find_mtd_part "$mtdname")
 	if [ -z "$part" ]; then
@@ -73,10 +83,7 @@ mtd_get_mac_ascii() {
 		return
 	fi

-	mac_dirty=$(strings "$part" | sed -n 's/^'"$key"'=//p')
-
-	# "canonicalize" mac
-	[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
+	get_mac_ascii "$part" "$key"
 }

 mtd_get_mac_text() {
@@ -123,6 +130,15 @@ mtd_get_mac_binary_ubi() {
 	get_mac_binary "/dev/$part" "$offset"
 }

+mtd_get_mac_binary_mmc() {
+	local mtdname="$1"
+	local offset="$2"
+	local part
+
+	part=$(find_mmc_part "$mtdname")
+	get_mac_binary "$part" "$offset"
+}
+
 mtd_get_part_size() {
 	local part_name=$1
 	local first dev size erasesize name
@@ -135,6 +151,29 @@ mtd_get_part_size() {
 	done < /proc/mtd
 }

+mmc_get_mac_ascii() {
+	local part_name="$1"
+	local key="$2"
+	local part
+
+	part=$(find_mmc_part "$part_name")
+	if [ -z "$part" ]; then
+		echo "mmc_get_mac_ascii: partition $part_name not found!" >&2
+		return
+	fi
+
+	get_mac_ascii "$part" "$key"
+}
+
+mmc_get_mac_binary() {
+	local part_name="$1"
+	local offset="$2"
+	local part
+
+	part=$(find_mmc_part "$part_name")
+	get_mac_binary "$part" "$offset"
+}
+
 macaddr_add() {
 	local mac=$1
 	local val=$2
@@ -145,6 +184,14 @@ macaddr_add() {
 	echo $oui:$nic
 }

+macaddr_generate_from_mmc_cid() {
+	local mmc_dev=$1
+
+	local sd_hash=$(sha256sum /sys/class/block/$mmc_dev/device/cid)
+	local mac_base=$(macaddr_canonicalize "$(echo "${sd_hash}" | dd bs=1 count=12 2>/dev/null)")
+	echo "$(macaddr_unsetbit_mc "$(macaddr_setbit_la "${mac_base}")")"
+}
+
 macaddr_geteui() {
 	local mac=$1
 	local sep=$2
@@ -224,3 +271,7 @@ macaddr_canonicalize() {

 	printf "%02x:%02x:%02x:%02x:%02x:%02x" 0x${canon// / 0x} 2>/dev/null
 }
+
+dt_is_enabled() {
+	grep -q okay "/proc/device-tree/$1/status"
+}
--- a/package/base-files/files/lib/functions/uci-defaults.sh
+++ b/package/base-files/files/lib/functions/uci-defaults.sh
@@ -96,7 +96,7 @@ ucidef_set_interfaces_lan_wan() {

 ucidef_set_bridge_device() {
 	json_select_object bridge
-	json_add_string name "${1:switch0}"
+	json_add_string name "${1:-switch0}"
 	json_select ..
 }

@@ -629,6 +629,21 @@ ucidef_set_ntpserver() {
 	json_select ..
 }

+ucidef_add_wlan() {
+	local path="$1"; shift
+
+	ucidef_wlan_idx=${ucidef_wlan_idx:-0}
+
+	json_select_object wlan
+	json_select_object "wl$ucidef_wlan_idx"
+	json_add_string path "$path"
+	json_add_fields "$@"
+	json_select ..
+	json_select ..
+
+	ucidef_wlan_idx="$((ucidef_wlan_idx + 1))"
+}
+
 board_config_update() {
 	json_init
 	[ -f ${CFG} ] && json_load "$(cat ${CFG})"
--- a/package/base-files/files/lib/preinit/80_mount_root
+++ b/package/base-files/files/lib/preinit/80_mount_root
@@ -17,6 +17,7 @@ missing_lines() {
 do_mount_root() {
 	mount_root
 	boot_run_hook preinit_mount_root
+	[ ! -f /etc/bench.log ] && touch /etc/bench.log
 	[ -f /sysupgrade.tgz -o -f /tmp/sysupgrade.tar ] && {
 		echo "- config restore -"
 		cp /etc/passwd /etc/group /etc/shadow /tmp
--- a/package/base-files/files/lib/upgrade/common.sh
+++ b/package/base-files/files/lib/upgrade/common.sh
@@ -65,16 +65,9 @@ _v() {
 	[ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$*" >&2
 }

-_vn() {
-	[ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo -n "$*" >&2
-}
-
 v() {
 	_v "$(date) upgrade: $@"
-}
-
-vn() {
-	_vn "$(date) upgrade: $@"
+	logger -p info -t upgrade "$@"
 }

 json_string() {
@@ -95,8 +88,7 @@ get_image() { # <source> [ <command> ]
 	if [ -z "$cmd" ]; then
 		local magic="$(dd if="$from" bs=2 count=1 2>/dev/null | hexdump -n 2 -e '1/1 "%02x"')"
 		case "$magic" in
-			1f8b) cmd="zcat";;
-			425a) cmd="bzcat";;
+			1f8b) cmd="busybox zcat";;
 			*) cmd="cat";;
 		esac
 	fi
@@ -135,6 +127,33 @@ get_magic_fat32() {
 	(get_image "$@" | dd bs=1 count=5 skip=82) 2>/dev/null
 }

+identify_magic_long() {
+	local magic=$1
+	case "$magic" in
+		"55424923")
+			echo "ubi"
+			;;
+		"31181006")
+			echo "ubifs"
+			;;
+		"68737173")
+			echo "squashfs"
+			;;
+		"d00dfeed")
+			echo "fit"
+			;;
+		"4349"*)
+			echo "combined"
+			;;
+		"1f8b"*)
+			echo "gzip"
+			;;
+		*)
+			echo "unknown $magic"
+			;;
+	esac
+}
+
 part_magic_efi() {
 	local magic=$(get_magic_gpt "$@")
 	[ "$magic" = "EFI PART" ]
@@ -146,6 +165,23 @@ part_magic_fat() {
 	[ "$magic" = "FAT" ] || [ "$magic_fat32" = "FAT32" ]
 }

+fitblk_get_bootdev() {
+	[ -e /sys/firmware/devicetree/base/chosen/rootdisk ] || return
+
+	local rootdisk="$(cat /sys/firmware/devicetree/base/chosen/rootdisk)"
+	local handle bootdev
+	for handle in /sys/class/block/*/of_node/phandle /sys/class/block/*/device/of_node/phandle; do
+		[ ! -e "$handle" ] && continue
+		if [ "$rootdisk" = "$(cat $handle)" ]; then
+			bootdev="${handle%/of_node/phandle}"
+			bootdev="${bootdev%/device}"
+			bootdev="${bootdev#/sys/class/block/}"
+			echo "$bootdev"
+			break
+		fi
+	done
+}
+
 export_bootdevice() {
 	local cmdline uuid blockdev uevent line class
 	local MAJOR MINOR DEVNAME DEVTYPE
@@ -163,9 +199,11 @@ export_bootdevice() {
 				fi
 			done
 		;;
+		PARTUUID=????????-????-????-????-??????????0?/PARTNROFF=1 | \
 		PARTUUID=????????-????-????-????-??????????02)
 			uuid="${rootpart#PARTUUID=}"
-			uuid="${uuid%02}00"
+			uuid="${uuid%/PARTNROFF=1}"
+			uuid="${uuid%0?}00"
 			for disk in $(find /dev -type b); do
 				set -- $(dd if=$disk bs=1 skip=568 count=16 2>/dev/null | hexdump -v -e '8/1 "%02x "" "2/1 "%02x""-"6/1 "%02x"')
 				if [ "$4$3$2$1-$6$5-$8$7-$9" = "$uuid" ]; then
@@ -175,6 +213,7 @@ export_bootdevice() {
 			done
 		;;
 		/dev/*)
+			[ "$rootpart" = "/dev/fit0" ] && rootpart="$(fitblk_get_bootdev)"
 			uevent="/sys/class/block/${rootpart##*/}/../uevent"
 		;;
 		0x[a-f0-9][a-f0-9][a-f0-9] | 0x[a-f0-9][a-f0-9][a-f0-9][a-f0-9] | \
@@ -211,7 +250,7 @@ export_partdevice() {
 		while read line; do
 			export -n "$line"
 		done < "$uevent"
-		if [ $BOOTDEV_MAJOR = $MAJOR -a $(($BOOTDEV_MINOR + $offset)) = $MINOR -a -b "/dev/$DEVNAME" ]; then
+		if [ "$BOOTDEV_MAJOR" = "$MAJOR" -a $(($BOOTDEV_MINOR + $offset)) = "$MINOR" -a -b "/dev/$DEVNAME" ]; then
 			export "$var=$DEVNAME"
 			return 0
 		fi
@@ -228,15 +267,6 @@ hex_le32_to_cpu() {
 	echo "$@"
 }

-get_partition_by_name() {
-	for partname in /sys/class/block/$1/*/name; do
-		[ "$(cat ${partname})" = "$2" ] && {
-			basename ${partname%%/name}
-			break
-		}
-	done
-}
-
 get_partitions() { # <device> <filename>
 	local disk="$1"
 	local filename="$2"
@@ -262,7 +292,7 @@ get_partitions() { # <device> <filename>
 				local type="$1"
 				local lba="$(( $(hex_le32_to_cpu $4) * 0x100000000 + $(hex_le32_to_cpu $3) ))"
 				local end="$(( $(hex_le32_to_cpu $6) * 0x100000000 + $(hex_le32_to_cpu $5) ))"
-				local num="$(( $end - $lba ))"
+				local num="$(( $end - $lba + 1 ))"

 				[ "$type" = "00000000000000000000000000000000" ] && continue

--- a/package/base-files/files/lib/upgrade/emmc.sh
+++ b/package/base-files/files/lib/upgrade/emmc.sh
@@ -0,0 +1,67 @@
+# Copyright (C) 2021 OpenWrt.org
+#
+
+. /lib/functions.sh
+
+emmc_upgrade_tar() {
+	local tar_file="$1"
+	[ "$CI_KERNPART" -a -z "$EMMC_KERN_DEV" ] && export EMMC_KERN_DEV="$(find_mmc_part $CI_KERNPART $CI_ROOTDEV)"
+	[ "$CI_ROOTPART" -a -z "$EMMC_ROOT_DEV" ] && export EMMC_ROOT_DEV="$(find_mmc_part $CI_ROOTPART $CI_ROOTDEV)"
+	[ "$CI_DATAPART" -a -z "$EMMC_DATA_DEV" ] && export EMMC_DATA_DEV="$(find_mmc_part $CI_DATAPART $CI_ROOTDEV)"
+	local has_kernel
+	local has_rootfs
+	local board_dir=$(tar tf "$tar_file" | grep -m 1 '^sysupgrade-.*/$')
+	board_dir=${board_dir%/}
+
+	tar tf "$tar_file" ${board_dir}/kernel 1>/dev/null 2>/dev/null && has_kernel=1
+	tar tf "$tar_file" ${board_dir}/root 1>/dev/null 2>/dev/null && has_rootfs=1
+
+	[ "$has_kernel" = 1 -a "$EMMC_KERN_DEV" ] &&
+		export EMMC_KERNEL_BLOCKS=$(($(tar xf "$tar_file" ${board_dir}/kernel -O | dd of="$EMMC_KERN_DEV" bs=512 2>&1 | grep "records out" | cut -d' ' -f1)))
+
+	[ "$has_rootfs" = 1 -a "$EMMC_ROOT_DEV" ] && {
+		export EMMC_ROOTFS_BLOCKS=$(($(tar xf "$tar_file" ${board_dir}/root -O | dd of="$EMMC_ROOT_DEV" bs=512 2>&1 | grep "records out" | cut -d' ' -f1)))
+		# Account for 64KiB ROOTDEV_OVERLAY_ALIGN in libfstools
+		EMMC_ROOTFS_BLOCKS=$(((EMMC_ROOTFS_BLOCKS + 127) & ~127))
+	}
+
+	if [ -z "$UPGRADE_BACKUP" ]; then
+		if [ "$EMMC_DATA_DEV" ]; then
+			dd if=/dev/zero of="$EMMC_DATA_DEV" bs=512 count=8
+		elif [ "$EMMC_ROOTFS_BLOCKS" ]; then
+			dd if=/dev/zero of="$EMMC_ROOT_DEV" bs=512 seek=$EMMC_ROOTFS_BLOCKS count=8
+		elif [ "$EMMC_KERNEL_BLOCKS" ]; then
+			dd if=/dev/zero of="$EMMC_KERN_DEV" bs=512 seek=$EMMC_KERNEL_BLOCKS count=8
+		fi
+	fi
+}
+
+emmc_upgrade_fit() {
+	local fit_file="$1"
+	[ "$CI_KERNPART" -a -z "$EMMC_KERN_DEV" ] && export EMMC_KERN_DEV="$(find_mmc_part $CI_KERNPART $CI_ROOTDEV)"
+
+	if [ "$EMMC_KERN_DEV" ]; then
+		export EMMC_KERNEL_BLOCKS=$(($(get_image "$fit_file" | fwtool -i /dev/null -T - | dd of="$EMMC_KERN_DEV" bs=512 2>&1 | grep "records out" | cut -d' ' -f1)))
+
+		[ -z "$UPGRADE_BACKUP" ] && dd if=/dev/zero of="$EMMC_KERN_DEV" bs=512 seek=$EMMC_KERNEL_BLOCKS count=8
+	fi
+}
+
+emmc_copy_config() {
+	if [ "$EMMC_DATA_DEV" ]; then
+		dd if="$UPGRADE_BACKUP" of="$EMMC_DATA_DEV" bs=512
+	elif [ "$EMMC_ROOTFS_BLOCKS" ]; then
+		dd if="$UPGRADE_BACKUP" of="$EMMC_ROOT_DEV" bs=512 seek=$EMMC_ROOTFS_BLOCKS
+	elif [ "$EMMC_KERNEL_BLOCKS" ]; then
+		dd if="$UPGRADE_BACKUP" of="$EMMC_KERN_DEV" bs=512 seek=$EMMC_KERNEL_BLOCKS
+	fi
+}
+
+emmc_do_upgrade() {
+	local file_type=$(identify $1)
+
+	case "$file_type" in
+		"fit")  emmc_upgrade_fit $1;;
+		*)      emmc_upgrade_tar $1;;
+	esac
+}
--- a/package/base-files/files/lib/upgrade/legacy-sdcard.sh
+++ b/package/base-files/files/lib/upgrade/legacy-sdcard.sh
@@ -0,0 +1,91 @@
+legacy_sdcard_check_image() {
+	local file="$1"
+	local diskdev partdev diff
+
+	export_bootdevice && export_partdevice diskdev 0 || {
+		v "Unable to determine upgrade device"
+	return 1
+	}
+
+	get_partitions "/dev/$diskdev" bootdisk
+
+	v "Extract boot sector from the image"
+	get_image_dd "$1" of=/tmp/image.bs count=1 bs=512b
+
+	get_partitions /tmp/image.bs image
+
+	#compare tables
+	diff="$(grep -F -x -v -f /tmp/partmap.bootdisk /tmp/partmap.image)"
+
+	rm -f /tmp/image.bs /tmp/partmap.bootdisk /tmp/partmap.image
+
+	if [ -n "$diff" ]; then
+		v "Partition layout has changed. Full image will be written."
+		ask_bool 0 "Abort" && exit 1
+		return 0
+	fi
+}
+
+legacy_sdcard_do_upgrade() {
+	local board=$(board_name)
+	local diskdev partdev diff
+
+	export_bootdevice && export_partdevice diskdev 0 || {
+		v "Unable to determine upgrade device"
+	return 1
+	}
+
+	sync
+
+	if [ "$UPGRADE_OPT_SAVE_PARTITIONS" = "1" ]; then
+		get_partitions "/dev/$diskdev" bootdisk
+
+		v "Extract boot sector from the image"
+		get_image_dd "$1" of=/tmp/image.bs count=1 bs=512b
+
+		get_partitions /tmp/image.bs image
+
+		#compare tables
+		diff="$(grep -F -x -v -f /tmp/partmap.bootdisk /tmp/partmap.image)"
+	else
+		diff=1
+	fi
+
+	if [ -n "$diff" ]; then
+		get_image_dd "$1" of="/dev/$diskdev" bs=4096 conv=fsync
+
+		# Separate removal and addtion is necessary; otherwise, partition 1
+		# will be missing if it overlaps with the old partition 2
+		partx -d - "/dev/$diskdev"
+		partx -a - "/dev/$diskdev"
+	else
+		v "Writing bootloader to /dev/$diskdev"
+		get_image_dd "$1" of="$diskdev" bs=512 skip=1 seek=1 count=2048 conv=fsync
+		#iterate over each partition from the image and write it to the boot disk
+		while read part start size; do
+			if export_partdevice partdev $part; then
+				v "Writing image to /dev/$partdev..."
+				get_image_dd "$1" of="/dev/$partdev" ibs="512" obs=1M skip="$start" count="$size" conv=fsync
+			else
+				v "Unable to find partition $part device, skipped."
+			fi
+		done < /tmp/partmap.image
+
+		v "Writing new UUID to /dev/$diskdev..."
+		get_image_dd "$1" of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440 conv=fsync
+	fi
+
+	sleep 1
+}
+
+legacy_sdcard_copy_config() {
+	local partdev
+
+	if export_partdevice partdev 1; then
+		mkdir -p /boot
+		[ -f /boot/kernel.img ] || mount -o rw,noatime /dev/$partdev /boot
+		cp -af "$UPGRADE_BACKUP" "/boot/$BACKUP_FILE"
+		sync
+		umount /boot
+	fi
+}
--- a/package/base-files/files/lib/upgrade/nand.sh
+++ b/package/base-files/files/lib/upgrade/nand.sh
@@ -7,6 +7,8 @@
 CI_KERNPART="${CI_KERNPART:-kernel}"

 # 'ubi' partition on NAND contains UBI
+# There are also CI_KERN_UBIPART and CI_ROOT_UBIPART if kernel
+# and rootfs are on separated UBIs.
 CI_UBIPART="${CI_UBIPART:-ubi}"

 # 'rootfs' UBI volume on NAND contains the rootfs
@@ -26,7 +28,7 @@ ubi_mknod() {

 nand_find_volume() {
 	local ubidevdir ubivoldir
-	ubidevdir="/sys/devices/virtual/ubi/$1"
+	ubidevdir="/sys/class/ubi/"
 	[ ! -d "$ubidevdir" ] && return 1
 	for ubivoldir in $ubidevdir/${1}_*; do
 		[ ! -d "$ubivoldir" ] && continue
@@ -39,13 +41,12 @@ nand_find_volume() {
 }

 nand_find_ubi() {
-	local ubidevdir ubidev mtdnum
+	local ubidevdir ubidev mtdnum cmtdnum
 	mtdnum="$( find_mtd_index $1 )"
 	[ ! "$mtdnum" ] && return 1
-	for ubidevdir in /sys/devices/virtual/ubi/ubi*; do
-		[ ! -d "$ubidevdir" ] && continue
+	for ubidevdir in /sys/class/ubi/ubi*; do
+		[ ! -e "$ubidevdir/mtd_num" ] && continue
 		cmtdnum="$( cat $ubidevdir/mtd_num )"
-		[ ! "$mtdnum" ] && continue
 		if [ "$mtdnum" = "$cmtdnum" ]; then
 			ubidev=$( basename $ubidevdir )
 			ubi_mknod "$ubidevdir"
@@ -56,128 +57,175 @@ nand_find_ubi() {
 }

 nand_get_magic_long() {
-	dd if="$1" skip=$2 bs=4 count=1 2>/dev/null | hexdump -v -n 4 -e '1/1 "%02x"'
+	(${3}cat "$1" | dd bs=4 "skip=${2:-0}" count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
 }

 get_magic_long_tar() {
-	( tar xf $1 $2 -O | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
+	(tar xO${3}f "$1" "$2" | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
 }

-identify_magic() {
-	local magic=$1
-	case "$magic" in
-		"55424923")
-			echo "ubi"
-			;;
-		"31181006")
-			echo "ubifs"
-			;;
-		"68737173")
-			echo "squashfs"
-			;;
-		"d00dfeed")
-			echo "fit"
-			;;
-		"4349"*)
-			echo "combined"
-			;;
-		*)
-			echo "unknown $magic"
-			;;
-	esac
-}
-
-
 identify() {
-	identify_magic $(nand_get_magic_long "$1" "${2:-0}")
+	identify_magic_long $(nand_get_magic_long "$@")
 }

 identify_tar() {
-	identify_magic $(get_magic_long_tar "$1" "$2")
+	identify_magic_long $(get_magic_long_tar "$@")
+}
+
+identify_if_gzip() {
+	if [ "$(identify "$1")" = gzip ]; then echo -n z; fi
 }

 nand_restore_config() {
-	sync
-	local ubidev=$( nand_find_ubi $CI_UBIPART )
+	local ubidev=$( nand_find_ubi "${CI_ROOT_UBIPART:-$CI_UBIPART}" )
 	local ubivol="$( nand_find_volume $ubidev rootfs_data )"
-	[ ! "$ubivol" ] &&
-		ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
+	if [ ! "$ubivol" ]; then
+		ubivol="$( nand_find_volume $ubidev "$CI_ROOTPART" )"
+		if [ ! "$ubivol" ]; then
+			echo "cannot find ubifs data volume"
+			return 1
+		fi
+	fi
 	mkdir /tmp/new_root
 	if ! mount -t ubifs /dev/$ubivol /tmp/new_root; then
-		echo "mounting ubifs $ubivol failed"
+		echo "cannot mount ubifs volume $ubivol"
 		rmdir /tmp/new_root
 		return 1
 	fi
-	mv "$1" "/tmp/new_root/$BACKUP_FILE"
-	umount /tmp/new_root
-	sync
+	if mv "$1" "/tmp/new_root/$BACKUP_FILE"; then
+		if umount /tmp/new_root; then
+			echo "configuration saved"
+			rmdir /tmp/new_root
+			return 0
+		fi
+	else
+		umount /tmp/new_root
+	fi
+	echo "could not save configuration to ubifs volume $ubivol"
 	rmdir /tmp/new_root
+	return 1
+}
+
+nand_remove_ubiblock() {
+	local ubivol="$1"
+
+	local ubiblk="ubiblock${ubivol:3}"
+	if [ -e "/dev/$ubiblk" ]; then
+		umount "/dev/$ubiblk" 2>/dev/null && echo "unmounted /dev/$ubiblk" || :
+		if ! ubiblock -r "/dev/$ubivol"; then
+			echo "cannot remove $ubiblk"
+			return 1
+		fi
+	fi
+}
+
+nand_attach_ubi() {
+	local ubipart="$1"
+	local has_env="${2:-0}"
+
+	local mtdnum="$( find_mtd_index "$ubipart" )"
+	if [ ! "$mtdnum" ]; then
+		>&2 echo "cannot find ubi mtd partition $ubipart"
+		return 1
+	fi
+
+	local ubidev="$( nand_find_ubi "$ubipart" )"
+	if [ ! "$ubidev" ]; then
+		>&2 ubiattach -m "$mtdnum"
+		ubidev="$( nand_find_ubi "$ubipart" )"
+
+		if [ ! "$ubidev" ]; then
+			>&2 ubiformat /dev/mtd$mtdnum -y
+			>&2 ubiattach -m "$mtdnum"
+			ubidev="$( nand_find_ubi "$ubipart" )"
+
+			if [ ! "$ubidev" ]; then
+				>&2 echo "cannot attach ubi mtd partition $ubipart"
+				return 1
+			fi
+
+			if [ "$has_env" -gt 0 ]; then
+				>&2 ubimkvol /dev/$ubidev -n 0 -N ubootenv -s 1MiB
+				>&2 ubimkvol /dev/$ubidev -n 1 -N ubootenv2 -s 1MiB
+			fi
+		fi
+	fi
+
+	echo "$ubidev"
+	return 0
+}
+
+nand_detach_ubi() {
+	local ubipart="$1"
+
+	local mtdnum="$( find_mtd_index "$ubipart" )"
+	if [ ! "$mtdnum" ]; then
+		echo "cannot find ubi mtd partition $ubipart"
+		return 1
+	fi
+
+	local ubidev="$( nand_find_ubi "$ubipart" )"
+	if [ "$ubidev" ]; then
+		for ubivol in $(find /dev -name "${ubidev}_*" -maxdepth 1 | sort); do
+			ubivol="${ubivol:5}"
+			nand_remove_ubiblock "$ubivol" || :
+			umount "/dev/$ubivol" && echo "unmounted /dev/$ubivol" || :
+		done
+		if ! ubidetach -m "$mtdnum"; then
+			echo "cannot detach ubi mtd partition $ubipart"
+			return 1
+		fi
+	fi
 }

 nand_upgrade_prepare_ubi() {
 	local rootfs_length="$1"
 	local rootfs_type="$2"
-	local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2>/dev/null)"
+	local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2> /dev/null)"
 	[ -n "$rootfs_data_max" ] && rootfs_data_max=$((rootfs_data_max))

 	local kernel_length="$3"
 	local has_env="${4:-0}"
+	local kern_ubidev
+	local root_ubidev

 	[ -n "$rootfs_length" -o -n "$kernel_length" ] || return 1

-	local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
-	if [ ! "$mtdnum" ]; then
-		echo "cannot find ubi mtd partition $CI_UBIPART"
-		return 1
+	if [ -n "$CI_KERN_UBIPART" -a -n "$CI_ROOT_UBIPART" ]; then
+		kern_ubidev="$( nand_attach_ubi "$CI_KERN_UBIPART" "$has_env" )"
+		[ -n "$kern_ubidev" ] || return 1
+		root_ubidev="$( nand_attach_ubi "$CI_ROOT_UBIPART" )"
+		[ -n "$root_ubidev" ] || return 1
+	else
+		kern_ubidev="$( nand_attach_ubi "$CI_UBIPART" "$has_env" )"
+		[ -n "$kern_ubidev" ] || return 1
+		root_ubidev="$kern_ubidev"
 	fi

-	local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
-	if [ ! "$ubidev" ]; then
-		ubiattach -m "$mtdnum"
-		sync
-		ubidev="$( nand_find_ubi "$CI_UBIPART" )"
-	fi
+	local kern_ubivol="$( nand_find_volume $kern_ubidev "$CI_KERNPART" )"
+	local root_ubivol="$( nand_find_volume $root_ubidev "$CI_ROOTPART" )"
+	local data_ubivol="$( nand_find_volume $root_ubidev rootfs_data )"
+	[ "$root_ubivol" = "$kern_ubivol" ] && root_ubivol=

-	if [ ! "$ubidev" ]; then
-		ubiformat /dev/mtd$mtdnum -y
-		ubiattach -m "$mtdnum"
-		sync
-		ubidev="$( nand_find_ubi "$CI_UBIPART" )"
-		[ "$has_env" -gt 0 ] && {
-			ubimkvol /dev/$ubidev -n 0 -N ubootenv -s 1MiB
-			ubimkvol /dev/$ubidev -n 1 -N ubootenv2 -s 1MiB
-		}
-	fi
-
-	local kern_ubivol="$( nand_find_volume $ubidev $CI_KERNPART )"
-	local root_ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
-	local data_ubivol="$( nand_find_volume $ubidev rootfs_data )"
-
-	local ubiblk ubiblkvol
-	for ubiblk in /dev/ubiblock*_? ; do
-		[ -e "$ubiblk" ] || continue
-		echo "removing ubiblock${ubiblk:13}"
-		ubiblkvol=ubi${ubiblk:13}
-		if ! ubiblock -r /dev/$ubiblkvol; then
-			echo "cannot remove $ubiblk"
-			return 1
-		fi
-	done
+	# remove ubiblocks
+	[ "$kern_ubivol" ] && { nand_remove_ubiblock $kern_ubivol || return 1; }
+	[ "$root_ubivol" ] && { nand_remove_ubiblock $root_ubivol || return 1; }
+	[ "$data_ubivol" ] && { nand_remove_ubiblock $data_ubivol || return 1; }

 	# kill volumes
-	[ "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_KERNPART || true
-	[ "$root_ubivol" -a "$root_ubivol" != "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_ROOTPART || true
-	[ "$data_ubivol" ] && ubirmvol /dev/$ubidev -N rootfs_data || true
+	[ "$kern_ubivol" ] && ubirmvol /dev/$kern_ubidev -N "$CI_KERNPART" || :
+	[ "$root_ubivol" ] && ubirmvol /dev/$root_ubidev -N "$CI_ROOTPART" || :
+	[ "$data_ubivol" ] && ubirmvol /dev/$root_ubidev -N rootfs_data || :

-	# update kernel
+	# create kernel vol
 	if [ -n "$kernel_length" ]; then
-		if ! ubimkvol /dev/$ubidev -N $CI_KERNPART -s $kernel_length; then
+		if ! ubimkvol /dev/$kern_ubidev -N "$CI_KERNPART" -s $kernel_length; then
 			echo "cannot create kernel volume"
 			return 1;
 		fi
 	fi

-	# update rootfs
+	# create rootfs vol
 	if [ -n "$rootfs_length" ]; then
 		local rootfs_size_param
 		if [ "$rootfs_type" = "ubifs" ]; then
@@ -185,157 +233,224 @@ nand_upgrade_prepare_ubi() {
 		else
 			rootfs_size_param="-s $rootfs_length"
 		fi
-		if ! ubimkvol /dev/$ubidev -N $CI_ROOTPART $rootfs_size_param; then
+		if ! ubimkvol /dev/$root_ubidev -N "$CI_ROOTPART" $rootfs_size_param; then
 			echo "cannot create rootfs volume"
 			return 1;
 		fi
 	fi

-	# create rootfs_data for non-ubifs rootfs
+	# create rootfs_data vol for non-ubifs rootfs
 	if [ "$rootfs_type" != "ubifs" ]; then
-		local availeb=$(cat /sys/devices/virtual/ubi/$ubidev/avail_eraseblocks)
-		local ebsize=$(cat /sys/devices/virtual/ubi/$ubidev/eraseblock_size)
-		local avail_size=$((availeb * ebsize))
 		local rootfs_data_size_param="-m"
-		if [ -n "$rootfs_data_max" ] &&
-		   [ "$rootfs_data_max" != "0" ] &&
-		   [ "$rootfs_data_max" -le "$avail_size" ]; then
+		if [ -n "$rootfs_data_max" ]; then
 			rootfs_data_size_param="-s $rootfs_data_max"
 		fi
-		if ! ubimkvol /dev/$ubidev -N rootfs_data $rootfs_data_size_param; then
-			echo "cannot initialize rootfs_data volume"
-			return 1
+		if ! ubimkvol /dev/$root_ubidev -N rootfs_data $rootfs_data_size_param; then
+			if ! ubimkvol /dev/$root_ubidev -N rootfs_data -m; then
+				echo "cannot initialize rootfs_data volume"
+				return 1
+			fi
 		fi
 	fi
-	sync
+
 	return 0
 }

-nand_do_upgrade_success() {
-	local conf_tar="/tmp/sysupgrade.tgz"
-
-	sync
-	[ -f "$conf_tar" ] && nand_restore_config "$conf_tar"
-	echo "sysupgrade successful"
-	umount -a
-	reboot -f
-}
-
-# Flash the UBI image to MTD partition
+# Write the UBI image to MTD ubi partition
 nand_upgrade_ubinized() {
 	local ubi_file="$1"
-	local mtdnum="$(find_mtd_index "$CI_UBIPART")"
+	local gz="$2"

-	[ ! "$mtdnum" ] && {
-		CI_UBIPART="rootfs"
-		mtdnum="$(find_mtd_index "$CI_UBIPART")"
-	}
+	local ubi_length=$( (${gz}cat "$ubi_file" | wc -c) 2> /dev/null)

-	if [ ! "$mtdnum" ]; then
-		echo "cannot find mtd device $CI_UBIPART"
-		umount -a
-		reboot -f
-	fi
+	nand_detach_ubi "$CI_UBIPART" || return 1

-	local mtddev="/dev/mtd${mtdnum}"
-	ubidetach -p "${mtddev}" || true
-	sync
-	ubiformat "${mtddev}" -y -f "${ubi_file}"
-	ubiattach -p "${mtddev}"
-	nand_do_upgrade_success
+	local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
+	${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -S "$ubi_length" -y -f - && ubiattach -m "$mtdnum"
 }

-# Write the UBIFS image to UBI volume
+# Write the UBIFS image to UBI rootfs volume
 nand_upgrade_ubifs() {
-	local rootfs_length=$( (cat $1 | wc -c) 2> /dev/null)
+	local ubifs_file="$1"
+	local gz="$2"

-	nand_upgrade_prepare_ubi "$rootfs_length" "ubifs" "" ""
+	local ubifs_length=$( (${gz}cat "$ubifs_file" | wc -c) 2> /dev/null)
+
+	nand_upgrade_prepare_ubi "$ubifs_length" "ubifs" "" "" || return 1

 	local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
-	local root_ubivol="$(nand_find_volume $ubidev $CI_ROOTPART)"
-	ubiupdatevol /dev/$root_ubivol -s $rootfs_length $1
-
-	nand_do_upgrade_success
+	local root_ubivol="$(nand_find_volume $ubidev "$CI_ROOTPART")"
+	${gz}cat "$ubifs_file" | ubiupdatevol /dev/$root_ubivol -s "$ubifs_length" -
 }

+# Write the FIT image to UBI kernel volume
 nand_upgrade_fit() {
 	local fit_file="$1"
-	local fit_length="$(wc -c < "$fit_file")"
+	local gz="$2"

-	nand_upgrade_prepare_ubi "" "" "$fit_length" "1"
+	local fit_length=$( (${gz}cat "$fit_file" | wc -c) 2> /dev/null)
+
+	nand_upgrade_prepare_ubi "" "" "$fit_length" "1" || return 1

 	local fit_ubidev="$(nand_find_ubi "$CI_UBIPART")"
 	local fit_ubivol="$(nand_find_volume $fit_ubidev "$CI_KERNPART")"
-	ubiupdatevol /dev/$fit_ubivol -s $fit_length $fit_file
-
-	nand_do_upgrade_success
+	${gz}cat "$fit_file" | ubiupdatevol /dev/$fit_ubivol -s "$fit_length" -
 }

+# Write images in the TAR file to MTD partitions and/or UBI volumes as required
 nand_upgrade_tar() {
 	local tar_file="$1"
-	local kernel_mtd="$(find_mtd_index $CI_KERNPART)"
+	local gz="$2"
+	local jffs2_markers="${CI_JFFS2_CLEAN_MARKERS:-0}"

-	local board_dir=$(tar tf "$tar_file" | grep -m 1 '^sysupgrade-.*/$')
-	board_dir=${board_dir%/}
+	# WARNING: This fails if tar contains more than one 'sysupgrade-*' directory.
+	local board_dir="$(tar t${gz}f "$tar_file" | grep -m 1 '^sysupgrade-.*/$')"
+	board_dir="${board_dir%/}"

-	kernel_length=$( (tar xf "$tar_file" ${board_dir}/kernel -O | wc -c) 2> /dev/null)
-	local has_rootfs=0
-	local rootfs_length
+	local kernel_mtd kernel_length
+	if [ "$CI_KERNPART" != "none" ]; then
+		kernel_mtd="$(find_mtd_index "$CI_KERNPART")"
+		kernel_length=$( (tar xO${gz}f "$tar_file" "$board_dir/kernel" | wc -c) 2> /dev/null)
+		[ "$kernel_length" = 0 ] && kernel_length=
+	fi
+	local rootfs_length=$( (tar xO${gz}f "$tar_file" "$board_dir/root" | wc -c) 2> /dev/null)
+	[ "$rootfs_length" = 0 ] && rootfs_length=
 	local rootfs_type
+	[ "$rootfs_length" ] && rootfs_type="$(identify_tar "$tar_file" "$board_dir/root" "$gz")"

-	tar tf "$tar_file" ${board_dir}/root 1>/dev/null 2>/dev/null && has_rootfs=1
-	[ "$has_rootfs" = "1" ] && {
-		rootfs_length=$( (tar xf "$tar_file" ${board_dir}/root -O | wc -c) 2> /dev/null)
-		rootfs_type="$(identify_tar "$tar_file" ${board_dir}/root)"
-	}
+	local ubi_kernel_length
+	if [ "$kernel_length" ]; then
+		if [ "$kernel_mtd" ]; then
+			# On some devices, the raw kernel and ubi partitions overlap.
+			# These devices brick if the kernel partition is erased.
+			# Hence only invalidate kernel for now.
+			dd if=/dev/zero bs=4096 count=1 2> /dev/null | \
+				mtd write - "$CI_KERNPART"
+		else
+			ubi_kernel_length="$kernel_length"
+		fi
+	fi

-	local has_kernel=1
 	local has_env=0
+	nand_upgrade_prepare_ubi "$rootfs_length" "$rootfs_type" "$ubi_kernel_length" "$has_env" || return 1

-	[ "$kernel_length" != 0 -a -n "$kernel_mtd" ] && {
-		tar xf "$tar_file" ${board_dir}/kernel -O | mtd write - $CI_KERNPART
-	}
-	[ "$kernel_length" = 0 -o ! -z "$kernel_mtd" ] && has_kernel=
+	if [ "$rootfs_length" ]; then
+		local ubidev="$( nand_find_ubi "${CI_ROOT_UBIPART:-$CI_UBIPART}" )"
+		local root_ubivol="$( nand_find_volume $ubidev "$CI_ROOTPART" )"
+		tar xO${gz}f "$tar_file" "$board_dir/root" | \
+			ubiupdatevol /dev/$root_ubivol -s "$rootfs_length" -
+	fi
+	if [ "$kernel_length" ]; then
+		if [ "$kernel_mtd" ]; then
+			if [ "$jffs2_markers" = 1 ]; then
+				flash_erase -j "/dev/mtd${kernel_mtd}" 0 0
+				tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
+					nandwrite "/dev/mtd${kernel_mtd}" -
+			else
+				tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
+					mtd write - "$CI_KERNPART"
+			fi
+		else
+			local ubidev="$( nand_find_ubi "${CI_KERN_UBIPART:-$CI_UBIPART}" )"
+			local kern_ubivol="$( nand_find_volume $ubidev "$CI_KERNPART" )"
+			tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
+				ubiupdatevol /dev/$kern_ubivol -s "$kernel_length" -
+		fi
+	fi

-	nand_upgrade_prepare_ubi "$rootfs_length" "$rootfs_type" "${has_kernel:+$kernel_length}" "$has_env"
+	return 0
+}

-	local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
-	[ "$has_kernel" = "1" ] && {
-		local kern_ubivol="$( nand_find_volume $ubidev $CI_KERNPART )"
-		tar xf "$tar_file" ${board_dir}/kernel -O | \
-			ubiupdatevol /dev/$kern_ubivol -s $kernel_length -
-	}
+nand_verify_if_gzip_file() {
+	local file="$1"
+	local gz="$2"

-	[ "$has_rootfs" = "1" ] && {
-		local root_ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
-		tar xf "$tar_file" ${board_dir}/root -O | \
-			ubiupdatevol /dev/$root_ubivol -s $rootfs_length -
-	}
-	nand_do_upgrade_success
+	if [ "$gz" = z ]; then
+		echo "verifying compressed sysupgrade file integrity"
+		if ! gzip -t "$file"; then
+			echo "corrupted compressed sysupgrade file"
+			return 1
+		fi
+	fi
+}
+
+nand_verify_tar_file() {
+	local file="$1"
+	local gz="$2"
+
+	echo "verifying sysupgrade tar file integrity"
+	if ! tar xO${gz}f "$file" > /dev/null; then
+		echo "corrupted sysupgrade tar file"
+		return 1
+	fi
+}
+
+nand_do_flash_file() {
+	local file="$1"
+
+	local gz="$(identify_if_gzip "$file")"
+	local file_type="$(identify "$file" "" "$gz")"
+
+	[ ! "$(find_mtd_index "$CI_UBIPART")" ] && CI_UBIPART=rootfs
+
+	case "$file_type" in
+		"fit")
+			nand_verify_if_gzip_file "$file" "$gz" || return 1
+			nand_upgrade_fit "$file" "$gz"
+			;;
+		"ubi")
+			nand_verify_if_gzip_file "$file" "$gz" || return 1
+			nand_upgrade_ubinized "$file" "$gz"
+			;;
+		"ubifs")
+			nand_verify_if_gzip_file "$file" "$gz" || return 1
+			nand_upgrade_ubifs "$file" "$gz"
+			;;
+		*)
+			nand_verify_tar_file "$file" "$gz" || return 1
+			nand_upgrade_tar "$file" "$gz"
+			;;
+	esac
+}
+
+nand_do_restore_config() {
+	local conf_tar="/tmp/sysupgrade.tgz"
+	[ ! -f "$conf_tar" ] || nand_restore_config "$conf_tar"
 }

 # Recognize type of passed file and start the upgrade process
 nand_do_upgrade() {
-	local file_type=$(identify $1)
+	local file="$1"

-	[ ! "$(find_mtd_index "$CI_UBIPART")" ] && CI_UBIPART="rootfs"
-
-	case "$file_type" in
-		"fit")		nand_upgrade_fit $1;;
-		"ubi")		nand_upgrade_ubinized $1;;
-		"ubifs")	nand_upgrade_ubifs $1;;
-		*)		nand_upgrade_tar $1;;
-	esac
+	sync
+	nand_do_flash_file "$file" && nand_do_upgrade_success
+	nand_do_upgrade_failed
 }

-# Check if passed file is a valid one for NAND sysupgrade. Currently it accepts
-# 3 types of files:
-# 1) UBI - should contain an ubinized image, header is checked for the proper
-#    MAGIC
-# 2) UBIFS - should contain UBIFS partition that will replace "rootfs" volume,
-#    header is checked for the proper MAGIC
-# 3) TAR - archive has to include "sysupgrade-BOARD" directory with a non-empty
-#    "CONTROL" file (at this point its content isn't verified)
+nand_do_upgrade_success() {
+	if nand_do_restore_config && sync; then
+		echo "sysupgrade successful"
+		umount -a
+		reboot -f
+	fi
+	nand_do_upgrade_failed
+}
+
+nand_do_upgrade_failed() {
+	sync
+	echo "sysupgrade failed"
+	# Should we reboot or bring up some failsafe mode instead?
+	umount -a
+	reboot -f
+}
+
+# Check if passed file is a valid one for NAND sysupgrade.
+# Currently it accepts 4 types of files:
+# 1) UBI: a ubinized image containing required UBI volumes.
+# 2) UBIFS: a UBIFS rootfs volume image.
+# 3) FIT: a FIT image containing kernel and rootfs.
+# 4) TAR: an archive that includes directory "sysupgrade-${BOARD_NAME}" containing
+#         a non-empty "CONTROL" file and required partition and/or volume images.
 #
 # You usually want to call this function in platform_check_image.
 #
@@ -343,14 +458,25 @@ nand_do_upgrade() {
 # $(2): file to be checked
 nand_do_platform_check() {
 	local board_name="$1"
-	local tar_file="$2"
-	local control_length=$( (tar xf $tar_file sysupgrade-$board_name/CONTROL -O | wc -c) 2> /dev/null)
-	local file_type="$(identify $2)"
+	local file="$2"

-	[ "$control_length" = 0 -a "$file_type" != "ubi" -a "$file_type" != "ubifs" -a "$file_type" != "fit" ] && {
-		echo "Invalid sysupgrade file."
-		return 1
-	}
+	local gz="$(identify_if_gzip "$file")"
+	local file_type="$(identify "$file" "" "$gz")"
+	local control_length=$( (tar xO${gz}f "$file" "sysupgrade-${board_name//,/_}/CONTROL" | wc -c) 2> /dev/null)
+
+	if [ "$control_length" = 0 ]; then
+		control_length=$( (tar xO${gz}f "$file" "sysupgrade-${board_name//_/,}/CONTROL" | wc -c) 2> /dev/null)
+	fi
+
+	if [ "$control_length" != 0 ]; then
+		nand_verify_tar_file "$file" "$gz" || return 1
+	else
+		nand_verify_if_gzip_file "$file" "$gz" || return 1
+		if [ "$file_type" != "fit" -a "$file_type" != "ubi" -a "$file_type" != "ubifs" ]; then
+			echo "invalid sysupgrade file"
+			return 1
+		fi
+	fi

 	return 0
 }
--- a/package/base-files/files/lib/upgrade/stage2
+++ b/package/base-files/files/lib/upgrade/stage2
@@ -45,7 +45,8 @@ switch_to_ramfs() {
 		mtd partx losetup mkfs.ext4 nandwrite flash_erase	\
 		ubiupdatevol ubiattach ubiblock ubiformat		\
 		ubidetach ubirsvol ubirmvol ubimkvol			\
-		snapshot snapshot_tool date				\
+		snapshot snapshot_tool date logger			\
+		/usr/sbin/fw_printenv /usr/bin/fwtool			\
 		$RAMFS_COPY_LOSETUP $RAMFS_COPY_LVM			\
 		$RAMFS_COPY_BIN
 	do
@@ -85,7 +86,7 @@ kill_remaining() { # [ <signal> [ <loop> ] ]
 	local stat
 	local proc_ppid=$(cut -d' ' -f4  /proc/$$/stat)

-	vn "Sending $sig to remaining processes ..."
+	v "Sending $sig to remaining processes ..."

 	while $run; do
 		run=false
@@ -105,7 +106,7 @@ kill_remaining() { # [ <signal> [ <loop> ] ]
 			# Skip kernel threads
 			[ -n "$cmdline" ] || continue

-			_vn " $name"
+			v "Sending signal $sig to $name ($pid)"
 			kill -$sig $pid 2>/dev/null

 			[ $loop -eq 1 ] && run=true
@@ -113,12 +114,10 @@ kill_remaining() { # [ <signal> [ <loop> ] ]

 		let loop_limit--
 		[ $loop_limit -eq 0 ] && {
-			_v
 			v "Failed to kill all processes."
 			exit 1
 		}
 	done
-	_v
 }

 indicate_upgrade
--- a/package/base-files/files/sbin/wifi
+++ b/package/base-files/files/sbin/wifi
@@ -128,14 +128,14 @@ wifi_updown() {
 	[ enable = "$1" ] && {
 		_wifi_updown disable "$2"
 		ubus_wifi_cmd "$cmd" "$2"
+		ubus call network reload
 		scan_wifi
 		cmd=up
-		ubus call network reload
 	}
 	[ reconf = "$1" ] && {
+		ubus call network reload
 		scan_wifi
 		cmd=reconf
-		ubus call network reload
 	}
 	ubus_wifi_cmd "$cmd" "$2"
 	_wifi_updown "$@"
--- a/package/base-files/image-config.in
+++ b/package/base-files/image-config.in
@@ -5,6 +5,13 @@
 # See /LICENSE for more information.
 #

+config TARGET_DEFAULT_LAN_IP_FROM_PREINIT
+	bool "Use preinit IP configuration as default LAN IP" if IMAGEOPT
+	default n
+	help
+		Enabling this will set the default LAN IP address and netmask
+		to the preinit values set in the image config.
+
 menuconfig PREINITOPT
 	bool "Preinit configuration options" if IMAGEOPT
 	default n
--- a/package/boot/arm-trusted-firmware-mediatek/Makefile
+++ b/package/boot/arm-trusted-firmware-mediatek/Makefile
@@ -1,6 +1,6 @@
 #
 # Copyright (C) 2017 Hauke Mehrtens
-# Copyright (C) 2021 Daniel Golle
+# Copyright (C) 2021-2023 Daniel Golle
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -9,96 +9,487 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=arm-trusted-firmware-mediatek
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=2

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=https://github.com/mtk-openwrt/arm-trusted-firmware.git
-PKG_SOURCE_DATE:=2021-05-08
-PKG_SOURCE_VERSION:=d2c75b2139be003887af9cc5a94da5e9bdc59de7
-PKG_MIRROR_HASH:=4af9ce8e11511afee7f588cc982946c06339edbfa47afef6a7f3e2231ac9f34d
+PKG_SOURCE_DATE:=2024-01-17
+PKG_SOURCE_VERSION:=bacca82a8cac369470df052a9d801a0ceb9b74ca
+PKG_MIRROR_HASH:=d035c1b63a9bd71d752c90540361b66d290e7cf42dcca73259d0950af3569c79

 PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>

+include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/trusted-firmware-a.mk
 include $(INCLUDE_DIR)/package.mk

 define Trusted-Firmware-A/Default
  BUILD_TARGET:=mediatek
-  BUILD_SUBTARGET:=mt7622
-  PLAT:=mt7622
  TFA_IMAGE:=bl2.img bl31.bin
  BOOT_DEVICE:=
  DDR3_FLYBY:=
+  DDR_TYPE:=
+  NAND_TYPE:=
+  BOARD_QFN:=
+  DRAM_USE_COMB:=
+  USE_UBI:=
 endef

 define Trusted-Firmware-A/mt7622-nor-1ddr
  NAME:=MediaTek MT7622 (SPI-NOR, 1x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
  BOOT_DEVICE:=nor
 endef

 define Trusted-Firmware-A/mt7622-nor-2ddr
  NAME:=MediaTek MT7622 (SPI-NOR, 2x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
  BOOT_DEVICE:=nor
  DDR3_FLYBY:=1
 endef

 define Trusted-Firmware-A/mt7622-snand-1ddr
  NAME:=MediaTek MT7622 (SPI-NAND, 1x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
  BOOT_DEVICE:=snand
 endef

+define Trusted-Firmware-A/mt7622-snand-ubi-1ddr
+  NAME:=MediaTek MT7622 (SPI-NAND using UBI, 1x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
+  BOOT_DEVICE:=snand
+  USE_UBI:=1
+endef
+
 define Trusted-Firmware-A/mt7622-snand-2ddr
  NAME:=MediaTek MT7622 (SPI-NAND, 2x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
  BOOT_DEVICE:=snand
  DDR3_FLYBY:=1
 endef

+define Trusted-Firmware-A/mt7622-snand-ubi-2ddr
+  NAME:=MediaTek MT7622 (SPI-NAND using UBI, 2x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
+  BOOT_DEVICE:=snand
+  DDR3_FLYBY:=1
+  USE_UBI:=1
+endef
+
 define Trusted-Firmware-A/mt7622-emmc-1ddr
  NAME:=MediaTek MT7622 (eMMC, 1x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
  BOOT_DEVICE:=emmc
 endef

 define Trusted-Firmware-A/mt7622-emmc-2ddr
  NAME:=MediaTek MT7622 (eMMC, 2x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
  BOOT_DEVICE:=emmc
  DDR3_FLYBY:=1
 endef

 define Trusted-Firmware-A/mt7622-sdmmc-1ddr
-  NAME:=MediaTek MT7622 (SDcard, 1x DDR3)
+  NAME:=MediaTek MT7622 (SD card, 1x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
  BOOT_DEVICE:=sdmmc
 endef

 define Trusted-Firmware-A/mt7622-sdmmc-2ddr
-  NAME:=MediaTek MT7622 (SDcard, 2x DDR3)
+  NAME:=MediaTek MT7622 (SD card, 2x DDR3)
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
  BOOT_DEVICE:=sdmmc
  DDR3_FLYBY:=1
 endef

+define Trusted-Firmware-A/mt7981-nor-ddr4
+  NAME:=MediaTek MT7981 (SPI-NOR, DDR4)
+  BOOT_DEVICE:=nor
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7981-emmc-ddr4
+  NAME:=MediaTek MT7981 (eMMC, DDR4)
+  BOOT_DEVICE:=emmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7981-spim-nand-ddr4
+  NAME:=MediaTek MT7981 (SPI-NAND via SPIM, DDR4)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7981-nor-ddr3
+  NAME:=MediaTek MT7981 (SPI-NOR, DDR3)
+  BOOT_DEVICE:=nor
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7981-emmc-ddr3
+  NAME:=MediaTek MT7981 (eMMC, DDR3)
+  BOOT_DEVICE:=emmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7981-sdmmc-ddr3
+  NAME:=MediaTek MT7981 (SD card, DDR3)
+  BOOT_DEVICE:=sdmmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7981-snand-ddr3
+  NAME:=MediaTek MT7981 (SPI-NAND via SNFI, DDR3)
+  BOOT_DEVICE:=snand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7981-spim-nand-ddr3
+  NAME:=MediaTek MT7981 (SPI-NAND via SPIM, DDR3)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7981-spim-nand-ubi-ddr4
+  NAME:=MediaTek MT7981 (SPI-NAND via SPIM, DDR4)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr4
+  USE_UBI:=1
+endef
+
+define Trusted-Firmware-A/mt7986-nor-ddr4
+  NAME:=MediaTek MT7986 (SPI-NOR, DDR4)
+  BOOT_DEVICE:=nor
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7986-emmc-ddr4
+  NAME:=MediaTek MT7986 (eMMC, DDR4)
+  BOOT_DEVICE:=emmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7986-sdmmc-ddr4
+  NAME:=MediaTek MT7986 (SD card, DDR4)
+  BOOT_DEVICE:=sdmmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7986-snand-ddr4
+  NAME:=MediaTek MT7986 (SPI-NAND via SNFI, DDR4)
+  BOOT_DEVICE:=snand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7986-spim-nand-ddr4
+  NAME:=MediaTek MT7986 (SPI-NAND via SPIM, DDR4)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr4
+  NAND_TYPE:=spim:2k+64
+endef
+
+define Trusted-Firmware-A/mt7986-spim-nand-ubi-ddr4
+  NAME:=MediaTek MT7986 (SPI-NAND via SPIM using UBI, DDR4)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr4
+  NAND_TYPE:=spim:2k+64
+  USE_UBI:=1
+endef
+
+define Trusted-Firmware-A/mt7986-spim-nand-4k-ddr4
+  NAME:=MediaTek MT7986 (SPI-NAND via SPIM, DDR4)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr4
+  NAND_TYPE:=spim:4k+256
+endef
+
+define Trusted-Firmware-A/mt7986-nor-ddr3
+  NAME:=MediaTek MT7986 (SPI-NOR, DDR3)
+  BOOT_DEVICE:=nor
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7986-emmc-ddr3
+  NAME:=MediaTek MT7986 (eMMC, DDR3)
+  BOOT_DEVICE:=emmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7986-sdmmc-ddr3
+  NAME:=MediaTek MT7986 (SD card, DDR3)
+  BOOT_DEVICE:=sdmmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7986-snand-ddr3
+  NAME:=MediaTek MT7986 (SPI-NAND via SNFI, DDR3)
+  BOOT_DEVICE:=snand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7986-spim-nand-ddr3
+  NAME:=MediaTek MT7986 (SPI-NAND via SPIM, DDR3)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7986
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7988-nor-ddr3
+  NAME:=MediaTek MT7988 (SPI-NOR, DDR3)
+  BOOT_DEVICE:=nor
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7988-emmc-ddr3
+  NAME:=MediaTek MT7988 (eMMC, DDR3)
+  BOOT_DEVICE:=emmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7988-sdmmc-ddr3
+  NAME:=MediaTek MT7988 (SD card, DDR3)
+  BOOT_DEVICE:=sdmmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7988-snand-ddr3
+  NAME:=MediaTek MT7988 (SPI-NAND via SNFI, DDR3)
+  BOOT_DEVICE:=snand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7988-spim-nand-ddr3
+  NAME:=MediaTek MT7988 (SPI-NAND via SPIM, DDR3)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr3
+endef
+
+define Trusted-Firmware-A/mt7988-nor-ddr4
+  NAME:=MediaTek MT7988 (SPI-NOR, DDR4)
+  BOOT_DEVICE:=nor
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7988-emmc-ddr4
+  NAME:=MediaTek MT7988 (eMMC, DDR4)
+  BOOT_DEVICE:=emmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7988-sdmmc-ddr4
+  NAME:=MediaTek MT7988 (SD card, DDR4)
+  BOOT_DEVICE:=sdmmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7988-snand-ddr4
+  NAME:=MediaTek MT7988 (SPI-NAND via SNFI, DDR4)
+  BOOT_DEVICE:=snand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7988-spim-nand-ddr4
+  NAME:=MediaTek MT7988 (SPI-NAND via SPIM, DDR4)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DDR_TYPE:=ddr4
+endef
+
+define Trusted-Firmware-A/mt7988-nor-comb
+  NAME:=MediaTek MT7988 (SPI-NOR)
+  BOOT_DEVICE:=nor
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DRAM_USE_COMB:=1
+endef
+
+define Trusted-Firmware-A/mt7988-emmc-comb
+  NAME:=MediaTek MT7988 (eMMC)
+  BOOT_DEVICE:=emmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DRAM_USE_COMB:=1
+endef
+
+define Trusted-Firmware-A/mt7988-sdmmc-comb
+  NAME:=MediaTek MT7988 (SD card)
+  BOOT_DEVICE:=sdmmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DRAM_USE_COMB:=1
+endef
+
+define Trusted-Firmware-A/mt7988-snand-comb
+  NAME:=MediaTek MT7988 (SPI-NAND via SNFI)
+  BOOT_DEVICE:=snand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DRAM_USE_COMB:=1
+endef
+
+define Trusted-Firmware-A/mt7988-snand-ubi-comb
+  NAME:=MediaTek MT7988 (SPI-NAND via SNFI, UBI)
+  BOOT_DEVICE:=snand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DRAM_USE_COMB:=1
+  USE_UBI:=1
+endef
+
+define Trusted-Firmware-A/mt7988-spim-nand-comb
+  NAME:=MediaTek MT7988 (SPI-NAND via SPIM)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DRAM_USE_COMB:=1
+endef
+
+define Trusted-Firmware-A/mt7988-spim-nand-ubi-comb
+  NAME:=MediaTek MT7988 (SPI-NAND via SPIM, UBI)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7988
+  DRAM_USE_COMB:=1
+  USE_UBI:=1
+endef
+
 TFA_TARGETS:= \
 	mt7622-nor-1ddr \
 	mt7622-nor-2ddr \
 	mt7622-snand-1ddr \
+	mt7622-snand-ubi-1ddr \
 	mt7622-snand-2ddr \
+	mt7622-snand-ubi-2ddr \
 	mt7622-emmc-1ddr \
 	mt7622-emmc-2ddr \
 	mt7622-sdmmc-1ddr \
-	mt7622-sdmmc-2ddr
+	mt7622-sdmmc-2ddr \
+	mt7981-emmc-ddr3 \
+	mt7981-nor-ddr3 \
+	mt7981-sdmmc-ddr3 \
+	mt7981-snand-ddr3 \
+	mt7981-spim-nand-ddr3 \
+	mt7981-spim-nand-ubi-ddr4 \
+	mt7981-emmc-ddr4 \
+	mt7981-nor-ddr4 \
+	mt7981-spim-nand-ddr4 \
+	mt7986-emmc-ddr3 \
+	mt7986-nor-ddr3 \
+	mt7986-sdmmc-ddr3 \
+	mt7986-snand-ddr3 \
+	mt7986-spim-nand-ddr3 \
+	mt7986-emmc-ddr4 \
+	mt7986-nor-ddr4 \
+	mt7986-sdmmc-ddr4 \
+	mt7986-snand-ddr4 \
+	mt7986-spim-nand-ddr4 \
+	mt7986-spim-nand-ubi-ddr4 \
+	mt7986-spim-nand-4k-ddr4 \
+	mt7988-emmc-ddr3 \
+	mt7988-nor-ddr3 \
+	mt7988-sdmmc-ddr3 \
+	mt7988-snand-ddr3 \
+	mt7988-spim-nand-ddr3 \
+	mt7988-emmc-ddr4 \
+	mt7988-nor-ddr4 \
+	mt7988-sdmmc-ddr4 \
+	mt7988-snand-ddr4 \
+	mt7988-spim-nand-ddr4 \
+	mt7988-emmc-comb \
+	mt7988-nor-comb \
+	mt7988-sdmmc-comb \
+	mt7988-snand-comb \
+	mt7988-snand-ubi-comb \
+	mt7988-spim-nand-comb \
+	mt7988-spim-nand-ubi-comb

 TFA_MAKE_FLAGS += \
 	BOOT_DEVICE=$(BOOT_DEVICE) \
 	USE_MKIMAGE=1 MKIMAGE=$(STAGING_DIR_HOST)/bin/mkimage \
+	$(if $(findstring ddr4,$(DDR_TYPE)),DRAM_USE_DDR4=1) \
+	$(if $(BOARD_QFN),BOARD_QFN=1,BOARD_BGA=1) \
+	$(if $(NAND_TYPE),NAND_TYPE=$(NAND_TYPE)) \
+	HAVE_DRAM_OBJ_FILE=yes \
 	$(if $(DDR3_FLYBY),DDR3_FLYBY=1) \
+	$(if $(DRAM_USE_COMB),DRAM_USE_COMB=1) \
+	$(if $(USE_UBI),UBI=1 $(if $(findstring mt7622,$(PLAT)),OVERRIDE_UBI_START_ADDR=0x80000)) \
+	$(if $(USE_UBI),UBI=1 $(if $(findstring mt7981,$(PLAT)),OVERRIDE_UBI_START_ADDR=0x100000)) \
 	all

-define Build/Configure
-	$(call Build/Configure/Default)
-endef
-
 define Package/trusted-firmware-a/install
 	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/mt7622/release/bl2.img $(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-bl2.img
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/mt7622/release/bl31.bin $(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-bl31.bin
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/$(PLAT)/release/bl2.img $(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-bl2.img
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/$(PLAT)/release/bl31.bin $(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-bl31.bin
 endef

 $(eval $(call BuildPackage/Trusted-Firmware-A))
--- a/package/boot/arm-trusted-firmware-mediatek/patches/0001-mediatek-snfi-FM35Q1GA-is-x4-only.patch
+++ b/package/boot/arm-trusted-firmware-mediatek/patches/0001-mediatek-snfi-FM35Q1GA-is-x4-only.patch
@@ -0,0 +1,23 @@
+From fb2a2b669ec9bbf5c448d4b56499bc83de075c93 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Thu, 29 Feb 2024 18:01:08 +0000
+Subject: [PATCH 1/3] mediatek: snfi: FM35Q1GA is x4-only
+
+Dont allow x2 read and cache read operations on FM35Q1GA.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-ids.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-ids.c
+++ b/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-ids.c
+@@ -423,7 +423,7 @@ static const struct snand_flash_info sna
+ 
+ 	SNAND_INFO("FM35Q1GA", SNAND_ID(SNAND_ID_DYMMY, 0xe5, 0x71),
+ 		   SNAND_MEMORG_1G_2K_64,
+-		   &snand_cap_read_from_cache_x4,
+		   &snand_cap_read_from_cache_x4_only,
+ 		   &snand_cap_program_load_x4),
+ 
+ 	SNAND_INFO("PN26G01A", SNAND_ID(SNAND_ID_DYMMY, 0xa1, 0xe1),
--- a/package/boot/arm-trusted-firmware-mediatek/patches/0002-mediatek-snfi-adjust-pin-drive-strength-for-Fidelix-.patch
+++ b/package/boot/arm-trusted-firmware-mediatek/patches/0002-mediatek-snfi-adjust-pin-drive-strength-for-Fidelix-.patch
@@ -0,0 +1,99 @@
+From 6470986f037880ce76960c369d6e5a5270e7ce32 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sun, 10 Mar 2024 15:39:07 +0000
+Subject: [PATCH 2/3] mediatek: snfi: adjust pin drive strength for Fidelix
+ SPI-NAND
+
+It seems like we might need to adjust the pin driver strength to 12mA
+for Fidelix SPI-NAND chip on MT7622 to avoid SPI data corruption on
+some devices.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ .../apsoc_common/drivers/snfi/mtk-snand-def.h |  7 +++++
+ .../apsoc_common/drivers/snfi/mtk-snand-ids.c |  4 ++-
+ .../apsoc_common/drivers/snfi/mtk-snand.c     | 30 +++++++++++++++++++
+ 3 files changed, 40 insertions(+), 1 deletion(-)
+
+--- a/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-def.h
+++ b/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-def.h
+@@ -86,6 +86,12 @@ struct snand_mem_org {
+ 
+ typedef int (*snand_select_die_t)(struct mtk_snand *snf, uint32_t dieidx);
+ 
+enum snand_drv {
+	SNAND_DRV_NO_CHANGE = 0,
+	SNAND_DRV_8mA = 8,
+	SNAND_DRV_12mA = 12,
+};
+
+ struct snand_flash_info {
+ 	const char *model;
+ 	struct snand_id id;
+@@ -93,6 +99,7 @@ struct snand_flash_info {
+ 	const struct snand_io_cap *cap_rd;
+ 	const struct snand_io_cap *cap_pl;
+ 	snand_select_die_t select_die;
+	enum snand_drv drv;
+ };
+ 
+ #define SNAND_INFO(_model, _id, _memorg, _cap_rd, _cap_pl, ...) \
+--- a/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-ids.c
+++ b/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-ids.c
+@@ -424,7 +424,9 @@ static const struct snand_flash_info sna
+ 	SNAND_INFO("FM35Q1GA", SNAND_ID(SNAND_ID_DYMMY, 0xe5, 0x71),
+ 		   SNAND_MEMORG_1G_2K_64,
+ 		   &snand_cap_read_from_cache_x4_only,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 
+ 	SNAND_INFO("PN26G01A", SNAND_ID(SNAND_ID_DYMMY, 0xa1, 0xe1),
+ 		   SNAND_MEMORG_1G_2K_128,
+--- a/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand.c
+++ b/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand.c
+@@ -1845,6 +1845,33 @@ static int mtk_snand_id_probe(struct mtk
+ 	return -EINVAL;
+ }
+ 
+#define MT7622_GPIO_BASE    (void *)0x10211000
+#define MT7622_GPIO_DRIV(x) (MT7622_GPIO_BASE + 0x900 + 0x10 * x)
+
+void mtk_mt7622_snand_adjust_drive(void *dev, enum snand_drv drv)
+{
+	uint32_t e4, e8;
+
+	e4 = readl(MT7622_GPIO_DRIV(6)) & ~(0x3f00);
+	e8 = readl(MT7622_GPIO_DRIV(7)) & ~(0x3f00);
+
+	switch (drv) {
+	case SNAND_DRV_8mA:
+		e4 |= 0x3f00;
+		break;
+	case SNAND_DRV_12mA:
+		e8 |= 0x3f00;
+		break;
+	default:
+		return;
+	}
+
+	snand_log_chip(dev, "adjusting SPI-NAND pin drive strength to %umA\n", drv);
+
+	writel(e4, MT7622_GPIO_DRIV(6));
+	writel(e8, MT7622_GPIO_DRIV(7));
+}
+
+ int mtk_snand_init(void *dev, const struct mtk_snand_platdata *pdata,
+ 		   struct mtk_snand **psnf)
+ {
+@@ -1888,6 +1915,9 @@ int mtk_snand_init(void *dev, const stru
+ 	if (ret)
+ 		return ret;
+ 
+	if (pdata->soc == SNAND_SOC_MT7622 && snand_info->drv)
+		mtk_mt7622_snand_adjust_drive(dev, snand_info->drv);
+
+ 	rawpage_size = snand_info->memorg.pagesize +
+ 		       snand_info->memorg.sparesize;
+ 
--- a/package/boot/arm-trusted-firmware-mediatek/patches/0003-mediatek-snfi-adjust-drive-strength-to-12mA-like-old.patch
+++ b/package/boot/arm-trusted-firmware-mediatek/patches/0003-mediatek-snfi-adjust-drive-strength-to-12mA-like-old.patch
@@ -0,0 +1,135 @@
+From 40a3661bebb3d738ab95b7de66e9d8382d5b9ab1 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sun, 10 Mar 2024 17:48:09 +0000
+Subject: [PATCH 3/3] mediatek: snfi: adjust drive strength to 12mA like old
+ loader does
+
+In addition to FM35X1GA, also change the driver strength to 12mA for
+all chips where this is done by the old/legacy U-Boot:
+ * Winbond 512Mb
+ * Winbond 1Gb
+ * Winbond 2Gb
+ * GD5F4GQ4UBYIG
+ * GD5F4GQ4UAYIG
+ * GD5F1GQ4UX
+ * GD5F1GQ4UE
+ * GD5F2GQ4UX
+ * GD5F2GQ4UE
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ .../apsoc_common/drivers/snfi/mtk-snand-ids.c | 59 ++++++++++++++-----
+ 1 file changed, 44 insertions(+), 15 deletions(-)
+
+--- a/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-ids.c
+++ b/plat/mediatek/apsoc_common/drivers/snfi/mtk-snand-ids.c
+@@ -80,65 +80,94 @@ static const struct snand_flash_info sna
+ 	SNAND_INFO("W25N512GV", SNAND_ID(SNAND_ID_DYMMY, 0xef, 0xaa, 0x20),
+ 		   SNAND_MEMORG_512M_2K_64,
+ 		   &snand_cap_read_from_cache_quad,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("W25N01GV", SNAND_ID(SNAND_ID_DYMMY, 0xef, 0xaa, 0x21),
+ 		   SNAND_MEMORG_1G_2K_64,
+ 		   &snand_cap_read_from_cache_quad,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("W25M02GV", SNAND_ID(SNAND_ID_DYMMY, 0xef, 0xab, 0x21),
+ 		   SNAND_MEMORG_2G_2K_64_2D,
+ 		   &snand_cap_read_from_cache_quad,
+ 		   &snand_cap_program_load_x4,
+-		   mtk_snand_winbond_select_die),
+		   mtk_snand_winbond_select_die,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("W25N02KV", SNAND_ID(SNAND_ID_DYMMY, 0xef, 0xaa, 0x22),
+ 		   SNAND_MEMORG_2G_2K_128,
+ 		   &snand_cap_read_from_cache_quad,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 
+ 	SNAND_INFO("GD5F1GQ4UAWxx", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0x10),
+ 		   SNAND_MEMORG_1G_2K_64,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F1GQ4UExIG", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0xd1),
+ 		   SNAND_MEMORG_1G_2K_128,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F1GQ4UExxH", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0xd9),
+ 		   SNAND_MEMORG_1G_2K_64,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F1GQ4xAYIG", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0xf1),
+ 		   SNAND_MEMORG_1G_2K_64,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F2GQ4UExIG", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0xd2),
+ 		   SNAND_MEMORG_2G_2K_128,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F2GQ5UExxH", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0x32),
+ 		   SNAND_MEMORG_2G_2K_64,
+ 		   &snand_cap_read_from_cache_quad_a8d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F2GQ4xAYIG", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0xf2),
+ 		   SNAND_MEMORG_2G_2K_64,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F4GQ4UBxIG", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0xd4),
+ 		   SNAND_MEMORG_4G_4K_256,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F4GQ4xAYIG", SNAND_ID(SNAND_ID_ADDR, 0xc8, 0xf4),
+ 		   SNAND_MEMORG_4G_2K_64,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F2GQ5UExxG", SNAND_ID(SNAND_ID_DYMMY, 0xc8, 0x52),
+ 		   SNAND_MEMORG_2G_2K_128,
+ 		   &snand_cap_read_from_cache_quad_a8d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 	SNAND_INFO("GD5F4GQ4UCxIG", SNAND_ID(SNAND_ID_DYMMY, 0xc8, 0xb4),
+ 		   SNAND_MEMORG_4G_4K_256,
+ 		   &snand_cap_read_from_cache_quad_q2d,
+-		   &snand_cap_program_load_x4),
+		   &snand_cap_program_load_x4,
+		   NULL,
+		   SNAND_DRV_12mA),
+ 
+ 	SNAND_INFO("MX35LF1GE4AB", SNAND_ID(SNAND_ID_DYMMY, 0xc2, 0x12),
+ 		   SNAND_MEMORG_1G_2K_64,
--- a/package/boot/arm-trusted-firmware-mediatek/patches/100-increase-nor-bl3-size.patch
+++ b/package/boot/arm-trusted-firmware-mediatek/patches/100-increase-nor-bl3-size.patch
@@ -1,11 +0,0 @@
--- a/plat/mediatek/mt7622/bl2_boot_nor.c
-+++ b/plat/mediatek/mt7622/bl2_boot_nor.c
-@@ -12,7 +12,7 @@
- #define MT7622_NOR_MAP_BASE		0x30000000
- 
- #define FIP_BASE			0x20000
-#define FIP_SIZE			0x80000
-+#define FIP_SIZE			0xa0000
- 
- const io_block_spec_t mtk_boot_dev_fip_spec = {
- 	.offset	= MT7622_NOR_MAP_BASE + FIP_BASE,
--- a/package/boot/arm-trusted-firmware-mvebu/Makefile
+++ b/package/boot/arm-trusted-firmware-mvebu/Makefile
@@ -13,6 +13,7 @@ PKG_HASH:=bf3eb3617a74cddd7fb0e0eacbfe38c3258ee07d4c8ed730deef7a175cc3d55b

 PKG_MAINTAINER:=Vladimir Vid <vladimir.vid@sartura.hr>

+include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/trusted-firmware-a.mk
 include $(INCLUDE_DIR)/package.mk

--- a/package/boot/arm-trusted-firmware-rockchip-vendor/Makefile
+++ b/package/boot/arm-trusted-firmware-rockchip-vendor/Makefile
@@ -1,61 +0,0 @@
-# SPDX-License-Identifier: GPL-2.0-only
-#
-# Copyright (C) 2021 ImmortalWrt.org
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=arm-trusted-firmware-rockchip-vendor
-PKG_RELEASE:=$(AUTORELEASE)
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL=https://github.com/rockchip-linux/rkbin.git
-PKG_SOURCE_DATE:=2021-06-01
-PKG_SOURCE_VERSION:=7d631e0d5b2d373b54d4533580d08fb9bd2eaad4
-PKG_MIRROR_HASH:=3a4794d1d00890401b032a573fca3121935ea036468a67228f203d68b007d916
-
-PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
-
-MAKE_PATH:=$(PKG_NAME)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/arm-trusted-firmware-rockchip-vendor
-    SECTION:=boot
-    CATEGORY:=Boot Loaders
-    TITLE:=ARM Trusted Firmware for Rockchip
-endef
-
-define Package/arm-trusted-firmware-rk3328
-    $(Package/arm-trusted-firmware-rockchip-vendor)
-    DEPENDS:=@TARGET_rockchip_armv8
-    VARIANT:=rk3328
-endef
-
-define Package/arm-trusted-firmware-rk3399
-    $(Package/arm-trusted-firmware-rockchip-vendor)
-    DEPENDS:=@TARGET_rockchip_armv8
-    VARIANT:=rk3399
-endef
-
-define Build/Configure
-	$(SED) 's,$$$$(PKG_BUILD_DIR),$(PKG_BUILD_DIR),g' $(PKG_BUILD_DIR)/trust.ini
-	$(SED) 's,$$$$(VARIANT),$(BUILD_VARIANT),g' $(PKG_BUILD_DIR)/trust.ini
-	$(call Build/Configure/Default)
-endef
-
-define Build/Compile
-	$(CURDIR)/pack-firmware.sh build $(BUILD_VARIANT) '$(PKG_BUILD_DIR)'
-endef
-
-define Build/InstallDev
-	$(CURDIR)/pack-firmware.sh install $(BUILD_VARIANT) '$(PKG_BUILD_DIR)' '$(STAGING_DIR_IMAGE)'
-endef
-
-define Package/arm-trusted-firmware-rk3328/install
-endef
-
-define Package/arm-trusted-firmware-rk3399/install
-endef
-
-$(eval $(call BuildPackage,arm-trusted-firmware-rk3328))
-$(eval $(call BuildPackage,arm-trusted-firmware-rk3399))
--- a/package/boot/arm-trusted-firmware-rockchip-vendor/pack-firmware.sh
+++ b/package/boot/arm-trusted-firmware-rockchip-vendor/pack-firmware.sh
@@ -1,41 +0,0 @@
-#!/bin/bash
-# Copyright (C) 2021 ImmortalWrt.org
-
-ACTION="$1"
-VARIANT="$2"
-PKG_BUILD_DIR="$3"
-STAGING_DIR_IMAGE="$4"
-
-case "$VARIANT" in
-"rk3328")
-	ATF="rk33/rk322xh_bl31_v1.46.elf"
-	DDR="rk33/rk3328_ddr_333MHz_v1.17.bin"
-	LOADER="rk33/rk322xh_miniloader_v2.50.bin"
-	;;
-"rk3399")
-	ATF="rk33/rk3399_bl31_v1.35.elf"
-	DDR="rk33/rk3399_ddr_800MHz_v1.25.bin"
-	LOADER="rk33/rk3399_miniloader_v1.26.bin"
-	;;
-*)
-	echo -e "Not compatible with your platform: $VARIANT."
-	exit 1
-	;;
-esac
-
-set -x
-if [ "$ACTION" == "build" ]; then
-	mkimage -n "$VARIANT" -T "rksd" -d "$PKG_BUILD_DIR/bin/$DDR" "$PKG_BUILD_DIR/$VARIANT-idbloader.bin"
-	cat "$PKG_BUILD_DIR/bin/$LOADER" >> "$PKG_BUILD_DIR/$VARIANT-idbloader.bin"
-	"$PKG_BUILD_DIR/tools/trust_merger" --replace "bl31.elf" "$PKG_BUILD_DIR/bin/$ATF" "$PKG_BUILD_DIR/trust.ini"
-elif [ "$ACTION" == "install" ]; then
-	mkdir -p "$STAGING_DIR_IMAGE"
-	cp -fp "$PKG_BUILD_DIR/bin/$ATF" "$STAGING_DIR_IMAGE"/
-	cp -fp "$PKG_BUILD_DIR/tools/loaderimage" "$STAGING_DIR_IMAGE"/
-	cp -fp "$PKG_BUILD_DIR/$VARIANT-idbloader.bin" "$STAGING_DIR_IMAGE"/
-	cp -fp "$PKG_BUILD_DIR/$VARIANT-trust.bin" "$STAGING_DIR_IMAGE"/
-else
-	echo -e "Unknown operation: $ACTION."
-	exit 1
-fi
-set +x
--- a/package/boot/arm-trusted-firmware-rockchip/Makefile
+++ b/package/boot/arm-trusted-firmware-rockchip/Makefile
@@ -1,49 +1,95 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2020 Tobias Maedel <openwrt@tbspace.de>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2021-2023 ImmortalWrt.org

 include $(TOPDIR)/rules.mk

-PKG_NAME:=arm-trusted-firmware-rockchip
-PKG_VERSION:=2.3
+PKG_NAME:=rkbin
 PKG_RELEASE:=1

-PKG_SOURCE:=atf-v$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/atf-builds/atf/releases/download/v$(PKG_VERSION)/atf-v$(PKG_VERSION).tar.gz?
-PKG_HASH:=bf352298743aed594cf2958dd588e06ab6713fc514bb6f809bf55a85a87134c1
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/rockchip-linux/rkbin.git
+PKG_SOURCE_DATE:=2024-02-22
+PKG_SOURCE_VERSION:=a2a0b89b6c8c612dca5ed9ed8a68db8a07f68bc0
+PKG_MIRROR_HASH:=39f15e5f8fac02026065b6747b355b93f4e06202783ae448c43607763211597c

-PKG_LICENSE:=BSD-3-Clause
-PKG_LICENSE_FILES:=license.md
-
-PKG_MAINTAINER:=Tobias Maedel <openwrt@tbspace.de>
-
-MAKE_PATH:=$(PKG_NAME)
+PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>

+include $(INCLUDE_DIR)/trusted-firmware-a.mk
 include $(INCLUDE_DIR)/package.mk
+include ./atf-version.mk

-define Package/arm-trusted-firmware-rockchip
-    SECTION:=boot
-    CATEGORY:=Boot Loaders
-    TITLE:=ARM Trusted Firmware for Rockchip
-    DEPENDS:=@TARGET_rockchip_armv8
+define Trusted-Firmware-A/Default
+  NAME:=Rockchip $(1) SoCs
+  BUILD_TARGET:=rockchip
 endef

-define Build/Prepare
-	$(TAR) -C $(PKG_BUILD_DIR) -xf $(DL_DIR)/$(PKG_SOURCE)
+define Trusted-Firmware-A/rk3328
+  BUILD_SUBTARGET:=armv8
+  ATF:=rk33/$(RK3328_ATF)
+  TPL:=rk33/$(RK3328_TPL)
+  LOADER:=rk33/$(RK3328_LOADER)
 endef

+define Trusted-Firmware-A/rk3399
+  BUILD_SUBTARGET:=armv8
+  ATF:=rk33/$(RK3399_ATF)
+  TPL:=rk33/$(RK3399_TPL)
+  LOADER:=rk33/$(RK3399_LOADER)
+endef
+
+define Trusted-Firmware-A/rk3566
+  BUILD_SUBTARGET:=armv8
+  ATF:=rk35/$(RK3566_ATF)
+  TPL:=rk35/$(RK3566_TPL)
+endef
+
+define Trusted-Firmware-A/rk3568
+  BUILD_SUBTARGET:=armv8
+  ATF:=rk35/$(RK3568_ATF)
+  TPL:=rk35/$(RK3568_TPL)
+endef
+
+define Trusted-Firmware-A/rk3588
+  BUILD_SUBTARGET:=armv8
+  ATF:=rk35/$(RK3588_ATF)
+  TPL:=rk35/$(RK3588_TPL)
+endef
+
+TFA_TARGETS:= \
+	rk3328 \
+	rk3399 \
+	rk3566 \
+	rk3568 \
+	rk3588
+
 define Build/Compile
+	# This comment is the workaround for "extraneous 'endif'" error
+ifneq ($(LOADER),)
+	( \
+		pushd $(PKG_BUILD_DIR) ; \
+		$(SED) 's,$$$$(PKG_BUILD_DIR),$(PKG_BUILD_DIR),g' trust.ini ; \
+		$(SED) 's,$$$$(VARIANT),$(BUILD_VARIANT),g' trust.ini ; \
+		./tools/mkimage -n $(BUILD_VARIANT) -T rksd -d bin/$(TPL) \
+			$(BUILD_VARIANT)-idbloader.bin ; \
+		cat bin/$(LOADER) >> $(BUILD_VARIANT)-idbloader.bin ; \
+		./tools/trust_merger --replace bl31.elf bin/$(ATF) trust.ini ; \
+		popd ; \
+	)
+endif
 endef

-define Build/InstallDev
-	$(INSTALL_DIR) -p $(STAGING_DIR_IMAGE)
-	$(CP) $(PKG_BUILD_DIR)/rk*.elf $(STAGING_DIR_IMAGE)/
+define Package/trusted-firmware-a/install
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
+
+	$(CP) $(PKG_BUILD_DIR)/bin/$(ATF) $(STAGING_DIR_IMAGE)/
+ifneq ($(LOADER),)
+	$(CP) $(PKG_BUILD_DIR)/tools/loaderimage $(STAGING_DIR_IMAGE)/
+	$(CP) $(PKG_BUILD_DIR)/$(BUILD_VARIANT)-idbloader.bin $(STAGING_DIR_IMAGE)/
+	$(CP) $(PKG_BUILD_DIR)/$(BUILD_VARIANT)-trust.bin $(STAGING_DIR_IMAGE)/
+else
+	$(CP) $(PKG_BUILD_DIR)/bin/$(TPL) $(STAGING_DIR_IMAGE)/
+endif
 endef

-define Package/arm-trusted-firmware-rockchip/install
-endef
-
-$(eval $(call BuildPackage,arm-trusted-firmware-rockchip))
+$(eval $(call BuildPackage/Trusted-Firmware-A))
--- a/package/boot/arm-trusted-firmware-rockchip/atf-version.mk
+++ b/package/boot/arm-trusted-firmware-rockchip/atf-version.mk
@@ -0,0 +1,16 @@
+RK3328_ATF:=rk322xh_bl31_v1.49.elf
+RK3328_TPL:=rk3328_ddr_333MHz_v1.19.bin
+RK3328_LOADER:=rk322xh_miniloader_v2.50.bin
+
+RK3399_ATF:=rk3399_bl31_v1.36.elf
+RK3399_TPL:=rk3399_ddr_800MHz_v1.30.bin
+RK3399_LOADER:=rk3399_miniloader_v1.30.bin
+
+RK3566_ATF:=rk3568_bl31_v1.44.elf
+RK3566_TPL:=rk3566_ddr_1056MHz_v1.21.bin
+
+RK3568_ATF:=rk3568_bl31_v1.44.elf
+RK3568_TPL:=rk3568_ddr_1560MHz_v1.21.bin
+
+RK3588_ATF:=rk3588_bl31_v1.45.elf
+RK3588_TPL:=rk3588_ddr_lp4_2112MHz_lp5_2400MHz_v1.16.bin
--- a/package/boot/arm-trusted-firmware-rockchip-vendor/src/trust.ini
+++ b/package/boot/arm-trusted-firmware-rockchip-vendor/src/trust.ini
--- a/package/boot/arm-trusted-firmware-sunxi/Makefile
+++ b/package/boot/arm-trusted-firmware-sunxi/Makefile
@@ -7,57 +7,48 @@

 include $(TOPDIR)/rules.mk

-PKG_NAME:=arm-trusted-firmware-sunxi
+PKG_VERSION:=2.10
 PKG_RELEASE:=1

-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL=https://github.com/ARM-software/arm-trusted-firmware
-PKG_SOURCE_DATE:=2020-11-17
-PKG_SOURCE_VERSION:=e2c509a39c6cc4dda8734e6509cdbe6e3603cdfc
-PKG_MIRROR_HASH:=b212d369a5286ebbf6a5616486efa05fa54d4294fd6e9ba2e54fdfae9eda918d
+PKG_HASH:=88215a62291b9ba87da8e50b077741103cdc08fb6c9e1ebd34dfaace746d3201

 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=license.md

 PKG_MAINTAINER:=Hauke Mehrtens <hauke@hauke-m.de>

+include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/trusted-firmware-a.mk
 include $(INCLUDE_DIR)/package.mk

-
-define Package/arm-trusted-firmware-sunxi/Default
-    SECTION:=boot
-    CATEGORY:=Boot Loaders
-    TITLE:=ARM Trusted Firmware for Allwinner
-    DEPENDS:=@TARGET_sunxi_cortexa53
+define Trusted-Firmware-A/Default
+	BUILD_TARGET:=sunxi
+	BUILD_SUBTARGET:=cortexa53
 endef

-define Package/arm-trusted-firmware-sunxi-a64
-    $(call Package/arm-trusted-firmware-sunxi/Default)
-    VARIANT:=sun50i_a64
+define Trusted-Firmware-A/sunxi-a64
+	NAME:=Allwinner A64
+	PLAT:=sun50i_a64
 endef

-define Package/arm-trusted-firmware-sunxi-h6
-    $(call Package/arm-trusted-firmware-sunxi/Default)
-    VARIANT:=sun50i_h6
+define Trusted-Firmware-A/sunxi-h6
+	NAME:=Allwinner H6
+	PLAT:=sun50i_h6
 endef

-export GCC_HONOUR_COPTS=s
+define Trusted-Firmware-A/sunxi-h616
+	NAME:=Allwinner H616
+	PLAT:=sun50i_h616
+endef

-MAKE_VARS = \
-	CROSS_COMPILE="$(TARGET_CROSS)"
+TFA_TARGETS:= \
+	sunxi-a64 \
+	sunxi-h6 \
+	sunxi-h616

-MAKE_FLAGS += \
-	PLAT=$(BUILD_VARIANT) \
-	bl31
-
-define Build/InstallDev
+define Package/trusted-firmware-a/install
 	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
-	$(CP) $(PKG_BUILD_DIR)/build/$(BUILD_VARIANT)/release/bl31.bin $(STAGING_DIR_IMAGE)/bl31_$(BUILD_VARIANT).bin
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/$(PLAT)/release/bl31.bin $(STAGING_DIR_IMAGE)/bl31_$(BUILD_VARIANT).bin
 endef

-define Package/arm-trusted-firmware-sunxi/install
-endef
-
-$(eval $(call BuildPackage,arm-trusted-firmware-sunxi-a64))
-$(eval $(call BuildPackage,arm-trusted-firmware-sunxi-h6))
+$(eval $(call BuildPackage/Trusted-Firmware-A))
--- a/package/boot/arm-trusted-firmware-tools/Makefile
+++ b/package/boot/arm-trusted-firmware-tools/Makefile
@@ -8,9 +8,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=arm-trusted-firmware-tools
-PKG_VERSION:=2.4
+PKG_VERSION:=2.9
 PKG_RELEASE:=1
-PKG_HASH:=bf3eb3617a74cddd7fb0e0eacbfe38c3258ee07d4c8ed730deef7a175cc3d55b
+PKG_HASH:=76a66a1de0c01aeb83dfc7b72b51173fe62c6e51d6fca17cc562393117bed08b

 PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
 PKG_HOST_ONLY:=1
@@ -34,23 +34,17 @@ define Host/Compile
 		$(HOST_BUILD_DIR)/tools/fiptool \
 		CPPFLAGS="$(HOST_CFLAGS)" \
 		LDFLAGS="$(HOST_LDFLAGS)"
-	$(MAKE) -C \
-		$(HOST_BUILD_DIR)/tools/sptool \
-		CPPFLAGS="$(HOST_CFLAGS)" \
-		LDFLAGS="$(HOST_LDFLAGS)"
 endef

 define Host/Install
 	$(INSTALL_DIR) $(STAGING_DIR_HOST)/bin/
 	$(INSTALL_BIN) $(HOST_BUILD_DIR)/tools/fiptool/fiptool $(STAGING_DIR_HOST)/bin/
-	$(INSTALL_BIN) $(HOST_BUILD_DIR)/tools/sptool/sptool $(STAGING_DIR_HOST)/bin/
-	$(INSTALL_BIN) $(HOST_BUILD_DIR)/tools/sptool/sp_mk_generator.py $(STAGING_DIR_HOST)/bin/
+	$(INSTALL_BIN) $(HOST_BUILD_DIR)/tools/sptool/sptool.py $(STAGING_DIR_HOST)/bin/
 endef

 define Host/Clean
 	rm -f $(STAGING_DIR_HOST)/bin/fiptool
-	rm -f $(STAGING_DIR_HOST)/bin/sptool
-	rm -f $(STAGING_DIR_HOST)/bin/sp_mk_generator.py
+	rm -f $(STAGING_DIR_HOST)/bin/sptool.py $(STAGING_DIR_HOST)/bin/sptool
 endef

 $(eval $(call BuildPackage,arm-trusted-firmware-tools))
--- a/package/boot/grub2/Makefile
+++ b/package/boot/grub2/Makefile
@@ -1,29 +1,31 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2015 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2021 OpenWrt.org

 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk

 PKG_NAME:=grub
-PKG_CPE_ID:=cpe:/a:gnu:grub2
-PKG_VERSION:=2.06
-PKG_RELEASE:=1
+PKG_VERSION:=2.12
+PKG_RELEASE:=6

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNU/grub
-PKG_HASH:=b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1
+PKG_HASH:=f3c97391f7c4eaa677a78e090c7e97e6dc47b16f655f04683ebd37bef7fe0faa
+
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_CPE_ID:=cpe:/a:gnu:grub2

 HOST_BUILD_PARALLEL:=1
 PKG_BUILD_DEPENDS:=grub2/host

-PKG_ASLR_PIE:=0
-PKG_SSP:=0
+ifneq ($(BUILD_VARIANT),none)
+  PKG_ASLR_PIE:=0
+  PKG_SSP:=0
+endif

 PKG_FLAGS:=nonshared
+PKG_BUILD_FLAGS:=no-gc-sections no-lto no-mold

 include $(INCLUDE_DIR)/host-build.mk
 include $(INCLUDE_DIR)/package.mk
@@ -31,14 +33,18 @@ include $(INCLUDE_DIR)/package.mk
 define Package/grub2/Default
  CATEGORY:=Boot Loaders
  SECTION:=boot
-  TITLE:=GRand Unified Bootloader ($(1))
+  TITLE:=GRand Unified Bootloader ($(2))
  URL:=http://www.gnu.org/software/grub/
-  DEPENDS:=@TARGET_x86
-  VARIANT:=$(1)
+  DEPENDS:=@(TARGET_x86||TARGET_armsr||TARGET_armvirt||TARGET_phytium_armv8||TARGET_loongarch64)
+  VARIANT:=$(2)
 endef

-Package/grub2=$(call Package/grub2/Default,pc)
-Package/grub2-efi=$(call Package/grub2/Default,efi)
+Package/grub2=$(call Package/grub2/Default,x86,pc)
+Package/grub2-efi=$(call Package/grub2/Default,x86,efi)
+Package/grub2-efi-arm=$(call Package/grub2/Default,armsr,efi)
+Package/grub2-efi-arm=$(call Package/grub2/Default,armvirt,efi)
+Package/grub2-efi-arm=$(call Package/grub2/Default,phytium_armv8,efi)
+Package/grub2-efi-loongarch64=$(call Package/grub2/Default,loongarch64,efi)

 define Package/grub2-editenv
  CATEGORY:=Utilities
@@ -47,13 +53,27 @@ define Package/grub2-editenv
  TITLE:=Grub2 Environment editor
  URL:=http://www.gnu.org/software/grub/
  DEPENDS:=@TARGET_x86
-  VARIANT:=pc
+  VARIANT:=none
 endef

 define Package/grub2-editenv/description
 	Edit grub2 environment files.
 endef

+define Package/grub2-bios-setup
+  CATEGORY:=Utilities
+  SECTION:=utils
+  SUBMENU:=Boot Loaders
+  TITLE:=Grub2 BIOS boot setup tool
+  URL:=http://www.gnu.org/software/grub/
+  DEPENDS:=@TARGET_x86
+  VARIANT:=none
+endef
+
+define Package/grub2-bios-setup/description
+	Set up images to bootable.
+endef
+
 HOST_BUILD_PREFIX := $(STAGING_DIR_HOST)

 CONFIGURE_VARS += \
@@ -85,7 +105,15 @@ HOST_MAKE_FLAGS += \
 	TARGET_RANLIB=$(TARGET_RANLIB) \
 	LIBLZMA=$(STAGING_DIR_HOST)/lib/liblzma.a

-TARGET_CFLAGS := $(filter-out -O2 -O3 -fno-plt,$(TARGET_CFLAGS))
+
+ifneq ($(BUILD_VARIANT),none)
+  TARGET_CFLAGS := $(filter-out -O2 -O3 -fno-plt,$(TARGET_CFLAGS))
+  MAKE_PATH := grub-core
+endif
+
+ifeq ($(CONFIG_arm),y)
+  TARGET_CFLAGS := $(filter-out -mfloat-abi=hard,$(TARGET_CFLAGS))
+endif

 define Host/Configure
 	$(SED) 's,(RANLIB),(TARGET_RANLIB),' $(HOST_BUILD_DIR)/grub-core/Makefile.in
@@ -93,8 +121,6 @@ define Host/Configure
 endef

 define Package/grub2/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/grub-bios-setup $(1)/usr/sbin/
 	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)/grub2
 	$(CP) $(PKG_BUILD_DIR)/grub-core/boot.img $(STAGING_DIR_IMAGE)/grub2/
 	$(CP) $(PKG_BUILD_DIR)/grub-core/cdboot.img $(STAGING_DIR_IMAGE)/grub2/
@@ -105,28 +131,28 @@ define Package/grub2/install
 		-O i386-pc \
 		-c $(PKG_BUILD_DIR)/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/gpt-core.img \
-		at_keyboard biosdisk boot chain configfile fat linux ls part_gpt reboot serial vga
+		at_keyboard biosdisk boot chain configfile fat linux ls part_gpt reboot search serial test vga
 	$(STAGING_DIR_HOST)/bin/grub-mkimage \
 		-d $(PKG_BUILD_DIR)/grub-core \
 		-p /boot/grub \
 		-O i386-pc \
 		-c ./files/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/generic-core.img \
-		at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga
+		at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot search serial test vga
 	$(STAGING_DIR_HOST)/bin/grub-mkimage \
 		-d $(PKG_BUILD_DIR)/grub-core \
 		-p /boot/grub \
 		-O i386-pc \
 		-c ./files/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/eltorito.img \
-		at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot serial test vga
+		at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot search serial test vga
 	$(STAGING_DIR_HOST)/bin/grub-mkimage \
 		-d $(PKG_BUILD_DIR)/grub-core \
 		-p /boot/grub \
 		-O i386-pc \
 		-c ./files/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/legacy-core.img \
-		biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga
+		biosdisk boot chain configfile ext2 linux ls part_msdos reboot search serial vga
 endef

 define Package/grub2-efi/install
@@ -137,22 +163,65 @@ define Package/grub2-efi/install
 		-O $(CONFIG_ARCH)-efi \
 		-c $(PKG_BUILD_DIR)/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/boot$(if $(CONFIG_x86_64),x64,ia32).efi \
-		at_keyboard boot chain configfile fat linux ls part_gpt reboot serial efi_gop efi_uga
+		at_keyboard boot chain configfile fat linux ls part_gpt reboot serial test efi_gop efi_uga
 	$(STAGING_DIR_HOST)/bin/grub-mkimage \
 		-d $(PKG_BUILD_DIR)/grub-core \
 		-p /boot/grub \
 		-O $(CONFIG_ARCH)-efi \
 		-c ./files/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/iso-boot$(if $(CONFIG_x86_64),x64,ia32).efi \
-		at_keyboard boot chain configfile fat iso9660 linux ls part_msdos part_gpt reboot serial test efi_gop efi_uga
+		boot chain configfile fat iso9660 linux ls part_msdos part_gpt reboot serial test efi_gop efi_uga
 endef

+define Package/grub2-efi-arm/install
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)/grub2
+	cp ./files/grub-early-gpt.cfg $(PKG_BUILD_DIR)/grub-early.cfg
+	$(STAGING_DIR_HOST)/bin/grub-mkimage \
+		-d $(PKG_BUILD_DIR)/grub-core \
+		-p /boot/grub \
+		-O arm$(if $(CONFIG_aarch64),64,)-efi \
+		-c $(PKG_BUILD_DIR)/grub-early.cfg \
+		-o $(STAGING_DIR_IMAGE)/grub2/boot$(if $(CONFIG_aarch64),aa64,arm).efi \
+		boot chain configfile fat linux ls part_gpt part_msdos reboot search \
+		search_fs_uuid search_label serial efi_gop lsefi minicmd ext2
+	$(STAGING_DIR_HOST)/bin/grub-mkimage \
+		-d $(PKG_BUILD_DIR)/grub-core \
+		-p /boot/grub \
+		-O arm$(if $(CONFIG_aarch64),64,)-efi \
+		-c ./files/grub-early.cfg \
+		-o $(STAGING_DIR_IMAGE)/grub2/iso-bootaa$(if $(CONFIG_aarch64),aa64,arm).efi \
+		boot chain configfile fat iso9660 linux ls lsefi minicmd part_msdos part_gpt \
+		reboot serial test efi_gop
+endef
+
+define Package/grub2-efi-loongarch64/install
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)/grub2
+	cp ./files/grub-early-gpt.cfg $(PKG_BUILD_DIR)/grub-early.cfg
+	$(STAGING_DIR_HOST)/bin/grub-mkimage \
+		-d $(PKG_BUILD_DIR)/grub-core \
+		-p /boot/grub \
+		-O loongarch64-efi \
+		-c $(PKG_BUILD_DIR)/grub-early.cfg \
+		-o $(STAGING_DIR_IMAGE)/grub2/bootloongarch64.efi \
+		boot chain configfile fat linux ls lsefi minicmd part_gpt part_msdos reboot search \
+		search_fs_uuid search_label serial efi_gop all_video gfxterm ext2
+endef
+
+
 define Package/grub2-editenv/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/grub-editenv $(1)/usr/sbin/
 endef

+define Package/grub2-bios-setup/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/grub-bios-setup $(1)/usr/sbin/
+endef
+
 $(eval $(call HostBuild))
 $(eval $(call BuildPackage,grub2))
 $(eval $(call BuildPackage,grub2-efi))
+$(eval $(call BuildPackage,grub2-efi-arm))
+$(eval $(call BuildPackage,grub2-efi-loongarch64))
 $(eval $(call BuildPackage,grub2-editenv))
+$(eval $(call BuildPackage,grub2-bios-setup))
--- a/package/boot/grub2/files/grub-early-gpt.cfg
+++ b/package/boot/grub2/files/grub-early-gpt.cfg
@@ -0,0 +1,2 @@
+search --set=root --label kernel
+configfile ($root)/efi/openwrt/grub.cfg
--- a/package/boot/grub2/patches/001-add-missing-extra_deps-list.patch
+++ b/package/boot/grub2/patches/001-add-missing-extra_deps-list.patch
@@ -0,0 +1,36 @@
+From 4d4dae6a52b1749642261a15f5dcc1e3d4150b36 Mon Sep 17 00:00:00 2001
+From: Julien Olivain <ju.o@free.fr>
+Date: Fri, 22 Dec 2023 19:02:53 +0100
+Subject: [PATCH] Add missing grub-core/extra_deps.lst file in release tarball
+
+A file is missing in the grub-2.12 release tarballs (both .gz and .xz).
+See [1]. The issue was reported in [2] and fixed upstream in [3].
+
+This patch adds the missing file, on top of the release tarball. This
+patch won't apply on upstream git, since the file is present in the
+source repository. Since the issue is fixed upstream in [3], it is
+expected upcoming releases tarballs will include the file.
+
+The file content was fetched from the upstream git repo:
+https://git.savannah.gnu.org/gitweb/?p=grub.git;a=blob_plain;f=grub-core/extra_deps.lst;hb=refs/tags/grub-2.12
+
+[1] https://ftp.gnu.org/gnu/grub/grub-2.12.tar.xz
+[2] https://lists.gnu.org/archive/html/grub-devel/2023-12/msg00054.html
+[3] https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=b835601c7639ed1890f2d3db91900a8506011a8e
+
+Signed-off-by: Julien Olivain <ju.o@free.fr>
+Upstream: Fixed by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=b835601c7639ed1890f2d3db91900a8506011a8e
+---
+ grub-core/extra_deps.lst | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 grub-core/extra_deps.lst
+
+diff --git a/grub-core/extra_deps.lst b/grub-core/extra_deps.lst
+new file mode 100644
+index 0000000..f44ad6a
+--- /dev/null
+++ b/grub-core/extra_deps.lst
+@@ -0,0 +1 @@
+depends bli part_gpt
+-- 
+2.43.0
--- a/package/boot/kobs-ng/Makefile
+++ b/package/boot/kobs-ng/Makefile
@@ -25,7 +25,7 @@ define Package/kobs-ng
  SECTION:=utils
  CATEGORY:=Utilities
  TITLE:=Application for writing bootstreams to NAND flash
-  DEPENDS:=@TARGET_imx6
+  DEPENDS:=@TARGET_imx
 endef

 define Package/kobs-ng/description
--- a/package/boot/opensbi/Makefile
+++ b/package/boot/opensbi/Makefile
@@ -0,0 +1,63 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2022 OpenWrt.org
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=opensbi
+PKG_RELEASE:=1.2
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL=https://github.com/riscv/opensbi
+PKG_SOURCE_DATE:=2022-12-24
+PKG_SOURCE_VERSION:=6b5188ca14e59ce7bf71afe4e7d3d557c3d31bf8
+PKG_MIRROR_HASH:=edcdd99da6c62975171981c0aa2b73a27091067da11ccd49816b5ad27d000858
+
+PKG_BUILD_DIR=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_TARGETS:=bin
+PKG_FLAGS:=nonshared
+PKG_LICENSE:=BSD-2-Clause
+PKG_LICENSE_FILES:=COPYING.BSD
+PKG_BUILD_PARALLEL:=1
+
+PKG_MAINTAINER:=Zoltan HERPAI <wigyori@uid0.hu>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/opensbi
+    SECTION:=boot
+    CATEGORY:=Boot Loaders
+    DEPENDS:=@TARGET_sifiveu
+    URL:=https://github.com/riscv/opensbi/blob/master/README.md
+    VARIANT:=$(subst _,/,$(subst opensbi_,,$(1)))
+    TITLE:=OpenSBI generic
+    OPENSBI_IMAGE:=
+    PLAT:=
+endef
+
+define Package/opensbi_generic
+  $(Package/opensbi)
+  TITLE:=OpenSBI generic
+  OPENSBI_IMAGE:=fw_dynamic.bin
+  PLAT:=generic
+endef
+
+export GCC_HONOUR_COPTS=s
+
+MAKE_VARS = \
+	CROSS_COMPILE="$(TARGET_CROSS)"
+
+define Build/Compile
+	$(eval $(Package/opensbi_$(BUILD_VARIANT))) \
+		+$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \
+		PLATFORM=$(PLAT)
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
+	$(CP) $(PKG_BUILD_DIR)/build/platform/$(PLAT)/firmware/fw_dynamic.bin $(STAGING_DIR_IMAGE)/fw_dynamic-${BUILD_VARIANT}.bin
+endef
+
+$(eval $(call BuildPackage,opensbi_generic))
--- a/package/boot/uboot-amlogic/Makefile
+++ b/package/boot/uboot-amlogic/Makefile
@@ -0,0 +1,57 @@
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+include $(TOPDIR)/rules.mk
+
+PKG_VERSION:=20240315
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=default
+PKG_SOURCE:=ophub-uboot-prebuilt-git-$(PKG_VERSION).tar.gz
+PKG_SOURCE_VERSION:=abe491ab386607f9ab0d66728e5766bc5d7e8a20
+PKG_SOURCE_URL_FILE:=$(PKG_SOURCE_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/ophub/u-boot/archive/
+PKG_HASH:=3f98f5728f48d13f33cf4fd21fb6032a625ad3c61aa2e8073dda821f71f067ec
+
+PKG_MAINTAINER:=ophub
+
+include $(INCLUDE_DIR)/u-boot.mk
+include $(INCLUDE_DIR)/package.mk
+
+TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
+TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
+
+define U-Boot/Default
+  BUILD_TARGET:=amlogic
+  UENV:=default
+  HIDDEN:=1
+  DEFAULT:=y
+endef
+
+define U-Boot/phicomm-n1
+  NAME:=Phicomm N1
+  OVERLAY:=u-boot-n1.bin
+  BUILD_SUBTARGET:=mesongx
+  BUILD_DEVICES:=phicomm_n1
+endef
+
+UBOOT_TARGETS := phicomm-n1
+
+define Build/Configure
+	true
+endef
+
+define Build/Compile
+	true
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
+	$(CP) $(PKG_BUILD_DIR)/u-boot/amlogic/overload/$(OVERLAY) $(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-u-boot-overlay.bin
+endef
+
+define Package/u-boot/install/default
+endef
+
+$(eval $(call BuildPackage/U-Boot))
--- a/package/boot/uboot-envtools/Makefile
+++ b/package/boot/uboot-envtools/Makefile
@@ -9,15 +9,15 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=uboot-envtools
 PKG_DISTNAME:=u-boot
-PKG_VERSION:=2021.01
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=2023.01
+PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_DISTNAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
    https://ftp.denx.de/pub/u-boot \
    https://mirror.cyberbits.eu/u-boot \
    ftp://ftp.denx.de/pub/u-boot
-PKG_HASH:=b407e1510a74e863b8b5cb42a24625344f0e0c2fc7582d8c866bd899367d0454
+PKG_HASH:=69423bad380f89a0916636e89e6dcbd2e4512d584308d922d1039d1e4331950f
 PKG_SOURCE_SUBDIR:=$(PKG_DISTNAME)-$(PKG_VERSION)
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_DISTNAME)-$(PKG_VERSION)

--- a/package/boot/uboot-envtools/files/apm821xx
+++ b/package/boot/uboot-envtools/files/apm821xx
@@ -19,6 +19,10 @@ netgear,wndap620|\
 netgear,wndap660)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x4000" "0x4000" "4"
 	;;
+wd,mybooklive)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x1000" "1"
+	ubootenv_add_uci_config "/dev/mtd1" "0x1000" "0x1000" "0x1000" "1"
+	;;
 esac

 config_load ubootenv
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential bzip2 ccache cmake cpio curl device-tree-compiler fastjar flex gawk gettext git gperf haveged help2man intltool libelf-dev libglib2.0-dev libgmp3-dev libltdl-dev vpnc libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libreadline-dev libssl-dev libtool lrzsz aria2 mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip libpython3-dev qemu-utils rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev libfuse-dev