7073760 ramips: add support for TP-Link RE305 v3
86739f2 Add more missing include for byte swap operations
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
f9ad6b3 Add more missing includes for byte swap operations
Basically stop it exploding on MacOS
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Includes following changes:
db65821f006c cmake: fix missing install target
3a0cfc856991 Add initial GitLab CI support
8f47adea6f87 Add missing includes for byte swap operations
fbafae9f8037 Convert to CMake based project
Additionaly moves source code into separate Git project repository and
converts the package build to utilize CMake.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[rmilecki: rebase, update to the latest repo git & rm -r src]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
TP-Link CPE710-v1 is an outdoor wireless CPE for 5 GHz with
one Ethernet port based on the AP152 reference board
Specifications:
- SoC: QCA9563-AL3A MIPS 74kc @ 775MHz, AHB @ 258MHz
- RAM: 128MiB DDR2 @ 650MHz
- Flash: 16MiB SPI NOR Based on the GD25Q128
- Wi-Fi 5Ghz: ath10k chip (802.11ac for up to 867Mbps on 5GHz wireless
data rate) Based on the QCA9896
- Ethernet: one 1GbE port
- 23dBi high-gain directional 2×2 MIMO antenna and a dedicated metal
reflector
- Power, LAN, WLAN5G Blue LEDs
- 3x Blue LEDs
Flashing instructions:
Flash factory image through stock firmware WEB UI or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 30-40 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP address:192.168.0.254
Signed-off-by: Andrew Cameron <apcameron@softhome.net>
[convert to nvmem, fix MAC assignment in 11-ath10k-caldata]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Add additional header information required for newer
bootloaders found on DIR-2660-A1 & A2.
Also remove the MTD splitter compatible from the second firmware
partition, as OpenWrt only supports handling of the first one.
Signed-off-by: Alan Luck <luckyhome2008@gmail.com>
[rephrase commit message, remove removal of read-only flags]
Signed-off-by: David Bauer <mail@david-bauer.net>
Starting with v3 of the vendor firmware for the TP-Link EAP235-Wall v1,
downgrades to firmware versions below v3 as not allowed. Since OpenWrt
uses version 0.0.0 as a default, this causes the factory install to fail
on devices with a recent firmware. This failure is associated by the
following message on the device's serial console:
EAP235/230-Wall forbid fw reverted from 3.x.x to lower version!
Vendor firmware (v3) also uses build and release numbers to compare
images, so identical version numbers are very unlikely to cause issues.
Bump the firmware version to 3.0.0 to ensure users can install OpenWrt
on their devices.
Reported-by: Colton Conor <colton.conor@gmail.com>
Tested-by: Colton Conor <colton.conor@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Some devices using the safeloader firmware format require a minimum or
specific version to be set in the soft-version metadata partition.
Currently only custom text values can be provided, but not all device
firmware support this format.
Modify the device info struct to allow for more well-defined types of
soft-version overwrites, and provide a few macros for easy value
initialisation. Requires all existing values to be updated to match the
new structure.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
[Adapt TL-WA1201-V2 entry too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The structured soft-version partition has a field which contains a
(source) revision number. Factory images used to include this, but
it was accidentaly removed during an earlier refactoring.
Include the source revision number again in the generated soft-version
partition. Additionaly, also show this revision number when printing
image info.
Fixes: 1a211af2cb ("firmware-utils: tplink-safeloader: refactor meta-partition generation")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
This was missed because scancode license scanner was confused by a
slightly different than expected license text (96,75% license score).
License text included "file" instead of "library" in the main part of
the licensing info. It also used "The GNU C Library" instead of the
standard "This library" in 2nd and 3rd paragraphs.
The first paragraph clearly mentions LGPL-2.1-or-later and the use of
"file" instead of "library" should not affect licensing.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This device is a wireless access point working on the 2.4 GHz and 5 GHz
band, based on Qualcomm/Atheros QCA9563 + QCA9886.
Specification
- 775 MHz CPU
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- QCA9563: 2.4 GHz 3x3
- QCA9886: 5 GHz
- AR8033: 1x 1 Gbs Ethernet
- 4x LED, WPS factory reset and power button
- bare UART on PCB (accessible through testpoints)
Methods for Flashing:
- Apply factory image in OEM firmware web-gui. Wait a minute after the
progress bar completes and restart the device.
- Sysupgrade on top of existing OpenWRT image
- Solder wires onto UART testpoints and attach a terminal.
Boot the device and press enter to enter u-boot's menu. Then issue the
following commands
1. setenv serverip your-server-ip
setenv ipaddr your-device-ip
2. tftp 0x80060000 openwrt-squashfs.bin (Rembember output of size in
hex, henceforth "sizeinhex")
3. erase 0x9f030000 +"sizeinhex"
4. cp.b 0x80060000 0x9f030000 0x"sizeinhex"
5. reboot
Recover:
- U-boot serial console
Signed-off-by: Robert Balas <balasr@iis.ee.ethz.ch>
[convert to nvmem]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
mkmerakifw-old was created for the z1 which uses the AR9344 SoC with
be32 addressing. The MX64/MX65 devices use the same header style, however
these boards use a BCM NSP SoC with le32 addressing.
Since we may be booting initramfs images with this header, which may be
of any size, within reason, board->imagelen is set to 0. The kernel
image shoule be limited in the image Makefile.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This was missed because scancode license scanner was confused by
comments about crc32buf().
Cc: Gabor Juhos <juhosg@openwrt.org>
Cc: Gabor Juhos <juhosg@freemail.hu>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This was missed because scancode license scanner was confused by a
comment about (no) copyrights in the init_crc_table().
Cc: Gabor Juhos <juhosg@openwrt.org>
Cc: Gabor Juhos <juhosg@freemail.hu>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This was missed because scancode license scanner was confused by a
comment about Cisco's GPL code github repository.
Cc: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
This uses "GPL-2.0-or-later" header for files identified using scancode
license scanner with 100% score as GPL 2.0 or later.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Specifications:
SOC: Qualcomm Atheros TP9343 (750 MHz)
Flash: 8 Mb (GigaDevice GD25Q64CSIG)
RAM: 64 Mb (Zentel A3R12E40DBF-8E)
Serial: yes, 4-pin header
Wlan: Qualcomm Atheros TP9343, antenna: MIM0 3x3:3 RP-SMA
3 x 2.4GHz power amp module Skyworks (SiGe) SE2576L
Ethernet: Qualcomm Atheros TP9343
Lan speed: 100M ports: 4
Lan speed: 100M ports: 1
Other info: same case, ram and flash that TP-Link TL-WR841HP,
different SOC
https://forum.openwrt.org/t/adding-device-support-tp-link-wr941hp/
Label MAC addresses based on vendor firmware:
LAN *:ee label
WAN *:ef label +1
WLAN *:ee label
The label MAC address found in "config" partition at 0x8
Flash instruction:
Upload the generated factory firmware on web interface.
Signed-off-by: Diogenes Rengo <rengocbx250@gmail.com>
[remove various whitespace issues, squash commits, use short 0x0]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The Canadian edition of the TP-Link Archer A6 v3 uses a different header, but
otherwise it's identical to the already supported EU/US editions.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Brian Lee <dev@leebrian.me>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit b6245fbd58)
The patch adds support for the TP-Link Archer C6 v3 (FCC ID TE7A6V3)
The patch adds identification changes to the existing TP-Link Archer A6,
by Vinay Patil <post2vinay@gmail.com>, which has identical hardware.
Specification
-------------
MediaTek MT7621 SOC
RAM: 128MB DDR3
SPI Flash: W25Q128 (16MB)
Ethernet: MT7530 5x 1000Base-T
WiFi 5GHz: Mediatek MT7613BE
WiFi 2.4GHz: Mediatek MT7603E
UART/Serial: 115200 8n1
Device Configuration & Serial Port Pins
---------------------------------------
ETH Ports: LAN4 LAN3 LAN2 LAN1 WAN
_______________________
| |
Serial Pins: | VCC GND TXD RXD |
|_____________________|
LEDs: Power Wifi2G Wifi5G LAN WAN
Build Output
------------
The build will generate following set of files
[1] openwrt-ramips-mt7621-tplink_archer-c6-v3-initramfs-kernel.bin
[2] openwrt-ramips-mt7621-tplink_archer-c6-v3-squashfs-factory.bin
[3] openwrt-ramips-mt7621-tplink_archer-c6-v3-squashfs-sysupgrade.bin
How to Use - Flashing from TP-Link Web Interface
------------------------------------------------
* Go to "Advanced/System Tools/Firmware Update".
* Click "Browse" and upload the OpenWrt factory image: factory.bin[2]
* Click the "Upgrade" button, and select "Yes" when prompted.
TFTP Booting
------------
Setup a TFTP boot server with address 192.168.0.5.
While starting U-boot press '4' key to stop autoboot.
Copy the initramfs-kernel.bin[1] to TFTP server folder, rename as test.bin
From u-boot command prompt run tftpboot followed by bootm.
Recovery
--------
Archer A6 V3 has recovery page activated if SPI booting from flash fails.
Recovery page can be activated by powercycling the router four times
before the boot process is complete.
Note: TFTP boot can be activated only from u-boot serial console.
Device recovery address: 192.168.0.1
Signed-off-by: Amish Vishwakarma <vishwakarma.amish@gmail.com>
[fix indent]
Signed-off-by: David Bauer <mail@david-bauer.net>
CPExxx and WBSxxx boards with AR9344 SOC
use the OKLI lzma kernel loader
with the offset of 3 blocks of length 4k (0x3000)
in order to have a fake "kernel" that cannot grow larger
than how it is defined in the now static OEM partition table.
Before recent changes to the mtdsplit driver,
the uImage parser for OKLI only supported images
that started exactly on an eraseblock boundary.
The mtdsplit parser for uImage now supports identifying images
with any magic number value
and at any offset from the eraseblock boundary
using DTS properties to define those values.
So, it is no longer necessary to use fixed sizes
for kernel and rootfs
Tested-by: Andrew Cameron <apcameron@softhome.net> [CPE510 v2]
Tested-by: Bernhard Geier <freifunk@geierb.de> [WBS210 v2]
Tested-by: Petrov <d7c48mWsPKx67w2@gmail.com> [CPE210 v1]
Signed-off-by: Michael Pratt <mcpratt@pm.me>
This patch adds support for TP-Link Archer C6U v1 (EU).
The device is also known in some market as Archer C6 v3.
This patch supports only Archer C6U v1 (EU).
Specifications:
--------------
* SoC: Mediatek MT7621AT 2C2T, 880MHz
* RAM: 128MB DDR3
* Flash: 16MB SPI NOR flash (Winbond 25Q128)
* WiFi 5GHz: Mediatek MT7613BEN (2x2:2)
* WiFi 2.4GHz: Mediatek MT7603EN (2x2:2)
* Ethernet: MT7630, 5x 1000Base-T.
* LED: Power, WAN, LAN, WiFi 2GHz and 5GHz, USB
* Buttons: Reset, WPS.
* UART: Serial console (115200 8n1), J1(GND:3)
* USB: One USB2 port.
Installation:
------------
Install the OpenWrt factory image for C6U is from the
TP-Link web interface.
1) Go to "Advanced/System Tools/Firmware Update".
2) Click "Browse" and upload the OpenWrt factory image:
openwrt-ramips-mt7621-tplink_archer-c6u-v1-squashfs-factory.bin.
3) Click the "Upgrade" button, and select "Yes" when prompted.
Recovery to stock firmware:
--------------------------
The C6U bootloader has a failsafe mode that provides a web
interface (running at 192.168.0.1) for reverting back to the
stock TP-Link firmware. The failsafe interface is triggered
from the serial console or on failed kernel boot. Unfortunately,
there's no key combination that enables the failsafe mode. This
gives us two options for recovery:
1) Recover using the serial console (J1 header).
The recovery interface can be selected by hitting 'x' when
prompted on boot.
2) Trigger the bootloader failsafe mode.
A more dangerous option is force the bootloader into
recovery mode by erasing the OpenWrt partition from the
OpenWrt's shell - e.g "mtd erase firmware". Please be
careful, since erasing the wrong partition can brick
your device.
MAC addresses:
-------------
OEM firmware configuration:
D8:07:B6:xx:xx:83 : 5G
D8:07:B6:xx:xx:84 : LAN (label)
D8:07:B6:xx:xx:84 : 2.4G
D8:07:B6:xx:xx:85 : WAN
Signed-off-by: Georgi Vlaev <georgi.vlaev@konsulko.com>
The patch adds support for the TP-Link Archer A6 v3
The router is sold in US and India with FCC ID TE7A6V3
Specification
-------------
MediaTek MT7621 SOC
RAM: 128MB DDR3
SPI Flash: W25Q128 (16MB)
Ethernet: MT7530 5x 1000Base-T
WiFi 5GHz: Mediatek MT7613BE
WiFi 2.4GHz: Mediatek MT7603E
UART/Serial: 115200 8n1
Device Configuration & Serial Port Pins
---------------------------------------
ETH Ports: LAN4 LAN3 LAN2 LAN1 WAN
_______________________
| |
Serial Pins: | VCC GND TXD RXD |
|_____________________|
LEDs: Power Wifi2G Wifi5G LAN WAN
Build Output
------------
The build will generate following set of files
[1] openwrt-ramips-mt7621-tplink_archer-a6-v3-initramfs-kernel.bin
[2] openwrt-ramips-mt7621-tplink_archer-a6-v3-squashfs-factory.bin
[3] openwrt-ramips-mt7621-tplink_archer-a6-v3-squashfs-sysupgrade.bin
How to Use - Flashing from TP-Link Web Interface
------------------------------------------------
* Go to "Advanced/System Tools/Firmware Update".
* Click "Browse" and upload the OpenWrt factory image: factory.bin[2]
* Click the "Upgrade" button, and select "Yes" when prompted.
TFTP Booting
------------
Setup a TFTP boot server with address 192.168.0.5.
While starting U-boot press '4' key to stop autoboot.
Copy the initramfs-kernel.bin[1] to TFTP server folder, rename as test.bin
From u-boot command prompt run tftpboot followed by bootm.
Recovery
--------
Archer A6 V3 has recovery page activated if SPI booting from flash fails.
Recovery page can be activated from serial console only.
Press 'x' while u-boot is starting
Note: TFTP boot can be activated only from u-boot serial console.
Device recovery address: 192.168.0.1
Thanks to: Frankis for Randmon MAC address fix.
Signed-off-by: Vinay Patil <post2vinay@gmail.com>
[remove superfluous factory image definition, whitespacing]
Signed-off-by: David Bauer <mail@david-bauer.net>
The ZyXEL NR7101 prepend an additional header to U-Boot images. This
header use the TRX magic 0x30524448 (HDR0), but is incompatible with
TRX images.
This code is reverse-engineered based on matching 32 bit numbers
found in the header with lengths and different checksum
calculations of the vendor images found on the device. The result
was matched against the validation output produced by the
bootloader to name the associated header fields.
Example bootloader validation output:
Zyxel TRX Image 1 --> Found! Header Checksum OK
============ZyXEL header information==================
chipId : MT7621A
boardId : NR7101
modelId : 07 01 00 01
kernel_len : (14177560)
kernelChksum : (0x8DD31F69)
swVersionInt : 1.00(ABUV.0)D1
swVersionExt : 1.00(ABUV.0)D1
Zyxel TRX Image 2 --> Found! Header Checksum OK
============ZyXEL header information==================
chipId : MT7621A
boardId : NR7101
modelId : 07 01 00 01
kernel_len : (14176660)
kernelChksum : (0x951A7637)
swVersionInt : 1.00(ABUV.0)D0
swVersionExt : 1.00(ABUV.0)D0
=================================================
Check image validation:
Image1 Header Magic Number --> OK
Image2 Header Magic Number --> OK
Image1 Header Checksum --> OK
Image2 Header Checksum --> OK
Image1 Data Checksum --> OK
Image2 Data Checksum --> OK
Image1 Stable Flag --> Stable
Image1 Try Counter --> 0
Image1: OK
Image2: OK
The coverage and algorithm for the kernelChksum field is unknown.
This field is not validated by the bootloader or the OEM firmware
upgrade tool. It is therefore set to a static value for now.
The swVersion fields contain free form string values. The OEM firmware
use ZyXEL structured version numbers as shown above. The strings are
not interpreted or validated on boot, so they can be repurposed for
anything we want the bootloader to display to the user. But the OEM
web GUI fails to flash images with freeform strings.
The purpose of the other strings in the header is not known. The
values appear to be static. We assume they are fixed for now, until
we have other examples. One of these strings is the platform name,
which is taken as an input parameter for support other members of
the device family.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Add "-i" option for reading & displaying firmware info. First it lists
in-firmware partitions ("fwup-ptn"). Then it checks for human
understandable partitions and prints data found in each of them.
This new feature is meant for development & debug purposes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The old code didn't make sense as it was using "len" variable which was
guaranteed to be always 0. Loop right above broken code is:
while (len > 0) { }
With this recent ALIGN macro fix this resulted in subtracting block size
from 0 and calling write_out_padding() with a negative length.
To calculate amount of bytes needed for padding & alignment it should be
enough to use % 4.
Fixes: a2f6622945 ("firmware-utils: fix few random warnings")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This fixes:
src/zyimage.c:10:0: warning: "_POSIX_SOURCE" redefined
src/zyimage.c:11:0: warning: "_POSIX_C_SOURCE" redefined
This change has been tested on Linux with -Wextra and on Mac OS.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Currently it's not possible to flash factory images on devices shipped
with vendor firmware versions 1.1.0 Build 20201120 rel. 50406 (published
2020-12-22):
(curFw_ver, newFw_ver) == (1.1, 1.0) [NM_Error](nm_checkSoftVer) 00848: Firmwave not supports, check failed.
[NM_Error](nm_checkUpdateContent) 01084: software version dismatched
[NM_Error](nm_buildUpgradeStruct) 01188: checkUpdateContent failed.
They've even following note in release notes:
Note: You will be unable to downgrade to the previous firmware version
after updating this firmware.
This version check in vendor firmware is implemented in
/usr/bin/nvrammanager binary likely as following C code[1]:
sscanf(buf, "%d.%d.%*s",&upd_fw_major, &upd_fw_minor);
...
if (((int)upd_fw_major < (int)cur_fw_major) ||
((ret = 1, cur_fw_major == upd_fw_major && (upd_fw_minor < (int)cur_fw_minor)))) {
ret = 0;
printf("[NM_Error](%s) %05d: Firmwave not supports, check failed.\r\n\r\n","nm_checkSoftVer" ,0x350);
}
...
return ret;
So in order to fix this and make it future proof it should be enough to
ship our factory firmware images with major version 7 (lucky number).
Tested on latest firmware version 1.1.2 Build 20210125 rel.37999:
Firmwave supports, check OK.
(curFw_ver, newFw_ver) == (1.1, 7.0) check firmware ok!
Flashing back to vendor firmware
c7v5_us-up-ver1-1-2-P1[20210125-rel37999]_2021-01-25_10.33.55.bin works
as well:
U-Boot 1.1.4-gbec22107-dirty (Nov 18 2020 - 18:19:12)
...
Firmware downloaded... filesize = 0xeeae77 fileaddr = 0x80060000.
Firmware Recovery file length : 15642231
Firmware process id 2.
handle_fw_cloud 146
Image verify OK!
Firmware file Verify ok!
product-info:product_name:Archer C7
product_ver:5.0.0
special_id:55530000
[Error]sysmgr_cfg_checkSupportList(): 1023 @ specialId 45550000 NOT Match.
Firmware supports, check OK.
Firmware Recovery check ok!
1. https://gist.github.com/ynezz/2e0583647d863386a66c3d231541b6d1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.
It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
JFFS2 bootfs partition in a BCM4908 image usually includes some padding.
For flashing it individually (writing to designed MTD partition) we want
just JFFS2 data.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's required for upgrading firmware using single partitions instead of
just blindly writing whole image.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's much easier to operate on BCM4908 image data with absolute offset
of each section stored. It doesn't require summing sizes over and over.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This adds support for accessing bootfs JFFS2 partition in the BCM4908
image. Support includes:
1. Listing files
2. Renaming file (requires unchanged name length)
Above commands are useful for flashing BCM4908 images which by defualt
come with cferom.000 file and require renaming it.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Tianling Shen <cnsztl@gmail.com>
