From 55d1fe4aa69c7c69085397fd8323d479bca7ae0f Mon Sep 17 00:00:00 2001 From: David Bentham Date: Tue, 22 Oct 2024 10:46:05 +0100 Subject: [PATCH 1/8] mediatek: add Comfast CF-E395AX support by adding an alternative model name both these devices share the board and same config, just different model number Install instructions are the same as the CF-E393AX commit - https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=d8f4453bf2de9fd9baf3d660ed12e0797ff2cfdb Signed-off-by: David Bentham Link: https://github.com/openwrt/openwrt/pull/16389 Signed-off-by: John Crispin (cherry picked from commit 794291bbdf26ad2be7581fc0c921e4d820937c79) --- target/linux/mediatek/image/filogic.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/linux/mediatek/image/filogic.mk b/target/linux/mediatek/image/filogic.mk index defa3747eda..7b356ec03d2 100644 --- a/target/linux/mediatek/image/filogic.mk +++ b/target/linux/mediatek/image/filogic.mk @@ -536,6 +536,8 @@ TARGET_DEVICES += cmcc_rax3000m define Device/comfast_cf-e393ax DEVICE_VENDOR := COMFAST DEVICE_MODEL := CF-E393AX + DEVICE_ALT0_VENDOR := COMFAST + DEVICE_ALT0_MODEL := CF-E395AX DEVICE_DTS := mt7981a-comfast-cf-e393ax DEVICE_DTS_DIR := ../dts DEVICE_DTC_FLAGS := --pad 4096 From 738c9e52867b66a5a4fb13c8333f3f61dc0de512 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Wed, 25 Dec 2024 23:59:46 +0100 Subject: [PATCH 2/8] yafut: Mark as nonshared This package is depending on @NAND_SUPPORT which is only set for some targets. Mark it nonshared to build it in the target build process. Fixes: https://github.com/openwrt/openwrt/issues/14714 Link: https://github.com/openwrt/openwrt/pull/17379 Signed-off-by: Hauke Mehrtens (cherry picked from commit d275bcc4bb837240f174a0fe568d00c6a0a282f7) --- package/utils/yafut/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/package/utils/yafut/Makefile b/package/utils/yafut/Makefile index 1e2ec7bc024..e3f240f7545 100644 --- a/package/utils/yafut/Makefile +++ b/package/utils/yafut/Makefile @@ -11,6 +11,7 @@ PKG_SOURCE_VERSION:=38439f8a53d33b14744bc8f938662670b9d3e361 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=LICENSE +PKG_FLAGS:=nonshared include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk From 48f9284232d19c7dab95c20159744c93465cd3ad Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 16 Oct 2024 16:05:40 +0800 Subject: [PATCH 3/8] kernel: crypto: add atmel i2c hw accelerator support Add support for Microchip / Atmel ECC/SHA/RNG hw accelerator. Signed-off-by: Tianling Shen Link: https://github.com/openwrt/openwrt/pull/17253 (cherry picked from commit 9d434a8abf7cb50782aaae41fe2b011b3a9bf489) Link: https://github.com/openwrt/openwrt/pull/17348 Signed-off-by: Hauke Mehrtens --- package/kernel/linux/modules/crypto.mk | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk index 2257a36c802..78c97121764 100644 --- a/package/kernel/linux/modules/crypto.mk +++ b/package/kernel/linux/modules/crypto.mk @@ -366,6 +366,26 @@ endef $(eval $(call KernelPackage,crypto-hmac)) +define KernelPackage/crypto-hw-atmel + TITLE:=Microchip / Atmel ECC/SHA/RNG hw accelerator + DEPENDS:=+kmod-i2c-core +kmod-crypto-ecdh +kmod-crypto-sha1 \ + +kmod-crypto-sha256 +kmod-lib-crc16 +kmod-random-core + KCONFIG:= \ + CONFIG_CRYPTO_HW=y \ + CONFIG_CRYPTO_DEV_ATMEL_I2C \ + CONFIG_CRYPTO_DEV_ATMEL_ECC \ + CONFIG_CRYPTO_DEV_ATMEL_SHA204A + FILES:= \ + $(LINUX_DIR)/drivers/crypto/atmel-i2c.ko \ + $(LINUX_DIR)/drivers/crypto/atmel-ecc.ko \ + $(LINUX_DIR)/drivers/crypto/atmel-sha204a.ko + AUTOLOAD:=$(call AutoLoad,09,atmel-i2c atmel-ecc atmel-sha204a) + $(call AddDepends/crypto) +endef + +$(eval $(call KernelPackage,crypto-hw-atmel)) + + define KernelPackage/crypto-hw-ccp TITLE:=AMD Cryptographic Coprocessor DEPENDS:= \ From d9bbed6507c9126bb8977b6e224186a624282ba0 Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 16 Oct 2024 16:05:40 +0800 Subject: [PATCH 4/8] mediatek: update openembed som7981 support The board has been redesigned due to previous hardware bugs (with other reasons maybe). Changes in new board: - Added a gpio beeper - Added a Atmel i2c eeprom - Added a Atmel i2c ECC accelerator - Added a Philips RTC module - Added two RS485 - Removed WPS button - Replaced USB3 port with M.2 B-key for LTE modules - Swapped GbE LEDs gpio Also assigned wifi mac with nvmem binding, added iface setup for failsafe, increased phy assert time for rtl8221b, and updated LED labels. Keeping compatibility for old version is not necessary here as only few samples were sent to those interested in it. Signed-off-by: Tianling Shen Link: https://github.com/openwrt/openwrt/pull/17253 (cherry picked from commit 5a7fb834c7cb53cac7855759ca4165f596f1e4c8) Link: https://github.com/openwrt/openwrt/pull/17348 Signed-off-by: Hauke Mehrtens --- .../lib/preinit/05_set_preinit_iface | 3 +- .../dts/mt7981b-openembed-som7981.dts | 111 ++++++++++++++---- .../filogic/base-files/etc/board.d/01_leds | 4 +- .../etc/hotplug.d/ieee80211/11_fix_wifi_mac | 3 - target/linux/mediatek/image/filogic.mk | 5 +- 5 files changed, 99 insertions(+), 27 deletions(-) diff --git a/target/linux/mediatek/base-files/lib/preinit/05_set_preinit_iface b/target/linux/mediatek/base-files/lib/preinit/05_set_preinit_iface index 0deab424813..1025d1f1e13 100644 --- a/target/linux/mediatek/base-files/lib/preinit/05_set_preinit_iface +++ b/target/linux/mediatek/base-files/lib/preinit/05_set_preinit_iface @@ -2,7 +2,8 @@ set_preinit_iface() { case $(board_name) in cudy,m3000-v1|\ cudy,tr3000-v1|\ - glinet,gl-mt3000) + glinet,gl-mt3000|\ + openembed,som7981) ip link set eth1 up ifname=eth1 ;; diff --git a/target/linux/mediatek/dts/mt7981b-openembed-som7981.dts b/target/linux/mediatek/dts/mt7981b-openembed-som7981.dts index 0e9dea1ddb0..d5c868567bd 100644 --- a/target/linux/mediatek/dts/mt7981b-openembed-som7981.dts +++ b/target/linux/mediatek/dts/mt7981b-openembed-som7981.dts @@ -12,9 +12,10 @@ compatible = "openembed,som7981", "mediatek,mt7981"; aliases { - led-boot = &wlan2g_led; - led-failsafe = &wlan2g_led; - led-upgrade = &wlan2g_led; + led-boot = &act_led; + led-failsafe = &act_led; + led-running = &act_led; + led-upgrade = &act_led; serial0 = &uart0; }; @@ -26,6 +27,11 @@ reg = <0 0x40000000 0 0x40000000>; }; + beeper { + compatible = "gpio-beeper"; + gpios = <&pio 2 GPIO_ACTIVE_HIGH>; + }; + gpio-keys { compatible = "gpio-keys"; @@ -34,12 +40,6 @@ linux,code = ; gpios = <&pio 1 GPIO_ACTIVE_LOW>; }; - - button-wps { - label = "wps"; - linux,code = ; - gpios = <&pio 0 GPIO_ACTIVE_LOW>; - }; }; gpio-leds { @@ -47,28 +47,27 @@ led-0 { function = LED_FUNCTION_LAN; - color = ; + color = ; gpios = <&pio 8 GPIO_ACTIVE_LOW>; }; led-1 { function = LED_FUNCTION_LAN; - color = ; + color = ; gpios = <&pio 13 GPIO_ACTIVE_LOW>; }; - wlan2g_led: led-2 { - function = LED_FUNCTION_WLAN_2GHZ; - color = ; + led-2 { + function = LED_FUNCTION_PANIC; + color = ; gpios = <&pio 34 GPIO_ACTIVE_LOW>; - linux,default-trigger = "phy0tpt"; + panic-indicator; }; - led-3 { - function = LED_FUNCTION_WLAN_5GHZ; + act_led: led-3 { + function = LED_FUNCTION_ACTIVITY; color = ; gpios = <&pio 35 GPIO_ACTIVE_LOW>; - linux,default-trigger = "phy1tpt"; }; }; }; @@ -97,14 +96,38 @@ }; }; +&i2c0 { + clock-frequency = <400000>; + pinctrl-names = "default"; + pinctrl-0 = <&i2c0_pins>; + status = "okay"; + + eeprom@50 { + compatible = "atmel,24c64"; + reg = <0x50>; + page-size = <32>; + }; + + rtc@51 { + compatible = "nxp,pcf8563"; + reg = <0x51>; + #clock-cells = <0>; + }; + + crypto@60 { + compatible = "atmel,atecc508a"; + reg = <0x60>; + }; +}; + &mdio_bus { phy0: ethernet-phy@5 { reg = <5>; compatible = "ethernet-phy-ieee802.3-c45"; phy-mode = "2500base-x"; reset-gpios = <&pio 14 GPIO_ACTIVE_LOW>; - reset-assert-us = <10000>; - reset-deassert-us = <50000>; + reset-assert-us = <15000>; + reset-deassert-us = <68000>; realtek,aldps-enable; }; }; @@ -184,6 +207,13 @@ }; &pio { + i2c0_pins: i2c0-pins { + mux { + function = "i2c"; + groups = "i2c0_1"; + }; + }; + spi0_flash_pins: spi0-pins { mux { function = "spi"; @@ -202,12 +232,45 @@ mediatek,pull-down-adv = <0>; }; }; + + uart1_pins: uart1-pins { + mux { + function = "uart"; + groups = "uart1_3"; + }; + }; + + uart2_pins: uart2-pins { + mux { + function = "uart"; + groups = "uart2_0_tx_rx"; + }; + }; + + wwan_rst_h: wwan-rst-h { + pins = "GPIO_WPS"; + drive-strength = <8>; + mediatek,pull-down-adv = <0>; + output-low; + }; }; &uart0 { status = "okay"; }; +&uart1 { + pinctrl-names = "default"; + pinctrl-0 = <&uart1_pins>; + status = "okay"; +}; + +&uart2 { + pinctrl-names = "default"; + pinctrl-0 = <&uart2_pins>; + status = "okay"; +}; + &usb_phy { status = "okay"; }; @@ -220,8 +283,16 @@ nvmem-cells = <&eeprom_factory_0>; nvmem-cell-names = "eeprom"; status = "okay"; + + band@1 { + reg = <1>; + nvmem-cells = <&macaddr_factory_a 0>; + nvmem-cell-names = "mac-address"; + }; }; &xhci { + pinctrl-names = "default"; + pinctrl-0 = <&wwan_rst_h>; status = "okay"; }; diff --git a/target/linux/mediatek/filogic/base-files/etc/board.d/01_leds b/target/linux/mediatek/filogic/base-files/etc/board.d/01_leds index 64df50eb0a1..168909cf90a 100644 --- a/target/linux/mediatek/filogic/base-files/etc/board.d/01_leds +++ b/target/linux/mediatek/filogic/base-files/etc/board.d/01_leds @@ -67,8 +67,8 @@ nokia,ea0326gmp) ucidef_set_led_netdev "wlan" "WLAN" "green:wlan" "phy1-ap0" "link" ;; openembed,som7981) - ucidef_set_led_netdev "lanact" "LANACT" "green:lan" "eth1" "rx tx" - ucidef_set_led_netdev "lanlink" "LANLINK" "amber:lan" "eth1" "link" + ucidef_set_led_netdev "lanact" "LANACT" "amber:lan" "eth1" "rx tx" + ucidef_set_led_netdev "lanlink" "LANLINK" "green:lan" "eth1" "link" ;; openwrt,one) ucidef_set_led_netdev "wanact" "WANACT" "mdio-bus:0f:green:wan" "eth0" "rx tx" diff --git a/target/linux/mediatek/filogic/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac b/target/linux/mediatek/filogic/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac index 5e83a167de9..4a6e0589a26 100644 --- a/target/linux/mediatek/filogic/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac +++ b/target/linux/mediatek/filogic/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac @@ -131,9 +131,6 @@ case "$board" in [ "$PHYNBR" = "0" ] && macaddr_add $addr 1 > /sys${DEVPATH}/macaddress [ "$PHYNBR" = "1" ] && macaddr_add $addr 2 > /sys${DEVPATH}/macaddress ;; - openembed,som7981) - [ "$PHYNBR" = "1" ] && cat /sys/class/net/eth0/address > /sys${DEVPATH}/macaddress - ;; qihoo,360t7) addr=$(mtd_get_mac_ascii factory lanMac) [ "$PHYNBR" = "0" ] && macaddr_add $addr 2 > /sys${DEVPATH}/macaddress diff --git a/target/linux/mediatek/image/filogic.mk b/target/linux/mediatek/image/filogic.mk index 7b356ec03d2..dd1ee5493de 100644 --- a/target/linux/mediatek/image/filogic.mk +++ b/target/linux/mediatek/image/filogic.mk @@ -1160,7 +1160,10 @@ define Device/openembed_som7981 DEVICE_MODEL := SOM7981 DEVICE_DTS := mt7981b-openembed-som7981 DEVICE_DTS_DIR := ../dts - DEVICE_PACKAGES := kmod-mt7915e kmod-mt7981-firmware mt7981-wo-firmware kmod-usb3 + DEVICE_PACKAGES := kmod-mt7915e kmod-mt7981-firmware mt7981-wo-firmware \ + kmod-crypto-hw-atmel kmod-eeprom-at24 kmod-gpio-beeper kmod-rtc-pcf8563 \ + kmod-usb-net-cdc-mbim kmod-usb-net-qmi-wwan kmod-usb-serial-option \ + kmod-usb3 uqmi UBINIZE_OPTS := -E 5 BLOCKSIZE := 128k PAGESIZE := 2048 From 58291780741694da81f4cab95f6db3a637f5dcc0 Mon Sep 17 00:00:00 2001 From: Joel Low Date: Sat, 14 Dec 2024 21:39:36 +0800 Subject: [PATCH 5/8] netfilter: add kmod-nfnetlink-ct{helper,timeout} Add kmod-nfnetlink-ct{helper,timeout} to allow handling firewall rules in userspace (together with conntrackd). The timeout module allows specifying custom expiration rules. Signed-off-by: Joel Low Link: https://github.com/openwrt/openwrt/pull/17267 (cherry picked from commit 0e2dcfc4f488ecd7acf31e01bd10624d8a273cde) Link: https://github.com/openwrt/openwrt/pull/17358 Signed-off-by: Hauke Mehrtens --- config/Config-kernel.in | 7 +++++ package/kernel/linux/modules/netfilter.mk | 34 +++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/config/Config-kernel.in b/config/Config-kernel.in index 91678cf2a66..64c8c63466a 100644 --- a/config/Config-kernel.in +++ b/config/Config-kernel.in @@ -1239,6 +1239,13 @@ config KERNEL_MPTCP_IPV6 default KERNEL_MPTCP endif +config KERNEL_NF_CONNTRACK_TIMEOUT + bool "Per-connection connection tracking timeout" + default y if !SMALL_FLASH + help + Select this option to enable support for per-connection conntrack timeouts. + Increases the (uncompressed) size of nf_conntrack.ko by ~8kB. + # # NFS related symbols # diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index cf66bd8cd8c..30ff35ca6bf 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -1048,6 +1048,40 @@ endef $(eval $(call KernelPackage,nfnetlink-queue)) +define KernelPackage/nfnetlink-cthelper + TITLE:=Netfilter User space conntrack helpers + FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_cthelper.ko + KCONFIG:=CONFIG_NF_CT_NETLINK_HELPER + AUTOLOAD:=$(call AutoProbe,nfnetlink_cthelper) + $(call AddDepends/nfnetlink,+kmod-nfnetlink-queue +kmod-nf-conntrack-netlink) +endef + +define KernelPackage/nfnetlink-cthelper/description + Kernel modules support for a netlink-based connection tracking + userspace helpers interface +endef + +$(eval $(call KernelPackage,nfnetlink-cthelper)) + + +define KernelPackage/nfnetlink-cttimeout + TITLE:=Netfilter conntrack expectation timeout + FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_cttimeout.ko + KCONFIG:=CONFIG_NF_CT_NETLINK_TIMEOUT + AUTOLOAD:=$(call AutoProbe,nfnetlink_cttimeout) + $(call AddDepends/nfnetlink,+kmod-nf-conntrack +kmod-nf-conntrack-timeout @KERNEL_NF_CONNTRACK_TIMEOUT) +endef + +define KernelPackage/nfnetlink-cttimeout/description + Kernel modules support for a netlink-based connection tracking + userspace timeout interface + + Requires CONFIG_NF_CONNTRACK_TIMEOUT (only enabled for non-small flash devices) +endef + +$(eval $(call KernelPackage,nfnetlink-cttimeout)) + + define KernelPackage/nf-conntrack-netlink TITLE:=Connection tracking netlink interface FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko From 7271ee587cd104d30d6d46dd3c623c9d4602bd0c Mon Sep 17 00:00:00 2001 From: Roland Reinl Date: Fri, 13 Dec 2024 18:58:26 +0100 Subject: [PATCH 6/8] mediatek: filogic: Add support for D-Link AQUILA PRO AI M60 Specification: - MT7986 CPU using 2.4GHz and 5GHz WiFi (both AX) - MT7531 switch - 512MB RAM - 128MB NAND flash (MX35LF1GE4AB-Z4I) with two UBI partitions with identical size - 1 multi color LED (red, green, blue, white) connected via GCA230718 (Same as D-Link M30 A1) - 3 buttons (WPS, reset, LED on/off) - 1x 2.5 Gbit WAN port with Maxlinear GPY211C - 4x 1 Gbit LAN ports Disassembly: - There are five screws at the bottom: 2 under the rubber feet, 3 under the label. - After removing the screws, the white plastic part can be shifted out of the blue part. - Be careful because the antennas are mounted on the side and the top of the white part. Serial Interface - The serial interface can be connected to the 4 pin holes next to/under the antenna cables. - Note that there is another set of 4 pin holes on the side of the board, it's not used. - Pins (from front to rear): - 3.3V (do not connect) - TX - RX - GND - Settings: 115200, 8N1 MAC addresses: - MAC address is stored in partition "Odm" at offset 0x81 (for example XX:XX:XX:XX:XX:52) - MAC address on the device label is ODM + 1 (for example XX:XX:XX:XX:XX:53) - WAN MAC is the one from the ODM partition (for example XX:XX:XX:XX:XX:52) - LAN MAC is the one from the ODM partition + 1 (for example XX:XX:XX:XX:XX:53) - WLAN MAC (2.4 GHz) is the one from the ODM partition + 2 (for example (XX:XX:XX:XX:XX:54) - WLAN MAC (5 GHz) is the one from the ODM partition + 5 (for example (XX:XX:XX:XX:XX:57) Flashing via OEM web interface: - Currently not supported because image crypto is not known Flashing via recovery web interface: - This is only working if the first partition is active because recovery images are always flashed to the active partition and OpenWrt can only be executed from the first partition - Use a Chromium based browser, otherwise firmware upgrade might not work - Recovery web interface is accessible via 192.168.200.1 after keeping the reset button pressed during start of the device until the LED blinks red - Upload the recovery image, this will take some time. LED will continue flashing red during the update process - The after flashing, the recovery web interface redirects to http://192.168.0.1. This can be ignored. OpenWrt is accessible via 192.168.1.1 after flashing - If the first partition isn't the active partition, OpenWrt will hang during the boot process. In this case: - Download the recovery image from https://github.com/RolandoMagico/openwrt/releases/tag/M60-Recovery-UBI-Switch (UBI switch image) - Enable recovery web interface again and load the UBI switch image. This image works on the second partition of the M60 - OpenWrt should boot now as expected. After booting, flash the normal OpenWrt sysupgrade image (for example in the OpenWrt web interface) - Flashing a sysupgrade image from the UBI switch image will make the first partition the active partition and from now on, default OpenWrt images can be used Flashing via Initramfs: - Before switching to OpenWrt, ensure that both partitions contain OEM firmware. - This can be achieved by re-flashing the same OEM firmware version again via the OEM web interface. - Flashing via OEM web interface will automatically flash the currently not active partition. - Open router, connect serial interface - Start a TFTP server at 192.168.200.2 and provide the initramfs image there - When starting the router, select "7. Load Image" in U-Boot - Settings for load address, load method can be kept as they are - Specify host and router IP address if you use different ones than the default (Router 192.168.200.1, TFTP server 192.168.200.2) - Enter the file name of the initramfs image - Confirm "Run loaded data now?" question after loading the image with "Y" - OpenWrt initramfs will start now - Before flashing OpenWrt, create a backup of the "ubi" partition. It is required when reverting back to OEM - Flash sysupgrade image to flash, during flashing the U-Boot variable sw_tryactive will be set to 0 - During next boot, U-Boot tries to boot from the ubi partition. If it fails, it will switch to the ubi1 partition Reverting back to OEM: - Boot the initramfs image as described in "Flashing via Initramfs" above - Copy the backed up ubi partition to /tmp (e.g. by using SCP) - Write the backup to the UBI partition: mtd write /tmp/OpenWrt.mtd4.ubi.bin /dev/mtd4 - Reboot the device, OEM firmware will start now Signed-off-by: Roland Reinl Link: https://github.com/openwrt/openwrt/pull/17296 (cherry picked from commit b3ce08e0b6fa6780bf7ee295a1f176c053b1100b) Link: https://github.com/openwrt/openwrt/pull/17363 Signed-off-by: Hauke Mehrtens --- .../uboot-envtools/files/mediatek_filogic | 3 +- .../mt7986a-dlink-aquila-pro-ai-m60-a1.dts | 377 ++++++++++++++++++ .../filogic/base-files/etc/board.d/02_network | 3 +- .../base-files/lib/upgrade/platform.sh | 4 + target/linux/mediatek/image/filogic.mk | 14 + 5 files changed, 399 insertions(+), 2 deletions(-) create mode 100644 target/linux/mediatek/dts/mt7986a-dlink-aquila-pro-ai-m60-a1.dts diff --git a/package/boot/uboot-envtools/files/mediatek_filogic b/package/boot/uboot-envtools/files/mediatek_filogic index 5bde699a47a..730a28841e9 100644 --- a/package/boot/uboot-envtools/files/mediatek_filogic +++ b/package/boot/uboot-envtools/files/mediatek_filogic @@ -95,7 +95,8 @@ zbtlink,zbt-z8102ax|\ zbtlink,zbt-z8103ax) ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000" ;; -dlink,aquila-pro-ai-m30-a1) +dlink,aquila-pro-ai-m30-a1|\ +dlink,aquila-pro-ai-m60-a1) ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x40000" "0x40000" ;; gatonetworks,gdsp) diff --git a/target/linux/mediatek/dts/mt7986a-dlink-aquila-pro-ai-m60-a1.dts b/target/linux/mediatek/dts/mt7986a-dlink-aquila-pro-ai-m60-a1.dts new file mode 100644 index 00000000000..a95c069156e --- /dev/null +++ b/target/linux/mediatek/dts/mt7986a-dlink-aquila-pro-ai-m60-a1.dts @@ -0,0 +1,377 @@ +// SPDX-License-Identifier: (GPL-2.0 OR MIT) + +/dts-v1/; +#include +#include +#include + +#include "mt7986a.dtsi" + +/ { + model = "D-Link AQUILA PRO AI M60 A1"; + compatible = "dlink,aquila-pro-ai-m60-a1", "mediatek,mt7986a"; + + aliases { + serial0 = &uart0; + led-boot = &led_status_white; + led-failsafe = &led_status_red; + led-running = &led_status_white; + led-upgrade = &led_status_blue; + }; + + chosen { + stdout-path = "serial0:115200n8"; + }; + + memory@40000000 { + reg = <0 0x40000000 0 0x20000000>; + }; + + gpio-keys { + compatible = "gpio-keys"; + + button-reset { + label = "reset"; + gpios = <&pio 10 GPIO_ACTIVE_LOW>; + linux,code = ; + }; + + button-wps { + label = "wps"; + gpios = <&pio 9 GPIO_ACTIVE_LOW>; + linux,code = ; + }; + + button-leds-on-off { + label = "leds-on-off"; + linux,code = ; + gpios = <&pio 47 GPIO_ACTIVE_LOW>; + }; + }; +}; + +ð { + status = "okay"; + + gmac0: mac@0 { + compatible = "mediatek,eth-mac"; + reg = <0>; + phy-mode = "2500base-x"; + + nvmem-cells = <&macaddr_odm 1>; + nvmem-cell-names = "mac-address"; + fixed-link { + speed = <2500>; + full-duplex; + pause; + }; + }; + + gmac1: mac@1 { + compatible = "mediatek,eth-mac"; + reg = <1>; + phy-mode = "2500base-x"; + phy-handle = <&phy6>; + nvmem-cells = <&macaddr_odm 0>; + nvmem-cell-names = "mac-address"; + label = "internet"; + }; + + mdio: mdio-bus { + #address-cells = <1>; + #size-cells = <0>; + + reset-gpios = <&pio 6 GPIO_ACTIVE_LOW>; + reset-delay-us = <1500000>; + reset-post-delay-us = <1000000>; + + phy6: phy@6 { + compatible = "maxlinear,gpy211", "ethernet-phy-ieee802.3-c45"; + reg = <6>; + phy-mode = "2500base-x"; + }; + + switch@1f { + compatible = "mediatek,mt7531"; + reg = <31>; + reset-gpios = <&pio 5 GPIO_ACTIVE_HIGH>; + interrupt-controller; + #interrupt-cells = <1>; + interrupt-parent = <&pio>; + interrupts = <66 IRQ_TYPE_LEVEL_HIGH>; + ports { + #address-cells = <1>; + #size-cells = <0>; + + port@0 { + reg = <0>; + label = "lan1"; + }; + + port@1 { + reg = <1>; + label = "lan2"; + }; + + port@2 { + reg = <2>; + label = "lan3"; + }; + + port@3 { + reg = <3>; + label = "lan4"; + }; + + port@6 { + reg = <6>; + label = "cpu"; + ethernet = <&gmac0>; + phy-mode = "2500base-x"; + + fixed-link { + speed = <2500>; + full-duplex; + pause; + }; + }; + }; + }; + }; +}; + +&pio { + spi_flash_pins: spi-flash-pins-33-to-38 { + mux { + function = "spi"; + groups = "spi0", "spi0_wp_hold"; + }; + conf-pu { + pins = "SPI2_CS", "SPI2_HOLD", "SPI2_WP"; + drive-strength = <8>; + mediatek,pull-up-adv = <0>; /* bias-disable */ + }; + conf-pd { + pins = "SPI2_CLK", "SPI2_MOSI", "SPI2_MISO"; + drive-strength = <8>; + mediatek,pull-down-adv = <0>; /* bias-disable */ + }; + }; + + wf_2g_5g_pins: wf_2g_5g-pins { + mux { + function = "wifi"; + groups = "wf_2g", "wf_5g"; + }; + conf { + pins = + "WF0_HB2", + "WF0_HB3", + "WF0_HB4", + "WF0_HB0", + "WF0_HB0_B", + "WF0_HB5", + "WF0_HB6", + "WF0_HB7", + "WF0_HB8", + "WF0_HB9", + "WF0_HB10", + "WF0_TOP_CLK", + "WF0_TOP_DATA", + "WF1_HB1", + "WF1_HB2", + "WF1_HB3", + "WF1_HB4", + "WF1_HB0", + "WF1_HB5", + "WF1_HB6", + "WF1_HB7", + "WF1_HB8", + "WF1_TOP_CLK", + "WF1_TOP_DATA"; + drive-strength = <4>; + }; + }; + + i2c_pins_3_4: i2c-pins-3-4 { + mux { + function = "i2c"; + groups = "i2c"; + }; + }; +}; + +&spi0 { + pinctrl-names = "default"; + pinctrl-0 = <&spi_flash_pins>; + status = "okay"; + + flash@0 { + compatible = "spi-nand"; + #address-cells = <1>; + #size-cells = <1>; + reg = <0>; + + spi-max-frequency = <20000000>; + spi-tx-bus-width = <4>; + spi-rx-bus-width = <4>; + + mediatek,nmbm; + mediatek,bmt-max-ratio = <1>; + mediatek,bmt-max-reserved-blocks = <64>; + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + partition@0 { + label = "BL2"; + reg = <0x000000 0x100000>; + read-only; + }; + + partition@100000 { + label = "u-boot-env"; + reg = <0x100000 0x80000>; + }; + + partition@180000 { + label = "Factory"; + reg = <0x180000 0x200000>; + read-only; + + nvmem-layout { + compatible = "fixed-layout"; + #address-cells = <1>; + #size-cells = <1>; + + eeprom_factory_0: eeprom@0 { + reg = <0x0 0x1000>; + }; + }; + }; + + partition@380000 { + label = "FIP"; + reg = <0x380000 0x200000>; + read-only; + }; + + partition@580000 { + label = "ubi"; + reg = <0x580000 0x3200000>; + }; + + partition@3780000 { + label = "ubi1"; + reg = <0x3780000 0x3200000>; + read-only; + }; + + partition@6980000 { + label = "Odm"; + reg = <0x6980000 0x40000>; + read-only; + + nvmem-layout { + compatible = "fixed-layout"; + #address-cells = <1>; + #size-cells = <1>; + + macaddr_odm: macaddr@81 { + compatible = "mac-base"; + reg = <0x81 0x6>; + #nvmem-cell-cells = <1>; + }; + }; + + }; + + partition@69c0000 { + label = "Config1"; + reg = <0x69c0000 0x80000>; + read-only; + }; + + partition@6a40000 { + label = "Config2"; + reg = <0x6a40000 0x80000>; + read-only; + }; + + partition@6ac0000 { + label = "Storage"; + reg = <0x6ac0000 0xA00000>; + read-only; + }; + + }; + }; +}; + +&wifi { + status = "okay"; + pinctrl-names = "default"; + pinctrl-0 = <&wf_2g_5g_pins>; + + + nvmem-cells = <&eeprom_factory_0>; + nvmem-cell-names = "eeprom"; + + band@0 { + /* 2.4 GHz */ + reg = <0>; + nvmem-cells = <&macaddr_odm 2>; + nvmem-cell-names = "mac-address"; + }; + band@1 { + /* 5 GHz */ + reg = <1>; + nvmem-cells = <&macaddr_odm 5>; + nvmem-cell-names = "mac-address"; + }; +}; + +&uart0 { + status = "okay"; +}; + +&watchdog { + status = "okay"; +}; + +&i2c0 { + status = "okay"; + pinctrl-names = "default"; + pinctrl-0 = <&i2c_pins_3_4>; + + gca230718@40 { + compatible = "unknown,gca230718"; + reg = <0x40>; + + led_status_red: led@0 { + color = ; + function = LED_FUNCTION_STATUS; + reg = <0>; + }; + + led@1 { + color = ; + function = LED_FUNCTION_STATUS; + reg = <1>; + }; + + led_status_blue: led@2 { + color = ; + function = LED_FUNCTION_STATUS; + reg = <2>; + }; + + led_status_white: led@3 { + color = ; + function = LED_FUNCTION_STATUS; + reg = <3>; + }; + }; +}; diff --git a/target/linux/mediatek/filogic/base-files/etc/board.d/02_network b/target/linux/mediatek/filogic/base-files/etc/board.d/02_network index e0158241f9a..31b362c24a2 100644 --- a/target/linux/mediatek/filogic/base-files/etc/board.d/02_network +++ b/target/linux/mediatek/filogic/base-files/etc/board.d/02_network @@ -87,7 +87,8 @@ mediatek_setup_interfaces() openwrt,one) ucidef_set_interfaces_lan_wan eth1 eth0 ;; - dlink,aquila-pro-ai-m30-a1) + dlink,aquila-pro-ai-m30-a1|\ + dlink,aquila-pro-ai-m60-a1) ucidef_set_interfaces_lan_wan "lan1 lan2 lan3 lan4" internet ;; mediatek,mt7986a-rfb) diff --git a/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh b/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh index fb48ffc49f0..cf80cb5edce 100755 --- a/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh +++ b/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh @@ -123,6 +123,10 @@ platform_do_upgrade() { yuncore,ax835) default_do_upgrade "$1" ;; + dlink,aquila-pro-ai-m60-a1) + fw_setenv sw_tryactive 0 + nand_do_upgrade "$1" + ;; mercusys,mr90x-v1|\ tplink,re6000xd) CI_UBIPART="ubi0" diff --git a/target/linux/mediatek/image/filogic.mk b/target/linux/mediatek/image/filogic.mk index dd1ee5493de..ddcf59503aa 100644 --- a/target/linux/mediatek/image/filogic.mk +++ b/target/linux/mediatek/image/filogic.mk @@ -701,6 +701,20 @@ define Device/dlink_aquila-pro-ai-m30-a1 endef TARGET_DEVICES += dlink_aquila-pro-ai-m30-a1 +define Device/dlink_aquila-pro-ai-m60-a1 + DEVICE_VENDOR := D-Link + DEVICE_MODEL := AQUILA PRO AI M60 + DEVICE_VARIANT := A1 + DEVICE_DTS := mt7986a-dlink-aquila-pro-ai-m60-a1 + DEVICE_DTS_DIR := ../dts + DEVICE_PACKAGES := kmod-leds-gca230718 kmod-mt7915e kmod-mt7986-firmware mt7986-wo-firmware + IMAGES += recovery.bin + IMAGE_SIZE := 51200k + IMAGE/sysupgrade.bin := sysupgrade-tar | append-metadata + IMAGE/recovery.bin := sysupgrade-tar | pad-to $$(IMAGE_SIZE) | dlink-ai-recovery-header DLK6E8202001 \x30\x6C\x19\x0C \x00\x00\x2C\x00 \x00\x00\x20\x03 \x82\x6E +endef +TARGET_DEVICES += dlink_aquila-pro-ai-m60-a1 + define Device/edgecore_eap111 DEVICE_VENDOR := Edgecore DEVICE_MODEL := EAP111 From db0300cb1b20d600099942333cd49a187592f2e7 Mon Sep 17 00:00:00 2001 From: Edward Chow Date: Tue, 10 Dec 2024 18:36:40 +0800 Subject: [PATCH 7/8] ath79: port buffalo WZR-450HP2 from ar71xx Referencing commit a1837135e04b Hardware -------- SoC: Qualcomm Atheros QCA9558 RAM: 128M DDR2 (Nanya NT5TU64M16HG-AC) FLASH: 128M SPI-NAND (Spansion S34ML01G100TFI00) WLAN: QCA9558 3T3R 802.11 bgn ETH: Qualcomm Atheros QCA8337 UART: 115200 8n1 BUTTON: Reset - WPS - "Router" switch LED: 2x system-LED, 2x wlan-LED, 1x internet-LED, 2x routing-LED LEDs besides the ethernet ports are controlled by the ethernet switch MAC Address: use address(sample 1) source label cc:e1:d5:xx:xx:ed art@macaddr_wan lan cc:e1:d5:xx:xx:ec art@macaddr_lan wan cc:e1:d5:xx:xx:ed $label WiFi4_2G cc:e1:d5:xx:xx:ec art@cal_ath9k Installation from Serial Console ------------ 1. Connect to the serial console. Power up the device and interrupt autoboot when prompted 2. Connect a TFTP server reachable at 192.168.11.10/24 to the ethernet port. Serve the OpenWrt initramfs image as "openwrt.bin" 3. Boot the initramfs image using U-Boot ath> tftpboot 0x84000000 openwrt.bin ath> bootm 0x84000000 4. Copy the OpenWrt sysupgrade image to the device using scp and install it like a normal upgrade (with no need to keeping config since no config from "previous OpenWRT installation" could be kept at all) # sysupgrade -n /path/to/openwrt/sysupgrade.bin Installation from Web Interface ------------ To flash just do a firmware upgrade from the stock firmware (Buffalo branded dd-wrt) with squashfs-factory.bin Signed-off-by: Edward Chow Link: https://github.com/openwrt/openwrt/pull/17227 (cherry picked from commit 42254d3f5fa010466195c167c13f704ba85b3f54) Link: https://github.com/openwrt/openwrt/pull/17359 Signed-off-by: Hauke Mehrtens --- package/boot/uboot-envtools/files/ath79 | 1 + .../ath79/dts/qca9558_buffalo_wzr-450hp2.dts | 179 ++++++++++++++++++ .../generic/base-files/etc/board.d/02_network | 4 + target/linux/ath79/image/generic.mk | 12 ++ 4 files changed, 196 insertions(+) create mode 100644 target/linux/ath79/dts/qca9558_buffalo_wzr-450hp2.dts diff --git a/package/boot/uboot-envtools/files/ath79 b/package/boot/uboot-envtools/files/ath79 index c6d23ce73dc..c989e61bd55 100644 --- a/package/boot/uboot-envtools/files/ath79 +++ b/package/boot/uboot-envtools/files/ath79 @@ -28,6 +28,7 @@ asus,rt-ac59u-v2|\ asus,zenwifi-cd6n|\ asus,zenwifi-cd6r|\ buffalo,bhr-4grv2|\ +buffalo,wzr-450hp2|\ devolo,magic-2-wifi|\ engenius,eap300-v2|\ engenius,eap350-v1|\ diff --git a/target/linux/ath79/dts/qca9558_buffalo_wzr-450hp2.dts b/target/linux/ath79/dts/qca9558_buffalo_wzr-450hp2.dts new file mode 100644 index 00000000000..8f19907dfee --- /dev/null +++ b/target/linux/ath79/dts/qca9558_buffalo_wzr-450hp2.dts @@ -0,0 +1,179 @@ +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT + +#include "qca955x.dtsi" + +#include +#include +#include + +/ { + compatible = "buffalo,wzr-450hp2", "qca,qca9558"; + model = "Buffalo WZR-450HP2/WZR-450HP2D"; + + aliases { + led-boot = &led_status_green; + led-failsafe = &led_status_green; + led-running = &led_status_green; + led-upgrade = &led_status_green; + label-mac-device = ð0; + }; + + leds { + compatible = "gpio-leds"; + + led_status_green: status_green { + function = LED_FUNCTION_STATUS; + color = ; + gpios = <&gpio 20 GPIO_ACTIVE_LOW>; + default-state = "on"; + }; + + led_wlan_green: wlan_green { + function = LED_FUNCTION_WLAN; + color = ; + gpios = <&gpio 18 GPIO_ACTIVE_LOW>; + linux,default-trigger = "phy0tpt"; + }; + + led_wps_green: wps_green { + function = LED_FUNCTION_WPS; + color = ; + gpios = <&gpio 3 GPIO_ACTIVE_LOW>; + }; + }; + + keys { + compatible = "gpio-keys"; + + reset { + label = "Reset button"; + linux,code = ; + gpios = <&gpio 17 GPIO_ACTIVE_LOW>; + debounce-interval = <60>; + }; + + rfkill { + label = "RFKILL button"; + linux,code = ; + gpios = <&gpio 21 GPIO_ACTIVE_LOW>; + debounce-interval = <60>; + }; + }; +}; + +&spi { + status = "okay"; + + flash@0 { + compatible = "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <25000000>; + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + partition@0 { + label = "u-boot"; + reg = <0x0 0x40000>; + read-only; + }; + + partition@40000 { + reg = <0x40000 0x10000>; + label = "u-boot-env"; + }; + + partition@50000 { + compatible = "denx,uimage"; + reg = <0x50000 0xf90000>; + label = "firmware"; + }; + + partition@fe0000 { + reg = <0xfe0000 0x10000>; + label = "user_property"; + read-only; + }; + + art: partition@ff0000 { + label = "art"; + reg = <0xff0000 0x10000>; + read-only; + + nvmem-layout { + compatible = "fixed-layout"; + #address-cells = <1>; + #size-cells = <1>; + + macaddr_wan: macaddr@0 { + reg = <0x0 0x6>; + }; + + macaddr_lan: macaddr@6 { + reg = <0x6 0x6>; + }; + + cal_ath9k: cal_ath9k@1000 { + reg = <0x1000 0x440>; + }; + }; + }; + }; + }; +}; + +&mdio0 { + status = "okay"; + + phy0: ethernet-phy@0 { + reg = <0>; + + qca,ar8327-initvals = < + 0x04 0x07600000 /* PORT0 PAD MODE CTRL: RGMII, to eth0 */ + 0x0c 0x00080080 /* PORT6 PAD MODE CTRL: SGMII, to eth1 */ + 0x10 0x81000080 /* POWER ON STRAP */ + 0x50 0xcc35cc35 /* LED_CTRL0 */ + 0x54 0xca35ca35 /* LED_CTRL1 */ + 0x58 0xc935c935 /* LED_CTRL2 */ + 0x5c 0x03ffff00 /* LED_CTRL3 */ + 0x7c 0x0000007e /* PORT0_STATUS */ + 0x94 0x0000007e /* PORT6_STATUS */ + >; + }; +}; + +ð0 { + status = "okay"; + + nvmem-cells = <&macaddr_wan>; + nvmem-cell-names = "mac-address"; + phy-handle = <&phy0>; + pll-data = <0x56000000 0x00000101 0x00001616>; + + gmac-config { + device = <&gmac>; + rgmii-enabled = <1>; + }; +}; + +ð1 { + status = "okay"; + + nvmem-cells = <&macaddr_lan>; + nvmem-cell-names = "mac-address"; + pll-data = <0x03000101 0x00000101 0x00001616>; + + fixed-link { + speed = <1000>; + full-duplex; + }; +}; + +&wmac { + status = "okay"; + + nvmem-cells = <&cal_ath9k>; + nvmem-cell-names = "calibration"; +}; diff --git a/target/linux/ath79/generic/base-files/etc/board.d/02_network b/target/linux/ath79/generic/base-files/etc/board.d/02_network index e987d754f0a..dedbaf05b80 100644 --- a/target/linux/ath79/generic/base-files/etc/board.d/02_network +++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network @@ -213,6 +213,10 @@ ath79_setup_interfaces() ucidef_add_switch "switch0" \ "0@eth1" "1:lan" "2:lan" "3:lan" "4:lan" "5:wan" "6@eth0" ;; + buffalo,wzr-450hp2) + ucidef_add_switch "switch0" \ + "6@eth1" "1:lan" "2:lan" "3:lan" "4:lan" "5:wan" "0@eth0" + ;; buffalo,wzr-600dhp|\ buffalo,wzr-hp-ag300h|\ tplink,archer-c25-v1|\ diff --git a/target/linux/ath79/image/generic.mk b/target/linux/ath79/image/generic.mk index 92f9bc6cdde..846a9acd200 100644 --- a/target/linux/ath79/image/generic.mk +++ b/target/linux/ath79/image/generic.mk @@ -759,6 +759,18 @@ define Device/buffalo_wzr-hp-g450h endef TARGET_DEVICES += buffalo_wzr-hp-g450h +define Device/buffalo_wzr-450hp2 + $(Device/buffalo_common) + SOC := qca9558 + DEVICE_MODEL := WZR-450HP2 + DEVICE_ALT0_VENDOR := Buffalo + DEVICE_ALT0_MODEL := WZR-450HP2D + BUFFALO_PRODUCT := WZR-450HP2 + IMAGE_SIZE := 15936k + SUPPORTED_DEVICES += wzr-450hp2 +endef +TARGET_DEVICES += buffalo_wzr-450hp2 + define Device/comfast_cf-e110n-v2 SOC := qca9533 DEVICE_VENDOR := COMFAST From 4cc1da1e44c28aa153956e179f28b8ee38dc3ac6 Mon Sep 17 00:00:00 2001 From: Rany Hany Date: Fri, 20 Dec 2024 23:58:39 +0000 Subject: [PATCH 8/8] hostapd: add SAE support for wifi-station and optimize PSK file creation Regarding SAE support in wifi-station: Important Note: Unlike PSK wifi-stations, both `mac` and `key` options are required to make it work. With PSK, hostapd used to perform a brute-force match to find which PSK entry to use, but with SAE this is infeasible due to SAE's design. When `mac` is omitted, it will allow any MAC address to use the SAE password if it didn't have a MAC address assigned to it, but this could only be done once. The last wildcard entry would be used. Also, unlike "hostapd: add support for SAE in PPSK option" (commit 913368a), it is not required to set `sae_pwe` to `0`. This gives it a slight advantage over using PPSK that goes beyond not needing RADIUS. Example Configuration: ``` config wifi-vlan option iface default_radio0 option name 999 option vid 999 option network management config wifi-station # Allow user with MAC address 00:11:22:33:44:55 and matching # key "secretadminpass" to access the management network. option iface default_radio0 option vid 999 option mac '00:11:22:33:44:55' option key secretadminpass config wifi-vlan option iface default_radio0 option name 100 option vid 100 option network guest config wifi-station # With SAE, when 'mac' is omitted it will be the fallback in case no # other MAC address matches. It won't be possible for a user that # has a matching MAC to use this network (i.e., 00:11:22:33:44:55 # in this example). option iface default_radio0 option vid 100 option key guestpass ``` Regarding PSK file creation optimization: This patch now conditionally runs `hostapd_set_psk_file` depending on `auth_type`. Previously, `hostapd_set_psk` would always execute `hostapd_set_psk_file`, which would create a new file if `wifi-station` was in use even if PSK was not enabled. This change checks the `auth_type` to ensure that it is appropriate to parse the `wifi-station` entries and create those files. Furthermore, we now only configure `wpa_psk_file` when it is a supported option (i.e., psk or psk-sae is used). Previously, we used to configure it when it was not necessary. While it didn't cause any issues, it would litter `/var/run` with unnecessary files. This patch fixes that case by configuring it depending on the `auth_type`. The new SAE support is aligned with these PSK file changes. Signed-off-by: Rany Hany Link: https://github.com/openwrt/openwrt/pull/17145 Signed-off-by: John Crispin (cherry picked from commit 65a1c666f2eb2511430a9064686b3590e08b1773) Link: https://github.com/openwrt/openwrt/pull/17248 Signed-off-by: Hauke Mehrtens --- .../wifi-scripts/files/lib/netifd/hostapd.sh | 36 +++++++++++++++++-- .../files/lib/netifd/wireless/mac80211.sh | 7 +++- .../network/services/hostapd/files/hostapd.uc | 2 ++ 3 files changed, 42 insertions(+), 3 deletions(-) diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh index 7d4c41d3b51..d673f5405bd 100644 --- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh @@ -428,9 +428,36 @@ hostapd_set_psk() { local ifname="$1" rm -f /var/run/hostapd-${ifname}.psk + case "$auth_type" in + psk|psk-sae) ;; + *) return ;; + esac for_each_station hostapd_set_psk_file ${ifname} } +hostapd_set_sae_file() { + local ifname="$1" + local vlan="$2" + local vlan_id="" + + json_get_vars mac vid key + set_default mac "ff:ff:ff:ff:ff:ff" + [ -n "$mac" ] && mac="|mac=$mac" + [ -n "$vid" ] && vlan_id="|vlanid=$vid" + printf '%s%s%s\n' "${key}" "${mac}" "${vlan_id}" >> /var/run/hostapd-${ifname}.sae +} + +hostapd_set_sae() { + local ifname="$1" + + rm -f /var/run/hostapd-${ifname}.sae + case "$auth_type" in + sae|psk-sae) ;; + *) return ;; + esac + for_each_station hostapd_set_sae_file ${ifname} +} + append_iw_roaming_consortium() { [ -n "$1" ] && append bss_conf "roaming_consortium=$1" "$N" } @@ -686,7 +713,7 @@ hostapd_set_bss_options() { wps_not_configured=1 ;; psk|sae|psk-sae) - json_get_vars key wpa_psk_file + json_get_vars key wpa_psk_file sae_password_file if [ "$ppsk" -ne 0 ]; then json_get_vars auth_secret auth_port set_default auth_port 1812 @@ -702,10 +729,15 @@ hostapd_set_bss_options() { return 1 fi [ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk - [ -n "$wpa_psk_file" ] && { + [ -n "$wpa_psk_file" ] && [ "$auth_type" = "psk" -o "$auth_type" = "psk-sae" ] && { [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" } + [ -z "$sae_password_file" ] && set_default sae_password_file /var/run/hostapd-$ifname.sae + [ -n "$sae_password_file" ] && [ "$auth_type" = "sae" -o "$auth_type" = "psk-sae" ] && { + [ -e "$sae_password_file" ] || touch "$sae_password_file" + append bss_conf "sae_password_file=$sae_password_file" "$N" + } [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" set_default dynamic_vlan 0 diff --git a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh index ad1a4c86df0..5837f1c748f 100755 --- a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh @@ -668,7 +668,7 @@ mac80211_set_ifname() { mac80211_prepare_vif() { json_select config - json_get_vars ifname mode ssid wds powersave macaddr enable wpa_psk_file vlan_file + json_get_vars ifname mode ssid wds powersave macaddr enable wpa_psk_file sae_password_file vlan_file [ -n "$ifname" ] || { local prefix; @@ -701,7 +701,12 @@ mac80211_prepare_vif() { [ "$mode" == "ap" ] && { + json_select config + wireless_vif_parse_encryption + json_select .. + [ -z "$wpa_psk_file" ] && hostapd_set_psk "$ifname" + [ -z "$sae_password_file" ] && hostapd_set_sae "$ifname" [ -z "$vlan_file" ] && hostapd_set_vlan "$ifname" } diff --git a/package/network/services/hostapd/files/hostapd.uc b/package/network/services/hostapd/files/hostapd.uc index 30292ce9ae2..ee241120598 100644 --- a/package/network/services/hostapd/files/hostapd.uc +++ b/package/network/services/hostapd/files/hostapd.uc @@ -10,6 +10,7 @@ hostapd.data.pending_config = {}; hostapd.data.file_fields = { vlan_file: true, wpa_psk_file: true, + sae_password_file: true, accept_mac_file: true, deny_mac_file: true, eap_user_file: true, @@ -364,6 +365,7 @@ function bss_remove_file_fields(config) for (let key in config.hash) new_cfg.hash[key] = config.hash[key]; delete new_cfg.hash.wpa_psk_file; + delete new_cfg.hash.sae_password_file; delete new_cfg.hash.vlan_file; return new_cfg;