OpenWRT

Recent Commits

• Jonas Jelonek (16 Jun 26)

  generic: mips: replace pending patch with backport The pending patch fixing reboot behavior on Realtek MIPS (and possibly other MIPS targets) has been accepted upstream. Replace with a proper backport. Link: https://github.com/openwrt/openwrt/pull/23831 Signed-off-by: Jonas Jelonek <[email protected]>

• Jonas Jelonek (16 Jun 26)

  realtek: replace pending SFP patches with backport The SFP SMBus patches to access SFP modules with more than just byte access have finally been accepted upstream. Replace them with the upstreamed version, reorder them before our still downstream SMBus MDIO patches and refresh all. Link: https://github.com/openwrt/openwrt/pull/23825 Signed-off-by: Jonas Jelonek <[email protected]>

• Lukas Stockner (12 Jun 26)

  ipq806x: add apboot package for AP-32x This is unfortunately needed to disable the signature verification in the stock bootloader. Co-authored-by: Paul Spooren <[email protected]> Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Paul Spooren <[email protected]>

• Lukas Stockner (05 Nov 25)

  ipq806x: add support for Aruba AP-32x This is a dual-radio 802.11a/b/g/n/ac access point with dual Gigabit Ethernet. There are two closely related models: The AP-324, which has external antenna connectors, and the AP-325, which has internal antennas. The board appears to be identical, and the same image works on both. Additionally, the Siemens Scalance W1750D is an OEM variant using the same board, so the image also works on that. Unfortunately the factory APBoot bootloader enforces cryptographic signatures on the firmware before booting, so a modified version must be flashed via the serial port. See [^1] for details. Specifications ============== * Device: Aruba AP-325 / AP-324 * SoC: Qualcomm IPQ8068 2x1.4GHz ARMv7-A * RAM: 512MiB (2x Winbond W632GU6MB-12) * SPI flash: 4MiB Macronix MX25U3235F * NAND flash: 128MiB Winbond W29N01HZBINF * WiFi: 2x Qualcomm QCA9990 (one 2.4G, one 5G) * Ethernet: 2x 1000BASE-T (Marvell 88E1514 PHY), both PoE-capable * Power: PoE 802.3at or 12V DC jack * LEDs: Red/Amber/Green status LED, Amber/Green WiFi LED * Buttons: 1x, behind hole next to DC jack * Console: RJ45 connector, Cisco pinout * USB: 1x USB 2.0 Type A, 1x internal to BLE, SoC has USB 3.0 host but board is only wired for 2.0 * BLE: TI CC2540 SoC, connected to USB and UART, unpopulated debug header on PCB * TPM: Atmel AT97SC3205T How to install ============== The stock bootloader APBoot appears to be vendor fork of U-Boot, which disables much of the usual functionality and comes with its own booting and firmware upgrade logic. Unfortunately, this logic enforces RSA signatures on images, even for the default boot from NAND. Therefore, a patched bootloader is needed, which is built as a package. In addition to the signature check removal, this also changes the serial baudrate to 115200. Luckily, the stock firmware does not disable the `sf` command (it just hides it until you run `diag`), so the patched bootloader can be fetched via TFTP and then flashed via console. Flashing patched APBoot ----------------------- * Build OpenWrt, or download `openwrt-ipq806x-generic-aruba_ap-32x-apboot.mbn` * Connect serial cable and wired ethernet * Access stock APBoot console at Baud 9600 * Flash patched bootloader: ``` setenv serverip <your TFTP server IP> setenv autostart n netget 44000000 openwrt-ipq806x-generic-aruba_ap-32x-apboot.mbn sf probe 0 sf erase 220000 100000 sf write 44000000 220000 100000 reset ``` Booting OpenWrt --------------- * Connect serial cable and wired ethernet * Access patched APBoot console at Baud 115200 * Run `setenv serverip <your TFTP server IP>` * Run `tftpboot openwrt-ipq806x-generic-aruba_ap-32x-initramfs.ari` Installing OpenWrt ------------------ * Connect serial cable and wired ethernet * Access patched APBoot console at Baud 115200 * Consider backing up stock firmware(s) (UBI volumes `aos0` and/or `aos1`) by booting into OpenWrt via initramfs (see above) and dumping them * Wipe and repartition NAND flash (see below for explanation): ``` nand device 0 nand erase.chip reset ubi part ubifs ubi remove ubifs ubi create ubifs 1 ubi create rootfs_data ``` * Follow steps above to boot OpenWrt via initramfs * From OpenWrt, persist installation via sysupgrade Reverting to stock FW --------------------- The patched bootloader remains compatible with the original firmware, so you can just wipe the NAND, let APBoot recreate the partitions, and flash back the `aos0`/`aos1` backup from above. Current status ============== Tested and working ------------------ * Console * Wired GbE (both ports) * WiFi (both 2.4G and 5G) * LEDs * Restart Button * USB port * External watchdog * TPM * BLE SoC Future work ----------- * GPIOs for: * power source (8 indicates DC jack, 59 indicates 802.3at) * reset source (64 for warm reset, 65 for watchdog) * USB overcurrent (63) * BLE SoC reflashing * CC2540 comes with Aruba-specific FW out of the box * Debug header is exposed on PCB (pinout GND-VCC-Clock-Data-Reset), but that requires disassembly * Stock BLE FW appears to support reflashing via UART, but protocol would need to be reverse-engineered * ramoops/pstore * It appears that APBoot clears the RAM on boot, might be something we can patch out as well * Porting a modern U-Boot Flash layout ============ SPI flash --------- ``` 0x000000-0x020000 sbl1 0x020000-0x040000 mibib 0x040000-0x080000 sbl2 0x080000-0x100000 sbl3 0x100000-0x110000 ddrconfig 0x110000-0x120000 ssd 0x120000-0x1a0000 tz 0x1a0000-0x220000 rpm 0x220000-0x320000 appsbl 0x320000-0x330000 appsblenv 0x330000-0x370000 art 0x370000-0x380000 panicdump 0x380000-0x390000 certificate 0x390000-0x3a0000 mfginfo 0x3a0000-0x3b0000 flashcache 0x3b0000-0x400000 aosspare ``` Factory NAND flash ------------------ * 32MiB MTD partition `aos0`, formatted as UBI * 32MiB UBI volume `aos0` * contains kernel+initrd of the primary firmware, initrd contains the entire root FS * 32MiB MTD partition `aos1`, formatted as UBI * 32MiB UBI volume `aos1` * contains kernel+initrd of the secondary firmware, initrd contains the entire root FS * 64MiB MTD partition `ubifs`, formatted as UBI * 64MiB UBI volume `ubifs` * Contains UBIFS, overlay-mounted on top of the initrd, shared between firmware slots APBoot understands UBI, and will read the kernel from the `aos0` or `aos1` volume (depending on `os_partition`) with fallback to the other one in case a check fails. Kernels are expected to have a vendor-specific header, the included script will add that header with the correct checksum but no signature. OpenWrt NAND flash ------------------ OpenWrt assumes separate UBI volumes for kernel and rootfs, as well as a volume that must be named `rootfs_data` for the UBIFS. Unfortunately, APBoot actively checks the UBI volumes at boot, and will repartition if it doesn't find the volumes that it expects (listed above). Luckily, it doesn't check their size, only their existence. Therefore, we can use the following layout: * 32MiB MTD partition `aos0`, formatted as UBI * 32MiB UBI volume `aos0` * contains OpenWrt kernel+initrd * 32MiB MTD partition `aos1`, formatted as UBI * 32MiB UBI volume `aos1` * contains OpenWrt root squashfs * 64MiB MTD partition `ubifs`, formatted as UBI * small (single-LEB) UBI volume `ubifs` * Dummy volume, only there to satisfy APBoot * almost 64MiB UBI volume `rootfs_data` * contains UBIFS, overlay-mounted on top of the rootfs [^1]: https://github.com/lukasstockner/ap325-apboot-openwrt Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Paul Spooren <[email protected]>

• Lukas Stockner (02 May 26)

  ipq806x: add CONFIG_GPIO_WATCHDOG The AP-325 (and variants) has an external watchdog, so this is needed to regularly toggle the GPIO and keep the watchdog happy. Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Paul Spooren <[email protected]>

• Lukas Stockner (02 May 26)

  base-files: handle name collision between kernel UBI volume and MTD partition On the AP-325 (and variants), the bootloader enforces a particular UBI volume layout and naming, so unfortunately the kernel's UBI volume and MTD partition end up with the name, which confuses the current logic. Therefore, add an option to ignore the MTD partition. Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Paul Spooren <[email protected]>

• Lukas Stockner (02 May 26)

  base-files: support rootfs_data on its own partition The current code assumes that the rootfs_data UBI volume is on the same MTD partition as the rootfs. Unfortunately, this does not work on the Aruba AP-325 (and variants), since the bootloader enforces a particular UBI volume layout. Therefore, this adds a separate variable to set the rootfs_data partition, and updates all existing devices with a non-default rootfs partition to also specify the new variable. Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Paul Spooren <[email protected]>

• Paul Spooren (16 Jun 26)

  Revert "base-files: support rootfs_data on its own partition" This reverts commit 13fc688f033895e0ba91c1d752ffd63a06760ef5. Wrong Signed-off-by line was used, reverting and re-applying. Signed-off-by: Paul Spooren <[email protected]>

• Paul Spooren (16 Jun 26)

  Revert "base-files: handle name collision between kernel UBI volume and MTD partition" This reverts commit eef8c718b474aff652b42c2e96b55b1b310f7f56. Wrong Signed-off-by line was used, reverting and re-applying. Signed-off-by: Paul Spooren <[email protected]>

• Paul Spooren (16 Jun 26)

  Revert "ipq806x: add CONFIG_GPIO_WATCHDOG" This reverts commit 69a2b3b31865615f71793067b1c891067b66e8a4. Wrong Signed-off-by line was used, reverting and re-applying. Signed-off-by: Paul Spooren <[email protected]>

• Paul Spooren (16 Jun 26)

  Revert "ipq806x: add support for Aruba AP-32x" This reverts commit e912d6aeb4c017a30b86acd3a8cf4ec4b53b87a8. Wrong Signed-off-by line was used, reverting and re-applying. Signed-off-by: Paul Spooren <[email protected]>

• Paul Spooren (16 Jun 26)

  Revert "ipq806x: add apboot package for AP-32x" This reverts commit 0823ad47ff3068476da4e5035575b4923bcc1fec. Wrong Signed-off-by line was used, reverting and re-applying. Signed-off-by: Paul Spooren <[email protected]>

• Lukas Stockner (12 Jun 26)

  ipq806x: add apboot package for AP-32x This is unfortunately needed to disable the signature verification in the stock bootloader. Co-authored-by: Paul Spooren <[email protected]> Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Test Dev <[email protected]>

• Lukas Stockner (05 Nov 25)

  ipq806x: add support for Aruba AP-32x This is a dual-radio 802.11a/b/g/n/ac access point with dual Gigabit Ethernet. There are two closely related models: The AP-324, which has external antenna connectors, and the AP-325, which has internal antennas. The board appears to be identical, and the same image works on both. Additionally, the Siemens Scalance W1750D is an OEM variant using the same board, so the image also works on that. Unfortunately the factory APBoot bootloader enforces cryptographic signatures on the firmware before booting, so a modified version must be flashed via the serial port. See [^1] for details. Specifications ============== * Device: Aruba AP-325 / AP-324 * SoC: Qualcomm IPQ8068 2x1.4GHz ARMv7-A * RAM: 512MiB (2x Winbond W632GU6MB-12) * SPI flash: 4MiB Macronix MX25U3235F * NAND flash: 128MiB Winbond W29N01HZBINF * WiFi: 2x Qualcomm QCA9990 (one 2.4G, one 5G) * Ethernet: 2x 1000BASE-T (Marvell 88E1514 PHY), both PoE-capable * Power: PoE 802.3at or 12V DC jack * LEDs: Red/Amber/Green status LED, Amber/Green WiFi LED * Buttons: 1x, behind hole next to DC jack * Console: RJ45 connector, Cisco pinout * USB: 1x USB 2.0 Type A, 1x internal to BLE, SoC has USB 3.0 host but board is only wired for 2.0 * BLE: TI CC2540 SoC, connected to USB and UART, unpopulated debug header on PCB * TPM: Atmel AT97SC3205T How to install ============== The stock bootloader APBoot appears to be vendor fork of U-Boot, which disables much of the usual functionality and comes with its own booting and firmware upgrade logic. Unfortunately, this logic enforces RSA signatures on images, even for the default boot from NAND. Therefore, a patched bootloader is needed, which is built as a package. In addition to the signature check removal, this also changes the serial baudrate to 115200. Luckily, the stock firmware does not disable the `sf` command (it just hides it until you run `diag`), so the patched bootloader can be fetched via TFTP and then flashed via console. Flashing patched APBoot ----------------------- * Build OpenWrt, or download `openwrt-ipq806x-generic-aruba_ap-32x-apboot.mbn` * Connect serial cable and wired ethernet * Access stock APBoot console at Baud 9600 * Flash patched bootloader: ``` setenv serverip <your TFTP server IP> setenv autostart n netget 44000000 openwrt-ipq806x-generic-aruba_ap-32x-apboot.mbn sf probe 0 sf erase 220000 100000 sf write 44000000 220000 100000 reset ``` Booting OpenWrt --------------- * Connect serial cable and wired ethernet * Access patched APBoot console at Baud 115200 * Run `setenv serverip <your TFTP server IP>` * Run `tftpboot openwrt-ipq806x-generic-aruba_ap-32x-initramfs.ari` Installing OpenWrt ------------------ * Connect serial cable and wired ethernet * Access patched APBoot console at Baud 115200 * Consider backing up stock firmware(s) (UBI volumes `aos0` and/or `aos1`) by booting into OpenWrt via initramfs (see above) and dumping them * Wipe and repartition NAND flash (see below for explanation): ``` nand device 0 nand erase.chip reset ubi part ubifs ubi remove ubifs ubi create ubifs 1 ubi create rootfs_data ``` * Follow steps above to boot OpenWrt via initramfs * From OpenWrt, persist installation via sysupgrade Reverting to stock FW --------------------- The patched bootloader remains compatible with the original firmware, so you can just wipe the NAND, let APBoot recreate the partitions, and flash back the `aos0`/`aos1` backup from above. Current status ============== Tested and working ------------------ * Console * Wired GbE (both ports) * WiFi (both 2.4G and 5G) * LEDs * Restart Button * USB port * External watchdog * TPM * BLE SoC Future work ----------- * GPIOs for: * power source (8 indicates DC jack, 59 indicates 802.3at) * reset source (64 for warm reset, 65 for watchdog) * USB overcurrent (63) * BLE SoC reflashing * CC2540 comes with Aruba-specific FW out of the box * Debug header is exposed on PCB (pinout GND-VCC-Clock-Data-Reset), but that requires disassembly * Stock BLE FW appears to support reflashing via UART, but protocol would need to be reverse-engineered * ramoops/pstore * It appears that APBoot clears the RAM on boot, might be something we can patch out as well * Porting a modern U-Boot Flash layout ============ SPI flash --------- ``` 0x000000-0x020000 sbl1 0x020000-0x040000 mibib 0x040000-0x080000 sbl2 0x080000-0x100000 sbl3 0x100000-0x110000 ddrconfig 0x110000-0x120000 ssd 0x120000-0x1a0000 tz 0x1a0000-0x220000 rpm 0x220000-0x320000 appsbl 0x320000-0x330000 appsblenv 0x330000-0x370000 art 0x370000-0x380000 panicdump 0x380000-0x390000 certificate 0x390000-0x3a0000 mfginfo 0x3a0000-0x3b0000 flashcache 0x3b0000-0x400000 aosspare ``` Factory NAND flash ------------------ * 32MiB MTD partition `aos0`, formatted as UBI * 32MiB UBI volume `aos0` * contains kernel+initrd of the primary firmware, initrd contains the entire root FS * 32MiB MTD partition `aos1`, formatted as UBI * 32MiB UBI volume `aos1` * contains kernel+initrd of the secondary firmware, initrd contains the entire root FS * 64MiB MTD partition `ubifs`, formatted as UBI * 64MiB UBI volume `ubifs` * Contains UBIFS, overlay-mounted on top of the initrd, shared between firmware slots APBoot understands UBI, and will read the kernel from the `aos0` or `aos1` volume (depending on `os_partition`) with fallback to the other one in case a check fails. Kernels are expected to have a vendor-specific header, the included script will add that header with the correct checksum but no signature. OpenWrt NAND flash ------------------ OpenWrt assumes separate UBI volumes for kernel and rootfs, as well as a volume that must be named `rootfs_data` for the UBIFS. Unfortunately, APBoot actively checks the UBI volumes at boot, and will repartition if it doesn't find the volumes that it expects (listed above). Luckily, it doesn't check their size, only their existence. Therefore, we can use the following layout: * 32MiB MTD partition `aos0`, formatted as UBI * 32MiB UBI volume `aos0` * contains OpenWrt kernel+initrd * 32MiB MTD partition `aos1`, formatted as UBI * 32MiB UBI volume `aos1` * contains OpenWrt root squashfs * 64MiB MTD partition `ubifs`, formatted as UBI * small (single-LEB) UBI volume `ubifs` * Dummy volume, only there to satisfy APBoot * almost 64MiB UBI volume `rootfs_data` * contains UBIFS, overlay-mounted on top of the rootfs [^1]: https://github.com/lukasstockner/ap325-apboot-openwrt Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Test Dev <[email protected]>

• Lukas Stockner (02 May 26)

  ipq806x: add CONFIG_GPIO_WATCHDOG The AP-325 (and variants) has an external watchdog, so this is needed to regularly toggle the GPIO and keep the watchdog happy. Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Test Dev <[email protected]>

• Lukas Stockner (02 May 26)

  base-files: handle name collision between kernel UBI volume and MTD partition On the AP-325 (and variants), the bootloader enforces a particular UBI volume layout and naming, so unfortunately the kernel's UBI volume and MTD partition end up with the name, which confuses the current logic. Therefore, add an option to ignore the MTD partition. Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Test Dev <[email protected]>

• Lukas Stockner (02 May 26)

  base-files: support rootfs_data on its own partition The current code assumes that the rootfs_data UBI volume is on the same MTD partition as the rootfs. Unfortunately, this does not work on the Aruba AP-325 (and variants), since the bootloader enforces a particular UBI volume layout. Therefore, this adds a separate variable to set the rootfs_data partition, and updates all existing devices with a non-default rootfs partition to also specify the new variable. Signed-off-by: Lukas Stockner <[email protected]> Link: https://github.com/openwrt/openwrt/pull/20738 Signed-off-by: Test Dev <[email protected]>

• Etienne Champetier (24 Jan 26)

  prereq-build/u-boot: add Python 3.14 support Python 3.14 is the default version on Fedora 43/44. Signed-off-by: Etienne Champetier <[email protected]> Link: https://github.com/openwrt/openwrt/pull/23243 Signed-off-by: Test Dev <[email protected]>

• Rosen Penev (23 Apr 26)

  irq-ath79-intc: add missing \n Needed to make the dmesg output normal. Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (23 Apr 26)

  irq-ath79-intc: avoid negative values of_count_phandle_with_args can return negative. We don't want that. Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (23 Apr 26)

  irq-ath79-intc: add irq_dispose_mapping Avoids a resource leak on failure. Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  irq-ath79-intc: statically allocate irq_chip No need for dynamic allocation. static is fine. Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  irq-ath79-intc: add chained_irq_enter/exit Original review said: Missing chained_irq_enter/exit calls. Also rework slightly to reduce indentation. Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  irq-ath79-intc: rename pending_mask to enable_mask Original review said: Isn't this "pending_mask" more of an "enabled"? Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  irq-ath79-intc: don't use hwirq_max Original review said: Don't. This is an implementation detail of the irq domain, and you're not supposed to access that field. Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  irq-ath79-intc: use generic_handle_domain_irq Combines irq_find_mapping and generic_handle_irq. Matches upstream commit 046a6ee2343bb26d85a9973a39ccdb9764236fa4 Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  irq-ath79-intc: add SPDX license License boilerplate was deprecated by upstream in d2912cb15bdda8ba4a5dd73396ad62641af2f520 Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  irq-ath79-intc: switch from add to create Upstream Linux wants to remove the add APIs. Get ahead of this and make the switch as was done upstream in affdc0d1bdfa544fed26ae07c4e136af86465507 Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  irq-ath79-intc: remove panic and add kfree Panic like this was recommended against in the original review of the upstream submission. Remove it and add missing kfree calls. Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>

• Rosen Penev (18 Apr 26)

  ath79: move intc driver out of patch This driver has been attempted to be upstreamed once and never again. Keep it local to make modification easier. Signed-off-by: Rosen Penev <[email protected]> Link: https://github.com/openwrt/openwrt/pull/22981 Signed-off-by: Jonas Jelonek <[email protected]>