Re: [OpenWrt-Devel] [PATCH] upgrade: nand: fix board_name assumtions
(imgtec.com addresses removed as mail to them bounces) On 5/20/19 6:42 AM, Jeff Kletsky wrote: On 5/20/19 3:14 AM, Bjørn Mork wrote: nand_do_platform_check assumes that the current board name is used as-is in the tar file sysupgrade directory. This fails for any image supporting multiple device names, and it also fails if the board_name contains a comma. Signed-off-by: Bjørn Mork --- This is a local workaround I'va had lying around for a while. Please consider if it makes any sense at all, or if there are better ways to solve the problem. I don't have an actual upstreamed usecase, as this is an issue I've met while trying to prepare for a never-finished ZyXEL WAP6805 support... Bjørn package/base-files/files/lib/upgrade/nand.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package/base-files/files/lib/upgrade/nand.sh b/package/base-files/files/lib/upgrade/nand.sh index 99916a4e96fc..14856357989e 100644 --- a/package/base-files/files/lib/upgrade/nand.sh +++ b/package/base-files/files/lib/upgrade/nand.sh @@ -320,7 +320,9 @@ nand_do_upgrade() { nand_do_platform_check() { local board_name="$1" local tar_file="$2" - local control_length=`(tar xf $tar_file sysupgrade-$board_name/CONTROL -O | wc -c) 2> /dev/null` + local board_dir=$(tar tf $tar_file | grep -m 1 '^sysupgrade-.*/$') + board_dir=${board_dir%/} + local control_length=`(tar xf $tar_file ${board_dir}/CONTROL -O | wc -c) 2> /dev/null` local file_type="$(identify $2)" [ "$control_length" = 0 -a "$file_type" != "ubi" -a "$file_type" != "ubifs" ] && { Your timing as good as I've been wrestling with this as well in context of providing ath79 support for SPI-NAND[1]. At least for me, the use case is the equivalent of nand_do_platform_check $(board_name) ${upgrade_file_name} without jumping through hoops of translating the output of $(board_name) to the expected tar-dir name for each and every instance of the call. [...] * I can see a desire to check for a *specific* tar-dir name, rather than just "any" tar-dir name (wrestled with this for a while) * Only one board seems to prevent a first-comma-to-underscore approach, the `img,pistachio-marduk` uses `sysupgrade-img,pistachio-marduk` [...] Having spent quite a bit of time today thinking about the impact of board-name changes, I can see use cases where the running system doesn't know a priori what the range of acceptable tar-dir values are. Take the case where `mfgr,board-name` gets a new, compatible variant, `mfgr,board-name-special-purpose`. If you're running `mfgr,board-name`, a strict check for `mfgr_board-name` would fail, even though the sysupgrade-tar was applicable. This kind of board-compatibility check should arguably be done with image metadata, either or both appended or in the CONTROL section. As such, I would welcome this change, as proposed by Bjørn. I would suggest an update to the comment to reflect the change as `has to include "sysupgrade-BOARD" directory` is no longer correct. Jeff ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] openwrt-devel Digest, Vol 37, Issue 94
> On Sun, May 19, 2019 at 12:44:18PM -0700, Jeff Kletsky wrote: > > I'm in the process of porting the AR750S to the ath79 target with > > SPI-NAND support now available on Linux 4.19[1]. > > > > From what I can tell, the AR300M (NAND) target, while it builds, > > does not provide a functional image with either Linux 4.14 or 4.19 > > as there has not been and is not yet an applicable SPI-NAND driver > > built by OpenWrt[2]. > > > > While the ar71xx target had various patches to provide an SPI-attached > > NAND driver, at least as I understand it, these were rejected for the > > ath79 target in favor of the upstream SPI-NAND framework that would > > become available[2,3]. > > > > While there is support for the GigaDevice E-series SPI NAND already > > backported to OpenWrt under Linux 4.19[4] and I have submitted patches to > > support the F-series chips upstream[5], I have been told that some of the > > AR300M units also shipped with Paragon SPI NAND[6], for which there is no > > upstream driver support at this time. > > > > > > > > As there is no bootable image produced, I would like to remove > > the AR300M (NAND) target from the ath79 tree at this time. The AR300M > > would remain on the ath79 generic (NOR) target. > > > > The intention is that the AR300M (NAND) would be reinstated once > > proper driver support is available. > > > > > > > > == > > If you have objections to this course of action, please let me know. > > == > > > Nah. Worst case is we have to dig the commmit log and pull the data back > out. That's the great thing about git. > > > > > > Also, if you have an AR300M with the Paragon SPI NAND that you would > > be able to assist me in testing development of an upstream-supported > > driver, please also let me know. > > > I do believe my particular ar300m is paragon based, and I'm more than > willing to assist wherever I can. I was under the impression that > bbrezelion or however you spell it was working on a generic spi-nand > driver? > > From looking at the GL.iNet source[7], I would expect to see `dmesg` on > > an OEM or image built from their sources to display a line containing > > > > spi-nand: Paragon SPI NAND was found. > > > > These are probably older-production units. > > I just received a new GL ARM300M last week. From gl-inet's 3.019 version: [0.833564] m25p80 spi0.0: found w25q128, expected m25p80 [0.848151] m25p80 spi0.0: w25q128 (16384 Kbytes) [0.853060] 4 cmdlinepart partitions found on MTD device spi0.0 [0.859168] Creating 4 MTD partitions on "spi0.0": [0.864134] 0x-0x0004 : "u-boot" [0.870637] 0x0004-0x0005 : "u-boot-env" [0.877667] 0x0005-0x00ff : "reserved" [0.884526] 0x00ff-0x0100 : "art" [0.891497] spi-nand: Giga SPI NAND was found. [0.896149] spi-nand: 128 MiB, block size: 128 KiB, page size: 2048, OOB size: 128 [0.904277] 2 cmdlinepart partitions found on MTD device spi0.1 [0.910394] Creating 2 MTD partitions on "spi0.1": [0.915381] 0x-0x0020 : "kernel" [0.925438] 0x0020-0x0800 : "ubi" [2.771631] UBI: auto-attach mtd5 [2.775137] ubi0: attaching mtd5 [5.175419] ubi0: scanning is finished [5.287855] ubi0: volume 1 ("rootfs_data") re-sized from 9 to 905 LEBs [5.295504] ubi0: attached mtd5 (name "ubi", size 126 MiB) [5.301183] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes [5.308323] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048 [5.315337] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096 [5.322531] ubi0: good PEBs: 1007, bad PEBs: 1, corrupted PEBs: 0 [5.328822] ubi0: user volume: 2, internal volumes: 1, max. volumes count: 128 [5.336289] ubi0: max/mean erase counter: 1/0, WL threshold: 4096, image sequence number: 933695444 [5.345631] ubi0: available PEBs: 0, total reserved PEBs: 1007, PEBs reserved for bad PEB handling: 19 [5.355319] ubi0: background thread "ubi_bgt0d" started, PID 301 [5.373091] block ubiblock0_0: created from ubi0:0(rootfs) [5.378767] ubiblock: device ubiblock0_0 (rootfs) set to be root filesystem Happy to help out any testing. Our community has started using these devices. Joe AE6XE http://www.arednmesh.org project > > > > > > Jeff > > > > > > --- > > > > [1] http://patchwork.ozlabs.org/project/openwrt/list/?series=107880 > > > > [2] > > http://lists.infradead.org/pipermail/openwrt-devel/2019-January/015604.html > > > > http://lists.infradead.org/pipermail/openwrt-devel/2019-January/015606.html > > > > [3] https://github.com/openwrt/openwrt/pull/1428#issuecomment-441594401 > > > > [4] 3bc8ed91d4 generic-4.19: Backport spi-nand support for GigaDevice A/E > > > > [5] http://patchwork.ozlabs.org/project/linux-mtd/list/?series=107874 > > > > [6] http://www.xtxtech.com/upfile/2016082517274590.pdf > > > > [7] > >
[OpenWrt-Devel] Payment Receipt
Dear Sir/Madam Kindly verify the payment made to your company in the attached file. we hope to get a quick response from you in-regards to the payment made from our company to yours. Kindest Regards,ᅡᅠ Mrs.Rachael (Managing Director,) <> ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v3] gemini: Support sysupgrade on DIR-685
On Mon, May 20, 2019 at 10:56 PM Petr Štetiar wrote: > And merged[1] it into my staging tree, so please check it and let me know if > it's ok with you or if you prefer to go with v4, thanks. Thanks man, sorry if I'm a bit confused around how you want the sysupgrade to work. Maybe we could open a documentation page for new devices, like here is how we want you to implement sysupgrade, I had a hard time to figure out that all was circuling around the platform.sh script and how that was called from the core sysupgrade. I can start while I still have it in fresh memory and you can chime in on how you want people to do generic checksum etc. Yours, Linus Walleij ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH v3] gemini: Support sysupgrade on DIR-685
Linus Walleij [2019-05-20 22:25:21]: Hi, I don't want to drag out more of your time so, > +platform_find_part_size() { > + local first dev size erasesize name > + while read dev size erasesize name; do > + name=${name#'"'}; name=${name%'"'} > + [ "$name" = "$1" ] && { > + echo "$size" > + break > + } > + done < /proc/mtd > +} I've removed this (as we've agreed in v2) > +platform_do_upgrade() { > + local board=$(board_name) > + > + v "board=$board" Fixed this leftover. > + case "$board" in > + dlink,dir-685 ) > + PART_NAME=firmware > + default_do_upgrade "$ARGV" > + ;; > + *) > + > + ;; > + esac Cleaned up this. > @@ -143,9 +144,11 @@ define Device/dlink_dir-685 > + SUPPORTED_DEVICES += dlink,dir-685 Removed this. > endef > TARGET_DEVICES += dlink_dir-685 And merged[1] it into my staging tree, so please check it and let me know if it's ok with you or if you prefer to go with v4, thanks. 1. https://git.openwrt.org/5f456d7acc -- ynezz ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH v3] gemini: Support sysupgrade on DIR-685
This makes sysupgrade work on the D-Link DIR-685 after initial factory install. We create the platform.sh script to support sysupgrade on more targets as we move on with sysupgrade support. Cc: Petr Štetiar Signed-off-by: Linus Walleij --- ChangeLog v2->v3: - Drop the WRGG magic check: after thinking about it this check only MD5-sums the kernel on the sysupgrade images so it is not helpful for checking the stuff we actually write to flash, including the rootfs. So skip it on sysupgrade. ChangeLog v1->v2: - Append metadata to sysupgrade image - Require metadata in platform.sh - Strip comments --- .../gemini/base-files/lib/upgrade/platform.sh | 40 +++ target/linux/gemini/image/Makefile| 5 ++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 target/linux/gemini/base-files/lib/upgrade/platform.sh diff --git a/target/linux/gemini/base-files/lib/upgrade/platform.sh b/target/linux/gemini/base-files/lib/upgrade/platform.sh new file mode 100644 index ..eaaf9d734e13 --- /dev/null +++ b/target/linux/gemini/base-files/lib/upgrade/platform.sh @@ -0,0 +1,40 @@ +REQUIRE_IMAGE_METADATA=1 + +platform_find_part_size() { + local first dev size erasesize name + while read dev size erasesize name; do + name=${name#'"'}; name=${name%'"'} + [ "$name" = "$1" ] && { + echo "$size" + break + } + done < /proc/mtd +} + +platform_check_image() { + local board=$(board_name) + + case "$board" in + dlink,dir-685 ) + return 0 + ;; + esac + + echo "Sysupgrade is not yet supported on $board." + return 1 +} + +platform_do_upgrade() { + local board=$(board_name) + + v "board=$board" + case "$board" in + dlink,dir-685 ) + PART_NAME=firmware + default_do_upgrade "$ARGV" + ;; + *) + + ;; + esac +} diff --git a/target/linux/gemini/image/Makefile b/target/linux/gemini/image/Makefile index 8fec250f186a..3339cd2467a9 100644 --- a/target/linux/gemini/image/Makefile +++ b/target/linux/gemini/image/Makefile @@ -115,6 +115,7 @@ define Device/Default KERNEL_NAME := zImage KERNEL := kernel-bin | append-dtb BLOCKSIZE := 128k + SUPPORTED_DEVICES := $(subst _,$(comma),$(1)) endef # A reasonable set of default packages handling the NAS type @@ -143,9 +144,11 @@ define Device/dlink_dir-685 DEVICE_PACKAGES := $(GEMINI_NAS_PACKAGES) \ kmod-switch-rtl8366rb swconfig \ kmod-rt2800-pci - IMAGES := factory.bin + IMAGES := factory.bin sysupgrade.bin # Pad to 128k erase blocks with 160 bytes WRGG header IMAGE/factory.bin := append-kernel | pad-offset 128k 160 | append-rootfs | dir685-pad-rootfs | dir685-image + IMAGE/sysupgrade.bin := append-kernel | pad-offset 128k 160 | dir685-image | append-rootfs | dir685-pad-rootfs | append-metadata + SUPPORTED_DEVICES += dlink,dir-685 endef TARGET_DEVICES += dlink_dir-685 -- 2.20.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCHv2] kernel: Add AEAD and RNG support to kmod-crypto-user
Now that kernel 3.18 is gone, we can safely add these features. Tested on Turris Omnia. Signed-off-by: Rosen Penev --- v2: Rebased against master package/kernel/linux/modules/crypto.mk | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/crypto.mk b/package/kernel/linux/modules/crypto.mk index 9cab04c6ed..4e843e1a5e 100644 --- a/package/kernel/linux/modules/crypto.mk +++ b/package/kernel/linux/modules/crypto.mk @@ -733,13 +733,17 @@ define KernelPackage/crypto-user DEPENDS:=+kmod-crypto-hash +kmod-crypto-manager KCONFIG:= \ CONFIG_CRYPTO_USER_API \ + CONFIG_CRYPTO_USER_API_AEAD \ CONFIG_CRYPTO_USER_API_HASH \ + CONFIG_CRYPTO_USER_API_RNG \ CONFIG_CRYPTO_USER_API_SKCIPHER FILES:= \ $(LINUX_DIR)/crypto/af_alg.ko \ + $(LINUX_DIR)/crypto/algif_aead.ko \ $(LINUX_DIR)/crypto/algif_hash.ko \ + $(LINUX_DIR)/crypto/algif_rng.ko \ $(LINUX_DIR)/crypto/algif_skcipher.ko - AUTOLOAD:=$(call AutoLoad,09,af_alg algif_hash algif_skcipher) + AUTOLOAD:=$(call AutoLoad,09,af_alg algif_aead algif_hash algif_rng algif_skcipher) $(call AddDepends/crypto) endef -- 2.17.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] ath79: Add support for ZBT-WD323
ZBT-WD323 is a dual-LTE router based on AR9344. The detailed specifications are: * AR9344 560MHz/450MHz/225MHz (CPU/DDR/AHN). * 128 MB RAM * 16MB of flash(SPI-NOR, 22MHz) * 1x 2.4GHz wifi (Atheros AR9340) * 3x 10/100Mbos Ethernet (AR8229) * 1x USB2.0 port * 2x miniPCIe-slots (USB2.0 only) * 2x SIM slots (standard size) * 4x LEDs (1 gpio controlled) * 1x reset button * 1x 10 pin terminal block (RS232, RS485, 4x GPIO) * 2x CP210x UART bridge controllers (used for RS232 and RS485) * 1x 2 pin 5mm industrial interface (input voltage 12V~36V) * 1x DC jack * 1x RTC (PCF8563) Tested: - Ethernet switch - Wifi - USB port - MiniPCIe-slots (+ SIM slots) - Sysupgrade - Reset button - RS232 Intallation and recovery: The board ships with OpenWRT, but sysupgrade does not work as a different firmware format than what is expected is generated. The easiest way to install (and recover) the router, is to use the web-interface provided by the bootloader (Breed). While the interface is in Chinese, it is easy to use. First, in order to access the interface, you need to hold down the reset button for around five seconds. Then, go to 192.168.1.1 in your browser. Click on the second item in the list on the left to access the recovery page. The second item on the next page is where you select the firmware. Select the menu item containing "Atheros SDK" and "16MB" in the dropdown close to the buttom, and click on the button at the bottom to start installation/recovery. Notes: * RS232 is available on /dev/ttyUSB0 and RS485 on /dev/ttyUSB1 Signed-off-by: Kristian Evensen --- .../ath79/base-files/etc/board.d/01_leds | 3 + .../ath79/base-files/etc/board.d/02_network | 1 + .../base-files/etc/board.d/03_gpio_switches | 6 + .../ath79/dts/ar9344_zbtlink_zbt-wd323.dts| 148 ++ target/linux/ath79/image/generic.mk | 9 ++ 5 files changed, 167 insertions(+) create mode 100644 target/linux/ath79/dts/ar9344_zbtlink_zbt-wd323.dts diff --git a/target/linux/ath79/base-files/etc/board.d/01_leds b/target/linux/ath79/base-files/etc/board.d/01_leds index 69e26a4773..48a5f2394b 100755 --- a/target/linux/ath79/base-files/etc/board.d/01_leds +++ b/target/linux/ath79/base-files/etc/board.d/01_leds @@ -210,6 +210,9 @@ yuncore,a770) ucidef_set_led_netdev "wan" "WAN" "$boardname:green:wan" "eth0" ucidef_set_led_switch "lan" "LAN" "$boardname:green:lan" "switch0" "0x10" ;; +zbtlink,zbt-wd323) + ucidef_set_led_wlan "wlan" "WLAN" "$boardname:green:wifi" "phy0tpt" + ;; esac board_config_flush diff --git a/target/linux/ath79/base-files/etc/board.d/02_network b/target/linux/ath79/base-files/etc/board.d/02_network index 7b89274ccf..df32e58baf 100755 --- a/target/linux/ath79/base-files/etc/board.d/02_network +++ b/target/linux/ath79/base-files/etc/board.d/02_network @@ -257,6 +257,7 @@ ath79_setup_interfaces() ucidef_add_switch "switch0" \ "0@eth0" "5:lan" "1:wan" ;; + zbtlink,zbt-wd323|\ xiaomi,mi-router-4q) ucidef_set_interface_wan "eth0" ucidef_add_switch "switch0" \ diff --git a/target/linux/ath79/base-files/etc/board.d/03_gpio_switches b/target/linux/ath79/base-files/etc/board.d/03_gpio_switches index 6a51a79790..1c8a46df19 100755 --- a/target/linux/ath79/base-files/etc/board.d/03_gpio_switches +++ b/target/linux/ath79/base-files/etc/board.d/03_gpio_switches @@ -29,6 +29,12 @@ ubnt,nanostation-ac) ubnt,acb-isp) ucidef_add_gpio_switch "poe_passthrough" "PoE Passthrough" "11" ;; +zbtlink,zbt-wd323) + ucidef_add_gpio_switch "io0" "IO#0" "0" + ucidef_add_gpio_switch "io1" "IO#1" "1" + ucidef_add_gpio_switch "io2" "IO#2" "2" + ucidef_add_gpio_switch "io14" "IO#14" "14" + ;; esac board_config_flush diff --git a/target/linux/ath79/dts/ar9344_zbtlink_zbt-wd323.dts b/target/linux/ath79/dts/ar9344_zbtlink_zbt-wd323.dts new file mode 100644 index 00..df67783952 --- /dev/null +++ b/target/linux/ath79/dts/ar9344_zbtlink_zbt-wd323.dts @@ -0,0 +1,148 @@ +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT +/dts-v1/; + +#include +#include + +#include "ar9344.dtsi" + +/ { + model = "ZBT WD323"; + compatible = "zbtlink,zbt-wd323", "qca,ar9334"; + + aliases { + serial0 = + }; + + keys { + compatible = "gpio-keys-polled"; + poll-interval = <20>; + + reset { + label = "reset"; + gpios = < 16 GPIO_ACTIVE_HIGH>; + linux,code = ; + }; + }; + + i2c { + compatible = "i2c-gpio"; + gpios = < 19 GPIO_ACTIVE_LOW + 15 GPIO_ACTIVE_LOW + >; + #address-cells = <1>; + #size-cells = <0>; + + pinctrl-names = "default"; + pinctrl-0 =
[OpenWrt-Devel] [PATCH RFC 5/5] ath79: make urngd default RNG seed source
This fixes some of the current urandom-seed based flaws. First, simply writing to /dev/urandom does not increase the kernel's entropy count, this casuses processes obtaining randomness to block. Particularly processes using OpenSSL's RAND_bytes() will block until the kernel emits 'random: crng init done'. This can take upwards of twenty minutes. According to random(4) the entropy count is only increased when using the RNDADDENTROPY ioctl. Second, urandom-seed is using /etc/urandom.seed file to seed the kernel's RNG machinery upon every boot. This file is created only once during first-boot and then reused on every consecutive boot, so pretty much static. So this patch removes urandom-seed package in favor of urngd, which is micro non-physical true random number generator based on timing jitter. Using the Jitter RNG core, the urngd provides an entropy source that feeds into the Linux /dev/random device if its entropy runs low. It updates the /dev/random entropy estimator such that the newly provided entropy unblocks /dev/random. The seeding of /dev/random also ensures that /dev/urandom benefits from entropy. Especially during boot time, when the entropy of Linux is low, the Jitter RNGd provides a source of sufficient entropy. Some RNG init time numbers from qca9563 (TP-Link Archer C7 v5): [ 12.045693] random: crng init done(urngd) [ 120.043132] random: crng init done(urandom-seed) Flash space details: urngd:+ 4579 b getrandom:- 1635 b urandom-seed: - 841 b -- diff + 2103 b Ref: https://patchwork.ozlabs.org/patch/1056981/ Ref: https://github.com/openwrt/openwrt/pull/2069#issue-279977445 Signed-off-by: Petr Štetiar Signed-off-by: Stephan Mueller [parts of the commit message] Signed-off-by: Dustin Lundquist [parts of the commit message] --- target/linux/ath79/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/linux/ath79/Makefile b/target/linux/ath79/Makefile index 0ccc0bed1ce0..840f30fb11be 100644 --- a/target/linux/ath79/Makefile +++ b/target/linux/ath79/Makefile @@ -13,8 +13,9 @@ KERNEL_TESTING_PATCHVER := 4.19 include $(INCLUDE_DIR)/target.mk +DEFAULT_PACKAGES:=$(filter-out urandom-seed,$(DEFAULT_PACKAGES)) DEFAULT_PACKAGES += \ kmod-gpio-button-hotplug swconfig \ - kmod-ath9k uboot-envtools + kmod-ath9k uboot-envtools urngd $(eval $(call BuildTarget)) -- 1.9.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH RFC 4/5] build: add urandom-seed to the default packages set
urandom-seed content was split from base-files into separate package so in order to preserve the current functionality we need to add it back. Signed-off-by: Petr Štetiar --- include/target.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/target.mk b/include/target.mk index 4f3bd43e6cb6..0ece3e569480 100644 --- a/include/target.mk +++ b/include/target.mk @@ -13,7 +13,7 @@ __target_inc=1 DEVICE_TYPE?=router # Default packages - the really basic set -DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd +DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed # For nas targets DEFAULT_PACKAGES.nas:=block-mount fdisk lsblk mdadm # For router targets -- 1.9.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH RFC 2/5] ubox: move getrandom into separate getrandom package
So it's possible to install or remove it as needed. Signed-off-by: Petr Štetiar --- package/system/ubox/Makefile | 17 ++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/package/system/ubox/Makefile b/package/system/ubox/Makefile index 268fab9d74bb..ab79731a561a 100644 --- a/package/system/ubox/Makefile +++ b/package/system/ubox/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ubox -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/ubox.git @@ -27,18 +27,28 @@ define Package/ubox TITLE:=OpenWrt system helper toolbox endef +define Package/getrandom + SECTION:=base + CATEGORY:=Base system + TITLE:=OpenWrt getrandom system helper +endef + define Package/logd -SECTION:=base + SECTION:=base CATEGORY:=Base system DEPENDS:=+libubox +libubus +libblobmsg-json +USE_GLIBC:librt TITLE:=OpenWrt system log implementation endef +define Package/getrandom/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/getrandom $(1)/usr/bin/ +endef + define Package/ubox/install $(INSTALL_DIR) $(1)/sbin $(1)/usr/sbin $(1)/lib $(1)/usr/bin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{kmodloader,validate_data} $(1)/sbin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/getrandom $(1)/usr/bin/ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libvalidate.so $(1)/lib $(LN) kmodloader $(1)/sbin/rmmod @@ -56,4 +66,5 @@ define Package/logd/install endef $(eval $(call BuildPackage,ubox)) +$(eval $(call BuildPackage,getrandom)) $(eval $(call BuildPackage,logd)) -- 1.9.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH RFC 0/5] ath79: add micro non-physical true RNG based on timing jitter
Hi, this patch series is an RFC which attempts to fix some of the current urandom-seed based flaws. First, simply writing to /dev/urandom does not increase the kernel's entropy count, this casuses processes obtaining randomness to block. Particularly processes using OpenSSL's RAND_bytes() will block until the kernel emits 'random: crng init done'. This can take upwards of twenty minutes. According to random(4) the entropy count is only increased when using the RNDADDENTROPY ioctl, which urandom-seed currently doesn't use when feeding the kernel RNG. Second, urandom-seed is using /etc/urandom.seed file to seed the kernel's RNG machinery upon every boot. The problem is, that this file is created only once during first-boot and then reused on every consecutive boot, so pretty much static. So this patch series removes urandom-seed package in favor of urngd, which is new micro non-physical true random number generator (system service) based on timing jitter. Using the Jitter RNG core, the urngd provides an entropy source that feeds into the Linux /dev/random device if its entropy runs low. It updates the /dev/random entropy estimator such that the newly provided entropy unblocks /dev/random. The seeding of /dev/random also ensures that /dev/urandom benefits from entropy. Especially during boot time, when the entropy of Linux is low, the Jitter RNGd provides a source of sufficient entropy. Some RNG init time numbers from qca9563 (TP-Link Archer C7 v5): [ 12.045693] random: crng init done(urngd) [ 120.043132] random: crng init done(urandom-seed) Flash space details: urngd:+ 4579 b getrandom:- 1635 b urandom-seed: - 841 b -- diff + 2103 b Cc: Stephan Mueller Cc: Dustin Lundquist Petr Štetiar (5): urng: add micro non-physical true RNG based on timing jitter ubox: move getrandom into separate getrandom package base-files: move urandom seed bits into separate package build: add urandom-seed to the default packages set ath79: make urngd default RNG seed source include/target.mk | 2 +- package/base-files/Makefile| 11 - package/base-files/files/etc/init.d/urandom_seed | 12 -- .../base-files/files/lib/preinit/81_urandom_seed | 24 --- package/base-files/files/sbin/urandom_seed | 20 - package/system/ubox/Makefile | 17 ++-- package/system/urandom-seed/Makefile | 32 +++ .../urandom-seed/files/etc/init.d/urandom_seed | 12 ++ .../urandom-seed/files/lib/preinit/81_urandom_seed | 24 +++ .../system/urandom-seed/files/sbin/urandom_seed| 20 + package/system/urngd/Makefile | 48 ++ package/system/urngd/files/urngd.init | 21 ++ target/linux/ath79/Makefile| 3 +- 13 files changed, 184 insertions(+), 62 deletions(-) delete mode 100755 package/base-files/files/etc/init.d/urandom_seed delete mode 100644 package/base-files/files/lib/preinit/81_urandom_seed delete mode 100755 package/base-files/files/sbin/urandom_seed create mode 100644 package/system/urandom-seed/Makefile create mode 100755 package/system/urandom-seed/files/etc/init.d/urandom_seed create mode 100644 package/system/urandom-seed/files/lib/preinit/81_urandom_seed create mode 100755 package/system/urandom-seed/files/sbin/urandom_seed create mode 100644 package/system/urngd/Makefile create mode 100755 package/system/urngd/files/urngd.init -- 1.9.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH RFC 1/5] urng: add micro non-physical true RNG based on timing jitter
μrngd is OpenWrt's micro non-physical true random number generator based on timing jitter. Using the Jitter RNG core, the rngd provides an entropy source that feeds into the Linux /dev/random device if its entropy runs low. It updates the /dev/random entropy estimator such that the newly provided entropy unblocks /dev/random. The seeding of /dev/random also ensures that /dev/urandom benefits from entropy. Especially during boot time, when the entropy of Linux is low, the Jitter RNGd provides a source of sufficient entropy. Signed-off-by: Petr Štetiar --- package/system/urngd/Makefile | 48 +++ package/system/urngd/files/urngd.init | 21 +++ 2 files changed, 69 insertions(+) create mode 100644 package/system/urngd/Makefile create mode 100755 package/system/urngd/files/urngd.init diff --git a/package/system/urngd/Makefile b/package/system/urngd/Makefile new file mode 100644 index ..95647487cbbf --- /dev/null +++ b/package/system/urngd/Makefile @@ -0,0 +1,48 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=urngd +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL=https://github.com/ynezz/openwrt-urngd +PKG_SOURCE_DATE:=2019-05-20 +PKG_SOURCE_VERSION:=7146f0c33c4f68883e60169066a4a863ae388fc5 +PKG_MIRROR_HASH:=839b1b23163bc907625ed6c6122faec9404cb72d8587ece796a9cec1422b6077 + +PKG_LICENSE:=GPL-2.0 BSD-3-Clause +PKG_LICENSE_FILES:= + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/$(PKG_NAME) + SECTION:=utils + CATEGORY:=Base system + TITLE:=OpenWrt non-physical true random number generator based on timing jitter + DEPENDS:=+libubox +endef + +define Package/$(PKG_NAME)/description + μrngd is OpenWrt's micro non-physical true random number generator based on + timing jitter. + + Using the Jitter RNG core, the rngd provides an entropy source that feeds into + the Linux /dev/random device if its entropy runs low. It updates the + /dev/random entropy estimator such that the newly provided entropy unblocks + /dev/random. + + The seeding of /dev/random also ensures that /dev/urandom benefits from + entropy. Especially during boot time, when the entropy of Linux is low, the + Jitter RNGd provides a source of sufficient entropy. +endef + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/$(PKG_NAME).init $(1)/etc/init.d/$(PKG_NAME) + $(INSTALL_DIR) $(1)/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(PKG_NAME) $(1)/sbin/$(PKG_NAME) +endef + +$(eval $(call BuildPackage,$(PKG_NAME))) diff --git a/package/system/urngd/files/urngd.init b/package/system/urngd/files/urngd.init new file mode 100755 index ..ab1d5cf9d46a --- /dev/null +++ b/package/system/urngd/files/urngd.init @@ -0,0 +1,21 @@ +#!/bin/sh /etc/rc.common + +START=00 + +USE_PROCD=1 +NAME=urngd +PROG=/sbin/urngd + +start_service() { + procd_open_instance + procd_set_param command "$PROG" + procd_close_instance +} + +stop() { + service_stop $PROG +} + +reload() { + service_reload $PROG +} -- 1.9.1 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] upgrade: nand: fix board_name assumtions
On 5/20/19 6:42 AM, Jeff Kletsky wrote: cc-ing primary Imgtec / pistachio / Creator Ci40 contributors identified Note that all five imgtec.com email addresses found in the commit log bounce. The pistachio and the Ci40 do not seem to appear on the imgtec.com site, nor do related downloads at https://www.imgtec.com/downloads/ Jeff ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] upgrade: nand: fix board_name assumtions
cc-ing primary Imgtec / pistachio / Creator Ci40 contributors identified On 5/20/19 3:14 AM, Bjørn Mork wrote: nand_do_platform_check assumes that the current board name is used as-is in the tar file sysupgrade directory. This fails for any image supporting multiple device names, and it also fails if the board_name contains a comma. Signed-off-by: Bjørn Mork --- This is a local workaround I'va had lying around for a while. Please consider if it makes any sense at all, or if there are better ways to solve the problem. I don't have an actual upstreamed usecase, as this is an issue I've met while trying to prepare for a never-finished ZyXEL WAP6805 support... Bjørn package/base-files/files/lib/upgrade/nand.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package/base-files/files/lib/upgrade/nand.sh b/package/base-files/files/lib/upgrade/nand.sh index 99916a4e96fc..14856357989e 100644 --- a/package/base-files/files/lib/upgrade/nand.sh +++ b/package/base-files/files/lib/upgrade/nand.sh @@ -320,7 +320,9 @@ nand_do_upgrade() { nand_do_platform_check() { local board_name="$1" local tar_file="$2" - local control_length=`(tar xf $tar_file sysupgrade-$board_name/CONTROL -O | wc -c) 2> /dev/null` + local board_dir=$(tar tf $tar_file | grep -m 1 '^sysupgrade-.*/$') + board_dir=${board_dir%/} + local control_length=`(tar xf $tar_file ${board_dir}/CONTROL -O | wc -c) 2> /dev/null` local file_type="$(identify $2)" [ "$control_length" = 0 -a "$file_type" != "ubi" -a "$file_type" != "ubifs" ] && { Your timing as good as I've been wrestling with this as well in context of providing ath79 support for SPI-NAND[1]. At least for me, the use case is the equivalent of nand_do_platform_check $(board_name) ${upgrade_file_name} without jumping through hoops of translating the output of $(board_name) to the expected tar-dir name for each and every instance of the call. I don't know that there is a "better" solution, but what I have found: * nand_do_platform_upgrade() is called by relatively few targets * ath79 (see [1]) * pistachio * imx6 * ar71xx * I can see a desire to check for a *specific* tar-dir name, rather than just "any" tar-dir name (wrestled with this for a while) * Only one board seems to prevent a first-comma-to-underscore approach, the `img,pistachio-marduk` uses `sysupgrade-img,pistachio-marduk` otherwise, I've got this on a development branch + local tar_dir_name="sysupgrade-$(echo "$board_name" | sed -e s/,/_/)" + local control_length=`(tar xf $tar_file ${tar_dir_name}/CONTROL -O | wc -c) 2> /dev/null` It looks like the pistachio board could have its Makefile modified to bring it's tar-dir name into the "standard" underscore form, however I don't have one of these boards to test with, nor do I know if the file-name change would impact users. One set of changes I explored last night comes down to - IMAGE/sysupgrade.tar := sysupgrade-tar + IMAGE/sysupgrade.tar := sysupgrade-tar | append-metadata endef -define Device/marduk - BOARD_NAME := img,pistachio-marduk +define Device/img_pistachio-marduk DEVICE_DTS := img/pistachio_marduk BLOCKSIZE := 256KiB PAGESIZE := 4KiB DEVICE_TITLE := Creator Ci40 DEVICE_PACKAGES := kmod-tpm-i2c-infineon endef - -TARGET_DEVICES += marduk +TARGET_DEVICES += img_pistachio-marduk commit b1c010 (HEAD -> jmk-pistachio) Author: Jeff Kletsky Date: Sun May 19 20:28:12 2019 -0700 pistachio: Update image/Makefile for tar root and metadata Prior to this patch, the img,pistachio-marduk was the only board that used the comma-delimited board name for the sysupgrade-tar directory rather than the underscore-delimited, DTS-compatible form. To allow for easier use of $(board_name) in upgrade scripting, this patch brings the sysupgrade-tar directory into the more canonical form. It also adds append-metadata to the sysupgrade-tar image. The board name at run time should be the same as before. However, the build results have a different name, changing from openwrt-pistachio-marduk-squashfs-sysupgrade.tar to openwrt-pistachio-img_pistachio-marduk-squashfs-sysupgrade.tar [1] http://patchwork.ozlabs.org/project/openwrt/list/?series=107880 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] upgrade: nand: fix board_name assumtions
nand_do_platform_check assumes that the current board name is used as-is in the tar file sysupgrade directory. This fails for any image supporting multiple device names, and it also fails if the board_name contains a comma. Signed-off-by: Bjørn Mork --- This is a local workaround I'va had lying around for a while. Please consider if it makes any sense at all, or if there are better ways to solve the problem. I don't have an actual upstreamed usecase, as this is an issue I've met while trying to prepare for a never-finished ZyXEL WAP6805 support... Bjørn package/base-files/files/lib/upgrade/nand.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package/base-files/files/lib/upgrade/nand.sh b/package/base-files/files/lib/upgrade/nand.sh index 99916a4e96fc..14856357989e 100644 --- a/package/base-files/files/lib/upgrade/nand.sh +++ b/package/base-files/files/lib/upgrade/nand.sh @@ -320,7 +320,9 @@ nand_do_upgrade() { nand_do_platform_check() { local board_name="$1" local tar_file="$2" - local control_length=`(tar xf $tar_file sysupgrade-$board_name/CONTROL -O | wc -c) 2> /dev/null` + local board_dir=$(tar tf $tar_file | grep -m 1 '^sysupgrade-.*/$') + board_dir=${board_dir%/} + local control_length=`(tar xf $tar_file ${board_dir}/CONTROL -O | wc -c) 2> /dev/null` local file_type="$(identify $2)" [ "$control_length" = 0 -a "$file_type" != "ubi" -a "$file_type" != "ubifs" ] && { -- 2.11.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel