From 40ef52863f73539f15f5f525c53f8e637b6d4469 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Fri, 9 Aug 2024 10:54:27 +0200 Subject: [PATCH 01/20] configs: drop openssl engines from riscv This was a temporary fix to a Buildroot regression, reverted in Infix commit c7c21b3 Signed-off-by: Joachim Wiberg --- configs/riscv64_defconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/configs/riscv64_defconfig b/configs/riscv64_defconfig index dd6bd9fde..a1fc79ecc 100644 --- a/configs/riscv64_defconfig +++ b/configs/riscv64_defconfig @@ -70,7 +70,6 @@ BR2_PACKAGE_LIBSSH2=y BR2_PACKAGE_LIBSSH2_OPENSSL=y BR2_PACKAGE_LIBXCRYPT=y BR2_PACKAGE_LIBOPENSSL_BIN=y -BR2_PACKAGE_LIBOPENSSL_ENGINES=y BR2_PACKAGE_LIBINPUT=y BR2_PACKAGE_LIBCURL_CURL=y BR2_PACKAGE_NETOPEER2_CLI=y From 9ca816044b988da775b420c755b44865031e3014 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Fri, 9 Aug 2024 10:51:09 +0200 Subject: [PATCH 02/20] board/aarch64/r2s: generalized secure boot support - Bump kernel to 6.10.3 - Initial defconfig sync with aarch64 - Enable kprobes, ksyms, and function tracer - Enable missing file systems for parity with Infix - Enable bridging, netfilter, and other Infix requirements - Initial virtion support for running in Qemu (untested) - Enable device mapper, required for rauc bundle install - Make dummy and tunnel drivers modules to be able to drop dummy0 and tunl0 interfaces that otherwise mess up "show interfaces" - Disable suspend and hibernation, not supported in Infix - Disable unused GPIO, PHY, MDIO, and USB drivers - Disable RK3328 watchdog driver, cannot perform reset on R2S, enablle softdog instead as a seamless replacement for Infix. Even though not optimal (since it's software) reboot works - Disable ethtool netlink support, does not work and breaks interface configuration completely on R2S! - Enable netdev LED triggers, for LAN and WAN LEDs - Bump u-boot to 2024.07 - Hard code developer mode to allow shell access - Disable factory reset button support (not yet supported) - Bump ATF to v2.9 - Enable squashfs for rootfs image - Enable signing of images - Add secondary partition - Add dedicated var partition - Add aux partition for signatures and uboot env Signed-off-by: Joachim Wiberg --- board/aarch64/r2s/extlinux.conf | 4 - board/aarch64/r2s/genimage.cfg | 45 ++++- board/aarch64/r2s/linux_defconfig | 226 ++++++++++++++++++-------- board/aarch64/r2s/uboot/extras.config | 6 + board/aarch64/r2s/uboot/r2s-env.dtsi | 12 ++ configs/r2s_defconfig | 33 ++-- 6 files changed, 238 insertions(+), 88 deletions(-) delete mode 100644 board/aarch64/r2s/extlinux.conf create mode 100644 board/aarch64/r2s/uboot/extras.config create mode 100644 board/aarch64/r2s/uboot/r2s-env.dtsi diff --git a/board/aarch64/r2s/extlinux.conf b/board/aarch64/r2s/extlinux.conf deleted file mode 100644 index 0e2b3c031..000000000 --- a/board/aarch64/r2s/extlinux.conf +++ /dev/null @@ -1,4 +0,0 @@ -label Infix on NanoPi R2S - kernel /boot/Image - devicetree /boot/rk3328-nanopi-r2s.dtb - append root=/dev/mmcblk0p1 rw rootwait bonding.max_bonds=0 dummy.numdummies=0 fb_tunnels=none quiet diff --git a/board/aarch64/r2s/genimage.cfg b/board/aarch64/r2s/genimage.cfg index 850ee31a4..5c6820dbc 100644 --- a/board/aarch64/r2s/genimage.cfg +++ b/board/aarch64/r2s/genimage.cfg @@ -1,37 +1,68 @@ image cfg.ext4 { + empty = true + temporary = true + size = 16M + ext4 { label = "cfg" } +} + +image var.ext4 { empty = true - size = 16M + temporary = true + size = 512M + + ext4 { + label = "var" + use-mke2fs = true + } } image sdcard.img { hdimage { + partition-table-type = "gpt" } partition u-boot-tpl-spl-dtb { in-partition-table = "no" - image = "idbloader.img" offset = 32K + image = "idbloader.img" } partition u-boot-dtb { in-partition-table = "no" - image = "u-boot.itb" offset = 8M + image = "u-boot.itb" } - partition rootfs { - partition-type = 0x83 + partition aux { + partition-uuid = D4EF35A0-0652-45A1-B3DE-D63339C82035 offset = 16M - image = "rootfs.ext4" + image = "aux.ext4" + } + + partition primary { + partition-type-uuid = 0FC63DAF-8483-4772-8E79-3D69D8477DE4 + bootable = true + image = "rootfs.squashfs" + } + + partition secondary { + partition-type-uuid = 0FC63DAF-8483-4772-8E79-3D69D8477DE4 + bootable = true + image = "rootfs.squashfs" } partition cfg { - partition-type = 0x83 + partition-uuid = 7aa497f0-73b5-47e5-b2ab-8752d8a48105 image = "cfg.ext4" } + + partition var { + partition-uuid = 8046A06A-E45A-4A14-A6AD-6684704A393F + image = "var.ext4" + } } # Silence genimage warnings diff --git a/board/aarch64/r2s/linux_defconfig b/board/aarch64/r2s/linux_defconfig index c2ce2eb23..d2c8183c5 100644 --- a/board/aarch64/r2s/linux_defconfig +++ b/board/aarch64/r2s/linux_defconfig @@ -3,22 +3,31 @@ CONFIG_POSIX_MQUEUE=y CONFIG_AUDIT=y CONFIG_NO_HZ_IDLE=y CONFIG_HIGH_RES_TIMERS=y +CONFIG_BPF_SYSCALL=y CONFIG_BPF_JIT=y CONFIG_PREEMPT=y CONFIG_IRQ_TIME_ACCOUNTING=y CONFIG_BSD_PROCESS_ACCT=y CONFIG_BSD_PROCESS_ACCT_V3=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_PSI=y CONFIG_IKCONFIG=y CONFIG_IKCONFIG_PROC=y -CONFIG_NUMA_BALANCING=y +CONFIG_LOG_BUF_SHIFT=18 CONFIG_MEMCG=y CONFIG_BLK_CGROUP=y +CONFIG_CFS_BANDWIDTH=y +CONFIG_RT_GROUP_SCHED=y CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_FREEZER=y CONFIG_CGROUP_HUGETLB=y CONFIG_CPUSETS=y CONFIG_CGROUP_DEVICE=y CONFIG_CGROUP_CPUACCT=y CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_BPF=y CONFIG_NAMESPACES=y CONFIG_USER_NS=y CONFIG_SCHED_AUTOGROUP=y @@ -27,19 +36,16 @@ CONFIG_EXPERT=y CONFIG_KALLSYMS_ALL=y CONFIG_PROFILING=y CONFIG_KEXEC_FILE=y -CONFIG_CRASH_DUMP=y CONFIG_ARCH_ACTIONS=y CONFIG_ARCH_ROCKCHIP=y CONFIG_ARCH_VEXPRESS=y CONFIG_ARM64_VA_BITS_48=y CONFIG_SCHED_MC=y CONFIG_SCHED_SMT=y -CONFIG_NUMA=y +CONFIG_NR_CPUS=8 CONFIG_COMPAT=y CONFIG_RANDOMIZE_BASE=y -CONFIG_HIBERNATION=y -CONFIG_WQ_POWER_EFFICIENT_DEFAULT=y -CONFIG_ENERGY_MODEL=y +# CONFIG_SUSPEND is not set CONFIG_ARM_PSCI_CPUIDLE=y CONFIG_CPU_FREQ=y CONFIG_CPU_FREQ_STAT=y @@ -48,8 +54,8 @@ CONFIG_CPU_FREQ_GOV_USERSPACE=y CONFIG_CPU_FREQ_GOV_ONDEMAND=y CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m CONFIG_CPUFREQ_DT=y -CONFIG_ACPI_CPPC_CPUFREQ=m CONFIG_ARM_SCMI_CPUFREQ=y +CONFIG_ACPI_CPPC_CPUFREQ=m CONFIG_ACPI=y CONFIG_ACPI_APEI=y CONFIG_ACPI_APEI_GHES=y @@ -57,6 +63,7 @@ CONFIG_ACPI_APEI_MEMORY_FAILURE=y CONFIG_ACPI_APEI_EINJ=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=y +CONFIG_KPROBES=y CONFIG_JUMP_LABEL=y # CONFIG_GCC_PLUGINS is not set CONFIG_MODULES=y @@ -67,8 +74,11 @@ CONFIG_KSM=y CONFIG_MEMORY_FAILURE=y CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_CMA=y +CONFIG_CMA_AREAS=20 CONFIG_NET=y CONFIG_PACKET=y +CONFIG_XDP_SOCKETS=y +CONFIG_XDP_SOCKETS_DIAG=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y @@ -76,24 +86,66 @@ CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_PNP=y CONFIG_IP_PNP_DHCP=y CONFIG_IP_PNP_BOOTP=y -CONFIG_NET_IPIP=y -CONFIG_NET_IPGRE_DEMUX=y +CONFIG_NET_IPIP=m +CONFIG_NET_IPGRE_DEMUX=m CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y CONFIG_IP_MROUTE_MULTIPLE_TABLES=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y -CONFIG_IPV6=m +CONFIG_SYN_COOKIES=y +CONFIG_IPV6_SIT=m +CONFIG_IPV6_GRE=m +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +CONFIG_IPV6_MROUTE=y +CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y +CONFIG_IPV6_PIMSM_V2=y +CONFIG_NETWORK_PHY_TIMESTAMPING=y CONFIG_NETFILTER=y -CONFIG_NF_CONNTRACK=m +CONFIG_BRIDGE_NETFILTER=y +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NF_CONNTRACK=y CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_FTP=y CONFIG_NF_TABLES=y CONFIG_NF_TABLES_INET=y +CONFIG_NF_TABLES_NETDEV=y +CONFIG_NFT_CT=m +CONFIG_NFT_CONNLIMIT=m +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_MASQ=m +CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m +CONFIG_NFT_TUNNEL=m +CONFIG_NFT_QUEUE=m +CONFIG_NFT_REJECT=m +CONFIG_NFT_COMPAT=m +CONFIG_NFT_HASH=m +CONFIG_NFT_SOCKET=m +CONFIG_NFT_OSF=m +CONFIG_NFT_DUP_NETDEV=m +CONFIG_NFT_FWD_NETDEV=m +CONFIG_NFT_REJECT_NETDEV=m CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m CONFIG_NETFILTER_XT_TARGET_LOG=m CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m +CONFIG_NETFILTER_XT_MATCH_BPF=m +CONFIG_NETFILTER_XT_MATCH_CGROUP=m +CONFIG_NETFILTER_XT_MATCH_COMMENT=m +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m +CONFIG_NETFILTER_XT_MATCH_CONNMARK=m CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m +CONFIG_NETFILTER_XT_MATCH_DSCP=m +CONFIG_NETFILTER_XT_MATCH_HELPER=m +CONFIG_NETFILTER_XT_MATCH_LIMIT=m +CONFIG_NETFILTER_XT_MATCH_MAC=m +CONFIG_NETFILTER_XT_MATCH_MARK=m +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m @@ -101,17 +153,46 @@ CONFIG_IP_NF_NAT=m CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_MANGLE=m CONFIG_IP6_NF_IPTABLES=m +CONFIG_IP6_NF_MATCH_AH=m +CONFIG_IP6_NF_MATCH_EUI64=m +CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m +CONFIG_IP6_NF_RAW=m CONFIG_IP6_NF_NAT=m CONFIG_IP6_NF_TARGET_MASQUERADE=m -CONFIG_BRIDGE=m +CONFIG_IP6_NF_TARGET_NPT=m +CONFIG_NF_TABLES_BRIDGE=m +CONFIG_NFT_BRIDGE_META=m +CONFIG_NFT_BRIDGE_REJECT=m +CONFIG_NF_CONNTRACK_BRIDGE=y +CONFIG_BRIDGE_NF_EBTABLES=m +CONFIG_BRIDGE_EBT_BROUTE=m +CONFIG_BRIDGE_EBT_T_FILTER=m +CONFIG_BRIDGE_EBT_T_NAT=m +CONFIG_BRIDGE_EBT_802_3=m +CONFIG_BRIDGE_EBT_AMONG=m +CONFIG_BRIDGE_EBT_ARP=m +CONFIG_BRIDGE_EBT_IP=m +CONFIG_BRIDGE_EBT_IP6=m +CONFIG_BRIDGE_EBT_LIMIT=m +CONFIG_BRIDGE_EBT_MARK=m +CONFIG_BRIDGE_EBT_PKTTYPE=m +CONFIG_BRIDGE_EBT_STP=m +CONFIG_BRIDGE_EBT_VLAN=m +CONFIG_BRIDGE_EBT_ARPREPLY=m +CONFIG_BRIDGE_EBT_DNAT=m +CONFIG_BRIDGE_EBT_MARK_T=m +CONFIG_BRIDGE_EBT_REDIRECT=m +CONFIG_BRIDGE_EBT_SNAT=m +CONFIG_BRIDGE_EBT_LOG=m +CONFIG_BRIDGE_EBT_NFLOG=m +CONFIG_BRIDGE=y CONFIG_BRIDGE_VLAN_FILTERING=y -CONFIG_NET_DSA=m -CONFIG_NET_DSA_TAG_OCELOT=m -CONFIG_NET_DSA_TAG_OCELOT_8021Q=m -CONFIG_VLAN_8021Q=m +CONFIG_BRIDGE_MRP=y +CONFIG_BRIDGE_CFM=y +CONFIG_VLAN_8021Q=y CONFIG_VLAN_8021Q_GVRP=y CONFIG_VLAN_8021Q_MVRP=y CONFIG_NET_SCHED=y @@ -121,11 +202,21 @@ CONFIG_NET_SCH_TAPRIO=m CONFIG_NET_SCH_MQPRIO=m CONFIG_NET_SCH_INGRESS=m CONFIG_NET_CLS_BASIC=m +CONFIG_NET_CLS_BPF=m CONFIG_NET_CLS_FLOWER=m CONFIG_NET_CLS_ACT=y -CONFIG_NET_ACT_GACT=m -CONFIG_NET_ACT_MIRRED=m -CONFIG_NET_ACT_GATE=m +CONFIG_NET_ACT_GACT=y +CONFIG_NET_ACT_MIRRED=y +CONFIG_NET_ACT_NAT=y +CONFIG_NET_ACT_SKBEDIT=y +CONFIG_NET_ACT_VLAN=y +CONFIG_NET_ACT_BPF=y +CONFIG_DCB=y +CONFIG_NETLINK_DIAG=y +CONFIG_MPLS=y +CONFIG_NET_MPLS_GSO=y +CONFIG_MPLS_ROUTING=m +CONFIG_NET_PKTGEN=y CONFIG_BT=m CONFIG_BT_HIDP=m # CONFIG_BT_LE is not set @@ -142,6 +233,7 @@ CONFIG_MAC80211_LEDS=y CONFIG_RFKILL=y CONFIG_NET_9P=y CONFIG_NET_9P_VIRTIO=y +# CONFIG_ETHTOOL_NETLINK is not set CONFIG_PCI=y CONFIG_PCIEPORTBUS=y CONFIG_PCI_IOV=y @@ -171,6 +263,7 @@ CONFIG_MTD_PHYSMAP=y CONFIG_MTD_PHYSMAP_OF=y CONFIG_MTD_DATAFLASH=y CONFIG_MTD_SST25L=y +CONFIG_MTD_BLOCK2MTD=y CONFIG_MTD_RAW_NAND=y CONFIG_MTD_NAND_DENALI_DT=y CONFIG_MTD_SPI_NOR=y @@ -191,6 +284,7 @@ CONFIG_SCSI_HISI_SAS=y CONFIG_SCSI_HISI_SAS_PCI=y CONFIG_MEGARAID_SAS=y CONFIG_SCSI_MPT3SAS=m +CONFIG_SCSI_VIRTIO=y CONFIG_ATA=y CONFIG_SATA_AHCI=y CONFIG_SATA_AHCI_PLATFORM=y @@ -198,22 +292,28 @@ CONFIG_AHCI_CEVA=y CONFIG_SATA_SIL24=y CONFIG_PATA_OF_PLATFORM=y CONFIG_MD=y -CONFIG_BLK_DEV_MD=m -CONFIG_BLK_DEV_DM=m -CONFIG_DM_MIRROR=m -CONFIG_DM_ZERO=m +# CONFIG_MD_BITMAP_FILE is not set +CONFIG_BLK_DEV_DM=y +CONFIG_DM_INIT=y +CONFIG_DM_VERITY=y +CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y CONFIG_NETDEVICES=y CONFIG_BONDING=m -CONFIG_DUMMY=y +CONFIG_DUMMY=m CONFIG_WIREGUARD=m CONFIG_MACVLAN=m CONFIG_MACVTAP=m -CONFIG_VXLAN=y +CONFIG_IPVLAN=m +CONFIG_IPVTAP=m +CONFIG_VXLAN=m CONFIG_GENEVE=m CONFIG_BAREUDP=m -CONFIG_TUN=y +CONFIG_MACSEC=m +CONFIG_TUN=m CONFIG_VETH=m -CONFIG_VIRTIO_NET=m +CONFIG_VIRTIO_NET=y +CONFIG_NLMON=y +CONFIG_NET_VRF=y # CONFIG_NET_VENDOR_3COM is not set # CONFIG_NET_VENDOR_ACTIONS is not set # CONFIG_NET_VENDOR_ADAPTEC is not set @@ -283,15 +383,12 @@ CONFIG_STMMAC_ETH=y # CONFIG_NET_VENDOR_VIA is not set # CONFIG_NET_VENDOR_WIZNET is not set # CONFIG_NET_VENDOR_XILINX is not set +CONFIG_LED_TRIGGER_PHY=y CONFIG_AX88796B_PHY=y -CONFIG_MICREL_PHY=y -CONFIG_MICROSEMI_PHY=y -CONFIG_AT803X_PHY=m +CONFIG_DAVICOM_PHY=m CONFIG_REALTEK_PHY=y CONFIG_ROCKCHIP_PHY=y CONFIG_MDIO_BITBANG=y -CONFIG_MDIO_BCM_UNIMAC=m -CONFIG_MDIO_THUNDER=y CONFIG_MDIO_BUS_MUX_MULTIPLEXER=y CONFIG_MDIO_BUS_MUX_MMIOREG=y CONFIG_USB_RTL8150=m @@ -299,6 +396,7 @@ CONFIG_USB_RTL8152=m CONFIG_USB_USBNET=y CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_AX88179_178A=m +CONFIG_USB_NET_CDC_NCM=m CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SMSC75XX=m CONFIG_USB_NET_SMSC95XX=m @@ -306,13 +404,12 @@ CONFIG_USB_NET_NET1080=m CONFIG_USB_NET_PLUSB=m CONFIG_USB_NET_MCS7830=m CONFIG_USB_NET_CDC_SUBSET=m -CONFIG_USB_NET_ZAURUS=m +# CONFIG_USB_NET_ZAURUS is not set CONFIG_ATH10K=m CONFIG_ATH10K_PCI=m CONFIG_WCN36XX=m # CONFIG_WLAN_VENDOR_ATMEL is not set # CONFIG_WLAN_VENDOR_BROADCOM is not set -# CONFIG_WLAN_VENDOR_CISCO is not set # CONFIG_WLAN_VENDOR_INTEL is not set # CONFIG_WLAN_VENDOR_INTERSIL is not set # CONFIG_WLAN_VENDOR_MARVELL is not set @@ -355,7 +452,6 @@ CONFIG_RTW89_DEBUGMSG=y # CONFIG_WLAN_VENDOR_TI is not set # CONFIG_WLAN_VENDOR_ZYDAS is not set # CONFIG_WLAN_VENDOR_QUANTENNA is not set -CONFIG_NET_FAILOVER=y CONFIG_INPUT_FF_MEMLESS=y # CONFIG_INPUT_KEYBOARD is not set # CONFIG_INPUT_MOUSE is not set @@ -404,11 +500,6 @@ CONFIG_PPS=y CONFIG_DEBUG_PINCTRL=y CONFIG_PINCTRL_RK805=y CONFIG_PINCTRL_SINGLE=y -CONFIG_GPIO_ALTERA=m -CONFIG_GPIO_DWAPB=y -CONFIG_GPIO_MB86S7X=y -CONFIG_GPIO_PL061=y -CONFIG_GPIO_XGENE=y CONFIG_GPIO_MAX732X=y CONFIG_GPIO_PCA953X=y CONFIG_GPIO_PCA953X_IRQ=y @@ -424,15 +515,12 @@ CONFIG_SENSORS_ARM_SCMI=y CONFIG_SENSORS_ARM_SCPI=y CONFIG_SENSORS_LM90=m CONFIG_SENSORS_PWM_FAN=m -CONFIG_THERMAL_GOV_POWER_ALLOCATOR=y CONFIG_CPU_THERMAL=y CONFIG_THERMAL_EMULATION=y CONFIG_ROCKCHIP_THERMAL=m CONFIG_WATCHDOG=y -CONFIG_ARM_SP805_WATCHDOG=y -CONFIG_ARM_SBSA_WATCHDOG=y -CONFIG_DW_WATCHDOG=y -CONFIG_ARM_SMC_WATCHDOG=y +CONFIG_WATCHDOG_SYSFS=y +CONFIG_SOFT_WATCHDOG=y CONFIG_MFD_RK8XX_I2C=y CONFIG_MFD_RK8XX_SPI=y CONFIG_MFD_STMFX=y @@ -445,6 +533,7 @@ CONFIG_REGULATOR_VCTRL=y CONFIG_REGULATOR_VEXPRESS=m # CONFIG_HID_GENERIC is not set # CONFIG_USB_HID is not set +CONFIG_USB_ULPI_BUS=y CONFIG_USB_CONN_GPIO=y CONFIG_USB=y CONFIG_USB_ANNOUNCE_NEW_DEVICES=y @@ -452,6 +541,7 @@ CONFIG_USB_DYNAMIC_MINORS=y CONFIG_USB_OTG=y CONFIG_USB_XHCI_HCD=y CONFIG_USB_EHCI_HCD=y +CONFIG_USB_EHCI_ROOT_HUB_TT=y CONFIG_USB_EHCI_HCD_PLATFORM=y CONFIG_USB_OHCI_HCD=y CONFIG_USB_OHCI_HCD_PLATFORM=y @@ -460,10 +550,6 @@ CONFIG_USB_STORAGE=y CONFIG_USB_MUSB_HDRC=y CONFIG_USB_DWC3=y CONFIG_USB_DWC2=y -CONFIG_USB_CHIPIDEA=y -CONFIG_USB_CHIPIDEA_UDC=y -CONFIG_USB_CHIPIDEA_HOST=y -CONFIG_USB_ISP1760=y CONFIG_USB_SERIAL=m CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_SIMPLE=m @@ -471,7 +557,6 @@ CONFIG_USB_SERIAL_CP210X=m CONFIG_USB_SERIAL_FTDI_SIO=m CONFIG_USB_SERIAL_PL2303=m CONFIG_USB_SERIAL_OPTION=m -CONFIG_USB_HSIC_USB3503=y CONFIG_NOP_USB_XCEIV=y CONFIG_USB_ULPI=y CONFIG_USB_GADGET=y @@ -488,12 +573,6 @@ CONFIG_USB_CONFIGFS_RNDIS=y CONFIG_USB_CONFIGFS_EEM=y CONFIG_USB_CONFIGFS_MASS_STORAGE=y CONFIG_USB_CONFIGFS_F_FS=y -CONFIG_TYPEC=m -CONFIG_TYPEC_TCPM=m -CONFIG_TYPEC_TCPCI=m -CONFIG_TYPEC_FUSB302=m -CONFIG_TYPEC_TPS6598X=m -CONFIG_TYPEC_HD3SS3220=m CONFIG_MMC=y CONFIG_MMC_BLOCK_MINORS=32 CONFIG_MMC_ARMMMCI=y @@ -511,7 +590,6 @@ CONFIG_MMC_DW_K3=y CONFIG_MMC_DW_ROCKCHIP=y CONFIG_MMC_MTK=y CONFIG_MMC_SDHCI_XENON=y -CONFIG_MMC_SDHCI_AM654=y CONFIG_SCSI_UFSHCD=y CONFIG_SCSI_UFSHCD_PLATFORM=y CONFIG_NEW_LEDS=y @@ -527,6 +605,7 @@ CONFIG_LEDS_TRIGGER_HEARTBEAT=y CONFIG_LEDS_TRIGGER_CPU=y CONFIG_LEDS_TRIGGER_DEFAULT_ON=y CONFIG_LEDS_TRIGGER_PANIC=y +CONFIG_LEDS_TRIGGER_NETDEV=y CONFIG_RTC_CLASS=y CONFIG_RTC_DRV_RK808=y CONFIG_RTC_DRV_EFI=y @@ -541,7 +620,6 @@ CONFIG_VIRTIO_INPUT=y CONFIG_VIRTIO_MMIO=y # CONFIG_VHOST_MENU is not set CONFIG_STAGING=y -CONFIG_PRISM2_USB=m CONFIG_RTLLIB=m CONFIG_RTL8192E=m CONFIG_RTL8723BS=m @@ -590,8 +668,6 @@ CONFIG_PHY_ROCKCHIP_USB=m CONFIG_POWERCAP=y CONFIG_ARM_SCMI_POWERCAP=y CONFIG_DTPM=y -CONFIG_DTPM_CPU=y -CONFIG_DTPM_DEVFREQ=y CONFIG_ARM_SMMU_V3_PMU=m CONFIG_NVMEM_RMEM=m CONFIG_NVMEM_ROCKCHIP_EFUSE=m @@ -603,30 +679,48 @@ CONFIG_INTERCONNECT=y CONFIG_EXT2_FS=y CONFIG_EXT3_FS=y CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_BTRFS_FS=y +CONFIG_BTRFS_FS_POSIX_ACL=y CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y CONFIG_QUOTA=y -CONFIG_OVERLAY_FS=m +CONFIG_AUTOFS_FS=y +CONFIG_FUSE_FS=y +CONFIG_VIRTIO_FS=y +CONFIG_OVERLAY_FS=y +CONFIG_MSDOS_FS=y CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_UTF8=y +CONFIG_EXFAT_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_CHILDREN=y CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_HUGETLBFS=y CONFIG_EFIVAR_FS=y +CONFIG_JFFS2_FS=y +CONFIG_JFFS2_FS_XATTR=y CONFIG_SQUASHFS=y +CONFIG_SQUASHFS_LZO=y +CONFIG_SQUASHFS_XZ=y +CONFIG_SQUASHFS_ZSTD=y CONFIG_NFS_FS=y CONFIG_NFS_V4=y CONFIG_NFS_V4_1=y CONFIG_NFS_V4_2=y CONFIG_ROOT_NFS=y CONFIG_9P_FS=y +CONFIG_NLS_DEFAULT="iso8859-15" CONFIG_NLS_CODEPAGE_437=y CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_ISO8859_15=y +CONFIG_NLS_UTF8=y CONFIG_SECURITY=y CONFIG_CRYPTO_DH=m CONFIG_CRYPTO_CURVE25519=m CONFIG_CRYPTO_ECHAINIV=y -CONFIG_CRYPTO_BLAKE2B=m -CONFIG_CRYPTO_XXHASH=m +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_ZSTD=y CONFIG_CRYPTO_ANSI_CPRNG=y CONFIG_CRYPTO_USER_API_RNG=m CONFIG_CRYPTO_GHASH_ARM64_CE=y @@ -635,20 +729,22 @@ CONFIG_CRYPTO_SHA2_ARM64_CE=y CONFIG_CRYPTO_SHA512_ARM64_CE=m CONFIG_CRYPTO_SHA3_ARM64=m CONFIG_CRYPTO_SM3_ARM64_CE=m -CONFIG_CRYPTO_AES_ARM64_CE_BLK=y CONFIG_CRYPTO_AES_ARM64_BS=m CONFIG_CRYPTO_AES_ARM64_CE_CCM=y CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=m CONFIG_CRYPTO_DEV_ROCKCHIP=y CONFIG_CRYPTO_DEV_CCREE=m +CONFIG_PACKING=y CONFIG_INDIRECT_PIO=y CONFIG_CRC_CCITT=m CONFIG_CRC8=y CONFIG_DMA_CMA=y CONFIG_CMA_SIZE_MBYTES=32 CONFIG_PRINTK_TIME=y +CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y CONFIG_MAGIC_SYSRQ=y CONFIG_DEBUG_FS=y +CONFIG_DETECT_HUNG_TASK=y # CONFIG_SCHED_DEBUG is not set -# CONFIG_FTRACE is not set +CONFIG_FUNCTION_TRACER=y CONFIG_MEMTEST=y diff --git a/board/aarch64/r2s/uboot/extras.config b/board/aarch64/r2s/uboot/extras.config new file mode 100644 index 000000000..dc4ae0136 --- /dev/null +++ b/board/aarch64/r2s/uboot/extras.config @@ -0,0 +1,6 @@ +# CONFIG_MMC_PCI is not set +CONFIG_DEVICE_TREE_INCLUDES="infix-env.dtsi infix-key.dtsi r2s-env.dtsi" +CONFIG_SYS_PROMPT="(r2s) " + +CONFIG_ENV_IS_NOWHERE=y +# CONFIG_ENV_IS_IN_MMC is not set diff --git a/board/aarch64/r2s/uboot/r2s-env.dtsi b/board/aarch64/r2s/uboot/r2s-env.dtsi new file mode 100644 index 000000000..279d27e83 --- /dev/null +++ b/board/aarch64/r2s/uboot/r2s-env.dtsi @@ -0,0 +1,12 @@ +/ { + config { + environment { + boot_targets = "mmc1"; + ethprime = "eth0"; + + /* This is a development platform, hard code developer mode */ + ixbtn-devmode = "setenv dev_mode yes; echo Enabled"; + ixbtn-factory = "echo \"No button available, use bootmenu\""; + }; + }; +}; diff --git a/configs/r2s_defconfig b/configs/r2s_defconfig index f7c7e7a56..f0e59e758 100644 --- a/configs/r2s_defconfig +++ b/configs/r2s_defconfig @@ -1,5 +1,4 @@ BR2_aarch64=y -BR2_cortex_a53=y BR2_ARM_FPU_VFPV4=y BR2_TOOLCHAIN_EXTERNAL=y BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y @@ -14,27 +13,29 @@ BR2_TARGET_GENERIC_ISSUE="Infix by KernelKit" BR2_INIT_FINIT=y BR2_ROOTFS_DEVICE_CREATION_DYNAMIC_EUDEV=y BR2_ROOTFS_DEVICE_TABLE="system/device_table.txt ${BR2_EXTERNAL_INFIX_PATH}/board/common/xattrs" +BR2_ROOTFS_MERGED_USR=y # BR2_TARGET_ENABLE_ROOT_LOGIN is not set BR2_SYSTEM_BIN_SH_BASH=y BR2_TARGET_GENERIC_GETTY_PORT="@console" BR2_TARGET_GENERIC_GETTY_TERM="xterm" BR2_SYSTEM_DHCP="eth0" +BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin" BR2_ENABLE_LOCALE_WHITELIST="C en_US en_CA C.UTF-8" BR2_GENERATE_LOCALE="en_US en_CA C.UTF-8" BR2_TARGET_TZ_INFO=y BR2_ROOTFS_OVERLAY="${BR2_EXTERNAL_INFIX_PATH}/board/common/rootfs ${BR2_EXTERNAL_INFIX_PATH}/board/aarch64/rootfs" -BR2_ROOTFS_POST_BUILD_SCRIPT="$(BR2_EXTERNAL_INFIX_PATH)/board/aarch64/r2s/post-build.sh ${BR2_EXTERNAL_INFIX_PATH}/board/common/post-build.sh" +BR2_ROOTFS_POST_BUILD_SCRIPT="${BR2_EXTERNAL_INFIX_PATH}/board/common/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="${BR2_EXTERNAL_INFIX_PATH}/board/common/post-image.sh support/scripts/genimage.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="-c $(BR2_EXTERNAL_INFIX_PATH)/board/aarch64/r2s/genimage.cfg" -BR2_ROOTFS_MERGED_USR=y BR2_LINUX_KERNEL=y BR2_LINUX_KERNEL_CUSTOM_VERSION=y -BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.6.34" +BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.10.3" BR2_LINUX_KERNEL_PATCH="$(BR2_EXTERNAL_INFIX_PATH)/board/aarch64/r2s/rk3328-nanopi-r2s-dts.patch" BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y -BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_INFIX_PATH)/board/aarch64/r2s/linux_defconfig" +BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="${BR2_EXTERNAL_INFIX_PATH}/board/aarch64/r2s/linux_defconfig" BR2_LINUX_KERNEL_DTS_SUPPORT=y BR2_LINUX_KERNEL_INTREE_DTS_NAME="rockchip/rk3328-nanopi-r2s" +BR2_LINUX_KERNEL_DTB_KEEP_DIRNAME=y BR2_LINUX_KERNEL_INSTALL_TARGET=y BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_INFIX_PATH)/board/common/busybox_defconfig" @@ -71,6 +72,7 @@ BR2_PACKAGE_LIBSSH2=y BR2_PACKAGE_LIBSSH2_OPENSSL=y BR2_PACKAGE_LIBXCRYPT=y BR2_PACKAGE_LIBOPENSSL_BIN=y +BR2_PACKAGE_LIBINPUT=y BR2_PACKAGE_LIBCURL_CURL=y BR2_PACKAGE_NETOPEER2_CLI=y BR2_PACKAGE_NSS_MDNS=y @@ -125,34 +127,40 @@ BR2_PACKAGE_WATCHDOGD=y BR2_PACKAGE_LESS=y BR2_PACKAGE_MG=y BR2_PACKAGE_NANO=y -BR2_TARGET_ROOTFS_EXT2=y -BR2_TARGET_ROOTFS_EXT2_4=y -BR2_TARGET_ROOTFS_EXT2_SIZE="256M" +BR2_TARGET_ROOTFS_SQUASHFS=y +# BR2_TARGET_ROOTFS_TAR is not set BR2_TARGET_ARM_TRUSTED_FIRMWARE=y BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION=y -BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE="v2.5" +BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION_VALUE="v2.9" BR2_TARGET_ARM_TRUSTED_FIRMWARE_PLATFORM="rk3328" BR2_TARGET_ARM_TRUSTED_FIRMWARE_IMAGES="" BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN=y BR2_TARGET_UBOOT=y BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y BR2_TARGET_UBOOT_CUSTOM_VERSION=y -BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2021.10" +BR2_TARGET_UBOOT_CUSTOM_VERSION_VALUE="2024.07" BR2_TARGET_UBOOT_BOARD_DEFCONFIG="nanopi-r2s-rk3328" +BR2_TARGET_UBOOT_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_INFIX_PATH)/board/common/uboot/extras.config $(BR2_EXTERNAL_INFIX_PATH)/board/aarch64/r2s/uboot/extras.config" BR2_TARGET_UBOOT_NEEDS_DTC=y BR2_TARGET_UBOOT_NEEDS_PYLIBFDT=y +BR2_TARGET_UBOOT_NEEDS_PYELFTOOLS=y BR2_TARGET_UBOOT_NEEDS_OPENSSL=y BR2_TARGET_UBOOT_NEEDS_ATF_BL31=y BR2_TARGET_UBOOT_NEEDS_ATF_BL31_ELF=y +BR2_TARGET_UBOOT_FORMAT_DTB=y BR2_TARGET_UBOOT_FORMAT_CUSTOM=y BR2_TARGET_UBOOT_FORMAT_CUSTOM_NAME="u-boot.itb" BR2_TARGET_UBOOT_SPL=y BR2_TARGET_UBOOT_SPL_NAME="idbloader.img" +BR2_TARGET_UBOOT_CUSTOM_DTS_PATH="$(BR2_EXTERNAL_INFIX_PATH)/board/aarch64/r2s/uboot/r2s-env.dtsi" +BR2_PACKAGE_HOST_E2FSPROGS=y BR2_PACKAGE_HOST_ENVIRONMENT_SETUP=y BR2_PACKAGE_HOST_GENEXT2FS=y BR2_PACKAGE_HOST_GENIMAGE=y BR2_PACKAGE_HOST_RAUC=y BR2_PACKAGE_HOST_UBOOT_TOOLS=y +BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT=y +BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SIGNATURE_SUPPORT=y INFIX_VENDOR_HOME="https://github.com/kernelkit" INFIX_DESC="Infix is a Network Operating System based on Linux. It can be set up both as a switch, with offloading using switchdev, and a router with firewalling." INFIX_HOME="https://github.com/kernelkit/infix/" @@ -184,7 +192,8 @@ BR2_PACKAGE_PODMAN_DRIVER_DEVICEMAPPER=y BR2_PACKAGE_PODMAN_DRIVER_VFS=y BR2_PACKAGE_TETRIS=y BR2_PACKAGE_ROUSETTE=y -BR2_PACKAGE_LIBINPUT=y BR2_PACKAGE_HOST_PYTHON_YANGDOC=y -# SIGN_ENABLED is not set +TRUSTED_KEYS=y +TRUSTED_KEYS_DEVELOPMENT=y # GNS3_APPLIANCE is not set +SDCARD_AUX=y From 831882f550893cfe33da15ed05e48c3545f5b243 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Fri, 9 Aug 2024 12:34:57 +0200 Subject: [PATCH 03/20] board/common: disable metadata checksumming for aux partition U-Boot (2024.07) does not yet support the 'metadata_csum' feature flag to Ext4 file systems. So let's disable it for now in mkaux.sh so we can allow builds for, e.g., the R2S and VisionFive2 boards to modify and save their U-Boot environment. Needed on the NanoPi R2S to set ethaddr + eth1addr since it does not have any VPD EEPROM mounted. Signed-off-by: Joachim Wiberg --- board/common/mkaux.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/board/common/mkaux.sh b/board/common/mkaux.sh index aef37f72c..3f1394525 100755 --- a/board/common/mkaux.sh +++ b/board/common/mkaux.sh @@ -11,6 +11,7 @@ image aux.ext4 { ext4 { label = "aux" use-mke2fs = true + features = "^metadata_csum,^metadata_csum_seed" } } From 705e849dc3af319bf997c86bafc9e80cd6744289 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Fri, 9 Aug 2024 12:37:37 +0200 Subject: [PATCH 04/20] board/aarch64/r2s: allow saving U-Boot environment This change allows modifying and saving the U-Boot environment to the aux partition on the NanoPi R2S. Required to able to safely maintain multiple R2S devices on the same LAN. Signed-off-by: Joachim Wiberg --- board/aarch64/r2s/uboot/extras.config | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/board/aarch64/r2s/uboot/extras.config b/board/aarch64/r2s/uboot/extras.config index dc4ae0136..19bcfa1d8 100644 --- a/board/aarch64/r2s/uboot/extras.config +++ b/board/aarch64/r2s/uboot/extras.config @@ -2,5 +2,9 @@ CONFIG_DEVICE_TREE_INCLUDES="infix-env.dtsi infix-key.dtsi r2s-env.dtsi" CONFIG_SYS_PROMPT="(r2s) " -CONFIG_ENV_IS_NOWHERE=y +CONFIG_ENV_OVERWRITE=y +# CONFIG_ENV_IS_NOWHERE is not set +CONFIG_ENV_IS_IN_EXT4=y # CONFIG_ENV_IS_IN_MMC is not set +CONFIG_ENV_EXT4_INTERFACE="mmc" +CONFIG_ENV_EXT4_DEVICE_AND_PART="1:1" From fd945a2e6cd0bf2f3d22c9bf8a2714d8f606b735 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Fri, 9 Aug 2024 13:01:42 +0200 Subject: [PATCH 05/20] board/aarch64/r2s: enable force check of package hashes - Enable BR2_DOWNLOAD_FORCE_CHECK_HASHES for R2S - Relocate VisionFive2 patches to global patch dir for sharing with R2S - Add hash for ATF v2.9 Signed-off-by: Joachim Wiberg --- .../visionfive2/patches/linux-headers/linux-headers.hash | 1 - configs/r2s_defconfig | 1 + configs/riscv64_defconfig | 2 +- patches/arm-trusted-firmware/arm-trusted-firmware.hash | 2 ++ patches/linux-headers | 1 + patches/linux/linux-headers.hash | 1 + {board/riscv64/visionfive2/patches => patches}/linux/linux.hash | 1 + .../visionfive2/patches => patches}/opensbi/opensbi.hash | 0 {board/riscv64/visionfive2/patches => patches}/uboot/uboot.hash | 0 9 files changed, 7 insertions(+), 2 deletions(-) delete mode 120000 board/riscv64/visionfive2/patches/linux-headers/linux-headers.hash create mode 100644 patches/arm-trusted-firmware/arm-trusted-firmware.hash create mode 120000 patches/linux-headers create mode 120000 patches/linux/linux-headers.hash rename {board/riscv64/visionfive2/patches => patches}/linux/linux.hash (54%) rename {board/riscv64/visionfive2/patches => patches}/opensbi/opensbi.hash (100%) rename {board/riscv64/visionfive2/patches => patches}/uboot/uboot.hash (100%) diff --git a/board/riscv64/visionfive2/patches/linux-headers/linux-headers.hash b/board/riscv64/visionfive2/patches/linux-headers/linux-headers.hash deleted file mode 120000 index 5808d92af..000000000 --- a/board/riscv64/visionfive2/patches/linux-headers/linux-headers.hash +++ /dev/null @@ -1 +0,0 @@ -../linux/linux.hash \ No newline at end of file diff --git a/configs/r2s_defconfig b/configs/r2s_defconfig index f0e59e758..e1790f031 100644 --- a/configs/r2s_defconfig +++ b/configs/r2s_defconfig @@ -8,6 +8,7 @@ BR2_CCACHE=y BR2_CCACHE_DIR="${BR2_EXTERNAL_INFIX_PATH}/.ccache" BR2_ENABLE_DEBUG=y BR2_GLOBAL_PATCH_DIR="${BR2_EXTERNAL_INFIX_PATH}/patches" +BR2_DOWNLOAD_FORCE_CHECK_HASHES=y BR2_TARGET_GENERIC_HOSTNAME="infix" BR2_TARGET_GENERIC_ISSUE="Infix by KernelKit" BR2_INIT_FINIT=y diff --git a/configs/riscv64_defconfig b/configs/riscv64_defconfig index a1fc79ecc..346a49c66 100644 --- a/configs/riscv64_defconfig +++ b/configs/riscv64_defconfig @@ -4,7 +4,7 @@ BR2_DL_DIR="${BR2_EXTERNAL_INFIX_PATH}/dl" BR2_CCACHE=y BR2_CCACHE_DIR="${BR2_EXTERNAL_INFIX_PATH}/.ccache" BR2_ENABLE_DEBUG=y -BR2_GLOBAL_PATCH_DIR="${BR2_EXTERNAL_INFIX_PATH}/patches ${BR2_EXTERNAL_INFIX_PATH}/board/riscv64/visionfive2/patches" +BR2_GLOBAL_PATCH_DIR="${BR2_EXTERNAL_INFIX_PATH}/patches" BR2_DOWNLOAD_FORCE_CHECK_HASHES=y BR2_TARGET_GENERIC_HOSTNAME="infix" BR2_TARGET_GENERIC_ISSUE="Infix by KernelKit" diff --git a/patches/arm-trusted-firmware/arm-trusted-firmware.hash b/patches/arm-trusted-firmware/arm-trusted-firmware.hash new file mode 100644 index 000000000..8b69a5a96 --- /dev/null +++ b/patches/arm-trusted-firmware/arm-trusted-firmware.hash @@ -0,0 +1,2 @@ +# Locally calculated +sha256 06d32acf42808b682859008292f0591d2d872f19aa1a8021bfcd1c1c626285e6 arm-trusted-firmware-v2.9.tar.gz diff --git a/patches/linux-headers b/patches/linux-headers new file mode 120000 index 000000000..9c52cb36f --- /dev/null +++ b/patches/linux-headers @@ -0,0 +1 @@ +linux \ No newline at end of file diff --git a/patches/linux/linux-headers.hash b/patches/linux/linux-headers.hash new file mode 120000 index 000000000..7c10ad098 --- /dev/null +++ b/patches/linux/linux-headers.hash @@ -0,0 +1 @@ +linux.hash \ No newline at end of file diff --git a/board/riscv64/visionfive2/patches/linux/linux.hash b/patches/linux/linux.hash similarity index 54% rename from board/riscv64/visionfive2/patches/linux/linux.hash rename to patches/linux/linux.hash index ccad8068d..6dcaaef7b 100644 --- a/board/riscv64/visionfive2/patches/linux/linux.hash +++ b/patches/linux/linux.hash @@ -1,2 +1,3 @@ # Locally calculated sha256 9ac322d85bcf98a04667d929f5c2666b15bd58c6c2d68dd512c72acbced07d04 linux-6.8.2.tar.xz +sha256 fa5f22fd67dd05812d39dca579320c493048e26c4a556048a12385e7ae6fc698 linux-6.10.3.tar.xz diff --git a/board/riscv64/visionfive2/patches/opensbi/opensbi.hash b/patches/opensbi/opensbi.hash similarity index 100% rename from board/riscv64/visionfive2/patches/opensbi/opensbi.hash rename to patches/opensbi/opensbi.hash diff --git a/board/riscv64/visionfive2/patches/uboot/uboot.hash b/patches/uboot/uboot.hash similarity index 100% rename from board/riscv64/visionfive2/patches/uboot/uboot.hash rename to patches/uboot/uboot.hash From 6701489f93396aacb9b2ad6ead91493bdcd2b114 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Fri, 9 Aug 2024 12:39:37 +0200 Subject: [PATCH 06/20] board/aarch64/r2s: add README for the NanoPi R2S board Fixes #275 Signed-off-by: Joachim Wiberg --- board/aarch64/README.md | 2 + board/aarch64/r2s/README.md | 102 ++++++++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 board/aarch64/r2s/README.md diff --git a/board/aarch64/README.md b/board/aarch64/README.md index 304681c71..e1237580b 100644 --- a/board/aarch64/README.md +++ b/board/aarch64/README.md @@ -3,5 +3,7 @@ aarch64 Board Specific Documentation ---------------------------- + - [Marvell CN9130-CRB](cn9130-crb/) - [Microchip SparX-5i PCB135 (eMMC)](sparx5-pcb135/) +- [NanoPi R2S](r2s/) diff --git a/board/aarch64/r2s/README.md b/board/aarch64/r2s/README.md new file mode 100644 index 000000000..9e4953508 --- /dev/null +++ b/board/aarch64/r2s/README.md @@ -0,0 +1,102 @@ +FriendlyELC NanoPi R2S +====================== + +The [NanoPi R2S][1] is a very low-cost 64-bit ARM min router, powered by +the Rockchip RK3328, quad-core Cortex-A53. + +The R2S does not have any onboard eMMC, so the only way to boot Infix on +it is using and SD card. + + +How to Build +------------ + +``` +$ make r2s_defconfig +$ make +``` + +Once the build has finished you will have `output/images/sdcard.img` +which you can flash to an SD card. + +``` +$ sudo dd if=output/images/sdcard.img of=/dev/mmcblk0 bs=1M status=progress oflag=direct +``` + +> **WARNING:** ensure `/dev/mmcblk0` really is the correct device for +> your SD card, and not used by the system! + + +Booting the Board +----------------- + + 1. Connect a TTL cable to three UART pins, GND is closest to the edge + 2. Insert the flashed SD card + 3. Power-up the board using an USB-C cable (ensure good power source!) + +Worth noting, unlike many other boards, the Rockchip family of chipsets +runs the UART at 1500000 bps (1.5 Mbps) 8N1. + + +Secure Boot +----------- + +Like other Infix builds, the R2S enjoys secure boot. Please note, +however that the default signing keys are the public! + +Also, default builds allow modifying and saving the U-Boot environment +(see below), which you may want to disable to secure the device. The +device also runs in *developer mode*, allowing full U-Boot shell access, +which you may also want to disable in a full production setting. + + +Caveat +------ + +Most (all?) of these boards do not have any Vital Product Data (VPD) +EEPROM mounted. This means they do not come with unique MAC addresses +allocated to the two Ethernet ports. + +The bootloader (U-Boot) default environment for the board is usually +what provides a default, the same default MAC addresses to Linux: + + - 4a:dc:d8:20:0d:84 + - 4a:dc:d8:20:0d:85 + +This is important in case you want to run multiple R2S devices on the +same LAN. Meaning you either have to change the MAC address in the +U-Boot environment (below), or modify your `phys-address` setting in +Infix for the interface(s). + +Break into U-Boot using Ctrl-C at power-on, preferably when the text +`Press Ctrl-C NOW to enter boot menu` is displayed. Exit the menu to +get to the prompt: + +``` +(r2s) printenv +... +eth1addr=4a:dc:d8:20:0d:84 +ethact=ethernet@ff540000 +ethaddr=4a:dc:d8:20:0d:85 +ethprime=eth0 +... +``` + +Here we change both addresses, using the *Locally Administered* bit: + +``` +(r2s) setenv eth1addr 02:00:c0:ff:ee:01 +(r2s) setenv ethaddr 02:00:c0:ff:ee:00 +(r2s) saveenv +``` + +Boot the system, log into Linux, and inspect the MAC addresses: + +``` +admin@infix-00-00-00:~$ ip -br l +lo UP 00:00:00:00:00:00 +eth0 UP 02:00:c0:ff:ee:00 +eth1 UP 02:00:c0:ff:ee:01 +``` + +[1]: https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R2S From 6085fd5d877365d46ca47f5abc316fb413fb0ad4 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sat, 10 Aug 2024 09:41:35 +0200 Subject: [PATCH 07/20] board: quick fix for too small primary/secondary on sd cards With new features & fixes, Infix grows. With the latest support for rauc upgrades introduced with the VisionFive2, and now also for R2S, we need to reserve room for future upgrades even when running from an SD card. This is a quick fix for genimge generated SD card imaages before we get a proper installer in place that can be used both on the target and host systems to partition and provision an eMMC, NVME, SSD, or an SD card. Signed-off-by: Joachim Wiberg --- board/aarch64/r2s/genimage.cfg | 2 ++ board/riscv64/visionfive2/genimage.cfg | 2 ++ 2 files changed, 4 insertions(+) diff --git a/board/aarch64/r2s/genimage.cfg b/board/aarch64/r2s/genimage.cfg index 5c6820dbc..a75137403 100644 --- a/board/aarch64/r2s/genimage.cfg +++ b/board/aarch64/r2s/genimage.cfg @@ -45,12 +45,14 @@ image sdcard.img { partition primary { partition-type-uuid = 0FC63DAF-8483-4772-8E79-3D69D8477DE4 bootable = true + size = 200M image = "rootfs.squashfs" } partition secondary { partition-type-uuid = 0FC63DAF-8483-4772-8E79-3D69D8477DE4 bootable = true + size = 200M image = "rootfs.squashfs" } diff --git a/board/riscv64/visionfive2/genimage.cfg b/board/riscv64/visionfive2/genimage.cfg index f892dadbe..0d48b36ca 100644 --- a/board/riscv64/visionfive2/genimage.cfg +++ b/board/riscv64/visionfive2/genimage.cfg @@ -46,12 +46,14 @@ image sdcard.img { partition primary { partition-type-uuid = 0FC63DAF-8483-4772-8E79-3D69D8477DE4 bootable = true + size = 200M image = "rootfs.squashfs" } partition secondary { partition-type-uuid = 0FC63DAF-8483-4772-8E79-3D69D8477DE4 bootable = true + size = 200M image = "rootfs.squashfs" } From 404a983f7db2f68e5cc82f344265ebe97105c231 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sat, 10 Aug 2024 10:33:11 +0200 Subject: [PATCH 08/20] board/aarch64/r2s: rename interfaces to match case and LEDs Signed-off-by: Joachim Wiberg --- .../aarch64/r2s/rootfs/etc/udev/rules.d/90-persistent-net.rules | 2 ++ configs/r2s_defconfig | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 board/aarch64/r2s/rootfs/etc/udev/rules.d/90-persistent-net.rules diff --git a/board/aarch64/r2s/rootfs/etc/udev/rules.d/90-persistent-net.rules b/board/aarch64/r2s/rootfs/etc/udev/rules.d/90-persistent-net.rules new file mode 100644 index 000000000..ab603dde2 --- /dev/null +++ b/board/aarch64/r2s/rootfs/etc/udev/rules.d/90-persistent-net.rules @@ -0,0 +1,2 @@ +ACTION=="add", SUBSYSTEM=="net", DEVPATH=="/devices/platform/ff540000.ethernet/net/eth0", NAME="wan" +ACTION=="add", SUBSYSTEM=="net", DEVPATH=="/devices/platform/ff600000.usb/xhci-hcd.0.auto/usb3/3-1/3-1:1.0/net/*", NAME="lan" diff --git a/configs/r2s_defconfig b/configs/r2s_defconfig index e1790f031..6ce8c4b48 100644 --- a/configs/r2s_defconfig +++ b/configs/r2s_defconfig @@ -24,7 +24,7 @@ BR2_SYSTEM_DEFAULT_PATH="/bin:/sbin:/usr/bin:/usr/sbin" BR2_ENABLE_LOCALE_WHITELIST="C en_US en_CA C.UTF-8" BR2_GENERATE_LOCALE="en_US en_CA C.UTF-8" BR2_TARGET_TZ_INFO=y -BR2_ROOTFS_OVERLAY="${BR2_EXTERNAL_INFIX_PATH}/board/common/rootfs ${BR2_EXTERNAL_INFIX_PATH}/board/aarch64/rootfs" +BR2_ROOTFS_OVERLAY="${BR2_EXTERNAL_INFIX_PATH}/board/common/rootfs ${BR2_EXTERNAL_INFIX_PATH}/board/aarch64/rootfs ${BR2_EXTERNAL_INFIX_PATH}/board/aarch64/r2s/rootfs" BR2_ROOTFS_POST_BUILD_SCRIPT="${BR2_EXTERNAL_INFIX_PATH}/board/common/post-build.sh" BR2_ROOTFS_POST_IMAGE_SCRIPT="${BR2_EXTERNAL_INFIX_PATH}/board/common/post-image.sh support/scripts/genimage.sh" BR2_ROOTFS_POST_SCRIPT_ARGS="-c $(BR2_EXTERNAL_INFIX_PATH)/board/aarch64/r2s/genimage.cfg" From 6bbcd9ed92ae218d8b3e02ae892c5fb021baacc7 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sat, 10 Aug 2024 10:33:53 +0200 Subject: [PATCH 09/20] configs/r2s_defconfig: enable wireless tools and regdb For prototyping experimental wireless support for Infix. Signed-off-by: Joachim Wiberg --- configs/r2s_defconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/r2s_defconfig b/configs/r2s_defconfig index 6ce8c4b48..96739a05a 100644 --- a/configs/r2s_defconfig +++ b/configs/r2s_defconfig @@ -111,6 +111,9 @@ BR2_PACKAGE_TCPDUMP=y BR2_PACKAGE_TRACEROUTE=y BR2_PACKAGE_ULOGD=y BR2_PACKAGE_WHOIS=y +BR2_PACKAGE_WIRELESS_REGDB=y +BR2_PACKAGE_WIRELESS_TOOLS=y +BR2_PACKAGE_WPA_SUPPLICANT=y BR2_PACKAGE_BASH_COMPLETION=y BR2_PACKAGE_SUDO=y BR2_PACKAGE_TTYD=y From b10595ba9284bcb196dfdfb132543a984f5daf96 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sat, 10 Aug 2024 10:55:29 +0200 Subject: [PATCH 10/20] board/aarch64/r2s: map board LEDs to Infix system LEDs The R2S has a minimal set of system LEDs, all of which are single color. This commit tries to distill and map the essence of the Infix functions to available LEDs. The SYS LED is turned on (fainy red) at power-on, when U-Boot has loaded the kernel it turns the SYS LED bright red on. The idea is then to turn the red SYS LED off as soon as the system has successfully loaded system startup-config, and then turn the green LAN LED on. Indicating that the both the device is operational and that the user can connect to the LAN port. The WAN LED is given a "wan-up" input condition, with the intention of turning it on (green) when the device has acquired a DHCP address. The failure modes, which in many ways is the essence of Infix signaling, are fail-safe and panic, triggered by loading failure-config, or failing to loadd failure-config, respectively. In fail-safe mode the SYS LED is blinking red at 5 Hz and in panic mode *all* LEDs blink at 5 Hz. Issue #276 Signed-off-by: Joachim Wiberg --- board/aarch64/r2s/README.md | 40 +++++++++++ board/aarch64/r2s/rootfs/etc/iitod.json | 91 +++++++++++++++++++++++++ 2 files changed, 131 insertions(+) create mode 100644 board/aarch64/r2s/rootfs/etc/iitod.json diff --git a/board/aarch64/r2s/README.md b/board/aarch64/r2s/README.md index 9e4953508..55dd6290c 100644 --- a/board/aarch64/r2s/README.md +++ b/board/aarch64/r2s/README.md @@ -8,6 +8,46 @@ The R2S does not have any onboard eMMC, so the only way to boot Infix on it is using and SD card. +LEDs +---- + +The front system LEDs work as follows in Infix: + +| **Stage** | **SYS** | **LAN** | **WAN** | +|----------------|---------|---------|---------| +| Power-on | dimmed | off | off | +| Linux loading | on | off | off | +| System loading | 1 Hz | off | off | +| System up | off | on | off | +| WAN address | off | on | on | +| Locate | 1 Hz | 1 Hz | 1 Hz | +| Fail safe | 5 Hz | off | off | +| Panic | 5 Hz | 5 Hz | 5 Hz | + +Powering on the device the SYS LED is turned on faintly (dimmed). It +remains dimmed while U-Boot loads the kernel, and turns bright red when +the kernel starts. It remains steady on until the system has started +the LED daemon, `iitod`, which sets it blinking at 1 Hz while the rest +of the system starts up. When the system has come up successfully, the +SYS LED is turned off and the green LAN LED turns on. The WAN LED will +turn on (green) when the WAN interface is up and has an IP address. + +> Compared to the `x86_64` Qemu target, it takes a while to parse all +> YANG models and load `startup-config`, but the whole process should +> not take more than 60 seconds, and usually a lot less. + +If a "find my device" function exists, it will blink all LEDs at 1 Hz. + +If `startup-config` fails to load Ínfix reverts to `failure-config`, +putting the device in fail safe (or fail secure) mode. Indicated by +the SYS LED blinking at 5 Hz instead of turning off. + +If Infix for some reason also fails to load `failure-config`, then all +LEDs will blink at 5 Hz to clearly indicate something is very wrong. + +In all error cases the console shows the problem. + + How to Build ------------ diff --git a/board/aarch64/r2s/rootfs/etc/iitod.json b/board/aarch64/r2s/rootfs/etc/iitod.json new file mode 100644 index 000000000..ef95038ab --- /dev/null +++ b/board/aarch64/r2s/rootfs/etc/iitod.json @@ -0,0 +1,91 @@ +{ + "input": { + "path": { + "locate": { "path": "/run/led/locate" }, + + "status-prime": { "path": "/run/led/status-prime" }, + "status-ok": { "path": "/run/led/status-ok" }, + "status-err": { "path": "/run/led/status-err" }, + "status-crit": { "path": "/run/led/status-crit" }, + + "fault-prime": { "path": "/run/led/fault-prime" }, + "fault-ok": { "path": "/run/led/fault-ok" }, + "fault-err": { "path": "/run/led/fault-err" }, + "fault-crit": { "path": "/run/led/fault-crit" }, + + "wan-up": { "path": "/run/led/wan-up" }, + + "startup": { "path": "/run/finit/cond/run/startup/success" }, + "fail-safe": { "path": "/run/finit/cond/run/failure/success" }, + "panic": { "path": "/run/finit/cond/run/failure/failure" } + }, + "udev": { + "power-a": { "subsystem": "power_supply" }, + "power-b": { "subsystem": "power_supply" } + } + }, + + "output": { + "led-group": { + "port-link-act": { + "match": ["*:green:tp", "*:green:sfp", "*:green:port" ], + + "rules": [ + { "if": "true", "then": { "trigger": "netdev", "link": 1, "rx": 1, "tx": 1 } } + ] + }, + "port-alarm": { + "match": ["*:yellow:tp", "*:yellow:sfp", "*:yellow:port" ], + + "rules": [ + ] + } + }, + "led": { + "nanopi-r2s:red:sys": { + "rules": [ + { "if": "locate", "then": "@blink-1hz" }, + { "if": "panic", "then": "@blink-5hz" }, + { "if": "fail-safe", "then": "@blink-5hz" }, + { "if": "startup", "then": "@off" }, + { "if": "true", "then": "@blink-1hz" } + ] + }, + + "nanopi-r2s:green:lan": { + "rules": [ + { "if": "locate", "then": "@blink-1hz" }, + { "if": "panic", "then": "@blink-5hz" }, + { "if": "startup", "then": "@on" } + ] + }, + + "nanopi-r2s:green:wan": { + "rules": [ + { "if": "locate", "then": "@blink-1hz" }, + { "if": "panic", "then": "@blink-5hz" }, + { "if": "wan-up", "then": "@on" } + ] + } + } + }, + + "aliases": { + "on": { + "brightness": true + }, + "off": { + "brightness": false + }, + "blink-1hz": { + "trigger": "timer", + "delay_on": 500, + "delay_off": 500 + }, + "blink-5hz": { + "trigger": "timer", + "delay_on": 100, + "delay_off": 100 + } + } +} From b8ed66dd4e3335c86506bfcaa4685a14988f8509 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sun, 11 Aug 2024 11:49:04 +0200 Subject: [PATCH 11/20] patches/linux: port relevant kkit-6.6.y patches to kkit-6.10.y Only the most important bridge and usb fixes have been ported in this commit, and a new patch for the r8153 link/traffic LEDs, ported from the FriendlyELEC/Rockchip kernel tree. Fixes #274 Signed-off-by: Joachim Wiberg --- ...-classifying-unknown-multicast-as-mr.patch | 236 ++++++++++++++++++ ...e-router-ports-when-forwarding-L2-mu.patch | 37 +++ ...delay-for-applying-strict-multicast-.patch | 190 ++++++++++++++ ...t-log-level-for-unauthorized-devices.patch | 49 ++++ ...d-r8153b-support-for-link-activity-L.patch | 49 ++++ 5 files changed, 561 insertions(+) create mode 100644 patches/linux/6.10.3/0001-net-bridge-avoid-classifying-unknown-multicast-as-mr.patch create mode 100644 patches/linux/6.10.3/0002-net-bridge-Ignore-router-ports-when-forwarding-L2-mu.patch create mode 100644 patches/linux/6.10.3/0003-net-bridge-drop-delay-for-applying-strict-multicast-.patch create mode 100644 patches/linux/6.10.3/0004-usb-core-adjust-log-level-for-unauthorized-devices.patch create mode 100644 patches/linux/6.10.3/0005-net-usb-r8152-add-r8153b-support-for-link-activity-L.patch diff --git a/patches/linux/6.10.3/0001-net-bridge-avoid-classifying-unknown-multicast-as-mr.patch b/patches/linux/6.10.3/0001-net-bridge-avoid-classifying-unknown-multicast-as-mr.patch new file mode 100644 index 000000000..579044353 --- /dev/null +++ b/patches/linux/6.10.3/0001-net-bridge-avoid-classifying-unknown-multicast-as-mr.patch @@ -0,0 +1,236 @@ +From c2251e09714b9715ee5ece18aa1096bc08cb8f6d Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Mon, 4 Mar 2024 16:47:28 +0100 +Subject: [PATCH 1/5] net: bridge: avoid classifying unknown multicast as + mrouters_only +Organization: Addiva Elektronik + +Unknown multicast, MAC/IPv4/IPv6, should always be flooded according to +the per-port mcast_flood setting, as well as to detected and configured +mcast_router ports. + +This patch drops the mrouters_only classifier of unknown IP multicast +and moves the flow handling from br_multicast_flood() to br_flood(). +This in turn means br_flood() must know about multicast router ports. +Because a multicast router should always receive both known and unknown +multicast. + +Signed-off-by: Joachim Wiberg +--- + include/uapi/linux/if_bridge.h | 1 + + net/bridge/br.c | 5 +++++ + net/bridge/br_device.c | 10 ++++++---- + net/bridge/br_forward.c | 14 ++++++++++++-- + net/bridge/br_input.c | 2 +- + net/bridge/br_multicast.c | 11 +++++++++-- + net/bridge/br_private.h | 18 ++++++++++++++++-- + 7 files changed, 50 insertions(+), 11 deletions(-) + +diff --git a/include/uapi/linux/if_bridge.h b/include/uapi/linux/if_bridge.h +index a5b743a2f775..3bffc39d7800 100644 +--- a/include/uapi/linux/if_bridge.h ++++ b/include/uapi/linux/if_bridge.h +@@ -830,6 +830,7 @@ enum br_boolopt_id { + BR_BOOLOPT_NO_LL_LEARN, + BR_BOOLOPT_MCAST_VLAN_SNOOPING, + BR_BOOLOPT_MST_ENABLE, ++ BR_BOOLOPT_MCAST_FLOOD_ALWAYS, + BR_BOOLOPT_MAX + }; + +diff --git a/net/bridge/br.c b/net/bridge/br.c +index 2cab878e0a39..006fb2e5eafb 100644 +--- a/net/bridge/br.c ++++ b/net/bridge/br.c +@@ -277,6 +277,9 @@ int br_boolopt_toggle(struct net_bridge *br, enum br_boolopt_id opt, bool on, + case BR_BOOLOPT_MST_ENABLE: + err = br_mst_set_enabled(br, on, extack); + break; ++ case BR_BOOLOPT_MCAST_FLOOD_ALWAYS: ++ br_opt_toggle(br, BROPT_MCAST_FLOOD_ALWAYS, on); ++ break; + default: + /* shouldn't be called with unsupported options */ + WARN_ON(1); +@@ -295,6 +298,8 @@ int br_boolopt_get(const struct net_bridge *br, enum br_boolopt_id opt) + return br_opt_get(br, BROPT_MCAST_VLAN_SNOOPING_ENABLED); + case BR_BOOLOPT_MST_ENABLE: + return br_opt_get(br, BROPT_MST_ENABLED); ++ case BR_BOOLOPT_MCAST_FLOOD_ALWAYS: ++ return br_opt_get(br, BROPT_MCAST_FLOOD_ALWAYS); + default: + /* shouldn't be called with unsupported options */ + WARN_ON(1); +diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c +index fb1115857e49..6aac21d86d37 100644 +--- a/net/bridge/br_device.c ++++ b/net/bridge/br_device.c +@@ -87,10 +87,10 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) + + dest = eth_hdr(skb)->h_dest; + if (is_broadcast_ether_addr(dest)) { +- br_flood(br, skb, BR_PKT_BROADCAST, false, true, vid); ++ br_flood(br, skb, NULL, BR_PKT_BROADCAST, false, true, vid); + } else if (is_multicast_ether_addr(dest)) { + if (unlikely(netpoll_tx_running(dev))) { +- br_flood(br, skb, BR_PKT_MULTICAST, false, true, vid); ++ br_flood(br, skb, brmctx, BR_PKT_MULTICAST, false, true, vid); + goto out; + } + if (br_multicast_rcv(&brmctx, &pmctx_null, vlan, skb, vid)) { +@@ -103,11 +103,11 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) + br_multicast_querier_exists(brmctx, eth_hdr(skb), mdst)) + br_multicast_flood(mdst, skb, brmctx, false, true); + else +- br_flood(br, skb, BR_PKT_MULTICAST, false, true, vid); ++ br_flood(br, skb, brmctx, BR_PKT_MULTICAST, false, true, vid); + } else if ((dst = br_fdb_find_rcu(br, dest, vid)) != NULL) { + br_forward(dst->dst, skb, false, true); + } else { +- br_flood(br, skb, BR_PKT_UNICAST, false, true, vid); ++ br_flood(br, skb, NULL, BR_PKT_UNICAST, false, true, vid); + } + out: + rcu_read_unlock(); +@@ -524,6 +524,8 @@ void br_dev_setup(struct net_device *dev) + br->bridge_ageing_time = br->ageing_time = BR_DEFAULT_AGEING_TIME; + dev->max_mtu = ETH_MAX_MTU; + ++ br_opt_toggle(br, BROPT_MCAST_FLOOD_ALWAYS, false); ++ + br_netfilter_rtable_init(br); + br_stp_timer_init(br); + br_multicast_init(br); +diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c +index e19b583ff2c6..1094364d96e0 100644 +--- a/net/bridge/br_forward.c ++++ b/net/bridge/br_forward.c +@@ -198,14 +198,19 @@ static struct net_bridge_port *maybe_deliver( + + /* called under rcu_read_lock */ + void br_flood(struct net_bridge *br, struct sk_buff *skb, +- enum br_pkt_type pkt_type, bool local_rcv, bool local_orig, +- u16 vid) ++ struct net_bridge_mcast *brmctx, enum br_pkt_type pkt_type, ++ bool local_rcv, bool local_orig, u16 vid) + { ++ struct net_bridge_port *rport = NULL; + struct net_bridge_port *prev = NULL; ++ struct hlist_node *rp = NULL; + struct net_bridge_port *p; + + br_tc_skb_miss_set(skb, pkt_type != BR_PKT_BROADCAST); + ++ if (pkt_type == BR_PKT_MULTICAST) ++ rp = br_multicast_get_first_rport_node(brmctx, skb); ++ + list_for_each_entry_rcu(p, &br->port_list, list) { + /* Do not flood unicast traffic to ports that turn it off, nor + * other traffic if flood off, except for traffic we originate +@@ -216,6 +221,11 @@ void br_flood(struct net_bridge *br, struct sk_buff *skb, + continue; + break; + case BR_PKT_MULTICAST: ++ rport = br_multicast_rport_from_node_skb(rp, skb); ++ if (rport == p) { ++ rp = rcu_dereference(hlist_next_rcu(rp)); ++ break; ++ } + if (!(p->flags & BR_MCAST_FLOOD) && skb->dev != br->dev) + continue; + break; +diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c +index ceaa5a89b947..e54d648db7de 100644 +--- a/net/bridge/br_input.c ++++ b/net/bridge/br_input.c +@@ -212,7 +212,7 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb + br_forward(dst->dst, skb, local_rcv, false); + } else { + if (!mcast_hit) +- br_flood(br, skb, pkt_type, local_rcv, false, vid); ++ br_flood(br, skb, brmctx, pkt_type, local_rcv, false, vid); + else + br_multicast_flood(mdst, skb, brmctx, local_rcv, false); + } +diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c +index 9a1cb5079a7a..dc49df4f92a8 100644 +--- a/net/bridge/br_multicast.c ++++ b/net/bridge/br_multicast.c +@@ -3776,6 +3776,11 @@ static void br_multicast_err_count(const struct net_bridge *br, + u64_stats_update_end(&pstats->syncp); + } + ++static bool br_flood_mrouters(const struct net_bridge *br) ++{ ++ return br_opt_get(br, BROPT_MCAST_FLOOD_ALWAYS) ? false : true; ++} ++ + static void br_multicast_pim(struct net_bridge_mcast *brmctx, + struct net_bridge_mcast_port *pmctx, + const struct sk_buff *skb) +@@ -3822,7 +3827,8 @@ static int br_multicast_ipv4_rcv(struct net_bridge_mcast *brmctx, + + if (err == -ENOMSG) { + if (!ipv4_is_local_multicast(ip_hdr(skb)->daddr)) { +- BR_INPUT_SKB_CB(skb)->mrouters_only = 1; ++ BR_INPUT_SKB_CB(skb)->mrouters_only = ++ br_flood_mrouters(brmctx->br); + } else if (pim_ipv4_all_pim_routers(ip_hdr(skb)->daddr)) { + if (ip_hdr(skb)->protocol == IPPROTO_PIM) + br_multicast_pim(brmctx, pmctx, skb); +@@ -3891,7 +3897,8 @@ static int br_multicast_ipv6_rcv(struct net_bridge_mcast *brmctx, + + if (err == -ENOMSG || err == -ENODATA) { + if (!ipv6_addr_is_ll_all_nodes(&ipv6_hdr(skb)->daddr)) +- BR_INPUT_SKB_CB(skb)->mrouters_only = 1; ++ BR_INPUT_SKB_CB(skb)->mrouters_only = ++ br_flood_mrouters(brmctx->br); + if (err == -ENODATA && + ipv6_addr_is_all_snoopers(&ipv6_hdr(skb)->daddr)) + br_ip6_multicast_mrd_rcv(brmctx, pmctx, skb); +diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h +index d4bedc87b1d8..dfd6e2cdd13e 100644 +--- a/net/bridge/br_private.h ++++ b/net/bridge/br_private.h +@@ -483,6 +483,7 @@ enum net_bridge_opts { + BROPT_VLAN_BRIDGE_BINDING, + BROPT_MCAST_VLAN_SNOOPING_ENABLED, + BROPT_MST_ENABLED, ++ BROPT_MCAST_FLOOD_ALWAYS, + }; + + struct net_bridge { +@@ -886,8 +887,8 @@ void br_forward(const struct net_bridge_port *to, struct sk_buff *skb, + bool local_rcv, bool local_orig); + int br_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb); + void br_flood(struct net_bridge *br, struct sk_buff *skb, +- enum br_pkt_type pkt_type, bool local_rcv, bool local_orig, +- u16 vid); ++ struct net_bridge_mcast *brmctx, enum br_pkt_type pkt_type, ++ bool local_rcv, bool local_orig, u16 vid); + + /* return true if both source port and dest port are isolated */ + static inline bool br_skb_isolated(const struct net_bridge_port *to, +@@ -1408,6 +1409,19 @@ static inline void br_multicast_flood(struct net_bridge_mdb_entry *mdst, + { + } + ++static inline struct hlist_node * ++br_multicast_get_first_rport_node(struct net_bridge_mcast *brmctx, ++ struct sk_buff *skb) ++{ ++ return NULL; ++} ++ ++static inline struct net_bridge_port * ++br_multicast_rport_from_node_skb(struct hlist_node *rp, struct sk_buff *skb) ++{ ++ return NULL; ++} ++ + static inline bool br_multicast_is_router(struct net_bridge_mcast *brmctx, + struct sk_buff *skb) + { +-- +2.43.0 + diff --git a/patches/linux/6.10.3/0002-net-bridge-Ignore-router-ports-when-forwarding-L2-mu.patch b/patches/linux/6.10.3/0002-net-bridge-Ignore-router-ports-when-forwarding-L2-mu.patch new file mode 100644 index 000000000..9c31d1557 --- /dev/null +++ b/patches/linux/6.10.3/0002-net-bridge-Ignore-router-ports-when-forwarding-L2-mu.patch @@ -0,0 +1,37 @@ +From 75edfa9b690b65423aa3e63ed5870d565950d9bb Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Tue, 5 Mar 2024 06:44:41 +0100 +Subject: [PATCH 2/5] net: bridge: Ignore router ports when forwarding L2 + multicast +Organization: Addiva Elektronik + +Multicast router ports are either statically configured or learned from +control protocol traffic (IGMP/MLD/PIM). These protocols regulate IP +multicast -- MAC multicast should always be forwarded through flooding +of unknown multicast or using permanent MDB entries. + +Signed-off-by: Tobias Waldekranz +Signed-off-by: Joachim Wiberg +--- + net/bridge/br_private.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h +index dfd6e2cdd13e..7aabf8bd7da2 100644 +--- a/net/bridge/br_private.h ++++ b/net/bridge/br_private.h +@@ -1086,7 +1086,10 @@ br_multicast_get_first_rport_node(struct net_bridge_mcast *brmctx, + if (skb->protocol == htons(ETH_P_IPV6)) + return rcu_dereference(hlist_first_rcu(&brmctx->ip6_mc_router_list)); + #endif +- return rcu_dereference(hlist_first_rcu(&brmctx->ip4_mc_router_list)); ++ if (skb->protocol == htons(ETH_P_IP)) ++ return rcu_dereference(hlist_first_rcu(&brmctx->ip4_mc_router_list)); ++ ++ return NULL; + } + + static inline struct net_bridge_port * +-- +2.43.0 + diff --git a/patches/linux/6.10.3/0003-net-bridge-drop-delay-for-applying-strict-multicast-.patch b/patches/linux/6.10.3/0003-net-bridge-drop-delay-for-applying-strict-multicast-.patch new file mode 100644 index 000000000..8ddc94d96 --- /dev/null +++ b/patches/linux/6.10.3/0003-net-bridge-drop-delay-for-applying-strict-multicast-.patch @@ -0,0 +1,190 @@ +From 2d2ac57a7d9354c2c1fa796659e33496fc8e918d Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Thu, 4 Apr 2024 16:36:30 +0200 +Subject: [PATCH 3/5] net: bridge: drop delay for applying strict multicast + filtering +Organization: Addiva Elektronik + +This *local* patch drops the initial delay before applying strict multicast +filtering, introduced in [1] and recently updated in [2]. + +The main reason for this patch is RFC conformance and customer expectations. +At power on we assume the querier role by default and are expected to stop +unknown flooding as soon as we have a membership report in place, not after +10 seconds. + +A proper fix for upstreaming could be to add a knob to disable the delay. + +[1]: https://lore.kernel.org/netdev/1375311980-25575-1-git-send-email-linus.luessing@web.de/ +[2]: https://lore.kernel.org/netdev/20240127175033.9640-1-linus.luessing@c0d3.blue/ + +Signed-off-by: Joachim Wiberg +--- + net/bridge/br_multicast.c | 42 +++++++-------------------------------- + net/bridge/br_private.h | 4 +--- + 2 files changed, 8 insertions(+), 38 deletions(-) + +diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c +index dc49df4f92a8..47c0625c5553 100644 +--- a/net/bridge/br_multicast.c ++++ b/net/bridge/br_multicast.c +@@ -1762,10 +1762,6 @@ static void br_ip6_multicast_querier_expired(struct timer_list *t) + } + #endif + +-static void br_multicast_query_delay_expired(struct timer_list *t) +-{ +-} +- + static void br_multicast_select_own_querier(struct net_bridge_mcast *brmctx, + struct br_ip *ip, + struct sk_buff *skb) +@@ -3198,12 +3194,8 @@ int br_multicast_dump_querier_state(struct sk_buff *skb, + + static void + br_multicast_update_query_timer(struct net_bridge_mcast *brmctx, +- struct bridge_mcast_other_query *query, +- unsigned long max_delay) ++ struct bridge_mcast_other_query *query) + { +- if (!timer_pending(&query->timer)) +- mod_timer(&query->delay_timer, jiffies + max_delay); +- + mod_timer(&query->timer, jiffies + brmctx->multicast_querier_interval); + } + +@@ -3394,13 +3386,12 @@ static void + br_ip4_multicast_query_received(struct net_bridge_mcast *brmctx, + struct net_bridge_mcast_port *pmctx, + struct bridge_mcast_other_query *query, +- struct br_ip *saddr, +- unsigned long max_delay) ++ struct br_ip *saddr) + { + if (!br_multicast_select_querier(brmctx, pmctx, saddr)) + return; + +- br_multicast_update_query_timer(brmctx, query, max_delay); ++ br_multicast_update_query_timer(brmctx, query); + br_ip4_multicast_mark_router(brmctx, pmctx); + } + +@@ -3409,13 +3400,12 @@ static void + br_ip6_multicast_query_received(struct net_bridge_mcast *brmctx, + struct net_bridge_mcast_port *pmctx, + struct bridge_mcast_other_query *query, +- struct br_ip *saddr, +- unsigned long max_delay) ++ struct br_ip *saddr) + { + if (!br_multicast_select_querier(brmctx, pmctx, saddr)) + return; + +- br_multicast_update_query_timer(brmctx, query, max_delay); ++ br_multicast_update_query_timer(brmctx, query); + br_ip6_multicast_mark_router(brmctx, pmctx); + } + #endif +@@ -3469,7 +3459,7 @@ static void br_ip4_multicast_query(struct net_bridge_mcast *brmctx, + + br_ip4_multicast_query_received(brmctx, pmctx, + &brmctx->ip4_other_query, +- &saddr, max_delay); ++ &saddr); + goto out; + } + +@@ -3557,7 +3547,7 @@ static int br_ip6_multicast_query(struct net_bridge_mcast *brmctx, + + br_ip6_multicast_query_received(brmctx, pmctx, + &brmctx->ip6_other_query, +- &saddr, max_delay); ++ &saddr); + goto out; + } else if (!group) { + goto out; +@@ -4065,8 +4055,6 @@ void br_multicast_ctx_init(struct net_bridge *br, + br_ip4_multicast_local_router_expired, 0); + timer_setup(&brmctx->ip4_other_query.timer, + br_ip4_multicast_querier_expired, 0); +- timer_setup(&brmctx->ip4_other_query.delay_timer, +- br_multicast_query_delay_expired, 0); + timer_setup(&brmctx->ip4_own_query.timer, + br_ip4_multicast_query_expired, 0); + #if IS_ENABLED(CONFIG_IPV6) +@@ -4074,8 +4062,6 @@ void br_multicast_ctx_init(struct net_bridge *br, + br_ip6_multicast_local_router_expired, 0); + timer_setup(&brmctx->ip6_other_query.timer, + br_ip6_multicast_querier_expired, 0); +- timer_setup(&brmctx->ip6_other_query.delay_timer, +- br_multicast_query_delay_expired, 0); + timer_setup(&brmctx->ip6_own_query.timer, + br_ip6_multicast_query_expired, 0); + #endif +@@ -4210,12 +4196,10 @@ static void __br_multicast_stop(struct net_bridge_mcast *brmctx) + { + del_timer_sync(&brmctx->ip4_mc_router_timer); + del_timer_sync(&brmctx->ip4_other_query.timer); +- del_timer_sync(&brmctx->ip4_other_query.delay_timer); + del_timer_sync(&brmctx->ip4_own_query.timer); + #if IS_ENABLED(CONFIG_IPV6) + del_timer_sync(&brmctx->ip6_mc_router_timer); + del_timer_sync(&brmctx->ip6_other_query.timer); +- del_timer_sync(&brmctx->ip6_other_query.delay_timer); + del_timer_sync(&brmctx->ip6_own_query.timer); + #endif + } +@@ -4643,8 +4627,6 @@ EXPORT_SYMBOL_GPL(br_multicast_router); + + int br_multicast_set_querier(struct net_bridge_mcast *brmctx, unsigned long val) + { +- unsigned long max_delay; +- + val = !!val; + + spin_lock_bh(&brmctx->br->multicast_lock); +@@ -4655,19 +4637,9 @@ int br_multicast_set_querier(struct net_bridge_mcast *brmctx, unsigned long val) + if (!val) + goto unlock; + +- max_delay = brmctx->multicast_query_response_interval; +- +- if (!timer_pending(&brmctx->ip4_other_query.timer)) +- mod_timer(&brmctx->ip4_other_query.delay_timer, +- jiffies + max_delay); +- + br_multicast_start_querier(brmctx, &brmctx->ip4_own_query); + + #if IS_ENABLED(CONFIG_IPV6) +- if (!timer_pending(&brmctx->ip6_other_query.timer)) +- mod_timer(&brmctx->ip6_other_query.delay_timer, +- jiffies + max_delay); +- + br_multicast_start_querier(brmctx, &brmctx->ip6_own_query); + #endif + +diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h +index 7aabf8bd7da2..43fff09dfb71 100644 +--- a/net/bridge/br_private.h ++++ b/net/bridge/br_private.h +@@ -78,7 +78,6 @@ struct bridge_mcast_own_query { + /* other querier */ + struct bridge_mcast_other_query { + struct timer_list timer; +- struct timer_list delay_timer; + }; + + /* selected querier */ +@@ -1164,8 +1163,7 @@ __br_multicast_querier_exists(struct net_bridge_mcast *brmctx, + own_querier_enabled = false; + } + +- return !timer_pending(&querier->delay_timer) && +- (own_querier_enabled || timer_pending(&querier->timer)); ++ return own_querier_enabled || timer_pending(&querier->timer); + } + + static inline bool br_multicast_querier_exists(struct net_bridge_mcast *brmctx, +-- +2.43.0 + diff --git a/patches/linux/6.10.3/0004-usb-core-adjust-log-level-for-unauthorized-devices.patch b/patches/linux/6.10.3/0004-usb-core-adjust-log-level-for-unauthorized-devices.patch new file mode 100644 index 000000000..978eed192 --- /dev/null +++ b/patches/linux/6.10.3/0004-usb-core-adjust-log-level-for-unauthorized-devices.patch @@ -0,0 +1,49 @@ +From c7818c4273ef1705d6e153f5e4eda683d68f59be Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Mon, 29 Apr 2024 15:14:51 +0200 +Subject: [PATCH 4/5] usb: core: adjust log level for unauthorized devices +Organization: Addiva Elektronik + +The fact that a USB device currently is not authorized is not an error, +so let's adjust the log level so these messages slip below radar for the +commonly used 'quiet' log level. + +Signed-off-by: Joachim Wiberg +--- + drivers/usb/core/driver.c | 4 ++-- + drivers/usb/core/generic.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c +index e02ba15f6e34..3fe4d15cd6db 100644 +--- a/drivers/usb/core/driver.c ++++ b/drivers/usb/core/driver.c +@@ -335,10 +335,10 @@ static int usb_probe_interface(struct device *dev) + return error; + + if (udev->authorized == 0) { +- dev_err(&intf->dev, "Device is not authorized for usage\n"); ++ dev_warn(&intf->dev, "Device is not authorized for usage\n"); + return error; + } else if (intf->authorized == 0) { +- dev_err(&intf->dev, "Interface %d is not authorized for usage\n", ++ dev_warn(&intf->dev, "Interface %d is not authorized for usage\n", + intf->altsetting->desc.bInterfaceNumber); + return error; + } +diff --git a/drivers/usb/core/generic.c b/drivers/usb/core/generic.c +index b134bff5c3fe..60575a01a810 100644 +--- a/drivers/usb/core/generic.c ++++ b/drivers/usb/core/generic.c +@@ -247,7 +247,7 @@ int usb_generic_driver_probe(struct usb_device *udev) + * with the driver core and lets interface drivers bind to them. + */ + if (udev->authorized == 0) +- dev_err(&udev->dev, "Device is not authorized for usage\n"); ++ dev_warn(&udev->dev, "Device is not authorized for usage\n"); + else { + c = usb_choose_configuration(udev); + if (c >= 0) { +-- +2.43.0 + diff --git a/patches/linux/6.10.3/0005-net-usb-r8152-add-r8153b-support-for-link-activity-L.patch b/patches/linux/6.10.3/0005-net-usb-r8152-add-r8153b-support-for-link-activity-L.patch new file mode 100644 index 000000000..214f6c882 --- /dev/null +++ b/patches/linux/6.10.3/0005-net-usb-r8152-add-r8153b-support-for-link-activity-L.patch @@ -0,0 +1,49 @@ +From daba70e7782b704224396f0d86dcd91b4713e064 Mon Sep 17 00:00:00 2001 +From: Joachim Wiberg +Date: Sun, 11 Aug 2024 11:27:35 +0200 +Subject: [PATCH 5/5] net: usb: r8152: add r8153b support for link/activity + LEDs +Organization: Addiva Elektronik + +This patch adds support for the link/activity LEDs on the NanoPi R2S +and OrangePi R1 Plus. + +From the Rockchip kernel hosted by FriendlyARM/FriendlyELEC at +https://github.com/friendlyarm/kernel-rockchip/ + +Specifically commit be0b1939b271c307ab1fef5fb1478beaafc6de17 + +Signed-off-by: Joachim Wiberg +--- + drivers/net/usb/r8152.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c +index 19df1cd9f072..810477991810 100644 +--- a/drivers/net/usb/r8152.c ++++ b/drivers/net/usb/r8152.c +@@ -41,6 +41,11 @@ + #define DRIVER_DESC "Realtek RTL8152/RTL8153 Based USB Ethernet Adapters" + #define MODULENAME "r8152" + ++/* LED0: Activity, LED1: Link */ ++static int ledsel = 0x78; ++module_param(ledsel, int, 0); ++MODULE_PARM_DESC(ledsel, "Override default LED configuration"); ++ + #define R8152_PHY_ID 32 + + #define PLA_IDR 0xc000 +@@ -7296,6 +7301,9 @@ static void r8153b_init(struct r8152 *tp) + ocp_data &= ~(RX_AGG_DISABLE | RX_ZERO_EN); + ocp_write_word(tp, MCU_TYPE_USB, USB_USB_CTRL, ocp_data); + ++ /* set customized led */ ++ ocp_write_word(tp, MCU_TYPE_PLA, PLA_LEDSEL, ledsel); ++ + rtl_tally_reset(tp); + + tp->coalesce = 15000; /* 15 us */ +-- +2.43.0 + From 0679fb5c96c94181cf081b319dfe767fbea7dbe5 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sun, 11 Aug 2024 13:03:54 +0200 Subject: [PATCH 12/20] board/aarch64/r2s: add static factory-config.cfg This serves as an example of how a board specific builds in Infix can carry a static factory-config. This will be extended upon as we add support for DHCP server, WiFi access point, and firewall support. For now the following features are added: - Default hostname: r2s instead of infix-00-00-00 - LAN port always at 192.168.2.1/24, IPv6 SLAAC enabled - WAN port has DHCP enabled for IPv4, IPv6 SLAAC disabled - NTP client enabled, default server pool.ntp.org - DHCP client is set up to request and allow ntp server Signed-off-by: Joachim Wiberg --- .../aarch64/r2s/rootfs/etc/factory-config.cfg | 189 ++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 board/aarch64/r2s/rootfs/etc/factory-config.cfg diff --git a/board/aarch64/r2s/rootfs/etc/factory-config.cfg b/board/aarch64/r2s/rootfs/etc/factory-config.cfg new file mode 100644 index 000000000..ca97d4c1b --- /dev/null +++ b/board/aarch64/r2s/rootfs/etc/factory-config.cfg @@ -0,0 +1,189 @@ +{ + "ieee802-dot1ab-lldp:lldp": { + "infix-lldp:enabled": true + }, + "ietf-interfaces:interfaces": { + "interface": [ + { + "name": "lo", + "type": "infix-if-type:loopback", + "ietf-ip:ipv4": { + "address": [ + { + "ip": "127.0.0.1", + "prefix-length": 8 + } + ] + }, + "ietf-ip:ipv6": { + "address": [ + { + "ip": "::1", + "prefix-length": 128 + } + ] + } + }, + { + "name": "lan", + "type": "infix-if-type:ethernet", + "ietf-ip:ipv4": { + "address": [ + { + "ip": "192.168.2.1", + "prefix-length": 24 + } + ] + }, + "ietf-ip:ipv6": {} + }, + { + "name": "wan", + "type": "infix-if-type:ethernet" + } + ] + }, + "ietf-keystore:keystore": { + "asymmetric-keys": { + "asymmetric-key": [ + { + "name": "genkey", + "public-key-format": "ietf-crypto-types:ssh-public-key-format", + "public-key": "", + "private-key-format": "ietf-crypto-types:rsa-private-key-format", + "cleartext-private-key": "", + "certificates": {} + } + ] + } + }, + "ietf-netconf-acm:nacm": { + "groups": { + "group": [ + { + "name": "admin", + "user-name": [ + "admin" + ] + } + ] + }, + "rule-list": [ + { + "name": "admin-acl", + "group": [ + "admin" + ], + "rule": [ + { + "name": "permit-all", + "module-name": "*", + "access-operations": "*", + "action": "permit", + "comment": "Allow 'admin' group complete access to all operations and data." + } + ] + } + ] + }, + "ietf-netconf-server:netconf-server": { + "listen": { + "endpoints": { + "endpoint": [ + { + "name": "default-ssh", + "ssh": { + "tcp-server-parameters": { + "local-address": "::" + }, + "ssh-server-parameters": { + "server-identity": { + "host-key": [ + { + "name": "default-key", + "public-key": { + "central-keystore-reference": "genkey" + } + } + ] + } + } + } + } + ] + } + } + }, + "ietf-system:system": { + "hostname": "r2s", + "ntp": { + "enabled": true, + "server": [ + { + "name": "ntp.org", + "udp": { + "address": "pool.ntp.org" + } + } + ] + }, + "authentication": { + "user": [ + { + "name": "admin", + "password": "$factory$", + "infix-system:shell": "bash" + } + ] + }, + "infix-system:motd-banner": "Li0tLS0tLS0uCnwgIC4gLiAgfCBJbmZpeCAtLSBhIE5ldHdvcmsgT3BlcmF0aW5nIFN5c3RlbQp8LS4gdiAuLXwgaHR0cHM6Ly9rZXJuZWxraXQuZ2l0aHViLmlvCictJy0tLSctJwo=" + }, + "infix-dhcp-client:dhcp-client": { + "client-if": [ + { + "if-name": "wan", + "option": [ + { + "name": "broadcast" + }, + { + "name": "dns" + }, + { + "name": "domain" + }, + { + "name": "hostname" + }, + { + "name": "ntpsrv" + }, + { + "name": "router" + }, + { + "name": "subnet" + } + ] + } + ] + }, + "infix-meta:meta": { + "infix-meta:version": "1.0" + }, + "infix-services:mdns": { + "enabled": true + }, + "infix-services:web": { + "enabled": true, + "console": { + "enabled": true + }, + "netbrowse": { + "enabled": true + }, + "restconf": { + "enabled": true + } + } +} From 8e45e1575a6fcb8f0f510b18397c40549c245e4d Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sun, 11 Aug 2024 16:59:04 +0200 Subject: [PATCH 13/20] board/aarch64/r2s: add support for reset button This patch further cleans up the r2s kernel config and also enables the input event framework for the gpio0 reset button on the device. The very simple input-event-daemon is introduced, with the only purpose of listening to /dev/input/event1 for KEY_RESTART and trigger reboot. Some helpful tooling is also added to help debug events (evtest). Issue #276 Signed-off-by: Joachim Wiberg --- board/aarch64/r2s/linux_defconfig | 35 ++++++++----------- .../finit.d/enabled/input-event-daemon.conf | 1 + .../r2s/rootfs/etc/input-event-daemon.conf | 5 +++ configs/r2s_defconfig | 3 ++ .../finit.d/available/input-event-daemon.conf | 1 + 5 files changed, 25 insertions(+), 20 deletions(-) create mode 120000 board/aarch64/r2s/rootfs/etc/finit.d/enabled/input-event-daemon.conf create mode 100644 board/aarch64/r2s/rootfs/etc/input-event-daemon.conf create mode 100644 package/skeleton-init-finit/skeleton/etc/finit.d/available/input-event-daemon.conf diff --git a/board/aarch64/r2s/linux_defconfig b/board/aarch64/r2s/linux_defconfig index d2c8183c5..0d152b6d2 100644 --- a/board/aarch64/r2s/linux_defconfig +++ b/board/aarch64/r2s/linux_defconfig @@ -36,9 +36,7 @@ CONFIG_EXPERT=y CONFIG_KALLSYMS_ALL=y CONFIG_PROFILING=y CONFIG_KEXEC_FILE=y -CONFIG_ARCH_ACTIONS=y CONFIG_ARCH_ROCKCHIP=y -CONFIG_ARCH_VEXPRESS=y CONFIG_ARM64_VA_BITS_48=y CONFIG_SCHED_MC=y CONFIG_SCHED_SMT=y @@ -218,7 +216,6 @@ CONFIG_NET_MPLS_GSO=y CONFIG_MPLS_ROUTING=m CONFIG_NET_PKTGEN=y CONFIG_BT=m -CONFIG_BT_HIDP=m # CONFIG_BT_LE is not set CONFIG_BT_LEDS=y # CONFIG_BT_DEBUGFS is not set @@ -249,6 +246,7 @@ CONFIG_PCI_EPF_TEST=m CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y CONFIG_FW_LOADER_USER_HELPER=y +CONFIG_VEXPRESS_CONFIG=y CONFIG_ARM_SCMI_PROTOCOL=y CONFIG_ARM_SCPI_PROTOCOL=y CONFIG_EFI_CAPSULE_LOADER=y @@ -315,7 +313,6 @@ CONFIG_VIRTIO_NET=y CONFIG_NLMON=y CONFIG_NET_VRF=y # CONFIG_NET_VENDOR_3COM is not set -# CONFIG_NET_VENDOR_ACTIONS is not set # CONFIG_NET_VENDOR_ADAPTEC is not set # CONFIG_NET_VENDOR_AGERE is not set # CONFIG_NET_VENDOR_ALACRITECH is not set @@ -453,7 +450,10 @@ CONFIG_RTW89_DEBUGMSG=y # CONFIG_WLAN_VENDOR_ZYDAS is not set # CONFIG_WLAN_VENDOR_QUANTENNA is not set CONFIG_INPUT_FF_MEMLESS=y -# CONFIG_INPUT_KEYBOARD is not set +CONFIG_INPUT_EVDEV=y +CONFIG_INPUT_EVBUG=y +CONFIG_KEYBOARD_GPIO=y +CONFIG_KEYBOARD_GPIO_POLLED=y # CONFIG_INPUT_MOUSE is not set CONFIG_INPUT_MISC=y CONFIG_INPUT_RK805_PWRKEY=y @@ -500,20 +500,17 @@ CONFIG_PPS=y CONFIG_DEBUG_PINCTRL=y CONFIG_PINCTRL_RK805=y CONFIG_PINCTRL_SINGLE=y +CONFIG_GPIO_SYSFS=y +CONFIG_GPIO_GENERIC_PLATFORM=y CONFIG_GPIO_MAX732X=y CONFIG_GPIO_PCA953X=y CONFIG_GPIO_PCA953X_IRQ=y -CONFIG_POWER_RESET_XGENE=y +CONFIG_POWER_RESET_GPIO_RESTART=y CONFIG_POWER_RESET_SYSCON=y CONFIG_SYSCON_REBOOT_MODE=y -CONFIG_BATTERY_SBS=m -CONFIG_BATTERY_BQ27XXX=y -CONFIG_BATTERY_MAX17042=m -CONFIG_CHARGER_BQ25890=m -CONFIG_CHARGER_BQ25980=m +CONFIG_CHARGER_RK817=y CONFIG_SENSORS_ARM_SCMI=y CONFIG_SENSORS_ARM_SCPI=y -CONFIG_SENSORS_LM90=m CONFIG_SENSORS_PWM_FAN=m CONFIG_CPU_THERMAL=y CONFIG_THERMAL_EMULATION=y @@ -523,16 +520,17 @@ CONFIG_WATCHDOG_SYSFS=y CONFIG_SOFT_WATCHDOG=y CONFIG_MFD_RK8XX_I2C=y CONFIG_MFD_RK8XX_SPI=y -CONFIG_MFD_STMFX=y +# CONFIG_MFD_VEXPRESS_SYSREG is not set +CONFIG_REGULATOR=y CONFIG_REGULATOR_DEBUG=y CONFIG_REGULATOR_FIXED_VOLTAGE=y +CONFIG_REGULATOR_USERSPACE_CONSUMER=y +CONFIG_REGULATOR_NETLINK_EVENTS=y CONFIG_REGULATOR_GPIO=y CONFIG_REGULATOR_PWM=y CONFIG_REGULATOR_RK808=y CONFIG_REGULATOR_VCTRL=y -CONFIG_REGULATOR_VEXPRESS=m -# CONFIG_HID_GENERIC is not set -# CONFIG_USB_HID is not set +# CONFIG_HID_SUPPORT is not set CONFIG_USB_ULPI_BUS=y CONFIG_USB_CONN_GPIO=y CONFIG_USB=y @@ -584,12 +582,9 @@ CONFIG_MMC_SDHCI_CADENCE=y CONFIG_MMC_SDHCI_F_SDH30=y CONFIG_MMC_SPI=y CONFIG_MMC_DW=y -CONFIG_MMC_DW_EXYNOS=y CONFIG_MMC_DW_HI3798CV200=y CONFIG_MMC_DW_K3=y CONFIG_MMC_DW_ROCKCHIP=y -CONFIG_MMC_MTK=y -CONFIG_MMC_SDHCI_XENON=y CONFIG_SCSI_UFSHCD=y CONFIG_SCSI_UFSHCD_PLATFORM=y CONFIG_NEW_LEDS=y @@ -643,7 +638,6 @@ CONFIG_ROCKCHIP_IODOMAIN=y CONFIG_ROCKCHIP_DTPM=m CONFIG_ROCKCHIP_PM_DOMAINS=y CONFIG_DEVFREQ_GOV_USERSPACE=m -CONFIG_EXTCON_PTN5150=m CONFIG_EXTCON_USB_GPIO=y CONFIG_MEMORY=y CONFIG_IIO=y @@ -656,6 +650,7 @@ CONFIG_IIO_ST_MAGN_3AXIS=m CONFIG_MPL3115=m CONFIG_PWM=y CONFIG_PWM_ROCKCHIP=y +CONFIG_RESET_GPIO=y CONFIG_PHY_ROCKCHIP_DPHY_RX0=m CONFIG_PHY_ROCKCHIP_EMMC=y CONFIG_PHY_ROCKCHIP_INNO_HDMI=m diff --git a/board/aarch64/r2s/rootfs/etc/finit.d/enabled/input-event-daemon.conf b/board/aarch64/r2s/rootfs/etc/finit.d/enabled/input-event-daemon.conf new file mode 120000 index 000000000..8238fd3b4 --- /dev/null +++ b/board/aarch64/r2s/rootfs/etc/finit.d/enabled/input-event-daemon.conf @@ -0,0 +1 @@ +../available/input-event-daemon.conf \ No newline at end of file diff --git a/board/aarch64/r2s/rootfs/etc/input-event-daemon.conf b/board/aarch64/r2s/rootfs/etc/input-event-daemon.conf new file mode 100644 index 000000000..161ded278 --- /dev/null +++ b/board/aarch64/r2s/rootfs/etc/input-event-daemon.conf @@ -0,0 +1,5 @@ +[Global] +listen = /dev/input/event1 + +[Keys] +RESTART = reboot diff --git a/configs/r2s_defconfig b/configs/r2s_defconfig index 96739a05a..24058e090 100644 --- a/configs/r2s_defconfig +++ b/configs/r2s_defconfig @@ -58,8 +58,11 @@ BR2_PACKAGE_DBUS_GLIB=y BR2_PACKAGE_DBUS_TRIGGERD=y BR2_PACKAGE_EUDEV_RULES_GEN=y # BR2_PACKAGE_EUDEV_ENABLE_HWDB is not set +BR2_PACKAGE_EVEMU=y +BR2_PACKAGE_EVTEST=y BR2_PACKAGE_GPTFDISK=y BR2_PACKAGE_GPTFDISK_SGDISK=y +BR2_PACKAGE_INPUT_EVENT_DAEMON=y BR2_PACKAGE_MDIO_TOOLS=y BR2_PACKAGE_RNG_TOOLS=y BR2_PACKAGE_UBOOT_TOOLS_FIT_SUPPORT=y diff --git a/package/skeleton-init-finit/skeleton/etc/finit.d/available/input-event-daemon.conf b/package/skeleton-init-finit/skeleton/etc/finit.d/available/input-event-daemon.conf new file mode 100644 index 000000000..acca9be95 --- /dev/null +++ b/package/skeleton-init-finit/skeleton/etc/finit.d/available/input-event-daemon.conf @@ -0,0 +1 @@ +service [12345789] name:eventd input-event-daemon -D -- Input event daemon From 0dd7c35f583bfa4e27b2eca3da3fcb7fd45bc3d3 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sun, 11 Aug 2024 17:04:24 +0200 Subject: [PATCH 14/20] board/common: allow device specific compat strings for .pkg files This patch allows us to define the rauc manifest compatibility string with menuconfig. The INFIX_IMAGE_ID is a direct replacement for the previously composed "infix-$ARCH" in mkrauc.sh. For example, the compatibility string "infix-aarch64" is replaced for the NanoPi R2S with "infix-r2s" to ensure users get a proper warning if they try upgrading to an image that maybe boots, but is not likely to work. The CLI upgrade command gets a 'force' flag to override the compat string. Signed-off-by: Joachim Wiberg --- board/common/mkrauc.sh | 4 ++-- board/common/post-build.sh | 10 ++++++++++ board/common/post-image.sh | 5 ++++- configs/r2s_defconfig | 1 + src/klish-plugin-infix/xml/infix.xml | 6 +++++- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/board/common/mkrauc.sh b/board/common/mkrauc.sh index 7c71dbbb3..ee97dc8c6 100755 --- a/board/common/mkrauc.sh +++ b/board/common/mkrauc.sh @@ -5,7 +5,7 @@ set -e GIT_VERSION=$(git -C $BR2_EXTERNAL_INFIX_PATH describe --always --dirty --tags) name=$1 -arch=$2 +compat=$2 sign=$3 crt=$(ls $sign/*.crt) @@ -25,7 +25,7 @@ cp -f $BINARIES_DIR/rootfs.itbh $work/rootfs.itbh cat >$work/manifest.raucm < + + + - rauc install $KLISH_PARAM_URI + force=${KLISH_PARAM_force:+--ignore-compatible} + rauc install $force $KLISH_PARAM_URI From 1e2274bacc3116a380b5924ded66658ade5896c4 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sun, 11 Aug 2024 17:27:49 +0200 Subject: [PATCH 15/20] board/common: shellcheck, quote variables to prevent word splitting Fixes to SC2086 mostly. Signed-off-by: Joachim Wiberg --- board/common/mkrauc.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/board/common/mkrauc.sh b/board/common/mkrauc.sh index ee97dc8c6..a528c7fa6 100755 --- a/board/common/mkrauc.sh +++ b/board/common/mkrauc.sh @@ -2,7 +2,7 @@ set -e -GIT_VERSION=$(git -C $BR2_EXTERNAL_INFIX_PATH describe --always --dirty --tags) +GIT_VERSION=$(git -C "$BR2_EXTERNAL_INFIX_PATH" describe --always --dirty --tags) name=$1 compat=$2 @@ -11,19 +11,19 @@ sign=$3 crt=$(ls $sign/*.crt) key=$(ls $sign/*.key) -common=$(dirname $(readlink -f "$0")) +common=$(dirname "$(readlink -f "$0")") work=$BUILD_DIR/mkrauc -mkdir -p $work +mkdir -p "$work" -cp -f $common/rauc-hooks.sh $work/hooks.sh +cp -f "$common/rauc-hooks.sh" "$work/hooks.sh" # RAUC internally uses the file extension to find a suitable install # handler, hence the name must be .img -cp -f $BINARIES_DIR/rootfs.squashfs $work/rootfs.img -cp -f $BINARIES_DIR/rootfs.itbh $work/rootfs.itbh +cp -f "$BINARIES_DIR/rootfs.squashfs" "$work/rootfs.img" +cp -f "$BINARIES_DIR/rootfs.itbh" "$work/rootfs.itbh" -cat >$work/manifest.raucm <"$work/manifest.raucm" < Date: Sun, 11 Aug 2024 18:01:45 +0200 Subject: [PATCH 16/20] board/common: factory reset using shred and LED indication This patch greatly improves the security of the Infix factory reset by replacing 'rm' with 'shred'. The shred tool overwrites the contents of files three times. With the -z and -u options the last pass writes zeroes and then uninks the files. On the NanoPi R2S the factory-reset now takes 24 seconds: Aug 11 16:00:34 infix mnt[121]: Resetting to factory defaults. Aug 11 16:00:58 infix mnt[173]: Factory reset complete. A visual aid is also added, setting *all* LEDs to on, that can be found mounted on the device, before starting the file shredders. The LEDs are reset back to off and SYS red blinking as soon as the wipe has completed and iitod has been started. Fixes #158 Signed-off-by: Joachim Wiberg --- board/common/rootfs/usr/libexec/infix/mnt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/board/common/rootfs/usr/libexec/infix/mnt b/board/common/rootfs/usr/libexec/infix/mnt index 56d6b7aad..82dd4e50d 100755 --- a/board/common/rootfs/usr/libexec/infix/mnt +++ b/board/common/rootfs/usr/libexec/infix/mnt @@ -42,9 +42,17 @@ check_factory() factory_reset() { - # XXX: flash LEDs to confirm factory-reset in progress + find /sys/class/leds/ -type l -exec sh -c 'echo 100 > $0/brightness' {} \; logger $opt -p user.crit -t "$nm" "Resetting to factory defaults." + + # Shred all files to prevent restoring contents + find /mnt/cfg -type f -exec shred -zu {} \; + find /mnt/var -type f -exec shred -zu {} \; + + # Remove any lingering directories and symlinks as well rm -rf /mnt/cfg/* /mnt/var/* + + logger $opt -p user.crit -t "$nm" "Factory reset complete." sync } From 8720bf09487b50f7d6f971f70e4cad6751926a70 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sun, 11 Aug 2024 18:38:03 +0200 Subject: [PATCH 17/20] configs: enable pam_lastlog.so Backport pam-lastlog build fix from latest Buildroot master and enable in all defconfigs to fix syslog warning: login[2819]: PAM unable to dlopen(/lib/security/pam_lastlog.so) Fixes #542 Signed-off-by: Joachim Wiberg --- buildroot | 2 +- configs/aarch64_defconfig | 1 + configs/r2s_defconfig | 1 + configs/riscv64_defconfig | 1 + configs/x86_64_defconfig | 1 + 5 files changed, 5 insertions(+), 1 deletion(-) diff --git a/buildroot b/buildroot index 1dd7a6bb0..6ceb91bdd 160000 --- a/buildroot +++ b/buildroot @@ -1 +1 @@ -Subproject commit 1dd7a6bb02d3ec34809ea950bd3c8a0a56a69ead +Subproject commit 6ceb91bdd9f458ca85c2fb4d3f9c0b061950f6a4 diff --git a/configs/aarch64_defconfig b/configs/aarch64_defconfig index d0cf97146..c797a1cd1 100644 --- a/configs/aarch64_defconfig +++ b/configs/aarch64_defconfig @@ -65,6 +65,7 @@ BR2_PACKAGE_LIBCURL_CURL=y BR2_PACKAGE_NETOPEER2_CLI=y BR2_PACKAGE_NSS_MDNS=y BR2_PACKAGE_LINUX_PAM=y +BR2_PACKAGE_LINUX_PAM_LASTLOG=y BR2_PACKAGE_LIBPAM_RADIUS_AUTH=y BR2_PACKAGE_ONIGURUMA=y BR2_PACKAGE_AVAHI_DAEMON=y diff --git a/configs/r2s_defconfig b/configs/r2s_defconfig index 124291a23..727d8c99b 100644 --- a/configs/r2s_defconfig +++ b/configs/r2s_defconfig @@ -81,6 +81,7 @@ BR2_PACKAGE_LIBCURL_CURL=y BR2_PACKAGE_NETOPEER2_CLI=y BR2_PACKAGE_NSS_MDNS=y BR2_PACKAGE_LINUX_PAM=y +BR2_PACKAGE_LINUX_PAM_LASTLOG=y BR2_PACKAGE_LIBPAM_RADIUS_AUTH=y BR2_PACKAGE_ONIGURUMA=y BR2_PACKAGE_AVAHI_DAEMON=y diff --git a/configs/riscv64_defconfig b/configs/riscv64_defconfig index 346a49c66..81397d909 100644 --- a/configs/riscv64_defconfig +++ b/configs/riscv64_defconfig @@ -75,6 +75,7 @@ BR2_PACKAGE_LIBCURL_CURL=y BR2_PACKAGE_NETOPEER2_CLI=y BR2_PACKAGE_NSS_MDNS=y BR2_PACKAGE_LINUX_PAM=y +BR2_PACKAGE_LINUX_PAM_LASTLOG=y BR2_PACKAGE_LIBPAM_RADIUS_AUTH=y BR2_PACKAGE_ONIGURUMA=y BR2_PACKAGE_AVAHI_DAEMON=y diff --git a/configs/x86_64_defconfig b/configs/x86_64_defconfig index 5630e4747..df707b97a 100644 --- a/configs/x86_64_defconfig +++ b/configs/x86_64_defconfig @@ -60,6 +60,7 @@ BR2_PACKAGE_LIBCURL_CURL=y BR2_PACKAGE_NETOPEER2_CLI=y BR2_PACKAGE_NSS_MDNS=y BR2_PACKAGE_LINUX_PAM=y +BR2_PACKAGE_LINUX_PAM_LASTLOG=y BR2_PACKAGE_LIBPAM_RADIUS_AUTH=y BR2_PACKAGE_ONIGURUMA=y BR2_PACKAGE_AVAHI_DAEMON=y From e539d8e90691bd972122ac79fe5130679a4216cf Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sun, 11 Aug 2024 18:58:41 +0200 Subject: [PATCH 18/20] doc: update ChangeLog with NanoPi R2S changes and related fixes Signed-off-by: Joachim Wiberg --- doc/ChangeLog.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/doc/ChangeLog.md b/doc/ChangeLog.md index 9015132f9..442c7a033 100644 --- a/doc/ChangeLog.md +++ b/doc/ChangeLog.md @@ -9,15 +9,36 @@ All notable changes to the project are documented in this file. ### Changes - Initial RISC-V (riscv64) support: StarFive VisionFive2 +- Massive updates to the NanoPi R2S: + - Update Linux kernel to v6.10.3 and sync defconfig with aarch64 + - Workaround `reboot` command "hang" on NanoPi R2S (failure to reboot) + by replacing the Rockchip watchdog driver with "softdog" + - Update U-Boot to v2024.07, enable secure boot loading of images + - Rename interfaces to LAN + WAN to match case and LEDs + - Rename images to `infix-r2s$ver.ext`, not same as other aarch64 + - Change rootfs to squashfs for enhanced security + - Add RAUC support to simplify device maintenance/upgrade + - Add support for saving unique interface MAC addresses in U-Boot + - Add support for system LEDs, see product's README + - Add support for reset button from Linux, issues `reboot` atm. + - Add static `factory-config` as an example - Password login can now be disabled by removing the password. Before this change only empty password disabled password login (in favor of SSH key login), removing the password locked the user completely out +- Add LED indication on factory reset, *all* LEDs available in Linux + `/sys/class/leds` are turned on while clearing writable partitions +- Issue #158: enhance security of factory reset. All file content + is now overwritten x3, the last time with zeroes, then removed. + Example, on the NanoPi R2S this process takes ~30 seconds, but may + take longer in setups with bigger configurations, e.g., containers ### Fixes +- Fix #274: add missing link/traffic LEDs on NanoPi R2S LAN port - Fix #489: ensure all patches are versioned, including Linux kernel - Fix #531: creating a new VLAN interface named `vlanN` should not set `lower-layer-if` to `vlanN`. With the `vlanN` pattern, only C-VLAN and VID can be inferred +- Fix #542: warning message from `login`, cannot find `pam_lastlog.so` - Silence bogus `sysctl` warnings at boot (syslog) - Silence output from user group member check (sys-cli in syslog) From 51e5edd828cfafe8be4706abd9978c90cd7d4a14 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Mon, 12 Aug 2024 17:13:19 +0200 Subject: [PATCH 19/20] board/aarch64/r2s: add u-boot factory-reset button detect Allow reset button on the R2S to be used for factory reset at power-on. See board README for details. Signed-off-by: Joachim Wiberg --- board/aarch64/r2s/README.md | 23 +++++++++++++++++ board/aarch64/r2s/uboot/extras.config | 6 +++++ board/aarch64/r2s/uboot/r2s-env.dtsi | 37 ++++++++++++++++++++++++++- 3 files changed, 65 insertions(+), 1 deletion(-) diff --git a/board/aarch64/r2s/README.md b/board/aarch64/r2s/README.md index 55dd6290c..46304984d 100644 --- a/board/aarch64/r2s/README.md +++ b/board/aarch64/r2s/README.md @@ -16,6 +16,7 @@ The front system LEDs work as follows in Infix: | **Stage** | **SYS** | **LAN** | **WAN** | |----------------|---------|---------|---------| | Power-on | dimmed | off | off | +| Factory reset | on | on | on | | Linux loading | on | off | off | | System loading | 1 Hz | off | off | | System up | off | on | off | @@ -48,6 +49,28 @@ LEDs will blink at 5 Hz to clearly indicate something is very wrong. In all error cases the console shows the problem. +Factory Reset +------------- + +The reset button on the side can be used not only to safely reboot the +device, but can also be used to trigger a factory reset at power on. + +At power-on, keep the reset button pressed for 10 seconds. The system +LEDs (SYS, WAN, LAN) will all blink at 1 Hz, to help you count down the +seconds. When the 10 seconds have passed all LEDs are turned off before +loading Linux. + +When Linux boots up it confirms the factory reset by lighting up the +LEDs again, no blinking this time. The LEDs stay on until all files and +directories on read/writable partitions (`/cfg` and `/var`) have been +safely erased. + +The system then continues loading, turning off all LEDs except SYS, +which blinks calmly at 1 Hz as usual until the system has completed +loading, this time with a `startup-config` freshly restored from the +device's `factory-config`. + + How to Build ------------ diff --git a/board/aarch64/r2s/uboot/extras.config b/board/aarch64/r2s/uboot/extras.config index 19bcfa1d8..fb36c0ba8 100644 --- a/board/aarch64/r2s/uboot/extras.config +++ b/board/aarch64/r2s/uboot/extras.config @@ -1,3 +1,9 @@ +CONFIG_BUTTON=y +CONFIG_BUTTON_GPIO=y + +CONFIG_LED=y +CONFIG_LED_GPIO=y + # CONFIG_MMC_PCI is not set CONFIG_DEVICE_TREE_INCLUDES="infix-env.dtsi infix-key.dtsi r2s-env.dtsi" CONFIG_SYS_PROMPT="(r2s) " diff --git a/board/aarch64/r2s/uboot/r2s-env.dtsi b/board/aarch64/r2s/uboot/r2s-env.dtsi index 279d27e83..7fd318f66 100644 --- a/board/aarch64/r2s/uboot/r2s-env.dtsi +++ b/board/aarch64/r2s/uboot/r2s-env.dtsi @@ -6,7 +6,42 @@ /* This is a development platform, hard code developer mode */ ixbtn-devmode = "setenv dev_mode yes; echo Enabled"; - ixbtn-factory = "echo \"No button available, use bootmenu\""; + + /* Override default definitiion to add LED feedback */ + ixbtn-factory = " +if button factory-reset; then + echo \"Keep button pressed for 10 seconds to engage factory reset ...\" + + for tick in . . . . . . . . . .; do + led nanopi-r2s:red:sys on + led nanopi-r2s:green:lan on + led nanopi-r2s:green:wan on + sleep 0.5 + led nanopi-r2s:red:sys off + led nanopi-r2s:green:lan off + led nanopi-r2s:green:wan off + sleep 0.5 + echo -n \"Checking button: \" + button factory-reset || exit + done + + echo -n \"Final button check: \" + if button factory-reset; then + setenv factory_reset yes + echo \"FACTORY RESET ENGAGED\" + fi +fi +"; + }; + }; + + keys { + compatible = "gpio-keys"; + + factory-reset { + gpios = <&gpio0 0 GPIO_ACTIVE_LOW>; + linux,code = ; + label = "factory-reset"; }; }; }; From 6a1a5d7be261b0349db0f25f901f26733851bdfe Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Mon, 12 Aug 2024 20:04:17 +0200 Subject: [PATCH 20/20] board/aarch64/r2s: control WAN LED with a simple DHCP client monitor When the interface is up and has a 'proto dhcp' address the WAN LED is lit up. When the interface goes down, or loses its DHCP lease, the LED is turned off. Signed-off-by: Joachim Wiberg --- .../r2s/rootfs/etc/finit.d/wan-monitor.conf | 1 + .../r2s/rootfs/usr/sbin/wan-monitor.sh | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 board/aarch64/r2s/rootfs/etc/finit.d/wan-monitor.conf create mode 100755 board/aarch64/r2s/rootfs/usr/sbin/wan-monitor.sh diff --git a/board/aarch64/r2s/rootfs/etc/finit.d/wan-monitor.conf b/board/aarch64/r2s/rootfs/etc/finit.d/wan-monitor.conf new file mode 100644 index 000000000..0620a9109 --- /dev/null +++ b/board/aarch64/r2s/rootfs/etc/finit.d/wan-monitor.conf @@ -0,0 +1 @@ +service [12345789] log wan-monitor.sh -- WAN Health monitor diff --git a/board/aarch64/r2s/rootfs/usr/sbin/wan-monitor.sh b/board/aarch64/r2s/rootfs/usr/sbin/wan-monitor.sh new file mode 100755 index 000000000..160578039 --- /dev/null +++ b/board/aarch64/r2s/rootfs/usr/sbin/wan-monitor.sh @@ -0,0 +1,41 @@ +#!/bin/sh +# Background WAN interface monitor. Lights up WAN LED +# while the interface has a DHCP address. + +LED_FILE="/run/led/wan-up" +PID_FILE="/run/$(basename "$0").pid" + +check_wan() +{ + ip_info=$(ip a show wan) + + if echo "$ip_info" | grep -q "inet .* proto dhcp"; then + [ ! -f "$LED_FILE" ] && touch "$LED_FILE" + else + [ -f "$LED_FILE" ] && rm "$LED_FILE" + fi +} + +cleanup() +{ + rm -f "$LED_FILE" + rm -f "$PID_FILE" + exit 0 +} + +trap 'cleanup' TERM INT HUP QUIT +echo $$ > "$PID_FILE" + +remaining_time=$((1800 - $(awk '{print int($1)}' /proc/uptime))) +[ "$remaining_time" -lt 0 ] && remaining_time=0 + +while [ "$remaining_time" -gt 0 ]; do + check_wan + sleep 1 + remaining_time=$((remaining_time - 1)) +done + +while :; do + check_wan + sleep 5 +done