The current target code is too chaotic, the patches are
messy and disorderly, and there are still many duplicate
code. Pack it back to half a year ago.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This PR adds explicit permissions section to workflows. This is a security
best practice because by default workflows run with extended set of permissions
(except from on: pull_request from external forks). By specifying any permission
explicitly all others are set to none. By using the principle of least privilege
the damage a compromised workflow can do (because of an injection or compromised
third party tool or action) is restricted. It is recommended to have most strict
permissions on the top level and grant write permissions on job level case by case.
Mux the MT7530 switch's phy0/4 to the SoC's gmac1 on devices where RGMII2
pins are available. This achieves 2 Gbps total bandwidth to the CPU using
the second RGMII.
The ports called "wan" are muxed where possible. On a minority of devices,
this is not possible. Those cases:
mt7621_ampedwireless_ally-r1900k.dts: lan3
mt7621_ubnt_edgerouter-x.dts: eth0
mt7621_gnubee_gb-pc1.dts: ethblue
mt7621_linksys_re6500.dts: lan1
mt7621_netgear_wac104.dts: lan4
mt7621_tplink_eap235-wall-v1.dts: lan0
mt7621_tplink_eap615-wall-v1.dts: lan0
mt7621_ubnt_usw-flex.dts: lan1
The "wan" port is just what the vendor designated on the board/plastic
chasis of the device. On a technical level, there is no difference between
a lan and wan port on MT7621AT, MT7621DAT and MT7621ST SoCs. Prefer
connecting to WAN via the port described above for these devices to benefit
the feature brought with this patch.
mt7621_d-team_newifi-d2.dts cannot benefit this feature, although it looks
like it should, because the rgmii2 pins are wired to unused components.
Tested on a range of devices documented on the GitHub PR.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
These devices do not use rgmii2 as gpio, therefore remove rgmii2 pin group
from state-default. Remove overwriting the ethernet node for these devices.
Move claiming the rgmii2 group from mt7621_zyxel_nwa-ax.dtsi to
mt7621_zyxel_nwa50ax.dts as it's only the latter using rgmii2 pins as gpio.
Remove duplicate ethernet overwrite from mt7621_tplink_archer-x6-v3.dtsi.
Claim rgmii2 group as gpio on mt7621_bolt_arion.dts as it uses an rgmii2
pin, 26, as gpio.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Change switch port labels to ethblack & ethblue.
Change lan1 & lan2 LEDs to ethblack_act & ethblue_act and fix GPIO pins.
Add the external phy with ethyellow label on the GB-PC2 devicetree.
Do not claim rgmii2 as gpio, it's used for ethernet with rgmii2 function.
Enable ICPlus PHY driver for IP1001 which GB-PC2 has got.
Update interface name and change netdev function.
Enable lzma compression to make up for the increased size of the kernel.
Make spi flash bindings on par with mainline Linux to fix read errors.
Tested on GB-PC2 by Petr.
Tested-by: Petr Louda <petr.louda@outlook.cz>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
MAC address retrieval was switched to more generic upstream (5.13) NVMEM
based solution in commit 06bb4a5018cd ("ramips: convert mtd-mac-address
to nvmem implementation") , but NVMEM subsystem wasn't enabled in the
kernel, so fix it now.
Fixes: 06bb4a5018cd ("ramips: convert mtd-mac-address to nvmem implementation")
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit message]
This forces a rebuild of the wolfssl package when the
libwolfssl-benchmark OpenWrt package gets activated or deactivated.
Without this change the wolfssl build will fail when it compiled without
libwolfssl-benchmark before and it gets activated for the next build.
Fixes: 18fd12edb810 ("wolfssl: add benchmark utility")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Older MT7623 ARMv7 SoC as well as new Filogic platforms come with
inside-secure,safexcel-eip97 units. Enable them in DTS and select the
driver kernel module by default on those platforms.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The MediaTek's Crypto Engine module is only available for mt7623, in
which case it is built into the kernel.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Initially this covers MT7986 only, but it will later be expanded to cover other
Filogic branded platforms by MediaTek
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It will be supported by the new filogic subtarget
Signed-off-by: Sam Shih <sam.shih@mediatek.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
MediaTek's ARM Trusted Firmware v2.7+ allows the images inside a FIP
structure to be compressed. Make use of that for boards with NOR flash.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The updated sources bring support for the MT798x Filogic SoC family.
Add builds for MT7986 with most supported storage types, each for DDR3
and DDR4 configurations.
A better solution for skipping bad blocks on SPI-NAND connected via the
SNFI interface has been implemented upstream, so drop local patch.
Add pending patches [1] and [2] to fix boot on existing MT7622 boards.
Tested on BananaPi BPi-R64 (SDMMC, eMMC, SPI-NAND), Linksys E8450 and
Ubiquiti UniFi 6 LR as well as upcoming Bananapi BPi-R3 board for which
support will be added in future patches.
[1]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#3
[2]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
As anyway only the default is called now we can as well also just remove
the override for Build/Configure.
Fixes: e2cffbb805 ("arm-trusted-firmware-mediatek: update to 2021-03-10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
