Message ID | 4ff630187f6fc154e24b88aae4b0ec501ea12e95.1595193767.git.sander@svanheule.net |
---|---|
State | Superseded |
Headers | show |
Series | ath79: support for TP-Link EAP2x5 1-port devices | expand |
Hi Adrian, On Sun, 2020-07-19 at 23:24 +0200, Sander Vanheule wrote: > TP-Link EAP245 v1 is an AC1750 (802.11ac Wave-1) ceiling mount access > point. > > Device specifications: > * SoC: QCA9563 @ 775MHz > * RAM: 128MiB DDR2 > * Flash: 16MiB SPI-NOR > * Wireless 2.4GHz (SoC): b/g/n, 3x3 > * Wireless 5Ghz (QCA9880): a/n/ac, 3x3 > * Ethernet (AR8033): 1× 1GbE, 803.2at PoE > > Flashing instructions: > * Extract /usr/bin/uclited from the device via ssh and apply the > binary > patch listed below. The patch is required to prevent `uclited -u` > in > the last step from crashing. > * Exploit the user management page in the web interface to start > telnetd > by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`. > * Immediately change the malformed username back to something valid > (e.g. 'admin') to make ssh work again. > * Use the root shell via telnet to make /tmp world writeable (chmod > 777) > * Copy the patched uclited programme back to the device at > /tmp/uclited > (via ssh) > * Upload the factory image to /tmp/upgrade.bin (via ssh) > * Run `chmod +x /tmp/uclited && /tmp/uclited -u` to flash OpenWrt. > > --- xxd uclited > +++ xxd uclited-patched > @@ -53796,7 +53796,7 @@ > 000d2240: 8c44 0000 0320 f809 0000 0000 8fbc 0010 .D... > .......... > 000d2250: 8fa6 0a4c 02c0 2821 8f82 87b8 0000 > 0000 ...L..(!........ > -000d2260: 8c44 0000 0c13 45e0 27a7 0018 8fbc > 0010 .D....E.'....... > +000d2260: 8c44 0000 2402 0000 0000 0000 8fbc > 0010 .D..$........... > 000d2270: 1040 001d 0000 1821 8f99 8374 3c04 > 0058 .@.....!...t<..X > 000d2280: 3c05 0056 2484 a898 24a5 9a30 0320 f809 <..V$...$..0. > .. > > Debricking: > * Serial port can be soldered on PCB J3 (1: TXD, 2: RXD, 3: GND, 4: > VCC) > * Bridge unpopulated resistors R225 (TXD) and R237 (RXD). > Do NOT bridge R230. > * Use 3.3V, 115200 baud, 8n1 > * Interrupt bootloader by holding CTRL+B during boot > * tftp initramfs to flash via the LuCI web interface > > Tested on the EAP245 v1 running the latest firmware (v1.4.0). The > binary > patch might not apply to uclited from other firmware versions. > > Signed-off-by: Sander Vanheule <sander@svanheule.net> Seems like I was overdue on a proper read of the kernel patch submission guidelines. My understanding from the guidelines and your previous mail [1], is that these lines aren't about the literal patch contents per se, but also about the intention of the patch and the provided functionality. So the fact that the bulk of the EAP245 v1's DTS was moved to the 1- port DTSI, shouldn't be an issue to attribute device support to Julien in this patch, right? Would you consider the following appropriate for this patch? EAP245 v1 support originally implemented by Julien Dusser. SoC MDIO integration, factory flashing method, and final patch by Sander Vanheule. Co-developed-by: Julien Dusser <julien.dusser@free.fr> Signed-of-By: Julien Dusser <julien.dusser@free.fr> Co-developed-by: Sander Vanheule <sander@svanheule.net> Signed-of-By: Sander Vanheule <sander@svanheule.net> Best, Sander [1] http://lists.openwrt.org/pipermail/openwrt-devel/2020-July/030316.html > --- > .../ath79/dts/qca9563_tplink_eap245-v1.dts | 36 > +++++++++++++++++++ > .../generic/base-files/etc/board.d/02_network | 1 + > .../etc/hotplug.d/firmware/11-ath10k-caldata | 1 + > target/linux/ath79/image/generic-tp-link.mk | 9 +++++ > tools/firmware-utils/src/tplink-safeloader.c | 28 +++++++++++++++ > 5 files changed, 75 insertions(+) > create mode 100644 target/linux/ath79/dts/qca9563_tplink_eap245- > v1.dts > > diff --git a/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts > b/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts > new file mode 100644 > index 0000000000..99c66db2b9 > --- /dev/null > +++ b/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts > @@ -0,0 +1,36 @@ > +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT > +/dts-v1/; > + > +#include "qca9563_tplink_eap2x5_1port.dtsi" > + > +/ { > + compatible = "tplink,eap245-v1", "qca,qca9563"; > + model = "TP-Link EAP245 v1"; > + > + aliases { > + led-boot = &led_status_green; > + led-failsafe = &led_status_amber; > + led-running = &led_status_green; > + led-upgrade = &led_status_amber; > + }; > + > + leds { > + compatible = "gpio-leds"; > + > + led_status_green: status_green { > + label = "tp-link:green:status"; > + gpios = <&gpio 7 GPIO_ACTIVE_HIGH>; > + default-state = "on"; > + }; > + > + led_status_amber: status_amber { > + label = "tp-link:amber:status"; > + gpios = <&gpio 9 GPIO_ACTIVE_HIGH>; > + }; > + > + led_status_red: status_red { > + label = "tp-link:red:status"; > + gpios = <&gpio 1 GPIO_ACTIVE_HIGH>; > + }; > + }; > +}; > diff --git a/target/linux/ath79/generic/base- > files/etc/board.d/02_network b/target/linux/ath79/generic/base- > files/etc/board.d/02_network > index 7524806d72..d19f885e27 100755 > --- a/target/linux/ath79/generic/base-files/etc/board.d/02_network > +++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network > @@ -38,6 +38,7 @@ ath79_setup_interfaces() > pisen,wmb001n|\ > pisen,wmm003n|\ > siemens,ws-ap3610|\ > + tplink,eap245-v1|\ > tplink,cpe210-v2|\ > tplink,cpe210-v3|\ > tplink,cpe510-v2|\ > diff --git a/target/linux/ath79/generic/base- > files/etc/hotplug.d/firmware/11-ath10k-caldata > b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11- > ath10k-caldata > index 2926796d65..7f29c4c157 100644 > --- a/target/linux/ath79/generic/base- > files/etc/hotplug.d/firmware/11-ath10k-caldata > +++ b/target/linux/ath79/generic/base- > files/etc/hotplug.d/firmware/11-ath10k-caldata > @@ -123,6 +123,7 @@ case "$FIRMWARE" in > caldata_extract "art" 0x5000 0x844 > ath10k_patch_mac $(macaddr_add $(cat > /sys/class/net/eth0/address) -2) > ;; > + tplink,eap245-v1|\ > tplink,re450-v2|\ > tplink,re450-v3) > caldata_extract "art" 0x5000 0x844 > diff --git a/target/linux/ath79/image/generic-tp-link.mk > b/target/linux/ath79/image/generic-tp-link.mk > index d2cc8d09bd..a4a14ed889 100644 > --- a/target/linux/ath79/image/generic-tp-link.mk > +++ b/target/linux/ath79/image/generic-tp-link.mk > @@ -372,6 +372,15 @@ define Device/tplink_eap2x5_1port > IMAGE/factory.bin := append-rootfs | tplink-safeloader factory | > pad-extra 128 > endef > > +define Device/tplink_eap245-v1 > + $(Device/tplink_eap2x5_1port) > + DEVICE_MODEL := EAP245 > + DEVICE_VARIANT := v1 > + TPLINK_BOARD_ID := EAP245-V1 > + DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca988x-ct > +endef > +TARGET_DEVICES += tplink_eap245-v1 > + > define Device/tplink_eap245-v3 > $(Device/tplink-safeloader) > SOC := qca9563 > diff --git a/tools/firmware-utils/src/tplink-safeloader.c > b/tools/firmware-utils/src/tplink-safeloader.c > index e9e6f01ebd..a20304150b 100644 > --- a/tools/firmware-utils/src/tplink-safeloader.c > +++ b/tools/firmware-utils/src/tplink-safeloader.c > @@ -1291,6 +1291,34 @@ static struct device_info boards[] = { > .last_sysupgrade_partition = "file-system" > }, > > + /** Firmware layout for the EAP245 v1 */ > + { > + .id = "EAP245-V1", > + .support_list = > + "SupportList:\r\n" > + "EAP245(TP-LINK|UN|AC1750-D):1.0\r\n", > + .support_trail = '\xff', > + .soft_ver = NULL, > + > + .partitions = { > + {"fs-uboot", 0x00000, 0x20000}, > + {"partition-table", 0x20000, 0x02000}, > + {"default-mac", 0x30000, 0x01000}, > + {"support-list", 0x31000, 0x00100}, > + {"product-info", 0x31100, 0x00400}, > + {"soft-version", 0x32000, 0x00100}, > + {"firmware", 0x40000, 0xc00000}, > + {"user-config", 0xdc0000, 0x10000}, > + {"backup-config", 0xdd0000, 0x10000}, > + {"log", 0xde0000, 0x10000}, > + {"radio", 0xff0000, 0x10000}, > + {NULL, 0, 0} > + }, > + > + .first_sysupgrade_partition = "os-image", > + .last_sysupgrade_partition = "file-system" > + }, > + > /** Firmware layout for the EAP245 v3 */ > { > .id = "EAP245-V3",
> > Tested on the EAP245 v1 running the latest firmware (v1.4.0). The > > binary patch might not apply to uclited from other firmware versions. > > > > Signed-off-by: Sander Vanheule <sander@svanheule.net> > > Seems like I was overdue on a proper read of the kernel patch submission > guidelines. My understanding from the guidelines and your previous mail [1], > is that these lines aren't about the literal patch contents per se, but also > about the intention of the patch and the provided functionality. > > So the fact that the bulk of the EAP245 v1's DTS was moved to the 1- port > DTSI, shouldn't be an issue to attribute device support to Julien in this patch, > right? I see that differently. For me, providing device support for a device A and using similar code for a bunch of devices B to D is a different patch. I don't think a Signed-off-by is correct here, as Julien is _not_ an author of your patch, as he intended to provide support for the EAP245 and not for the 1-port EAP2x5 devices. > > Would you consider the following appropriate for this patch? > > EAP245 v1 support originally implemented by Julien Dusser. That's nice but irrelevant without proper explanation ("why is EAP245 relevant at all"). If you really want to refer to that prior work, IMO a proper solution would be to just add something like "Implementation of these devices is based on the prior work of XY supporting device YZ in commit xxxxxxxxx." Then, everybody can look up what XY has done and will see the proper authorship in the reference. > SoC MDIO integration, factory flashing method, and final patch by > Sander Vanheule. > > Co-developed-by: Julien Dusser <julien.dusser@free.fr> > Signed-of-By: Julien Dusser <julien.dusser@free.fr> The initial author needs no Co-developed-by, as he is mentioned in the From field. From/Co-developed-by is about authorship, Signed-off-by is about legal accountability. The latter is one reason why you technically actually can only add Juliens Signed-off-by if this patch is combined submission of both of you, where both people have actually checked the final patch for correctness. If that's not the case, it's not Co-developed-by, but Julien would be the author, and you would have to note every single change before your Signed-off-by to make obvious which parts are covered by his SoB and what has been changed since then and thus is covered by your SoB. (example for the latter may be found here: https://github.com/openwrt/openwrt/commit/ed087cba8a8e41f76f9487caa34eff926ea8a065) Since this appears to me to be "your" patch, and not a submission by both of you, for me it would be more correct to just have your SoB/From: only. If the original patch was mine, I'd actually be quite mad at you if you used my Signed-off-by for a different submission. Best Adrian
Hi Adrian, Thank you for taking your time to provide feedback. On Mon, 2020-07-20 at 22:54 +0200, mail@adrianschmutzler.de wrote: > > > Tested on the EAP245 v1 running the latest firmware (v1.4.0). The > > > binary patch might not apply to uclited from other firmware > > > versions. > > > > > > Signed-off-by: Sander Vanheule <sander@svanheule.net> > > > > Seems like I was overdue on a proper read of the kernel patch > > submission > > guidelines. My understanding from the guidelines and your previous > > mail [1], > > is that these lines aren't about the literal patch contents per se, > > but also > > about the intention of the patch and the provided functionality. > > > > So the fact that the bulk of the EAP245 v1's DTS was moved to the > > 1- port > > DTSI, shouldn't be an issue to attribute device support to Julien > > in this patch, > > right? > > I see that differently. For me, providing device support for a device > A and using similar code for a bunch of devices B to D is a different > patch. > > I don't think a Signed-off-by is correct here, as Julien is _not_ an > author of your patch, as he intended to provide support for the > EAP245 and not for the 1-port EAP2x5 devices. > > Would you consider the following appropriate for this patch? > > > > EAP245 v1 support originally implemented by Julien Dusser. > > That's nice but irrelevant without proper explanation ("why is EAP245 > relevant at all"). This patch (4/6) specifically enables support for the EAP245 v1, the device Julien worked on. You can see a history of his and my changes on the EAP245v1-only DTS on Julien's GitHub page: https://github.com/j-d-r/openwrt/commits/master-eap245-original-u-boot/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts > > If you really want to refer to that prior work, IMO a proper solution > would be to just add something like "Implementation of these devices > is based on the prior work of XY supporting device YZ in commit > xxxxxxxxx." > > Then, everybody can look up what XY has done and will see the proper > authorship in the reference. > > SoC MDIO integration, factory flashing method, and final patch > > by > > Sander Vanheule. > > > > Co-developed-by: Julien Dusser <julien.dusser@free.fr> > > Signed-of-By: Julien Dusser <julien.dusser@free.fr> > > The initial author needs no Co-developed-by, as he is mentioned in > the From field. > From/Co-developed-by is about authorship, Signed-off-by is about > legal accountability. > > The latter is one reason why you technically actually can only add > Juliens Signed-off-by if this patch is combined submission of both of > you, where both people have actually checked the final patch for > correctness. If that's not the case, it's not Co-developed-by, but > Julien would be the author, and you would have to note every single > change before your Signed-off-by to make obvious which parts are > covered by his SoB and what has been changed since then and thus is > covered by your SoB. > (example for the latter may be found here: > https://github.com/openwrt/openwrt/commit/ed087cba8a8e41f76f9487caa34eff926ea8a065 > ) > > Since this appears to me to be "your" patch, and not a submission by > both of you, for me it would be more correct to just have your > SoB/From: only. > If the original patch was mine, I'd actually be quite mad at you if > you used my Signed-off-by for a different submission. > You are right in that Julien did not formally sign of on this specific patch. I seemed to remember I asked him whether I should include a Signed-off-by for him, but it turns out that was for another patch. Due to my lacking understanding of the implications of a Signed-off-by at the time, I must have misremembered. So for this patch and 3/6 (the DTSI), I will only sign off for myself. (And I think I owe Julien an apology for trying to formally attach his name to this patch.) Best, Sander
diff --git a/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts b/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts new file mode 100644 index 0000000000..99c66db2b9 --- /dev/null +++ b/target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts @@ -0,0 +1,36 @@ +// SPDX-License-Identifier: GPL-2.0-or-later OR MIT +/dts-v1/; + +#include "qca9563_tplink_eap2x5_1port.dtsi" + +/ { + compatible = "tplink,eap245-v1", "qca,qca9563"; + model = "TP-Link EAP245 v1"; + + aliases { + led-boot = &led_status_green; + led-failsafe = &led_status_amber; + led-running = &led_status_green; + led-upgrade = &led_status_amber; + }; + + leds { + compatible = "gpio-leds"; + + led_status_green: status_green { + label = "tp-link:green:status"; + gpios = <&gpio 7 GPIO_ACTIVE_HIGH>; + default-state = "on"; + }; + + led_status_amber: status_amber { + label = "tp-link:amber:status"; + gpios = <&gpio 9 GPIO_ACTIVE_HIGH>; + }; + + led_status_red: status_red { + label = "tp-link:red:status"; + gpios = <&gpio 1 GPIO_ACTIVE_HIGH>; + }; + }; +}; diff --git a/target/linux/ath79/generic/base-files/etc/board.d/02_network b/target/linux/ath79/generic/base-files/etc/board.d/02_network index 7524806d72..d19f885e27 100755 --- a/target/linux/ath79/generic/base-files/etc/board.d/02_network +++ b/target/linux/ath79/generic/base-files/etc/board.d/02_network @@ -38,6 +38,7 @@ ath79_setup_interfaces() pisen,wmb001n|\ pisen,wmm003n|\ siemens,ws-ap3610|\ + tplink,eap245-v1|\ tplink,cpe210-v2|\ tplink,cpe210-v3|\ tplink,cpe510-v2|\ diff --git a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata index 2926796d65..7f29c4c157 100644 --- a/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata +++ b/target/linux/ath79/generic/base-files/etc/hotplug.d/firmware/11-ath10k-caldata @@ -123,6 +123,7 @@ case "$FIRMWARE" in caldata_extract "art" 0x5000 0x844 ath10k_patch_mac $(macaddr_add $(cat /sys/class/net/eth0/address) -2) ;; + tplink,eap245-v1|\ tplink,re450-v2|\ tplink,re450-v3) caldata_extract "art" 0x5000 0x844 diff --git a/target/linux/ath79/image/generic-tp-link.mk b/target/linux/ath79/image/generic-tp-link.mk index d2cc8d09bd..a4a14ed889 100644 --- a/target/linux/ath79/image/generic-tp-link.mk +++ b/target/linux/ath79/image/generic-tp-link.mk @@ -372,6 +372,15 @@ define Device/tplink_eap2x5_1port IMAGE/factory.bin := append-rootfs | tplink-safeloader factory | pad-extra 128 endef +define Device/tplink_eap245-v1 + $(Device/tplink_eap2x5_1port) + DEVICE_MODEL := EAP245 + DEVICE_VARIANT := v1 + TPLINK_BOARD_ID := EAP245-V1 + DEVICE_PACKAGES := kmod-ath10k-ct ath10k-firmware-qca988x-ct +endef +TARGET_DEVICES += tplink_eap245-v1 + define Device/tplink_eap245-v3 $(Device/tplink-safeloader) SOC := qca9563 diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c index e9e6f01ebd..a20304150b 100644 --- a/tools/firmware-utils/src/tplink-safeloader.c +++ b/tools/firmware-utils/src/tplink-safeloader.c @@ -1291,6 +1291,34 @@ static struct device_info boards[] = { .last_sysupgrade_partition = "file-system" }, + /** Firmware layout for the EAP245 v1 */ + { + .id = "EAP245-V1", + .support_list = + "SupportList:\r\n" + "EAP245(TP-LINK|UN|AC1750-D):1.0\r\n", + .support_trail = '\xff', + .soft_ver = NULL, + + .partitions = { + {"fs-uboot", 0x00000, 0x20000}, + {"partition-table", 0x20000, 0x02000}, + {"default-mac", 0x30000, 0x01000}, + {"support-list", 0x31000, 0x00100}, + {"product-info", 0x31100, 0x00400}, + {"soft-version", 0x32000, 0x00100}, + {"firmware", 0x40000, 0xc00000}, + {"user-config", 0xdc0000, 0x10000}, + {"backup-config", 0xdd0000, 0x10000}, + {"log", 0xde0000, 0x10000}, + {"radio", 0xff0000, 0x10000}, + {NULL, 0, 0} + }, + + .first_sysupgrade_partition = "os-image", + .last_sysupgrade_partition = "file-system" + }, + /** Firmware layout for the EAP245 v3 */ { .id = "EAP245-V3",
TP-Link EAP245 v1 is an AC1750 (802.11ac Wave-1) ceiling mount access point. Device specifications: * SoC: QCA9563 @ 775MHz * RAM: 128MiB DDR2 * Flash: 16MiB SPI-NOR * Wireless 2.4GHz (SoC): b/g/n, 3x3 * Wireless 5Ghz (QCA9880): a/n/ac, 3x3 * Ethernet (AR8033): 1× 1GbE, 803.2at PoE Flashing instructions: * Extract /usr/bin/uclited from the device via ssh and apply the binary patch listed below. The patch is required to prevent `uclited -u` in the last step from crashing. * Exploit the user management page in the web interface to start telnetd by changing the username to `;/usr/sbin/telnetd -l/bin/sh&`. * Immediately change the malformed username back to something valid (e.g. 'admin') to make ssh work again. * Use the root shell via telnet to make /tmp world writeable (chmod 777) * Copy the patched uclited programme back to the device at /tmp/uclited (via ssh) * Upload the factory image to /tmp/upgrade.bin (via ssh) * Run `chmod +x /tmp/uclited && /tmp/uclited -u` to flash OpenWrt. --- xxd uclited +++ xxd uclited-patched @@ -53796,7 +53796,7 @@ 000d2240: 8c44 0000 0320 f809 0000 0000 8fbc 0010 .D... .......... 000d2250: 8fa6 0a4c 02c0 2821 8f82 87b8 0000 0000 ...L..(!........ -000d2260: 8c44 0000 0c13 45e0 27a7 0018 8fbc 0010 .D....E.'....... +000d2260: 8c44 0000 2402 0000 0000 0000 8fbc 0010 .D..$........... 000d2270: 1040 001d 0000 1821 8f99 8374 3c04 0058 .@.....!...t<..X 000d2280: 3c05 0056 2484 a898 24a5 9a30 0320 f809 <..V$...$..0. .. Debricking: * Serial port can be soldered on PCB J3 (1: TXD, 2: RXD, 3: GND, 4: VCC) * Bridge unpopulated resistors R225 (TXD) and R237 (RXD). Do NOT bridge R230. * Use 3.3V, 115200 baud, 8n1 * Interrupt bootloader by holding CTRL+B during boot * tftp initramfs to flash via the LuCI web interface Tested on the EAP245 v1 running the latest firmware (v1.4.0). The binary patch might not apply to uclited from other firmware versions. Signed-off-by: Sander Vanheule <sander@svanheule.net> --- .../ath79/dts/qca9563_tplink_eap245-v1.dts | 36 +++++++++++++++++++ .../generic/base-files/etc/board.d/02_network | 1 + .../etc/hotplug.d/firmware/11-ath10k-caldata | 1 + target/linux/ath79/image/generic-tp-link.mk | 9 +++++ tools/firmware-utils/src/tplink-safeloader.c | 28 +++++++++++++++ 5 files changed, 75 insertions(+) create mode 100644 target/linux/ath79/dts/qca9563_tplink_eap245-v1.dts