This removes support for executing old 32 bit applications on 64 bit ARM
and MIPS kernels.
On OpenWrt we normally compile all the user space applications on our
own and do not support third party binary only modules especial not 32
bit applications on 64 bit CPUs.
This reduces the attack surface on such systems and should also save
some memory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates "Emulate Privileged Access Never using TTBR0_EL1
switching" on ARM64.
This should prevent the kernel from reading code from user space in
kernel context.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently sysupgrade overwrites whole disk and destroys partitions added
by user. Sync the sysupgrade code with the one present in x86 target to
remedy this behaviour.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Since most of devices using SD card image to boot, use ext4 as boot
files system we can drop fat fs related packages. Also move packages
which are added repeatedly across subtargets to their default packages,
with droping the ones that are enabled in target kernel configugation.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This refreshes the current kernel configuration to remove unneeded
options, add some automatically added ones and reorders them. The normal
build did this automatically, so the builds already used this
configuration.
CONFIG_HW_RANDOM_OMAP is explicitly activated for the cortexa72
subtarget because it has an inside-secure,safexcel-eip76 IP core.
This was done with this command on the cortexa9 subtarget:
make kernel_oldconfig
and this one on the other subtargets:
make kernel_oldconfig CONFIG_TARGET=subtarget
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This symbol is enabled in all subtargets, move it to common kernel
config.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Acked-by: Rosen Penev <rosenp@gmail.com>
In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.
This mitigates CVE-2018-3639 on ARM64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This commit introduces new subtarget for Marvell EBU Armada Cortex A53
processor based devices.
The first device is Globalscale ESPRESSObin. Some hardware specs:
SoC: Marvell Armada 3700LP (88F3720) dual core ARM Cortex A53
processor up to 1.2GHz
RAM: 512MB, 1GB or 2GB DDR3
Storage: SATA interface
µSD card slot with footprint for an optional 4GB EMMC
4MB SPI NOR flash for bootloader
Ethernet: Topaz Networking Switch (88E6341) with 3x GbE ports
Connectors: USB 3.0
USB 2.0
µUSB port connected to PL2303SA (USB to serial bridge
controller) for UART access
Expansion: 2x 46-pin GPIO headers for accessories and shields with
I2C, GPIOs, PWM, UART, SPI, MMC, etc
MiniPCIe slot
Misc: Reset button, JTAG interface
Currently booting only from µSD card is supported.
The boards depending on date of dispatch can come with various U-Boot
versions. For the newest version 2017.03-armada-17.10 no manual
intervention should be needed to boot OpenWrt image. For the older ones
it's necessary to modify default U-Boot environment:
1. Interrupt boot process to run U-Boot command line,
2. Run following commands:
(for version 2017.03-armada-17.06 and 2017.03-armada-17.08)
setenv bootcmd "load mmc 0:1 0x4d00000 boot.scr; source 0x4d00000"
saveenv
(for version 2015.01-armada-17.02 and 2015.01-armada-17.04)
setenv bootargs "console=ttyMV0,115200 root=/dev/mmcblk0p2 rw rootwait"
setenv bootcmd "ext4load mmc 0:1 ${fdt_addr} armada-3720-espressobin.dtb; ext4load mmc 0:1 ${kernel_addr} Image; booti ${kernel_addr} - ${fdt_addr}"
saveenv
3. Poweroff, insert SD card with OpenWrt image, boot and enjoy.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Hauke Mehrtens