Re: Question to recent Qualcomm CVEs
Il giorno mar 30 apr 2024 alle ore 15:04 Kalle Valo ha scritto: > > Robert Marko writes: > > > On Tue, 30 Apr 2024 at 10:48, Kalle Valo wrote: > > > >> > >> Robert Marko writes: > >> > >> > On Mon, 29 Apr 2024 at 15:37, Sven Eckelmann wrote: > >> >> > >> >> On Monday, 29 April 2024 15:14:18 CEST Kalle Valo wrote: > >> >> > It's quite strange that they updated 2.5.0.1 branch first but my > >> >> > understanding that there should be updates for the newer 2.7.0.1 > >> >> > branch > >> >> > as well (2.7.0.1 branch is also in linux-firmware). > >> >> > >> >> Yes, I also told them in the support ticket that this is from an older > >> >> branch > >> >> than what is currently shipped in linux-firmware.git. But they told me > >> >> that they are working on newer versions (whatever that means) - but they > >> >> wanted to handle first the update to ATH.11.4 (2.5.0.x) and then > >> >> step-by-step release it for newer firmware branches. It seem like that > >> >> would be > >> >> up to 2.9.0.x - no idea why there is no (public) 2.10.x/2.11.x for the > >> >> AP > >> >> SoCs. > >> > > >> > I would like to point out that IPQ6018 doesn't even have anything > >> > newer than 2.5.0.1 available publicly. > >> > >> But I do see WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 for IPQ6018: > >> > >> https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ6018/hw1.0/2.7.0.1/WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1?ref_type=heads > >> > >> And that release seems to be also in linux-firmware: > >> > >> File: ath11k/IPQ6018/hw1.0/q6_fw.mdt > >> Version: WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 > >> > >> Am I missing something? Or did you mean IPQ5018 which only has a release > >> from 2.6.0.1 branch? > >> > >> https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ5018/hw1.0?ref_type=heads > > > > Ah yes, sorry for the confusion, I meant to say newer than 2.5.0.1 > > that actually works. > > All of the newer public FW than 2.5.0.1 that we tried in OpenWrt will > > just crash, we had the same issue with 2.6 and 2.7 FW on > > IPQ8074 and it was fixed in 2.9.0.1 but there is no 2.9.0.1 public for > > IPQ6018. > > Ah, is the issue you are talking about this bug: > > https://bugzilla.kernel.org/show_bug.cgi?id=216515 > > Or is this another issue? > Yes we wasted a good time on that and we concluded that 2.6.0 and 2.7.0 introduced breaking change in how the BDF was parsed that were fixed in 2.9.0 restoring support for legacy BDF. I think almost all ipq60xx suffer from this... Only a Qnap 301 worked with 2.6.0 - 2.7.0 (that was ipq807x) ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Question to recent Qualcomm CVEs
On Tue, 30 Apr 2024 at 15:02, Kalle Valo wrote: > > Robert Marko writes: > > > On Tue, 30 Apr 2024 at 10:48, Kalle Valo wrote: > > > >> > >> Robert Marko writes: > >> > >> > On Mon, 29 Apr 2024 at 15:37, Sven Eckelmann wrote: > >> >> > >> >> On Monday, 29 April 2024 15:14:18 CEST Kalle Valo wrote: > >> >> > It's quite strange that they updated 2.5.0.1 branch first but my > >> >> > understanding that there should be updates for the newer 2.7.0.1 > >> >> > branch > >> >> > as well (2.7.0.1 branch is also in linux-firmware). > >> >> > >> >> Yes, I also told them in the support ticket that this is from an older > >> >> branch > >> >> than what is currently shipped in linux-firmware.git. But they told me > >> >> that they are working on newer versions (whatever that means) - but they > >> >> wanted to handle first the update to ATH.11.4 (2.5.0.x) and then > >> >> step-by-step release it for newer firmware branches. It seem like that > >> >> would be > >> >> up to 2.9.0.x - no idea why there is no (public) 2.10.x/2.11.x for the > >> >> AP > >> >> SoCs. > >> > > >> > I would like to point out that IPQ6018 doesn't even have anything > >> > newer than 2.5.0.1 available publicly. > >> > >> But I do see WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 for IPQ6018: > >> > >> https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ6018/hw1.0/2.7.0.1/WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1?ref_type=heads > >> > >> And that release seems to be also in linux-firmware: > >> > >> File: ath11k/IPQ6018/hw1.0/q6_fw.mdt > >> Version: WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 > >> > >> Am I missing something? Or did you mean IPQ5018 which only has a release > >> from 2.6.0.1 branch? > >> > >> https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ5018/hw1.0?ref_type=heads > > > > Ah yes, sorry for the confusion, I meant to say newer than 2.5.0.1 > > that actually works. > > All of the newer public FW than 2.5.0.1 that we tried in OpenWrt will > > just crash, we had the same issue with 2.6 and 2.7 FW on > > IPQ8074 and it was fixed in 2.9.0.1 but there is no 2.9.0.1 public for > > IPQ6018. > > Ah, is the issue you are talking about this bug: > > https://bugzilla.kernel.org/show_bug.cgi?id=216515 > > Or is this another issue? Yeah, that is the issue for IPQ8074, we just skipped the 2.6 and 2.7 FW and went for 2.9. For IPQ6018 it seems that we have BDF compatibility issues with most FW newer than 2.4 or 2.5 max. Its been some time since I last checked what boards work with what FW on IPQ6018. Regards, Robert > > -- > https://patchwork.kernel.org/project/linux-wireless/list/ > > https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Question to recent Qualcomm CVEs
Robert Marko writes: > On Tue, 30 Apr 2024 at 10:48, Kalle Valo wrote: > >> >> Robert Marko writes: >> >> > On Mon, 29 Apr 2024 at 15:37, Sven Eckelmann wrote: >> >> >> >> On Monday, 29 April 2024 15:14:18 CEST Kalle Valo wrote: >> >> > It's quite strange that they updated 2.5.0.1 branch first but my >> >> > understanding that there should be updates for the newer 2.7.0.1 branch >> >> > as well (2.7.0.1 branch is also in linux-firmware). >> >> >> >> Yes, I also told them in the support ticket that this is from an older >> >> branch >> >> than what is currently shipped in linux-firmware.git. But they told me >> >> that they are working on newer versions (whatever that means) - but they >> >> wanted to handle first the update to ATH.11.4 (2.5.0.x) and then >> >> step-by-step release it for newer firmware branches. It seem like that >> >> would be >> >> up to 2.9.0.x - no idea why there is no (public) 2.10.x/2.11.x for the AP >> >> SoCs. >> > >> > I would like to point out that IPQ6018 doesn't even have anything >> > newer than 2.5.0.1 available publicly. >> >> But I do see WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 for IPQ6018: >> >> https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ6018/hw1.0/2.7.0.1/WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1?ref_type=heads >> >> And that release seems to be also in linux-firmware: >> >> File: ath11k/IPQ6018/hw1.0/q6_fw.mdt >> Version: WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 >> >> Am I missing something? Or did you mean IPQ5018 which only has a release >> from 2.6.0.1 branch? >> >> https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ5018/hw1.0?ref_type=heads > > Ah yes, sorry for the confusion, I meant to say newer than 2.5.0.1 > that actually works. > All of the newer public FW than 2.5.0.1 that we tried in OpenWrt will > just crash, we had the same issue with 2.6 and 2.7 FW on > IPQ8074 and it was fixed in 2.9.0.1 but there is no 2.9.0.1 public for > IPQ6018. Ah, is the issue you are talking about this bug: https://bugzilla.kernel.org/show_bug.cgi?id=216515 Or is this another issue? -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt One / project update
On Mon, 29 Apr 2024 21:05:15 +0100
Daniel Golle wrote:
> Hi Michael,
>
> On Mon, Apr 29, 2024 at 03:04:37PM -0400, Michael Richardson wrote:
> >
> > {sorry for the long delay, been unwell}
> >
> > Bjørn Mork wrote:
> > > Maybe it is possible to deploy the system with secure boot
> > > and a protected IDevId key by default, but allowing the
> > > user/owner to erase the key and disable secure boot? This
> > > way all use cases could be supported, including playing with
> > > the BL2 code etc.
> >
> > It won't work that way. If someone can easily turn off secure
> > boot, then so can malware.
>
> Malware cannot remove or add a physical jumper or press a physical
> button on the board (we got a jumper to write-protect the SPI-NOR
> flash).
Correct, and IIRC a switch to choose which on-board flash to boot from?
This, plus the lockable boot block feature found in about all modern
flash chips is really all it takes to implement a really secure boot. It
is only a question of U-Boot patches, which can be 100% free and open
source software, absolutely no NDA required.
> Believing that secure boot could provide protection from malware also
> misses an important point: Most malware nowadays doesn't even strive
> for persistency but rather relies on exploitable run-time
> vulnerabilities. We are in an always-online world, the classic "boot
> sector virus" is an archaic thing from the 1980s.
Exactly. Thanks for the public reminder!
Torsten
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Question to recent Qualcomm CVEs
On Tue, 30 Apr 2024 at 10:48, Kalle Valo wrote: > > Robert Marko writes: > > > On Mon, 29 Apr 2024 at 15:37, Sven Eckelmann wrote: > >> > >> On Monday, 29 April 2024 15:14:18 CEST Kalle Valo wrote: > >> > It's quite strange that they updated 2.5.0.1 branch first but my > >> > understanding that there should be updates for the newer 2.7.0.1 branch > >> > as well (2.7.0.1 branch is also in linux-firmware). > >> > >> Yes, I also told them in the support ticket that this is from an older > >> branch > >> than what is currently shipped in linux-firmware.git. But they told me > >> that they are working on newer versions (whatever that means) - but they > >> wanted to handle first the update to ATH.11.4 (2.5.0.x) and then > >> step-by-step release it for newer firmware branches. It seem like that > >> would be > >> up to 2.9.0.x - no idea why there is no (public) 2.10.x/2.11.x for the AP > >> SoCs. > > > > I would like to point out that IPQ6018 doesn't even have anything > > newer than 2.5.0.1 available publicly. > > But I do see WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 for IPQ6018: > > https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ6018/hw1.0/2.7.0.1/WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1?ref_type=heads > > And that release seems to be also in linux-firmware: > > File: ath11k/IPQ6018/hw1.0/q6_fw.mdt > Version: WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 > > Am I missing something? Or did you mean IPQ5018 which only has a release > from 2.6.0.1 branch? > > https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ5018/hw1.0?ref_type=heads Ah yes, sorry for the confusion, I meant to say newer than 2.5.0.1 that actually works. All of the newer public FW than 2.5.0.1 that we tried in OpenWrt will just crash, we had the same issue with 2.6 and 2.7 FW on IPQ8074 and it was fixed in 2.9.0.1 but there is no 2.9.0.1 public for IPQ6018. Regards, Robert > > -- > https://patchwork.kernel.org/project/linux-wireless/list/ > > https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Question to recent Qualcomm CVEs
Robert Marko writes: > On Mon, 29 Apr 2024 at 15:37, Sven Eckelmann wrote: >> >> On Monday, 29 April 2024 15:14:18 CEST Kalle Valo wrote: >> > It's quite strange that they updated 2.5.0.1 branch first but my >> > understanding that there should be updates for the newer 2.7.0.1 branch >> > as well (2.7.0.1 branch is also in linux-firmware). >> >> Yes, I also told them in the support ticket that this is from an older branch >> than what is currently shipped in linux-firmware.git. But they told me >> that they are working on newer versions (whatever that means) - but they >> wanted to handle first the update to ATH.11.4 (2.5.0.x) and then >> step-by-step release it for newer firmware branches. It seem like that would >> be >> up to 2.9.0.x - no idea why there is no (public) 2.10.x/2.11.x for the AP >> SoCs. > > I would like to point out that IPQ6018 doesn't even have anything > newer than 2.5.0.1 available publicly. But I do see WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 for IPQ6018: https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ6018/hw1.0/2.7.0.1/WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1?ref_type=heads And that release seems to be also in linux-firmware: File: ath11k/IPQ6018/hw1.0/q6_fw.mdt Version: WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 Am I missing something? Or did you mean IPQ5018 which only has a release from 2.6.0.1 branch? https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware/-/tree/main/IPQ5018/hw1.0?ref_type=heads -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
