Adding OpenWrt support for Xiaomi AX3600

Boom !

Fantastic, ill update my branch with that address at lunch :smile:

Cant seem to scan on 2g or 5g but startup / init seems fine for me.

iw list

root@OpenWrt:/# iw list
Wiphy phy1
        max # scan SSIDs: 16
        max scan IEs length: 152 bytes
        max # sched scan SSIDs: 0
        max # match sets: 0
        max # scan plans: 1
        max scan plan interval: -1
        max scan plan iterations: 0
        Retry short limit: 7
        Retry long limit: 4
        Coverage class: 0 (up to 0m)
        Device supports AP-side u-APSD.
        Available Antennas: TX 0x3 RX 0x3
        Configured Antennas: TX 0x3 RX 0x3
        Supported interface modes:
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point
        Band 1:
                Capabilities: 0x11e7
                        RX LDPC
                        HT20/HT40
                        Dynamic SM Power Save
                        RX HT20 SGI
                        RX HT40 SGI
                        TX STBC
                        RX STBC 1-stream
                        Max AMSDU length: 3839 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: No restriction (0x00)
                HT TX/RX MCS rate indexes supported: 0-15
                Frequencies:
                        * 2412 MHz [1] (30.0 dBm)
                        * 2417 MHz [2] (30.0 dBm)
                        * 2422 MHz [3] (30.0 dBm)
                        * 2427 MHz [4] (30.0 dBm)
                        * 2432 MHz [5] (30.0 dBm)
                        * 2437 MHz [6] (30.0 dBm)
                        * 2442 MHz [7] (30.0 dBm)
                        * 2447 MHz [8] (30.0 dBm)
                        * 2452 MHz [9] (30.0 dBm)
                        * 2457 MHz [10] (30.0 dBm)
                        * 2462 MHz [11] (30.0 dBm)
                        * 2467 MHz [12] (disabled)
                        * 2472 MHz [13] (disabled)
                        * 2484 MHz [14] (disabled)
        valid interface combinations:
                 * #{ managed } <= 1, #{ AP, mesh point } <= 16,
                   total <= 16, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz }

        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        Supported extended features:
                * [ RRM ]: RRM
                * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
                * [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
                * [ STA_TX_PWR ]: TX power control per station
Wiphy phy0
        max # scan SSIDs: 16
        max scan IEs length: 142 bytes
        max # sched scan SSIDs: 0
        max # match sets: 0
        max # scan plans: 1
        max scan plan interval: -1
        max scan plan iterations: 0
        Retry short limit: 7
        Retry long limit: 4
        Coverage class: 0 (up to 0m)
        Device supports AP-side u-APSD.
        Available Antennas: TX 0xf0 RX 0xf0
        Configured Antennas: TX 0xf0 RX 0xf0
        Supported interface modes:
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point
        Band 2:
                Capabilities: 0x19e7
                        RX LDPC
                        HT20/HT40
                        Dynamic SM Power Save
                        RX HT20 SGI
                        RX HT40 SGI
                        TX STBC
                        RX STBC 1-stream
                        Max AMSDU length: 7935 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: No restriction (0x00)
                HT TX/RX MCS rate indexes supported: 0-31
                VHT Capabilities (0x738bf9b2):
                        Max MPDU length: 11454
                        Supported Channel Width: neither 160 nor 80+80
                        RX LDPC
                        short GI (80 MHz)
                        TX STBC
                        SU Beamformer
                        SU Beamformee
                        MU Beamformer
                        RX antenna pattern consistency
                        TX antenna pattern consistency
                VHT RX MCS set:
                        1 streams: MCS 0-9
                        2 streams: MCS 0-9
                        3 streams: MCS 0-9
                        4 streams: MCS 0-9
                        5 streams: not supported
                        6 streams: not supported
                        7 streams: not supported
                        8 streams: not supported
                VHT RX highest supported: 0 Mbps
                VHT TX MCS set:
                        1 streams: MCS 0-9
                        2 streams: MCS 0-9
                        3 streams: MCS 0-9
                        4 streams: MCS 0-9
                        5 streams: not supported
                        6 streams: not supported
                        7 streams: not supported
                        8 streams: not supported                                                      +-----------------------------+
                VHT TX highest supported: 0 Mbps                                                      |                             |
                Frequencies:                                                                          |  Cannot open /dev/ttyUSB0!  |
                        * 5180 MHz [36] (30.0 dBm)                                                    |                             |
                        * 5200 MHz [40] (30.0 dBm)                                                    +-----------------------------+
                        * 5220 MHz [44] (30.0 dBm)
                        * 5240 MHz [48] (30.0 dBm)
                        * 5260 MHz [52] (24.0 dBm) (radar detection)
                        * 5280 MHz [56] (24.0 dBm) (radar detection)
                        * 5300 MHz [60] (24.0 dBm) (radar detection)
                        * 5320 MHz [64] (24.0 dBm) (radar detection)
                        * 5500 MHz [100] (24.0 dBm) (radar detection)
                        * 5520 MHz [104] (24.0 dBm) (radar detection)
                        * 5540 MHz [108] (24.0 dBm) (radar detection)
                        * 5560 MHz [112] (24.0 dBm) (radar detection)
                        * 5580 MHz [116] (24.0 dBm) (radar detection)
                        * 5600 MHz [120] (24.0 dBm) (radar detection)
                        * 5620 MHz [124] (24.0 dBm) (radar detection)
                        * 5640 MHz [128] (24.0 dBm) (radar detection)
                        * 5660 MHz [132] (24.0 dBm) (radar detection)
                        * 5680 MHz [136] (24.0 dBm) (radar detection)
                        * 5700 MHz [140] (24.0 dBm) (radar detection)
                        * 5720 MHz [144] (24.0 dBm) (radar detection)
                        * 5745 MHz [149] (30.0 dBm)
                        * 5765 MHz [153] (30.0 dBm)
                        * 5785 MHz [157] (30.0 dBm)
                        * 5805 MHz [161] (30.0 dBm)
                        * 5825 MHz [165] (30.0 dBm)
                        * 5845 MHz [169] (disabled)
                        * 5865 MHz [173] (disabled)
        valid interface combinations:
                 * #{ managed } <= 1, #{ AP, mesh point } <= 16,
                   total <= 16, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz }

        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        Supported extended features:
                * [ RRM ]: RRM
                * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
                * [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
                * [ STA_TX_PWR ]: TX power control per station

iw reg get

root@OpenWrt:/# iw reg get
global
country 00: DFS-UNSET
        (2402 - 2472 @ 40), (N/A, 20), (N/A)
        (2457 - 2482 @ 20), (N/A, 20), (N/A), AUTO-BW, PASSIVE-SCAN
        (2474 - 2494 @ 20), (N/A, 20), (N/A), NO-OFDM, PASSIVE-SCAN
        (5170 - 5250 @ 80), (N/A, 20), (N/A), AUTO-BW
        (5250 - 5330 @ 80), (N/A, 20), (0 ms), DFS, AUTO-BW, PASSIVE-SCAN
        (5490 - 5730 @ 160), (N/A, 20), (0 ms), DFS, PASSIVE-SCAN
        (5735 - 5835 @ 80), (N/A, 20), (N/A), PASSIVE-SCAN
        (57240 - 63720 @ 2160), (N/A, 0), (N/A)

phy#1 (self-managed)
country US: DFS-FCC
        (2402 - 2472 @ 40), (6, 30), (N/A)
        (5170 - 5250 @ 80), (6, 30), (N/A), AUTO-BW
        (5250 - 5330 @ 80), (6, 24), (0 ms), DFS, AUTO-BW
        (5490 - 5730 @ 160), (6, 24), (0 ms), DFS, AUTO-BW
        (5735 - 5835 @ 80), (6, 30), (N/A), AUTO-BW

phy#0 (self-managed)
country US: DFS-FCC
        (2402 - 2472 @ 40), (6, 30), (N/A)
        (5170 - 5250 @ 80), (6, 30), (N/A), AUTO-BW
        (5250 - 5330 @ 80), (6, 24), (0 ms), DFS, AUTO-BW
        (5490 - 5730 @ 160), (6, 24), (0 ms), DFS, AUTO-BW
        (5735 - 5835 @ 80), (6, 30), (N/A), AUTO-BW
root@(none):/lib/modules/5.4.52# hostapd /etc/hostapd.conf
[  121.516593] br2: port 1(wlan0) entered blocking state
[  121.516641] br2: port 1(wlan0) entered disabled state
[  121.520874] device wlan0 entered promiscuous mode
wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
wlan0: interface state COUNTRY_UPDATE->HT_SCAN
[  122.279103] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
wlan0: interface state HT_SCAN->ENABLED
wlan0: AP-ENABLED
[  131.101551] ath11k c000000.wifi: bss channel survey timed out
[  140.317552] ath11k c000000.wifi: bss channel survey timed out
1 Like

I have started a general IPQ807x thread here now we have a lot more of the HW working :

Should help get others with IPQ807x based HW startes :+1:

2 Likes

Hi!
I managed to recompile the latest firmware (v67) using windows 10 linux subsystem.
I didn't lost SSH but I think the "phone home" stuff didn't work...

I don't see any changes in hosts, and I'm able to ping the sites that should be blocked.
Also the root password that I had set in v17 didn't change.

Could you help me? Can I run parts of the repack-squashfs.sh script in the router through SSH?

EDIT:
I was "following" the script line by line and cheking in the router if the changes were made, and besides roots password not changed (not a problem) I think this last step didn't work:

# as a last-ditch effort, change the *.miwifi.com hostnames to localhost
sed -i 's@\w\+.miwifi.com@localhost@g' $FSDIR/etc/config/miwifi

The current content of the file "/etc/config/miwifi" in the router is:

config miwifi 'server'
        option API api.miwifi.com
        option LOG log.miwifi.com
        option S s.miwifi.com
        option APP app.miwifi.com
        option STUN stun.miwifi.com
        option BROKER broker.miwifi.com

The Xiaomi AX3600 it's glorious and AX1800 it's almost so good, but smaller (charmy) and with half price.

NEW-Mi-Xiaomi-Router-AX1800-Wifi-6-5-Core-256M-Memory-Mesh-Home-IoT-4-Signal

I hope that IPQ6000 AX1800 it's not so different than IPQ8071 AX3600, so is there any chances to port AX1800 to openwrt in mid future too?

1 Like

Ipq6000 support for the kernel is still ver very VERY bad. I think the gcc (global clock controller) is not even approved upstream

1 Like

:worried:

Okay, so let's buy the big crab and soon put openwrt on it! Thanks!

Would a build from Qualcomm's Ipq6000 source be possible like there is for the AX3600?

Yeah the best you have in terms of ipq60xx support is in the QCOM staging tree .

https://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux.git/tree/arch/arm64/boot/dts/qcom/ipq6018.dtsi?h=for-next

1 Like

No it's not possible. Besides, squashfs is not some read-write fs, so there's no advantage to running it on-device.

Your root password and /etc/config/miwifi is on a separate partition. If that's not re-created or re-initialized on an upgrade, that means the router didn't perform an upgrade properly - likely flag_ota_reboot was not set.

A more accurate check for whether the firmware was modified is to see if files like /usr/sbin/otapredownload is zero-sized.

That's normal. The mod removes phone-home functionality from the router, not block off the manufacturer's servers. Otherwise users having Xiaomi IoT products would suddenly all not work.

1 Like

You may want to look at the QSDK source here:

https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/tree/?h=NHSS.QSDK.12.0.r2

It's for the 4.4 kernel, but it should be doable to make it work on 5.4 once the mechanics of the drivers are understood.

QSDK 12 appears to be the latest AFAIK.

2 Likes

Anybody have any idea?

root@OpenWrt:/sys/kernel/debug/ath11k/ipq8074 hw2.0/mac1/fw_stats# cat pdev_stat
s
[ 2172.830093] got wmi event id UPDATE STATS 0x1d004
[ 2638.929695] got wmi event id 0x1d004

             ath11k PDEV stats
             =================

           Channel noise floor        -96
              Channel TX power         52
                TX frame count          0
                RX frame count 1396908160
                RX clear count    9675200
                   Cycle count 3926238656
               PHY error count          0

          ath11k PDEV TX stats
          ====================

            HTT cookies queued          0
             HTT cookies disp.          0
                   MSDU queued         36
                   MPDU queued         36
                 MSDUs dropped          0
                  Local enqued         36
                   Local freed         36
                     HW queued        144
                  PPDUs reaped        144
                 Num underruns          0
                 PPDUs cleaned          0
                  MPDUs requed          0
             Excessive retries        144
                       HW rate          0
           Sched self triggers        144
     Dropped due to SW retries          3
       Illegal rate phy errors   56086580
        PDEV continuous xretry          0
                    TX timeout          0
                   PDEV resets          0
 Stateless TIDs alloc failures          0
                  PHY underrun          0
  MPDU is more than txop limit          0

          ath11k PDEV RX stats
          ====================

         Mid PPDU route change          0
       Tot. number of statuses          0
        Extra frags on rings 0         36
        Extra frags on rings 1          0
        Extra frags on rings 2         36
        Extra frags on rings 3          0
        MSDUs delivered to HTT          0
        MPDUs delivered to HTT          0
      MSDUs delivered to stack          0
      MPDUs delivered to stack          0
               Oversized AMSUs          0
                    PHY errors        144
              PHY errors drops          0
   MPDU errors (FCS, MIC, ENC)          0
1 Like

The init cmd from qsdk:

Length = 85
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [62.870026]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [61.870022]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [60.870026]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [59.870025]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [58.870026]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [57.870023]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [56.870024]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [55.870027]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [54.870032]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [53.870025]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [52.870024]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [51.870021]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [50.870027]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [49.870019]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [48.870025]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [47.870026]
CMD = 4 0 dac3538c e2f9
CMD ID = 16001 WMI_REQUEST_STATS_CMDID
CMD TIME = [46.870060]
CMD = 4 0 dac3538c e2f9
CMD ID = 7003 WMI_BCN_TMPL_CMDID
CMD TIME = [45.887711]
CMD = 0 41 1ba 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.881643]
CMD = 0 19 10000003 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.877917]
CMD = 0 19 10000003 0
CMD ID = 2a003 WMI_OBSS_COLOR_COLLISION_DET_CONFIG_CMDID
CMD TIME = [45.874166]
CMD = 0 0 1 39
CMD ID = 5005 WMI_VDEV_UP_CMDID
CMD TIME = [45.874150]
CMD = 0 0 dac3538c e2f9
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.874142]
CMD = 0 3 64 0
CMD ID = 700b WMI_BCN_OFFLOAD_CTRL_CMDID
CMD TIME = [45.874131]
CMD = 0 2 0 101
CMD ID = 7003 WMI_BCN_TMPL_CMDID
CMD TIME = [45.874112]
CMD = 0 41 1ba 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.874068]
CMD = 0 2d 37d 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.873804]
CMD = 0 7 2 0
CMD ID = 500d WMI_VDEV_SET_WMM_PARAMS_CMDID
CMD TIME = [45.873777]
CMD = 0 c70018 f 3f
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.568353]
CMD = 0 21 1 0
CMD ID = 5009 WMI_VDEV_INSTALL_KEY_CMDID
CMD TIME = [45.568188]
CMD = 0 dac3538c e2f9 1
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [45.551466]
CMD = 1 24 0 80014
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [45.551459]
CMD = 1 bc 80 80014
CMD ID = 40001 WMI_PDEV_OBSS_PD_SPATIAL_REUSE_CMDID
CMD TIME = [45.551449]
CMD = 1 0 0 0
CMD ID = 5003 WMI_VDEV_START_REQUEST_CMDID
CMD TIME = [45.551432]
CMD = 0 0 64 1
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.551233]
CMD = 0 2f 1 80014
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.551204]
CMD = 0 1a 0 a326361
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [45.551191]
CMD = 1 24 0 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.551087]
CMD = 0 3 64 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.551057]
CMD = 0 d 1 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [45.512346]
CMD = 0 1a 0 0
CMD ID = 3a004 WMI_SET_INIT_COUNTRY_CMDID
CMD TIME = [42.349953]
CMD = 2 1 9c 0
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [41.607895]
CMD = 1 4 3c 0
CMD ID = 3001 WMI_START_SCAN_CMDID
CMD TIME = [41.450650]
CMD = a001 a005 0 3
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [41.293516]
CMD = 0 20 1 80014
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [41.084163]
CMD = 0 8002 1b 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [41.063648]
CMD = 0 8002 3b 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [41.044706]
CMD = 0 2d 37d 38
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [41.044677]
CMD = 0 2d 37d 80014
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.707877]
CMD = 0 f 0 0
CMD ID = 6001 WMI_PEER_CREATE_CMDID
CMD TIME = [40.355187]
CMD = 0 dac3538c e2f9 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.295340]
CMD = 0 87 1 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.288498]
CMD = 0 8002 7b 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.268101]
CMD = 0 7e 3 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.268085]
CMD = 0 1d 3 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.255117]
CMD = 0 1c 1 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.255101]
CMD = 0 d 1 12800005
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.255076]
CMD = 0 2a 12c 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.255069]
CMD = 0 29 127 0
CMD ID = 5008 WMI_VDEV_SET_PARAM_CMDID
CMD TIME = [40.255061]
CMD = 0 28 93 0
CMD ID = 1d010 WMI_ECHO_CMDID
CMD TIME = [40.255036]
CMD = 0 0 49c42cff 76c44f3b
CMD ID = 5001 WMI_VDEV_CREATE_CMDID
CMD TIME = [40.254932]
CMD = 0 1 0 dac3538c
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [39.664704]
CMD = 1 61 64 0
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [39.558548]
CMD = 1 5c 6 0
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [39.525680]
CMD = 1 5c 1 80014
CMD ID = 3003 WMI_SCAN_CHAN_LIST_CMDID
CMD TIME = [39.180876]
CMD = d 0 1 12016c
CMD ID = 3003 WMI_SCAN_CHAN_LIST_CMDID
CMD TIME = [39.166365]
CMD = d 0 1 12016c
CMD ID = 3a004 WMI_SET_INIT_COUNTRY_CMDID
CMD TIME = [39.161683]
CMD = 1 1 9c 0
CMD ID = 1d017 WMI_TRANSFER_DATA_TO_FLASH_CMDID
CMD TIME = [35.555486]
CMD = 1 1 64 2
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.554125]
CMD = 1 bc 80 0
CMD ID = a005 WMI_PDEV_DFS_PHYERR_OFFLOAD_ENABLE_CMDID
CMD TIME = [35.554075]
CMD = 0 ffff 70060 0
CMD ID = 4034 WMI_PDEV_WAL_POWER_DEBUG_CMDID
CMD TIME = [35.553065]
CMD = 1 1 53519000 0
CMD ID = 4034 WMI_PDEV_WAL_POWER_DEBUG_CMDID
CMD TIME = [35.552002]
CMD = 1 0 58702000 0
CMD ID = 3e001 WMI_TWT_ENABLE_CMDID
CMD TIME = [35.551162]
CMD = 1 1388 0 a
CMD ID = 3003 WMI_SCAN_CHAN_LIST_CMDID
CMD TIME = [35.509198]
CMD = 19 0 1 1202bc
CMD ID = 4021 WMI_PDEV_SET_MIMOGAIN_TABLE_CMDID
CMD TIME = [35.501848]
CMD = 1 3e8 1 1ba869c0
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.463710]
CMD = 1 a 1 0
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.463555]
CMD = 1 5b 1 2
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.352363]
CMD = 1 7 1 2
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.352356]
CMD = 1 60 7d0 0
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.352347]
CMD = 1 50 3001f40 72656874
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.352340]
CMD = 1 50 2001f40 72656874
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.352331]
CMD = 1 50 1001f40 1bb04f70
CMD ID = 4003 WMI_PDEV_SET_PARAM_CMDID
CMD TIME = [35.352306]
CMD = 1 50 1f40 10008
CMD ID = 1d010 WMI_THERMAL_MGMT_CMDID
CMD TIME = [35.222748]
CMD = 0 0 23ca52eb dba380e6
CMD ID = 1 WMI_INIT_CMDID
CMD TIME = [35.012296]
CMD = 1000000 2c2 5f414351 4c4d

The init cmd from ath11k:

root@OpenWrt:/# dmesg |grep wmi|grep cmdid
[    8.143392] wmi cmdid 00000001 length 844
[    8.416316] wmi cmdid 00004034 length 52
[    8.418413] wmi cmdid 00004034 length 52

All i can think of is that we are missing some patches for ath11k.

Also we need to make use of the correct bdwlan.bin from stock (bdwlan.b292)

  1. remove board-2.bin from firmware
  2. add bdwlan.b292 to /lib/firmware/IPQ8074/bdwlan.bin

But i dont think that will fix the issues we are seeing, its probably just ath11k missing something.

I have tested the latest code from https://source.codeaurora.org/quic/qsdk/kvalo/ath/.
Don't know why the firmware recived so many frames but no interrupt.
Don't know what are these errors means

Illegal rate phy errors   56086580

In that case try with the correct bdwlan file from stock

How should I let the ath11k to load bdwlan?
I deleted board-2.bin and add bdwlan, but the ath11k will not load bdwlan.bin

ath11k checks for board-2.bin and if not found it will load bdwlan. See :

The function ath11k_core_fetch_board_data_api_1 should load bdwlan.bin

Edit ...

The file names are defined https://github.com/torvalds/linux/blob/master/drivers/net/wireless/ath/ath11k/hw.h#L77

ath11k_core_fetch_board_data_api_1will load board.bin, not bdwlan.