No idea, there were 2 listed as required when they attempted to upstream.
PN and SEO, both are present in 5.10
i'm tempted to try their wlan-open repo and check if it does work correctly there
Thats not that bad of an idea actually.
it's for sure quicker than doing what i did yesterday trying to backtrack all the ath11k and mac80211 code... ahaha
At least they are using actual backports and upstream ath.git instead of their own custom repo.
what i can't understand is why they still have not proposed the decap patch
Hold you breath...
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.3.1-00163
S - IMAGE_VARIANT_STRING=HAACANAZA
S - OEM_IMAGE_VERSION_STRING=CRM
S - Boot Config, 0x000002e5
B - 201 - PBL, Start
B - 2736 - bootable_media_detect_entry, Start
B - 3444 - bootable_media_detect_success, Start
B - 3448 - elf_loader_entry, Start
B - 6115 - auth_hash_seg_entry, Start
B - 6358 - auth_hash_seg_exit, Start
B - 68328 - elf_segs_hash_verify_entry, Start
B - 131184 - PBL, End
B - 145760 - SBL1, Start
B - 198951 - GCC [RstStat:0x10, RstDbg:0x600000] WDog Stat : 0x4
B - 205570 - pm_device_init, Start
B - 329705 - PM_SET_VAL:Skip
D - 123586 - pm_device_init, Delta
B - 332114 - pm_driver_init, Start
D - 5368 - pm_driver_init, Delta
B - 338489 - clock_init, Start
D - 2104 - clock_init, Delta
B - 342484 - boot_flash_init, Start
D - 12505 - boot_flash_init, Delta
B - 358680 - boot_config_data_table_init, Start
D - 3080 - boot_config_data_table_init, Delta - (575 Bytes)
B - 366152 - Boot Setting : 0x00000600
B - 370087 - CDT version:2,Platform ID:8,Major ID:1,Minor ID:0,Subtype:18
B - 377102 - sbl1_ddr_set_params, Start
B - 380914 - CPR configuration: 0x300
B - 384269 - cpr_init, Start
B - 387167 - Rail:0 Mode: 5 Voltage: 800000
B - 392260 - CL CPR settled at 752000mV
B - 395158 - Rail:1 Mode: 5 Voltage: 880000
B - 399336 - Rail:1 Mode: 7 Voltage: 904000
D - 16500 - cpr_init, Delta
B - 406229 - Pre_DDR_clock_init, Start
B - 410225 - Pre_DDR_clock_init, End
B - 413610 - DDR Type : PCDDR3
B - 419283 - do ddr sanity test, Start
D - 1067 - do ddr sanity test, Delta
B - 424102 - DDR: Start of HAL DDR Boot Training
B - 428769 - DDR: End of HAL DDR Boot Training
B - 434533 - DDR: Checksum to be stored on flash is 1526580591
B - 444842 - Image Load, Start
D - 223199 - QSEE Image Loaded, Delta - (1371968 Bytes)
B - 668133 - Image Load, Start
D - 61 - SEC Image Loaded, Delta - (0 Bytes)
B - 675819 - Image Load, Start
D - 10736 - DEVCFG Image Loaded, Delta - (26088 Bytes)
B - 686646 - Image Load, Start
D - 22051 - RPM Image Loaded, Delta - (86660 Bytes)
B - 708759 - Image Load, Start
D - 91866 - APPSBL Image Loaded, Delta - (562458 Bytes)
B - 800747 - QSEE Execution, Start
D - 61 - QSEE Execution, Delta
B - 806542 - USB D+ check, Start
D - 0 - USB D+ check, Delta
B - 812947 - SBL1, End
D - 669474 - SBL1, Delta
S - Flash Throughput, 6721 KB/s (2048421 Bytes, 304778 us)
S - DDR Frequency, 466 MHz
S - Core 0 Frequency, 1651 MHz
U-Boot 2016.01 (Jan 25 2021 - 14:55:10 +0000), Build: jenkins-common_router_openwrt_ota_publish-785
DRAM: smem ram ptable found: ver: 1 len: 4
1 GiB
NAND: Could not find nand_gpio in dts, using defaults
ONFI device found
ID = 1590aaef
Vendor = ef
Device = aa
SF: Unsupported flash IDs: manuf ff, jedec ffff, ext_jedec ffff
ipq_spi: SPI Flash not found (bus/cs/speed/mode) = (0/0/48000000/0)
256 MiB
MMC: sdhci: Node Not found, skipping initialization
## Error: flags type check failure for "ethaddr" <= ""00:AA:BB:CC:DD:10"" (type: m)
himport_r: can't insert "ethaddr="00:AA:BB:CC:DD:10"" into hash table
PCI Link Intialized
PCI Link Intialized
In: serial@78B3000
Out: serial@78B3000
Err: serial@78B3000
machid: 8010012
MMC Device 0 not found
bootwait is off, bootdelay=5
Hit any key to stop autoboot: 0
trigger button release!
boot from rootfs 0
miwifi: check crash in rmem !
ubi0: attaching mtd1
ubi0: scanning is finished
ubi0: attached mtd1 (name "mtd=0", size 56 MiB)
ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
ubi0: good PEBs: 448, bad PEBs: 0, corrupted PEBs: 0
ubi0: user volume: 3, internal volumes: 1, max. volumes count: 128
ubi0: max/mean erase counter: 5/0, WL threshold: 4096, image sequence number: 1725579489
ubi0: available PEBs: 0, total reserved PEBs: 448, PEBs reserved for bad PEB handling: 40
Read 0 bytes from volume kernel to 44000000
No size specified -> Using max size (6221824)
## Loading kernel from FIT Image at 44000000 ...
Using 'config@hk14' configuration
Trying 'kernel@1' kernel subimage
Description: ARM64 OpenWrt Linux-4.4.60
Type: Kernel Image
Compression: gzip compressed
Data Start: 0x440000e8
Data Size: 4076183 Bytes = 3.9 MiB
Architecture: AArch64
OS: Linux
Load Address: 0x41080000
Entry Point: 0x41080000
Hash algo: crc32
Hash value: 544e38bb
Hash algo: sha1
Hash value: ffdd46a31f2a5a843645ae6244eea861046e70e4
Verifying Hash Integrity ... crc32+ sha1+ OK
## Loading fdt from FIT Image at 44000000 ...
Using 'config@hk14' configuration
Trying 'fdt@hk14' fdt subimage
Description: ARM64 OpenWrt qcom-ipq807x-hkxx device tree blob
Type: Flat Device Tree
Compression: uncompressed
Data Start: 0x44487e40
Data Size: 86662 Bytes = 84.6 KiB
Architecture: AArch64
Hash algo: crc32
Hash value: 132fb393
Hash algo: sha1
Hash value: e39ed73071388829a5dd2eeed9b8f5b91f843500
Verifying Hash Integrity ... crc32+ sha1+ OK
Booting using the fdt blob at 0x44487e40
Uncompressing Kernel Image ... OK
Loading Device Tree to 4a3e7000, end 4a3ff285 ... OK
Using machid 0x8010012 from environment
Starting kernel ...
Jumping to AARCH64 kernel via monitor
[ 0.000000] Booting Linux on physical CPU 0x0
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 4.4.60 (jenkins@7805891bd76a) (gcc version 5.5.0 (OpenWrt GCC 5.5.0 unknown) ) #0 SMP PREEMPT Mon Jan 25 14:55:10 2021
[ 0.000000] Boot CPU: AArch64 Processor [410fd034]
[ 0.000000] Ignoring memory range 0x40000000 - 0x41000000
[ 0.000000] Machine: Qualcomm Technologies, Inc. IPQ807x/AP-HK14
[ 0.000000] efi: Getting EFI parameters from FDT:
[ 0.000000] efi: UEFI not found.
[ 0.000000] Reserved memory: created DMA memory pool at 0x0000000054800000, size 24 MiB
[ 0.000000] Reserved memory: initialized node dma_pool0@54800000, compatible id shared-dma-pool
[ 0.000000] psci: probing for conduit method from DT.
[ 0.000000] psci: PSCIv1.0 detected in firmware.
[ 0.000000] psci: Using standard PSCI v0.2 function IDs
[ 0.000000] psci: MIGRATE_INFO_TYPE not supported.
[ 0.000000] PERCPU: Embedded 14 pages/cpu @ffffffc03ef4c000 s19224 r8192 d29928 u57344
[ 0.000000] Detected VIPT I-cache on CPU0
[ 0.000000] CPU features: enabling workaround for ARM erratum 845719
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 204624
[ 0.000000] Kernel command line: ubi.mtd=rootfs root=mtd:ubi_rootfs rootfstype=squashfs rootwait swiotlb=1 coherent_pool=2M
[ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[ 0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[ 0.000000] software IO TLB [mem 0x7fe03000-0x7fe43000] (0MB) mapped at [ffffffc03ee03000-ffffffc03ee42fff]
[ 0.000000] Memory: 802476K/831488K available (5660K kernel code, 658K rwdata, 2872K rodata, 228K init, 433K bss, 29012K reserved, 0K cma-reserved)
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vmalloc : 0xffffff8000000000 - 0xffffffbdbfff0000 ( 246 GB)
[ 0.000000] vmemmap : 0xffffffbdc0000000 - 0xffffffbfc0000000 ( 8 GB maximum)
[ 0.000000] 0xffffffbdc0040000 - 0xffffffbdc1000000 ( 15 MB actual)
[ 0.000000] fixed : 0xffffffbffa7fd000 - 0xffffffbffac00000 ( 4108 KB)
[ 0.000000] PCI I/O : 0xffffffbffae00000 - 0xffffffbffbe00000 ( 16 MB)
[ 0.000000] modules : 0xffffffbffc000000 - 0xffffffc000000000 ( 64 MB)
[ 0.000000] memory : 0xffffffc000000000 - 0xffffffc03f000000 ( 1008 MB)
[ 0.000000] .init : 0xffffffc0008d7000 - 0xffffffc000910000 ( 228 KB)
[ 0.000000] .text : 0xffffffc000080000 - 0xffffffc0008d6984 ( 8539 KB)
[ 0.000000] .data : 0xffffffc000920000 - 0xffffffc0009c4a00 ( 659 KB)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
[ 0.000000] Preemptible hierarchical RCU implementation.
[ 0.000000] Build-time adjustment of leaf fanout to 64.
[ 0.000000] NR_IRQS:64 nr_irqs:64 0
[ 0.000000] Architected cp15 timer(s) running at 19.20MHz (virt).
[ 0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x46d987e47, max_idle_ns: 440795202767 ns
[ 0.000005] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every 4398046511078ns
[ 0.000446] Calibrating delay loop (skipped), value calculated using timer frequency.. 38.40 BogoMIPS (lpj=192000)
[ 0.000457] pid_max: default: 32768 minimum: 301
[ 0.000552] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.000561] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.001101] Initializing cgroup subsys io
[ 0.001117] Initializing cgroup subsys memory
[ 0.001146] Initializing cgroup subsys devices
[ 0.001161] Initializing cgroup subsys freezer
[ 0.001171] Initializing cgroup subsys net_cls
[ 0.001181] Initializing cgroup subsys pids
[ 0.001416] EFI services will not be available.
[ 0.001438] ASID allocator initialised with 65536 entries
[ 0.051863] MSM Memory Dump base table set up
[ 0.051883] MSM Memory Dump apps data table set up
[ 0.090061] Detected VIPT I-cache on CPU1
[ 0.090103] CPU1: Booted secondary processor [410fd034]
[ 0.120050] Detected VIPT I-cache on CPU2
[ 0.120077] CPU2: Booted secondary processor [410fd034]
[ 0.150076] Detected VIPT I-cache on CPU3
[ 0.150102] CPU3: Booted secondary processor [410fd034]
[ 0.150153] Brought up 4 CPUs
[ 0.150179] SMP: Total of 4 processors activated.
[ 0.150189] CPU: All CPU(s) started at EL1
[ 0.150212] alternatives: patching kernel code
[ 0.169037] DMI not present or invalid.
[ 0.169292] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.169316] futex hash table entries: 1024 (order: 5, 131072 bytes)
[ 0.169529] pinctrl core: initialized pinctrl subsystem
[ 0.170473] NET: Registered protocol family 16
[ 0.200018] cpuidle: using governor ladder
[ 0.230035] cpuidle: using governor menu
[ 0.230235] NET: Registered protocol family 42
[ 0.230311] vdso: 2 pages (1 code @ ffffffc000925000, 1 data @ ffffffc000924000)
[ 0.230961] DMA: preallocated 2048 KiB pool for atomic allocations
[ 0.231074] CPU: IPQ8072A, SoC Version: 2.0
[ 0.231487] IPC logging disabled
[ 0.231493] IPC logging disabled
[ 0.231498] IPC logging disabled
[ 0.231502] IPC logging disabled
[ 0.231506] IPC logging disabled
[ 0.234061] Soc version is not 1, changing clock offsets
[ 0.242858] irq: no irq domain found for /soc/smp2p-wcss/slave-kernel !
[ 0.245273] irq: no irq domain found for /soc/smp2p-wcss/slave-kernel !
[ 0.248657] sps:sps is ready.
[ 0.254783] spmi spmi-0: PMIC Arb Version-2 (0x20010000)
[ 0.261314] qcom,cpr4-apss-regulator b018000.cpr4-ctrl: CPR valid fuse count: 4
[ 0.267211] kcompactd init
[ 0.269072] pps_core: LinuxPPS API ver. 1 registered
[ 0.269081] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 0.269105] PTP clock support registered
[ 0.269272] dmi: Firmware registration failed.
[ 0.270608] Advanced Linux Sound Architecture Driver Initialized.
[ 0.271254] clocksource: Switched to clocksource arch_sys_counter
[ 0.274492] NET: Registered protocol family 2
[ 0.275124] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[ 0.275232] TCP bind hash table entries: 8192 (order: 5, 131072 bytes)
[ 0.275417] TCP: Hash tables configured (established 8192 bind 8192)
[ 0.275475] UDP hash table entries: 512 (order: 2, 16384 bytes)
[ 0.275512] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[ 0.275688] NET: Registered protocol family 1
[ 0.285740] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 0.286009] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[ 0.289572] io scheduler noop registered
[ 0.289587] io scheduler deadline registered
[ 0.289754] io scheduler cfq registered (default)
[ 0.291667] ipq807x-pinctrl 1000000.pinctrl: pin GPIO_63 already requested by 1000000.pinctrl; cannot claim for soc:pwm
[ 0.291680] ipq807x-pinctrl 1000000.pinctrl: pin-63 (soc:pwm) status -22
[ 0.291691] ipq807x-pinctrl 1000000.pinctrl: could not request pin 63 (GPIO_63) from group gpio63 on device 1000000.pinctrl
[ 0.291700] qca,ipq4019-pwm soc:pwm: Error applying setting, reverse things back
[ 0.292318] 20000000.pci supply vdda not found, using dummy regulator
[ 0.292369] 20000000.pci supply vdda_phy not found, using dummy regulator
[ 0.292429] 20000000.pci supply vdda_refclk not found, using dummy regulator
[ 0.293071] PCI host bridge /soc/pci@20000000 ranges:
[ 0.293098] IO 0x20200000..0x2020ffff -> 0x20200000
[ 0.293112] MEM 0x20220000..0x2fffffff -> 0x20220000
[ 0.542793] qcom-pcie 20000000.pci: link up
[ 0.542938] qcom-pcie 20000000.pci: PCI host bridge to bus 0000:00
[ 0.542953] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 0.542966] pci_bus 0000:00: root bus resource [io 0x0000-0xffff] (bus address [0x20200000-0x2020ffff])
[ 0.542976] pci_bus 0000:00: root bus resource [mem 0x20220000-0x2fffffff]
[ 0.543290] pci 0000:00:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring
[ 0.544209] pci 0000:00:00.0: BAR 8: assigned [mem 0x20400000-0x205fffff]
[ 0.544225] pci 0000:00:00.0: BAR 9: assigned [mem 0x20600000-0x207fffff 64bit pref]
[ 0.544238] pci 0000:00:00.0: BAR 0: assigned [mem 0x20220000-0x20220fff 64bit]
[ 0.544254] pci 0000:00:00.0: BAR 7: assigned [io 0x1000-0x1fff]
[ 0.544268] pci 0000:01:00.0: BAR 0: assigned [mem 0x20400000-0x205fffff 64bit]
[ 0.544317] pci 0000:00:00.0: PCI bridge to [bus 01]
[ 0.544327] pci 0000:00:00.0: bridge window [io 0x1000-0x1fff]
[ 0.544339] pci 0000:00:00.0: bridge window [mem 0x20400000-0x205fffff]
[ 0.544350] pci 0000:00:00.0: bridge window [mem 0x20600000-0x207fffff 64bit pref]
[ 0.544405] PCIe: RC0 enabled during bootup
[ 0.544576] 10000000.pci supply vdda not found, using dummy regulator
[ 0.544618] 10000000.pci supply vdda_phy not found, using dummy regulator
[ 0.544650] 10000000.pci supply vdda_refclk not found, using dummy regulator
[ 0.545193] PCI host bridge /soc/pci@10000000 ranges:
[ 0.545215] IO 0x10200000..0x1020ffff -> 0x10200000
[ 0.545228] MEM 0x10220000..0x1fffffff -> 0x10220000
[ 0.792795] qcom-pcie 10000000.pci: link up
[ 0.792932] qcom-pcie 10000000.pci: PCI host bridge to bus 0001:00
[ 0.792944] pci_bus 0001:00: root bus resource [bus 00-ff]
[ 0.792957] pci_bus 0001:00: root bus resource [io 0x10000-0x1ffff] (bus address [0x10200000-0x1020ffff])
[ 0.792967] pci_bus 0001:00: root bus resource [mem 0x10220000-0x1fffffff]
[ 0.793261] pci 0001:00:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring
[ 0.794611] pci 0001:00:00.0: BAR 8: assigned [mem 0x10300000-0x105fffff]
[ 0.794625] pci 0001:00:00.0: BAR 0: assigned [mem 0x10220000-0x10220fff 64bit]
[ 0.794644] pci 0001:01:00.0: BAR 0: assigned [mem 0x10400000-0x105fffff 64bit]
[ 0.794722] pci 0001:01:00.0: BAR 6: assigned [mem 0x10300000-0x1030ffff pref]
[ 0.794732] pci 0001:00:00.0: PCI bridge to [bus 01]
[ 0.794744] pci 0001:00:00.0: bridge window [mem 0x10300000-0x105fffff]
[ 0.794804] PCIe: RC1 enabled during bootup
[ 0.799534] NET: Registered protocol family 27
[ 0.799545] IPC_RTR: ipc_router_create_log_ctx: IPC Logging disabled
[ 0.799558] qmi_log_init: IPC Logging disabled
[ 0.799563] qmi_log_init: IPC Logging disabled
[ 0.799652] msm_rpm_log_probe: OK
[ 0.799986] msm-dcc b3000.dcc: DCC XPU is not specified
[ 0.800230] msm-dcc b3000.dcc: jiffies_64: 0xffff8b1f, cntvct_64: 0x55b1e9f
[ 0.800242] msm-dcc b3000.dcc: gcnt_hi: 0x00000000(0xffffff800059a004)
[ 0.800253] msm-dcc b3000.dcc: gcnt_lo: 0x055b2065(0xffffff800059a000)
[ 0.800815] TZ SMMU State: SMMU Stage2 Enabled
[ 0.800896] TZ Log : Will warn on Access Violation, as paniconaccessviolation is not set
[ 0.802458] msm_serial 78b3000.serial: msm_serial: detected port #0
[ 0.802499] msm_serial 78b3000.serial: uartclk = 3686400
[ 0.802535] 78b3000.serial: ttyMSM0 at MMIO 0x78b3000 (irq = 78, base_baud = 230400) is a MSM
[ 0.802554] msm_serial: console setup on port #0
[ 1.806626] console [ttyMSM0] enabled
[ 1.811628] msm_serial: driver initialized
[ 1.815140] msm_serial_hsl_init: driver initialized
[ 1.827477] brd: module loaded
[ 1.828111] spi_qup 78b5000.spi: IN:block:16, fifo:64, OUT:block:16, fifo:64
[ 1.830902] m25p80 spi32766.0: unrecognized JEDEC id bytes: ff, ff, ff
[ 1.837458] QPIC controller hw version Major:1, Minor:5
[ 1.843284] nand: device found, Manufacturer ID: 0xef, Chip ID: 0xaa
[ 1.848086] nand: ONFI 10-Compliant Winbond W29N02GZ
[ 1.854725] nand: 256 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64
[ 1.859735] 25 ofpart partitions found on MTD device qcom_nand.0
[ 1.867022] Creating 25 MTD partitions on "qcom_nand.0":
[ 1.873184] 0x000000000000-0x000000100000 : "0:SBL1"
[ 1.880072] 0x000000100000-0x000000200000 : "0:MIBIB"
[ 1.884907] 0x000000200000-0x000000280000 : "0:BOOTCONFIG"
[ 1.889454] 0x000000280000-0x000000300000 : "0:BOOTCONFIG1"
[ 1.894840] 0x000000300000-0x000000600000 : "0:QSEE"
[ 1.902184] 0x000000600000-0x000000900000 : "0:QSEE_1"
[ 1.907374] 0x000000900000-0x000000980000 : "0:DEVCFG"
[ 1.910482] 0x000000980000-0x000000a00000 : "0:DEVCFG_1"
[ 1.915603] 0x000000a00000-0x000000a80000 : "0:APDP"
[ 1.921053] 0x000000a80000-0x000000b00000 : "0:APDP_1"
[ 1.926011] 0x000000b00000-0x000000b80000 : "0:RPM"
[ 1.930942] 0x000000b80000-0x000000c00000 : "0:RPM_1"
[ 1.935723] 0x000000c00000-0x000000c80000 : "0:CDT"
[ 1.940917] 0x000000c80000-0x000000d00000 : "0:CDT_1"
[ 1.945632] 0x000000d00000-0x000000d80000 : "0:APPSBLENV"
[ 1.950841] 0x000000d80000-0x000000e80000 : "0:APPSBL"
[ 1.956604] 0x000000e80000-0x000000f80000 : "0:APPSBL_1"
[ 1.961668] 0x000000f80000-0x000001000000 : "0:ART"
[ 1.966726] 0x000001000000-0x000001080000 : "bdata"
[ 1.971327] 0x000001080000-0x000001100000 : "crash"
[ 1.976194] 0x000001100000-0x000001180000 : "crash_syslog"
[ 1.981044] 0x000001180000-0x000004980000 : "rootfs"
[ 2.027388] mtd: device 21 (rootfs) set to be root filesystem
[ 2.027643] mtdsplit: no squashfs found in "rootfs"
[ 2.032133] 0x000004980000-0x000008180000 : "rootfs_1"
[ 2.078785] 0x000008180000-0x000008280000 : "cfg_bak"
[ 2.080281] 0x000008280000-0x000010000000 : "overlay"
[ 2.176698] libphy: Fixed MDIO Bus: probed
[ 2.397381] qca-mdio 90000.mdio: Skip reset GPIO 44
[ 2.397409] qca-mdio 90000.mdio: Could not find phy-reset-gpio
[ 2.401150] libphy: qca_mdio: probed
[ 2.407363] mdio_bus 90000.mdio: registered phy ethernet-phy at address 0
[ 2.410899] mdio_bus 90000.mdio: registered phy ethernet-phy at address 1
[ 2.417613] mdio_bus 90000.mdio: registered phy ethernet-phy at address 2
[ 2.424385] mdio_bus 90000.mdio: registered phy ethernet-phy at address 3
[ 2.431102] mdio_bus 90000.mdio: registered phy ethernet-phy at address 24
[ 2.437733] qca-mdio 90000.mdio: qca-mdio driver was registered
[ 2.444685] Unable to create IPC log context!
[ 2.450531] Skip QCA8074V1 in V2 platform
[ 2.455068] cnss[2]: INFO: Platform driver probed successfully. plat ffffffc03cf08018 tgt 0xfffe
[ 2.458963] cnss[27]: INFO: Platform driver probed successfully. plat ffffffc03cf18018 tgt 0x1104
[ 2.468113] i2c /dev entries driver
[ 2.479382] emc2305 1-002f: hwmon0: sensor 'emc2305'
[ 2.486800] device-mapper: ioctl: 4.34.0-ioctl (2015-10-28) initialised: dm-devel@redhat.com
[ 2.487261] sdhci: Secure Digital Host Controller Interface driver
[ 2.494325] sdhci: Copyright(c) Pierre Ossman
[ 2.500288] sdhci-pltfm: SDHCI platform and OF driver helper
[ 2.505457] qcom_ice_get_device_tree_data: No vdd-hba-supply regulator, assuming not needed
[ 2.510502] ICE IRQ = 81
[ 2.519041]
[ 2.519041] Version Rollback Feature Disabled
[ 2.523855] remoteproc remoteproc0: releasing cd00000.qcom_q6v5_wcss
[ 2.528165] SPMI VADC - Min ch: 0 Max ch: 15
[ 2.535507] of_graph_get_next_endpoint(): no port node found in /soc/csr@6001000
[ 2.537789] coresight-csr 6001000.csr: CSR initialized
[ 2.545284] of_graph_get_next_endpoint(): no port node found in /soc/cti@6010000
[ 2.550195] of_graph_get_next_endpoint(): no port node found in /soc/cti@6011000
[ 2.557756] of_graph_get_next_endpoint(): no port node found in /soc/cti@6012000
[ 2.565130] of_graph_get_next_endpoint(): no port node found in /soc/cti@6013000
[ 2.572499] of_graph_get_next_endpoint(): no port node found in /soc/cti@6014000
[ 2.579867] of_graph_get_next_endpoint(): no port node found in /soc/cti@6015000
[ 2.587257] of_graph_get_next_endpoint(): no port node found in /soc/cti@6016000
[ 2.594636] of_graph_get_next_endpoint(): no port node found in /soc/cti@6017000
[ 2.602014] of_graph_get_next_endpoint(): no port node found in /soc/cti@6018000
[ 2.609379] of_graph_get_next_endpoint(): no port node found in /soc/cti@6019000
[ 2.616776] of_graph_get_next_endpoint(): no port node found in /soc/cti@601a000
[ 2.624149] of_graph_get_next_endpoint(): no port node found in /soc/cti@601b000
[ 2.631529] of_graph_get_next_endpoint(): no port node found in /soc/cti@601c000
[ 2.638890] of_graph_get_next_endpoint(): no port node found in /soc/cti@601d000
[ 2.646287] of_graph_get_next_endpoint(): no port node found in /soc/cti@601e000
[ 2.653670] of_graph_get_next_endpoint(): no port node found in /soc/cti@601f000
[ 2.661025] of_graph_get_next_endpoint(): no port node found in /soc/cti@6198000
[ 2.668428] of_graph_get_next_endpoint(): no port node found in /soc/cti@6199000
[ 2.675809] of_graph_get_next_endpoint(): no port node found in /soc/cti@619a000
[ 2.683199] of_graph_get_next_endpoint(): no port node found in /soc/cti@619b000
[ 2.690559] of_graph_get_next_endpoint(): no port node found in /soc/cti@610c000
[ 2.698103] sps_register_bam_device : unable to create IPC Logging 0 for bam 0x0000000006044000
[ 2.705169] sps_register_bam_device : unable to create IPC Logging 1 for bam 0x0000000006044000sps_register_bam_device : unable to create IPC Logging 2 for bam 0x0000000006044000
[ 2.722264] sps_register_bam_device : unable to create IPC Logging 3 for bam 0x0000000006044000sps_register_bam_device : unable to create IPC Logging 4 for bam 0x0000000006044000
[ 2.738149] sps:BAM 0x0000000006044000 is registered.[ 2.745921] coresight-tmc 6028000.tmc: TMC initialized
[ 2.750612] coresight-tmc 6027000.tmc: TMC initialized
[ 2.755756] coresight-funnel 6021000.funnel: FUNNEL initialized
[ 2.760764] coresight-funnel 6100000.funnel: FUNNEL initialized
[ 2.766601] coresight-funnel 6120000.funnel: FUNNEL initialized
[ 2.772498] coresight-funnel 6130000.funnel: FUNNEL initialized
[ 2.778403] coresight-funnel 61a1000.funnel: FUNNEL initialized
[ 2.784806] coresight-etm4x 619c000.etm: ETM 4.0 initialized
[ 2.790441] coresight-etm4x 619d000.etm: ETM 4.0 initialized
[ 2.796371] coresight-etm4x 619e000.etm: ETM 4.0 initialized
[ 2.802019] coresight-etm4x 619f000.etm: ETM 4.0 initialized
[ 2.807413] coresight-replicator-qcom 6026000.replicator: REPLICATOR 1.0 initialized
[ 2.813172] coresight-stm 6002000.stm: STM initialized
[ 2.821761] of_graph_get_next_endpoint(): no port node found in /soc/hwevent@6101000
[ 2.825567] coresight-hwevent 6101000.hwevent: Hardware Event driver initialized
[ 2.836033] Netfilter messages via NETLINK v0.30.
[ 2.840776] ip_set: protocol 6
[ 2.846357] NET: Registered protocol family 10
[ 2.849000] NET: Registered protocol family 17
[ 2.852777] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
[ 2.857184] Bridge firewalling registered
[ 2.869924] 8021q: 802.1Q VLAN Support v1.8
[ 2.874379] page_owner is disabled
[ 2.878691] qcom,cpr4-apss-regulator b018000.cpr4-ctrl: CPR valid fuse count: 4
[ 2.881509] pmd9655_s3: supplied by e-smps1-reg
[ 2.888652] cpr4_ipq807x_apss_read_fuse_data: apc_corner: speed bin = 0
[ 2.893013] cpr4_ipq807x_apss_read_fuse_data: apc_corner: CPR fusing revision = 1
[ 2.899597] cpr4_ipq807x_apss_read_fuse_data: apc_corner: CPR misc fuse value = 0
[ 2.907272] cpr4_ipq807x_apss_read_fuse_data: apc_corner: Voltage boost fuse config = 0 boost = disable
[ 2.914786] cpr3_mem_acc_init: apc: not using memory accelerator regulator
[ 2.923915] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused SVS: open-loop= 712000 uV
[ 2.930850] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused NOM: open-loop= 848000 uV
[ 2.940844] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused TURBO: open-loop= 912000 uV
[ 2.950653] cpr4_ipq807x_apss_calculate_open_loop_voltages: apc_corner: fused STURBO: open-loop=1024000 uV
[ 2.960522] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused SVS: quot[ 7]= 707, quot_offset[ 7]= 0
[ 2.970275] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused NOM: quot[ 7]= 974, quot_offset[ 7]= 265
[ 2.981125] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused TURBO: quot[ 7]=1084, quot_offset[ 7]= 110
[ 2.992063] cpr4_ipq807x_apss_calculate_target_quotients: apc_corner: fused STURBO: quot[ 7]=1285, quot_offset[ 7]= 200
[ 3.003129] cpr3_regulator_init_ctrl: apc: Default CPR mode = closed-loop
[ 3.015134] cpufreq: cpufreq_online: CPU0: Running at unlisted freq: 800000 KHz
[ 3.020839] cpufreq: cpufreq_online: CPU0: Unlisted initial frequency changed to: 1017600 KHz
[ 3.029349] qcom-q6v5-wcss-pil cd00000.qcom_q6v5_wcss: ssr registeration success qcom_q6v5_wcss
[ 3.036558] remoteproc remoteproc0: cd00000.qcom_q6v5_wcss is available
[ 3.045285] ubi0: attaching mtd21
[ 3.208013] random: nonblocking pool is initialized
[ 3.260914] ubi0: scanning is finished
[ 3.265786] ubi0: attached mtd21 (name "rootfs", size 56 MiB)
[ 3.265804] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[ 3.270500] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[ 3.277276] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
[ 3.284132] ubi0: good PEBs: 448, bad PEBs: 0, corrupted PEBs: 0
[ 3.290896] ubi0: user volume: 3, internal volumes: 1, max. volumes count: 128
[ 3.297153] ubi0: max/mean erase counter: 5/0, WL threshold: 4096, image sequence number: 1725579489
[ 3.304188] ubi0: available PEBs: 0, total reserved PEBs: 448, PEBs reserved for bad PEB handling: 40
[ 3.313483] ubi0: background thread "ubi_bgt0d" started, PID 121
[ 3.314498] hctosys: unable to open rtc device (rtc0)
[ 3.332762] crash_kernel_init, res rsvd1, 56000000, 400000, /reserved-memory/rsvd1@56000000
[ 3.333611] mtd dev crash, size 0x80000
[ 3.342420] crash_kernel_init, crash init, res->start:56000000,crash_buf:0xffffff800dd00000,crash_buf_len 0x7ffe4, crash_avail_sz 0x80000
[ 3.346206] Crash kernel dumper registered ok!
[ 3.358871] crash_syslog_init, res rsvd2, 56400000, 400000, /reserved-memory/rsvd2@56400000
[ 3.363386] mtd dev crash_syslog, size 0x80000
[ 3.372366] crash_syslog_init, crash init, crash_buf_len 0x3ffe4, crash_avail_sz 0x40000
[ 3.376675] Crash syslog dumper register ok!
[ 3.385118] pmd9655_ldo11: disabling
[ 3.389750] ALSA device list:
[ 3.393066] No soundcards found.
[ 3.397912] VFS: Mounted root (squashfs filesystem) readonly on device 31:26.
[ 3.399323] Freeing unused kernel memory: 228K (ffffffc0008d7000 - ffffffc000910000)
[ 3.406469] Freeing alternatives memory: 44K (ffffffc000910000 - ffffffc00091b000)
[ 3.661287] init: Console is alive
[ 3.661372] init: - watchdog -
[ 4.473287] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[ 4.486242] usbcore: registered new interface driver usbfs
[ 4.486283] usbcore: registered new interface driver hub
[ 4.490673] usbcore: registered new device driver usb
[ 4.497151] Button Hotplug driver version 0.4.1
[ 4.502778] SCSI subsystem initialized
[ 4.510133] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 4.510467] ehci-platform: EHCI generic platform driver
[ 4.521715] msm-usb-ssphy-qmp 78000.ssphy: Initializing QMP phy
[ 4.528389] msm-usb-ssphy-qmp 78000.ssphy: QMP PHY initialization timeout
[ 4.528410] msm-usb-ssphy-qmp 78000.ssphy: USB3_PHY_PCS_STATUS:68686868
[ 4.737118] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
[ 4.737152] xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 1
[ 4.741655] xhci-hcd xhci-hcd.0.auto: hcc params 0x0220fe65 hci version 0x110 quirks 0x00010010
[ 4.749074] xhci-hcd xhci-hcd.0.auto: irq 211, io mem 0x08a00000
[ 4.758020] hub 1-0:1.0: USB hub found
[ 4.763983] hub 1-0:1.0: 1 port detected
[ 4.767663] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
[ 4.771617] xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 2
[ 4.776931] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM.
[ 4.784688] hub 2-0:1.0: USB hub found
[ 4.792802] hub 2-0:1.0: 1 port detected
[ 4.798104] ipq807x-pinctrl 1000000.pinctrl: pin GPIO_63 already requested by 1000000.pinctrl; cannot claim for soc:leds
[ 4.800440] ipq807x-pinctrl 1000000.pinctrl: pin-63 (soc:leds) status -22
[ 4.811308] ipq807x-pinctrl 1000000.pinctrl: could not request pin 63 (GPIO_63) from group gpio63 on device 1000000.pinctrl
[ 4.817975] leds-gpio soc:leds: Error applying setting, reverse things back
[ 4.830585] usbcore: registered new interface driver usb-storage
[ 4.836056] kmodloader: done loading kernel modules from /etc/modules-boot.d/*
[ 4.852051] init: - preinit -
[RESTORE-DEBUG-INFO] Enter preinit
[RESTORE-DEBUG-INFO] preinit_main=define_default_set_state do_sysinfo_generic do_ipq806x preinit_ip pi_indicate_preinit failsafe_wait restore_nvram run_failsafe_hook indicate_regular_preinit initramfs_test do_mount_root do_load_ipq4019_board_bin do_urandom_seed do_mount_bind_etc run_init
[RESTORE-DEBUG-INFO] Enter define_set_state
[RESTORE-DEBUG-INFO] Enter fs_wait_for_key no failsafe
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
[RESTORE-DEBUG-INFO] Enter restore_nvram, restore is 0
[RESTORE-DEBUG-INFO] Enter mount_root
[ 8.122765] UBIFS (ubi0:2): background thread "ubifs_bgt0_2" started, PID 181
[ 8.149934] UBIFS (ubi0:2): recovery needed
[ 8.184899] UBIFS (ubi0:2): recovery completed
[ 8.184951] UBIFS (ubi0:2): UBIFS: mounted UBI device 0, volume 2, name "rootfs_data"
...
3 Likes
Awesome, no mention of secure anything.
It also reveals the reference board design, HK14, and that both PCI slots are actually used.
Fan controller confirmed also.
Can you run lspci to see if there is actually something connected to the PCI except for the IoT radio?
2 Likes
Yes, however, UART RX is locked just like on them other Xiaomi devices. Will have to try whether or not the same kind of trick works here...
Yeah, that is always like that by default.
I am sure that there is some kind of vulnerability in the stock FW, especially web UI where it will execute commands without sanityzing first.
1 Like
).Thanks.
Anybody knows if Xiaomi signs and checks the FW signature when updating?
i think yes but wonder if that can be bypassed with some special flag passed to the ui.
Well, as soon as it arrives its gonna be fun time searching for exploits.
3 Likes
Yeah, exploit hunting is usually a real fun.
2 Likes
Imagine someone who read this topic and read the last posts...
Wow these guy are having lots of fun....
YHEA SURE...
3 Likes
Finding exploits in stock FW is fun, debugging memory leaks not so much.
@Ansuel You posted the memory debug patch before.
I cant find it, any chance you can repost it?
1 Like
@robimarko I just did the PR, the mac-address-mess is still not fixed but I am starting to work on the RBK850 now so I wanted to get this one out of the way for now. Let's see how far I come on that one without asking for help 
Shouldn't be too hard, it's also HK01 based.
Any idea why the default-on for the i2c-LED stuff in my DTS is not working?
Guess you mean this?