Installing on TP-Link EAP120

I'm trying to install the v17 final on my EAP 120, but every time I get the error bad file.

Is there a way to sign the build or to flash it by an other way or to ignore the check on the access point?

I also read the other topic here but it does not helped me because the Download of the older firmware is only for the US version and I have the EU version.



The firmware UN over is supposed to be for EU versions (this site is from France and should only propose EU compatible versions). What country specifically are you looking for?

What tipped me that UN version could be the unlocked release is the comment for firmware EAP120(EU)_V1_160405:

You cannot downgrade to UN firmware with cluster mode anymore but can only upgrade to EU firmware after update.

I have an EU Version AP.

I have tried a bit more and I'm think after the EAP120(EU)_V1_160405 Version all firmware are singend, because when I unpack the zip archive the newer version of firmware ends like this "up_signed.bin".

I think I need to get a console access and look if there it is possible to flash without signed firmware.

If you connect a serial console cable and watch the output on that while installing LEDE via the web interface, you will see the following message on the console;

[utilities_error: swCheckFirm:349]file have not signed, Rsa verify failed

The "EU" firmware version includes an RSA Signature section that the (already installed) "EU" firmware verifies before it will flash any firmware onto the box.

I have been involved in a lengthy conversation with TP-Link support. During which they have stated that "we [TP-Link] don't have any block towards third party firmware" but refuse to give any information on their handing of the RSA signature. This seems rather contradictory to me. It also seems in conflict with last year's (August 2016) FCC Consent Decree ( in which TP-Link where instructed "..As part of the Consent Decree, TP-Link agrees to investigate software and hardware solutions that would enable customers to install and operate third-party firmware on TP-Link routers..."

1 Like

Latest statement from TP-Link;

I confirmed that when importing firmware to our EAP products via web Interface, SSH or serial port, it will require RSA signature. The only way to use the third party firmware is to burn the firmware to the device using specific burning machine.

As well, I got statement from our Certification Team that the FCC doesn’t forbidden the device to use third party firmware if the firmware compliant to the FCC U-NII security requirement. But it doesn’t means that the TP-LINK products MUST allow the third party firmware.

So that means they DO block Third Party Firmware!

This is a worrying trend in TP-Link and UBNT.

We are into creative interpretation from TP-Link here. They cannot investigate forever, it is certainly not what the legislator meant. Maybe the owners of TP-Link EAP120 should file a complain at FCC for they are not respecting their agreement.

If we discuss that further, I suggest that you start another thread on this topic - we are drifting off a bit :wink:

We are not going to get into filling a FCC complaint (we're not even in the US anyway), we will just buy hardware from elsewhere.