IPQ807x SoC Investigation / Status [WIP]

Just wondering that now when IPQ807x generic work for the xiaomi ax3600 by @Ansuel and @robimarko is getting finalised, how how much of the initial RAX120 DTS by @kirdes from Dec 2020 would still be applicable after the new changes.

(I have one of the old V1 RAX120s which might be in trouble with wifi, but might work at least otherwise)

think there are little to no possibility the rax120v1 will have working wifi... don't know about switch tho

WLAN support chance is pretty much none as IPQ8074 v1 lacks a lot of 802.11ax features and ath11k only supports the v2 model.

Other things should work but the clock driver needs to be patched, honestly I see no point in getting a v1 model these days.
I dont even know how were they even getting v1 SoC-s since those were replaced by v2 in 2019.

I also have RAX120v1, currently getting dust :slight_smile:
There is a Netgear OpenSourced version published of their firmware (https://www.downloads.netgear.com/files/GPL/RAX120v2-V1.2.0.16_gpl_src.tar.bz2.zip) - maybe there will be some answers?

I picked up a ruckus R750, running the quite nice Unleashed firmware ruckus has now. Obtained root on it and notice it's an IPQ8074 v2 - would output or anything from this help anyone here? They have quite a lot of nice utilities bundled on here, and I even see references to openwrt in several places, although that may just be the FIT image default section names they didn't bother changing

## Loading kernel from FIT Image at 440000a0 ...
   Using 'config@3' configuration
   Trying 'kernel@1' kernel subimage
     Description:  ARM OpenWrt Linux-4.4.60
     Type:         Kernel Image
     Compression:  uncompressed
     Data Start:   0x44000184
     Data Size:    3059360 Bytes = 2.9 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x42008000
     Entry Point:  0x42008000
     Hash algo:    crc32
     Hash value:   c0593b29
     Hash algo:    sha1
     Hash value:   2a10e046a2421c5b20de4ecbf1469835bd104dff
   Verifying Hash Integrity ... crc32+ sha1+ OK
## Loading fdt from FIT Image at 440000a0 ...
   Using 'config@3' configuration
   Trying 'fdt@3' fdt subimage
     Description:  ARM OpenWrt Ruckus-Akronite-DTB device tree blob
     Type:         Flat Device Tree
     Compression:  uncompressed
     Data Start:   0x44313fd4
     Data Size:    81652 Bytes = 79.7 KiB
     Architecture: ARM
     Hash algo:    crc32
     Hash value:   2e9331bd
     Hash algo:    sha1
     Hash value:   3f2294bd13d8eacb5f0dfbeb6c8179f8de9a2a55

Here's the console boot output, commands available, u-boot env etc

1 Like

ipq807x target support is still in rather early development (follow Adding OpenWrt support for Xiaomi AX3600 for the details) and it will need more work before ipq8074a gets covered (before you can really look into device support), but it's rather promising.


@robimarko / @Ansuel is it worth using this thread to track ipq807X generic work (ath11k / offloading ect) ?

We now how 3 devices with support in progress, (AX3600 / AX6 / AX9000).

I'm still at a loss with ath11k :frowning:

1 Like

Sure, we can do that.
I just liked having everything in the same place

1 Like

Yeah I fear that information will start to become split between threads, but wasn't an issue when it was just the ax3600

yes think that this is the right place for ath11k and offload

Agreed, we should move the generic IPQ807x discussion here.

1 Like

@Ansuel / @robimarko did we see the ath11k leaks as soon as the module is loaded (not associated with an AP) ?

If so (please tell me if this is stupid) my plan tomorrow is to track every WMI TX and RX (I think @Ansuel suggested it before) and see what's going on while not associated with an AP (to reduce noise) and see if there is an obvious discrepancies

I guess you could introduce counters to every allocation and freeing so you know if there's really stuff not freed. Maybe print the counters on every 50th or 100th call or so to lower the impact on performance

I dont think it's leaking without the radio being up broadcasting something, that was my experience.
If it is leaking without AP then its doing it extremely slowly.

beacon transmission or some channel scan ?

No clue, I just had it broadcasting an SSID by default as without it it would not leak

i remember there were some leak also without any ap connected. Just the ssid broadcasting

Yes, that is what I mean, simply broadcasting you dont have to have a client at all.

@Ansuel Does encap/decap offload works without NSS?
I tested with my iPhone 11 and it quickly deauth/dissociate right after it was connected

encap is already implemented by default
decap currently works only with no enc wifi