IPQ807x SoC Investigation / Status [WIP]

Is it EU firmware or just google translate?

BTW nice network name :wink:


Wow, how you get that version?

global firmware check system version on the pic

Con you extract the firmware, or sniff which server is contacted for FW update?


i have CN version

some bought from this seller and got the global version

I have the CN version too, i want to convert it to international version


Not sure where we can download the international firmware

At the moment is not possible download the international firmware version.

is it possible to do that without SSH access ?

sniffing address of xiaomi update server using wireshark may be enough

EDIT: it's even easier, if You have pending update just go to;stok=<stok>/api/xqsystem/check_rom_update

BTW maybe let's stop offtopic, and move to new thread dedicated to INT firmware


I have seen this PDF regarding to development board of IPQ807x:

on the last page I've seen the following text:
"1. OpenWRT SDK is available without any technical support by Compex unless otherwise stated."

is this sdk could help to develop an openwrt for these 807x devices (and specifically AX3600) ? is this SDK open sourced?


What they euphemistically call "OpenWRT SDK" is just the QSDK, Qualcomm's DSK which forms the basis for the various vendor firmwares (kernel 4.4.60 based, with proprietary wireless drivers and a load of patches). While it does contain the required stuff for the devboard (hk01 "hawkeye"), it doesn't contain anything for the individual routers manufactured by other vendors (it's a one-way road, vendors get the QSDK to build their firmware - adapted to their hardware (which is only loosely based on the example implementations from QCA) and with their webinterface/ specialties on top).

What would help, is a GPL tarball for the ax3600 from Xiaomi.


Ok, thanks.

Does Xiaomi usually share their GPL ? And id they don't how people manages to add support to other routers such as mi 3g?

1 Like

I doubt that they are proprietary. They are more likely in a not upsteamable shape...

I might have distinguished this a bit, but the kernel still contains proprietary bits and pieces:

# ./kernel-chktaint 
Kernel is "tainted" for the following reasons:
 * proprietary module was loaded (#0)
For a more detailed explanation of the various taint flags see
 Documentation/admin-guide/tainted-kernels.rst in the the Linux kernel sources
 or https://kernel.org/doc/html/latest/admin-guide/tainted-kernels.html
Raw taint value as int/string: 1/'P                 '

I'm playing with a Netgear RAX120 and an image from https://github.com/BuzzBumbleBee/openwrt/tree/ax3600
I just copied the dts, changed the partitions and disabled the pci@20000000 (otherwise there is a reset during the pci initialisation)
The image boots fine, ethernet works.
But the q6 remoteproc never comes up, there's only a timeout:

remoteproc remoteproc0: powering up cd00000.q6v5_wcss
[    6.955872] remoteproc remoteproc0: Booting fw image IPQ8074/q6_fw.mdt, size 668
[   12.322174] qcom-q6v5-wcss-pil cd00000.q6v5_wcss: start timed out
[   12.322201] remoteproc remoteproc0: can't start rproc cd00000.q6v5_wcss: -110
[   12.327260] ath11k c000000.wifi: failed to boot the remote processor Q6
[   12.334365] ath11k c000000.wifi: failed to power up :-110
[   12.340820] qrtr-ns : got packet
[   12.340821] qrtr-ns : got packet del
[   12.354191] ath11k c000000.wifi: failed to create soc core: -110
[   12.356819] ath11k c000000.wifi: failed to init core: -110
[   12.362891] ath11k: probe of c000000.wifi failed with error -110

I used the q6_fw images from the netgear gpl dump (there is a qca...tgz file in the dl directory) and i tried the ones from https://github.com/lh462/ipq8074

I was also trying the images from https://github.com/kvalo/ath11k-firmware, but it looks like those are only for ipq8074 HW 2.0 devices.
So i get a watchdog regarding a version mismatch between the HW version (1) and the FW version (2)

The ipq8074 in the RAX120 is HW revision 1 i believe.

The only difference to the bootup in QSDK is that first the m3 remoteproc is booting and then afterwards the q6 remoteproc.

Any ideas why the remoteproc is not booting up?


It's most likely because of v1 HW, I doubt that it will ever be supported.
v1 was pretty much just for evaluation, I doubt that ath11k would work with RAX120 then.

It's really weird that Netgear still uses v1 HW, I thought that Qualcomm was not manufacturing it at all.

1 Like

hmm, that's a pity :frowning:

I agree.
Hopefully Qualcomm will support it outside of QSDK soon