Netgear R6850: very low transmit power on 5GHz

I'm going out on a limb here, but that data seems to be extracted from flash at boot time. It's expected at a certain location that is predefined in your device's DTS. I have an R6800 (all MT7615 wireless) and EEPROM is read into /sys (a virtual filsesystem):

# find / -name "*mtd-eeprom*"
/sys/firmware/devicetree/base/pcie@1e140000/pcie@0,0/wifi@0,0/mediatek,mtd-eeprom
/sys/firmware/devicetree/base/pcie@1e140000/pcie@1,0/wifi@0,0/mediatek,mtd-eeprom

I don't know if you could try overwriting any of those files would work, but it's worth a try - I think you need the phy0/pcie@0,0 ones since it's your first radio from what I can see (log says 0000:01:00:0 for mt7615e and 0000:01:00:0 for the MT7603 radio).

Your device is indeed very similar to the R6350 and R6260, they all share the DTS with your R6850 though so while you could try those images, it probably wouldn't make a difference.

The DTS points to the factory partition, looks like that is mtd5 (counting starts at 0):

Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.336284] 7 fixed-partitions partitions found on MTD device mt7621-nand
Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.349814] Creating 7 MTD partitions on "mt7621-nand":
Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.360231] 0x000000000000-0x000000100000 : "u-boot"
Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.371593] 0x000000100000-0x000000200000 : "SC PART_MAP"
Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.383668] 0x000000200000-0x000000600000 : "kernel"
Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.394835] 0x000000600000-0x000002e00000 : "ubi"
Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.405880] 0x000002e00000-0x000004600000 : "reserved0"
Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.417905] 0x000004600000-0x000004800000 : "factory"
Thu Mar 11 19:38:50 2021 kern.notice kernel: [    2.429357] 0x000004800000-0x000008000000 : "reserved1"

And your DTS says this:

&pcie0 {
       wifi@0,0 {
               compatible = "mediatek,mt76";
               reg = <0x0 0 0 0 0>;
               mediatek,mtd-eeprom = <&factory 0x8000>;
               ieee80211-freq-limit = <5000000 6000000>;
       };
};

So either the offset's wrong (factory is the right partition) or there's something else going on. Was transmit power for the 5 GHz radio OK at any point for you on OpenWrt? Or has it always been low?

I have no idea how EEPROM data is supposed to look, so I can't help you with that. For my R6800 the 5 GHz radio has its EEPROM data sitting at 0x8000 as well and mine's working. I ran hexdump on an mtd5 dump here (factory partition is mtd5 as well) and it shows this:


$ hexdump -C mtd5 |grep 0008000
00008000  15 76 a0 00 8c 3b ad ef  ef 5d 15 76 c3 14 00 80  |.v...;...].v....|

Left is the address and I think the two blocks after that are the radio type (15 76, ie MT7615). You copy the contents of your partition like this so you can safely manipulate it:

$ ssh root@$router_ip "cat /dev/mtd5" > mtd5

You'll get an 'mtd5' blob in your working dir then on which you can run hexdump etc.

1 Like