Outdated Cypress/Infineon brcmfmac firmware for Raspberry Pi 4 in OpenWrt 21.02.1

tl;dr: Are there plans to update the aging brcmfmac43455-sdio (version 7.45.206 dated Mar 23, 2020) in OpenWrt, and is it safe to use given Kr00k, FragAttacks and other vulnerabilities announced since the Mar 2020 firmware date? If not, will the latest version from Cypress/Infineon (7.45.234) or RPi-Distro (7.45.241) work if updated in OpenWrt manually (on the Raspberry Pi 4B)?

I've recently started using OpenWrt with a Raspberry Pi 4B (BCM2711 64-bit) configured in dumb AP mode. So far it's working fine.

However, the firmware loaded for the BCM43455 (CYW43455) wireless chip (brcmfmac43455-sdio) is version 7.45.206 dated Mar 23, 2020. Now it's nearly 2 years old and may have restrictions, bugs, and possibly security vulnerabilities that have been fixed in more recent versions released by Cypress/Infineon. As far as I can tell, the latest firmware release is from May 2021:

Chip: 43455
File: firmware/cyfmac43455-sdio.bin
Version: 7.45.234
2021_0520 Release

And Raspberry Pi OS (Bullseye) seems to incorporate the following, likely with platform-specific customizations:

desc: Cypress CYW43455-SDIO firmware
version: 7.45.241

But the Master branch of OpenWrt still lists the older version, pulled from the forums, which makes me wonder when OpenWrt will change the version (and perhaps the PKG_SOURCE_URL to Infineon's Github?):


It seems like updating the firmware manually is possible just by replacing the firmware files in /lib/firmware/brcm, but SHOULD I DO IT? Are there technical compatibility issues with OpenWrt and the later versions of the firmware, assuming they've been tested? Would it be best to use the Infineon firmware or the Raspberry Pi specific version from RPi-Distro?

I've also heard there may be licensing reasons preventing use of the latest firmware in OpenWrt. Not sure if that's true for the 43455 chip.

I'm new to Linux development, and I'm trying to piece all this together from info on webpages and forums.

I may be missing something obvious, but I just wanted confirmation that it's safe to continue using my AP.

BTW, I'd like to stick with OpenWrt stable, release builds only, or build my own if absolutely necessary to package firmware that's not vulnerable. I'd prefer not to switch to DD-WRT just to get better Cypress/Infineon firmware support as suggested here, though, that may be ending anyway.

Thanks in advance for your time/help.

Yes. See my comment within this issue: