An opensource OpenWrt variant for mainland China users.

Go to file

Tan Zien 52186f8d22 firmware: intel-microcode: update to 20210608 intel-microcode (3.20210608.2) * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and debian/changelog (3.20210608.1). intel-microcode (3.20210608.1) * New upstream microcode datafile 20210608 (closes: #989615) * Implements mitigations for CVE-2020-24511 CVE-2020-24512 (INTEL-SA-00464), information leakage through shared resources, and timing discrepancy sidechannels * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465), Domain-bypass transient execution vulnerability in some Intel Atom Processors, affects Intel SGX. * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel VT-d privilege escalation * Fixes critical errata on several processors * New Microcodes: sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104 sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648 sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648 sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048 sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208 sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328 sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456 sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456 sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352 * Updated Microcodes: sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816 sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456 sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472 sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744 sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864 sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720 sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720 sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648 sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576 sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576 sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456 sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360 sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472 sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264 sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752 sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592 sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768 sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424 sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448 sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400 sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448 sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424 sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184 sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208 sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208 sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208 sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184 * source: update symlinks to reflect id of the latest release, 20210608 intel-microcode (3.20210216.1) * New upstream microcode datafile 20210216 * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx, and Cascade Lake Server (B0/B1) when using an active JTAG agent like In Target Probe (ITP), Direct Connect Interface (DCI) or a Baseboard Management Controller (BMC) to take the CPU JTAG/TAP out of reset and then returning it to reset. * This issue is related to the INTEL-SA-00381 mitigation. * Updated Microcodes: sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864 sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248 sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248 * source: update symlinks to reflect id of the latest release, 20210216 intel-microcode (3.20201118.1) * New upstream microcode datafile 20201118 * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake processors. Note that Debian already had removed this specific falty microcode update on the 3.20201110.1 release * Add a microcode update for the Pentium Silver N/J5xxx and Celeron N/J4xxx which didn't make it to release 20201110, fixing security issues (INTEL-SA-00381, INTEL-SA-00389) * Updated Microcodes: sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752 * Removed Microcodes: sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 intel-microcode (3.20201110.1) * New upstream microcode datafile 20201110 (closes: #974533) * Implements mitigation for CVE-2020-8696 and CVE-2020-8698, aka INTEL-SA-00381: AVX register information leakage; Fast-Forward store predictor information leakage * Implements mitigation for CVE-2020-8695, Intel SGX information disclosure via RAPL, aka INTEL-SA-00389 * Fixes critical errata on several processor models * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320) for Skylake-U/Y, Skylake Xeon E3 * New Microcodes sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648 sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768 sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520 sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208 sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184 sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184 * Updated Microcodes sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816 sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472 sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792 sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840 sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224 sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408 sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360 sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472 sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776 sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568 sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448 sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448 sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448 sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448 sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448 sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448 sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424 sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448 sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424 sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424 sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208 * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44 INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your system vendor for a firmware update, or wait fo a possible fix in a future Intel microcode release. * source: update symlinks to reflect id of the latest release, 20201110 * source: ship new upstream documentation (security.md, releasenote.md) Signed-off-by: Tan Zien <nabsdh9@gmail.com> [used different .tar.xz source, but with the same content] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>		2021-12-05 23:57:13 +08:00
config	Config-images: change default title to ImmortalWrt	2021-11-29 03:20:25 +08:00
include	kernel: bump to 4.9.291, 4.14.256, 4.19.218	2021-11-29 01:23:44 +08:00
LICENSES	LICENSE: sync with upstream	2021-02-16 14:19:09 +08:00
package	firmware: intel-microcode: update to 20210608	2021-12-05 23:57:13 +08:00
scripts	scripts/download.pl: add new mirror	2021-11-30 20:44:49 +08:00
target	kernel: bump to 4.9.291, 4.14.256, 4.19.218	2021-11-29 01:23:44 +08:00
toolchain	toolchain/gcc: fix build on MacOS arm64	2021-12-05 23:56:10 +08:00
tools	tools/fakeroot: fix build on MacOS arm64	2021-12-05 23:56:00 +08:00
.gitattributes	fix permisson	2019-08-16 15:09:42 +08:00
.gitignore	toolchain: add a version that can be bumped to force toolchain/target rebuild	2021-11-19 23:58:57 +08:00
BSDmakefile	build: use SPDX license tags	2021-02-06 12:07:10 +08:00
Config.in	build: use SPDX license tags	2021-02-06 12:07:10 +08:00
CONTRIBUTED.md	CONTRIBUTED: add OSDN logo	2021-11-30 20:44:37 +08:00
COPYING	LICENSE: sync with upstream	2021-02-16 14:19:09 +08:00
feeds.conf.default	feeds/routing: switch to ImmortalWrt's openwrt-18.06 branch	2021-10-22 22:26:07 +08:00
Makefile	toolchain: add a version that can be bumped to force toolchain/target rebuild	2021-11-19 23:58:57 +08:00
README.md	CONTRIBUTED: add OSDN logo	2021-11-30 20:44:37 +08:00
rules.mk	rules: add legacy mark	2021-11-26 00:14:49 +08:00

README.md

Project ImmortalWrt

ImmortalWrt is a fork of OpenWrt, with more packages ported, more devices supported, better performance, and special optimizations for mainland China users.
Compared the official one, we allow to use hacks or non-upstreamable patches / modifications to achieve our purpose. Source from anywhere.

Default login address: http://192.168.1.1 or http://immortalwrt.lan, username: root, password: password.

Development

To build your own firmware you need a GNU/Linux, BSD or MacOSX system (case sensitive filesystem required). Cygwin is unsupported because of the lack of a case sensitive file system.

Requirements

To build with this project, Ubuntu 18.04 LTS is preferred. And you need use the CPU based on AMD64 architecture, with at least 4GB RAM and 25 GB available disk space. Make sure the Internet is accessible.

The following tools are needed to compile ImmortalWrt, the package names vary between distributions.

Here is an example for Ubuntu users:

Method 1:

Setup dependencies via APT

sudo apt update -y
sudo apt full-upgrade -y
sudo apt install -y ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential \
  bzip2 ccache cmake cpio curl device-tree-compiler ecj fastjar flex gawk gettext gcc-multilib g++-multilib \
  git git-core gperf haveged help2man intltool lib32gcc1 libc6-dev-i386 libelf-dev libglib2.0-dev libgmp3-dev \
  libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncurses5-dev libreadline-dev libssl-dev libtool libz-dev \
  lrzsz mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip python3-ply \
  python-docutils qemu-utils re2c rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim \
  wget xmlto xxd zlib1g-dev

Method 2:

curl -s https://build-scripts.immortalwrt.eu.org/init_build_environment.sh | sudo bash

You can also download and use prebuilt container directly:
See #Quickstart - Build image via OPDE

Note:

For the for love of god please do not use ROOT user to build your image.
Using CPUs based on other architectures should be fine to compile ImmortalWrt, but more hacks are needed - No warranty at all.
You must not have spaces in PATH or in the work folders on the drive.
If you're using Windows Subsystem for Linux (or WSL), removing Windows folders from PATH is required, please see Build system setup WSL documentation.
Using macOS as the host build OS is not recommended. No warranty at all. You can get tips from Build system setup macOS documentation.
- As you're building ImmortalWrt, patching or disabling UPX tools is also required.
For more details, please see Build system setup documentation.

Quickstart

Method 1:
1. Run git clone -b <branch> --single-branch https://github.com/immortalwrt/immortalwrt to clone the source code.
2. Run cd immortalwrt to enter source directory.
3. Run ./scripts/feeds update -a to obtain all the latest package definitions defined in feeds.conf / feeds.conf.default
4. Run ./scripts/feeds install -a to install symlinks for all obtained packages into package/feeds/
5. Run make menuconfig to select your preferred configuration for the toolchain, target system & firmware packages.
6. Run make to build your firmware. This will download all sources, build the cross-compile toolchain and then cross-compile the GNU/Linux kernel & all chosen applications for your target system.

Method 2:

Build image via OPDE

Pull the prebuilt container:

docker pull immortalwrt/opde:base
# docker run --rm -it immortalwrt/opde:base

For Linux User:

git clone -b <branch> --single-branch https://github.com/immortalwrt/immortalwrt && cd immortalwrt
docker run --rm -it \
    -v $PWD:/openwrt \
  immortalwrt/opde:base zsh
./scripts/feeds update -a && ./scripts/feeds install -a

For Windows User:

Create a volume 'immortalwrt' and clone ImmortalWrt source into volume.

docker run --rm -it -v immortalwrt:/openwrt immortalwrt/opde:base git clone -b <branch> --single-branch https://github.com/immortalwrt/immortalwrt .

Enter docker container and update feeds.

docker run --rm -it -v immortalwrt:/openwrt immortalwrt/opde:base
./scripts/feeds update -a && ./scripts/feeds install -a

Tips: ImmortalWrt source code can not be cloned into NTFS filesystem (symbol link problem during compilation), but docker volume is fine.

Proxy Support:

docker run --rm -it \
  -e   all_proxy=http://example.com:1081 \
  -e  http_proxy=http://example.com:1081 \
  -e https_proxy=http://example.com:1081 \
  -e   ALL_PROXY=http://example.com:1081 \
  -e  HTTP_PROXY=http://example.com:1081 \
  -e HTTPS_PROXY=http://example.com:1081 \
  -v $PWD:/openwrt \
  immortalwrt/opde:base zsh

Recommand http rather socks5 protocol

IP can not be localhost or 127.0.0.1

For Windows User, binary is still in volume. It can be copied to outside via followed command:
```
docker run --rm -v <D:\path\to\dir>:/dst -v openwrt:/openwrt -w /dst immortalwrt:base cp /openwrt/bin /dst
```
Make sure D:\path\to\dir has been appended in File Sharing.

The main repository uses multiple sub-repositories to manage packages of different categories. All packages are installed via the ImmortalWrt package manager called opkg. If you're looking to develop the web interface or port packages to ImmortalWrt, please find the fitting repository below.

LuCI Web Interface: Modern and modular interface to control the device via a web browser.
ImmortalWrt Packages: Community repository of ported packages.
OpenWrt Routing: Packages specifically focused on (mesh) routing.
CONTRIBUTED.md: the 3rd-party packages we introduced.

Support Information

For a list of supported devices see the OpenWrt Hardware Database

Documentation

Support Community

Support Chat: group @ctcgfw_openwrt_discuss on Telegram.

License

ImmortalWrt is licensed under GPL-3.0-only.