mediatek: Add SENAO JEAP6500

Specifications:
SoC: MediaTek MT7981BA
RF Chipset: MT7976DA @2.4GHz 2T2R
MT7976DA @5ghz 2T2R
RAM: 512MB DDR4 RAM
Flash: SPI-NAND 256 MiB
Ethernet: 2 x 1GbE PHY
Reset Button
Power Source: DC IN 12v, Standard PoE 802.3af/at
LED Indicator: 1 x single color LED (GPIO Control)

Fixes: WIFI-14312
Signed-off-by: steven.lin <steven.lin@senao.com>

patches/0078-secure-boot-sha256.patch

@@ -0,0 +1,115 @@
+From 95dfd6ea3a2c06a81a4513fe943d640d4d990194 Mon Sep 17 00:00:00 2001
+From: "steven.lin" <steven.lin@senao.com>
+Date: Mon, 11 Nov 2024 09:28:18 +0800
+Subject: [PATCH] secure boot support sha256
+
+---
+ scripts/mkits-secure_boot.sh | 37 ++++++++++++++++++++++++++++++++----
+ 1 file changed, 33 insertions(+), 4 deletions(-)
+
+diff --git a/scripts/mkits-secure_boot.sh b/scripts/mkits-secure_boot.sh
+index 1c7f292618..0a09792971 100755
+--- a/scripts/mkits-secure_boot.sh
++++ b/scripts/mkits-secure_boot.sh
+@@ -17,7 +17,7 @@
+ usage() {
+ 	printf "Usage: %s -A arch -C comp -a addr -e entry" "$(basename "$0")"
+ 	printf " -v version -k kernel [-D name -n address -d dtb] -o its_file"
+-	printf " [-s script] [-S key_name_hint] [-r ar_ver] [-R rootfs]"
++	printf " [-s script] [-S key_name_hint] [-b key_alg] [-r ar_ver] [-R rootfs] [-m rfsk]"
+ 
+ 	printf "\n\t-A ==> set architecture to 'arch'"
+ 	printf "\n\t-C ==> set compression type 'comp'"
+@@ -32,18 +32,21 @@ usage() {
+ 	printf "\n\t-o ==> create output file 'its_file'"
+ 	printf "\n\t-s ==> include u-boot script 'script'"
+ 	printf "\n\t-S ==> add signature at configurations and assign its key_name_hint by 'key_name_hint'"
++	printf "\n\t-b ==> set key algorithm"
+ 	printf "\n\t-r ==> set anti-rollback version to 'fw_ar_ver' (dec)"
+-	printf "\n\t-R ==> specify rootfs file for embedding hash\n"
++	printf "\n\t-R ==> specify rootfs file for embedding hash"
++	printf "\n\t-m ==> include encrypted rootfs key'\n"
+ 	exit 1
+ }
+ 
+ FDTNUM=1
+ 
+-while getopts ":A:a:c:C:D:d:e:k:n:o:v:s:S:r:R:" OPTION
++while getopts ":A:a:b:c:C:D:d:e:k:n:o:v:s:S:r:R:m:" OPTION
+ do
+ 	case $OPTION in
+ 		A ) ARCH=$OPTARG;;
+ 		a ) LOAD_ADDR=$OPTARG;;
++		b ) KEY_ALG=$OPTARG;;
+ 		c ) CONFIG=$OPTARG;;
+ 		C ) COMPRESS=$OPTARG;;
+ 		D ) DEVICE=$OPTARG;;
+@@ -57,6 +60,7 @@ do
+ 		S ) KEY_NAME_HINT=$OPTARG;;
+ 		r ) AR_VER=$OPTARG;;
+ 		R ) ROOTFS_FILE=$OPTARG;;
++		m ) ROOTFS_KEY=$OPTARG;;
+ 		* ) echo "Invalid option passed to '$0' (options:$*)"
+ 		usage;;
+ 	esac
+@@ -91,6 +95,19 @@ if [ -n "${DTB}" ]; then
+ 	FDT_PROP="fdt = \"fdt-$FDTNUM\";"
+ fi
+ 
++# Conditionally create encrypted rootfs-key information
++if [ -n "${ROOTFS_KEY}" ]; then
++	RFSK_NODE="
++			rfsk = <$(cat ${ROOTFS_KEY} | od -An -t x1 -w256 | sed 's/ //g; s/.\{8\}/0x& /g; s/.$//g')>;";
++
++	FIT_SECRET_NODE="
++	fit-secrets {
++		${CONFIG} {
++		};
++	};
++"
++fi
++
+ # Conditionally create rootfs hash information
+ if [ -f "${ROOTFS_FILE}" ]; then
+ 	ROOTFS_SIZE=$(stat -c %s ${ROOTFS_FILE})
+@@ -149,11 +166,20 @@ fi
+ 
+ # Conditionally create signature information
+ if [ -n "${KEY_NAME_HINT}" ]; then
++	if [[ "${KEY_NAME_HINT}" == "offline,"* ]]; then
++		KEY_NAME_HINT=$(echo -n "${KEY_NAME_HINT}" | sed "s/^.*[,]//g")
++		SIGN_OFFLINE="
++				sign-offline = <1>;"
++	fi
++	if [ -z "${KEY_ALG}" ]; then
++		KEY_ALG="sha256,rsa2048"
++	fi
+ 	SIGNATURE="\
+ 			signature {
+-				algo = \"sha1,rsa2048\";
++				algo = \"${KEY_ALG}\";
+ 				key-name-hint = \"${KEY_NAME_HINT}\";
+ ${SIGN_IMAGES}
++${SIGN_OFFLINE}
+ 			};\
+ "
+ fi
+@@ -200,12 +226,15 @@ ${ROOTFS}
+ 		${CONFIG} {
+ 			description = \"OpenWrt\";
+ ${FW_AR_VER}
++${RFSK_NODE}
+ ${LOADABLES}
+ 			kernel = \"kernel-1\";
+ 			${FDT_PROP}
+ ${SIGNATURE}
+ 		};
+ 	};
++
++${FIT_SECRET_NODE}
+ };"
+ 
+ # Write .its file to disk
+-- 
+2.43.2
+