ucentral-client: update to latest HEAD

cb17a78 ucentral-client: Add command-line options for certificate paths

Signed-off-by: John Crispin <john@phrozen.org>

feeds/qca-wifi-7/ath12k-wifi/Makefile

@@ -98,6 +98,11 @@ $(call Package/ath12k-wifi-default)
     TITLE:=board-2.bin for NWA50BE
 endef
 
+define Package/ath12k-wifi-zyxel-nwa210be
+$(call Package/ath12k-wifi-default)
+    TITLE:=board-2.bin for NWA210BE
+endef
+
 define Package/ath12k-wifi-cig-wf672
 $(call Package/ath12k-wifi-default)
     TITLE:=board-2.bin for WF672
@@ -204,6 +209,13 @@ define Package/ath12k-wifi-zyxel-nwa50be/install
 	$(INSTALL_DATA) ./ipq5332_qcn6432.regdb $(1)/lib/firmware/ath12k/QCN6432/hw1.0/regdb.bin
 endef
 
+define Package/ath12k-wifi-zyxel-nwa210be/install
+	$(INSTALL_DIR) $(1)/lib/firmware/ath12k/QCN92XX/hw1.0/
+	$(INSTALL_DIR) $(1)/lib/firmware/ath12k/IPQ5332/hw1.0/
+	$(INSTALL_DATA) ./board-2.bin.nwa210be.QCN92XX $(1)/lib/firmware/ath12k/QCN92XX/hw1.0/board-2.bin
+	$(INSTALL_DATA) ./board-2.bin.nwa210be.IPQ5332 $(1)/lib/firmware/ath12k/IPQ5332/hw1.0/board-2.bin
+endef
+
 define Package/ath12k-wifi-cig-wf672/install
 	$(INSTALL_DIR) $(1)/lib/firmware/ath12k/QCN92XX/hw1.0/
 	$(INSTALL_DIR) $(1)/lib/firmware/ath12k/IPQ5332/hw1.0/
@@ -224,4 +236,5 @@ $(eval $(call BuildPackage,ath12k-wifi-sercomm-ap72tip))
 $(eval $(call BuildPackage,ath12k-wifi-sercomm-ap72tip-v4))
 $(eval $(call BuildPackage,ath12k-wifi-zyxel-nwa130be))
 $(eval $(call BuildPackage,ath12k-wifi-zyxel-nwa50be))
+$(eval $(call BuildPackage,ath12k-wifi-zyxel-nwa210be))
 $(eval $(call BuildPackage,ath12k-wifi-cig-wf672))

feeds/qca-wifi-7/ath12k-wifi/board-2-nwa210be-IPQ5332.json

@@ -0,0 +1,20 @@
+[
+    {
+        "board": [
+            {
+                "names": [
+                    "bus=ahb,qmi-chip-id=0,qmi-board-id=18"
+                ],
+                "data": "nwa210be-IPQ5332.bin"
+            }
+        ],
+        "regdb": [
+            {
+                "names": [
+                    "bus=ahb,qmi-chip-id=0,qmi-board-id=18"
+                ],
+                "data": "ipq5332.regdb"
+            }
+        ]
+    }
+]

feeds/qca-wifi-7/ath12k-wifi/board-2-nwa210be-QCN92XX.json

@@ -0,0 +1,20 @@
+[
+    {
+        "board": [
+            {
+                "names": [
+                    "bus=pci,qmi-chip-id=0,qmi-board-id=12"
+                ],
+                "data": "nwa210be-QCN92XX.bin"
+            }
+        ],
+        "regdb": [
+            {
+                "names": [
+                    "bus=pci,qmi-chip-id=0,qmi-board-id=12"
+                ],
+                "data": "qcn92xx.regdb"
+            }
+        ]
+    }
+]

feeds/qca-wifi-7/ath12k-wifi/generate.sh

@@ -21,3 +21,6 @@ $encoder -c board-2-nwa130be-QCN92XX.json -o board-2.bin.nwa130be.QCN92XX
 
 $encoder -c board-2-nwa50be-IPQ5332.json -o board-2.bin.nwa50be.IPQ5332
 $encoder -c board-2-nwa50be-QCN6432.json -o board-2.bin.nwa50be.QCN6432
+
+$encoder -c board-2-nwa210be-IPQ5332.json -o board-2.bin.nwa210be.IPQ5332
+$encoder -c board-2-nwa210be-QCN92XX.json -o board-2.bin.nwa210be.QCN92XX

feeds/qca-wifi-7/ipq53xx/base-files/etc/board.d/02_network

@@ -41,7 +41,8 @@ ipq53xx_setup_interfaces()
 	emplus,wap7635|\
 	sercomm,ap72tip-v4)
 		ucidef_set_interface_wan "eth0"
-		;;	
+		;;
+	zyxel,nwa210be|\
 	zyxel,nwa130be)
 		ucidef_set_interfaces_lan_wan "eth1" "eth0"
 		;;
@@ -131,6 +132,18 @@ qcom_setup_macs()
 		ucidef_set_wireless_macaddr_base 5g $(macaddr_add "$wan_mac" 3)
 		ucidef_set_wireless_macaddr_base 6g $(macaddr_add "$wan_mac" 4)
 		;;
+	zyxel,nwa210be)
+		wan_mac=$(cat /proc/cmdline)
+		wan_mac="${wan_mac##*hwaddr=}"
+		wan_mac="${wan_mac%% *}"
+		wan_mac="$(echo ${wan_mac} | sed 's/\(..\)/\1:/g;s/:$//')"
+		lan_mac=$(macaddr_add "$wan_mac" 1)
+		ucidef_set_network_device_mac eth0 $wan_mac
+		ucidef_set_network_device_mac eth1 $lan_mac
+		ucidef_set_label_macaddr $wan_mac
+		ucidef_set_wireless_macaddr_base 2g $(macaddr_add "$wan_mac" 2)
+		ucidef_set_wireless_macaddr_base 5g $(macaddr_add "$wan_mac" 3)
+		;;
 	zyxel,nwa50be)
 		wan_mac=$(cat /proc/cmdline)
 		wan_mac="${wan_mac##*hwaddr=}"

feeds/qca-wifi-7/ipq53xx/base-files/etc/hotplug.d/firmware/10-ath12k-caldata

@@ -68,6 +68,7 @@ ath12k/IPQ5332/hw1.0/caldata.bin)
 	sercomm,ap72tip-v4|\
 	sercomm,ap72tip|\
 	zyxel,nwa130be|\
+	zyxel,nwa210be|\
 	zyxel,nwa50be)
 		caldata_extract "0:ART" 0x1000 0x20000
 		;;
@@ -91,6 +92,7 @@ ath12k/QCN92XX/hw1.0/cal-pci-0001:01:00.0.bin)
 	emplus,wap7635|\
 	sercomm,ap72tip-v4|\
 	sercomm,ap72tip|\
+	zyxel,nwa210be|\
 	zyxel,nwa130be)
 		caldata_extract "0:ART" 0x58800 0x2d000
 		;;

feeds/qca-wifi-7/ipq53xx/base-files/lib/upgrade/platform.sh

@@ -175,6 +175,7 @@ platform_do_upgrade() {
 		nand_upgrade_tar "$1"
 		;;
 	zyxel,nwa130be|\
+	zyxel,nwa210be|\
 	zyxel,nwa50be)
 		nand_upgrade_tar "$1"
 		;;

feeds/qca-wifi-7/ipq53xx/dts/ipq5332-zyxel-nwa210be.dts

@@ -0,0 +1,655 @@
+// SPDX-License-Identifier: (GPL-2.0+ OR BSD-3-Clause)
+/*
+ * IPQ5332 RDP468 board device tree source
+ *
+ * Copyright (c) 2020-2021 The Linux Foundation. All rights reserved.
+ * Copyright (c) 2022-2024 Qualcomm Innovation Center, Inc. All rights reserved.
+ */
+
+/dts-v1/;
+
+#include <dt-bindings/gpio/gpio.h>
+#include <dt-bindings/input/input.h>
+#include <dt-bindings/leds/common.h>
+#include "ipq5332.dtsi"
+#include "ipq5332-default-memory.dtsi"
+
+/ {
+	model = "Zyxel NWA210BE";
+	compatible = "zyxel,nwa210be", "qcom,ipq5332-ap-mi01.6", "qcom,ipq5332-rdp468", "qcom,ipq5332";
+
+	reserved-memory {
+		#address-cells = <2>;
+		#size-cells = <2>;
+		ranges;
+
+		ramoops@49c00000 {
+			compatible = "ramoops";
+			no-map;
+			reg = <0x0 0x49c00000 0x0 0x100000>;
+			record-size = <0x20000>;
+			console-size = <0x20000>;
+			pmsg-size = <0x20000>;
+		};
+	};
+
+	aliases {
+		serial0 = &blsp1_uart0;
+		serial1 = &blsp1_uart1;
+		ethernet0 = "/soc/dp1";
+		ethernet1 = "/soc/dp2";
+	};
+
+	chosen {
+		stdout-path = "serial0";
+	};
+
+	soc@0 {
+		mdio:mdio@90000 {
+			pinctrl-0 = <&mdio1_pins &mdio0_pins>;
+			pinctrl-names = "default";
+			/*gpio51 for manhattan reset*/
+			phy-reset-gpio = <&tlmm 51 GPIO_ACTIVE_LOW>;
+			phyaddr_fixup = <0xC90F018>;
+			uniphyaddr_fixup = <0xC90F014>;
+			mdio_clk_fixup; /* MDIO clock sequence fix up flag */
+			status = "okay";
+
+			phy0: ethernet-phy@0 {
+				reg = <1>;
+				fixup;
+			};
+			phy1: ethernet-phy@1 {
+				reg = <2>;
+				fixup;
+			};
+			phy2: ethernet-phy@2 {
+				reg = <3>;
+				fixup;
+			};
+			phy3: ethernet-phy@3 {
+				reg = <4>;
+				fixup;
+			};
+
+			switch0@10 {
+				compatible = "qca,qca8386";
+				#address-cells = <1>;
+				#size-cells = <0>;
+				reg = <0x10>;
+
+				ports {
+					#address-cells = <1>;
+					#size-cells = <0>;
+
+					port@0 {
+						reg = <0>;
+						label = "cpu";
+						ethernet = <&gmac2>;
+						dsa-tag-protocol = "qca_4b";
+					};
+
+					port@1 {
+						reg = <1>;
+						label = "lan1";
+						phy-handle = <&phy0>;
+						phy-mode = "usxgmii";
+					};
+
+					port@2 {
+						reg = <2>;
+						label = "lan2";
+						phy-handle = <&phy1>;
+						phy-mode = "usxgmii";
+					};
+
+					port@3 {
+						reg = <3>;
+						label = "lan3";
+						phy-handle = <&phy2>;
+						phy-mode = "usxgmii";
+					};
+				};
+			};
+		};
+
+		ess-instance {
+			num_devices = <0x2>;
+
+			ess-switch@3a000000 {
+				switch_cpu_bmp = <0x1>;  /* cpu port bitmap */
+				switch_lan_bmp = <0x2>; /* lan port bitmap */
+				switch_wan_bmp = <0x4>; /* wan port bitmap */
+				switch_mac_mode = <0xc>; /* mac mode for uniphy instance0*/
+				switch_mac_mode1 = <0xf>; /* mac mode for uniphy instance1*/
+				switch_mac_mode2 = <0xff>; /* mac mode for uniphy instance2*/
+
+				qcom,port_phyinfo {
+					port@0 {
+						port_id = <1>;
+						forced-speed = <2500>;
+						forced-duplex = <1>;
+					};
+					port@1 {
+						port_id = <2>;
+						phy_address = <4>;
+					};
+				};
+
+				led_source@5 {
+					source = <5>;
+					mode = "normal";
+					speed = "all";
+					blink_en = "enable";
+					active = "high";
+				};
+
+				qcom,port_ledinfo {
+					port@1 {
+						port = <2>;
+						led_source@0 {
+							source = <0>;
+							mode = "normal";
+							speed = "2500M";
+							active = "high";
+							blink_en = "enable";
+						};
+						led_source@1 {
+							source = <1>;
+							mode = "normal";
+							speed = "10M", "100M","1000M";
+							active = "high";
+							blink_en = "enable";
+						};
+					};
+				};
+			};
+
+			ess-switch1@1 {
+				compatible = "qcom,ess-switch-qca8386";
+				device_id = <1>;
+				switch_access_mode = "mdio";
+				mdio-bus = <&mdio>;
+				switch_mac_mode = <0xc>; /* mac mode for uniphy instance0 */
+				switch_mac_mode1 = <0xff>; /* mac mode1 for uniphy instance1 */
+				switch_cpu_bmp = <0x1>;  /* cpu port bitmap */
+				switch_lan_bmp = <0xe>; /* lan port bitmap */
+				switch_wan_bmp = <0x0>;  /* wan port bitmap */
+				link-polling-required = <0>;
+				fdb_sync = "interrupt";
+				link-intr-gpio = <&tlmm 23 GPIO_ACTIVE_HIGH>;
+
+				qcom,port_phyinfo {
+					port@0 {
+						port_id = <0>;
+						forced-speed = <2500>;
+						forced-duplex = <1>;
+					};
+					port@1 {
+						port_id = <1>;
+						phy_address = <1>;
+					};
+					port@2 {
+						port_id = <2>;
+						phy_address = <2>;
+					};
+					port@3 {
+						port_id = <3>;
+						phy_address = <3>;
+					};
+				};
+
+				qcom,port_ledinfo {
+					port@3 {
+						port = <3>;
+						led_source@0 {
+							source = <0>;
+							mode = "normal";
+							speed = "2500M";
+							active = "high";
+							blink_en = "enable";
+						};
+						led_source@1 {
+							source = <1>;
+							mode = "normal";
+							speed = "10M", "100M","1000M";
+							active = "high";
+							blink_en = "enable";
+						};
+					};
+				};
+
+				led_source@2 {
+					source = <2>;
+					mode = "normal";
+					speed = "all";
+					blink_en = "enable";
+					active = "high";
+				};
+				led_source@5 {
+					source = <5>;
+					mode = "normal";
+					speed = "all";
+					blink_en = "enable";
+					active = "high";
+				};
+				led_source@8 {
+					source = <8>;
+					mode = "normal";
+					speed = "all";
+					blink_en = "enable";
+					active = "high";
+				};
+			};
+		};
+
+		dp1 {
+			device_type = "network";
+			compatible = "qcom,nss-dp";
+			qcom,id = <2>;
+			reg = <0x3a504000 0x4000>;
+			qcom,mactype = <1>;
+			local-mac-address = [000000000000];
+			mdio-bus = <&mdio>;
+			qcom,phy-mdio-addr = <4>;
+			qcom,link-poll = <1>;
+			phy-mode = "sgmii";
+		};
+
+		gmac2:dp2 {
+			device_type = "network";
+			compatible = "qcom,nss-dp";
+			qcom,id = <1>;
+			reg = <0x3a500000 0x4000>;
+			qcom,mactype = <1>;
+			local-mac-address = [000000000000];
+			phy-mode = "sgmii";
+			qcom,mht-dev = <1>;
+			qcom,is_switch_connected = <1>;
+			qcom,ppe-offload-disabled = <1>;
+		};
+
+		/* EDMA host driver configuration for the board */
+		edma@3ab00000 {
+			qcom,txdesc-ring-start = <4>;		/* Tx desc ring start ID */
+			qcom,txdesc-rings = <12>;		/* Total number of Tx desc rings to be provisioned */
+			qcom,mht-txdesc-rings = <8>;            /* Extra Tx desc rings to be provisioned for MHT SW ports */
+			qcom,txcmpl-ring-start = <4>;		/* Tx complete ring start ID */
+			qcom,txcmpl-rings = <12>;		/* Total number of Tx complete rings to be provisioned */
+			qcom,mht-txcmpl-rings = <8>;            /* Extra Tx complete rings to be provisioned for mht sw ports. */
+			qcom,rxfill-ring-start = <4>;		/* Rx fill ring start ID */
+			qcom,rxfill-rings = <4>;		/* Total number of Rx fill rings to be provisioned */
+			qcom,rxdesc-ring-start = <12>;		/* Rx desc ring start ID */
+			qcom,rxdesc-rings = <4>;		/* Total number of Rx desc rings to be provisioned */
+			qcom,rx-page-mode = <0>;		/* Rx fill ring page mode */
+			qcom,tx-map-priority-level = <1>;	/* Tx priority level per port */
+			qcom,rx-map-priority-level = <1>;	/* Rx priority level per core */
+			qcom,ppeds-num = <2>;			/* Number of PPEDS nodes */
+			/* PPE-DS node format: <Rx-fill Tx-cmpl Rx Tx Queue-base Queue-count> */
+			qcom,ppeds-map = <1 1 1 1 32 8>,	/* PPEDS Node#0 ring and queue map */
+					<2 2 2 2 40 8>;		/* PPEDS Node#1 ring and queue map */
+			qcom,txdesc-map = <8 9 10 11>,		/* Port0 per-core Tx ring map */
+					<12 13 14 15>,        /* MHT-Port1 per-core Tx ring map */
+					<4 5 6 7>,            /* MHT-Port2 per-core Tx ring map/packets from  vp*/
+					<16 17 18 19>,        /* MHT-Port3 per-core Tx ring map */
+					<20 21 22 23>;        /* MHT-Port4 per-core Tx ring map */
+			qcom,txdesc-fc-grp-map = <1 2 3 4 5>;   /* Per GMAC flow control group map */
+			qcom,rxfill-map = <4 5 6 7>;		/* Per-core Rx fill ring map */
+			qcom,rxdesc-map = <12 13 14 15>;	/* Per-core Rx desc ring map */
+			qcom,rx-queue-start = <0>;		/* Rx queue start */
+			qcom,rx-ring-queue-map = <0 8 16 24>,	/* Priority 0 queues per-core Rx ring map */
+						<1 9 17 25>,	/* Priority 1 queues per-core Rx ring map */
+						<2 10 18 26>,	/* Priority 2 queues per-core Rx ring map */
+						<3 11 19 27>,	/* Priority 3 queues per-core Rx ring map */
+						<4 12 20 28>,	/* Priority 4 queues per-core Rx ring map */
+						<5 13 21 29>,	/* Priority 5 queues per-core Rx ring map */
+						<6 14 22 30>,	/* Priority 6 queues per-core Rx ring map */
+						<7 15 23 31>;	/* Priority 7 queues per-core Rx ring map */
+			interrupts = <0 163 4>,			/* Tx complete ring id #4 IRQ info */
+				   <0 164 4>,			/* Tx complete ring id #5 IRQ info */
+				   <0 165 4>,			/* Tx complete ring id #6 IRQ info */
+				   <0 166 4>,			/* Tx complete ring id #7 IRQ info */
+				   <0 167 4>,			/* Tx complete ring id #8 IRQ info */
+				   <0 168 4>,			/* Tx complete ring id #9 IRQ info */
+				   <0 169 4>,			/* Tx complete ring id #10 IRQ info */
+				   <0 170 4>,			/* Tx complete ring id #11 IRQ info */
+				   <0 171 4>,			/* Tx complete ring id #12 IRQ info */
+				   <0 172 4>,			/* Tx complete ring id #13 IRQ info */
+				   <0 173 4>,			/* Tx complete ring id #14 IRQ info */
+				   <0 174 4>,			/* Tx complete ring id #15 IRQ info */
+				   <0 139 4>,			/* Rx desc ring id #12 IRQ info */
+				   <0 140 4>,			/* Rx desc ring id #13 IRQ info */
+				   <0 141 4>,			/* Rx desc ring id #14 IRQ info */
+				   <0 142 4>,			/* Rx desc ring id #15 IRQ info */
+				   <0 191 4>,			/* Misc error IRQ info */
+				<0 160 4>,			/* PPEDS Node #1(TxComp ring id #1) TxComplete IRQ info */
+				<0 128 4>,			/* PPEDS Node #1(Rx Desc ring id #1) Rx Desc IRQ info */
+				<0 152 4>,			/* PPEDS Node #1(RxFill Desc ring id #1) Rx Fill IRQ info */
+				<0 161 4>,			/* PPEDS Node #2(TxComp ring id #2) TxComplete IRQ info */
+				<0 129 4>,			/* PPEDS Node #2(Rx Desc ring id #2) Rx Desc IRQ info */
+				<0 153 4>,                      /* PPEDS Node #2(RxFill Desc ring id #2) Rx Fill IRQ info */
+				<0 175 4>,                   /* MHT port Tx complete ring id #16 IRQ info */
+				<0 176 4>,                   /* MHT port Tx complete ring id #17 IRQ info */
+				<0 177 4>,                   /* MHT port Tx complete ring id #18 IRQ info */
+				<0 178 4>,                   /* MHT port Tx complete ring id #19 IRQ info */
+				<0 179 4>,                   /* MHT port Tx complete ring id #20 IRQ info */
+				<0 180 4>,                   /* MHT port Tx complete ring id #21 IRQ info */
+				<0 181 4>,                   /* MHT port Tx complete ring id #22 IRQ info */
+				<0 182 4>;                   /* MHT port Tx complete ring id #23 IRQ info */
+		};
+
+		leds {
+			compatible = "gpio-leds";
+			pinctrl-0 = <&led_pins>;
+			pinctrl-names = "default";
+			led_blue{
+				label = "led_blue";
+				gpio = <&tlmm 22 GPIO_ACTIVE_HIGH>;
+				linux,default-trigger = "led_blue";
+				default-state = "off";
+			};
+			led_green {
+				label = "led_green";
+				gpio = <&tlmm 45 GPIO_ACTIVE_HIGH>;
+				linux,default-trigger = "led_green";
+				default-state = "on";
+			};
+			led_white {
+				label = "led_white";
+				gpio = <&tlmm 43 GPIO_ACTIVE_HIGH>;
+				linux,default-trigger = "led_white";
+				default-state = "off";
+			};
+			led_red {
+				label = "led_red";
+				gpio = <&tlmm 44 GPIO_ACTIVE_HIGH>;
+				linux,default-trigger = "led_red";
+				default-state = "off";
+			};
+		};
+
+		gpio_keys {
+			compatible = "gpio-keys";
+			pinctrl-0 = <&button_pins>;
+			pinctrl-names = "default";
+			button@1 {
+				label = "reset";
+				linux,code = <KEY_RESTART>;
+				gpios = <&tlmm 30 GPIO_ACTIVE_LOW>;
+				linux,input-type = <1>;
+				debounce-interval = <60>;
+			};
+		};
+
+		wsi: wsi {
+			id = <0>;
+			num_chip = <2>;
+			status = "okay";
+			chip_info = <0 1 1>,
+				    <1 1 0>;
+		};
+	};
+};
+
+&wifi0 {
+	led-gpio = <&tlmm 36 GPIO_ACTIVE_HIGH>;
+	qcom,rproc = <&q6_wcss_pd1>;
+	qcom,rproc_rpd = <&q6v5_wcss>;
+	qcom,multipd_arch;
+	qcom,userpd-subsys-name = "q6v5_wcss_userpd1";
+	memory-region = <&q6_region>;
+	qcom,wsi = <&wsi>;
+	qcom,wsi_index = <0>;
+	qcom,board_id = <0x12>;
+	status = "okay";
+};
+
+&qcn9224_pcie1 {
+	status = "okay";
+};
+
+&blsp1_uart0 {
+	pinctrl-0 = <&serial_0_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+};
+
+&blsp1_uart1 {
+	pinctrl-0 = <&serial_1_pins>;
+	pinctrl-names = "default";
+	status = "disabled";
+};
+
+&blsp1_spi0 {
+	pinctrl-0 = <&spi_0_data_clk_pins &spi_0_cs_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+
+	flash@0 {
+		compatible = "n25q128a11", "micron,n25q128a11", "jedec,spi-nor";
+		reg = <0>;
+		#address-cells = <1>;
+		#size-cells = <1>;
+		spi-max-frequency = <50000000>;
+	};
+};
+
+&sdhc {
+	bus-width = <4>;
+	max-frequency = <192000000>;
+	mmc-ddr-1_8v;
+	mmc-hs200-1_8v;
+	non-removable;
+	pinctrl-0 = <&sdc_default_state>;
+	pinctrl-names = "default";
+	status = "disabled";
+};
+
+&sleep_clk {
+	clock-frequency = <32000>;
+};
+
+&xo {
+	clock-frequency = <24000000>;
+};
+
+&qpic_bam {
+	status = "okay";
+};
+
+&qpic_nand {
+	pinctrl-0 = <&qspi_default_state>;
+	pinctrl-names = "default";
+	status = "okay";
+
+	nandcs@0 {
+		reg = <0>;
+		#address-cells = <1>;
+		#size-cells = <1>;
+
+		nand-ecc-strength = <8>;
+		nand-ecc-step-size = <512>;
+		nand-bus-width = <8>;
+	};
+};
+
+&pcie1_phy_x2 {
+	status = "okay";
+};
+
+&pcie1 {
+	pinctrl-0 = <&pcie1_default_state>;
+	pinctrl-names = "default";
+	perst-gpios = <&tlmm 47 GPIO_ACTIVE_LOW>;
+	status = "okay";
+
+	pcie1_rp {
+		reg = <0 0 0 0 0>;
+
+		qcom,mhi@1 {
+			reg = <0 0 0 0 0>;
+			boot-args = <0x2 0x4 0x34 0x3 0x0 0x0     /* MX Rail, GPIO52, Drive strength 0x3 */
+					0x4 0x4 0x18 0x3 0x0 0x0  /* RFA1p2 Rail, GPIO24, Drive strength 0x3 */
+					0x0 0x4 0x0 0x0 0x0 0x0>; /* End of arguments */
+			memory-region = <&qcn9224_pcie1>;
+			qcom,wsi = <&wsi>;
+			qcom,wsi_index = <1>;
+			qcom,board_id = <0x000c>;
+			qcom,wide_band = <1>;
+		};
+	};
+};
+
+/* PINCTRL */
+
+&tlmm {
+
+	led_pins: led_pins {
+		fem_en {
+			pins = "gpio31";
+			function = "gpio";
+			drive-strength = <8>;
+			output-high; //Enable Wi-Fi FEM
+		};
+
+		led_blue {
+			pins = "gpio22";
+			function = "gpio";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+
+		led_green {
+			pins = "gpio45";
+			function = "gpio";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+
+		led_white {
+			pins = "gpio43";
+			function = "gpio";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+
+		led_red {
+			pins = "gpio44";
+			function = "gpio";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+	};
+
+
+	sdc_default_state: sdc-default-state {
+		clk-pins {
+			pins = "gpio13";
+			function = "sdc_clk";
+			drive-strength = <8>;
+			bias-disable;
+		};
+
+		cmd-pins {
+			pins = "gpio12";
+			function = "sdc_cmd";
+			drive-strength = <8>;
+			bias-pull-up;
+		};
+
+		data-pins {
+			pins = "gpio8", "gpio9", "gpio10", "gpio11";
+			function = "sdc_data";
+			drive-strength = <8>;
+			bias-pull-up;
+		};
+	};
+
+	spi_0_data_clk_pins: spi-0-data-clk-state {
+		pins = "gpio14", "gpio15", "gpio16";
+		function = "blsp0_spi";
+		drive-strength = <2>;
+		bias-pull-down;
+	};
+
+	spi_0_cs_pins: spi-0-cs-state {
+		pins = "gpio17";
+		function = "blsp0_spi";
+		drive-strength = <2>;
+		bias-pull-up;
+	};
+
+	qspi_default_state: qspi-default-state {
+		qspi_clock {
+			pins = "gpio13";
+			function = "qspi_clk";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+
+		qspi_cs {
+			pins = "gpio12";
+			function = "qspi_cs";
+			drive-strength = <8>;
+			bias-pull-up;
+		};
+
+		qspi_data {
+			pins = "gpio8", "gpio9", "gpio10", "gpio11";
+			function = "qspi_data";
+			drive-strength = <8>;
+			bias-pull-down;
+		};
+	};
+
+	serial_1_pins: serial1-pinmux {
+		pins = "gpio33", "gpio34", "gpio35", "gpio36";
+		function = "blsp1_uart2";
+		drive-strength = <8>;
+		bias-pull-up;
+	};
+
+	button_pins: button-state {
+		pins = "gpio30";
+		function = "gpio";
+		drive-strength = <8>;
+		bias-pull-up;
+	};
+
+	pwm_pins: pwm-state {
+		pins = "gpio46";
+		function = "pwm0";
+		drive-strength = <8>;
+	};
+
+	pcie1_default_state: pcie1-default-state {
+		pins = "gpio47";
+		function = "gpio";
+		drive-strength = <8>;
+		bias-pull-up;
+		output-low;
+	};
+};
+
+&license_manager {
+	status = "okay";
+};
+
+&usb3 {
+	qcom,multiplexed-phy;
+	status = "okay";
+};
+
+&pwm {
+	pinctrl-0 = <&pwm_pins>;
+	pinctrl-names = "default";
+	status = "okay";
+};
+
+&hs_m31phy_0 {
+	status = "okay";
+};
+
+&ssuniphy_0 {
+	status = "okay";
+};

feeds/qca-wifi-7/ipq53xx/image/ipq53xx.mk

@@ -178,6 +178,21 @@ define Device/zyxel_nwa50be
 endef
 TARGET_DEVICES += zyxel_nwa50be
 
+define Device/zyxel_nwa210be
+  DEVICE_TITLE := Zyxel NWA210BE
+  DEVICE_DTS := ipq5332-zyxel-nwa210be
+  DEVICE_DTS_DIR := ../dts
+  DEVICE_DTS_CONFIG := config@mi01.6
+  IMAGES := sysupgrade.tar nand-factory.bin nand-factory.ubi
+  BLOCKSIZE := 128k
+  PAGESIZE := 2048
+  IMAGE/sysupgrade.tar := sysupgrade-tar | append-metadata
+  IMAGE/nand-factory.bin := append-ubi | qsdk-ipq-factory-nand
+  IMAGE/nand-factory.ubi := append-ubi
+  DEVICE_PACKAGES := ath12k-wifi-zyxel-nwa210be ath12k-firmware-qcn92xx ath12k-firmware-ipq5332
+endef
+TARGET_DEVICES += zyxel_nwa210be
+
 define Device/cig_wf672
   DEVICE_TITLE := CIG WF672
   DEVICE_DTS := ipq5332-cig-wf672

feeds/qca-wifi-7/mac80211/files/lib/netifd/wireless/mac80211.sh

@@ -519,15 +519,16 @@ mac80211_hostapd_setup_base() {
 		append base_cfg "he_mu_edca_ac_vo_ecwmax=7" "$N"
 		append base_cfg "he_mu_edca_ac_vo_timer=255" "$N"
 	fi
+	
+	[ "$band" = 6g ] && multiple_bssid=1
 
-	if [ "$enable_be" != "0" ]; then
-		append base_cfg "ieee80211be=1" "$N"
-		[ "$band" = 6g ] && multiple_bssid=1
-		[ "$hwmode" = "a" ] && {
-			append base_cfg "eht_oper_chwidth=$eht_oper_chwidth" "$N"
-			append base_cfg "eht_oper_centr_freq_seg0_idx=$eht_center_seg0" "$N"
-		}
-	fi
+        if [ "$enable_be" != "0" ]; then
+                append base_cfg "ieee80211be=1" "$N"
+                [ "$hwmode" = "a" ] && {
+                        append base_cfg "eht_oper_chwidth=$eht_oper_chwidth" "$N"
+                        append base_cfg "eht_oper_centr_freq_seg0_idx=$eht_center_seg0" "$N"
+                }
+        fi
 
 	hostapd_prepare_device_config "$hostapd_conf_file" nl80211
 	cat >> "$hostapd_conf_file" <<EOF

feeds/qca-wifi-7/mac80211/patches-zyxel_nwa210be/ath12k/0001-thermal-thermal-setting.patch

@@ -0,0 +1,72 @@
+From 5f22b2d262ba44ecd0b05b32c6eee6161460718f Mon Sep 17 00:00:00 2001
+From: YenLin Pan <yenlin.pan@zyxel.com.tw>
+Date: Tue, 15 Jul 2025 16:18:48 +0800
+Subject: [PATCH] thermal: thermal setting
+
+lv0 -100 -hi0 105 -off0 0
+lv1 95   -hi1 110 -off1 75
+lv2 100  -hi2 115 -off2 99
+lv3 105  -hi3 120 -off3 100
+
+Signed-off-by: YenLin Pan <YenLin.Pan@zyxel.com.tw>
+---
+ drivers/net/wireless/ath/ath12k/thermal.h | 30 +++++++++++------------
+ 1 file changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/drivers/net/wireless/ath/ath12k/thermal.h b/drivers/net/wireless/ath/ath12k/thermal.h
+index 5c91906..2334901 100644
+--- a/drivers/net/wireless/ath/ath12k/thermal.h
++++ b/drivers/net/wireless/ath/ath12k/thermal.h
+@@ -13,34 +13,34 @@
+ 
+ /* Below temperatures are in celsius */
+ #define ATH12K_THERMAL_LVL0_TEMP_LOW_MARK -100
+-#define ATH12K_THERMAL_LVL0_TEMP_HIGH_MARK 100
++#define ATH12K_THERMAL_LVL0_TEMP_HIGH_MARK 105
+ #define ATH12K_THERMAL_LVL1_TEMP_LOW_MARK 95
+-#define ATH12K_THERMAL_LVL1_TEMP_HIGH_MARK 105
++#define ATH12K_THERMAL_LVL1_TEMP_HIGH_MARK 110
+ #define ATH12K_THERMAL_LVL2_TEMP_LOW_MARK 100
+-#define ATH12K_THERMAL_LVL2_TEMP_HIGH_MARK 110
++#define ATH12K_THERMAL_LVL2_TEMP_HIGH_MARK 115
+ #define ATH12K_THERMAL_LVL3_TEMP_LOW_MARK 105
+ #define ATH12K_THERMAL_LVL3_TEMP_HIGH_MARK 120
+ 
+ #define ATH12K_THERMAL_LVL0_V2_TEMP_LOW_MARK -100
+-#define ATH12K_THERMAL_LVL0_V2_TEMP_HIGH_MARK 95
+-#define ATH12K_THERMAL_LVL1_V2_TEMP_LOW_MARK 90
+-#define ATH12K_THERMAL_LVL1_V2_TEMP_HIGH_MARK 100
+-#define ATH12K_THERMAL_LVL2_V2_TEMP_LOW_MARK 95
+-#define ATH12K_THERMAL_LVL2_V2_TEMP_HIGH_MARK 105
+-#define ATH12K_THERMAL_LVL3_V2_TEMP_LOW_MARK 100
+-#define ATH12K_THERMAL_LVL3_V2_TEMP_HIGH_MARK 110
++#define ATH12K_THERMAL_LVL0_V2_TEMP_HIGH_MARK 105
++#define ATH12K_THERMAL_LVL1_V2_TEMP_LOW_MARK 95
++#define ATH12K_THERMAL_LVL1_V2_TEMP_HIGH_MARK 110
++#define ATH12K_THERMAL_LVL2_V2_TEMP_LOW_MARK 100
++#define ATH12K_THERMAL_LVL2_V2_TEMP_HIGH_MARK 115
++#define ATH12K_THERMAL_LVL3_V2_TEMP_LOW_MARK 105
++#define ATH12K_THERMAL_LVL3_V2_TEMP_HIGH_MARK 120
+ #define ATH12K_THERMAL_LVL4_V2_TEMP_LOW_MARK 105
+ #define ATH12K_THERMAL_LVL4_V2_TEMP_HIGH_MARK 120
+ 
+ #define ATH12K_THERMAL_LVL0_DUTY_CYCLE 0
+-#define ATH12K_THERMAL_LVL1_DUTY_CYCLE 50
+-#define ATH12K_THERMAL_LVL2_DUTY_CYCLE 90
++#define ATH12K_THERMAL_LVL1_DUTY_CYCLE 75
++#define ATH12K_THERMAL_LVL2_DUTY_CYCLE 99
+ #define ATH12K_THERMAL_LVL3_DUTY_CYCLE 100
+ 
+ #define ATH12K_THERMAL_LVL0_V2_DUTY_CYCLE ATH12K_THERMAL_LVL0_DUTY_CYCLE
+-#define ATH12K_THERMAL_LVL1_V2_DUTY_CYCLE ATH12K_THERMAL_LVL0_DUTY_CYCLE
+-#define ATH12K_THERMAL_LVL2_V2_DUTY_CYCLE ATH12K_THERMAL_LVL1_DUTY_CYCLE
+-#define ATH12K_THERMAL_LVL3_V2_DUTY_CYCLE ATH12K_THERMAL_LVL2_DUTY_CYCLE
++#define ATH12K_THERMAL_LVL1_V2_DUTY_CYCLE ATH12K_THERMAL_LVL1_DUTY_CYCLE
++#define ATH12K_THERMAL_LVL2_V2_DUTY_CYCLE ATH12K_THERMAL_LVL2_DUTY_CYCLE
++#define ATH12K_THERMAL_LVL3_V2_DUTY_CYCLE ATH12K_THERMAL_LVL3_DUTY_CYCLE
+ #define ATH12K_THERMAL_LVL4_V2_DUTY_CYCLE ATH12K_THERMAL_LVL3_DUTY_CYCLE
+ 
+ #define THERMAL_CONFIG_POUT0                        0
+-- 
+2.34.1
+

feeds/qca-wifi-7/qca-ssdk-qca/files-zyxel_nwa210be/qca-ssdk

@@ -0,0 +1,317 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2018, 2021, The Linux Foundation. All rights reserved.
+# Copyright (c) 2022-2024, Qualcomm Innovation Center, Inc. All rights reserved.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
+START=16
+
+#!/bin/sh
+ruletype="ip4 ip6"
+side="wan lan"
+qwan="1 3 2 0 5 7 6 4"
+qlan="0 1 2 3 4 5 6 7"
+
+function create_war_acl_rules(){
+	for lw in $side
+	do
+		#echo $lw
+		if [ "$lw" == "wan" ];then
+			listid=254
+			queue=$qwan
+			portmap=0x20
+		else
+			listid=255
+			queue=$qlan
+			portmap=0x1e
+		fi
+		#echo $queue
+		#echo "creating list $listid"
+		ssdk_sh acl list create $listid 255
+		ruleid=0
+		for rt in $ruletype
+		do
+			for qid in $queue
+			do
+				cmd="ssdk_sh acl rule add $listid $ruleid  1 n 0 0"
+				#echo $cmd
+				if [ "$rt" == "ip4" ];then
+					cmd="$cmd ip4 n n n n n n n n n n n n n n n n n n n n n n n n n n n n n"
+					#echo $cmd
+				else
+					cmd="$cmd ip6 n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n n"
+					#echo $cmd
+				fi
+				if [ $ruleid -le 3 ];then
+					#non-zero dscp
+					cmd="$cmd y 0x0 0xff"
+				elif [ $ruleid -le 7 ];then
+					#zero dscp
+					cmd="$cmd n"
+				elif [ $ruleid -le 11 ];then
+					#non-zero dscp
+					cmd="$cmd y 0x0 0xff"
+				else
+					#zero dscp
+					cmd="$cmd n"
+				fi
+				p=$((ruleid/2))
+				cmd="$cmd y mask $((ruleid%2)) 0x1 y mask $((p%2)) 0x1 n n n n n n n n n n n n n n n y n n n n n n n y $qid n n 0 0 n n n n n n n n n n n n n n n n n n n n 0"
+				#echo $cmd
+				$cmd
+				ruleid=`expr $ruleid + 1`
+			done
+		done
+		ssdk_sh acl list bind $listid 0 1 $portmap
+	done
+}
+
+function create_war_cosmap(){
+	ssdk_sh cosmap pri2q set 0 0
+	ssdk_sh cosmap pri2q set 1 0
+	ssdk_sh cosmap pri2q set 2 0
+	ssdk_sh cosmap pri2q set 3 0
+	ssdk_sh cosmap pri2q set 4 1
+	ssdk_sh cosmap pri2q set 5 1
+	ssdk_sh cosmap pri2q set 6 1
+	ssdk_sh cosmap pri2q set 7 1
+	ssdk_sh cosmap pri2ehq set 0 0
+	ssdk_sh cosmap pri2ehq set 1 0
+	ssdk_sh cosmap pri2ehq set 2 0
+	ssdk_sh cosmap pri2ehq set 3 0
+	ssdk_sh cosmap pri2ehq set 4 1
+	ssdk_sh cosmap pri2ehq set 5 1
+	ssdk_sh cosmap pri2ehq set 6 1
+	ssdk_sh cosmap pri2ehq set 7 1
+}
+
+function create_acl_byp_egstp_rules(){
+	chip_ver=$1
+	cmd="ssdk_sh servcode config set 1 n 0 0xfffefc7f 0xffbdff 0 0 0 0 0 0"
+	if [ "$chip_ver" == "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		cmd="$cmd 0"
+	fi
+	#echo $cmd
+	$cmd
+
+	ssdk_sh acl list create 56 48
+	#action bypass eg stp check
+	action="y n n n n n n n n n n 0 0 n n n n n n n n n n n n n y n n n n n n n n n n n n y n n n n n n n n n n n n n n n n n n"
+	if [ "$chip_ver" == "0x2000" ]; then
+		action="$action n n 0"
+	elif [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		action="$action n n n 0"
+	else
+		action="$action 0"
+	fi
+
+	for ruleid in $( seq 0 2 )
+	do
+		if [ "$ruleid" == "0" ];then
+			cmd="ssdk_sh acl rule add 56 0 1 n 0 0 mac n n n n n y 01-80-c2-00-00-00 ff-ff-ff-ff-ff-ff n n n n n n n n n n n n n n n n n n n n n n n"
+		elif [ "$ruleid" == "1" ];then
+			cmd="ssdk_sh acl rule add 56 1 1 n 0 0 mac n n n n n n n yes 0x8809 0xffff n n n n n n n n n n n n n n n n n n n n n"
+		else
+			cmd="ssdk_sh acl rule add 56 2 1 n 0 0 mac n n n n n n n yes 0x888e 0xffff n n n n n n n n n n n n n n n n n n n n n"
+		fi
+		if [ "$chip_ver" == "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+			cmd="$cmd n $action"
+		else
+			cmd="$cmd $action"
+		fi
+		#echo $cmd
+		$cmd
+	done
+	ssdk_sh acl list bind 56 0 2 1
+}
+
+function delete_war_acl_rules(){
+	for lw in $side
+	do
+		#echo $lw
+		if [ "$lw" == "wan" ];then
+			listid=254
+			queue=$qwan
+			portmap=0x20
+		else
+			listid=255
+			queue=$qlan
+			portmap=0x1e
+		fi
+		ssdk_sh acl list unbind $listid 0 1 $portmap
+		for rt in $ruletype
+		do
+			for qid in $queue
+			do
+				cmd="ssdk_sh acl rule del $listid 0 1"
+				echo $cmd
+				$cmd
+			done
+		done
+		#echo "deleting list $listid"
+		ssdk_sh acl list destroy $listid
+	done
+}
+
+function delete_war_cosmap(){
+	ssdk_sh cosmap pri2q set 0 0
+	ssdk_sh cosmap pri2q set 1 0
+	ssdk_sh cosmap pri2q set 2 1
+	ssdk_sh cosmap pri2q set 3 1
+	ssdk_sh cosmap pri2q set 4 2
+	ssdk_sh cosmap pri2q set 5 2
+	ssdk_sh cosmap pri2q set 6 3
+	ssdk_sh cosmap pri2q set 7 3
+	ssdk_sh cosmap pri2ehq set 0 1
+	ssdk_sh cosmap pri2ehq set 1 0
+	ssdk_sh cosmap pri2ehq set 2 2
+	ssdk_sh cosmap pri2ehq set 3 2
+	ssdk_sh cosmap pri2ehq set 4 3
+	ssdk_sh cosmap pri2ehq set 5 3
+	ssdk_sh cosmap pri2ehq set 6 4
+	ssdk_sh cosmap pri2ehq set 7 5
+}
+
+function delete_acl_byp_egstp_rules(){
+	chip_ver=$1
+	cmd="ssdk_sh servcode config set 1 n 0 0xfffefcff 0xffbfff 0 0 0 0 0 0"
+	if [ "$chip_ver" == "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		cmd="$cmd 0"
+	fi
+	#echo $cmd
+	$cmd
+	ssdk_sh acl list unbind 56 0 2 1
+	ssdk_sh acl rule del 56 0 1
+	ssdk_sh acl rule del 56 1 1
+	ssdk_sh acl rule del 56 2 1
+	ssdk_sh acl list destroy 56
+}
+
+function edma_war_config_add(){
+	create_war_cosmap
+	ssdk_sh acl status set enable
+	create_war_acl_rules
+}
+
+function edma_war_config_del(){
+	delete_war_acl_rules
+	delete_war_cosmap
+}
+
+function ipq50xx_serdes_monitor () {
+	#if qca808x phy exist, need to monitor the serdes to avoid the effect for WIFI
+	port_id=2
+	old_linkstatus="DISABLE"
+	phy_id_info=`ssdk_sh port phyid get $port_id | grep Org | awk -F '!' '{print $2}'`
+	if [ "$phy_id_info" = "[Org ID]:0x004d[Rev ID]:0xd101" ]; then
+		ssdk_sh debug phy set 29 0xb 0x300d
+		ssdk_sh debug uniphy set 0 0x7ac 0x300d 4
+
+		while true
+		do
+			cur_linkstatus=`ssdk_sh port linkstatus get $port_id | grep Status | awk -F ':' '{print $2}'`
+			#when qca808x phy link status is from down to up, serdes tx would be enabled
+			if [ "$cur_linkstatus" = "ENABLE" ] && [ "$old_linkstatus" = "DISABLE" ]; then
+				ssdk_sh debug phy set 29 0xb 0xb00d
+				ssdk_sh debug uniphy set 0 0x7ac 0xb00d 4
+			fi
+			#when qca808x phy link status is from up to down, serdes tx would be disabled
+			if [ "$cur_linkstatus" = "DISABLE" ] && [ "$old_linkstatus" = "ENABLE" ]; then
+				ssdk_sh debug phy set 29 0xb 0x300d
+				ssdk_sh debug uniphy set 0 0x7ac 0x300d 4
+			fi
+			old_linkstatus=$cur_linkstatus
+		done
+	fi
+}
+
+function ipq53xx_phy_amplitude_set () {
+	#for qca808x phy sgmii, set half amplitude with src_half_swing register
+	port_id=2
+	phy_id_info=`ssdk_sh port phyid get $port_id | grep Org | awk -F '!' '{print $2}'`
+	if [ "$phy_id_info" = "[Org ID]:0x004d[Rev ID]:0xd180" ]; then
+		ssdk_sh debug phy set 5 0x40010087 0x208a
+		ssdk_sh debug phy set 6 0x40010087 0x208a
+		#Set the Reg0x67 bits[7:5]=3’b000 and bit4=1’b1
+		ampl_val=$(eval "ssdk_sh debug phy get 5 0x40010067 | grep SSDK | grep -oE '0x[0-9a-fA-F]+' | sed 's/\(0x..\)./\11/'")
+		ssdk_sh debug phy set 5 0x40010067 $ampl_val
+		ampl_val=$(eval "ssdk_sh debug phy get 6 0x40010067 | grep SSDK | grep -oE '0x[0-9a-fA-F]+' | sed 's/\(0x..\)./\11/'")
+		ssdk_sh debug phy set 6 0x40010067 $ampl_val
+	fi
+}
+
+function ipq53xx_uniphy_amplitude_set () {
+	#for ipq50xx sgmii, set half amplitude with tx_emp_lvl/margin_index and tx_margin
+	ssdk_sh debug uniphy set 0 0x7ac 0xb10d 4
+	ssdk_sh debug uniphy set 0 0x24 0 4
+	ssdk_sh debug uniphy set 1 0x7ac 0xb10d 4
+	ssdk_sh debug uniphy set 1 0x24 0 4
+}
+
+ssdk_dependency() {
+	counter=0
+	[ -e /lib/modules/$(uname -r)/qca-ssdk.ko ] && [ ! -d /sys/module/qca_ssdk ] && {
+		insmod qca-ssdk.ko
+	}
+	while [ ! -d /sys/ssdk ] && [ "$counter" -le 5 ]
+	do
+		sleep 1
+		counter=$((counter+1))
+	done
+}
+
+start() {
+	ssdk_dependency
+	chip_ver=`ssdk_sh debug reg get 0 4 | grep Data | tr -d 'SSDK Init OK![Data]:'`
+	#The following commands should be uncommented to enable EDMA WAR
+	if [ "$chip_ver" = "0x1401" ]; then
+		#edma_war_config_add
+		echo ''
+	fi
+	#The following commands should be uncommented to add acl egress stp bypass rules
+	if [ "$chip_ver" = "0x1500" ] || [ "$chip_ver" = "0x1501" ] || [ "$chip_ver" = "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		#create_acl_byp_egstp_rules $chip_ver
+		echo ''
+	fi
+	#The following commands should be uncommented to enable WAR for ipq50xx
+	chip_type_info=`cat tmp/sysinfo/model`
+	result=$(echo $chip_type_info | grep "IPQ5018")
+	if [ "$result" != "" ]; then
+		#ipq50xx_serdes_monitor &
+		#ipq50xx_uniphy_amplitude_set
+		#ipq50xx_phy_amplitude_set
+		echo ''
+	fi
+	if [ "$chip_ver" = "0x2001" ]; then
+		ipq53xx_uniphy_amplitude_set
+		ipq53xx_phy_amplitude_set
+		echo ''
+	fi
+	echo starting
+}
+
+stop() {
+	chip_ver=`ssdk_sh debug reg get 0 4 | grep Data | tr -d 'SSDK Init OK![Data]:'`
+	#The following commands should be uncommented to disable EDMA WAR
+	if [ "$chip_ver" = "0x1401" ]; then
+		#edma_war_config_del
+		echo ''
+	fi
+	#The following commands should be uncommented to delete acl egress stp bypass rules
+	if [ "$chip_ver" = "0x1500" ] || [ "$chip_ver" = "0x1501" ] || [ "$chip_ver" = "0x2000" ] || [ "$chip_ver" = "0x2001" ] || [ "$chip_ver" = "0x2100" ]; then
+		#delete_acl_byp_egstp_rules $chip_ver
+		echo ''
+	fi
+	echo stoping
+}

feeds/qca-wifi-7/qca-ssdk-qca/patches-zyxel_nwa210be/0001-pinctrl-make-the-switch-LED-works.patch

@@ -0,0 +1,47 @@
+From 7fa9e9b683f1c573c58a14755347988919bc7d06 Mon Sep 17 00:00:00 2001
+From: YenLin Pan <yenlin.pan@zyxel.com.tw>
+Date: Wed, 14 May 2025 13:47:06 +0800
+Subject: [PATCH] pinctrl: make the switch LED works
+
+Enable switch LED pin definition for LED0/LED1/LED2 control
+
+Signed-off-by: YenLin Pan <YenLin.Pan@zyxel.com.tw>
+---
+ src/init/ssdk_mht_pinctrl.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/init/ssdk_mht_pinctrl.c b/src/init/ssdk_mht_pinctrl.c
+index 2debe59..1ae0002 100755
+--- a/src/init/ssdk_mht_pinctrl.c
++++ b/src/init/ssdk_mht_pinctrl.c
+@@ -33,11 +33,17 @@ static struct mht_pinctrl_setting mht_pin_settings[] = {
+     /*PINs default MUX Setting*/
+     MHT_PIN_SETTING_MUX(0,  MHT_PIN_FUNC_INTN_WOL),
+     MHT_PIN_SETTING_MUX(1,  MHT_PIN_FUNC_INTN),
+-#if 0
++#if 1
+     MHT_PIN_SETTING_MUX(2,  MHT_PIN_FUNC_P0_LED_0),
+     MHT_PIN_SETTING_MUX(3,  MHT_PIN_FUNC_P1_LED_0),
+     MHT_PIN_SETTING_MUX(4,  MHT_PIN_FUNC_P2_LED_0),
+     MHT_PIN_SETTING_MUX(5,  MHT_PIN_FUNC_P3_LED_0),
++    MHT_PIN_SETTING_MUX(6,  MHT_PIN_FUNC_P0_LED_2),
++    MHT_PIN_SETTING_MUX(7,  MHT_PIN_FUNC_P1_LED_2),
++    MHT_PIN_SETTING_MUX(8,  MHT_PIN_FUNC_P2_LED_2),
++    MHT_PIN_SETTING_MUX(9,  MHT_PIN_FUNC_P3_LED_2),
++#endif
++#if 0
+     MHT_PIN_SETTING_MUX(6,  MHT_PIN_FUNC_PPS_IN),
+     MHT_PIN_SETTING_MUX(7,  MHT_PIN_FUNC_TOD_IN),
+     MHT_PIN_SETTING_MUX(8,  MHT_PIN_FUNC_RTC_REFCLK_IN),
+@@ -49,7 +55,7 @@ static struct mht_pinctrl_setting mht_pin_settings[] = {
+     MHT_PIN_SETTING_MUX(13, MHT_PIN_FUNC_P0_TOD_OUT),
+     MHT_PIN_SETTING_MUX(14, MHT_PIN_FUNC_P0_CLK125_TDI),
+     MHT_PIN_SETTING_MUX(15, MHT_PIN_FUNC_P0_SYNC_CLKO_PTP),
+-#if 0
++#if 1
+     MHT_PIN_SETTING_MUX(16, MHT_PIN_FUNC_P0_LED_1),
+     MHT_PIN_SETTING_MUX(17, MHT_PIN_FUNC_P1_LED_1),
+     MHT_PIN_SETTING_MUX(18, MHT_PIN_FUNC_P2_LED_1),
+-- 
+2.34.1
+

feeds/tip/certificates/files/etc/init.d/early_boot

@@ -5,7 +5,7 @@ START=09
 copy_certificates() {
 	[ -f /certificates/key.pem ] || return
 
-	cp /certificates/cert.pem /certificates/key.pem /certificates/operational.* /etc/ucentral/
+	cp /certificates/*.pem /certificates/*.ca /etc/ucentral/ 2>/dev/null || true
 	chown root.network /etc/ucentral/*.pem /etc/ucentral/*.ca
 	chmod 0440 root.network /etc/ucentral/*.pem /etc/ucentral/*.ca
 	[ -f /certificates/gateway.json ] && cp /certificates/gateway.json /etc/ucentral/gateway.flash

feeds/tip/cloud_discovery/Makefile

@@ -12,7 +12,7 @@ define Package/cloud_discovery
   SECTION:=ucentral
   CATEGORY:=uCentral
   TITLE:=TIP cloud_discovery
-  DEPENDS:=+certificates
+  DEPENDS:=+certificates +bind-dig
 endef
 
 Build/Compile=

feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery

@@ -3,6 +3,7 @@
 'use strict';
 
 import { ulog_open, ulog, ULOG_SYSLOG, ULOG_STDIO, LOG_DAEMON, LOG_INFO } from 'log';
+import { query } from 'resolv';
 import * as libubus from 'ubus';
 import * as uloop from 'uloop';
 import * as libuci from 'uci';
@@ -17,8 +18,12 @@ const ORPHAN = 4;
 
 const DISCOVER_DHCP = "DHCP";
 const DISCOVER_FLASH = "FLASH";
+const DISCOVER_FQDN = "STANDARD_FQDN";
 const DISCOVER_LOOKUP = "OpenLAN";
 
+const STANDARD_FQDN = "openwifi.wlan.local";
+const STANDARD_FQDN_PORT = 15002;
+
 let ubus = libubus.connect();
 let uci = libuci.cursor();
 let state = DISCOVER;
@@ -118,7 +123,7 @@ function gateway_write(data) {
 	gateway ??= {};
 	let new = {};
 	let changed = false;
-	for (let key in [ 'server', 'port', 'valid', 'hostname_validate' ]) {
+	for (let key in [ 'server', 'port', 'valid', 'hostname_validate', 'cert', 'ca' ]) {
 		if (exists(data, key))
 			new[key] = data[key];
 		else if (exists(gateway, key))
@@ -140,6 +145,17 @@ function gateway_available() {
 	return true;
 }
 
+function dnsmasq_rebind_allow(fqdn) {
+	let config_dir = '/tmp/dnsmasq.d';
+	let config_file = `${config_dir}/cloud-discovery.conf`;
+
+	if (!fs.stat(config_dir))
+		fs.mkdir(config_dir);
+
+	fs.writefile(config_file, `rebind-domain-ok=/${fqdn}/\n`);
+	system('/etc/init.d/dnsmasq reload');
+}
+
 function set_state(set) {
 	if (state == set)
 		return;
@@ -187,8 +203,21 @@ function set_state(set) {
 function discover_dhcp() {
 	let dhcp = readjsonfile('/tmp/cloud.json');
 	if (dhcp?.dhcp_server && dhcp?.dhcp_port) {
-		if (gateway_write({ server: dhcp.dhcp_server, port:dhcp.dhcp_port, valid: false, hostname_validate: dhcp.no_validation ? 0 : 1 })) {
-			ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port}\n`);
+		let fqdn = split(dhcp.dhcp_server, ':')[0];
+		dnsmasq_rebind_allow(fqdn);
+		if (gateway_write({
+			server: dhcp.dhcp_server,
+			port: dhcp.dhcp_port,
+			valid: false,
+			hostname_validate: dhcp.no_validation ? 0 : 1,
+			cert: `/etc/ucentral/${fqdn}.pem`,
+			ca: `/etc/ucentral/${fqdn}.ca`
+		})) {
+			ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port} - trying EST\n`);
+			fs.writefile('/tmp/discovery.method', DISCOVER_DHCP);
+			if (system('/usr/bin/est_client enroll'))
+	                        return false;
+			ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port} - starting client\n`);
 			client_start();
 			set_state(VALIDATING);
 		}
@@ -209,10 +238,18 @@ function redirector_lookup() {
 	let redir = readjsonfile(path);
 	if (redir?.controller_endpoint) {
 		let controller_endpoint = split(redir.controller_endpoint, ':');
-		if (gateway_write({ server: controller_endpoint[0], port: controller_endpoint[1] || 15002, valid: false, hostname_validate: 1 })) {
+		if (gateway_write({
+			server: controller_endpoint[0],
+			port: controller_endpoint[1] || 15002,
+			valid: false,
+			hostname_validate: 1,
+			cert: '/etc/ucentral/operational.pem',
+			ca: '/etc/ucentral/operational.ca'
+		})) {
 			ulog(LOG_INFO, `Discovered cloud via lookup service ${controller_endpoint[0]}:${controller_endpoint[1] || 15002}\n`);
-                        client_start();
-                	set_state(VALIDATING);
+			fs.writefile('/tmp/discovery.method', DISCOVER_LOOKUP);
+			client_start();
+			set_state(VALIDATING);
 		}
 	} else {
 		ulog(LOG_INFO, 'Failed to discover cloud endpoint\n');
@@ -224,11 +261,44 @@ function discover_flash() {
 		return 1;
 	ulog(LOG_INFO, 'Using pre-populated cloud information\n');
 	fs.writefile('/etc/ucentral/gateway.json', fs.readfile('/etc/ucentral/gateway.flash'));
+	fs.writefile('/tmp/discovery.method', DISCOVER_FLASH);
 	client_start();
 	set_state(VALIDATING);
 	return 0;
 }
 
+function discover_standard_fqdn() {
+	ulog(LOG_INFO, `Trying standard FQDN: ${STANDARD_FQDN}\n`);
+
+	let result = query([STANDARD_FQDN], { type: ['A'] });
+	if (!result || !result[STANDARD_FQDN] || !result[STANDARD_FQDN].A) {
+		ulog(LOG_INFO, `Failed to resolve ${STANDARD_FQDN}\n`);
+		return false;
+	}
+
+	let address = result[STANDARD_FQDN].A[0];
+	ulog(LOG_INFO, `Resolved ${STANDARD_FQDN} to ${address}\n`);
+
+	dnsmasq_rebind_allow(STANDARD_FQDN);
+
+	if (gateway_write({
+		server: STANDARD_FQDN,
+		port: STANDARD_FQDN_PORT,
+		valid: false,
+		hostname_validate: 1,
+		cert: `/etc/ucentral/${STANDARD_FQDN}.pem`,
+		ca: `/etc/ucentral/${STANDARD_FQDN}.ca`
+	})) {
+		ulog(LOG_INFO, `Discovered cloud via standard FQDN ${STANDARD_FQDN}\n`);
+		fs.writefile('/tmp/discovery.method', DISCOVER_FQDN);
+		client_start();
+		set_state(VALIDATING);
+		return true;
+	}
+
+	return false;
+}
+
 function time_is_valid() {
 	let valid = !!fs.stat('/tmp/ntp.set');
 	if (!valid)
@@ -269,37 +339,25 @@ function interval_handler() {
 
 	case DISCOVER:
 		ulog(LOG_INFO, 'Starting discover\n');
-	
+
 		if (!time_is_valid())
 			return;
 
-		discovery_method = DISCOVER_DHCP;
-		if (discover_dhcp())
-			return;
-
-		// I believe that right here is where we need to check if we need to use
-		// air gapped. I think it will be something like this:
-
-		// for example, assume that the dhcp lease discovered rxg.com as the cloud server
-		// from dns option 224.
-
-		// here we would do a txt dns lookup on est.rxg.com, and if we get a response from that,
-		// eg rxg.com, then we know that we need to set EST_SERVER=rxg.com
-		// and then we need to also set CERT_PREFIX=rxg.com.
-
-		// I think from there the est_client will do the expected things based on those env vars.
-
-		if (system('/usr/bin/est_client enroll'))
-			return;
-
 		discovery_method = DISCOVER_DHCP;
 		if (!is_discover_method_blacked() && discover_dhcp())
 			return;
 
+		if (system('/usr/bin/est_client enroll'))
+			return;
+
 		discovery_method = DISCOVER_FLASH;
 		if (!is_discover_method_blacked() && !discover_flash())
 			return;
 
+		discovery_method = DISCOVER_FQDN;
+		if (!is_discover_method_blacked() && discover_standard_fqdn())
+			return;
+
 		discovery_method = DISCOVER_LOOKUP;
 		redirector_lookup();
 

feeds/tip/cloud_discovery/files/usr/bin/est_client

@@ -11,7 +11,70 @@ let store_operational_ca = false;
 let est_server = 'est.certificates.open-lan.org';
 let cert_prefix = 'operational';
 
+function cert_prefix_determine() {
+	let cloud_config = fs.readfile('/tmp/cloud.json');
+	if (cloud_config) {
+		let cloud = json(cloud_config);
+		if (cloud?.dhcp_server) {
+			let fqdn = split(cloud.dhcp_server, ':')[0];
+			ulog(LOG_INFO, `Using controller-specific cert prefix from cloud.json: ${fqdn}\n`);
+			return fqdn;
+		}
+	}
+
+	let discovery_method = trim(fs.readfile('/tmp/discovery.method') || 'OpenLAN');
+	ulog(LOG_INFO, `Discovery method from file: ${discovery_method}\n`);
+
+	if (discovery_method == 'OpenLAN') {
+		ulog(LOG_INFO, 'Using operational cert prefix\n');
+		return 'operational';
+	}
+
+	ulog(LOG_INFO, 'Using operational cert prefix as fallback\n');
+	return 'operational';
+}
+
+function discover_est_server_via_caa() {
+	let cloud_config = fs.readfile('/tmp/cloud.json');
+	if (!cloud_config)
+		return null;
+
+	let cloud = json(cloud_config);
+	if (!cloud || !cloud.dhcp_server)
+		return null;
+
+	let controller_fqdn = cloud.dhcp_server;
+	let fqdn_parts = split(controller_fqdn, ':');
+	if (length(fqdn_parts) > 0)
+		controller_fqdn = fqdn_parts[0];
+
+	ulog(LOG_INFO, `Attempting CAA lookup for controller FQDN: ${controller_fqdn}\n`);
+
+	let pipe = fs.popen(`dig @localhost ${controller_fqdn} CAA +short | cut -d'"' -f2`);
+	let est_server = pipe.read('all');
+	pipe.close();
+
+	if (!est_server)
+		return null;
+
+	est_server = trim(est_server);
+	if (est_server) {
+		ulog(LOG_INFO, `Found EST server via CAA: ${est_server}\n`);
+		return est_server;
+	}
+
+	return null;
+}
+
 function set_est_server() {
+	let discovered_server = discover_est_server_via_caa();
+	if (discovered_server) {
+		est_server = discovered_server;
+		return;
+	}
+
+	ulog(LOG_INFO, 'No EST server found via CAA, using certificate issuer-based selection\n');
+
 	let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`);
 	let issuer = pipe.read("all");
 	pipe.close();
@@ -94,11 +157,13 @@ function call_est_server(path, cert, target) {
 	if (generate_csr(cert))
 		return 1;
 
-	set_est_server();	
+	set_est_server();
 
-	let ret = system('curl -m 10 -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
+	let curl_cmd = 'curl -m 10 -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7';
+	ulog(LOG_INFO, `Executing: ${curl_cmd}\n`);
+	let ret = system(curl_cmd);
 	if (ret) {
-		ulog(LOG_INFO, 'Failed to request operational certificate\n');
+		ulog(LOG_INFO, `Failed to request operational certificate (exit code: ${ret})\n`);
 		return 1;
 	}
 	ulog(LOG_INFO, 'EST succeeded\n');
@@ -108,20 +173,26 @@ function call_est_server(path, cert, target) {
 
 
 function simpleenroll() {
+	cert_prefix = cert_prefix_determine();
+	ulog(LOG_INFO, `Checking for certificate: /etc/ucentral/${cert_prefix}.pem\n`);
+
 	if (fs.stat('/etc/ucentral/' + cert_prefix + '.pem')) {
 		ulog(LOG_INFO, 'Operational certificate is present\n');
 		return 0;
 	}
 
+	ulog(LOG_INFO, 'Operational certificate not found, enrolling...\n');
 	if (call_est_server('simpleenroll', '/etc/ucentral/cert.pem', '/etc/ucentral/' + cert_prefix + '.pem'))
-		return 1; 
-	
+		return 1;
+
 	ulog(LOG_INFO, 'Operational cert acquired\n');
 	store_operational_pem = true;
 	return 0;
 }
 
 function simplereenroll() {
+	cert_prefix = cert_prefix_determine();
+
 	if (!fs.stat('/etc/ucentral/' + cert_prefix + '.pem')) {
 		ulog(LOG_INFO, 'Operational certificate was not found\n');
 		return 0;
@@ -129,7 +200,7 @@ function simplereenroll() {
 
 	if (call_est_server('simplereenroll', '/etc/ucentral/' + cert_prefix + '.pem', '/tmp/' + cert_prefix + '.pem'))
 		return 1;
-	
+
 	ulog(LOG_INFO, 'Operational cert updated\n');
 	store_operational_cert('/tmp/' + cert_prefix + '.pem', cert_prefix + '.pem');
 	system('cp /tmp/' + cert_prefix + '.pem /etc/ucentral/');
@@ -139,18 +210,22 @@ function simplereenroll() {
 }
 
 function load_operational_ca() {
+	cert_prefix = cert_prefix_determine();
+
 	if (fs.stat('/etc/ucentral/' + cert_prefix + '.ca')) {
 		ulog(LOG_INFO, 'Operational CA is present\n');
 		return 0;
 	}
 
-	set_est_server();	
+	set_est_server();
 
-	let ret = system('curl -m 10 -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7');
+	let curl_cmd = 'curl -m 10 -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7';
+	ulog(LOG_INFO, `Executing: ${curl_cmd}\n`);
+	let ret = system(curl_cmd);
 	if (!ret)
 		ret = p7_too_pem('/tmp/' + cert_prefix + '.ca.nohdr.p7', '/etc/ucentral/' + cert_prefix + '.ca');
 	if (ret) {
-		ulog(LOG_INFO, 'Failed to load CA\n');
+		ulog(LOG_INFO, `Failed to load CA (exit code: ${ret})\n`);
 		return 1;
 	}
 	system('cat /etc/ucentral/openlan.pem >> /etc/ucentral/' + cert_prefix + '.ca');

feeds/tip/tip-defaults/files/etc/ucentral/insta.pem

@@ -7,3 +7,6 @@ MIIFIDCCAwigAwIBAgICDnkwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3BlbkxBTiBEZW1vIFJv
 -----BEGIN CERTIFICATE-----
 MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3BlbkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAaMRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvMHwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenqc4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5OohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9PIhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9QzRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0VTzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzPKRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbfRXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQABo2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQUlGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0JoWhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dUWmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZh5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqfH+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1ncHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJXbZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1dashL0CPsbIJ
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGBzCCA++gAwIBAgICCQYwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3BlbkxBTiBSb290IENBMB4XDTI1MDUxNDA4NTY0MVoXDTQ1MDUxNDA5MjY0MVowJDEiMCAGA1UEAwwZT3BlbkxBTiBTZXJ2ZXIgSXNzdWluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALSdJpzwPfQM9oHBGt6w8UDLDJNznxI7cpfl0u0xVCHN1YY7onpwxFVkFRzUx/JrQ/tbEGZH19XtngaCZ91KbGbqVao9S32H0tyn2t3eTJ5h+klJ7+7YAbZr8UfOi3nG4bZzNSa5dDBPaNPvI51byKDN7siXXnALV3f0l6lZgDpLQco/E7ANU3lslUVjVNALfFUEonDyP7XV+lFAyidpjIn6dRn7oYs3SUwkzZUntYJAhAykmxXMWox+85gDkdb+2O3G8ci0uHVbb0A9LP+MeIhzxHgnnAMfWLfEZexdmEd2PwVHaz/D2Xp/gYrpPDTsbqWjQ9NmgdASwqN5j8BuJ8vHDVBVCztVDltm6JPw3Y6GQPN1LmiSLUzst7VYpydUJRDHYIAKJhT9DYxQ126VfiyMo6Xl4IQO8YZ/J6r8yR7gyvyUiBW+wvvC1bCY5+VuI4P/cY+6iA1qwC1SOWjYlccy+tbfGj9zr32Qf27e9RXSAkcATHen1rc/9AGEeAuSpKrzhmZIIvM4+EtYgbBvf91NkP51zbGpvsAbfWN/ecNmqH9SeyrrVgv68Z34hMijCcvJNyIvloo3nkb/gHYV4tAiwTTrX13Rio/8qNF4nwHLsjw0t7jEyRiXdOciePyhGbtdicuiUxrShzbGY7ID0yNwyTKcJYhorL/8r+YFpsXrAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQUBwUkiaCh5hdY+ZH6O8NmEE/nH5EwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0cDovL2NybC5jZXJ0aWZpY2F0ZXMub3Blbi1sYW4ub3JnL29wZW5sYW5yb290Y2EuY3JsMIGXBggrBgEFBQcBAQSBijCBhzBEBggrBgEFBQcwAoY4aHR0cDovL2NlcnRzLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYS5jZXIwPwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYXRlcy5vcGVuLWxhbi5vcmcvb3BlbmxhbnJvb3RjYTANBgkqhkiG9w0BAQsFAAOCAgEAqEk5ZJdpMVr2U0YhmqEU6gqxEeih9MWKcQfmsT/lhf5m5V7VuLMc3r+EBCsPssw60umdQcAU2IPlJXLAeWwdRyY7ZNNwQVgl9GBI/CM2b7x18+12/llCdXW9FOagdChTuuhwRnGTt71jcrJkleQyEYhqwwIEN82hxq4HSZO6XJDev4IsMRF00+qt8biJcf7OVGOSLoyiU6Dm/EzxoB+DZf3HdUc0vzfVjD4Im+yYzqXuwWV6c9oIBQH6obzaqlpg926CtEBFR8E1LQe93ahMvF7pExpIOkE5PTuqONvy7Xn3Ui8NRxHhmm8j/unql6bUTGENz9s68n8Im7weq6awC9Hfu8aGWjcnXI7tsDY5uJEguP5fSwCUrdTE85XgPgPHeKaIwBZsyRZTqVSvbky+c15Yv6ITXLWoA0AUxz9ste3WpqiWCNJVI90MCruSYKdpXGV0KU3QQXJDMKhHJBF5DLpuKiboFfh9O8pB7B4/tJ76JpAc6Z0rfaQUo2vxSpb3Sbd/IHNcL08zB8Ay+YUBULspxe+1StKthmCzCHI9DOhIgeASyNBpcL7uZPjCXiYGhUuzsFGv4sQ+d267Jyvql/Piw/vYg1k2aVBfdIoIU4TpIEVyQqPz4aAW+0SgL7OM+/zD9jxn3gVdusCpmHcoTzOfZRriH0FGIeDSQydpOJU=
+-----END CERTIFICATE-----

feeds/ucentral/ucentral-client/Makefile

@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-client
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-client.git
-PKG_MIRROR_HASH:=2935998d6074f0c290d9b96c2988c89aae6f405608f12a0063fa7215498bae9a
+PKG_MIRROR_HASH:=1cc7ab3d041221610d8da8b4e3a4c87749508e6fee81194b5cca28065dc86d75
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2025-08-11
-PKG_SOURCE_VERSION:=549e84e5fea7230c5471d6a3dbddcc7d3152f665
+PKG_SOURCE_DATE:=2025-11-25
+PKG_SOURCE_VERSION:=cb17a7819f558fb22e56bb20102ce98f24e5f3eb
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>

feeds/ucentral/ucentral-client/files/etc/init.d/ucentral

@@ -35,7 +35,8 @@ start_service() {
 	#config_get server 'config' 'server'
 	#config_get port 'config' 'port'
 	config_get debug 'config' 'debug' 0
-	config_get insecure 'config' 'insecure' 0
+	insecure=$(cat /etc/ucentral/gateway.json | jsonfilter -e '@["allow-self-signed"]')
+	config_get insecure 'config' 'insecure' $insecure
 
 	if [ -f /etc/ucentral/restrictions.json ]; then
 		selfsigned=$(cat /etc/ucentral/restrictions.json | jsonfilter -e '@["allow-self-signed"]')
@@ -46,6 +47,9 @@ start_service() {
 	port=$(cat /etc/ucentral/gateway.json | jsonfilter -e '@["port"]')
 	[ -n "$server" -a -n "$port" ] || return 0
 
+	cert=$(cat /etc/ucentral/gateway.json | jsonfilter -e '@["cert"]')
+	ca=$(cat /etc/ucentral/gateway.json | jsonfilter -e '@["ca"]')
+
 	boot_cause=$(cat /tmp/pstore | jsonfilter -e '@["pstore"][-1]'.boot_cause)
 	[ -z $boot_cause ] && boot_cause=coldboot
 	procd_open_instance
@@ -55,8 +59,9 @@ start_service() {
 	procd_append_param command -P $port
 	[ "$debug" -eq 0 ] || procd_append_param command -d
 	[ "$insecure" -eq 0 ] || procd_append_param command -i
+	[ -n "$cert" -a -n "$ca" ] && procd_append_param command -c $cert -C $ca
 	[ -z "$(mount | grep 'tmpfs on / type tmpfs')" ] || procd_append_param command -r
-	procd_append_param command -c "$boot_cause"
+	procd_append_param command -b "$boot_cause"
 	procd_append_param command -f "$(cat /tmp/ucentral.version)"
 	procd_set_param respawn 3600 5 0
 	procd_close_instance

feeds/ucentral/udhcpinject/src/udhcpinject.h

@@ -14,7 +14,7 @@
 
 #define CONFIG_PATH "/etc/config/dhcpinject"
 
-#define IWINFO_CMD "iwinfo | grep %s -A2 | grep '.*Channel:.*\\(%s\\..*\\) GHz' -B2 | awk '/ESSID/{print $1} /Access Point/{gsub(/:/, \"\", $3); print $3}'"
+#define IWINFO_CMD "iwinfo | grep '\"%s\"$' -A2 | grep '.*Channel:.*\\(%s\\..*\\) GHz' -B2 | awk '/ESSID/{print $1} /Access Point/{gsub(/:/, \"\", $3); print $3}'"
 
 static pcap_t 		*handle = NULL;
 

profiles/zyxel_nwa210be.yml

@@ -0,0 +1,16 @@
+---
+profile: zyxel_nwa210be
+target: ipq53xx
+subtarget: generic
+description: Build image for the zyxel nwa210be
+image: bin/targets/ipq53xx/generic/openwrt-ipq53xx-zyxel_nwa210be-squashfs-sysupgrade.tar
+feeds:
+  - name: qca
+    path: ../../feeds/qca-wifi-7
+packages:
+  - ipq53xx
+  - qca-ssdk-shell
+include:
+  - ucentral-ap
+diffconfig: |
+  CONFIG_KERNEL_IPQ_MEM_PROFILE=0