ipq50xx: Fix bootbank switching when firmware upgrade is triggered for Edgecore EAP104 and OAP101 series

Fixes: WIFI-14957
Signed-off-by: Tanya Singh <tanya_singh@accton.com>

feeds/ipq807x_v5.4/hostapd/files/hostapd.uc

@@ -900,7 +900,10 @@ return {
 				hostapd.printf(`Sending AFC request: ${data}`);
 				writefile("/tmp/afc-request.json", data);
 
-				system(`curl -s -X POST ${afc_server.url} -H \'accept: \*\/\*\' -H \'Authorization: Bearer ${afc_server.access_token}\' -H \'Content-Type: application/json\' -d \'${data}\' --output /tmp/afc-response.json`);
+				if (afc_server.access_token)
+					system(`curl -s -X POST ${afc_server.url} -H \'accept: \*\/\*\' -H \'Authorization: Bearer ${afc_server.access_token}\' -H \'Content-Type: application/json\' -d \'${data}\' --output /tmp/afc-response.json`);
+				else if (afc_server.cert)
+					system(`curl -s -X POST ${afc_server.url} -H \'accept: \*\/\*\' --cert \'${afc_server.cert}\' -H \'Content-Type: application/json\' -d \'${data}\' --output /tmp/afc-response.json`);
 
 				let afc_response = (readfile("/tmp/afc-response.json"));
 				if (afc_response)

feeds/ipq807x_v5.4/ipq50xx/base-files/lib/upgrade/platform.sh

@@ -107,29 +107,42 @@ platform_do_upgrade() {
 
 	board=$(board_name)
 	case $board in
-	glinet,b3000|\
 	edgecore,oap101|\
 	edgecore,oap101-6e|\
 	edgecore,oap101e|\
 	edgecore,oap101e-6e|\
 	edgecore,eap104)
+		if [ "$(find_mtd_chardev rootfs)" ]; then
+			CI_UBIPART="rootfs"
+		else
+			if grep -q rootfs1 /proc/cmdline; then
+				CI_UBIPART="rootfs2"
+				CI_FWSETENV="active 2"
+			else
+				CI_UBIPART="rootfs1"
+				CI_FWSETENV="active 1"
+			fi
+		fi
+		nand_upgrade_tar "$1"
+		;;
+	glinet,b3000)
 		CI_UBIPART="rootfs1"
 		[ "$(find_mtd_chardev rootfs)" ] && CI_UBIPART="rootfs"
 		nand_upgrade_tar "$1"
 		;;
-        hfcl,ion4x_w|\
+	hfcl,ion4x_w|\
 	hfcl,ion4xi_w)
-                wp_part=$(fw_printenv primary | cut  -d = -f2)
-                echo "Current Primary is $wp_part"
-                if [[ $wp_part == 1 ]]; then
-                        CI_UBIPART="rootfs"
-                        CI_FWSETENV="primary 0"
-                else
-                        CI_UBIPART="rootfs_1"
-                        CI_FWSETENV="primary 1"
-                fi
-                nand_upgrade_tar "$1"
-                ;;
+		wp_part=$(fw_printenv primary | cut  -d = -f2)
+		echo "Current Primary is $wp_part"
+		if [[ $wp_part == 1 ]]; then
+				CI_UBIPART="rootfs"
+				CI_FWSETENV="primary 0"
+		else
+				CI_UBIPART="rootfs_1"
+				CI_FWSETENV="primary 1"
+		fi
+		nand_upgrade_tar "$1"
+		;;
 	cig,wf186w|\
 	cig,wf186h|\
 	emplus,wap385c|\

feeds/mediatek-sdk/mediatek/mt7981/base-files/etc/hotplug.d/iface/99-mtk-sr-scene-cond

@@ -34,13 +34,11 @@ case "$board" in
 
         if [ -f "$phy0_file" ]; then
             check_phy0=$(cat $phy0_file)
-            echo "check_phy0 = $check_phy0"
             [ "$check_phy0" == 0 ] && echo 1 > $phy0_file
         fi
 
         if [ -f "$phy1_file" ]; then
             check_phy1=$(cat $phy1_file)
-            echo "check_phy1 = $check_phy1"
             [ "$check_phy1" == 0 ] && echo 1 > $phy1_file
         fi
 

feeds/qca-wifi-7/hostapd/files/hostapd.uc

@@ -1032,7 +1032,10 @@ return {
 				hostapd.printf(`Sending AFC request: ${data}`);
 				writefile("/tmp/afc-request.json", data);
 
-				system(`curl -s -X POST ${afc_server.url} -H \'accept: \*\/\*\' -H \'Authorization: Bearer ${afc_server.access_token}\' -H \'Content-Type: application/json\' -d \'${data}\' --output /tmp/afc-response.json`);
+				if (afc_server.access_token)
+					system(`curl -s -X POST ${afc_server.url} -H \'accept: \*\/\*\' -H \'Authorization: Bearer ${afc_server.access_token}\' -H \'Content-Type: application/json\' -d \'${data}\' --output /tmp/afc-response.json`);
+				else if (afc_server.cert)
+					system(`curl -s -X POST ${afc_server.url} -H \'accept: \*\/\*\' --cert \'${afc_server.cert}\' -H \'Content-Type: application/json\' -d \'${data}\' --output /tmp/afc-response.json`);
 
 				let afc_response = (readfile("/tmp/afc-response.json"));
 				if (afc_response)

feeds/tip/certificates/files/usr/bin/mount_certs

@@ -45,7 +45,8 @@ sonicfi,rap7*)
 		fi
 	fi
 	;;
-udaya,a5-id2)
+udaya,a5-id2|\
+yuncore,ax820)
 	mtd=$(find_mtd_index certificates)
 	if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
 		mount -t squashfs /dev/mtdblock$mtd /mnt
@@ -65,7 +66,7 @@ sonicfi,rap6*)
 		cp /mnt/* /certificates
 		umount /mnt
 	fi
-	part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1")
+	part=$(tar_part_lookup "devinfo" "certificates")
 	if [ -n "$part" ]; then
 		mtd=$(find_mtd_index $part)
 		[ -n "$mtd" ] && tar xf /dev/mtdblock$mtd -C /certificates

feeds/tip/certificates/files/usr/bin/store_certs

@@ -21,7 +21,8 @@ sonicfi,rap7110c-341x)
 	mmc_dev=$(echo $(find_mmc_part $part) | sed 's/^.\{5\}//')
 	dd if=/tmp/certs.tar of=/dev/$mmc_dev
 	;;
-udaya,a5-id2)
+udaya,a5-id2|\
+yuncore,ax820)
 	cd /certificates
 	tar cf /tmp/certs.tar .
 	part=$(tar_part_lookup "insta1" "insta2")
@@ -32,7 +33,7 @@ sonicfi,rap6*)
 	if [ "$(fw_printenv -n store_certs_disabled)" != "1" ]; then
 		cd /certificates
 		tar cf /tmp/certs.tar .
-		part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1")
+		part=$(tar_part_lookup "devinfo" "certificates")
 		mtd=$(find_mtd_index $part)
 		block_size=$(cat /sys/class/mtd/mtd$mtd/size)
 		dd if=/tmp/certs.tar of=/tmp/certs_pad.tar bs=$block_size conv=sync

feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery

@@ -27,6 +27,8 @@ let timeouts = {
 	'validate': 120,
 	'orphan': 2 * 60 * 60,
 	interval: 10000,
+	expiry_interval: 60 * 60 * 1000,
+	expiry_threshold: 3 * 24 * 60 * 60,
 };
 
 ulog_open(ULOG_SYSLOG | ULOG_STDIO, LOG_DAEMON, "cloud_discover");
@@ -329,6 +331,27 @@ let ubus_methods = {
 	},
 };
 
+function expiry_handler() {
+	let stat = fs.stat('/etc/ucentral/operational.ca');
+	if (!stat)
+		return;
+
+	let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
+	if (!ret) {
+		ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
+		return;
+	}
+
+	ulog(LOG_INFO, 'certificate will expire soon\n');
+	if (system('/usr/bin/est_client reenroll')) {
+		ulog(LOG_INFO, 'reenroll failed\n');
+		return;
+	}
+	ulog(LOG_INFO, 'reenroll succeeded\n');
+	ulog(LOG_INFO, '(re)starting client\n');
+	system('/etc/init.d/ucentral restart');
+}
+
 if (gateway_available()) {
 	let status = ubus.call('ucentral', 'status');
 	ulog(LOG_INFO, 'cloud is known\n');
@@ -345,6 +368,7 @@ if (gateway_available()) {
 timeouts_load();
 
 interval = uloop.interval(timeouts.interval, interval_handler);
+uloop.interval(timeouts.expiry_interval, expiry_handler);
 
 ubus.publish('cloud', ubus_methods);
 

feeds/ucentral/rrmd/files/usr/share/rrmd/policy_chanutil.uc

@@ -202,7 +202,7 @@ function get_center_channel(channel, band, bw) {
                 "225": 227
             };
         } else if (bw == 80) {
-            bw = {
+            center_channel_map = {
                 "1": 7, "5": 7, "9": 7, "13": 7,
                 "17": 23, "21": 23, "25": 23, "29": 23,
                 "33": 39, "37": 39, "41": 39, "45": 39,
@@ -236,6 +236,8 @@ function get_center_channel(channel, band, bw) {
             };
         } else if (bw == 320) {
             center_channel_map = {
+                "1": 31, "5": 31, "9": 31, "13": 31,
+                "17": 31, "21": 31, "25": 31, "29": 31,
                 "33": 63, "37": 63, "41": 63, "45": 63,
                 "49": 63, "53": 63, "57": 63, "61": 63,
                 "65": 63, "69": 63, "73": 63, "77": 63,
@@ -558,7 +560,7 @@ function random_channel_selection(iface, band, htmode, chan_list_valid) {
     ulog_info(`[%s] Selected channel list from config (default channel list shall be used in case channels haven't been selected) = %s \n`, iface, (chan_list_valid || '[]'));
 
     if (band == '2g' && bw >= 40) {
-        ulog_info(`[%s] It is highly recommended to NOT use %dMHz bandwidth for 2.4G radio \n`, iface, bw);
+        ulog_info(`[%s] It is highly recommended to NOT use %dMHz bandwidth for 2.4G radio (RRM will not work properly) \n`, iface, bw);
     } else if (band == '5g' && bw > 160) {
         ulog_info(`[%s] %dMHz bandwidth not supported for 5G radio. Please use a bandwidth of 160MHz or lower\n`, iface, bw);
     }

feeds/ucentral/rtty/files/rtty.init

@@ -51,7 +51,7 @@ start_rtty() {
 	procd_set_param command $BIN -h $host -I "$id" -a
 	[ -n "$port" ] && procd_append_param command -p "$port"
 	[ -n "$description" ] && procd_append_param command -d "$description"
-	[ "$ssl" = "1" ] && procd_append_param command -s -c /etc/ucentral/cert.pem -k /etc/ucentral/key.pem
+	[ "$ssl" = "1" ] && procd_append_param command -s -c /etc/ucentral/operational.pem -k /etc/ucentral/key.pem
 	[ -n "$token" ] && procd_append_param command -t "$token"
 	[ "$verbose" = "1" ] && procd_append_param command -v
 	[ "$timeout" -eq "0" ] || procd_append_param command -e $timeout

feeds/ucentral/ucentral-schema/Makefile

@@ -4,10 +4,9 @@ PKG_NAME:=ucentral-schema
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git
-PKG_MIRROR_HASH:=45575f1f345368d109f74dc5ae3c8648dadbebef37e2d8eadc95b4fca2fbf43f
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2025-07-30
-PKG_SOURCE_VERSION:=30c73745c104d56f58d4f457956fe7ebac6e0f86
+PKG_SOURCE_DATE:=2025-08-04
+PKG_SOURCE_VERSION:=1c6b3095cb9e398fcbfcb2bf995365066eb76b21
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause
 

feeds/ucentral/ucentral-state/files/ucentral-state

@@ -61,7 +61,7 @@ function self_healing() {
 			heal_wifi = false;
 		}
 
-		if (time_passed_since_rrm < 120) {
+		if (time_passed_since_rrm < 180) {
 			// RRM in progress, do not restart network!
 			ulog(LOG_INFO, 'RRM with Channel utilization may still be in progress, cannot restart network \n');
 			heal_wifi = false;
@@ -265,7 +265,7 @@ let ubus_methods = {
 			current_state = req.args.state;
 			blink_timeout();
 			ulog(LOG_INFO, 'set state -> ' + req.args.state + '\n');
-			
+
 			return state_handler[req.args.state](req.args);
 		},
 		args: {

patches/0096-uboot-envtools-add-udaya-id5.patch

@@ -0,0 +1,25 @@
+From d366477af72e725524b47f2fffe8a8c1d500060d Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 31 Jul 2025 14:45:12 +0200
+Subject: [PATCH] uboot-envtools: add udaya-id5
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/boot/uboot-envtools/files/ipq40xx | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/package/boot/uboot-envtools/files/ipq40xx b/package/boot/uboot-envtools/files/ipq40xx
+index 8d993fae36..78299195bd 100644
+--- a/package/boot/uboot-envtools/files/ipq40xx
++++ b/package/boot/uboot-envtools/files/ipq40xx
+@@ -42,6 +42,7 @@ luma,wrtq-329acn|\
+ netgear,wac510|\
+ openmesh,a42|\
+ openmesh,a62|\
++udaya,a5-id2|\
+ pakedge,wr-1|\
+ plasmacloud,pa1200|\
+ plasmacloud,pa2200)
+-- 
+2.34.1
+

patches/0097-yuncore_ax820-add-insta1-2-partitions.patch

@@ -0,0 +1,36 @@
+From 3ceb72aaffa13375c049d161702e9d9f55da38c8 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Mon, 4 Aug 2025 08:34:50 +0200
+Subject: [PATCH] yuncore_ax820: add insta1/2 partitions
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ target/linux/ramips/dts/mt7621_yuncore_ax820.dts | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/target/linux/ramips/dts/mt7621_yuncore_ax820.dts b/target/linux/ramips/dts/mt7621_yuncore_ax820.dts
+index b2f55b9be0..cc1b59340b 100644
+--- a/target/linux/ramips/dts/mt7621_yuncore_ax820.dts
++++ b/target/linux/ramips/dts/mt7621_yuncore_ax820.dts
+@@ -120,7 +120,17 @@
+ 			partition@90000 {
+ 				compatible = "denx,uimage";
+ 				label = "firmware";
+-				reg = <0x90000 0xf60000>;
++				reg = <0x90000 0xf40000>;
++			};
++
++			partition@fd0000 {
++				label = "insta1";
++				reg = <0xfd0000 0x10000>;
++			};
++
++			partition@fe0000 {
++				label = "insta2";
++				reg = <0xfe0000 0x10000>;
+ 			};
+ 
+ 			partition@ff0000 {
+-- 
+2.34.1
+