This project automates the process of building OpenWrt firmware images for the Qualcomm IPQ807x platform, specifically targeting the Xiaomi AX3600 router. The build process incorporates various optimizations, hardening options, and quality-of-life enhancements.
- Automated build process triggered by new commits in the remote repository or manual workflow dispatch
- Compiler optimizations for improved performance
- Hardening build options for enhanced security
- SSH configuration with strong algorithms and key exchange methods. Refer to the
ssh_hardening.config - Additional useful packages. Refer to the
ax3600.config - Full NSS (Network Subsystem) support
- Quality-of-life enhancements through UCI configuration
The build process is automated using GitHub Actions and consists of the following steps:
- Check for new commits in the remote repository
- Install the necessary dependencies
- Checkout the remote repository and the current repository
- Update and install the OpenWrt feeds
- Apply the NSS status patch by qosmio
- Configure the firmware image using the provided configuration file
- Include SSH hardening configuration and QOL-Enhancements
- Build the firmware image
- Package the output and upload the artifacts
- Create a new release with the updated prebuilt images
The project utilizes a custom configuration file ax3600.config to specify the desired settings for the firmware build. This file includes various options such as target platform, compiler optimizations, package selections, and more.
Additionally, the uci commands in the "Quality-of-Life Enhancements" section are used to fine-tune the wireless and network settings for improved performance and functionality. Refer to the 999-QOL_config for the specific configuration.
To enhance the security of SSH connections, the project includes a hardened SSH configuration. The configuration is derived from recommendations by SSH-Audit and the BSI, it specifies strong key exchange algorithms, ciphers, message authentication codes (MACs), host key algorithms, and public key algorithms. This ensures that only secure and up-to-date algorithms are used for SSH communication.
Contributions to this project are welcome. If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request on the GitHub repository.
- The OpenWrt project for providing the foundation for this firmware build.
- The Qualcomm IPQ807x platform and the Xiaomi AX3600 router for the hardware support.
- The community over at the OpenWrt forum for their valuable contributions and resources.
- rodriguezst for his ipq807x-openwrt-builder
- And a special thanks to qosmio for the main NSS development
