OpenWrt 21.02.0-rc3 released: Linux operating system targeting embedded devices

The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned. In 2016, the LEDE project was founded as a spin-off of the OpenWrt project and shared many of the same goals. The project aimed at building an embedded Linux distribution that makes it easy for developers, system administrators or other Linux enthusiasts to build and customize software for embedded devices, especially wireless routers. The name LEDE stood for Linux Embedded Development Environment.

People install LEDE because they believe it works better than the stock firmware from their vendor. They find it is more stable, offers more features, is more secure and has better support.

• Extensibility: LEDE provides many capabilities found only in high-end devices. Its 3000+ application packages are standardized, so you can easily replicate the same setup on any supported device, including two (or even five) year old routers. More…

• Security: LEDE’s standard installation is secure by default, with Wi-Fi disabled, no poor passwords or backdoors. LEDE’s software components are kept up-to-date, so vulnerabilities get closed shortly after they are discovered. More…

• Performance and Stability: LEDE firmware is made of standardized modules used in all supported devices. This means each module will likely receive more testing and bug fixing than stock firmware which can be tweaked for each product line and never touched again. More…

• Strong Community Support: LEDE team members are regular participants on the LEDE Forum, LEDE Developer and LEDE Admin mailing lists, and LEDE’s IRC channels. You can interact directly with developers, volunteers managing the software modules and with other long-time LEDE users, drastically increasing the chances you will solve the issue at hand. More…

• Research: Many teams use LEDE as a platform for their research into network performance. This means that the improvements of their successful experiments will be available in LEDE first, well before it gets incorporated into mainline, vendor firmware. More…

• Open Source/No additional cost: LEDE is provided without any monetary cost. It has been entirely created by a team of volunteers: developers and maintainers, individuals and companies. If you enjoy using LEDE, consider contributing some effort to help us improve it for others! All of the above is possible because LEDE is part of the Open Source community, and powered by the Linux kernel. Get the source code…

openwrt v21.02.0-rc3 release.

Changelog

WPA3 support included by default

WPA3 was already supported in 19.07 but it was not provided by the default set of packages in OpenWrt images.

With 21.02, all packages necessary to provide WPA3 are installed by default in OpenWrt images.

TLS and HTTPS support included by default

TLS support is now provided by default in OpenWrt images including the trusted CA certificates from Mozilla. It means that wget and opkg now support fetching resources over HTTPS out-of-the-box. The opkg download server is accessed through HTTPS by default. OpenWrt switched from mbed TLS to wolfSSL as the default SSL library, mbed TLS and OpenSSL are still available and can be installed manually.

Initial DSA support

DSA stands for Distributed Switch Architecture and is the Linux standard to deal with configurable Ethernet switches.

OpenWrt 21.02 comes with initial support for DSA, which replaces the swconfig system that OpenWrt was using up until now. Not all targets have been ported: some devices still use swconfig while some devices already switched to DSA.

This is a significant change to how switch ports and VLANs are managed. As such, sysupgrade will not be able to convert existing swconfig configuration to DSA configuration (see “Upgrading” below).

The following targets are using a switch managed with DSA in OpenWrt 21.02:

• ath79 (only TP-Link TL-WR941ND)
• bcm4908
• gemini
• kirkwood
• mediatek (most boards)
• mvebu
• octeon
• ramips/mt7621
• realtek

Increased minimum hardware requirements: 8 MB flash, 64 MB RAM

Due to new features being introduced and the general size increase of the Linux kernel, devices now need at least 8 MB of flash and 64 MB of RAM to run a default build of OpenWrt.

It is still possible to build custom OpenWrt images (e.g. using the ImageBuilder) that may fit devices with 4 MB of flash or 32 MB of RAM. However, the level of functionality will be reduced and there is no guarantee to stability. See OpenWrt on 4/32 devices for more details and guidance.

New hardware targets

A new realtek target has been added, which is often found in managed switches. As a result, it is now possible to run OpenWrt on devices with a significant number of Ethernet ports. See supported devices for realtek.

In addition, new bcm4908 and rockchip targets have been added.

Support for many new boards was added to the existing targets.

Dropped hardware targets

The ar71xx was deprecated in OpenWrt 19.07 and was gradually replaced by ath79, see ar71xx-ath79 migration. With OpenWrt 21.02, the ar71xx has been removed and users must use ath79 instead. If you are still running with the ar71xx target, it is recommended to reinstall OpenWrt 21.02 from scratch. Users already on the ath79 target can use sysupgrade to upgrade to OpenWrt 21.02.

Other targets were also removed: cns3xxx, rb532 and samsung.

ASLR activated

Network exposed user space applications are linked as position-independent executable (PIE) to allow full Address Space Layout Randomization (ASLR) support. This makes it harder for attackers to exploit OpenWrt. See Hardening build options for more details.

Kernel with container support

Multiple Linux kernel compile options, needed for Linux Containers (LXC) and procd-ujail are activated by default for most targets. This allows to use LXC and ujail with the normal release builds.

SELinux support

It is possible to compile OpenWrt with SELinux support. This is currently not activated by default.

Core components update

Core components have the following versions in 21.02.0-rc1:

• Updated toolchain:
  • musl libc 1.1.24
  • glibc 2.33
  • gcc 8.4.0
  • binutils 2.35.1
• Updated Linux kernel
  • 5.4.111 for all targets
• Network:
  • hostapd 2020-06-08, dnsmasq 2.84, dropbear 2020.81
  • cfg80211/mac80211 from kernel 5.10.16
  • wireguard backport from upstream Linux kernel
• System userland:
  • busybox 1.33.0

In addition to the listed applications, many others were also updated.

Download