Restructure wiki to prepare for Helios64.

* Move all previous info into Helios4 subfolder
* Add helios64 subfolder
* Update all url link

Note: http server has been configure to ensure existing inbound link can 
still be resolved to the right page.

docs/helios4/arch.md

@@ -0,0 +1,100 @@
+This document is a guide for installing Arch Linux ARM on the Helios4.
+
+**Arch Linux ARM** is a port of Arch Linux for ARM processors. Its design philosophy is simplicity and full control to the end user, and like its parent operating system Arch Linux, aims to be very Unix-like. More info [here](https://archlinuxarm.org/).
+
+## Prerequisite
+
+Refer to the following [section](/helios4/install/#what-you-need-before-you-start) of the Helios4 install guide.
+
+## Arch Linux ARM image for Helios4
+
+Arch Linux ARM can be installed on Helios4 using an image file containing both the **Arch Linux ARM system** and the **U-Boot** boot loader.
+
+This image can be created using the `build-archlinux-img-for-helios4.sh` script provided by the [alarm-helios4-image-builder](https://github.com/gbcreation/alarm-helios4-image-builder) project, or you can use pre-built images provided by the same project. Each method is described below.
+
+Once you get an image file, follow the instructions from the [Installing Arch Linux ARM on Helios4](#installing-arch-linux-arm-on-helios4) section below.
+
+### Arch Linux ARM image builder
+
+The `build-archlinux-img-for-helios4.sh` script provides an easy way to automatically create a bootable Arch Linux ARM image file for Helios4.
+
+#### Requirements
+
+The `build-archlinux-img-for-helios4.sh` script expects to be run on a **x86 system running [Arch Linux](https://archlinux.org)**. It needs `qemu-arm-static` to work. You can install it using the [qemu-user-static](https://aur.archlinux.org/packages/qemu-user-static/) or [qemu-user-static-bin](https://aur.archlinux.org/packages/qemu-user-static-bin/) packages from the AUR.
+
+#### Usage
+
+!!! note
+    This script needs to execute commands as superuser. If not run as root, it will re-run itself using sudo.
+
+```shell
+$ git clone https://github.com/gbcreation/alarm-helios4-image-builder.git
+$ cd alarm-helios4-image-builder
+$ sh ./build-archlinux-img-for-helios4.sh
+```
+
+Once the Arch Linux ARM image is created, go to [Installing Arch Linux ARM on Helios4](#installing-arch-linux-arm-on-helios4) section.
+
+### Pre-built images
+
+You can download [here](https://github.com/gbcreation/alarm-helios4-image-builder/releases) pre-built Arch Linux ARM images for Helios4.
+
+```shell
+$ wget https://github.com/gbcreation/alarm-helios4-image-builder/releases/download/2019-02-27/ArchLinuxARM-helios4-2019-02-27.img.gz{,.md5}
+$ md5sum -c ArchLinuxARM-helios4-2019-02-27.img.gz.md5
+$ gunzip ArchLinuxARM-helios4-2019-02-27.img.gz
+```
+
+## Installing Arch Linux ARM on Helios4
+
+Once you get an Arch Linux ARM image, follows these instructions to use it on Helios4:
+
+### Writing image / power-up Helios4 / connecting to serial console
+
+Follows these steps from the Helios4 [install guide](/helios4/install):
+
+- [step 2](/helios4/install/#step-2-writing-an-image-to-a-microsd-card) to write the Arch Linux ARM image to a microSD card
+- [step 3](/helios4/install/#step-3-power-up-helios4) to power-up Helios4
+- [step 4](/helios4/install/#step-4-connect-to-helios4-serial-console) to connect to the Helios4 serial console.
+
+!!! note
+    Arch Linux ARM is configured by default to get its IP address from a DHCP server. As an alternative to **step 4**, you can connect to your router to find the IP address given to Helios4, then connect to this latter using SSH.
+
+### Log in
+
+Use the serial console or SSH to the IP address given to Helios4 by your router.
+
+You can login as:
+
+- the default user *alarm* with the password *alarm*
+- the user *root* with password *root*
+
+!!! important
+    For security reasons, it is highly recommended to change the default password of the **alarm** and **root** users.
+
+### Network settings
+
+Arch Linux ARM is configured by default to get its IP address from a DHCP server. To change the network settings, look at the [Network Configuration](https://wiki.archlinux.org/index.php/Network_configuration) page from the Arch Linux wiki.
+
+### Pacman
+
+The Pacman keyring is already initialized in the images created by the `build-archlinux-img-for-helios4.sh` script and the pre-built images. It is also already populated with the Arch Linux ARM package signing keys.
+
+## What to do next?
+
+You can now configure Arch Linux ARM according to your needs and use **pacman** to install 3rd party applications.
+
+Here are some useful links from the [Arch Linux wiki](https://wiki.archlinux.org) to get started:
+
+- [RAID](https://wiki.archlinux.org/index.php/RAID)
+- [dm-crypt/Device encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption).
+
+!!! note
+    Read the [Disk Encryption Acceleration](/helios4/cesa/#disk-encryption-acceleration) section of the Helios4 wiki before proceeding to learn how to offload disk encryption on the CESA unit.
+
+- [Nextcloud](https://wiki.archlinux.org/index.php/Nextcloud)
+- [NFS](https://wiki.archlinux.org/index.php/NFS)
+- [Samba](https://wiki.archlinux.org/index.php/Samba)
+
+
+*Page contributed by [gbcreation](https://github.com/gbcreation)*

docs/helios4/armbian.md

@@ -0,0 +1,37 @@
+# Armbian
+
+Debian & Ubuntu based Linux for ARM based single-board computers
+
+[https://www.armbian.com](https://www.armbian.com "Armbian")
+
+**Note:** The Kobol Team has joined the Armbian team to be the official maintainer of Armbian build for **mvebu** SoC family. This way all efforts are consolidated into a single build platform to provide the best Operating System support for Helios4.
+
+## Pre-built images
+
+You can find pre-built **Armbian** images for Helios4 on our [Download](/helios4/download) page or directly on [Armbian website](https://dl.armbian.com/helios4/).
+
+## How to build an image or a kernel?
+
+Supported build environment is **Ubuntu Bionic 18.04 x64** ([minimal iso image](http://archive.ubuntu.com/ubuntu/dists/bionic/main/installer-amd64/current/images/netboot/mini.iso)).
+
+- guest inside a [VirtualBox](https://www.virtualbox.org/wiki/Downloads) or other virtualization software,
+- guest managed by [Vagrant](https://www.vagrantup.com/). This uses Virtualbox (as above) but does so in an easily repeatable way. Please check the [Armbian with Vagrant README](https://docs.armbian.com/Developer-Guide_Using-Vagrant/) for a quick start HOWTO,
+- inside a [Docker](https://www.docker.com/), [systemd-nspawn](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html) or other container environment [(example)](https://github.com/armbian/build/pull/255#issuecomment-205045273),
+- running natively on a dedicated PC or a server (**not** recommended),
+- **20GB disk space** or more and **2GB RAM** or more available for the VM, container or native OS,
+- superuser rights (configured `sudo` or root access).
+
+**Execution**
+
+	apt-get -y install git
+	git clone https://github.com/armbian/build
+	cd build
+	./compile.sh
+
+Make sure that full path to the build script does not contain spaces.
+
+You will be prompted with a selection menu for a build option, a board name, a kernel branch and an OS release. Please check the documentation for [advanced options](https://docs.armbian.com/Developer-Guide_Build-Options/) and [additional customization](https://docs.armbian.com/Developer-Guide_User-Configurations/).
+
+Build process uses caching for the compilation and the debootstrap process, so consecutive runs with similar settings will be much faster.
+
+*Source: [link](https://github.com/armbian/build/blob/master/README.md)*

docs/helios4/cesa.md

@@ -0,0 +1,483 @@
+In this guide we will explain how to leverage on Marvell CESA units of the Armada 388 SoC to accelerate network application encryption and disk encryption. Disk encryption acceleration is very straight forward because it's happening in-kernel with kernel subsystem **dm-crypt** which already supports hardware cryptographic engine. On the other hand, encryption acceleration for userspace network applications, like Apache2, Nginx, OpenSSH, etc.. might require some patching and recompiling in order to leverage on Marvell CESA units.
+
+!!! warning "Before you go further !"
+    This guide is for advanced users who understand the security implication of tweaking encryption library and cipher configuration.
+
+## What is CESA ?
+
+The Cryptographic Engines and Security Accelerator (CESA) reduces the CPU packet processing overhead by performing compute intensive cryptographic operations, such as:
+
+* Advanced Encryption Standard (AES)
+* Data Encryption Standard (DES)
+* Triple Data Encryption Standard (3DES) encryption
+* Message Digest 5 (MD5)
+* Secure Hash Algorithm-1 (SHA-1)
+* Secure Hash Algorithm 2 with 256 digest bit size (SHA-2) authentication
+
+The CESA-DMA engine (also called TDMA) controls communication between the main memory and
+the internal SRAM.
+
+### CESA Functional Block Diagram
+
+![CESA Block Diagram](/helios4/img/cesa/cesa_block_diagram.png)
+
+The above block diagram shows a single CESA unit.
+
+### Crypto API
+
+Crypto API is a cryptography framework in the Linux kernel, for various parts of the kernel that deal with cryptography, such as IPsec and dm-crypt. It was introduced in kernel version 2.5.45 and has since expanded to include essentially all popular block ciphers and hash functions.
+
+### Userspace Interfacing
+
+Many platforms that provide hardware acceleration encryption expose this to programs through an extension of the instruction set architecture (ISA) of the various chipsets (e.g. AES instruction set for x86). With this sort of implementation any program (kernel-mode or userspace) may utilize these features directly.
+
+However, crypto hardware engines on ARM System-On-Chip are not implemented as ISA extensions, and are only accessible through kernel-mode drivers. In order for userspace applications, such as OpenSSL, to take advantage of encryption acceleration they must interface with the kernel cryptography framework (Crypto API).
+
+### Crypto API Interfaces
+
+There are two interfaces that provide userspace access to the Crypto API :
+
+* **cryptodev (/dev/crypto)**<br>cryptodev-linux is a device implemented as a standalone module that requires no dependencies other than a stock linux kernel. Its API is compatible with OpenBSD's cryptodev userspace API (/dev/crypto).
+
+* **AF_ALG**<br>AF_ALG is a netlink-based interface that is implemented in Linux kernel mainline since version 2.6.38.
+
+![Crypto API Interface](/helios4/img/cesa/crypto_api_interfaces.png)
+
+
+## Network Application Encryption Acceleration
+
+
+### Debian 10 Buster
+
+The following instructions have been written for **Debian 10 Buster** and using **AF_ALG** as the Crypto API userspace interface.
+
+We choose **AF_ALG** for Debian 10 Buster because it doesn't require any patching or recompiling. But while [benchmark](#https-benchmark) shows in some case throughput improvement with **AF_ALG**, the CPU load is not improved compared to **cryptodev** or 100% software encryption. This will require further investigation.
+
+#### Configure OpenSSL
+
+To make libssl use AF_ALG engine we need to configure OpenSSL master configuration file to declare the engine.
+
+Edit */etc/ssl/openssl.cnf* and modify the bottom part of the configuration file as follow:
+
+
+```
+[default_conf]
+ssl_conf = ssl_sect
+engines = engines_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+MinProtocol = TLSv1.2
+CipherString = DEFAULT@SECLEVEL=2
+
+[engines_sect]
+afalg = afalg_engine
+
+[afalg_engine]
+default_algorithms = ALL
+```
+
+#### Apache2
+
+In order to make Apache2 offload encryption to the hardware engine, you will need to force ciphers that use encryption algorithms supported by the Marvell CESA units:
+
+* AES-128-CBC
+* AES-192-CBC
+* AES-256-CBC
+
+You will also need to disable usage of TLSv1.3 since AES-xxx-CBC ciphers are not supported anymore because not considered as the most secured ones.
+
+Edit */etc/apache2/mods-available/ssl.conf* and modify as follow:
+
+```
+# SSL Cipher Suite
+#
+# SSLCipherSuite HIGH:!aNULL
+SSLCipherSuite AES128-SHA
+
+
+#   The protocols to enable.
+#
+#	SSLProtocol all -SSLv3
+SSLProtocol all -SSLv3 -TLSv1.3
+```
+
+#### Nginx
+
+In order to make Nginx offload encryption to the hardware engine, you will need to force ciphers that use encryption algorithms supported by the Marvell CESA units:
+
+* AES-128-CBC
+* AES-192-CBC
+* AES-256-CBC
+
+Edit */etc/nginx/nginx.conf* and modify as follow:
+
+```
+##
+# SSL Settings
+##
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ssl_prefer_server_ciphers on;
+ssl_ciphers AES128-SHA;
+```
+
+
+#### OpenSSH
+
+For now unfortunately you cannot accelerate OpenSSH connection because latest version of OpenSSH enforce usage of *seccomp sandbox* which forbids some syscalls required to use AF_ALG.
+
+Refer to Debian bug [#931271](https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1686025.html).
+
+### Debian 9 Stretch
+
+The following instructions have been written for **Debian 9 Stretch** and using **cryptodev** as the Crypto API userspace interface.
+
+You can refer to following forum [thread](https://forum.armbian.com/topic/8486-helios4-cryptographic-engines-and-security-accelerator-cesa-benchmarking/) where we explain why we choose **cryptodev** over **AF_ALG**.
+
+#### Prerequisites
+
+You will need to add *debian source* repository to your APT list in order to download **libssl** source code. Edit */etc/apt/sources.list* and uncomment the following lines.
+
+```
+deb-src http://httpredir.debian.org/debian stretch main contrib non-free
+```
+
+```
+deb-src http://security.debian.org/ stretch/updates main contrib non-free
+```
+
+Don't forget after to update your APT database.
+
+```
+sudo apt-get update
+```
+
+In order to compile **cryptodev** and **libssl** you will need to install the following debian packages.
+
+```
+sudo apt-get install build-essential fakeroot devscripts debhelper
+```
+
+Check that **marvell_cesa** module is properly loaded with the following command:
+
+```
+lsmod | grep marvell_cesa
+marvell_cesa           28672  0
+```
+
+If it's not the case, then load it manually:
+
+```
+sudo modprobe marvell_cesa
+```
+
+To automatically load **marvell_cesa** at startup you can do the following:
+
+```
+echo "marvell_cesa" >> /etc/modules
+```
+
+#### Install cryptodev
+
+```
+sudo apt-get install linux-headers-mvebu
+
+git clone https://github.com/cryptodev-linux/cryptodev-linux.git
+
+cd cryptodev-linux/
+
+make
+
+sudo make install
+
+sudo depmod -a
+
+sudo modprobe cryptodev
+```
+
+We can check that **cryptodev** is properly loaded with the following:
+
+```
+lsmod | grep cryptodev
+cryptodev              36864  0
+
+dmesg | grep cryptodev
+[  154.966710] cryptodev: loading out-of-tree module taints kernel.
+[  154.971590] cryptodev: driver 1.9 loaded.
+```
+
+To automatically load **cryptodev** at startup you can do the following. But it is strongly advice to do it after you have ensured everything works fine to avoid locking you out from Helios4.
+
+```
+echo "crytodev" >> /etc/modules
+```
+
+#### Recompile OpenSSL (libssl)
+
+OpenSSL provides the libssl and libcrypto shared libraries. **libssl** provides the client and server-side implementations for SSLv3 and TLS.
+
+Under Debian Stretch a lot of applications, like Apache2 and OpenSSH, still depend on libssl from OpenSSL version 1.0.2, however cryptodev is only properly implemented in OpenSSL since version 1.1.1.
+
+In order to make libssl 1.0.2 supports cryptodev, we will need to recompile Debian libssl1.0.2 after applying the patch that was originally proposed in the following [pull request](https://github.com/openssl/openssl/pull/191) in the OpenSSL project.
+
+
+```
+mkdir libssl; cd libssl
+
+apt-get source libssl1.0.2
+```
+
+Apply the patch that you can find [here](/helios4/files/cesa/openssl-add-cryptodev-support.patch).
+
+```
+wget https://wiki.kobol.io/helios4/files/cesa/openssl-add-cryptodev-support.patch
+
+patch < openssl-add-cryptodev-support.patch openssl1.0-1.0.2*/crypto/engine/eng_cryptodev.c
+```
+
+Now let's compile libssl with **cryptodev** enabled.
+
+```
+cd openssl1.0-1.0.2*/
+
+sed -i -e "s/CONFARGS  =/CONFARGS = -DHAVE_CRYPTODEV/" debian/rules
+
+dch -i "Enabled cryptodev support"
+
+DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -b -rfakeroot
+```
+
+!!! note
+    Most example online will also use the -DUSE_CRYPTODEV_DIGESTS flag. However it was proven via [benchmark](#https-benchmark) that using the CESA engine for hashing will result in performance penalty.
+
+If all goes well you should see couple of .deb files. Look for the libssl .deb file and install it.
+
+```
+cd ..
+
+sudo dpkg -i libssl1.0.2_1.0.2s-1~deb9u1.1_armhf.deb
+```
+
+!!! info
+    A pre-build Debian libssl package (libssl1.0.2_1.0.2s-1~deb9u1.1_armhf.deb) with cryptodev enable is available [here](/helios4/files/cesa/libssl1.0.2_1.0.2s-1~deb9u1.1_armhf.deb), if you want to skip the recompile step.
+
+#### Apache2
+
+In order to make Apache2 offload encryption to the hardware engine, you will need to force ciphers that use encryption algorithms supported by the Marvell CESA units:
+
+* AES-128-CBC
+* AES-192-CBC
+* AES-256-CBC
+
+Edit */etc/apache2/mods-available/ssl.conf* and modify as follow:
+
+```
+# SSL Cipher Suite
+#
+# SSLCipherSuite HIGH:!aNULL
+SSLCipherSuite AES128-SHA
+```
+
+!!! Important
+    The AES-xxx-CBC ciphers are not considered anymore as the most secured ones and actually won't be supported anymore in TLSv1.3. So use those ciphers at your own risk.
+
+#### OpenSSH
+
+
+**Server Side:**
+
+In order to make OpenSSH server offload encryption to the hardware engine, you will need to force ciphers that use encryption algorithms supported by the Marvell CESA units.
+
+* AES-128-CBC
+* AES-192-CBC
+* AES-256-CBC
+
+Edit */etc/ssh/sshd_config* and add the following lines.
+
+```
+# Ciphers and keying
+Ciphers aes128-cbc
+
+
+#UsePrivilegeSeparation sandbox
+UsePrivilegeSeparation yes
+```
+
+**Client Side: (optional)**
+
+To make your SSH client supports the cipher define in SSH server side, you will need to edit */etc/ssh/ssh_config* and add the following line.
+
+```
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
+Ciphers +aes128-cbc
+```
+
+!!! Important
+    The AES-xxx-CBC ciphers are not considered anymore as the most secured, so use those ciphers at your own risk.
+
+
+## Troubleshooting
+
+You can check if cryptographic operations are effectively off-loaded on the CESA units by looking at the interrupts.
+
+We can see below that one of the **f1090000.crypto** devices, which are the CESA units, received quite a lot of interrupts. This means crypto operations where performed on the CESA units. You can monitor */proc/interrupts* to confirm the interrupt counters of the crypto devices keep increasing While performing some https or ssh tests.
+
+```
+cat /proc/interrupts
+
+           CPU0       CPU1       
+ 17:   40807520   39650240     GIC-0  29 Edge      twd
+ 18:          0          0      MPIC   5 Level     armada_370_xp_per_cpu_tick
+ 19:          0          0      MPIC   3 Level     arm-pmu
+ 20:        176          0     GIC-0  34 Level     mv64xxx_i2c
+ 21:          0          0     GIC-0  35 Level     mv64xxx_i2c
+ 22:        715          0     GIC-0  44 Level     ttyS0
+ 36:    1698960          0      MPIC   8 Level     eth0
+ 37:          0          0     GIC-0  50 Level     ehci_hcd:usb1
+ 38:      64015          0     GIC-0  51 Level     f1090000.crypto
+ 39:          0          0     GIC-0  52 Level     f1090000.crypto
+ 40:          0          0     GIC-0  53 Level     f10a3800.rtc
+ 41:       8248          0     GIC-0  58 Level     ahci-mvebu[f10a8000.sata]
+ 42:          0          0     GIC-0  60 Level     ahci-mvebu[f10e0000.sata]
+ 43:      39902          0     GIC-0  57 Level     mmc0
+ 44:          0          0     GIC-0  48 Level     xhci-hcd:usb2
+ 45:          0          0     GIC-0  49 Level     xhci-hcd:usb4
+ 46:          2          0     GIC-0  54 Level     f1060800.xor
+ 47:          2          0     GIC-0  97 Level     f1060900.xor
+ 48:          0          0  f1018100.gpio  23 Level     0-0020
+ 49:          5          0  f1018100.gpio  20 Edge      f10d8000.sdhci cd
+IPI0:          0          1  CPU wakeup interrupts
+IPI1:          0          0  Timer broadcast interrupts
+IPI2:     287339     328237  Rescheduling interrupts
+IPI3:      27382      21677  Function call interrupts
+IPI4:          0          0  CPU stop interrupts
+IPI5:     401785     152498  IRQ work interrupts
+IPI6:          0          0  completion interrupts
+Err:          0
+```
+
+
+When using cryptodev engine, you can also check crypto operations are offloaded on the CESA units by looking at the cryptodev driver output messages. You will need first to increase its verbosity.
+
+```
+sudo sysctl -w ioctl.cryptodev_verbosity=3
+```
+
+Then check the cryptodev driver output with **dmesg** while performing some https or ssh tests. You should see the following.
+
+```
+dmesg | grep cryptodev
+
+[...]
+[157702.907467] cryptodev: apache2[32190] (crypto_create_session:290): got alignmask 0
+[157702.907473] cryptodev: apache2[32190] (crypto_create_session:293): preallocating for 32 user pages
+[157702.907735] cryptodev: apache2[32190] (crypto_create_session:290): got alignmask 0
+[157702.907739] cryptodev: apache2[32190] (crypto_create_session:293): preallocating for 32 user pages
+[157702.907813] cryptodev: apache2[32190] (crypto_destroy_session:348): Removed session 0xB4A5900F
+[157702.907819] cryptodev: apache2[32190] (crypto_destroy_session:351): freeing space for 32 user pages
+[157702.907878] cryptodev: apache2[32190] (crypto_create_session:290): got alignmask 0
+[157702.907882] cryptodev: apache2[32190] (crypto_create_session:293): preallocating for 32 user page
+[...]
+
+```
+
+To disable cryptodev verbosity.
+```
+sudo sysctl -w ioctl.cryptodev_verbosity=0
+```
+
+## HTTPS Benchmark
+
+### Setup
+
+Apache2 is configured to expose a 1GB file hosted on a SSD connected to Helios4. A test PC is connected to Helios4 Ethernet directly and we use wget command to perform the file download.
+
+Three batch of download tests, for each batch we configured Apache2 to use a specific cipher that we know is supported by the CESA engine.
+
+* AES_128_CBC_SHA
+* AES_128_CBC_SHA256
+* AES_256_CBC_SHA256
+
+For each batch, we do the following 4 download tests :
+
+1. without cryptodev module loaded (100% software encryption).
+2. with cryptodev loaded and libssl (openssl) compiled with -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS.
+3. with cryptodev loaded and libssl (openssl) compile only with -DHAVE_CRYPTODEV, which means hashing operations will still be done 100% by software.
+4. with AF_ALG loaded and using libssl 1.1.1, by default hashing operations are still done 100% by software (Test done under Debian 10 Buster).
+
+### Results
+
+**Single thread download**
+
+|Cipher|CPU User%| CPU Sys%|Throughput (MB/s)|
+|---------------|-----|----|-----------------|
+|**AES_128_CBC_SHA**|
+|Software encryption|46.9|7.9|32.8|
+|HW encryption with hashing (cryptodev)|6.2|24.6|26.7|
+|HW encryption without hashing (cryptodev)|19.9|16.4|**47.8**|
+|HW encryption without hashing (AF_ALG)|36.9|25.5|40.7|
+|**AES_128_CBC_SHA256**|
+|Software encryption|43.1|7.0|28.1|
+|HW encryption with hashing (cryptodev)|7.0|24.6|27.1|
+|HW encryption without hashing (cryptodev)|24.1|12.9|**36.6**|
+|HW encryption without hashing (AF_ALG)|45.4|28.4|33.9|
+|**AES_256_CBC_SHA256**|
+|Software encryption|45.1|5.0|23.9|
+|HW encryption with hashing (cryptodev)|7.0|24.5|26.7|
+|HW encryption without hashing (cryptodev)|24.2|12.0|**35.8**|
+|HW encryption without hashing (AF_ALG)|46.9|26.5|32.6|
+|**For reference**|
+|AES_128_GCM_SHA256<br>(Default Apache 2.4 TLS cipher. GCM mode is not something that can be accelerated by CESA.)|42.9|7.2|30.6|
+|Clear text HTTP|1.0|29.8|112.1|
+
+!!! note
+    CPU utilization is for both cores. However each test is just a single thread process running on a single core therefore when you see CPU utilization around 50% (User% + Sys%) it means the core used for the test is fully loaded.
+
+**Multi thread download**
+
+Test with 2 simultaneous file downloads.
+
+Cipher|CPU User%| CPU Sys%|Throughput (MB/s)|
+|---------------|-----|----|-----------------|
+|**AES_128_CBC_SHA**|
+|Software encryption|83.5|16.5|66.5|
+|HW encryption without hashing (cryptodev)|32.4|33.4|**82.3**|
+|HW encryption without hashing (AF_ALG)|66.9|48.9|57.7|
+
+**CONCLUSION**
+
+1. Hashing operation are slower on the CESA unit than the CPU itself, therefore HW encryption acceleration with hashing is performing less than 100% software encryption.
+
+2. Cryptodev HW encryption without hashing provides 30 to 50% of throughput increase while decreasing the load on the CPU by 20 to 30%.
+
+3. While AF_ALG HW encryption provides throughput improvement in the single thread benchmark, it doesn't perform well in multi thread benchmark and also increases the CPU load compare to 100% software encryption.
+
+## Disk Encryption Acceleration
+
+Refer to the following great [tutorial](https://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/) to setup disk encryption with **cryptsetup**.
+
+In order to offload disk encryption on the CESA unit, you will need to specify to **cryptsetup** the following cipher: *aes-cbc-essiv:sha256*. Therefore the command to create your encrypted disk should looked as follow:
+
+```
+sudo cryptsetup -v -y -c aes-cbc-essiv:sha256 luksFormat /dev/sda1
+```
+
+You will need also to insure marvell_cesa module is loaded.
+
+```
+sudo modprobe marvell_cesa
+```
+
+## References
+
+* [An overview of the crypto subsystem](http://events17.linuxfoundation.org/sites/events/files/slides/brezillon-crypto-framework_0.pdf)
+* [Utilizing the crypto accelerators](https://events.static.linuxfound.org/sites/events/files/slides/lcj-2014-crypto-user.pdf)
+* [Linux crypto](https://www.slideshare.net/nij05/slideshare-linux-crypto-60753522)
+* [Crypto API definition](https://en.wikipedia.org/wiki/Crypto_API_(Linux))
+* [Linux Kernel cryptography algorithm implementation process](https://szlin.me/2017/04/05/linux-kernel-%E5%AF%86%E7%A2%BC%E5%AD%B8%E6%BC%94%E7%AE%97%E6%B3%95%E5%AF%A6%E4%BD%9C%E6%B5%81%E7%A8%8B/)
+* [Cryptodev benchmark](http://cryptodev-linux.org/comparison.html)
+* [Accelerating crypto](https://lauri.võsandi.com/2014/07/cryptodev.html)
+* [Hardware Cryptography cryptodev/openssl](https://forum.doozan.com/read.php?2,18152)

docs/helios4/docs.md

@@ -0,0 +1,90 @@
+disqus:
+
+# Helios4 Documents
+
+## Product Change Notification
+
+Doc-Type | Filename | Date | Download
+---------|----------|------|---------
+PCN|Helios4 PCN 201904220001|2019-04-22|[Download](/helios4/files/pcn/Helios4_PCN_201904220001.pdf)
+PCN|Helios4 PCN 201906060001|2019-06-06|[Download](/helios4/files/pcn/Helios4_PCN_201906060001.pdf)
+
+
+
+## Carrier Board
+
+Doc-Type | Filename | Version | Date | Download | Description
+---------|----------|---------|------|----------|------------
+Schematics|Helios4 Simplified Schematics|rev 1.1|2018-11-07|[Download](/helios4/files/carrier/Helios4_Schematics_R1-1.pdf)|Simplified Schematics - PDF
+Schematics|Helios4 Simplified Schematics|rev 1.2|2019-04-22|[Download](/helios4/files/carrier/Helios4_Schematics_R1-2.pdf)|Simplified Schematics - PDF
+Specifications|Helios4 Specifications|rev 02|2017-09-20|[Download](/helios4/files/carrier/Helios4_Specifications.pdf)|Product Specifications
+Mechanical|Helios4 Mechanical Assembly|rev 01|2017-08-05|[Download](/helios4/files/carrier/Helios4_Mechnical_Assembly.pdf)|Mechanical Design / Assembly
+PCB Layout|Helios4 PCB Layout|rev 1.1|2018-11-07|[Download](/helios4/files/carrier/Helios4_PCB_R1-1.zip)|PCB Layout project files
+PCB Layout|Helios4 PCB Layout|rev 1.2|2019-06-06|[Download](/helios4/files/carrier/Helios4_PCB_R1-2.zip)|PCB Layout project files
+PCB Gerber|Helios4 PCB Gerber|rev 1.1|2018-11-07|[Download](/helios4/files/carrier/Helios4_Gerber_R1-1.zip)|PCB Gerber files
+PCB Gerber|Helios4 PCB Gerber|rev 1.2|2019-06-06|[Download](/helios4/files/carrier/Helios4_Gerber_R1-2.zip)|PCB Gerber files
+PCB Assembly|Helios4 PCB Assembly|rev 1.1|2018-11-07|[Download](/helios4/files/carrier/Helios4_Assembly_R1-1.zip)|PCB Assembly files
+PCB Assembly|Helios4 PCB Assembly|rev 1.2|2019-06-06|[Download](/helios4/files/carrier/Helios4_Assembly_R1-2.zip)|PCB Assembly files
+BOM|Helios4 Bill-Of-Material|rev 1.1|2018-11-07|[Download](/helios4/files/carrier/Helios4_BOM_R1-1.xls)|Bill-Of-Material spreadsheet
+BOM|Helios4 Bill-Of-Material|rev 1.2|2019-06-06|[Download](/helios4/files/carrier/Helios4_BOM_R1-2.xls)|Bill-Of-Material spreadsheet
+Software|PCB Layout Browser|rev xx|2018-11-07|[Link](https://www.mentor.com/pcb/downloads/browsers/)|Mentor PCB Layout Browser
+
+!!! note
+    The PCB layout was done with Mentor Graphic tools, therefore to open the Helios4 PCB files you will need to download the Mentor VX.2.4 Layout Browser free tool [here](https://www.mentor.com/pcb/downloads/browsers/) (available for Linux and Windows).
+
+## A38x  MicroSoM
+
+Doc-Type | Filename | Version | Date | Download | Description
+---------|----------|---------|------|----------|------------
+Brochures|a38x Brochure|rev 1.0|2017-09-05|[Download](/helios4/files/som/brochure_a38x_microsom_2017-09-05.pdf)|Official SR a38x Brochure
+Schematics|A38X Simplified Schematics|rev 2.0|2015-10-28|[Download](/helios4/files/som/a38x-microsom-schematics-simplified-rev2.00.pdf)|MicroSom A38X Simplified Schematics - PDF
+Schematics|A38X Simplified Schematics|rev 2.1|2019-07-09|[Download](/helios4/files/som/a38x-microsom-schematics-simplified-rev2.1.pdf)|MicroSom A38X Simplified Schematics - PDF
+Marvell Documents|Marvell ARMADA 38x Functional Specifications|rev xx|2015-10-25|[Link](https://marvellcorp.wufoo.com/forms/marvell-armada-38x-functional-specifications/)|Marvell ARMADA 38x Functional Specifications
+Marvell Documents|Marvell ARMADA 38x Hardware Specifications|rev xx|2017-03-09|[Link](https://marvellcorp.wufoo.com/forms/marvell-armada-38x-hardware-specifications/)|Marvell ARMADA 38x Hardware Specifications
+
+For more documents on the **A38x SoM** go to [SolidRun Wiki](https://wiki.solid-run.com/doku.php?id=products:a38x:documents)
+
+## Casing
+
+Doc-Type | Filename | Version | Date | Download | Description
+---------|----------|---------|------|----------|-------------
+Mechanical|Helios4 Case B|rev 4g|2017-09-01|[Download](/helios4/files/casing/Helios4_CaseB_r4g.skp)|Case Mechanical Design - SketchUp
+Mechanical|Helios4 Case B|rev 4g|2017-09-01|[Download](/helios4/files/casing/Helios4_CaseB_r4g.pdf)|Case Mechanical Design - PDF
+Mechanical|Helios4 Case B|rev 4g|2017-09-01|[Download](/helios4/files/casing/Helios4_CaseB_r4g.dxf)|Case Mechanical Design - DXF
+Mechanical|Helios4 Case B|rev 4g|2017-09-01|[Download](/helios4/files/casing/Helios4_CaseB_r4g.eps)|Case Mechanical Design - EPS
+Mechanical|Helios4 Case B Assembled|rev 4g|2017-09-01|[Download](/helios4/files/casing/Helios4_CaseB_r4g-assembled.skp)|Case Mechanical Design Assembled - SketchUp
+Mechanical|Helios4 Case B|rev 4j|2019-05-24|[Download](/helios4/files/casing/Helios4_CaseB_r4j.skp)|Case Mechanical Design - SketchUp
+Mechanical|Helios4 Case B|rev 4j|2019-05-24|[Download](/helios4/files/casing/Helios4_CaseB_r4j.pdf)|Case Mechanical Design - PDF
+Mechanical|Helios4 Case B|rev 4j|2019-05-24|[Download](/helios4/files/casing/Helios4_CaseB_r4j.dxf)|Case Mechanical Design - DXF
+Mechanical|Helios4 Case B|rev 4j|2019-05-24|[Download](/helios4/files/casing/Helios4_CaseB_r4j.eps)|Case Mechanical Design - EPS
+Mechanical|Helios4 Case B Assembled|rev 4g|2017-09-01|[Download](/helios4/files/casing/Helios4_CaseB_r4g-assembled.skp)|Case Mechanical Design Assembled - SketchUp
+Mechanical|Helios4 Mini-Case|rev 2|2019-05-07|[Download](/helios4/files/casing/Helios4_MiniCase_r2.skp)|Case Mechanical Design - SketchUp
+Mechanical|Helios4 Mini-Case|rev 2|2019-05-07|[Download](/helios4/files/casing/Helios4_MiniCase_r2.pdf)|Case Mechanical Design - PDF
+Mechanical|Helios4 Mini-Case|rev 2|2019-05-07|[Download](/helios4/files/casing/Helios4_MiniCase_r2.dxf)|Case Mechanical Design - DXF
+Mechanical|Helios4 Mini-Case|rev 2|2019-05-07|[Download](/helios4/files/casing/Helios4_MiniCase_r2.eps)|Case Mechanical Design - EPS
+
+## Power Supply
+
+Doc-Type | Filename | Version | Date | Download | Description
+---------|----------|---------|------|----------|-------------
+Schematics|YCZX Schematics 12V8A|rev xx|2017-11-1|[Download](/helios4/files/power-supply/YCZX_Schematics_12V8A.pdf)|AC/DC Power Adapter Schematics
+Certificate|YCZX AC/DC FCC VoC|rev xx|2016-03-22|[Download](/helios4/files/power-supply/YCZX_ACDC_FCC_VoC.png)|AC/DC Power Adapter FCC Verification of Conformity
+Certificate|YCZX AC/DC CE CoC|rev xx|2016-03-22|[Download](/helios4/files/power-supply/YCZX_ACDC_CE_CoC.png)|AC/DC Power Adapter CE Certificate of Compliance
+
+## Fan
+
+Doc-Type | Filename | Version | Date | Download | Description
+---------|----------|---------|------|----------|-------------
+Datasheet|7015.pdf|rev xx|01-01-2016|[Download](/helios4/files/fan/Whee_fan_7015.pdf)|Casing FAN specs
+
+
+## Certification
+
+Doc-Type | Filename | Version | Date | Download | Description
+---------|----------|---------|------|----------|-------------
+Certification|Helios4 FCC/CE Test Manual|rev 0.1|2018-08-28|[Download](/helios4/files/certification/Helios4_FCC_CE_Test_Manual-v0.1.pdf)|Test Manual for FCC/CE Verification
+Certification|Helios4 FCC Declaration of Conformity|rev xx|2018-10-09|[Download](/helios4/files/certification/FCC_SDoC_Helios4_2GB_ECC.pdf)|FCC SDoC Certificate
+Certification|Helios4 FCC EMC Test Report|rev 0.1|2018-10-08|[Download](/helios4/files/certification/UCSFC-1810-0036_Helios4_2GB_ECC_Test_Report.pdf)|EMC Lab report for FCC
+Certification|Helios4 CE Declaration of Conformity|rev xx|2018-10-09|[Download](/helios4/files/certification/CE_DoC_Helios4_2GB_ECC.pdf)|CE DoC Certificate
+Certification|Helios4 CE EMC Test Report|rev 0.1|2018-10-08|[Download](/helios4/files/certification/UCSCE-1810-0075_Helios4_2GB_ECC_Test_Report.pdf)|EMC Lab report for CE
+Certification|Helios4 RoHS Declaration of Conformity|rev xx|2018-10-09|[Download](/helios4/files/certification/RoHS_DoC_Helios4_2GB_ECC.pdf)|RoHS DoC Certificate

docs/helios4/download.md

@@ -0,0 +1,67 @@
+disqus:
+
+## Latest OS Images
+
+All the following images are generated by [Armbian](https://www.armbian.com/helios4/) build framework.
+
+### Debian 10 - Buster
+
+[![Debian Stretch](/helios4/img/os/debian10.png)](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Debian_buster_next_4.19.63.7z)<br>
+*MD5SUM : 9c48344c208dfa50b5868debe6fae629<br>
+Build date : 02/08/2019<br>
+Size : 261 MB<br>*
+[Direct Download](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Debian_buster_next_4.19.63.7z)
+
+!!! important
+    OMV5 (OpenMediaVault 5) for Debian 10 Buster is still in beta and unstable. If you wand to use OMV, then you should use Debian 9 Stretch with OMV 4 for now.
+
+### Debian 9 - Stretch
+
+[![Debian Stretch](/helios4/img/os/debian9.png)](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Debian_stretch_default_4.14.135.7z)<br>
+*MD5SUM : e8416b359a7620bb01b5a13c6a10612f<br>
+Build date : 02/08/2019<br>
+Size : 252 MB<br>*
+[Direct Download](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Debian_stretch_default_4.14.135.7z)
+
+!!! note
+    OMV4 (OpenMediaVault 4) can be installed with the **armbian-config** tool as explained [here](/helios4/omv/#install-openmediavault).
+
+### Ubuntu 18.04 - Bionic
+
+[![Ubuntu Bionic](/helios4/img/os/ubuntu.png)](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Ubuntu_bionic_next_4.19.63.7z)<br>
+*MD5SUM : 62983d7519f15e67355d6dd5e60ee353<br>
+Build date : 02/08/2019<br>
+Size : 192 MB<br>*
+[Direct Download](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Ubuntu_bionic_next_4.19.63.7z)
+
+
+## Known Limitations
+
+- SDcard High Speed timing have compatibility issue with some brands.
+
+    **Temporary workaround :** Disable UHS option/support.
+
+    *Can be manually enable, refer to the following [page](/helios4/sdcard).*
+
+- During SATA heavy load, accessing SPI NOR Flash will generate ATA errors.
+
+    **Temporary workaround :** Disable SPI NOR flash.
+
+    *Can be manually enable, refer to the following [page](/helios4/spi).*
+
+
+## Image List
+
+!!! note
+    7Z archives can be uncompressed with 7-Zip on Windows, Keka on OS X and 7z on Linux (apt-get install p7zip-full). XZ archives and RAW images can be directly written to microSD card with Etcher (all OS).
+
+Filename | Download | MD5
+---------|----------|----
+**Armbian_5.91_Helios4_Debian_buster_next_4.19.63.7z**<br>Armbian 5.91 Debian 10 Buster (Kernel 4.19.63)<br>Build date : 02/08/2019<br>Size : 261 MB|[Download](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Debian_buster_next_4.19.63.7z)|9c48344c208dfa50b5868debe6fae629
+**Armbian_5.91_Helios4_Debian_stretch_default_4.14.135.7z**<br>Armbian 5.91 Debian 9 Stretch (Kernel 4.14.135)<br>Build date : 02/08/2019<br>Size : 252 MB|[Download](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Debian_stretch_default_4.14.135.7z)|e8416b359a7620bb01b5a13c6a10612f
+**Armbian_5.91_Helios4_Ubuntu_bionic_next_4.19.63.7z**<br>Armbian 5.91 Ubuntu 18.04 Bionic (Kernel 4.19.63)<br>Build date : 02/08/2019<br>Size : 192 MB|[Download](https://cdn.kobol.io/files/Armbian_5.91_Helios4_Ubuntu_bionic_next_4.19.63.7z)|62983d7519f15e67355d6dd5e60ee353
+**Armbian_5.77_Helios4_Debian_stretch_next_4.14.106.7z**<br>Armbian 5.77 Debian 9 Stretch (Kernel 4.14.106)<br>Build date : 14/03/2019<br>Size : 238 MB|[Download](https://cdn.kobol.io/files/Armbian_5.77_Helios4_Debian_stretch_next_4.14.106.7z)|5f2e19d6ecf8a35de89c881fb06bd56e
+**Armbian_5.77_Helios4_Ubuntu_bionic_next_4.14.106.7z**<br>Armbian 5.77 Ubuntu 18.04 Bionic (Kernel 4.14.106)<br>Build date : 14/03/2019<br>Size : 177 MB|[Download](https://cdn.kobol.io/files/Armbian_5.77_Helios4_Ubuntu_bionic_next_4.14.106.7z)|90805f23c5c6491bbf1b251f4d3d74a0
+**Armbian_5.75_Helios4_Ubuntu_bionic_next_4.14.98.7z**<br>Armbian 5.75 Ubuntu 18.04 Bionic (Kernel 4.14.98)<br>Build date : 10/02/2019<br>Size : 193 MB|[Download](https://dl.armbian.com/helios4/archive/Armbian_5.75_Helios4_Ubuntu_bionic_next_4.14.98.7z)|d70b2d51b29e6729c33bbec90825f47a
+**Armbian_5.72_Helios4_Debian_stretch_next_4.14.94.7z**<br>Armbian 5.72 Debian 9 Stretch (Kernel 4.14.94)<br>Build date : 20/01/2019<br>Size : 260 MB|[Download](https://dl.armbian.com/helios4/archive/Armbian_5.72_Helios4_Debian_stretch_next_4.14.94.7z)|c4b5973931acde6e070b88bdfb32957c
+**Armbian_5.72_Helios4_Ubuntu_bionic_next_4.14.94.7z**<br>Armbian 5.72 Ubuntu 18.04 Bionic (Kernel 4.14.94)<br>Build date : 20/01/2019<br>Size : 192 MB|[Download](https://dl.armbian.com/helios4/archive/Armbian_5.72_Helios4_Ubuntu_bionic_next_4.14.94.7z)|e372bd132de296228ad1a2289d163fa4

docs/helios4/files/cesa/openssl-add-cryptodev-support.patch

@@ -0,0 +1,619 @@
+--- eng_cryptodev.c.old	2019-03-17 15:36:36.664406915 +0800
++++ eng_cryptodev.c	2019-03-17 23:14:23.348495380 +0800
+@@ -2,6 +2,7 @@
+  * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+  * Copyright (c) 2002 Theo de Raadt
+  * Copyright (c) 2002 Markus Friedl
++ * Copyright (c) 2012 Nikos Mavrogiannopoulos
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+@@ -73,7 +74,6 @@
+     struct session_op d_sess;
+     int d_fd;
+ # ifdef USE_CRYPTODEV_DIGESTS
+-    char dummy_mac_key[HASH_MAX_LEN];
+     unsigned char digest_res[HASH_MAX_LEN];
+     char *mac_data;
+     int mac_len;
+@@ -190,8 +190,10 @@
+ static struct {
+     int id;
+     int nid;
+-    int keylen;
++    int digestlen;
+ } digests[] = {
++#if 0
++    /* HMAC is not supported */
+     {
+         CRYPTO_MD5_HMAC, NID_hmacWithMD5, 16
+     },
+@@ -199,15 +201,15 @@
+         CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, 20
+     },
+     {
+-        CRYPTO_RIPEMD160_HMAC, NID_ripemd160, 16
+-        /* ? */
++        CRYPTO_SHA2_256_HMAC, NID_hmacWithSHA256, 32
+     },
+     {
+-        CRYPTO_MD5_KPDK, NID_undef, 0
++        CRYPTO_SHA2_384_HMAC, NID_hmacWithSHA384, 48
+     },
+     {
+-        CRYPTO_SHA1_KPDK, NID_undef, 0
++        CRYPTO_SHA2_512_HMAC, NID_hmacWithSHA512, 64
+     },
++#endif
+     {
+         CRYPTO_MD5, NID_md5, 16
+     },
+@@ -215,6 +217,15 @@
+         CRYPTO_SHA1, NID_sha1, 20
+     },
+     {
++        CRYPTO_SHA2_256, NID_sha256, 32
++    },
++    {
++        CRYPTO_SHA2_384, NID_sha384, 48
++    },
++    {
++        CRYPTO_SHA2_512, NID_sha512, 64
++    },
++    {
+         0, NID_undef, 0
+     },
+ };
+@@ -289,13 +300,14 @@
+     static int nids[CRYPTO_ALGORITHM_MAX];
+     struct session_op sess;
+     int fd, i, count = 0;
++    unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ 
+     if ((fd = get_dev_crypto()) < 0) {
+         *cnids = NULL;
+         return (0);
+     }
+     memset(&sess, 0, sizeof(sess));
+-    sess.key = (caddr_t) "123456789abcdefghijklmno";
++    sess.key = (void*)fake_key;
+ 
+     for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (ciphers[i].nid == NID_undef)
+@@ -326,6 +338,7 @@
+ static int get_cryptodev_digests(const int **cnids)
+ {
+     static int nids[CRYPTO_ALGORITHM_MAX];
++    unsigned char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+     struct session_op sess;
+     int fd, i, count = 0;
+ 
+@@ -334,12 +347,12 @@
+         return (0);
+     }
+     memset(&sess, 0, sizeof(sess));
+-    sess.mackey = (caddr_t) "123456789abcdefghijklmno";
++    sess.mackey = fake_key;
+     for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+         if (digests[i].nid == NID_undef)
+             continue;
+         sess.mac = digests[i].id;
+-        sess.mackeylen = digests[i].keylen;
++        sess.mackeylen = 8;
+         sess.cipher = 0;
+         if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+             ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+@@ -425,14 +438,14 @@
+     cryp.ses = sess->ses;
+     cryp.flags = 0;
+     cryp.len = inl;
+-    cryp.src = (caddr_t) in;
+-    cryp.dst = (caddr_t) out;
++    cryp.src = (void*) in;
++    cryp.dst = (void*) out;
+     cryp.mac = 0;
+ 
+     cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+ 
+     if (ctx->cipher->iv_len) {
+-        cryp.iv = (caddr_t) ctx->iv;
++        cryp.iv = (void*) ctx->iv;
+         if (!ctx->encrypt) {
+             iiv = in + inl - ctx->cipher->iv_len;
+             memcpy(save_iv, iiv, ctx->cipher->iv_len);
+@@ -484,7 +497,7 @@
+     if ((state->d_fd = get_dev_crypto()) < 0)
+         return (0);
+ 
+-    sess->key = (caddr_t) key;
++    sess->key = (void*) key;
+     sess->keylen = ctx->key_len;
+     sess->cipher = cipher;
+ 
+@@ -535,151 +548,164 @@
+  * gets called when libcrypto requests a cipher NID.
+  */
+ 
++
++static int cryptodev_cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void *p2)
++{
++    struct dev_crypto_state *state = ctx->cipher_data;
++    struct session_op *sess = &state->d_sess;
++
++    if (type == EVP_CTRL_COPY) {
++        EVP_CIPHER_CTX *out = p2;
++        return cryptodev_init_key(out, sess->key, ctx->iv, 0);
++    }
++    return 0;
++}
++
+ /* RC4 */
+ const EVP_CIPHER cryptodev_rc4 = {
+     NID_rc4,
+     1, 16, 0,
+-    EVP_CIPH_VARIABLE_LENGTH,
++    EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     NULL,
+     NULL,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ /* DES CBC EVP */
+ const EVP_CIPHER cryptodev_des_cbc = {
+     NID_des_cbc,
+     8, 8, 8,
+-    EVP_CIPH_CBC_MODE,
++    EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ /* 3DES CBC EVP */
+ const EVP_CIPHER cryptodev_3des_cbc = {
+     NID_des_ede3_cbc,
+     8, 24, 8,
+-    EVP_CIPH_CBC_MODE,
++    EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ const EVP_CIPHER cryptodev_bf_cbc = {
+     NID_bf_cbc,
+     8, 16, 8,
+-    EVP_CIPH_CBC_MODE,
++    EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ const EVP_CIPHER cryptodev_cast_cbc = {
+     NID_cast5_cbc,
+     8, 16, 8,
+-    EVP_CIPH_CBC_MODE,
++    EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ const EVP_CIPHER cryptodev_aes_cbc = {
+     NID_aes_128_cbc,
+     16, 16, 16,
+-    EVP_CIPH_CBC_MODE,
++    EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ const EVP_CIPHER cryptodev_aes_192_cbc = {
+     NID_aes_192_cbc,
+     16, 24, 16,
+-    EVP_CIPH_CBC_MODE,
++    EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ const EVP_CIPHER cryptodev_aes_256_cbc = {
+     NID_aes_256_cbc,
+     16, 32, 16,
+-    EVP_CIPH_CBC_MODE,
++    EVP_CIPH_CBC_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ # ifdef CRYPTO_AES_CTR
+ const EVP_CIPHER cryptodev_aes_ctr = {
+     NID_aes_128_ctr,
+     16, 16, 14,
+-    EVP_CIPH_CTR_MODE,
++    EVP_CIPH_CTR_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ const EVP_CIPHER cryptodev_aes_ctr_192 = {
+     NID_aes_192_ctr,
+     16, 24, 14,
+-    EVP_CIPH_CTR_MODE,
++    EVP_CIPH_CTR_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ 
+ const EVP_CIPHER cryptodev_aes_ctr_256 = {
+     NID_aes_256_ctr,
+     16, 32, 14,
+-    EVP_CIPH_CTR_MODE,
++    EVP_CIPH_CTR_MODE|EVP_CIPH_CUSTOM_COPY,
+     cryptodev_init_key,
+     cryptodev_cipher,
+     cryptodev_cleanup,
+     sizeof(struct dev_crypto_state),
+     EVP_CIPHER_set_asn1_iv,
+     EVP_CIPHER_get_asn1_iv,
+-    NULL
++    cryptodev_cipher_ctrl
+ };
+ # endif
+ /*
+@@ -750,16 +776,6 @@
+     return (0);
+ }
+ 
+-static int digest_key_length(int nid)
+-{
+-    int i;
+-
+-    for (i = 0; digests[i].id; i++)
+-        if (digests[i].nid == nid)
+-            return digests[i].keylen;
+-    return (0);
+-}
+-
+ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
+ {
+     struct dev_crypto_state *state = ctx->md_data;
+@@ -770,7 +786,6 @@
+         printf("cryptodev_digest_init: Can't get digest \n");
+         return (0);
+     }
+-
+     memset(state, 0, sizeof(struct dev_crypto_state));
+ 
+     if ((state->d_fd = get_dev_crypto()) < 0) {
+@@ -778,8 +793,8 @@
+         return (0);
+     }
+ 
+-    sess->mackey = state->dummy_mac_key;
+-    sess->mackeylen = digest_key_length(ctx->digest->type);
++    sess->mackey = NULL;
++    sess->mackeylen = 0;
+     sess->mac = digest;
+ 
+     if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
+@@ -795,8 +810,8 @@
+ static int cryptodev_digest_update(EVP_MD_CTX *ctx, const void *data,
+                                    size_t count)
+ {
+-    struct crypt_op cryp;
+     struct dev_crypto_state *state = ctx->md_data;
++    struct crypt_op cryp;
+     struct session_op *sess = &state->d_sess;
+ 
+     if (!data || state->d_fd < 0) {
+@@ -805,7 +820,7 @@
+     }
+ 
+     if (!count) {
+-        return (0);
++        return (1);
+     }
+ 
+     if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
+@@ -830,9 +845,9 @@
+     cryp.ses = sess->ses;
+     cryp.flags = 0;
+     cryp.len = count;
+-    cryp.src = (caddr_t) data;
++    cryp.src = (void*) data;
+     cryp.dst = NULL;
+-    cryp.mac = (caddr_t) state->digest_res;
++    cryp.mac = (void*) state->digest_res;
+     if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+         printf("cryptodev_digest_update: digest failed\n");
+         return (0);
+@@ -846,8 +861,6 @@
+     struct dev_crypto_state *state = ctx->md_data;
+     struct session_op *sess = &state->d_sess;
+ 
+-    int ret = 1;
+-
+     if (!md || state->d_fd < 0) {
+         printf("cryptodev_digest_final: illegal input\n");
+         return (0);
+@@ -861,7 +874,7 @@
+         cryp.len = state->mac_len;
+         cryp.src = state->mac_data;
+         cryp.dst = NULL;
+-        cryp.mac = (caddr_t) md;
++        cryp.mac = (void*) md;
+         if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
+             printf("cryptodev_digest_final: digest failed\n");
+             return (0);
+@@ -872,7 +885,7 @@
+ 
+     memcpy(md, state->digest_res, ctx->digest->md_size);
+ 
+-    return (ret);
++    return 1;
+ }
+ 
+ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
+@@ -923,8 +936,8 @@
+ 
+     digest = digest_nid_to_cryptodev(to->digest->type);
+ 
+-    sess->mackey = dstate->dummy_mac_key;
+-    sess->mackeylen = digest_key_length(to->digest->type);
++    sess->mackey = NULL;
++    sess->mackeylen = 0;
+     sess->mac = digest;
+ 
+     dstate->d_fd = get_dev_crypto();
+@@ -951,34 +964,118 @@
+     return 1;
+ }
+ 
+-const EVP_MD cryptodev_sha1 = {
++static const EVP_MD cryptodev_sha1 = {
+     NID_sha1,
+-    NID_undef,
++    NID_sha1WithRSAEncryption,
+     SHA_DIGEST_LENGTH,
++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
++    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
++    EVP_MD_FLAG_DIGALGID_ABSENT|
++#endif
+     EVP_MD_FLAG_ONESHOT,
+     cryptodev_digest_init,
+     cryptodev_digest_update,
+     cryptodev_digest_final,
+     cryptodev_digest_copy,
+     cryptodev_digest_cleanup,
+-    EVP_PKEY_NULL_method,
++    EVP_PKEY_RSA_method,
+     SHA_CBLOCK,
+-    sizeof(struct dev_crypto_state),
++    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
+ };
+ 
+-const EVP_MD cryptodev_md5 = {
++static const EVP_MD cryptodev_sha256 = {
++    NID_sha256,
++    NID_sha256WithRSAEncryption,
++    SHA256_DIGEST_LENGTH, 
++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
++    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
++    EVP_MD_FLAG_DIGALGID_ABSENT|
++#endif
++    EVP_MD_FLAG_ONESHOT,
++    cryptodev_digest_init,
++    cryptodev_digest_update,
++    cryptodev_digest_final,
++    cryptodev_digest_copy,
++    cryptodev_digest_cleanup,
++    EVP_PKEY_RSA_method,
++    SHA256_CBLOCK,
++    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
++};
++
++static const EVP_MD cryptodev_sha224 = {
++    NID_sha224,
++    NID_sha224WithRSAEncryption, 
++    SHA224_DIGEST_LENGTH, 
++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
++    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
++    EVP_MD_FLAG_DIGALGID_ABSENT|
++#endif
++    EVP_MD_FLAG_ONESHOT,
++    cryptodev_digest_init,
++    cryptodev_digest_update,
++    cryptodev_digest_final,
++    cryptodev_digest_copy,
++    cryptodev_digest_cleanup,
++    EVP_PKEY_RSA_method,
++    SHA256_CBLOCK,
++    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
++};
++
++static const EVP_MD cryptodev_sha384 = {
++    NID_sha384,
++    NID_sha384WithRSAEncryption, 
++    SHA384_DIGEST_LENGTH, 
++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
++    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
++    EVP_MD_FLAG_DIGALGID_ABSENT|
++#endif
++    EVP_MD_FLAG_ONESHOT,
++    cryptodev_digest_init,
++    cryptodev_digest_update,
++    cryptodev_digest_final,
++    cryptodev_digest_copy,
++    cryptodev_digest_cleanup,
++    EVP_PKEY_RSA_method,
++    SHA512_CBLOCK,
++    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
++};
++
++static const EVP_MD cryptodev_sha512 = {
++    NID_sha512,
++    NID_sha512WithRSAEncryption, 
++    SHA512_DIGEST_LENGTH, 
++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
++    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
++    EVP_MD_FLAG_DIGALGID_ABSENT|
++#endif
++    EVP_MD_FLAG_ONESHOT,
++    cryptodev_digest_init,
++    cryptodev_digest_update,
++    cryptodev_digest_final,
++    cryptodev_digest_copy,
++    cryptodev_digest_cleanup,
++    EVP_PKEY_RSA_method,
++    SHA512_CBLOCK,
++    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
++};
++
++static const EVP_MD cryptodev_md5 = {
+     NID_md5,
+-    NID_undef,
++    NID_md5WithRSAEncryption,
+     16 /* MD5_DIGEST_LENGTH */ ,
++#if defined(EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) && defined(EVP_MD_FLAG_DIGALGID_ABSENT)
++    EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|
++    EVP_MD_FLAG_DIGALGID_ABSENT|
++#endif
+     EVP_MD_FLAG_ONESHOT,
+     cryptodev_digest_init,
+     cryptodev_digest_update,
+     cryptodev_digest_final,
+     cryptodev_digest_copy,
+     cryptodev_digest_cleanup,
+-    EVP_PKEY_NULL_method,
++    EVP_PKEY_RSA_method,
+     64 /* MD5_CBLOCK */ ,
+-    sizeof(struct dev_crypto_state),
++    sizeof(EVP_MD *)+sizeof(struct dev_crypto_state),
+ };
+ 
+ # endif                         /* USE_CRYPTODEV_DIGESTS */
+@@ -998,6 +1095,18 @@
+     case NID_sha1:
+         *digest = &cryptodev_sha1;
+         break;
++    case NID_sha224:
++        *digest = &cryptodev_sha224;
++        break;
++    case NID_sha256:
++        *digest = &cryptodev_sha256;
++        break;
++    case NID_sha384:
++        *digest = &cryptodev_sha384;
++        break;
++    case NID_sha512:
++        *digest = &cryptodev_sha512;
++        break;
+     default:
+ # endif                         /* USE_CRYPTODEV_DIGESTS */
+         *digest = NULL;
+@@ -1028,7 +1137,7 @@
+         return (1);
+     memset(b, 0, bytes);
+ 
+-    crp->crp_p = (caddr_t) b;
++    crp->crp_p = (void*) b;
+     crp->crp_nbits = bits;
+ 
+     for (i = 0, j = 0; i < a->top; i++) {
+@@ -1291,7 +1400,7 @@
+     kop.crk_op = CRK_DSA_SIGN;
+ 
+     /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+-    kop.crk_param[0].crp_p = (caddr_t) dgst;
++    kop.crk_param[0].crp_p = (void*) dgst;
+     kop.crk_param[0].crp_nbits = dlen * 8;
+     if (bn2crparam(dsa->p, &kop.crk_param[1]))
+         goto err;
+@@ -1334,7 +1443,7 @@
+     kop.crk_op = CRK_DSA_VERIFY;
+ 
+     /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+-    kop.crk_param[0].crp_p = (caddr_t) dgst;
++    kop.crk_param[0].crp_p = (void*) dgst;
+     kop.crk_param[0].crp_nbits = dlen * 8;
+     if (bn2crparam(dsa->p, &kop.crk_param[1]))
+         goto err;
+@@ -1415,9 +1524,10 @@
+         goto err;
+     kop.crk_iparams = 3;
+ 
+-    kop.crk_param[3].crp_p = (caddr_t) key;
+-    kop.crk_param[3].crp_nbits = keylen * 8;
++    kop.crk_param[3].crp_p = (void*) key;
++    kop.crk_param[3].crp_nbits = keylen;
+     kop.crk_oparams = 1;
++    dhret = keylen/8;
+ 
+     if (ioctl(fd, CIOCKEY, &kop) == -1) {
+         const DH_METHOD *meth = DH_OpenSSL();
+@@ -1487,7 +1597,7 @@
+     put_dev_crypto(fd);
+ 
+     if (!ENGINE_set_id(engine, "cryptodev") ||
+-        !ENGINE_set_name(engine, "BSD cryptodev engine") ||
++        !ENGINE_set_name(engine, "cryptodev engine") ||
+         !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+         !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+         !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||

docs/helios4/files/dt-overlay/compile-dtb-lk-4.14.patch

@@ -0,0 +1,14 @@
+diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
+index aac94d96..d22bb79d 100644
+--- a/scripts/Makefile.lib
++++ b/scripts/Makefile.lib
+@@ -270,6 +270,9 @@ cmd_gzip = (cat $(filter-out FORCE,$^) | gzip -n -f -9 > $@) || \
+ # ---------------------------------------------------------------------------
+ DTC ?= $(objtree)/scripts/dtc/dtc
+ 
++# Enable overlay support
++DTC_FLAGS += -@
++
+ # Disable noisy checks by default
+ ifeq ($(KBUILD_ENABLE_EXTRA_GCC_CHECKS),)
+ DTC_FLAGS += -Wno-unit_address_vs_reg \

docs/helios4/files/dt-overlay/compile-dtb-lk-4.19.patch

@@ -0,0 +1,14 @@
+diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
+index 61e596650..fdb066e51 100644
+--- a/scripts/Makefile.lib
++++ b/scripts/Makefile.lib
+@@ -244,6 +244,9 @@ cmd_gzip = (cat $(filter-out FORCE,$^) | gzip -n -f -9 > $@) || \
+ # ---------------------------------------------------------------------------
+ DTC ?= $(objtree)/scripts/dtc/dtc
+ 
++# Enable overlay support
++DTC_FLAGS += -@
++
+ # Disable noisy checks by default
+ ifeq ($(findstring 1,$(KBUILD_ENABLE_EXTRA_GCC_CHECKS)),)
+ DTC_FLAGS += -Wno-unit_address_vs_reg \

docs/helios4/files/led/libata_leds_trigger_mvebu.patch

@@ -0,0 +1,222 @@
+From 7c0053bae4a4e7dbab69402c47eb84e33143a176 Mon Sep 17 00:00:00 2001
+Message-Id: <7c0053bae4a4e7dbab69402c47eb84e33143a176.1544101943.git.aditya@kobol.io>
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sat, 13 Dec 2014 01:07:20 +0100
+Subject: [PATCH] libata: add ledtrig support
+
+This adds a LED trigger for each ATA port indicating disk activity.
+
+As this is needed only on specific platforms (NAS SoCs and such),
+these platforms should define ARCH_WANTS_LIBATA_LEDS if there
+are boards with LED(s) intended to indicate ATA disk activity and
+need the OS to take care of that.
+In that way, if not selected, LED trigger support not will be
+included in libata-core and both, codepaths and structures remain
+untouched.
+
+I'm currently deploying this for the oxnas target in OpenWrt
+https://dev.openwrt.org/changeset/43675/
+
+v2: rebased to kernel/git/tj/libata.git
+    plus small corrections and comments added
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+URL: https://patchwork.ozlabs.org/patch/420733/
+[Aditya Prayoga:
+* Port forward
+* Change ATA_LEDS default to no
+* Reduce performance impact by moving ata_led_act() call from
+    ata_qc_new() to ata_qc_complete()]
+Signed-off-by: Aditya Prayoga <aditya@kobol.io>
+
+ARM: mvebu: Enable ARCH_WANT_LIBATA_LEDS in Armada 38x
+
+Enable hidden symbol ARCH_WANT_LIBATA_LEDS so CONFIG_ATA_LEDS can be
+used in kernel configuration.
+
+URL: https://lists.openwrt.org/pipermail/openwrt-
+devel/2017-March/006582.html
+
+Signed-off-by: Aditya Prayoga <aditya@kobol.io>
+---
+ arch/arm/configs/mvebu_v7_defconfig |  1 +
+ arch/arm/mach-mvebu/Kconfig         |  1 +
+ drivers/ata/Kconfig                 | 16 +++++++++++
+ drivers/ata/libata-core.c           | 56 +++++++++++++++++++++++++++++++++++++
+ include/linux/libata.h              |  7 +++++
+ 5 files changed, 81 insertions(+)
+
+diff --git a/arch/arm/configs/mvebu_v7_defconfig b/arch/arm/configs/mvebu_v7_defconfig
+index 5514021..3d39ab2 100644
+--- a/arch/arm/configs/mvebu_v7_defconfig
++++ b/arch/arm/configs/mvebu_v7_defconfig
+@@ -59,6 +59,7 @@ CONFIG_MTD_UBI=y
+ CONFIG_EEPROM_AT24=y
+ CONFIG_BLK_DEV_SD=y
+ CONFIG_ATA=y
++CONFIG_ATA_LEDS=y
+ CONFIG_SATA_AHCI=y
+ CONFIG_AHCI_MVEBU=y
+ CONFIG_SATA_MV=y
+diff --git a/arch/arm/mach-mvebu/Kconfig b/arch/arm/mach-mvebu/Kconfig
+index 2c20599..51f3256 100644
+--- a/arch/arm/mach-mvebu/Kconfig
++++ b/arch/arm/mach-mvebu/Kconfig
+@@ -68,6 +68,7 @@ config MACH_ARMADA_38X
+ 	select HAVE_SMP
+ 	select MACH_MVEBU_V7
+ 	select PINCTRL_ARMADA_38X
++	select ARCH_WANT_LIBATA_LEDS
+ 	help
+ 	  Say 'Y' here if you want your kernel to support boards based
+ 	  on the Marvell Armada 380/385 SoC with device tree.
+diff --git a/drivers/ata/Kconfig b/drivers/ata/Kconfig
+index 39b181d..143bbd5 100644
+--- a/drivers/ata/Kconfig
++++ b/drivers/ata/Kconfig
+@@ -46,6 +46,22 @@ config ATA_VERBOSE_ERROR
+ 
+ 	  If unsure, say Y.
+ 
++config ARCH_WANT_LIBATA_LEDS
++	bool
++
++config ATA_LEDS
++	bool "support ATA port LED triggers"
++	depends on ARCH_WANT_LIBATA_LEDS
++	select NEW_LEDS
++	select LEDS_CLASS
++	select LEDS_TRIGGERS
++	default y
++	help
++	  This option adds a LED trigger for each registered ATA port.
++	  It is used to drive disk activity leds connected via GPIO.
++
++	  If unsure, say N.
++
+ config ATA_ACPI
+ 	bool "ATA ACPI Support"
+ 	depends on ACPI
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
+index 599e01b..65228f5 100644
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -5105,6 +5105,30 @@ void swap_buf_le16(u16 *buf, unsigned int buf_words)
+ }
+ 
+ /**
++ *	ata_led_act - Trigger port activity LED
++ *	@ap: indicating port
++ *
++ *	Blinks any LEDs registered to the trigger.
++ *	Commonly used with leds-gpio on NAS systems with disk activity
++ *	indicator LEDs.
++ *
++ *	LOCKING:
++ *	None.
++ */
++static inline void ata_led_act(struct ata_port *ap)
++{
++#ifdef CONFIG_ATA_LEDS
++#define LIBATA_BLINK_DELAY 20 /* ms */
++	unsigned long led_delay = LIBATA_BLINK_DELAY;
++
++	if (unlikely(!ap->ledtrig))
++		return;
++
++	led_trigger_blink_oneshot(ap->ledtrig, &led_delay, &led_delay, 0);
++#endif /* CONFIG_ATA_LEDS */
++}
++
++/**
+  *	ata_qc_new_init - Request an available ATA command, and initialize it
+  *	@dev: Device from whom we request an available command structure
+  *	@tag: tag
+@@ -5249,6 +5273,10 @@ void ata_qc_complete(struct ata_queued_cmd *qc)
+ 	/* Trigger the LED (if available) */
+ 	ledtrig_disk_activity(!!(qc->tf.flags & ATA_TFLAG_WRITE));
+ 
++#ifdef CONFIG_ATA_LEDS
++	ata_led_act(ap);
++#endif
++
+ 	/* XXX: New EH and old EH use different mechanisms to
+ 	 * synchronize EH with regular execution path.
+ 	 *
+@@ -6028,6 +6056,9 @@ struct ata_port *ata_port_alloc(struct ata_host *host)
+ 	ap->stats.unhandled_irq = 1;
+ 	ap->stats.idle_irq = 1;
+ #endif
++#ifdef CONFIG_ATA_LEDS
++	ap->ledtrig = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
++#endif
+ 	ata_sff_port_init(ap);
+ 
+ 	return ap;
+@@ -6063,6 +6094,12 @@ static void ata_host_release(struct kref *kref)
+ 
+ 		kfree(ap->pmp_link);
+ 		kfree(ap->slave_link);
++#ifdef CONFIG_ATA_LEDS
++		if (ap->ledtrig) {
++			led_trigger_unregister(ap->ledtrig);
++			kfree(ap->ledtrig);
++		};
++#endif
+ 		kfree(ap);
+ 		host->ports[i] = NULL;
+ 	}
+@@ -6527,6 +6564,25 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+ 		host->ports[i]->local_port_no = i + 1;
+ 	}
+ 
++#ifdef CONFIG_ATA_LEDS
++	/* register LED triggers for all ports */
++	for (i = 0; i < host->n_ports; i++) {
++		if (unlikely(!host->ports[i]->ledtrig))
++			continue;
++
++		snprintf(host->ports[i]->ledtrig_name,
++			sizeof(host->ports[i]->ledtrig_name), "ata%u",
++			host->ports[i]->print_id);
++
++		host->ports[i]->ledtrig->name = host->ports[i]->ledtrig_name;
++
++		if (led_trigger_register(host->ports[i]->ledtrig)) {
++			kfree(host->ports[i]->ledtrig);
++			host->ports[i]->ledtrig = NULL;
++		}
++	}
++#endif
++
+ 	/* Create associated sysfs transport objects  */
+ 	for (i = 0; i < host->n_ports; i++) {
+ 		rc = ata_tport_add(host->dev,host->ports[i]);
+diff --git a/include/linux/libata.h b/include/linux/libata.h
+index 38c95d6..3cc5f63 100644
+--- a/include/linux/libata.h
++++ b/include/linux/libata.h
+@@ -38,6 +38,7 @@
+ #include <linux/acpi.h>
+ #include <linux/cdrom.h>
+ #include <linux/sched.h>
++#include <linux/leds.h>
+ 
+ /*
+  * Define if arch has non-standard setup.  This is a _PCI_ standard
+@@ -893,6 +894,12 @@ struct ata_port {
+ #ifdef CONFIG_ATA_ACPI
+ 	struct ata_acpi_gtm	__acpi_init_gtm; /* use ata_acpi_init_gtm() */
+ #endif
++
++#ifdef CONFIG_ATA_LEDS
++	struct led_trigger	*ledtrig;
++	char			ledtrig_name[8];
++#endif
++
+ 	/* owned by EH */
+ 	u8			sector_buf[ATA_SECT_SIZE] ____cacheline_aligned;
+ };
+-- 
+2.7.4
+

docs/helios4/files/sdcard/helios4_dtb_sd_uhs_linux_stable.patch

@@ -0,0 +1,34 @@
+From 76fa8b1b9cd666312ade19e01de7c4a4103efe9b Mon Sep 17 00:00:00 2001
+Message-Id: <76fa8b1b9cd666312ade19e01de7c4a4103efe9b.1544609988.git.aditya@kobol.io>
+From: Aditya Prayoga <aditya@kobol.io>
+Date: Wed, 12 Dec 2018 15:02:16 +0800
+Subject: [PATCH] arm: dts: armada-388-helios4: Enable High Speed and UHS-I
+ support
+
+Enable High Speed and UHS-I mode support on SD card controller as
+specified by Functional Specification document.
+
+Signed-off-by: Aditya Prayoga <aditya@kobol.io>
+---
+ arch/arm/boot/dts/armada-388-helios4.dts | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/arch/arm/boot/dts/armada-388-helios4.dts b/arch/arm/boot/dts/armada-388-helios4.dts
+index 705adfa..23785ec 100644
+--- a/arch/arm/boot/dts/armada-388-helios4.dts
++++ b/arch/arm/boot/dts/armada-388-helios4.dts
+@@ -253,6 +253,11 @@
+ 				status = "okay";
+ 				vmmc = <&reg_3p3v>;
+ 				wp-inverted;
++				cap-sd-highspeed;
++				sd-uhs-sdr12;
++				sd-uhs-sdr25;
++				sd-uhs-sdr50;
++				sd-uhs-ddr50;
+ 			};
+ 
+ 			usb@58000 {
+-- 
+2.7.4
+

docs/helios4/files/sdcard/run_sdcard_test.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+get_flash_information() {
+	# http://www.bunniestudios.com/blog/?page_id=1022
+	while read Device ; do
+		DeviceNode="${Device%/*}"
+		DeviceName="${DeviceNode##*/}"
+		echo -e "\n### ${DeviceName} info:\n"
+		find "${DeviceNode}" -maxdepth 1 -type f | while read ; do
+			NodeName="${REPLY##*/}"
+			echo -e "$(printf "%20s" ${NodeName}): $(cat "${DeviceNode}/${NodeName}" | tr '\n' " ")"
+		done
+
+		oem=$(cat ${DeviceNode}/name)
+		CardName="${DeviceName}-[${oem//[^a-zA-Z0-9]/_}]"
+	done <<< $(find /sys -name oemid)
+} # get_flash_information
+
+get_flash_information > card_info.txt
+LOGFILE="SD_test_${CardName}_$(date +%Y%m%d_%H%M%S).log"
+
+[[ -d /mnt/sdcard ]] || mkdir -p /mnt/sdcard
+mount /dev/mmcblk0p1 /mnt/sdcard
+result=$?
+
+if [[ $result -ne 0 ]]; then
+	echo "failed to mount SD card. Stopped the test"
+	exit 1
+fi
+
+cat card_info.txt | tee -a $LOGFILE
+rm -f card_info.txt
+
+echo -e "\n\n===============================\n\n" >> $LOGFILE
+
+echo "Start benchmarking ..." | tee -a ${LOGFILE}
+echo "Please wait"
+echo -e "\n\n1st run\n\n" | tee -a ${LOGFILE}
+iozone -e -I -a -s 100M -r 4k -r 16k -r 512k -r 1024k -r 16384k -i 0 -i 1 -i 2 -f /mnt/sdcard/iozone-test.dat | tee -a ${LOGFILE}
+echo -e "\n\n===============================\n\n" >> $LOGFILE
+
+echo -e "\n\n2nd run\n\n" | tee -a ${LOGFILE}
+iozone -e -I -a -s 100M -r 4k -r 16k -r 512k -r 1024k -r 16384k -i 0 -i 1 -i 2 -f /mnt/sdcard/iozone-test.dat | tee -a ${LOGFILE}
+echo -e "\n\n===============================\n\n" >> $LOGFILE
+
+umount /mnt/sdcard
+echo "Done" | tee -a ${LOGFILE}

docs/helios4/files/uboot/boot_spi_en.cmd

@@ -0,0 +1,47 @@
+# DO NOT EDIT THIS FILE
+#
+# Please edit /boot/armbianEnv.txt to set supported parameters
+#
+
+# default values
+setenv rootdev "/dev/mmcblk0p1"
+setenv rootfstype "ext4"
+setenv verbosity "1"
+setenv prefix "/boot/"
+setenv boot_interface "mmc"
+setenv ethaddr "00:50:43:84:fb:2f"
+setenv eth1addr "00:50:43:25:fb:84"
+
+# fdtfile should come from compile-time u-boot patches
+if test -z "${fdtfile}"; then
+	setenv fdtfile "armada-388-helios4.dtb"
+fi
+
+echo "Boot script loaded from ${boot_interface}"
+
+if load ${boot_interface} 0:1 ${loadaddr} ${prefix}armbianEnv.txt; then
+	env import -t ${loadaddr} ${filesize}
+fi
+
+setenv bootargs "console=ttyS0,115200 root=${rootdev} rootwait rootfstype=${rootfstype} ubootdev=${boot_interface} scandelay loglevel=${verbosity} usb-storage.quirks=${usbstoragequirks} ${extraargs}"
+
+ext4load  ${boot_interface} 0:1 ${fdt_addr} ${prefix}dtb/${fdtfile}
+ext4load  ${boot_interface} 0:1 ${ramdisk_addr_r} ${prefix}uInitrd
+ext4load  ${boot_interface} 0:1 ${kernel_addr_r} ${prefix}zImage
+
+setenv fdt_high 0xffffffff
+setenv initrd_high 0xffffffff
+
+fdt addr ${fdt_addr}
+fdt resize
+
+# Update device tree node
+fdt set /soc/internal-regs/sata@e0000 status "disabled"
+fdt set /soc/internal-regs/sata@a8000 status "disabled"
+fdt set /soc/spi@10680 status "okay"
+fdt set /soc/spi@10680/spi-flash@0 status "okay"
+
+bootz ${kernel_addr_r} ${ramdisk_addr_r} ${fdt_addr}
+
+# Recompile with:
+# mkimage -C none -A arm -T script -d boot_spi_en.cmd /boot_spi_en.scr

docs/helios4/files/uboot/u-boot-armbian-boot-script-support.patch

@@ -0,0 +1,107 @@
+From 6df182d492d2162c501abbd1df237484b4a13023 Mon Sep 17 00:00:00 2001
+Message-Id: <6df182d492d2162c501abbd1df237484b4a13023.1538711251.git.aditya@kobol.io>
+From: ubuntu <aditya@kobol.io>
+Date: Fri, 28 Sep 2018 17:34:33 +0800
+Subject: [PATCH] armbian boot script support
+
+---
+ board/mv_ebu/a38x/mv_main_a38x.c | 37 ++++++++++++++++++++++---------------
+ common/cmd_fs.c                  |  2 +-
+ include/configs/armada_38x.h     |  3 +--
+ 3 files changed, 24 insertions(+), 18 deletions(-)
+
+diff --git a/board/mv_ebu/a38x/mv_main_a38x.c b/board/mv_ebu/a38x/mv_main_a38x.c
+index 0dce7f6..137dd58 100755
+--- a/board/mv_ebu/a38x/mv_main_a38x.c
++++ b/board/mv_ebu/a38x/mv_main_a38x.c
+@@ -331,6 +331,10 @@ void misc_init_r_env(void)
+ 	if (!env)
+ 		setenv("console", "console=ttyS0,115200");
+
++	env = getenv("fdtfile");
++	if (!env)
++		setenv("fdtfile", "armada-388-helios4.dtb");
++
+ 	env = getenv("mtdids");
+ 	if (!env) {
+ #if defined(MV_NAND) && defined(MV_INCLUDE_SPI)
+@@ -679,25 +683,28 @@ void misc_init_r_env(void)
+ 		setenv("enaLPAE", "no");
+ #endif
+
+-	/* Flatten Device Tree environment setup */
+-#ifdef CONFIG_CUSTOMER_BOARD_SUPPORT
+-	#ifdef CONFIG_ARMADA_38X
+-		fdt_env_setup("armada-38x.dtb", MV_FALSE); /* static setup: Skip DT update for customer */
+-	#else
+-		fdt_env_setup("armada-39x.dtb", MV_FALSE);
+-	#endif
+-#else
+-	#ifdef CONFIG_ARMADA_38X
+-		fdt_env_setup("armada-38x-modular.dtb", MV_TRUE); /* dynamic setup: run DT update */
+-	#else
+-		fdt_env_setup("armada-39x.dtb", MV_FALSE); /* static setup: Skip DT update */
+-	#endif
+-#endif
++	setenv("fdt_skip_update", "yes");
++	setenv("boot_a_script",
++		"for prefix in /boot/ /; do \
++		load ${boot_interface} 0:1 ${script_addr_r} ${prefix}boot.scr && \
++		source ${script_addr_r}; \
++		done");
++	setenv("mmcboot",
++		"setenv boot_interface mmc; run boot_a_script;");
++	setenv("sataboot",
++		"scsi init; setenv boot_interface scsi; run boot_a_script;");
++	setenv("usbboot",
++		"setenv usbActive 1; setenv usbType 3; usb start; setenv boot_interface usb; run boot_a_script;");
+
+ #if (CONFIG_BOOTDELAY >= 0)
+ 	env = getenv("bootcmd");
+ 	if (!env)
+-		setenv("bootcmd", "tftpboot 0x2000000 $image_name;tftpboot $fdtaddr $fdtfile;"
++		setenv("bootcmd",
++		"echo Trying to boot from USB; run usbboot;"
++		"echo Trying to boot from SATA; run sataboot;"
++		"echo Trying to boot from MMC; run mmcboot;"
++		"echo Default boot sequence failed - falling back to TFTP;"
++		"tftpboot 0x2000000 $image_name;tftpboot $fdtaddr $fdtfile;"
+ 		"setenv bootargs $console $nandEcc $mtdparts $bootargs_root nfsroot=$serverip:$rootpath "
+ 		"ip=$ipaddr:$serverip$bootargs_end $mvNetConfig video=dovefb:lcd0:$lcd0_params "
+ 		"clcd.lcd0_enable=$lcd0_enable clcd.lcd_panel=$lcd_panel; bootz 0x2000000 - $fdtaddr;");
+diff --git a/common/cmd_fs.c b/common/cmd_fs.c
+index a681d03..9cc5013 100644
+--- a/common/cmd_fs.c
++++ b/common/cmd_fs.c
+@@ -22,7 +22,7 @@
+
+ int do_load_wrapper(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
+ {
+-	return do_load(cmdtp, flag, argc, argv, FS_TYPE_ANY, 0);
++	return do_load(cmdtp, flag, argc, argv, FS_TYPE_ANY, 16);
+ }
+
+ U_BOOT_CMD(
+diff --git a/include/configs/armada_38x.h b/include/configs/armada_38x.h
+index c57353f..746c843 100644
+--- a/include/configs/armada_38x.h
++++ b/include/configs/armada_38x.h
+@@ -164,7 +164,7 @@ extern unsigned int mvUartPortGet(void);
+ #define CONFIG_CMD_RCVR
+ #define CONFIG_CMD_BOOT_MENU
+ #define CONFIG_CMD_SYS_RESTORE
+-
++#define CONFIG_CMD_FS_GENERIC
+
+ /* Open this define for enabling Secure Boot Mode eFuses modification
+ #define CONFIG_CMD_EFUSE
+@@ -207,7 +207,6 @@ extern unsigned int mvUartPortGet(void);
+ #define CONFIG_FS_EXT4
+ #define CONFIG_CMD_EXT4_WRITE
+ #define CONFIG_EXT4_WRITE
+-#define CONFIG_CMD_JFFS2
+ #define CONFIG_CMD_FAT
+ #define CONFIG_FS_FAT
+ #define CONFIG_SUPPORT_VFAT
+--
+2.7.4

docs/helios4/files/uboot/u-boot-mainline-armbian-boot-script-support.patch

@@ -0,0 +1,46 @@
+From 61ddc75ecb082cba51fe7da4d0bc4c73c56abf38 Mon Sep 17 00:00:00 2001
+Message-Id: <61ddc75ecb082cba51fe7da4d0bc4c73c56abf38.1543232476.git.aditya@kobol.io>
+From: Aditya Prayoga <aditya@kobol.io>
+Date: Mon, 26 Nov 2018 19:07:49 +0800
+Subject: [PATCH] helios4: add boot-marvell.cmd backward compatibility
+
+On system that still use boot.scr derived from boot-marvell.cmd, new
+u-boot 2018 will failed load dtb and script due to missing some
+variables. This will render the system unbootable.
+
+These changes added the missing variables.
+
+Signed-off-by: Aditya Prayoga <aditya@kobol.io>
+---
+ include/config_distro_bootcmd.h | 1 +
+ include/configs/helios4.h       | 2 ++
+ 2 files changed, 3 insertions(+)
+
+diff --git a/include/config_distro_bootcmd.h b/include/config_distro_bootcmd.h
+index 373fee7..f469b2d 100644
+--- a/include/config_distro_bootcmd.h
++++ b/include/config_distro_bootcmd.h
+@@ -371,6 +371,7 @@
+ 	"boot_a_script="                                                  \
+ 		"load ${devtype} ${devnum}:${distro_bootpart} "           \
+ 			"${scriptaddr} ${prefix}${script}; "              \
++		"setenv boot_interface ${devtype};" \
+ 		"source ${scriptaddr}\0"                                  \
+ 	\
+ 	"scan_dev_for_scripts="                                           \
+diff --git a/include/configs/helios4.h b/include/configs/helios4.h
+index 6943378..299c58d 100644
+--- a/include/configs/helios4.h
++++ b/include/configs/helios4.h
+@@ -185,6 +185,8 @@
+ 	LOAD_ADDRESS_ENV_SETTINGS \
+ 	"fdtfile=" CONFIG_DEFAULT_DEVICE_TREE ".dtb\0" \
+ 	"console=ttyS0,115200\0" \
++	"loadaddr=0x02000000\0" \
++	"fdt_addr=" FDT_ADDR_R "\0" \
+ 	BOOTENV
+ 
+ #endif /* CONFIG_SPL_BUILD */
+-- 
+2.7.4
+

docs/helios4/files/wol/helios4-dts-add-wake-on-lan-support.patch

@@ -0,0 +1,23 @@
+diff --git a/arch/arm/boot/dts/armada-388-helios4.dts b/arch/arm/boot/dts/armada-388-helios4.dts
+index 705adfa8c..d5afbfc53 100644
+--- a/arch/arm/boot/dts/armada-388-helios4.dts
++++ b/arch/arm/boot/dts/armada-388-helios4.dts
+@@ -84,6 +84,18 @@
+ 		};
+ 	};
+ 
++	gpio-keys {
++		compatible = "gpio-keys";
++		pinctrl-0 = <&microsom_phy0_int_pins>;
++
++		wol {
++			label = "Wake-On-LAN";
++			linux,code = <KEY_WAKEUP>;
++			gpios = <&gpio0 18 GPIO_ACTIVE_LOW>;
++			wakeup-source;
++		};
++	};
++
+ 	io-leds {
+ 		compatible = "gpio-leds";
+ 		sata1-led {

docs/helios4/files/wol/lk4.14-mvebu-gpio-add_wake_on_gpio_support.patch

@@ -0,0 +1,90 @@
+diff --git a/drivers/gpio/gpio-mvebu.c b/drivers/gpio/gpio-mvebu.c
+index 661c5a38f..a25d61d54 100644
+--- a/drivers/gpio/gpio-mvebu.c
++++ b/drivers/gpio/gpio-mvebu.c
+@@ -38,6 +38,7 @@
+ #include <linux/err.h>
+ #include <linux/gpio.h>
+ #include <linux/init.h>
++#include <linux/interrupt.h>
+ #include <linux/io.h>
+ #include <linux/irq.h>
+ #include <linux/irqchip/chained_irq.h>
+@@ -133,7 +134,7 @@ struct mvebu_gpio_chip {
+ 	struct regmap     *regs;
+ 	u32		   offset;
+ 	struct regmap     *percpu_regs;
+-	int		   irqbase;
++	int		   bank_irq[4];
+ 	struct irq_domain *domain;
+ 	int		   soc_variant;
+ 
+@@ -608,6 +609,33 @@ static void mvebu_gpio_irq_handler(struct irq_desc *desc)
+ 	chained_irq_exit(chip, desc);
+ }
+ 
++/*
++ * Set interrupt number "irq" in the GPIO as a wake-up source.
++ * While system is running, all registered GPIO interrupts need to have
++ * wake-up enabled. When system is suspended, only selected GPIO interrupts
++ * need to have wake-up enabled.
++ * @param  irq          interrupt source number
++ * @param  enable       enable as wake-up if equal to non-zero
++ * @return       This function returns 0 on success.
++ */
++static int mvebu_gpio_set_wake_irq(struct irq_data *d, unsigned int enable)
++{
++	struct irq_chip_generic *gc = irq_data_get_irq_chip_data(d);
++	struct mvebu_gpio_chip *mvchip = gc->private;
++	int irq;
++	int bank;
++
++	bank = d->hwirq % 8;
++	irq = mvchip->bank_irq[bank];
++
++	if (enable)
++		enable_irq_wake(irq);
++	else
++		disable_irq_wake(irq);
++
++	return 0;
++}
++
+ /*
+  * Functions implementing the pwm_chip methods
+  */
+@@ -1277,7 +1305,7 @@ static int mvebu_gpio_probe(struct platform_device *pdev)
+ 
+ 	err = irq_alloc_domain_generic_chips(
+ 	    mvchip->domain, ngpios, 2, np->name, handle_level_irq,
+-	    IRQ_NOREQUEST | IRQ_NOPROBE | IRQ_LEVEL, 0, 0);
++	    IRQ_NOREQUEST | IRQ_NOPROBE | IRQ_LEVEL, 0, IRQ_GC_INIT_NESTED_LOCK);
+ 	if (err) {
+ 		dev_err(&pdev->dev, "couldn't allocate irq chips %s (DT).\n",
+ 			mvchip->chip.label);
+@@ -1295,6 +1323,8 @@ static int mvebu_gpio_probe(struct platform_device *pdev)
+ 	ct->chip.irq_mask = mvebu_gpio_level_irq_mask;
+ 	ct->chip.irq_unmask = mvebu_gpio_level_irq_unmask;
+ 	ct->chip.irq_set_type = mvebu_gpio_irq_set_type;
++	ct->chip.irq_set_wake = mvebu_gpio_set_wake_irq;
++	ct->chip.flags = IRQCHIP_SET_TYPE_MASKED | IRQCHIP_MASK_ON_SUSPEND;
+ 	ct->chip.name = mvchip->chip.label;
+ 
+ 	ct = &gc->chip_types[1];
+@@ -1303,6 +1333,8 @@ static int mvebu_gpio_probe(struct platform_device *pdev)
+ 	ct->chip.irq_mask = mvebu_gpio_edge_irq_mask;
+ 	ct->chip.irq_unmask = mvebu_gpio_edge_irq_unmask;
+ 	ct->chip.irq_set_type = mvebu_gpio_irq_set_type;
++	ct->chip.irq_set_wake = mvebu_gpio_set_wake_irq;
++	ct->chip.flags = IRQCHIP_SET_TYPE_MASKED | IRQCHIP_MASK_ON_SUSPEND;
+ 	ct->handler = handle_edge_irq;
+ 	ct->chip.name = mvchip->chip.label;
+ 
+@@ -1318,6 +1350,7 @@ static int mvebu_gpio_probe(struct platform_device *pdev)
+ 			continue;
+ 		irq_set_chained_handler_and_data(irq, mvebu_gpio_irq_handler,
+ 						 mvchip);
++		mvchip->bank_irq[i] = irq;
+ 	}
+ 
+ 	/* Some MVEBU SoCs have simple PWM support for GPIO lines */

docs/helios4/freebsd.md

@@ -0,0 +1,76 @@
+These instructions document how FreeBSD (head) can be built for, and installed on the Helios-4. This has been made possible by the initial port of FreeBSD to the SolidRun Clearfog that has been submitted June 2017 by Semihalf and Stormshield: [Read the announcement here](https://lists.freebsd.org/pipermail/freebsd-arm/2017-June/016314.html).
+
+## Compiling FreeBSD
+There is a manual way to compile FreeBSD, and it is documented on the [SolidRun Wiki Clearfog page](https://wiki.solid-run.com/doku.php?id=products:a38x:software:os:freebsd). The process is almost identical for the Helios-4 in that a suitable DTB has to be copied to the boot partition.
+The following instructions use the [crochet](https://github.com/FreeBSD/crochet/) utility for automating the build and imaging process.
+
+### Get the source
+We use a fork of crochet that has added the necessary bits for Helios-4.
+```bash
+mkdir work; cd work
+git clone --checkout pr-clearfog https://github.com/Artox/crochet.git
+svn checkout https://svn.freebsd.org/base/head src
+```
+
+### Configure the build
+crochet uses a configuration file to perform builds. config.sh.sample is an example, and can be adapted as needed. As a bare minimum, a line
+```bash
+board_setup Clearfog
+```
+has to be at the top near the other commented board_setup_* lines.
+In addition enabling the growfs feature has proven useful for autoresizing the rootfs on first boot: simply uncomment the line
+```bash
+option Growfs
+```
+
+There are plenty of other settings to change, but these suffice for creating a bootable image.
+
+### Build
+Navigate to the crochet folder, and assuming you called your config file config.sh, run:
+```bash
+sudo /bin/sh crochet.sh -c config.sh
+```
+On success an sdcard image will have been produced in the build directory, for example */opt/work/build/FreeBSD-armv7-12.0-GENERIC-333641-Clearfog.img*.
+This image is a complete FreeBSD installation, without U-Boot installed.
+
+### Create SD-Card
+The previously created image can be written to an sdcard as is; assuming your SD-Card is available at /dev/sdX, write the image to it:
+```bash
+pv FreeBSD-armv7-12.0-GENERIC-333641-Clearfog.img | sudo tee /dev/sdX >/dev/null
+```
+
+## Boot It
+In an ideal world U-Boot would already be installed in SPI flash, including the necessary patch for FreeBSD. If you happen to have such an ideal system, you may skip the next section
+
+### Install U-Boot
+Please refer to [U-boot](/helios4/uboot) for build instructions.
+
+The Boot-ROM expects to find U-Boot at 512 bytes into the sdcard. Assuming your SD-Card is available at /dev/sdX, write the u-boot binary to it using dd:
+```bash
+sudo dd bs=512 seek=1 conv=fsync if=u-boot-a38x-5-15-mmc.bin of=/dev/sdX
+```
+
+### Boot
+Insert the sd-card into your device, connect a serial console and turn it on.
+The U-Boot console will come up with a prompt:
+```bash
+Hit any key to stop autoboot: 3
+```
+Press a key to abort automatic boot, or wait till it fails to do a network boot.
+Once it has dropped to a terminal prompt, indicated by *Marvell>>* at the start of the line, configure U-Boot to load the FreeBSD loader by default:
+```bash
+setenv fdt_addr_r 0x1000000
+setenv loadaddr 0x2000000
+setenv bootcmd 'fatload mmc 0:2 ${fdt_addr_r} armada-388-helios4.dtb; fatload mmc 0:2 ${loadaddr} ubldr.bin; go ${loadaddr}'
+setenv bootdelay 1
+saveenv
+```
+Beware: You probably have to paste these lines individually, or U-Boot may mess it up. You can set bootdelay to 0 if you want, that way you will never again get to the u-boot console unless you delete the FreeBSD loader.
+
+Finally, type *boot*, or *reset*, or reset the board by pressing the button labeled U16 on the board.
+This time, just sit back and watch as FreeBSD comes up.
+
+### Default User
+The FreeBSD image by crochet comes with an unlocked root account. This means you do not need to enter a password to log in as root.
+
+*Page contributed by [Artox](https://github.com/Artox)*

docs/helios4/gpio.md

@@ -0,0 +1,391 @@
+
+## User Accessible GPIOs (J12)
+
+Helios4 provides 12 GPIOs on header J12 which can be used for user application. Those GPIOs are provided via an 16-bit IO Expander [PCA9655E](http://www.onsemi.com/PowerSolutions/product.do?id=PCA9655E) connected to I2C bus 0.
+
+![J12 Pinout](/helios4/img/gpio/gpio_pinout_j12.png)
+
+### Pinout Table
+
+| Pin | Port | Remarks |
+|------------|----------|---------|
+| 1 |    -   |   3.3V supply  |
+| 2 | IO0_2  |    |
+| 3 | IO0_3  |    |
+| 4 | IO0_4  |    |
+| 5 | IO0_7  |    |
+| 6 | IO1_0  |    |
+| 7 | IO1_1  |    |
+| 8 | IO1_2  |    |
+| 9 | IO1_3  |    |
+| 10 | IO1_4  |    |
+| 11 | IO1_5  |    |
+| 12 | IO1_6  |    |
+| 13 | IO1_7  |    |
+| 14 |   -    | GND |
+
+!!! warning
+    Ports **IO0_0**, **IO0_1**, **IO0_5**, and **IO0_6** are reserved for system use.
+
+!!! important
+    It is not advisable to access the I2C IO Expander directly using I2C utilities.
+
+## Accessing GPIOs under Linux
+
+If the kernel supports debugfs (*CONFIG_DEBUG_FS=y*), list of GPIOs can be retrieved with the following command
+
+```bash
+sudo cat /sys/kernel/debug/gpio
+```
+
+Look for the **gpiochip2: GPIOs XXX-YYY** section, whereas **XXX** is first GPIO number and **YYY** is last GPIO number of IO expander.
+
+
+```
+gpiochip2: GPIOs 496-511, parent: i2c/0-0020, pca9555, can sleep:
+ gpio-496 (                    |board-rev-0         ) in  lo    
+ gpio-497 (                    |board-rev-1         ) in  lo    
+ gpio-498 (                    |(null)              ) out hi    
+ gpio-499 (                    |(null)              ) in  hi    
+ gpio-500 (                    |(null)              ) in  hi    
+ gpio-501 (                    |usb-overcurrent-stat) in  hi    
+ gpio-502 (                    |USB-PWR             ) out hi    
+ gpio-503 (                    |(null)              ) in  hi    
+ gpio-504 (                    |(null)              ) in  hi    
+ gpio-505 (                    |(null)              ) in  hi    
+ gpio-506 (                    |(null)              ) in  hi    
+ gpio-507 (                    |(null)              ) in  hi    
+ gpio-508 (                    |(null)              ) in  hi    
+ gpio-509 (                    |(null)              ) in  hi    
+ gpio-510 (                    |(null)              ) in  hi    
+ gpio-511 (                    |(null)              ) in  hi    
+```
+
+Another way to get first GPIO number of the IO expander
+
+```
+cat /sys/bus/i2c/devices/0-0020/gpio/gpiochip*/base
+```
+
+Therefore the mapping between header J12 Pins and Sysfs GPIO numbers will be as described in the following table
+
+### GPIO Table
+
+| Pin | Sysfs GPIO number | Remarks |
+|----|-----|---------|
+|  1 |  -  |   3.3V supply  |
+|  2 | 498 |    |
+|  3 | 499 |    |
+|  4 | 500 |    |
+|  5 | 503 |    |
+|  6 | 504 |    |
+|  7 | 505 |    |
+|  8 | 506 |    |
+|  9 | 507 |    |
+| 10 | 508 |    |
+| 11 | 509 |    |
+| 12 | 510 |    |
+| 13 | 511 |    |
+| 14 |  -  |  GND |
+
+!!! note
+    The mapping table is unlikely to change between Kernel version.
+
+
+### GPIO Control
+
+**1.** Export the GPIO number you want to use
+
+```
+echo N | sudo tee -a /sys/class/gpio/export
+```
+
+**2.** Set the direction, "out" for Output or "in" for Input
+
+```
+echo DIRECTION | sudo tee -a /sys/class/gpio/gpioN/direction
+```
+
+**3.** Now you can read or change the GPIO value
+
+To read GPIO value
+
+```
+cat /sys/class/gpio/gpioN/value
+```
+
+To change GPIO value (only if GPIO set as Output)
+
+```
+echo VALUE | sudo tee -a /sys/class/gpio/gpioN/value
+```
+
+!!! notes
+    Pay attention to the path, /sys/class/gpio/gpio**N**/ where **N** is the GPIO number.
+
+#### Example
+
+Set IO1_7 (pin 13) output as high
+
+```
+echo 511 | sudo tee -a /sys/class/gpio/export
+echo "out" | sudo tee -a /sys/class/gpio/gpio511/direction
+echo 1 | sudo tee -a /sys/class/gpio/gpio511/value
+```
+
+## Use GPIO with Device Tree Overlay
+
+!!! info
+    Device Tree Compiler (dtc) from OS package manager usually is too old, use the one from kernel source or download binary version for Arm [here](/helios4/files/dt-overlay/dtc).
+
+Another way to use the GPIO is by using device tree. In device tree the user accessible
+GPIO is labelled as [expander0](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/arm/boot/dts/armada-388-helios4.dts#n155).
+
+Instead of directly modifying the Helios4 device tree source (*armada-388-helios4.dts*) and recompiling,
+Linux and U-Boot provide a mechanism called device tree overlay. With overlay, user just needs
+to create simple device tree that would be overlay'd on top of base device tree.
+
+For example, to use **IO0_2** as power off button input, create following device tree source
+and save it as power-button.dts
+
+```
+/dts-v1/;
+/plugin/;
+
+/ {
+	fragment@0 {
+		target-path = "/gpio-keys";
+		__overlay__ {
+			power-button {
+				label = "Soft Power Off";
+				linux,code = <116>;
+				gpios = <&expander0 2 1>;
+			};
+		};
+	};
+};
+
+```
+Download dtc and compile device tree with this command
+
+```
+wget https://wiki.kobol.io/helios4/files/dt-overlay/dtc
+chmod 755 dtc
+./dtc -I dts -O dtb -o power-button.dtbo power-button.dts
+```
+
+***Button Wiring***
+
+![button wiring](/helios4/img/gpio/power_button_sch.png)
+
+The GPIO has internal pull up resistor, when the button is not pressed the input read as High and when the button is pressed the input read as Low, therefore we use active low flag.
+
+----
+
+In the above example you will find the 2 following lines
+
+```
+linux,code = <116>;
+gpios = <&expander0 2 1>;
+```
+
+For **linux,code** property, you can use one of the following values. For complete even code list refer to [input-event-codes.h](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/include/uapi/linux/input-event-codes.h).
+
+| Event Code Name | Event Code | Description |
+|-------------|-------|---------------|
+| KEY_POWER   | 116   | Power Button  |
+| KEY_SLEEP   | 142   | Sleep Button  |
+| KEY_WAKEUP  | 116   | Power Button  |
+| BTN_0       | 0x100 | User Button 0 |
+| BTN_1       | 0x101 | User Button 1 |
+| BTN_2       | 0x102 | User Button 2 |
+| BTN_3       | 0x103 | User Button 3 |
+| BTN_4       | 0x104 | User Button 4 |
+| BTN_5       | 0x105 | User Button 5 |
+| BTN_6       | 0x106 | User Button 6 |
+| BTN_7       | 0x107 | User Button 7 |
+| BTN_8       | 0x108 | User Button 8 |
+| BTN_9       | 0x109 | User Button 9 |
+
+For **gpios** properties, the syntax is as follow
+
+`<&expander0 index flag>`
+
+Where *index* is one of the following values
+
+| Port Number | Index |
+|-------|----|
+| IO0_2 |  2 |
+| IO0_3 |  3 |
+| IO0_4 |  4 |
+| IO0_7 |  7 |
+| IO1_0 |  8 |
+| IO1_1 |  9 |
+| IO1_2 | 10 |
+| IO1_3 | 11 |
+| IO1_4 | 12 |
+| IO1_5 | 13 |
+| IO1_6 | 14 |
+| IO1_7 | 15 |
+
+And *flag* is one of the following values
+
+| Flag |  Property |
+|------|-----------|
+| 0 | GPIO line is active high |
+| 1 | GPIO line is active low |
+
+For more info please refer to
+[gpio-keys binding](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/Documentation/devicetree/bindings/input/gpio-keys.txt).
+
+### Device Tree Overlay under Armbian
+
+!!! info
+    Armbian older than version 5.98 is still not compiled with overlay support. Refer to instruction to [Compile Helios4 DTB with Symbol Support](#compile-helios4-dtb-with-symbol-support) or use precompiled binary.
+
+    Armbian Default (Stretch, Linux Kernel 4.14):
+
+    `wget https://wiki.kobol.io/files/dt-overlay/lk4.14_armada-388-helios4.dtb`
+
+    `sudo cp lk4.14_armada-388-helios4.dtb /boot/dtb/armada-388-helios4.dtb`
+
+    Armbian Next (Buster, Linux Kernel 4.19):
+
+    `wget https://wiki.kobol.io/files/dt-overlay/lk4.19_armada-388-helios4.dtb`
+
+    `sudo cp lk4.19_armada-388-helios4.dtb /boot/dtb/armada-388-helios4.dtb`
+
+
+Create */boot/overlay-user/* to store the overlay and copy the overlay to the folder
+
+```
+sudo mkdir -p /boot/overlay-user
+sudo cp power-button.dtbo /boot/overlay-user/
+```
+
+Then edit */boot/armbianEnv.txt* and append the overlay filename (without dtbo extension) to *user_overlays*
+
+`user_overlays=power-button`
+
+Reboot the system to load the overlay.
+
+
+!!! notes
+    If there is more than one overlay file, separate it by space. For example
+
+    `user_overlays=power-button sleep-button`
+
+----
+
+***Additional Steps for U-Boot 2018.11 (Armbian Default)***
+
+Bootscript (**boot.scr**) used in Armbian Default does not have routine to automatically load overlay from */boot/overlay-user* therefore **/boot/boot.cmd** need to be modified.
+
+Append the following block
+
+```
+fdt addr ${fdt_addr}
+fdt resize 65536
+
+for overlay_file in ${user_overlays}; do
+	if load ${boot_interface} 0:1 ${loadaddr} ${prefix}overlay-user/${overlay_file}.dtbo; then
+		echo "Applying user provided DT overlay ${overlay_file}.dtbo"
+		fdt apply ${loadaddr} || setenv overlay_error "true"
+	fi
+done
+
+if test "${overlay_error}" = "true"; then
+	echo "Error applying DT overlays, restoring original DT"
+	load ${boot_interface} 0:1 ${fdt_addr} ${prefix}dtb/${fdtfile}
+fi
+```
+
+before
+
+`bootz ${kernel_addr_r} ${ramdisk_addr_r} ${fdt_addr}`
+
+so it become
+
+```
+fdt addr ${fdt_addr}
+fdt resize 65536
+
+for overlay_file in ${user_overlays}; do
+	if load ${boot_interface} 0:1 ${loadaddr} ${prefix}overlay-user/${overlay_file}.dtbo; then
+		echo "Applying user provided DT overlay ${overlay_file}.dtbo"
+		fdt apply ${loadaddr} || setenv overlay_error "true"
+	fi
+done
+
+if test "${overlay_error}" = "true"; then
+	echo "Error applying DT overlays, restoring original DT"
+	load ${boot_interface} 0:1 ${fdt_addr} ${prefix}dtb/${fdtfile}
+fi
+
+bootz ${kernel_addr_r} ${ramdisk_addr_r} ${fdt_addr}
+```
+
+Recompile with
+
+`mkimage -C none -A arm -T script -d /boot/boot.cmd /boot/boot.scr`
+
+----
+
+### Device Tree Overlay under Other Distro
+
+#### Compile Helios4 DTB with Symbol Support
+
+Download Linux Kernel source code and extract it to *~/src/linux*. Change directory to *~/src/linux*
+
+Download and apply kernel patch for
+
+- Linux Kernel 4.14
+
+```
+wget https://wiki.kobol.io/helios4/files/dt-overlay/compile-dtb-lk-4.14.patch
+git apply --apply compile-dtb-lk-4.14.patch
+```
+
+- Linux Kernel 4.19
+
+```
+wget https://wiki.kobol.io/helios4/files/dt-overlay/compile-dtb-lk-4.19.patch
+git apply --apply compile-dtb-lk-4.19.patch
+```
+
+Compile Helios4 device tree
+
+`make armada-388-helios4.dtb`
+
+Copy the dtb to boot folder (eg. /boot/dtb/)
+
+`sudo cp arch/arm/boot/dts/armada-388-helios4.dtb /boot/dtb/`
+
+Copy the overlay also to the same folder.
+
+#### Apply overlay on U-Boot
+
+To apply overlay to base dtb, the procedure is
+
+1. Load Helios4 dtb to memory
+2. Set fdt address to dtb address
+3. Resize the fdt
+4. Load overlay to memory
+5. Apply from overlay address
+6. Boot the kernel
+
+Example command
+
+```
+load mmc 0:1 ${ramdisk_addr_r} /boot/uInitrd
+load mmc 0:1 ${kernel_addr_r} /boot/zImage
+
+load mmc 0:1 ${fdt_addr_r} /boot/dtb/${fdtfile}
+fdt addr ${fdt_addr_r}
+fdt resize 65536
+load mmc 0:1 0x300000 /boot/dtb/power-button.dtbo
+fdt apply 0x300000
+
+bootz ${kernel_addr_r} ${ramdisk_addr_r} ${fdt_addr_r}
+
+```

docs/helios4/hardware.md

@@ -0,0 +1,142 @@
+## Block Diagram
+
+### Helios4 Carrier Board
+![!Block Diagram](/helios4/img/hardware/helios4_block_diagram.jpg)
+
+### A388 System-On-Chip
+![!Block Diagram](/helios4/img/hardware/soc_block_diagram.png)
+
+## Connector / Interface List
+
+![!Board Legend](/helios4/img/hardware/board_legend.jpg)
+
+Name |Peripheral Type|Connector Type|Details
+-----|---------------|--------------|-------
+CON2|Serial port|Micro-USB Connector|Via onboard FTDI USB-to-UART0 bridge
+*J8*|*RC Battery*|*Not populated*|*External battery source for RTC clock*
+J9|I2C|4x1 Pin Male Header|I2C Bus 1
+J10|Fan|4x1 Pin Male Header|PWM and RPM support
+J12|GPIO|7x2 Pin Male Header|GPIO configurable as input or output<br>Via IO Expander on I2C Bus 0
+*J13*|*Serial port*|*Not populated*|*SoM UART0 interface*
+J14|HDD Power|Molex 4-Pin Female|Rated for 2x HDD
+J15|LAN|RJ45|Gigabit Ethernet
+J16|DC connector|Kycon 4-Pin Mini-DIN|DC input 12V / 8A
+J17|Fan|4x1 Pin Male Header|PWM and RPM support
+J18|LED Panel|5x2 Pin Male Header|Expansion port of on-board LED
+J19|HDD Power|Molex 4-Pin Female|Rated for 2x HDD
+SW1|Boot Mode|Dip Switch|Boot mode selector :<br> SPI,MMC,UART,SATA
+SW2|LED Mode|Dip Switch|LED mode selection :<br> board or expansion panel
+U3|microSD|Push-Push card connector|Support SDHC and SDXC
+U4|USB 3.0|Dual Port USB3.0|Type A
+U16|Reset|Push Button|CPU Reset
+U10|SATA|SATA 3.0|Port 0 (SATA1)
+U11|SATA|SATA 3.0|Port 1 (SATA2)
+U12|SATA|SATA 3.0|Port 2 (SATA3)
+U13|SATA|SATA 3.0|Port 3 (SATA4)
+
+## Boot Modes
+
+Helios4 supports 4 boot modes that can be chosen by using the dipswitch SW1.
+
+![Dipswitch modes](/helios4/img/hardware/dipswitch_modes.jpg)
+
+All the ready-to-use images we provide are for the **SD Card** boot mode.
+
+Please refer to [U-boot](/helios4/uboot) section to know how to use the other modes.
+
+## LED indicators
+
+LED Name|Color|Description
+---|---|---
+LED1|green|System heartbeat
+LED2|red|Error status
+LED3|green|SATA1 activity
+LED4|green|SATA2 activity
+LED5|green|SATA3 activity
+LED6|green|SATA4 activity
+LED7|green|USB activity
+LED8|green|Power indicator
+
+Helios4 board was designed to either use the on-board LEDs or use an expansion panel (not-available). To use the on-board LEDs insure to switch to ON the dipswitch SW2.
+
+![Dipswitch LED](/helios4/img/hardware/dipswitch_led_on.jpg)
+
+## Reset Button
+
+Helios4 board provides a RESET push button (U16) to hard reset the SoC (System-On-Chip).
+
+![Reset Button](/helios4/img/hardware/reset_button.jpg)
+
+!!! Important
+    This button only resets the SoC and not the overall board. For instance it won't reset the HDD.
+
+## I2C Interface
+
+Helios4 board exposes on header J9 the SoC I2C Bus 1. Below is the header pin-out, the little arrow on the PCB indicates the ground pin.
+
+![I2C Pinout](/helios4/img/hardware/i2c_pinout.png)
+
+## Power Consumption
+
+**Board only**
+
+* Idle  : 3.6 Watts
+* Active : 5.6 Watts
+
+**Full Kit (with 4x HDDs)**
+
+| State               | AC calculated<br>power consumption | DC measured<br>power consumption | Remarks             |
+|---------------------|----------------------|----------------------|---------------------|
+|  Idle               | 19.3 W               | 16.8 W               |                     |
+|  HDD Read Access    | 27.4 W               | 22.8 W               |                     |
+|  HDD Write Access   | 30.3 W               | 25.2 W               |                     |
+|  Standby            | 8.0 W                | 6.7 W                | HDD in Standby mode |
+|  Suspend-to-Ram     | 7.2 W                | 6.0 W                | HDD in Standby mode |
+
+!!! note
+    Measures were done using a Current Clamp Meter on the Helios4 12V DC input. AC Power consumption is calculated based on a AC/DC conversion efficiency of 85%.
+
+    * Meter tool : Extech 380942 - 30A True RMS AC/DC Mini Clamp
+    * AC/DC Adapter : yczx1268 (efficiency : 85%)
+    * AC Input Voltage: 220V
+    * HDD: 4x WD Red 2TB (WD20EFRX) configured as RAID10
+    * Network : Connected at 1000Mb/s
+    * OS: ARMBIAN 5.73 stable Debian GNU/Linux 9 (stretch) 4.14.98-mvebu   
+
+
+## HDD Recommendation List
+
+We recommend HDD which are designed for NAS (Network Attached Storage). Those NAS HDD are specially conceived for reliable 24/7 operation and offers lower power consumption and dissipation, less vibration and noise, and finally better warranty. We recommend the following models :
+
+**Western Digital** : WD Red NAS (1, 2, 3, 4, 6, 8 and 10TB)
+
+- WD10EFRX
+- WD20EFRX
+- WD30EFRX
+- WD40EFRX
+- WD60EFRX
+- WD80EFZX
+- WD100EFAX
+
+**Seagate** : IronWolf NAS (1, 2, 3, 4, 6, 8 and 10TB)
+
+- ST1000VN002
+- ST2000VN004
+- ST3000VN007
+- ST4000VN008
+- ST6000VN0041
+- ST8000VN0022
+- ST10000VN0004
+
+**HGST** : Deskstar NAS (4, 6 and 8TB)
+
+- 0S04005
+- 0S04007
+- 0S04012
+
+!!! note
+    We recommend to order from different shop to avoid having all the drives from the same factory batch. For instance, you should order 2x HDDs from one shop, then the 2 others from another shop.
+
+## HDD / SSD Compability List
+
+Please refer to [Synology DS416j Compatibility List](https://www.synology.com/en-global/compatibility?search_by=products&model=DS416j&category=hdds&p=1) that covers a large number of tested drives. The DS416j used the same SoC family than Helios4.

docs/helios4/i2c.md

@@ -0,0 +1,127 @@
+This tutorial will explain how to connect and setup an I2C OLED screen to display System Status as show in the following captures :
+
+![system status](/helios4/img/i2c/capture_01.png)
+![system time](/helios4/img/i2c/capture_02.png)
+
+!!! info
+    You can find I2C OLED display on Aliexpress.com. Search for "i2c oled 1.3".
+
+
+## Connect OLED Display
+
+The I2C interface on Helios4 board is located at header **J9** which exposes the SoC I2C Bus 1. Below is the header pin-out, the little arrow on the PCB indicates the GND pin.
+
+![I2C Pinout](/helios4/img/hardware/i2c_pinout.png)
+
+You will need to use Female to Female Jumper Wire (a.k.a Dupont Cable) to connect your display to Helios4 board.
+
+Connect matching pin on each side (GND to GND, VCC to VCC, SDA to SDA, etc...). Ideally you use cables of different colors to easily check that your wiring is correct.
+
+![oled i2c wiring](/helios4/img/i2c/wiring_01.jpeg)
+![board i2c wiring](/helios4/img/i2c/wiring_02.jpeg)
+
+
+### Check I2C Communication
+
+To check if the system can communicate with the OLED device, we should first scan the I2C bus to see if we can detect the device.
+
+1. Install the Linux i2c tools.
+
+```
+$ sudo apt-get install i2c-tools
+```
+
+2. Use **i2cdetect** tool to scan I2C Bus 1.
+
+```
+root@helios4:~# i2cdetect -y 1
+
+     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
+00:          -- -- -- -- -- -- -- -- -- -- -- -- --
+10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
+20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
+30: -- -- -- -- -- -- -- -- -- -- -- -- 3c -- -- --
+40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
+50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
+60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
+70: -- -- -- -- -- -- -- --   
+```
+
+Here we can see there is a device detected at the address 0x3c. We can conclude is our OLED screen, unless you have connected more than just one I2C device on the **J9** header.
+
+
+## SYS-OLED Application
+
+**sys-oled** is an application to display Helios4 system status on I2C OLED display.
+
+* Based on [luma.oled](https://github.com/rm-hull/luma.oled)
+* Inspired from luma.oled [sys_info.py](https://github.com/rm-hull/luma.examples/blob/master/examples/sys_info.py) example
+
+### Installation
+
+```
+git clone https://github.com/helios-4/sys-oled.git
+cd sys-oled
+sudo ./install.sh
+```
+
+### Configuration
+
+#### 1. Configure OLED display model
+
+Test which display model is the correct one by launching manually **sys-oled** and trying different display model as parameter until the System Status is showing correctly on the display.
+
+!!! info
+    If you get your OLED display as part of your Helios4 Kit, then you can skip to next [step](#2-configure-display-info) since **sys-oled** is already configure to use the correct model.
+
+Example :
+
+```
+sudo sys-oled --display ssd1306
+sudo sys-oled --display sh1106
+
+```
+
+Supported values : ssd1306 (default), ssd1322, ssd1325, ssd1327, ssd1331, ssd1351, sh1106.
+
+Once you know which display model is the correct one, edit */etc/sys-oled.conf* and update the **display_model=** line.
+
+
+#### 2. Configure display info
+
+By default **sys-oled** will display usage info of your micro SDcard which is most probably your Root File System. You can display storage usage info of one more storage device by editing */etc/sys-oled.conf*
+
+```
+sudo nano /etc/sys-oled.conf
+```
+
+You can edit the following lines to define for which storage devices you want to display usage info.
+
+```
+# Storage Device 1
+# Device name
+storage1_name = sd
+
+# Device mount path
+storage1_path = /
+
+# Storage Device 2
+storage2_name= md0
+storage2_path= /mnt/md0
+
+```
+
+In the above example, we are displaying **sd** (SDcard) usage which is the rootfs mounted on *'/'*. We are also displaying **md0** (RAID array) that is mounted on *'/mnt/mnd0'*.
+
+
+#### 3. Start the service
+
+The install script will have automatically setup **sys-oled** to start at every startup. Now you can either restart your Helios4 or you can launch directly the service with the following command:
+
+```
+systemctl start sys-oled.service
+```
+
+### Note
+
+This sys-oled app was developed and tested only with the OLED model SH1106 which has a matrix panel of 132 x 64. If you use a different model that has a smaller resolution, you might need to tweak the coordinate values in [sys-oled file](https://github.com/helios-4/sys-oled/blob/master/bin/sys-oled#L105-L117).