FreeCalypso > hg > fc-magnetite

comparison doc/C139-Howto @ 94:596d86109e44

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
initial round of documentation
author Mychaela Falconia <falcon@freecalypso.org>
date Mon, 03 Oct 2016 04:26:16 +0000
parents
children 48792a467305
comparison
equal deleted inserted replaced
93:6475bde1b170 94:596d86109e44
1 Running FreeCalypso Magnetite firmware on the Motorola C139
2 ===========================================================
3
4 Mot C139 phones are brickable - because the Calypso boot ROM is disabled by PCB
5 wiring, the ability to reflash a phone with new firmware critically depends on
6 there being a particular kind of boot code in flash sector 0 at all times - a
7 particular kind of boot code that allows the boot process to be interrupted and
8 diverted to external code loaded via the headset jack serial port.
9
10 The FreeCalypso project has adopted one specific version of the flash sector 0
11 boot code (produced by applying a binary patch to one of Compal/Motorola's
12 original versions) for use with all of our firmwares for this target. No matter
13 which FreeCalypso firmware you are running - Citrine, Magnetite or tcs211-c139 -
14 you flash your FC fw image at offset 0x10000 while keeping this boilerplate boot
15 code at the beginning of the flash:
16
17 ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/compal-flash-boot-for-fc.bin
18
19 Because neither FC Citrine nor FC Magnetite implements any phone UI or puts
20 anything at all on the LCD, when a C139 phone is flashed with one of our
21 firmwares, it will behave very oddly:
22
23 * Whenever the phone is off but the battery is inserted, even a momentary
24 accidental press of the power button will launch a full power-on and firmware
25 boot - without any visible indication whatsoever as the LCD stays dark!
26
27 * Once the firmware has booted from a press of the power button - even a
28 momentary accidental press - there is no way to make it shut down and power
29 off except by sending a power-off command via the headset jack serial port.
30 So it will just keep running until the battery runs down, once again with the
31 LCD dark and no visible indication of any kind that it's on.
32
33 Additional considerations are:
34
35 * Flashing a given phone back and forth between FreeCalypso and Mot/Compal's
36 official firmware is a royal pita, so if you are going to play with
37 FreeCalypso on a C139, it would be the easiest to dedicate a phone
38 specifically for FC experiments;
39
40 * We haven't got firmware-controlled battery charging working yet, so you will
41 need another phone running one of the official fw versions to charge
42 batteries.
43
44 Converting a phone to FreeCalypso
45 =================================
46
47 Start by installing FreeCalypso host tools on your PC/laptop or whatever host
48 you will use to talk to C139 phones, if you haven't already. If you are
49 starting with an unhacked C139 phone running one of the official firmware
50 versions, the procedure for flashing and bringing up FreeCalypso for the first
51 time is as follows:
52
53 * Note down your phone's factory IMEI. After you get FreeCalypso firmware
54 flashed and running, you will need to set your own IMEISV, as our fw doesn't
55 know how to grok Mot/Compal's flash data structures where they store theirs.
56 You can set whatever IMEISV you like, but if you would like to keep the
57 factory one, it would be the easiest to have it noted down on a piece of
58 paper. If you have a labelmaker, you can print a sticky label with the IMEI
59 and stick it on the side of the phone where you can easily see it later while
60 playing with FreeCalypso.
61
62 * Get in with fc-loadtool, preceded with tfc139 if necessary - see FC host tools
63 documentation.
64
65 * Once you are in with fc-loadtool, i.e., at the loadtool> prompt, reflash the
66 boot sector with the FreeCalypso version:
67
68 loadtool> flash erase-program-boot compal-flash-boot-for-fc.bin
69
70 * Flash the FC Magnetite firmware image you have compiled:
71
72 loadtool> flash erase 0x10000 0x230000
73 loadtool> flash program-bin 0x10000 fwimage.bin
74
75 * Erase the flash sectors to be used for the FFS (flash file system) by
76 FreeCalypso firmwares:
77
78 loadtool> flash erase 0x3C0000 0x30000
79
80 * Exiting fc-loadtool cleanly will cause it to power off the phone:
81
82 loadtool> exit
83
84 Reflashing between different FreeCalypso firmwares
85 ==================================================
86
87 By the conventions established in the FreeCalypso project, all of our firmwares
88 for the C139 target have the following in common:
89
90 * They all stay out of the boot sector and expect to receive control from the
91 boot code in the same manner (boot entry point at 0x10058, exception vectors
92 at 0x10000), thus there is no need to reflash the dangerous boot sector when
93 going from one FC firmware to another.
94
95 * They all use the same aftermarket FFS configuration of 3 sectors of 64 KiB
96 each (64x3) at 0x3C0000. This FFS location is deliberately different from
97 the one used by Mot/Compal's firmwares, eliminating the possibility of one fw
98 trying to use the FFS created by the other, and by putting our FFS toward the
99 end of the flash we maximize the amount of flash space available for our
100 firmware code images. But even though we don't share our FFS with
101 Mot/Compal's official firmwares, we do share the same FFS between all of
102 FreeCalypso firmware projects - thus once you have initialized your FFS (see
103 below) with one FC firmware version, it will work with the others as well.
104
105 If you need to reflash your C139 from one FC firmware version to another,
106 simply get in with fc-loadtool -h compal (no more need for the inefficient
107 -c 1003 or -c 1004 options or for tfc139) and reflash just the fw image part:
108
109 loadtool> flash erase 0x10000 0x230000
110 loadtool> flash program-bin 0x10000 fwimage.bin
111
112 First boot of the firmware
113 ==========================
114
115 Connect the serial cable, but instead of running fc-loadtool, run rvinterf.
116 Press the red power button on the phone briefly just like you would for
117 fc-loadtool entry. Because there is no fc-loadtool running on the host end of
118 the serial cable, the boot path will *not* be diverted in the bootloader, and
119 the main fw image will run - and this time it will be the FreeCalypso firmware
120 you have compiled and flashed. The phone's LCD will remain dark as there is no
121 LCD driver code in this firmware, but you will see trace output in the rvinterf
122 window, telling you that the fw is running.
123
124 Before you do anything else, you will need to run fc-fsio and initialize the
125 aftermarket FFS for our firmware:
126
127 fsio> format /
128 fsio> mk-std-dirs
129 fsio> set-imeisv fc XXXXXXXX-YYYYYY-ZZ (punctuation optional, place anywhere)
130 fsio> set-rfcap dual-eu (if you have 900+1800 MHz hardware)
131 or
132 fsio> set-rfcap dual-us (if you have 850+1900 MHz hardware)
133
134 After you've initialized your FFS as above, you can exit fc-fsio, run fc-shell
135 and try some AT commands:
136
137 AT+CMEE=2 -- enable verbose error responses
138 AT+CFUN=1 -- enable radio and SIM interfaces
139 AT+COPS=0 -- register to the default GSM network
140
141 When you are done, you can power the phone off by sending a 'poweroff' command
142 through fc-shell. The only other way is to yank the battery, and doing the
143 latter is recommended anyway: when a phone with the present hack-firmware
144 flashed into it is powered off but still has the battery inserted, even a
145 momentary accidental press of the power button will cause it to power on and
146 boot, but there will be absolutely no visual indication, as the LCD stays dark.