FreeCalypso > hg > fc-magnetite
diff doc/C1xx-Howto @ 543:4f378f6c5efa
doc/C1xx-Howto: C155 support
author | Mychaela Falconia <falcon@freecalypso.org> |
---|---|
date | Wed, 07 Nov 2018 03:24:14 +0000 |
parents | 9c5944d1bac5 |
children | 9327935d8549 |
line wrap: on
line diff
--- a/doc/C1xx-Howto Tue Nov 06 16:30:16 2018 +0000 +++ b/doc/C1xx-Howto Wed Nov 07 03:24:14 2018 +0000 @@ -16,14 +16,16 @@ via a special cable. There is no need to disassemble the phone in any way or to do any soldering or other hardware surgery, but you will need a host system to run the multitude of special software tools that are involved in the -procedure. You will need to begin by installing FreeCalypso host tools, and -the current version of the FC-to-C1xx xenotransplantation procedure (the -additions from the previous version are RF calibration data migration and -battery charging configuration) requires the latest fc-host-tools-r9 release: +procedure. You will need to begin by installing FreeCalypso host tools: the +current version of our FC-to-C1xx xenotransplantation procedure for the lower +C1xx subfamilies (the additions from the previous version are RF calibration +data migration and battery charging configuration) requires fc-host-tools-r8 or +later, or if you are working on a C155 or C156 phone, you will need our very +latest fc-host-tools-r9a release: -ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/fc-host-tools-r9.tar.bz2 +ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/fc-host-tools-r9a.tar.bz2 -You will also need the battery charging configuration files: +You will also need our battery charging configuration files: https://bitbucket.org/falconian/fc-battery-conf @@ -57,10 +59,11 @@ phones that have passed through our hands so far, the first two digits of the IMEI have been 35 on 900+1800 MHz phones and 01 on 850+1900 MHz ones. -* You need to know whether your phone has 2 MiB or 4 MiB flash. To the best of - our knowledge, all C139/140 phones have 4 MiB flash, but C11x have been seen - with both 2 MiB and 4 MiB flashes. The flash memory size will be autodetected - by fc-loadtool as part of making the flash dump. +* For the lower C1xx subfamilies only: you need to know whether your phone has + 2 MiB or 4 MiB flash. To the best of our knowledge, all C139/140 phones have + 4 MiB flash, but C11x have been seen with both 2 MiB and 4 MiB flashes. The + flash memory size will be autodetected by fc-loadtool as part of making the + flash dump. C155 and C156 phones have 8 MiB flash. The Mother's method for keeping track of these per-phone bits of information is to create a separate directory for each phone with the IMEI as the directory @@ -73,15 +76,14 @@ connect the serial cable between your host computer and the phone's headset jack, and run fc-loadtool as follows: -fc-loadtool -h compal -c 1004 /dev/ttyXXX +C11x/12x: fc-loadtool -h compal /dev/ttyXXX +C139/140: fc-loadtool -h compal -c 1004 /dev/ttyXXX +C155/156: fc-loadtool -h c155 /dev/ttyXXX Change /dev/ttyXXX to the serial or USB-serial device corresponding to your -serial cable. The -c 1004 option (adds a little inefficiency which is required -for C139/140 phones) can be omitted if your phone is C11x/12x, but it is also -harmless to always add it. With the serial cable connected, the phone in the -powered-off state and the fc-loadtool process running and waiting for the phone, -press the red power button on the phone - a momentary press is sufficient and -recommended. +serial cable. With the serial cable connected, the phone in the powered-off +state and the fc-loadtool process running and waiting for the phone, press the +red power button on the phone - a momentary press is sufficient and recommended. Once the phone boots the loadagent code fed to it serially by fc-loadtool and you land at the loadtool> prompt, issue the following command: @@ -89,19 +91,20 @@ flash dump2bin flashdump.bin Given this command, fc-loadtool will autodetect whether your phone has 2 MiB or -4 MiB flash, then make a dump of the complete content of this flash memory and -save it in a file named flashdump.bin in the current directory. When this -operation completes, exit the loadtool session with the exit command - it will -also cleanly power the phone off. +4 MiB flash (for the lower C1xx subfamilies), then make a dump of the complete +content of this flash memory and save it in a file named flashdump.bin in the +current directory. When this operation completes, exit the loadtool session +with the exit command - it will also cleanly power the phone off. The next step is to extract the RF calibration values. Run a command of the following form: c1xx-calextr -b rfbin flashdump.bin <offset> -Change <offset> to 0x1FC000 if your phone has 2 MiB flash (the size of -flashdump.bin is 2097152 bytes) or 0x3FC000 if it has 4 MiB flash (the size of -flashdump.bin is 4194304 bytes). The stdout scribbles from c1xx-calextr will +For the lower C1xx subfamilies, change <offset> to 0x1FC000 if your phone has +2 MiB flash (the size of flashdump.bin is 2097152 bytes) or 0x3FC000 if it has +4 MiB flash (the size of flashdump.bin is 4194304 bytes). For C155/156 the +correct offset is 0x7E0000. The stdout scribbles from c1xx-calextr will indicate which per-band calibration records it finds (from which you can tell if the phone has 900+1800 MHz or 850+1900 MHz bands if you didn't have this knowledge already), and a directory named rfbin will be created, containing the @@ -113,21 +116,20 @@ ================================================== There is only one FC Magnetite firmware configuration for C11x/12x phones, but -for the better C139/140 phones there are several to choose from. The following -two configs are the currently recommended ones: +for the better C139/140 phones (or for C155/156) there are several to choose +from. The following two configs are the currently recommended ones: -hybrid-vpm This config is available for both C11x/12x and C139/140 - subfamilies, although the actual fw images are different - between the two. In this configuration the converted phone - acts not as an end user phone, but as a voice pseudo-modem that - needs to be controlled by a host computer via a serial cable to - do anything interesting. See the Voice-pseudo-modem article - for more information. +hybrid-vpm This config is available for all 3 C1xx subfamilies, although + the actual fw images are different for each. In this + configuration the converted phone acts not as an end user phone, + but as a voice pseudo-modem that needs to be controlled by a + host computer via a serial cable to do anything interesting. + See the Voice-pseudo-modem article for more information. -hybrid-ui-vo This config is available only for the C139/140 target, not - C11x/12x. This configuration includes the UI layers, thus when - a C139/140 phone runs this firmware, it is able to function as - an untethered phone without a host computer connection. +hybrid-ui-vo This config is available only for the C139/140 target, not for + the other two. This configuration includes the UI layers, thus + when a C139/140 phone runs this firmware, it is able to function + as an untethered phone without a host computer connection. However, please be warned that this proof-of-concept UI is nowhere close to being practically usable - see the Handset-goal article for more info. @@ -142,24 +144,31 @@ cannot be made use of on Mot C1xx phones, and disabling them significantly reduces the weight of the firmware. -For the C139/140 target (but not for C11x/12x), it is also possible to build -some of the older configs that use the old binary blob version of the G23M PS -component and the corresponding old versions of ACI, MFW and BMI on top of it - -however, those configuration are now officially deprecated except for only two -remaining use cases which do not apply to Mot C1xx targets, hence they are no -longer supported officially. +For the C139 and C155 targets (but not for C11x/12x), it is also possible to +build some of the older configs that use the old binary blob version of the +G23M PS component and the corresponding old versions of ACI, MFW and BMI on top +of it - however, those configuration are now officially deprecated except for +only two remaining use cases which do not apply to Mot C1xx targets, hence they +are no longer supported officially. -Thus we have a total of 3 possible build configurations, one for the C11x -target and 2 for the C139: +Thus we have a total of 4 possible build configurations, one for the C11x/12x +target, 2 for C139/140 and 1 for C155/156: ./configure.sh c11x hybrid-vpm ./configure.sh c139 hybrid-vpm ./configure.sh c139 hybrid-ui-vo +./configure.sh c155 hybrid-vpm See the Compiling article for more information on how to compile your own firmware image in one of the above configurations. -If this is your first time converting a given C1xx phone from its original +Bootloader change on the lower C1xx subfamilies +=============================================== + +This section applies ONLY to C11x/12x and C139/140 subfamilies; it does NOT +apply to the C155/156 subfamily. + +If this is your first time converting a given lower-C1xx phone from its original firmware to FreeCalypso (as opposed to updating from an earlier FC firmware version), you will also need the compal-flash-boot-for-fc.bin bootloader image in addition to the main fw image you just built: @@ -186,6 +195,15 @@ can then flash whichever FC firmware image you like at offset 0x10000 without having to touch the dangerous boot sector. +On C155/156 phones the situation is a little different: they are also brickable +with the Calypso boot ROM disabled, but Motorola's original bootloader on these +phones is significantly different from the one on the lower C1xx subfamilies, +and they use a different flash layout: the bootloader in the first 8 KiB sector, +unused flash space between 0x2000 and 0x20000, and the main fw image starting +at 0x20000. Our FC firmwares for the C155/156 target are built to be flashed +at 0x20000 just like Mot's official ones, and they are designed to receive +control from Mot's original bootloader on this target. + Converting the phone to FreeCalypso fw ====================================== @@ -203,11 +221,14 @@ * Get in with fc-loadtool just like you did when you made the dump of your phone's flash memory for backup and RF calibration data extraction. -* Once you are in with fc-loadtool, i.e., at the loadtool> prompt, reflash the - boot sector with the FreeCalypso version: +* If you are operating on a C11x/12x or C139/140 phone, reflash the boot sector + with our FreeCalypso version: loadtool> flash erase-program-boot compal-flash-boot-for-fc.bin + DO NOT flash compal-flash-boot-for-fc.bin into C155/156 phones, it is ONLY + for the lower C1xx subfamilies! + * To flash whichever FreeCalypso firmware image you would like to play with, execute the flashing script which the fw build system produced along with the actual image: @@ -216,7 +237,7 @@ * Erase the flash sectors to be used for the FFS (flash file system) by FreeCalypso firmwares; the specific command depends on whether your phone has - 2 MiB or 4 MiB flash. On 2 MiB flash phones: + 2 MiB, 4 MiB or 8 MiB flash. On 2 MiB flash phones: loadtool> flash erase 0x1C0000 0x30000 @@ -224,6 +245,10 @@ loadtool> flash erase 0x3C0000 0x30000 + Or on 8 MiB flash C155/156 phones: + + loadtool> flash erase 0x700000 0xD0000 + * Exiting fc-loadtool cleanly will cause it to power off the phone: loadtool> exit @@ -320,8 +345,8 @@ AT+COPS=0 -- register to the default GSM network When you are done, you can power the phone off by sending a 'poweroff' command -through fc-shell, or you can kill rvinterf and wait for the firmware to power -off by the keepalive timeout after some 15 to 20 s. +through fc-shell, or you can kill rvinterf or unplug the serial cable and wait +for the firmware to power off by the keepalive timeout after some 15 to 20 s. If you are playing with the UI demo firmware, after you have initialized your FFS, you can power the phone off with the power button, insert a SIM, power it