FreeCalypso > hg > fc-magnetite
view doc/C139-Howto @ 184:39a713b2130c
cci.lib compiles
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Thu, 13 Oct 2016 04:51:33 +0000 |
| parents | 48792a467305 |
| children | e2dce971aec9 |
line wrap: on
line source
Running FreeCalypso firmware on the Motorola C139 ================================================= Mot C139 phones are brickable - because the Calypso boot ROM is disabled by PCB wiring, the ability to reflash a phone with new firmware critically depends on there being a particular kind of boot code in flash sector 0 at all times - a particular kind of boot code that allows the boot process to be interrupted and diverted to external code loaded via the headset jack serial port. The FreeCalypso project has adopted one specific version of the flash sector 0 boot code (produced by applying a binary patch to one of Compal/Motorola's original versions) for use with all of our firmwares for this target. No matter which FreeCalypso firmware you are running - Citrine, Magnetite or tcs211-c139 - you flash your FC fw image at offset 0x10000 while keeping this boilerplate boot code at the beginning of the flash: ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/compal-flash-boot-for-fc.bin Because neither FC Citrine nor FC Magnetite implements any phone UI or puts anything at all on the LCD, when a C139 phone is flashed with one of our firmwares, it will behave very oddly: * Whenever the phone is off but the battery is inserted, even a momentary accidental press of the power button will launch a full power-on and firmware boot - without any visible indication whatsoever as the LCD stays dark! * Once the firmware has booted from a press of the power button - even a momentary accidental press - there is no way to make it shut down and power off except by sending a power-off command via the headset jack serial port. So it will just keep running until the battery runs down, once again with the LCD dark and no visible indication of any kind that it's on. Additional considerations are: * Flashing a given phone back and forth between FreeCalypso and Mot/Compal's official firmware is a royal pita, so if you are going to play with FreeCalypso on a C139, it would be the easiest to dedicate a phone specifically for FC experiments; * We haven't got firmware-controlled battery charging working yet, so you will need another phone running one of the official fw versions to charge batteries. Converting a phone to FreeCalypso ================================= Start by installing FreeCalypso host tools on your PC/laptop or whatever host you will use to talk to C139 phones, if you haven't already. If you are starting with an unhacked C139 phone running one of the official firmware versions, the procedure for flashing and bringing up FreeCalypso for the first time is as follows: * Note down your phone's factory IMEI. After you get FreeCalypso firmware flashed and running, you will need to set your own IMEISV, as our fw doesn't know how to grok Mot/Compal's flash data structures where they store theirs. You can set whatever IMEISV you like, but if you would like to keep the factory one, it would be the easiest to have it noted down on a piece of paper. If you have a labelmaker, you can print a sticky label with the IMEI and stick it on the side of the phone where you can easily see it later while playing with FreeCalypso. * Get in with fc-loadtool, preceded with tfc139 if necessary - see FC host tools documentation. * Once you are in with fc-loadtool, i.e., at the loadtool> prompt, reflash the boot sector with the FreeCalypso version: loadtool> flash erase-program-boot compal-flash-boot-for-fc.bin * Flash whichever FreeCalypso firmware image you would like to play with, e.g.: loadtool> flash erase 0x10000 0x230000 loadtool> flash program-bin 0x10000 fwimage.bin * Erase the flash sectors to be used for the FFS (flash file system) by FreeCalypso firmwares: loadtool> flash erase 0x3C0000 0x30000 * Exiting fc-loadtool cleanly will cause it to power off the phone: loadtool> exit Reflashing between different FreeCalypso firmwares ================================================== By the conventions established in the FreeCalypso project, all of our firmwares for the C139 target have the following in common: * They all stay out of the boot sector and expect to receive control from the boot code in the same manner (boot entry point at 0x10058, exception vectors at 0x10000), thus there is no need to reflash the dangerous boot sector when going from one FC firmware to another. * They all use the same aftermarket FFS configuration of 3 sectors of 64 KiB each (64x3) at 0x3C0000. This FFS location is deliberately different from the one used by Mot/Compal's firmwares, eliminating the possibility of one fw trying to use the FFS created by the other, and by putting our FFS toward the end of the flash we maximize the amount of flash space available for our firmware code images. But even though we don't share our FFS with Mot/Compal's official firmwares, we do share the same FFS between all of FreeCalypso firmware projects - thus once you have initialized your FFS (see below) with one FC firmware version, it will work with the others as well. If you need to reflash your C139 from one FC firmware version to another, simply get in with fc-loadtool -h compal (no more need for the inefficient -c 1003 or -c 1004 options or for tfc139) and reflash just the fw image part: loadtool> flash erase 0x10000 0x230000 loadtool> flash program-bin 0x10000 fwimage.bin First boot of the firmware ========================== Connect the serial cable, but instead of running fc-loadtool, run rvinterf. Press the red power button on the phone briefly just like you would for fc-loadtool entry. Because there is no fc-loadtool running on the host end of the serial cable, the boot path will *not* be diverted in the bootloader, and the main fw image will run - and this time it will be the FreeCalypso firmware you have compiled and flashed. The phone's LCD will remain dark as there is no LCD driver code in this firmware, but you will see trace output in the rvinterf window, telling you that the fw is running. Before you do anything else, you will need to run fc-fsio and initialize the aftermarket FFS for our firmware: fsio> format / fsio> mk-std-dirs fsio> set-imeisv fc XXXXXXXX-YYYYYY-ZZ (punctuation optional, place anywhere) fsio> set-rfcap dual-eu (if you have 900+1800 MHz hardware) or fsio> set-rfcap dual-us (if you have 850+1900 MHz hardware) After you've initialized your FFS as above, you can exit fc-fsio, run fc-shell and try some AT commands: AT+CMEE=2 -- enable verbose error responses AT+CFUN=1 -- enable radio and SIM interfaces AT+COPS=0 -- register to the default GSM network When you are done, you can power the phone off by sending a 'poweroff' command through fc-shell. The only other way is to yank the battery, and doing the latter is recommended anyway: when a phone with the present hack-firmware flashed into it is powered off but still has the battery inserted, even a momentary accidental press of the power button will cause it to power on and boot, but there will be absolutely no visual indication, as the LCD stays dark. Magnetite-specific notes ======================== Just like FC Citrine, FC Magnetite currently supports only AT command operation via fc-shell; the C-Sample UI hack we have built earlier in tcs211-c139 has NOT been incorporated into Magnetite - at least not yet. When compiling our Magnetite firmware for the C139 target, you will need to select the l1reconst configuration - it is the only currently available configuration that works on this target. Therefore, you configure.sh command should be: ./configure.sh c139 l1reconst See the Compiling write-up for more details. Because we have not deblobbed the G23M firmware component yet (the l1reconst configuration uses G23M binary blobs from TCS211/Sotovik), your Magnetite fw build will include FAX_AND_DATA and GPRS functionality. In the FreeCalypso environment where we are not doing WAP or MMS this functionality can only be exercised on targets that bring out a classic modem UART with the classic AT command interface to the external host, but Mot C139 is not one of those targets - hence on the C139 all FAX_AND_DATA and GPRS code is nothing but dead weight. We will only be able to remove this dead weight when and if we fully deblob all of L1 and G23M, so it will be a while before we get there, and we'll have to carry the dead weight until then.