view doc/C139-Howto @ 336:be011556e71f

FCHG: API implementation started
author Mychaela Falconia <falcon@freecalypso.org>
date Thu, 14 Dec 2017 21:01:59 +0000
parents e2dce971aec9
children
line wrap: on
line source

Running FreeCalypso firmware on the Motorola C139
=================================================

Mot C139 phones are brickable - because the Calypso boot ROM is disabled by PCB
wiring, the ability to reflash a phone with new firmware critically depends on
there being a particular kind of boot code in flash sector 0 at all times - a
particular kind of boot code that allows the boot process to be interrupted and
diverted to external code loaded via the headset jack serial port.

The FreeCalypso project has adopted one specific version of the flash sector 0
boot code (produced by applying a binary patch to one of Compal/Motorola's
original versions) for use with all of our firmwares for this target.  No matter
which FreeCalypso firmware you are running - Citrine, Magnetite or tcs211-c139 -
you flash your FC fw image at offset 0x10000 while keeping this boilerplate boot
code at the beginning of the flash:

ftp://ftp.freecalypso.org/pub/GSM/FreeCalypso/compal-flash-boot-for-fc.bin

We are currently able to produce two kinds of firmware builds for the C139:
pseudo-modem or UI demo.  The pseudo-modem configuration is intended for those
who would really like to play with AT-command-controlled modem firmware on some
proper Calypso modem hardware like our desired FCDEV3B, but who are using a
C139 instead out of poverty - a poor man's substitute for proper modem hardware.
In this configuration the C139 phone's LCD stays dark, the buttons do nothing,
but the firmware presents TI's RVTMUX interface with FreeCalypso extensions on
the headset jack serial port.  You connect to this serial interface with
FreeCalypso host utility rvinterf, and use another FC host utility fc-shell to
talk AT commands to the pseudo-modem.

If you flash a C139 phone with one of our pseudo-modem firmware builds, it will
behave in some odd ways which you might not expect:

* Whenever the phone is off but the battery is inserted, even a momentary
  accidental press of the power button will launch a full power-on and firmware
  boot - without any visible indication whatsoever as the LCD stays dark!

* Once the firmware has booted from a press of the power button - even a
  momentary accidental press - there is no way to make it shut down and power
  off except by sending a power-off command via the headset jack serial port.
  So it will just keep running until the battery runs down, once again with the
  LCD dark and no visible indication of any kind that it's on.

In the UI demo configuration (see Handset-configs) the FC-reflashed C139 acts
*almost* like an end user phone: it can be operated from the keypad without
being connected to a PC with a serial cable, there is a very rudimentary UI
presented on the LCD, the phone can be turned on and off with the power button.
However, battery charging doesn't work, there is not even a working battery
gauge, and the UI is full of serious bugs.  Thus this fw configuration is
intended as a DEMO, not something to be inflicted on an actual end user!

Additional considerations are:

* Flashing a given phone back and forth between FreeCalypso and Mot/Compal's
  official firmware is a royal pita, so if you are going to play with
  FreeCalypso on a C139, it would be the easiest to dedicate a phone
  specifically for FC experiments;

* We haven't got firmware-controlled battery charging working yet in any of our
  fw configurations, so you will need another phone running one of the official
  fw versions to charge batteries.

Converting a phone to FreeCalypso
=================================

Start by installing FreeCalypso host tools on your PC/laptop or whatever host
you will use to talk to C139 phones, if you haven't already.  If you are
starting with an unhacked C139 phone running one of the official firmware
versions, the procedure for flashing and bringing up FreeCalypso for the first
time is as follows:

* Note down your phone's factory IMEI.  After you get FreeCalypso firmware
  flashed and running, you will need to set your own IMEISV, as our fw doesn't
  know how to grok Mot/Compal's flash data structures where they store theirs.
  You can set whatever IMEISV you like, but if you would like to keep the
  factory one, it would be the easiest to have it noted down on a piece of
  paper.  If you have a labelmaker, you can print a sticky label with the IMEI
  and stick it on the side of the phone where you can easily see it later while
  playing with FreeCalypso.

* Get in with fc-loadtool, preceded with tfc139 if necessary - see FC host tools
  documentation.

* Once you are in with fc-loadtool, i.e., at the loadtool> prompt, reflash the
  boot sector with the FreeCalypso version:

  loadtool> flash erase-program-boot compal-flash-boot-for-fc.bin

* Flash whichever FreeCalypso firmware image you would like to play with, e.g.:

  loadtool> flash erase 0x10000 0x230000
  loadtool> flash program-bin 0x10000 fwimage.bin

  Please note that the image size will be different depending on which
  configuration of which FC fw project you would like to play with, so adjust
  the second number in the flash erase command accordingly - it needs to be
  the fw image size rounded up to a 64 KiB sector boundary.

* Erase the flash sectors to be used for the FFS (flash file system) by
  FreeCalypso firmwares:

  loadtool> flash erase 0x3C0000 0x30000

* Exiting fc-loadtool cleanly will cause it to power off the phone:

  loadtool> exit

Reflashing between different FreeCalypso firmwares
==================================================

By the conventions established in the FreeCalypso project, all of our firmwares
for the C139 target have the following in common:

* They all stay out of the boot sector and expect to receive control from the
  boot code in the same manner (boot entry point at 0x10058, exception vectors
  at 0x10000), thus there is no need to reflash the dangerous boot sector when
  going from one FC firmware to another.

* They all use the same aftermarket FFS configuration of 3 sectors of 64 KiB
  each (64x3) at 0x3C0000.  This FFS location is deliberately different from
  the one used by Mot/Compal's firmwares, eliminating the possibility of one fw
  trying to use the FFS created by the other, and by putting our FFS toward the
  end of the flash we maximize the amount of flash space available for our
  firmware code images.  But even though we don't share our FFS with
  Mot/Compal's official firmwares, we do share the same FFS between all of
  FreeCalypso firmware projects - thus once you have initialized your FFS (see
  below) with one FC firmware version, it will work with the others as well.

If you need to reflash your C139 from one FC firmware version to another,
simply get in with fc-loadtool -h compal (no more need for the inefficient
-c 1003 or -c 1004 options or for tfc139) and reflash just the fw image part:

loadtool> flash erase 0x10000 0x230000
loadtool> flash program-bin 0x10000 fwimage.bin

First boot of the firmware
==========================

Connect the serial cable, but instead of running fc-loadtool, run rvinterf.
Press the red power button on the phone briefly just like you would for
fc-loadtool entry.  Because there is no fc-loadtool running on the host end of
the serial cable, the boot path will *not* be diverted in the bootloader, and
the main fw image will run - and this time it will be the FreeCalypso firmware
you have compiled and flashed.  If the fw you have flashed is the UI demo
configuration, the phone must have *NO* SIM in it the first time you boot it.
UI-enabled fw configuration automatically bring up the GSM radio and try to
connect to the default network on boot if there is a SIM present, and you don't
want your firmware trying to connect to a real live GSM network when you haven't
initialized your FFS yet.  If the fw you have flashed is one of the AT-command-
controlled pseudo-modem configurations, then you don't need to worry if the SIM
is there or not on your first boot - just don't command it to connect to a
network until you have initialized the FFS.

If you have flashed a non-UI firmware version, the phone's LCD will remain dark
as there is no LCD driver code in this firmware, but you will see trace output
in the rvinterf window, telling you that the fw is running.

Before you do anything else, you will need to run fc-fsio and initialize the
aftermarket FFS for our firmware:

fsio> format /
fsio> mk-std-dirs
fsio> set-imeisv fc XXXXXXXX-YYYYYY-ZZ (punctuation optional, place anywhere)
fsio> set-rfcap dual-eu (if you have 900+1800 MHz hardware)
or
fsio> set-rfcap dual-us (if you have 850+1900 MHz hardware)

After you've initialized your FFS as above, you should exit fc-fsio, and your
next steps will depend on which fw configuration you are playing with.  If it's
the sans-UI pseudo-modem configuration, run fc-shell and try some AT commands:

AT+CMEE=2	-- enable verbose error responses
AT+CFUN=1	-- enable radio and SIM interfaces
AT+COPS=0	-- register to the default GSM network

When you are done, you can power the phone off by sending a 'poweroff' command
through fc-shell.  The only other way is to yank the battery, and doing the
latter is recommended anyway: when a phone with the present hack-firmware
flashed into it is powered off but still has the battery inserted, even a
momentary accidental press of the power button will cause it to power on and
boot, but there will be absolutely no visual indication, as the LCD stays dark.

If you are playing with the UI demo firmware, after you have initialized your
FFS, you can power the phone off with the power button, insert a SIM, power it
back on and play with the primitive UI.