FreeCalypso > hg > freecalypso-sw
annotate compal-flash-boot-for-fc/README @ 942:042c178ebac5
gsm-fw/cfgmagic: logic for target-dependent features streamlined a little
author | Mychaela Falconia <falcon@ivan.Harhan.ORG> |
---|---|
date | Sun, 01 Nov 2015 03:05:06 +0000 |
parents | 8eb7cb176a70 |
children |
rev | line source |
---|---|
933
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
1 Compal phones have malicious wiring in their PCBs to disable Calypso's internal |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
2 boot ROM (nIBOOT input tied high instead of low). Therefore, flash sector 0 |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
3 must always contain working boot code that allows the possibility of new code |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
4 download over the headset jack UART, and jumps to the main firmware in the rest |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
5 of the flash if no such download is taking place. In the absence of such good |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
6 boot code in flash sector 0 the phone is bricked. |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
7 |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
8 Compal's own firmwares for these phones do feature a bootloader just as |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
9 described, but it has one defect: they put the boundary between the boot code |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
10 and the main firmware at address 0x2000, but the flash erase unit boundary |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
11 does not come until 0x10000. Therefore, every time the main fw needs to be |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
12 reflashed, flash sector 0 has to be erased and reprogrammed, creating a |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
13 bricking vulnerability. |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
14 |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
15 Because Compal's original flash layout does not allow us to reuse their |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
16 bootloader totally untouched while replacing the main fw, and we'll have to |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
17 reflash our own version of the boot code at least the first time we reflash a |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
18 given phone from its official fw to FreeCalypso, we can take the liberty of |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
19 using a slightly patched version of Compal's boot code - with Compal's official |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
20 firmwares the bootloader part differs slightly from one fw version to the next |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
21 anyway. |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
22 |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
23 The version of Compal's flash boot code built in this directory is intended to |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
24 be used with FreeCalypso firmwares. It is based on one of Compal's versions |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
25 that has no malicious features (no check of flash word 0x2060 and no requirement |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
26 of "1003" signature in the serially downloaded images at the most inconvenient |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
27 location), and it has been patched to transfer control to the main fw at 0x10058 |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
28 instead of 0x20F8, i.e., main fw images are to be flashed at 0x10000 without |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
29 touching flash sector 0. Interrupt and exception version redirections have also |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
30 been patched accordingly; the specific interface between the boot code and the |
8eb7cb176a70
compal-flash-boot-for-fc/README added
Mychaela Falconia <falcon@ivan.Harhan.ORG>
parents:
diff
changeset
|
31 main fw now mimics that of TI's TCS211 reference fw. |