FreeCalypso > hg > freecalypso-sw
comparison doc/Compal-unlock @ 426:1060bf70d95d
doc/Compal-unlock: added cautionary note about flashing firmwares containing
boot code that checks the word at 0x2060
| author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
|---|---|
| date | Sat, 21 Jun 2014 06:55:27 +0000 |
| parents | f81a931f9172 |
| children | 7e305184b0b4 |
comparison
equal
deleted
inserted
replaced
| 425:f81a931f9172 | 426:1060bf70d95d |
|---|---|
| 32 we have on Openmoko and Pirelli phones, but unfortunately the hardware we have | 32 we have on Openmoko and Pirelli phones, but unfortunately the hardware we have |
| 33 available is not wired that way. | 33 available is not wired that way. |
| 34 | 34 |
| 35 However, Mot/Compal's standard firmware on these phones includes a bootloader, | 35 However, Mot/Compal's standard firmware on these phones includes a bootloader, |
| 36 a part that executes before any of the rest of the fw image is allowed to | 36 a part that executes before any of the rest of the fw image is allowed to |
| 37 execute or made use of in any way, and this Compal-specific bootloader has a | 37 execute or is made use of in any way, and this Compal-specific bootloader has a |
| 38 provision for interrupting the boot process and diverting it to an externally- | 38 provision for interrupting the boot process and diverting it to an externally- |
| 39 supplied piece of code loaded over the serial line. Older fw versions have | 39 supplied piece of code loaded over the serial line. Older fw versions have |
| 40 this feature enabled unconditionally, but some of the newer versions have a | 40 this feature enabled unconditionally, but some of the newer versions have a |
| 41 malfeature whereby the serial boot interrupt and code download possibility may | 41 malfeature whereby the serial boot interrupt and code download possibility may |
| 42 be disabled. Some C1xx phones out in the wild, particularly all North American | 42 be disabled. Some C1xx phones out in the wild, particularly all North American |
| 263 The same procedure should be followed for flashing all firmwares for C11x/123 | 263 The same procedure should be followed for flashing all firmwares for C11x/123 |
| 264 and C139/140 phones. In the case of C11x/123, adjust the length for the "main" | 264 and C139/140 phones. In the case of C11x/123, adjust the length for the "main" |
| 265 erase and program operations appropriately for the flash configuration in your | 265 erase and program operations appropriately for the flash configuration in your |
| 266 phone. | 266 phone. |
| 267 | 267 |
| 268 One last word of caution: if you are going to flash some fw version other than | |
| 269 the unlocked North American C139 one discussed above, please check to see what | |
| 270 boot code version it includes, and whether or not that version has the | |
| 271 malfeature of checking the flash word at 0x2060 for the serial access control | |
| 272 flag. If the fw version you are seeking to play with has boot code with that | |
| 273 malfeature present, the bricking vulnerability window extends until you not | |
| 274 only program the new boot code into flash, but also program 0xDDDDDDDD into | |
| 275 that 0x2060 word. You've been warned. | |
| 276 | |
| 268 C155/156 differences | 277 C155/156 differences |
| 269 ==================== | 278 ==================== |
| 270 | 279 |
| 271 C155/156 phones are nicer than the others in that they use a flash chip with a | 280 C155/156 phones are nicer than the others in that they use a flash chip with a |
| 272 "bottom boot" configuration. C11x/123 and C139/140 use "top boot" flash chips, | 281 "bottom boot" configuration. C11x/123 and C139/140 use "top boot" flash chips, |