changeset 482:3100f534340b

doc updates for Compal FFS
author Mychaela Falconia <falcon@freecalypso.org>
date Thu, 07 Mar 2019 01:28:32 +0000 (2019-03-07)
parents 6dcca662a02f
children e76cb6994508
files doc/Compal-FFS doc/TIFFS-Overview
diffstat 2 files changed, 78 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/Compal-FFS	Thu Mar 07 01:28:32 2019 +0000
@@ -0,0 +1,59 @@
+FFS usage on Compal phones
+==========================
+
+All Compal phones (Motorola C1xx and Sony Ericsson J100) use a flash file system
+(FFS) structure for user data.  On all currently known models with the single
+exception of Mot C155/156, this FFS is in our familiar TIFFS format - see the
+TIFFS-Overview article.  Mot C155/156 uses a different FFS implementation with
+a completely different and incompatible on-flash format; it appears that the
+name of this C155/156 FFS implementation is FMGR, as evidenced by the strings
+found in the firmware image.
+
+The location of FFS within the flash on various known models is as follows:
+
+* On Mot C11x/12x phones with 2 MiB flash, the FFS is at 0x1F0000, using 6
+  sectors of 8 KiB each;
+
+* On Mot C11x/12x phones with 4 MiB flash, the FFS is at 0x370000, using 3
+  sectors of 64 KiB each;
+
+* On Mot C139/140 and SE J100 phones (4 MiB flash), the FFS is at 0x370000,
+  using 5 sectors of 64 KiB each;
+
+* On Mot C155/156 phones (8 MiB flash), the FFS is at 0x700000, using 13
+  sectors of 64 KiB each - but the format is FMGR, not TIFFS!
+
+In *all* of the listed cases, this FFS (be it TIFFS or FMGR) is used *only* for
+user data, and not for anything essential.  On all of these phones you can get
+in with fc-loadtool (our raw flash manipulation tool), erase the flash sectors
+belonging to the FFS, exit fc-loadtool and boot the phone's regular fw with
+totally blank FFS sectors - the fw with do a fresh FFS format (it even displays
+a message on the LCD as it does so), and then the phone will function completely
+normally, but be "brand new", without any previous user data.  Compal's
+firmwares also do the same thing (automatically reformat the FFS on the first
+boot, blowing away any old one) if you reflash from one fw version to a
+different one, even if you don't erase the FFS sectors explicitly - Compal's
+FFS stores the fw version that created it, and when their fw boots and sees
+that the FFS is from a different version, they automatically do a full reformat.
+
+The fact that the FFS on these Compal phones is strictly non-essential and can
+be trivially blown away and recreated implies that it does NOT store any vital
+data: no IMEI, no RF calibration values.  Instead the IMEI, the RF calibration
+values and a bunch of other records which we are not able to understand are
+stored in a completely different flash data structure of Compal's own invention:
+see our Compal-calibration article.
+
+Language reset
+==============
+
+There is, however, one additional issue which you need to be aware of if you
+are going to erase the FFS and have the firmware reformat a new one: when the
+firmware formats and writes a new FFS, the UI language is set to the firmware's
+default, and in some fw versions it is not English.  (Both Motorola and Sony
+Ericsson firmwares have "language pack" and "flex" parts in addition to the
+main fw body proper.)  Something one can get lucky and the default fw language
+is English, other times the default language is non-English but still
+intelligible enough to navigate through the menus to change it to English, but
+I got one C118 on which the default fw language is Chinese, and I had no luck
+in navigating through the menus to change it to English.  On that phone I had
+to flash back the original FFS which had the English UI language setting.
--- a/doc/TIFFS-Overview	Wed Mar 06 21:12:43 2019 +0000
+++ b/doc/TIFFS-Overview	Thu Mar 07 01:28:32 2019 +0000
@@ -143,8 +143,9 @@
 
 * On Motorola/Compal C139/140 phones, the FFS used by the original proprietary
   fw occupies 5 sectors of 64 KiB each (320 KiB in total), starting at 0x370000.
-  C11x/123 use smaller FFS configurations, whereas C155/156 seem to have
-  switched to some other FFS format, different from our familiar TIFFS.
+  C11x/12x use smaller FFS configurations, whereas C155/156 use a different FFS
+  implementation with a completely different on-flash format - see the new
+  Compal-FFS article for more details.
 
 * On our own FreeCalypso hardware family we have put our FFS in the first 8
   sectors (of 256 KiB each) in the 2nd flash chip select bank, which appears at
@@ -340,18 +341,19 @@
 
 The above description refers to TI's vanilla reference version, and it seems
 like Openmoko (FIC) was the only phone/modem manufacturer (prior to us!) who
-followed it without major deviations.  In contrast, both Compal (Mot C1xx) and
-Foxconn (Pirelli DP-L10) moved their vital per-unit factory data (IMEI and RF
-calibration) out of the FFS into their own ad hoc flash data structures (which
-are very difficult to reverse-engineer and make use of, unfortunately), leaving
-their FFS only for less critical data.
+followed it without major deviations.  In contrast, both Compal (Motorola C1xx
+and Sony Ericsson J100) and Foxconn (Pirelli DP-L10) moved their vital per-unit
+factory data (IMEI and RF calibration) out of the FFS into their own ad hoc
+flash data structures (which are very difficult to reverse-engineer and make
+use of, unfortunately), leaving their FFS only for less critical data.
 
-In Compal's case (at least on the C139 model with which I have extensive
-personal experience) the FFS stores only users' personal information and nothing
-more.  One can turn the phone off, use fc-loadtool to erase the FFS sectors, and
-boot the regular fw back up; the fw will automatically do a new FFS format (it
-even displays a message on the LCD as it does so) and carry on happily as a
-"fresh" or "blank", perfectly functional and usable phone.
+In Compal's case (all C1xx models and SE J100) the FFS stores only users'
+personal information and nothing more.  One can turn the phone off, use
+fc-loadtool to erase the FFS sectors, and boot the regular fw back up; the fw
+will automatically do a new FFS format (it even displays a message on the LCD
+as it does so) and carry on happily as a "fresh" or "blank", perfectly
+functional and usable phone.  Please see the new Compal-FFS article for further
+details.
 
 In Pirelli's case, booting their official fw with blank FFS sectors will also
 result in the FFS being automatically formatted, but their fw expects some
@@ -389,7 +391,7 @@
 to run our FreeCalypso fw entirely out of RAM without flashing; the C155/156
 subfamily does have enough RAM to allow a complete FC GSM fw image to be loaded
 and run via fc-xram under some conditions (we previously supported such usage
-in our now-retired Citrine fw and may bring it back in the gcc-built config of
+in our now-retired Citrine fw and we also support it in the gcc-built config of
 FC Selenite), but there is no place in the flash where we can put our
 aftermarket FFS without overwriting some part of the original fw or its data -
 thus our general procedure for running FreeCalypso on any C1xx model is to
@@ -398,7 +400,7 @@
 aftermarket FFS in a flash area designated by us.
 
 It was already mentioned earlier that the factory RF calibration values on these
-alien phones are stored in non-TIFFS flash data structures of Mot/Compal's or
+alien phones are stored in non-TIFFS flash data structures of Compal's or
 Foxconn's invention, and our currently supported FreeCalypso firmwares
 (Magnetite and Selenite) do not contain any code for reading these alien data
 structures.  (FC Citrine could read directly from Pirelli's factory data block,
@@ -420,8 +422,8 @@
   tool, and then later in the procedure when you initialize your aftermarket FFS
   with fc-fsio, upload these extracted and format-converted RF calibration files
   as one of the several steps involved.  You will need to enter your IMEI
-  manually: we never figured out where Mot/Compal have it stored and how it is
-  obfuscated.
+  manually: we never figured out where Mot/SE/Compal have it stored and how it
+  is obfuscated.
 
 FreeCalypso host tools for TIFFS
 ================================