The I9300 eMMC toolbox can run code in s-boot 4.0.
It works at least on the following devices:
It probably also works on the GT-I9305, GT-N7100, GT-N7105,
This could be used to do the following:
- As s-boot 4.0 on the Exynos 4412 is Incompatible with Linux it could be used to enable to work on upstream Linux without relying on some nonfree u-boot versions or some Linux patches.
- It would also enable to easily do complete backups of the stock OS (the stock OS is full of nonfree software, so it would only be used for things like making xgoldmon work in Replicant)
I've uploaded the code in
contrib/GNUtoo/s-boot_usb_exploit and here are my findings:
- Linux and u-boot's code to clear the armv7 caches is under GPLv2 only while the I9300 eMMC toolbox is under GPLv3
- Adding Linux (~5M) inside the shellcode makes the shellcode not executed anymore, probably because it's too big
- There aren't a lot of functions to work with:
- There is no libc
- There is no printf but we have a puts equivalent named print
- The sleep function is not calibrated. To have precise sleeps, you probably need to calibrate it.
- Adding a loader inside the shellcode works, however:
- Jumping to linux afterward doesn't work
- We don't have an u-boot to run in this context yet (#2088)
So unless we somehow manage to get a GPL exception to combine this code with GPLv2-only code from Linux, we'd need to code the cache clear ourselves.
So given the amount of work, it's probably better to work on having u-boot run from the boot.img partition (#2088) and revisit that bug later once that's done if necessary.
edit5: I accidentally deleted the wrong post, so I recreated the content.