Project

General

Profile

FindOMAPDevicesWithUnsignedBootloderFromUSB » History » Version 3

Denis 'GNUtoo' Carikli, 03/28/2020 11:24 PM

1 3 Denis 'GNUtoo' Carikli
h1. FindDevicesWithUnsignedBootloaedrs
2 1 Denis 'GNUtoo' Carikli
3 2 Denis 'GNUtoo' Carikli
Several smartphones and tablets that have an OMAP System On a Chip (SOC) are configured by hardware to try to load the bootloader from USB before loading it from the internal storage.
4
5
So far this includes at least the following deviecs:
6
* Galaxy Nexus (GT-I9250)
7
* Galaxy Tab 2 (GT-P3100, GT-P3110, GT-P5100, GT-P5110)
8
* Galaxy SII (GT-I9100G)
9
10
As it might apply to other devices too, we could try to use that to find out if some devices we don't know about yet have the ability to run unsigned bootloaders.
11
12 1 Denis 'GNUtoo' Carikli
h3. How to check with command line utilities
13
14
To get the bootrom to try to boot on USB, you need to do the following:
15
* Connect the USB cable to the device but make sure it's not connected on the computer.
16
* Power off the device
17
* Connect the USB cable
18
19
If we do that, we get the following in the kernel log of your laptop:
20
<pre>
21
usb 1-1: new high-speed USB device number 24 using ehci-pci
22
usb 1-1: unable to get BOS descriptor or descriptor too short
23
usb 1-1: New USB device found, idVendor=0451, idProduct=d00f, bcdDevice= 0.00
24
usb 1-1: New USB device strings: Mfr=33, Product=37, SerialNumber=0
25
usb 1-1: Product: OMAP4430
26
usb 1-1: Manufacturer: Texas Instruments
27
</pre>
28
29
Note that your kernel might need to be compiled with CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
30
to print that. In Parabola CONFIG_USB_ANNOUNCE_NEW_DEVICES=y is enabled.
31
32
We can also try to get a bit more infos with omap-usb-boot:
33
<pre>
34
$ sudo omap-usb-boot -v -w boot invalidbootmedia
35
Finding and opening USB device
36
Found and opened omap4 USB device: OMAP4430
37
ASIC device id: 4430, HS device
38
Booting from device invalidbootmedia...
39
Booting device invalidbootmedia not found
40
Booting from device failed
41
</pre>
42
43
Here we know the device is signed because it's a "HS device".
44
If it was not signed it would print "GP device" instead.