GalaxySIIGTI9100G » History » Revision 53

« Previous | Revision 53/84 (diff) | Next »
Hpag Seddy, 04/03/2020 02:05 AM

Galaxy S II (GT-I9100G)

Device Galaxy S II (GT-I9100G)
Manufacturer Samsung
Release date ?
Codename i9100G ?
Status Not supported yet
Variants GSM: GT-I9100G
Latest images None


Long time ago, we had reports that the "Galaxy SII" had an unsigned bootloader, but we discarded it as the I9100 had a signed bootloader.


  • Some versions have an unsigned bootloader, for the unsigned version:
    • Free software first stage bootloader
    • Free software second stage bootloader but unpublished source code
  • Probably uses the samsung-ipc protocol
  • The modem probably uses MIPI, so it should be isolated
  • 1G of ram => it should be enough for Replicant 6 and 9

Wiki pages

Various IRC logs of research on it.

(02:15:44 AM) sensiblemn: wait, the pandaboard uses roughly the same omap SoC and has a free software x-loader here: []
(02:24:29 AM) sensiblemn: that x-loader README say TI will sign our builds of x-loader if it needs to be signed. i guess that's better than what our current situation is with Samsung's BL1 where we don't have the source code and Samsung never has said anywhere as far as I can see that they would sign someone's BL1 if they were able to write one using free software.
(02:24:45 AM) ggoes left the room (quit: Quit: WeeChat 2.3).
(02:25:16 AM) ggoes [~gregf@fsf/staff/ggoes] entered the room.
(02:25:17 AM) sensiblemn: oh, Galaxy S II GT-I9100G uses the same SoC as the pandaboard, which is what that x-loader source code is for.
(02:58:04 AM) CcxWrk left the room (quit: Ping timeout: 252 seconds).
(03:00:23 AM) CcxWrk [] entered the room.
(03:25:36 AM) sensiblemn:
(03:26:58 AM) sensiblemn: "X-Loader can be signed by Texas Instruments IFT and installed to Nand flash to achieve Nand booting."
(07:17:23 PM) sensiblemn: GNUtoo: ah, it seems like some OMAP devices are GP and others are HS, so the question is whether we can find smartphones and tablets that are GP. Looks like the Blaze Tablet released by TI is GP. There's also this curious part... "download the MShield signing tool and use the commands below. Contact your TI representative to get access to this tool."
(07:22:26 PM) sensiblemn: also this very odd looking OMAP Blaze cell phone seems to be GP rather than HS.
(07:23:30 PM) sensiblemn:
(07:24:04 PM) sensiblemn:
(06:20:47 AM) sensiblemn: GNUtoo: "I've sent an email to Samsung, requesting the relevant patches to X-Loader in order for it to successfully initialize the I9100G-board."
(06:22:23 AM) sensiblemn: > "So, did Samsung cooperate?"
(06:22:23 AM) sensiblemn: "They've uploaded the x-Loader code for the i9100g"
(08:47:20 PM) sensiblemn: GNUtoo: i just got a report from a postmarketOS developer saying that booting works with that free software x-loader repo for the i9100G that I found. they had to make a one line commit to get it building, but it boots.
(08:48:24 PM) sensiblemn: so early reports suggest that we found a Galaxy S2 that has a free software bootloader. they said it doesn't even need to be signed with signGP.c.
(10:36:35 PM) hpagseddy[m]: So i have an i9100g and compiled this without any errors in case you guys are interested
(10:49:32 PM) freekurt: thanks for jumping in here hpagseddy. we have been trying for quite some time to find a way to liberate the first stage bootloader on Exynos4 SoC based i9100 and i9300 devices. this is great news that the i9100G seems to have a free software first stage bootloader.
(10:51:08 PM) hpagseddy[m]: Yep, also there is a thing that i9100g is based on TI OMAP
(10:51:24 PM) freekurt: we had some hopes that xboot would work, which seems to be a first stage bootloader, but we haven't been able to get it to work.
(10:52:04 PM) hpagseddy[m]: So you guys decided to move on OMAP based S2?
(10:53:38 PM) hpagseddy[m]: Which is i9100g
(10:54:33 PM) freekurt: we had confirmed that 4 OMAP devices had unsigned bootloaders, but they all have less than 1GB Ram, which isn't very suitable for forks of AOSP 9 and 10.
(10:55:04 PM) hpagseddy[m]: I think they would be ok with AOSP 10
(10:55:24 PM) hpagseddy[m]: Small lags may occur with play store but else will be all good
(10:58:08 PM) freekurt: 512 MB of RAM seems rough for AOSP 10, especially when we are trying to get it to work with 2D acceleration. 1GB should be much better.
(10:58:52 PM) hpagseddy[m]: Yep, i9100g has 1GB of ram which can handle 2D and 3D
(10:59:21 PM) hpagseddy[m]: Well 3D would not be that much good but enough
(10:59:41 PM) hpagseddy[m]: Since i used that phone as my main untill 2016 :)
(11:00:18 PM) freekurt: we are trying to base everything on mainline linux though for Replicant 9 and 10, so even though we apparently have the freedom of the bootloader sorted out on the i9100G we would then need to decide if we want to work on mainlining the kernel for it, which doesn't seem to have been started.
(11:01:14 PM) hpagseddy[m]: Yeah but since it is TI OMAP 4430 which has same SoC with Droid 4, it is highly possible
(11:01:15 PM) freekurt: i would assume though that a fair number of the components already are in mainline though. we just don't know how much of it is there currently without doing more research.
(11:01:27 PM) hpagseddy[m]: Btw Droid 4 has mainline
(11:02:42 PM) hpagseddy[m]: i9100g uses same display and digitizer with i9100, has a broadcom wifi but sadly a PowerVR GPU
(11:02:52 PM) hpagseddy[m]: That is all i can remember of
(11:04:05 PM) hpagseddy[m]: At the other hand, Droid 4 solved that GPU issue with using binaries which is(i think) against Replicant’s nature :)
(11:05:16 PM) freekurt: we have the Droid 4 mainline dts listed here, but GNUtoo reported on the wiki that it requires a signed Linux kernel in the boot chain
(11:05:55 PM) freekurt: <hpagseddy[m] "At the other hand, Droid 4 solve"> yes, it is against our nature. :-)
(11:05:55 PM) hpagseddy[m]: So that is where i9100g’s advantage rises
(11:06:11 PM) freekurt: <hpagseddy[m] "So that is where i9100g’s advant"> exactly
(11:07:44 PM) hpagseddy[m]: I can test stuff, i need a serial cable for further logs but else i’ll be all good
(11:08:25 PM) sunilmohan left the room (quit: Ping timeout: 268 seconds).
(11:09:10 PM) freekurt: i recently found out that someone was able to get the i9100 to boot with Linux 5.4.5
(11:09:58 PM) juhse left the room (quit: Remote host closed the connection).
(11:10:07 PM) freekurt: so perhaps with the droid 4 being in the upstream kernel and with this i9100 updated downstream kernel, the work won't be too awful difficult to get the i9100G supported in mainline.
(11:10:26 PM) hpagseddy[m]: So you can check display will work
(11:10:48 PM) hpagseddy[m]: Since it uses same display and even same connectors
(11:11:06 PM) hpagseddy[m]: I know it because i am using i9100 display on my i9100g :)
(11:11:17 PM) hpagseddy[m]: Besides capacitive buttons, all functional
(11:11:48 PM) hpagseddy[m]: Even capacitive connector plugged in so if i do some kernel hacks i can get them working too
(11:11:50 PM) freekurt: we really appreciate your willingness to do testing if we decide to proceed with trying to mainline this device, which has yet to be determined.
(11:14:38 PM) freekurt: it seems as though this device would be quite attractive to other pmOS devs as well, now that the freedom of the bootloader appears to have been determined.
(11:15:19 PM) hpagseddy[m]: I hope so, i was the only maintainer over 2 years :)
(11:15:27 PM) hpagseddy[m]: Of this device
(11:15:37 PM) freekurt: :-) thanks for holding down the fort!
(11:15:52 PM) hpagseddy[m]: But if the device gets mainlined, things will definitely change
(11:16:27 PM) freekurt: do you know the precise name of the modem that it uses?
(11:16:39 PM) hpagseddy[m]: Sadly no
(11:16:58 PM) freekurt: i think there is a command you can run in android that will tell you
(11:17:16 PM) freekurt: but i forget what it is. i'll try to find it.
(11:17:29 PM) hpagseddy[m]: If you can provide it, i can tell the output
(11:23:17 PM) freekurt: hpagseddy: can you enter ServiceMode to determine what kind of modem it uses like was done here?
(11:27:59 PM) freekurt: i'm trying to figure out what the code is to enter the service menu.
(11:29:52 PM) sunilmohan [~quassel@swecha/sunilmohan] entered the room.
(11:31:36 PM) freekurt: looks like it is *#32489#
(11:32:06 PM) freekurt: based on the bottom of this random website
(11:34:02 PM) freekurt: i'm sorry, but i don't know how to navigate to the modem information, but it should look like this
(11:34:43 PM) freekurt: hpagseddy: ^
(11:35:53 PM) hpagseddy[m]: Sorry, i had electricity outage
(11:36:06 PM) hpagseddy[m]: Give me 10 minutes
(11:36:32 PM) freekurt: no rush at all! please take your time. sorry to hear that.
(11:39:09 PM) mmu_man left the room (quit: Ping timeout: 260 seconds).
(11:54:03 PM) testman left the room (quit: Quit: The Lounge -
(11:59:27 PM) testman [] entered the room.
(11:59:47 PM) sunilmohan left the room (quit: Ping timeout: 268 seconds).
(02/01/2020 12:06:23 AM) hpagseddy[m]: <freekurt "looks like it is *#32489#"> Didnt work
(12:07:44 AM) sunilmohan [] entered the room.
(12:07:45 AM) sunilmohan left the room (quit: Changing host).
(12:07:45 AM) sunilmohan [~quassel@swecha/sunilmohan] entered the room.
(12:12:20 AM) sunilmohan left the room (quit: Ping timeout: 265 seconds).
(12:14:06 AM) ggoes [~gregf@fsf/staff/ggoes] entered the room.
(12:16:46 AM) sunilmohan [] entered the room.
(12:16:46 AM) sunilmohan left the room (quit: Changing host).
(12:16:46 AM) sunilmohan [~quassel@swecha/sunilmohan] entered the room.
(12:23:11 AM) freekurt: thanks for reporting back. i don't have any more time right now to keep looking for the proper code. will likely ping you sometime later about it.
(12:24:20 AM) hpagseddy[m]: its ok i found the code
(12:24:38 AM) troulouliou_dev [~troulouli@unaffiliated/troulouliou-dev/x-4757952] entered the room.
(12:27:24 AM) freekurt: oh nice. if you are able to find the modem type please let us know.
(12:27:42 AM) hpagseddy[m]: So i am at the main menu
(12:27:57 AM) hpagseddy[m]: what kind of modem name am i searching for?
(12:29:48 AM) sensiblemn: XMM6262 is an example of an intel based cellular modem
(12:30:10 AM) sensiblemn: actually, i'm mistaken about that
(12:30:24 AM) sensiblemn: CMC221 is intel if i'm not mistaken
(12:30:31 AM) sensiblemn: MDM9615 is qualcomm
(12:30:51 AM) sensiblemn: i don't know if all cell modem names follow the same naming structure
(12:33:06 AM) sensiblemn: some other qualcomm modems start with IPQ, MSM, QCS, and SDM
(12:33:21 AM) sensiblemn: *i think*
(12:33:23 AM) hpagseddy[m]: SP6260?
(12:37:10 AM) freekurt: yeah, that might be it.
(12:37:25 AM) freekurt: looks like that page suggests that the i9300T has that modem
(12:37:44 AM) hpagseddy[m]: oh nice
(12:38:39 AM) hpagseddy[m]: it was really hard to navigate throught service mode without menu and back keys
(12:39:20 AM) hpagseddy[m]: So the fullname is like SP6260_T1_01.1300
(12:44:13 AM) hpagseddy[m]: What if itis "XMM6260"???
(12:44:19 AM) hpagseddy[m]: * What if it is "XMM6260"???
(12:44:59 AM) sensiblemn: are you seeing that in service mode?
(12:47:36 AM) hpagseddy[m]: no
(12:47:52 AM) hpagseddy[m]: i just saw SP6260_T1_01.1300
(12:48:22 AM) hpagseddy[m]: since the numbers match and XMM6260 used in S2
(12:48:31 AM) hpagseddy[m]: i made a conclusion like this
(12:51:03 AM) forkbomb: i'm pretty sure it would be XMM6260 or XMM6262, same as i9300
(12:51:21 AM) sensiblemn: oh, that sounds convenient!
(12:51:50 AM) hpagseddy[m]: Perfect
(12:51:55 AM) forkbomb: the i9300T is just a Telstra branded i9300 afaik
(12:52:15 AM) hpagseddy[m]: that device could be the true open source phone \o/
(12:52:17 AM) sensiblemn: forkbomb: we are wondering about the i9100G though
(12:52:49 AM) hpagseddy[m]: <freekurt "yeah, that might be it. https://"> i9300T has the same SP6260 naming as i9100g as this shows
(12:53:10 AM) sensiblemn: you're correct
(12:54:16 AM) sensiblemn: also, not sure if this is the correct defconfig, but this kernel from samsung suggests it is xmm6260 also
(12:55:09 AM) hpagseddy[m]: t1, thats correct
(12:55:18 AM) hpagseddy[m]: but the defconfig isnt
(12:55:48 AM) hpagseddy[m]:
(12:55:52 AM) hpagseddy[m]: this is for the device
(12:56:01 AM) forkbomb: hpagseddy[m]: ah, the i9100G is different i think
(12:56:06 AM) forkbomb: it's OMAP based
(12:56:10 AM) hpagseddy[m]: other one was for the development board??
(12:56:15 AM) hpagseddy[m]: Yes it is
(12:56:23 AM) hpagseddy[m]: TI OMAP4430, same as Droid 4
(12:56:58 AM) sensiblemn: actually, this looks like the correct defconfig for it, still says xmm6260
(12:57:38 AM) hpagseddy[m]: i think so
(12:57:48 AM) hpagseddy[m]: if it has t1 then it is i9100g
(12:58:17 AM) sensiblemn: dang, i messed that last link up. this is it. final answer.
(12:59:16 AM) hpagseddy[m]: ah yes
(12:59:34 AM) TheJollyRoger left the room (quit: Ping timeout: 240 seconds).
(12:59:50 AM) hpagseddy[m]: the other one is most likely development board or prototype configs
(01:00:57 AM) sensiblemn: forkbomb: did you hear that we seem to have found a free software first stage bootloader for the i9100G and that it doesn't seem to require any signature checks?
(01:01:27 AM) hpagseddy[m]: yes i compiled and ran it on my device with no problem
(01:01:59 AM) hpagseddy[m]: also fixed the old build a bit
(01:02:02 AM) hpagseddy[m]: >So i have an i9100g and compiled this without any errors in case you guys are interested
(01:05:55 AM) forkbomb: no, i didn't. very nice!
(01:06:35 AM) hpagseddy[m]: well i dont know how to use it so just compiled and flashed with odin
(01:06:45 AM) hpagseddy[m]: also one line fix hehe
(01:07:33 AM) hpagseddy[m]: it compiled with no problem on 4.6 gcc
(01:14:47 AM) sensiblemn: hpagseddy: it is my understanding that, since x-loader is EOL, and since Replicant wants to upstream as much code as we can, we would have to upstream what x-loader is doing into u-boot SPL, which i don't know how long it would take to do. the fact that very similar devices are already in upstream u-boot likely will help though, if we decide to pursue it.
(01:16:01 AM) hpagseddy[m]: Since it is open source, it is ok to keep it untill we have the device booted in my opinion
(01:16:17 AM) sensiblemn: yes, for sure.
(01:17:00 AM) hpagseddy[m]: but well last decision is yours since you guys are the replicant devs :)
(01:22:29 AM) sensiblemn: hpagseddy: have you tested LineageOS 13 on the device before?
(01:23:21 AM) hpagseddy[m]: yes it had several issues but performance was good
(01:23:33 AM) hpagseddy[m]: it had audio error which was so annoying
(01:23:41 AM) hpagseddy[m]: 12.1 was best
(01:24:22 AM) sensiblemn: what kind of audio error?
(01:25:51 AM) hpagseddy[m]: audio was some kind of disorted
(01:39:01 AM) sensiblemn: hpagseddy: did you notice any other issues?
(01:39:11 AM) sensiblemn: with 13?
(01:40:13 AM) hpagseddy[m]: Gps doesnt work
(01:40:18 AM) hpagseddy[m]: Night mode doesnt work
(01:16:15 AM) GNUtoo: do we have a git for u-boot or only a tarball?
(01:16:16 AM) hpagseddy[m]: sensiblemn:
(01:16:20 AM) hpagseddy[m]: i only know this page
(01:17:01 AM) hpagseddy[m]: search u-boot in the page for faster result
(01:17:19 AM) hpagseddy[m]: also this
(01:18:33 AM) hpagseddy[m]: so i know it uses u-boot but cant find a link either
(01:18:35 AM) GNUtoo: thanks
(01:18:56 AM) hpagseddy[m]: you're welcome
(01:19:56 AM) sensiblemn: GNUtoo: this looks like omap-usb-tool but it was recently updated
(01:21:37 AM) hpagseddy[m]: hmm, he forked this repo from
(01:22:03 AM) hpagseddy[m]: so he added sd card booting
(01:22:09 AM) hpagseddy[m]: and some fixed
(01:22:13 AM) hpagseddy[m]: fixes*
(01:22:25 AM) GNUtoo:
(01:22:29 AM) GNUtoo: but it seems down right nw
(01:22:32 AM) GNUtoo: *right now
(01:23:33 AM) GNUtoo: xloader from IRC logs:
(01:23:54 AM) GNUtoo: (thanks hpagseddy[m] )
(01:24:22 AM) hpagseddy[m]: you're welcome
(01:24:51 AM) hpagseddy[m]: i just fixed one line and decided to fork it
(01:26:17 AM) GNUtoo: Yes, I'll try to look into that a bit later, I'm just writing down the important infos in the wiki right now
(01:26:23 AM) GNUtoo: *look into the details
(01:26:59 AM) GNUtoo: And if you tested it on the device, then yours is known to work
01:56 <@GNUtoo> Did LineageOS or Cyanogenmod support it at some point?
01:57 < hpagseddy[m]> Cyanogenmod untill 13.0
01:57 < hpagseddy[m]> Omnirom 4.4 and 5.0.2
01:57 <@GNUtoo> ok, that explains why LineageOS has some stuff on it but nothing on the wiki
01:57 < hpagseddy[m]> thats all i remember and tested
01:58 < hpagseddy[m]> GNUtoo: yeah they just forked it and it just stays there
01:59 < hpagseddy[m]> but 12.1 is still cyanogen
02:00 < sensiblemn> there was an attempt made at 14.1 but it seems like it was unsuccessful because it wouldn't boot
02:00 < sensiblemn>
02:00 < hpagseddy[m]> also someone rebased cm11 to lineage 11


The PIT of the Galaxy SII (GT-I9100G) can be found in the GalaxySIII9100GPit page.

PIT Linux name mount point partition type block device Description
MLO Not visible on Linux First stage of bootloader
EFS mmcblk0p1 modem data partition
SBL1 mmcblk0p2
SBL2 Empty mmcblk0p3
PARAM mmcblk0p4
KERNEL None zImage mmcblk0p5 boot partition, See IsorecRecoveryIssue for more details
RECOVERY None mmcblk0p6 recovery partition, See IsorecRecoveryIssue for more details
CACHE mmcblk0p7 Android cache partition
MODEM mmcblk0p8 modem firmware partition
FACTORYFS mmcblk0p9 Android system partition
DATAFS mmcblk0p10 Android application data
UMS mmcblk0p11 user data (music, pictures, etc)
HIDDEN mmcblk0p12 contains some data, and Samsung APK

This was constructed from the PIT, TODO: check the partitions content


On a I9100G_CHN_CHN with Android 2.3.6 with the OMAP reported as being in HS mode we have:

--- Entry #0 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 1
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 0
Partition Block Count: 0
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: X-loader
Flash Filename: MLO
FOTA Filename: 

This doesn't give any indication of where is MLO, but it's clearly visible with an hexadecimal editor like vbindiff.

Offset from mmcblk0 size comments
0x20000 (256k) 256k MLO + potentially other stuff
0x40000 (512k) 256k MLO + potentially less other stuff

Though SBL1 and SBL2 have location and size reported my the bootloader with heimdall print-pit:

--- Entry #2 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 2
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 49152
Partition Block Count: 4096
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: SBL1
Flash Filename: Sbl.bin
FOTA Filename: 

--- Entry #3 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 3
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 53248
Partition Block Count: 4096
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: SBL2
Flash Filename: 
FOTA Filename: 


The device is not supported by TWRP, but it was supported by cyanogenmod recoveries:

That recovery is a zImage. Note that this recovery may not be FSDG compliant, so the first step would be to make a Replicant recovery for this device/

CyanogenMod support and stock Android with the version that has a signed bootloader

According to the I9100G CyanogenMod installation instructions , "Users running Android 2.3 on their I9100G MUST first upgrade to stock Android 4.x before installing CyanogenMod, or the device won't boot into the system due to it relying on a newer bootloader. A 4.1 bootloader is recommended."

However this approach has several issues.

The update doesn't work anymore.

It also requires you to put a SIM card in the device, which results in privacy issues.

In addition to that, it requires you to give the device a network connection, knowing that the device is running a proprietary Android distribution.

Once you do that it still fails with "Processing failed".

Right before the failure you can see "Signup for a Samsung account" on the top of the window with "Terms and conditions".

So it probably tries to access some page like which doesn't exist anymore, and it probably does that to show terms and conditions which were probably unacceptable.

They might also have legally prevented you to work on some part of Replicant if you agreed to them, depending on the country you are located in or you intend to travel to.

This is most probably not an issue with the versions that don't have a signed bootloader as the first stage bootloader could simply be replaced by a free software xloader.


This source was tested on the I9100G device by hpagseddy from #replicant, so we know that the bootloader is unsigned.

u-boot source

TODO: Request the source code to Samsung


As far is we get from what we've seen on the motherboard itself, here are our guesses about chips and what they do:

6030B1A5 21ZEDL9G2 G1 --- Power IC based on sellers on the web
TWL6040A2 22AH9SW G2 --- Audio codec made by TI
I9811 V 1.0B XG626 F2076538 --- Modem IC
SAMSUNG 210 KMVYLOOOLM-B503 --- EMMC Chip 16GB based on this forum thread
K3PE7E700D-XGC1 --- DDR DRAM chip, most likely 1GB


Updated by Hpag Seddy 3 months ago · 53 revisions