Project

General

Profile

Actions

GalaxySIIGTI9100G » History » Revision 72

« Previous | Revision 72/87 (diff) | Next »
Denis 'GNUtoo' Carikli, 04/03/2020 05:36 AM
Moved to OMAPBootrom


Galaxy S II (GT-I9100G)

Device Galaxy S II (GT-I9100G)
Manufacturer Samsung
Release date ?
Codename i9100G ?
Status Not supported yet
Variants GSM: GT-I9100G
Latest images None

History

Long time ago, we had reports that the "Galaxy SII" had an unsigned bootloader, but we didn't manage to confirm to which exact model it applied to, or if people assumed that the bootloader of the GT-I9100 was unsigned because it uses Xloader which is GPLv2. Samsung also published the source code of various Xloader versions they used on the GT-I9100G for different Android versions. However until now we weren't able to confirm that any device were able to run unsigned bootloaders. Though we verified that at least the bootloader of the I9100G_CHN_CHN is signed.

Rationale

  • Uses the samsung-ipc protocol
  • The modem probably uses MIPI, so it should be isolated
  • 1G of ram => it should be enough for Replicant 6 and 9

Wiki pages

Various IRC logs of research on it.

TODO:
  • Read the log below and remove what is not relevant
  • Add what is relevant in various pages of the Replicant wiki or Wikidata and point to that if it's in another page that this one (or wikidata).

GT-I9100G bootloader related

(08:47:20 PM) sensiblemn: GNUtoo: i just got a report from a postmarketOS developer saying that booting works with that free software x-loader repo for the i9100G that I found. they had to make a one line commit to get it building, but it boots. https://github.com/hpagseddy/i9100g_xloader/commit/0505138dd163959443f09b7178142c0472f60582
(08:48:24 PM) sensiblemn: so early reports suggest that we found a Galaxy S2 that has a free software bootloader. they said it doesn't even need to be signed with signGP.c.
(10:36:35 PM) hpagseddy[m]: So i have an i9100g and compiled this without any errors in case you guys are interested https://github.com/hpagseddy/i9100g_xloader
(10:49:32 PM) freekurt: thanks for jumping in here hpagseddy. we have been trying for quite some time to find a way to liberate the first stage bootloader on Exynos4 SoC based i9100 and i9300 devices. this is great news that the i9100G seems to have a free software first stage bootloader.
(10:51:08 PM) hpagseddy[m]: Yep, also there is a thing that i9100g is based on TI OMAP

GT-I9100G Linux upstreaming

(11:01:27 PM) hpagseddy[m]: Btw Droid 4 has mainline
(11:02:42 PM) hpagseddy[m]: i9100g uses same display and digitizer with i9100, has a broadcom wifi but sadly a PowerVR GPU
(11:10:48 PM) hpagseddy[m]: Since it uses same display and even same connectors
(11:11:06 PM) hpagseddy[m]: I know it because i am using i9100 display on my i9100g :)
(11:11:17 PM) hpagseddy[m]: Besides capacitive buttons, all functional
(11:11:48 PM) hpagseddy[m]: Even capacitive connector plugged in so if i do some kernel hacks i can get them working too
(11:11:50 PM) freekurt: we really appreciate your willingness to do testing if we decide to proceed with trying to mainline this device, which has yet to be determined.
(11:14:38 PM) freekurt: it seems as though this device would be quite attractive to other pmOS devs as well, now that the freedom of the bootloader appears to have been determined.
(11:15:19 PM) hpagseddy[m]: I hope so, i was the only maintainer over 2 years :)
(11:15:27 PM) hpagseddy[m]: Of this device
(11:15:37 PM) freekurt: :-) thanks for holding down the fort!
(11:15:52 PM) hpagseddy[m]: But if the device gets mainlined, things will definitely change

OMAP4 blaze reference platform related

(07:17:23 PM) sensiblemn: GNUtoo: ah, it seems like some OMAP devices are GP and others are HS, so the question is whether we can find smartphones and tablets that are GP. Looks like the Blaze Tablet released by TI is GP. https://wiki.tizen.org/Tizen_IVI_Getting_Started_Guide_For_PandaBoard#x-loader_config_files [...]
(07:22:26 PM) sensiblemn: also this very odd looking OMAP Blaze cell phone seems to be GP rather than HS. https://www.slashgear.com/texas-instruments-omap-blaze-on-sale-now-1485657/
(07:23:30 PM) sensiblemn: https://www.ebay.com/itm/TI-Stereo-Camera-Blaze-development-Plattform-im-Wert-von-1-800USD/131690215016
(07:24:04 PM) sensiblemn: https://web.archive.org/web/20180903060622/http://omapedia.org/wiki/OMAP4_Blaze

TODO: add the blaze, zoom1 (omap3), zoom2 to the reviewd devices and to wikidata

Android requirements

(10:58:08 PM) freekurt: 512 MB of RAM seems rough for AOSP 10, especially when we are trying to get it to work with 2D acceleration. 1GB should be much better.
=> TODO: check Android 10 requirements and add them to the wiki

Service mode (of the I9100G ?)

(11:23:17 PM) freekurt: hpagseddy: can you enter ServiceMode to determine what kind of modem it uses like was done here? https://www.anandtech.com/show/6386/samsung-galaxy-note-2-review-t-mobile-/9
(11:27:59 PM) freekurt: i'm trying to figure out what the code is to enter the service menu.
(11:29:52 PM) sunilmohan [~quassel@swecha/sunilmohan] entered the room.
(11:31:36 PM) freekurt: looks like it is *#32489#
(11:32:06 PM) freekurt: based on the bottom of this random website https://secretspecs.com/model/samsung/samsung-gt-i9100g/secret-code/
(11:34:02 PM) freekurt: i'm sorry, but i don't know how to navigate to the modem information, but it should look like this https://www.anandtech.com/Gallery/Album/2402#7
(11:34:43 PM) freekurt: hpagseddy: ^
(02/01/2020 12:06:23 AM) hpagseddy[m]: <freekurt "looks like it is *#32489#"> Didnt work
(12:23:11 AM) freekurt: thanks for reporting back. i don't have any more time right now to keep looking for the proper code. will likely ping you sometime later about it.
(12:24:20 AM) hpagseddy[m]: its ok i found the code
(12:27:42 AM) hpagseddy[m]: So i am at the main menu
(12:27:57 AM) hpagseddy[m]: what kind of modem name am i searching for?
(12:29:48 AM) sensiblemn: XMM6262 is an example of an intel based cellular modem
(12:30:10 AM) sensiblemn: actually, i'm mistaken about that
(12:30:24 AM) sensiblemn: CMC221 is intel if i'm not mistaken
(12:30:31 AM) sensiblemn: MDM9615 is qualcomm
(12:30:51 AM) sensiblemn: i don't know if all cell modem names follow the same naming structure
(12:33:06 AM) sensiblemn: some other qualcomm modems start with IPQ, MSM, QCS, and SDM
(12:33:21 AM) sensiblemn: *i think*
(12:33:23 AM) hpagseddy[m]: SP6260?
(12:37:10 AM) freekurt: yeah, that might be it. https://forum.xda-developers.com/showpost.php?p=76556946&postcount=38
(12:37:25 AM) freekurt: looks like that page suggests that the i9300T has that modem
(12:37:44 AM) hpagseddy[m]: oh nice
(12:38:39 AM) hpagseddy[m]: it was really hard to navigate throught service mode without menu and back keys
(12:39:20 AM) hpagseddy[m]: So the fullname is like SP6260_T1_01.1300
(12:44:13 AM) hpagseddy[m]: What if itis "XMM6260"???
(12:44:19 AM) hpagseddy[m]: * What if it is "XMM6260"???
(12:44:59 AM) sensiblemn: are you seeing that in service mode?
(12:47:36 AM) hpagseddy[m]: no
(12:47:52 AM) hpagseddy[m]: i just saw SP6260_T1_01.1300
(12:48:22 AM) hpagseddy[m]: since the numbers match and XMM6260 used in S2
(12:48:31 AM) hpagseddy[m]: i made a conclusion like this
(12:51:03 AM) forkbomb: i'm pretty sure it would be XMM6260 or XMM6262, same as i9300
(12:51:21 AM) sensiblemn: oh, that sounds convenient!
(12:51:50 AM) hpagseddy[m]: Perfect
(12:51:55 AM) forkbomb: the i9300T is just a Telstra branded i9300 afaik
(12:52:17 AM) sensiblemn: forkbomb: we are wondering about the i9100G though
(12:52:49 AM) hpagseddy[m]: <freekurt "yeah, that might be it. https://"> i9300T has the same SP6260 naming as i9100g as this shows
(12:53:10 AM) sensiblemn: you're correct
(12:54:16 AM) sensiblemn: also, not sure if this is the correct defconfig, but this kernel from samsung suggests it is xmm6260 also https://github.com/LineageOS/android_kernel_samsung_t1/blob/10ca03795f659f6f1fa995e8c300a08c3a133354/arch/arm/configs/android_t1_omap4430_r03_eng_defconfig#L1097
(12:55:09 AM) hpagseddy[m]: t1, thats correct
(12:55:18 AM) hpagseddy[m]: but the defconfig isnt
(12:55:48 AM) hpagseddy[m]: https://github.com/LineageOS/android_kernel_samsung_t1/blob/10ca03795f659f6f1fa995e8c300a08c3a133354/arch/arm/configs/cyanogenmod_i9100g_defconfig
(12:55:52 AM) hpagseddy[m]: this is for the device
(12:56:01 AM) forkbomb: hpagseddy[m]: ah, the i9100G is different i think
(12:56:06 AM) forkbomb: it's OMAP based
(12:56:10 AM) hpagseddy[m]: other one was for the development board??
(12:56:15 AM) hpagseddy[m]: Yes it is
(12:56:23 AM) hpagseddy[m]: TI OMAP4430, same as Droid 4
(12:56:58 AM) sensiblemn: actually, this looks like the correct defconfig for it, still says xmm6260 https://github.com/LineageOS/android_kernel_samsung_t1/blob/cm-12.1/arch/arm/configs/android_t1_omap4430_r03_eng_defconfig#L1097
(12:57:38 AM) hpagseddy[m]: i think so
(12:57:48 AM) hpagseddy[m]: if it has t1 then it is i9100g
(12:58:17 AM) sensiblemn: dang, i messed that last link up. this is it. final answer. https://github.com/LineageOS/android_kernel_samsung_t1/blob/10ca03795f659f6f1fa995e8c300a08c3a133354/arch/arm/configs/cyanogenmod_i9100g_defconfig#L1107
(12:59:50 AM) hpagseddy[m]: the other one is most likely development board or prototype configs

TODO: Notify forkbomb

(01:00:57 AM) sensiblemn: forkbomb: did you hear that we seem to have found a free software first stage bootloader for the i9100G and that it doesn't seem to require any signature checks?
(01:01:27 AM) hpagseddy[m]: yes i compiled and ran it on my device with no problem
(01:01:59 AM) hpagseddy[m]: also fixed the old build a bit
(01:02:02 AM) hpagseddy[m]: >So i have an i9100g and compiled this without any errors in case you guys are interested https://github.com/hpagseddy/i9100g_xloader
(01:05:55 AM) forkbomb: no, i didn't. very nice!
(01:06:35 AM) hpagseddy[m]: well i dont know how to use it so just compiled and flashed with odin
(01:06:45 AM) hpagseddy[m]: also one line fix hehe
(01:07:33 AM) hpagseddy[m]: it compiled with no problem on 4.6 gcc
(01:14:47 AM) sensiblemn: hpagseddy: it is my understanding that, since x-loader is EOL, and since Replicant wants to upstream as much code as we can, we would have to upstream what x-loader is doing into u-boot SPL, which i don't know how long it would take to do. the fact that very similar devices are already in upstream u-boot likely will help though, if we decide to pursue it.
(01:16:01 AM) hpagseddy[m]: Since it is open source, it is ok to keep it untill we have the device booted in my opinion
(01:16:17 AM) sensiblemn: yes, for sure.
(01:17:00 AM) hpagseddy[m]: but well last decision is yours since you guys are the replicant devs :)

LineageOS support

(01:22:29 AM) sensiblemn: hpagseddy: have you tested LineageOS 13 on the device before? https://forum.xda-developers.com/galaxy-s2/development/rom-lineageos-13-0-t3620246
(01:23:21 AM) hpagseddy[m]: yes it had several issues but performance was good
(01:23:33 AM) hpagseddy[m]: it had audio error which was so annoying
(01:23:41 AM) hpagseddy[m]: 12.1 was best
(01:24:22 AM) sensiblemn: what kind of audio error?
(01:25:51 AM) hpagseddy[m]: audio was some kind of disorted
(01:39:01 AM) sensiblemn: hpagseddy: did you notice any other issues?
(01:39:11 AM) sensiblemn: with 13?
(01:40:13 AM) hpagseddy[m]: Gps doesnt work
(01:40:18 AM) hpagseddy[m]: Night mode doesnt work

01:56 <@GNUtoo> Did LineageOS or Cyanogenmod support it at some point?
01:57 < hpagseddy[m]> Cyanogenmod untill 13.0
01:57 < hpagseddy[m]> Omnirom 4.4 and 5.0.2
01:57 <@GNUtoo> ok, that explains why LineageOS has some stuff on it but nothing on the wiki
01:57 < hpagseddy[m]> thats all i remember and tested
[...]
01:58 < hpagseddy[m]> GNUtoo: yeah they just forked it and it just stays there
[...]
01:59 < hpagseddy[m]> but 12.1 is still cyanogen
02:00 < sensiblemn> there was an attempt made at 14.1 but it seems like it was unsuccessful because it wouldn't boot
02:00 < sensiblemn> https://github.com/xdaamg/android_device_samsung_i9100g/tree/cm-14.1
02:00 < hpagseddy[m]> also someone rebased cm11 to lineage 11

TODO: look at omap-usb-tool patches and merge them or ask for sending patches for review

(01:19:56 AM) sensiblemn: GNUtoo: this looks like omap-usb-tool but it was recently updated https://github.com/LukasTomek/omapboot
(01:21:37 AM) hpagseddy[m]: hmm, he forked this repo from https://github.com/kousu/omapboot
(01:22:03 AM) hpagseddy[m]: so he added sd card booting
(01:22:09 AM) hpagseddy[m]: and some fixed
(01:22:13 AM) hpagseddy[m]: fixes*
(01:22:25 AM) GNUtoo: https://git.paulk.fr/omap-usb-boot.git
(01:22:29 AM) GNUtoo: but it seems down right nw
(01:22:32 AM) GNUtoo: *right now

Diff between the samsung xloader and hpagseddy xloader

(01:24:51 AM) hpagseddy[m]: i just fixed one line and decided to fork it

TODO: re-find the changed line / fix . It was linked to somewhere on that IRC log or wiki.

Partitions

The PIT of the Galaxy SII (GT-I9100G) can be found in the GalaxySIII9100GPit page.

PIT Linux name mount point partition type block device Description
MLO Not visible on Linux First stage of bootloader
EFS mmcblk0p1 modem data partition
SBL1 mmcblk0p2
SBL2 Empty mmcblk0p3
PARAM mmcblk0p4
KERNEL None zImage mmcblk0p5 boot partition, See IsorecRecoveryIssue for more details
RECOVERY None mmcblk0p6 recovery partition, See IsorecRecoveryIssue for more details
CACHE mmcblk0p7 Android cache partition
MODEM mmcblk0p8 modem firmware partition
FACTORYFS mmcblk0p9 Android system partition
DATAFS mmcblk0p10 Android application data
UMS mmcblk0p11 user data (music, pictures, etc)
HIDDEN mmcblk0p12 contains some data, and Samsung APK

This was constructed from the PIT, TODO: check the partitions content

MLO

On a I9100G_CHN_CHN with Android 2.3.6 with the OMAP reported as being in HS mode we have:

--- Entry #0 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 1
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 0
Partition Block Count: 0
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: X-loader
Flash Filename: MLO
FOTA Filename: 

This doesn't give any indication of where is MLO, but it's clearly visible with an hexadecimal editor like vbindiff.

Offset from mmcblk0 size comments
0x20000 (256k) 256k MLO + potentially other stuff
0x40000 (512k) 256k MLO + potentially less other stuff

Though SBL1 and SBL2 have location and size reported my the bootloader with heimdall print-pit:

--- Entry #2 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 2
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 49152
Partition Block Count: 4096
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: SBL1
Flash Filename: Sbl.bin
FOTA Filename: 

--- Entry #3 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 3
Attributes: 0 (Read-Only)
Update Attributes: 0
Partition Block Size/Offset: 53248
Partition Block Count: 4096
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: SBL2
Flash Filename: 
FOTA Filename: 

Recovery

The device is not supported by TWRP, but it was supported by cyanogenmod recoveries:

https://web.archive.org/web/20190328070606/http://download.cyanogenmod.org:80/?device=i9100g

That recovery is a zImage. Note that this recovery may not be FSDG compliant, so the first step would be to make a Replicant recovery for this device/

CyanogenMod support and stock Android with the version that has a signed bootloader

According to the I9100G CyanogenMod installation instructions , "Users running Android 2.3 on their I9100G MUST first upgrade to stock Android 4.x before installing CyanogenMod, or the device won't boot into the system due to it relying on a newer bootloader. A 4.1 bootloader is recommended."

However this approach has several issues.

The update doesn't work anymore.

It also requires you to put a SIM card in the device, which results in privacy issues.

In addition to that, it requires you to give the device a network connection, knowing that the device is running a proprietary Android distribution.

Once you do that it still fails with "Processing failed".

Right before the failure you can see "Signup for a Samsung account" on the top of the window with "Terms and conditions".

So it probably tries to access some page like https://bada.com/contents/deviceterms/china/208.txt which doesn't exist anymore, and it probably does that to show terms and conditions which were probably unacceptable.

They might also have legally prevented you to work on some part of Replicant if you agreed to them, depending on the country you are located in or you intend to travel to.

This is most probably not an issue with the versions that don't have a signed bootloader as the first stage bootloader could simply be replaced by a free software xloader.

Bootloaders

See GTI9100GBootloaderFreedom and GTI9100GBootloaderInterface

Hardware

Sumary

As far is we get from what we've seen on the motherboard itself, here are our guesses about chips and what they do:

PCB details

Chips markings:

Ti logo
6030B1A5
21ZEDL9G2
G1
TI logo
TWL6040A2
22AH9SW G2
G1

I'm not sure about G1, maybe it's Gi or G|

Modem:

I9811
V 1.0B
XG626
H1207

And on the right side, there is F2076538 written.

There is a small battery soldered. That might be interesting if it's able to keep the correct time when the battery is removed.
If not you need to run disable-modem.sh then to turn off the phone and remove the battery, and then put on the battery, set the correct time, and then enable-modem.sh

SAMSUNG 210
K3PF7E700 XGC1
GKB2609G

There are with many capacitors around

Links about similar chips:

The links talk about things like LPDDR2. The links are not for the same chip but, for the second part number, the reference is pretty close ( K3PE7E700M-XGC1 )

The third link has a description with "Mobile DRAM LPDDR2" and "Package: FBGA"

FBGA is "Fine Ball Grid Array based on ball grid array technology. It has thinner contacts and is mainly used in system-on-a-chip designs" according to wikipedia

SOC (and eMMC?):

SAMSUNG 210
KMVYLOOOLM-B503
CrBM60E1
Maybe MDL5 15

I'm not 100% sure of the last line (Maybe MDL5 15) as there are stuff printed with a blue ink on top (040321)

Links

Updated by Denis 'GNUtoo' Carikli over 4 years ago · 72 revisions

Also available in: PDF HTML TXT