GalaxySIIGTI9100G » History » Revision 80
« Previous |
| Next »
Hpag Seddy, 04/03/2020 03:44 PM
Galaxy S II (GT-I9100G)¶
- Table of contents
- Galaxy S II (GT-I9100G)
- Wiki pages
- Various IRC logs of research on it.
- CyanogenMod support and stock Android with the version that has a signed bootloader
|Device||Galaxy S II (GT-I9100G)|
|Status||Not supported yet|
Long time ago, we had reports that the "Galaxy SII" had an unsigned bootloader, but we didn't manage to confirm to which exact model it applied to, or if people assumed that the bootloader of the GT-I9100 was unsigned because it uses Xloader which is GPLv2. Samsung also published the source code of various Xloader versions they used on the GT-I9100G for different Android versions. However until now we weren't able to confirm that any device were able to run unsigned bootloaders. Though we verified that at least the bootloader of the I9100G_CHN_CHN is signed.
- Uses the samsung-ipc protocol
- The modem probably uses MIPI, so it should be isolated
- 1G of ram => it should be enough for Replicant 6 and 9
- I9100GBootloader: Research on bootloader freedom for the GT-I9100G
Various IRC logs of research on it.¶TODO:
- Read the log below and remove what is not relevant
- Add what is relevant in various pages of the Replicant wiki or Wikidata and point to that if it's in another page that this one (or wikidata).
GT-I9100G bootloader related¶
(08:47:20 PM) sensiblemn: GNUtoo: i just got a report from a postmarketOS developer saying that booting works with that free software x-loader repo for the i9100G that I found. they had to make a one line commit to get it building, but it boots. https://github.com/hpagseddy/i9100g_xloader/commit/0505138dd163959443f09b7178142c0472f60582
(08:48:24 PM) sensiblemn: so early reports suggest that we found a Galaxy S2 that has a free software bootloader. they said it doesn't even need to be signed with signGP.c.
(10:36:35 PM) hpagseddy[m]: So i have an i9100g and compiled this without any errors in case you guys are interested https://github.com/hpagseddy/i9100g_xloader
(10:49:32 PM) freekurt: thanks for jumping in here hpagseddy. we have been trying for quite some time to find a way to liberate the first stage bootloader on Exynos4 SoC based i9100 and i9300 devices. this is great news that the i9100G seems to have a free software first stage bootloader.
(10:51:08 PM) hpagseddy[m]: Yep, also there is a thing that i9100g is based on TI OMAP
GT-I9100G Linux upstreaming¶
(11:01:27 PM) hpagseddy[m]: Btw Droid 4 has mainline
(11:02:42 PM) hpagseddy[m]: i9100g uses same display and digitizer with i9100, has a broadcom wifi but sadly a PowerVR GPU
(11:10:48 PM) hpagseddy[m]: Since it uses same display and even same connectors
(11:11:06 PM) hpagseddy[m]: I know it because i am using i9100 display on my i9100g :)
(11:11:17 PM) hpagseddy[m]: Besides capacitive buttons, all functional
(11:11:48 PM) hpagseddy[m]: Even capacitive connector plugged in so if i do some kernel hacks i can get them working too
(11:11:50 PM) freekurt: we really appreciate your willingness to do testing if we decide to proceed with trying to mainline this device, which has yet to be determined.
(11:14:38 PM) freekurt: it seems as though this device would be quite attractive to other pmOS devs as well, now that the freedom of the bootloader appears to have been determined.
(11:15:19 PM) hpagseddy[m]: I hope so, i was the only maintainer over 2 years :)
(11:15:27 PM) hpagseddy[m]: Of this device
(11:15:37 PM) freekurt: :-) thanks for holding down the fort!
(11:15:52 PM) hpagseddy[m]: But if the device gets mainlined, things will definitely change
OMAP4 blaze reference platform related¶
(07:17:23 PM) sensiblemn: GNUtoo: ah, it seems like some OMAP devices are GP and others are HS, so the question is whether we can find smartphones and tablets that are GP. Looks like the Blaze Tablet released by TI is GP. https://wiki.tizen.org/Tizen_IVI_Getting_Started_Guide_For_PandaBoard#x-loader_config_files [...]
(07:22:26 PM) sensiblemn: also this very odd looking OMAP Blaze cell phone seems to be GP rather than HS. https://www.slashgear.com/texas-instruments-omap-blaze-on-sale-now-1485657/
(07:23:30 PM) sensiblemn: https://www.ebay.com/itm/TI-Stereo-Camera-Blaze-development-Plattform-im-Wert-von-1-800USD/131690215016
(07:24:04 PM) sensiblemn: https://web.archive.org/web/20180903060622/http://omapedia.org/wiki/OMAP4_Blaze
TODO: add the blaze, zoom1 (omap3), zoom2 to the reviewd devices and to wikidata
(10:58:08 PM) freekurt: 512 MB of RAM seems rough for AOSP 10, especially when we are trying to get it to work with 2D acceleration. 1GB should be much better.
=> TODO: check Android 10 requirements and add them to the wiki
(12:51:55 AM) forkbomb: the i9300T is just a Telstra branded i9300 afaik
(12:52:49 AM) hpagseddy[m]: <freekurt "yeah, that might be it. https://"> i9300T has the same SP6260 naming as i9100g as this shows
(12:53:10 AM) sensiblemn: you're correct
(12:54:16 AM) sensiblemn: also, not sure if this is the correct defconfig, but this kernel from samsung suggests it is xmm6260 also https://github.com/LineageOS/android_kernel_samsung_t1/blob/10ca03795f659f6f1fa995e8c300a08c3a133354/arch/arm/configs/android_t1_omap4430_r03_eng_defconfig#L1097
(12:55:09 AM) hpagseddy[m]: t1, thats correct
(12:55:18 AM) hpagseddy[m]: but the defconfig isnt
(12:55:48 AM) hpagseddy[m]: https://github.com/LineageOS/android_kernel_samsung_t1/blob/10ca03795f659f6f1fa995e8c300a08c3a133354/arch/arm/configs/cyanogenmod_i9100g_defconfig
(12:55:52 AM) hpagseddy[m]: this is for the device
TODO: Notify forkbomb¶
(01:00:57 AM) sensiblemn: forkbomb: did you hear that we seem to have found a free software first stage bootloader for the i9100G and that it doesn't seem to require any signature checks?
(01:01:27 AM) hpagseddy[m]: yes i compiled and ran it on my device with no problem
(01:01:59 AM) hpagseddy[m]: also fixed the old build a bit
(01:02:02 AM) hpagseddy[m]: >So i have an i9100g and compiled this without any errors in case you guys are interested https://github.com/hpagseddy/i9100g_xloader
(01:05:55 AM) forkbomb: no, i didn't. very nice!
(01:06:35 AM) hpagseddy[m]: well i dont know how to use it so just compiled and flashed with odin
(01:06:45 AM) hpagseddy[m]: also one line fix hehe
(01:07:33 AM) hpagseddy[m]: it compiled with no problem on 4.6 gcc
(01:14:47 AM) sensiblemn: hpagseddy: it is my understanding that, since x-loader is EOL, and since Replicant wants to upstream as much code as we can, we would have to upstream what x-loader is doing into u-boot SPL, which i don't know how long it would take to do. the fact that very similar devices are already in upstream u-boot likely will help though, if we decide to pursue it.
(01:16:01 AM) hpagseddy[m]: Since it is open source, it is ok to keep it untill we have the device booted in my opinion
(01:16:17 AM) sensiblemn: yes, for sure.
(01:17:00 AM) hpagseddy[m]: but well last decision is yours since you guys are the replicant devs :)
(01:22:29 AM) sensiblemn: hpagseddy: have you tested LineageOS 13 on the device before? https://forum.xda-developers.com/galaxy-s2/development/rom-lineageos-13-0-t3620246
(01:23:21 AM) hpagseddy[m]: yes it had several issues but performance was good
(01:23:33 AM) hpagseddy[m]: it had audio error which was so annoying
(01:23:41 AM) hpagseddy[m]: 12.1 was best
(01:24:22 AM) sensiblemn: what kind of audio error?
(01:25:51 AM) hpagseddy[m]: audio was some kind of disorted
(01:39:01 AM) sensiblemn: hpagseddy: did you notice any other issues?
(01:39:11 AM) sensiblemn: with 13?
(01:40:13 AM) hpagseddy[m]: Gps doesnt work
(01:40:18 AM) hpagseddy[m]: Night mode doesnt work
01:56 <@GNUtoo> Did LineageOS or Cyanogenmod support it at some point?
01:57 < hpagseddy[m]> Cyanogenmod untill 13.0
01:57 < hpagseddy[m]> Omnirom 4.4 and 5.0.2
01:57 <@GNUtoo> ok, that explains why LineageOS has some stuff on it but nothing on the wiki
01:57 < hpagseddy[m]> thats all i remember and tested
01:58 < hpagseddy[m]> GNUtoo: yeah they just forked it and it just stays there
01:59 < hpagseddy[m]> but 12.1 is still cyanogen
02:00 < sensiblemn> there was an attempt made at 14.1 but it seems like it was unsuccessful because it wouldn't boot
02:00 < sensiblemn> https://github.com/xdaamg/android_device_samsung_i9100g/tree/cm-14.1
02:00 < hpagseddy[m]> also someone rebased cm11 to lineage 11
TODO: look at omap-usb-tool patches and merge them or ask for sending patches for review¶
(01:19:56 AM) sensiblemn: GNUtoo: this looks like omap-usb-tool but it was recently updated https://github.com/LukasTomek/omapboot
(01:21:37 AM) hpagseddy[m]: hmm, he forked this repo from https://github.com/kousu/omapboot
(01:22:03 AM) hpagseddy[m]: so he added sd card booting
(01:22:09 AM) hpagseddy[m]: and some fixed
(01:22:13 AM) hpagseddy[m]: fixes*
(01:22:25 AM) GNUtoo: https://git.paulk.fr/omap-usb-boot.git
(01:22:29 AM) GNUtoo: but it seems down right nw
(01:22:32 AM) GNUtoo: *right now
Diff between the samsung xloader and hpagseddy xloader¶
hpagseddy's fork consists of Samsung source code with the addition of a fix to enable to build it .
The PIT of the Galaxy SII (GT-I9100G) can be found in the GalaxySIII9100GPit page.
|PIT||Linux name||mount point||partition type||block device||Description|
|MLO||Not visible on Linux||First stage of bootloader|
|EFS||mmcblk0p1||modem data partition|
|KERNEL||None||zImage||mmcblk0p5||boot partition, See IsorecRecoveryIssue for more details|
|RECOVERY||None||mmcblk0p6||recovery partition, See IsorecRecoveryIssue for more details|
|CACHE||mmcblk0p7||Android cache partition|
|MODEM||mmcblk0p8||modem firmware partition|
|FACTORYFS||mmcblk0p9||Android system partition|
|DATAFS||mmcblk0p10||Android application data|
|UMS||mmcblk0p11||user data (music, pictures, etc)|
|HIDDEN||mmcblk0p12||contains some data, and Samsung APK|
This was constructed from the PIT, TODO: check the partitions content
On a I9100G_CHN_CHN with Android 2.3.6 with the OMAP reported as being in HS mode we have:
--- Entry #0 --- Binary Type: 0 (AP) Device Type: 2 (MMC) Identifier: 1 Attributes: 0 (Read-Only) Update Attributes: 0 Partition Block Size/Offset: 0 Partition Block Count: 0 File Offset (Obsolete): 0 File Size (Obsolete): 0 Partition Name: X-loader Flash Filename: MLO FOTA Filename:
This doesn't give any indication of where is MLO, but it's clearly visible with an hexadecimal editor like vbindiff.
|Offset from mmcblk0||size||comments|
|0x20000 (256k)||256k||MLO + potentially other stuff|
|0x40000 (512k)||256k||MLO + potentially less other stuff|
Though SBL1 and SBL2 have location and size reported my the bootloader with heimdall print-pit:
--- Entry #2 --- Binary Type: 0 (AP) Device Type: 2 (MMC) Identifier: 2 Attributes: 0 (Read-Only) Update Attributes: 0 Partition Block Size/Offset: 49152 Partition Block Count: 4096 File Offset (Obsolete): 0 File Size (Obsolete): 0 Partition Name: SBL1 Flash Filename: Sbl.bin FOTA Filename:
--- Entry #3 --- Binary Type: 0 (AP) Device Type: 2 (MMC) Identifier: 3 Attributes: 0 (Read-Only) Update Attributes: 0 Partition Block Size/Offset: 53248 Partition Block Count: 4096 File Offset (Obsolete): 0 File Size (Obsolete): 0 Partition Name: SBL2 Flash Filename: FOTA Filename:
The device is not supported by TWRP, but it was supported by cyanogenmod recoveries:
That recovery is a zImage. Note that this recovery may not be FSDG compliant, so the first step would be to make a Replicant recovery for this device/
CyanogenMod support and stock Android with the version that has a signed bootloader¶
According to the I9100G CyanogenMod installation instructions , "Users running Android 2.3 on their I9100G MUST first upgrade to stock Android 4.x before installing CyanogenMod, or the device won't boot into the system due to it relying on a newer bootloader. A 4.1 bootloader is recommended."
However this approach has several issues.
The update doesn't work anymore.
It also requires you to put a SIM card in the device, which results in privacy issues.
In addition to that, it requires you to give the device a network connection, knowing that the device is running a proprietary Android distribution.
Once you do that it still fails with "Processing failed".
Right before the failure you can see "Signup for a Samsung account" on the top of the window with "Terms and conditions".
So it probably tries to access some page like https://bada.com/contents/deviceterms/china/208.txt which doesn't exist anymore, and it probably does that to show terms and conditions which were probably unacceptable.
They might also have legally prevented you to work on some part of Replicant if you agreed to them, depending on the country you are located in or you intend to travel to.
This is most probably not an issue with the versions that don't have a signed bootloader as the first stage bootloader could simply be replaced by a free software xloader.
See GTI9100GBootloaderFreedom and GTI9100GBootloaderInterface
|GPU||OMAP => PowerVR||?||Offuscated Linux pipe driver, proprietary userspace|
|Modem||XMM6260||Linux kernel||TODO: Add support for the I9100G libsamsung-ipc and BoardConfig.mk|
|NFC||?||?||Linux kernel support|
|Display||Same than Galaxy SII?||?||?|
|Power Management IC (PMIC)||TWL something||?||?|
As far is we get from what we've seen on the motherboard itself, here are our guesses about chips and what they do:
- 6030B1A5 21ZEDL9G2 G1 --- Power IC based on sellers on the web
- TWL6040A2 22AH9SW G2 --- Audio codec made by TI https://www.alldatasheet.com/datasheet-pdf/pdf/862981/TI1/TWL6040A2.html
- Modem: XMM6260
- SAMSUNG 210 KMVYLOOOLM-B503 --- EMMC Chip 16GB based on this forum thread https://www.mcrf.ru/forum/showthread.php?t=40277
- K3PE7E700D-XGC1 --- DDR DRAM chip, most likely 1GB
Ti logo 6030B1A5 21ZEDL9G2 G1
TI logo TWL6040A2 22AH9SW G2 G1
I'm not sure about G1, maybe it's Gi or G|
I9811 V 1.0B XG626 H1207
And on the right side, there is F2076538 written.
There is a small battery soldered. That might be interesting if it's able to keep the correct time when the battery is removed.
If not you need to run disable-modem.sh then to turn off the phone and remove the battery, and then put on the battery, set the correct time, and then enable-modem.sh
SAMSUNG 210 K3PF7E700 XGC1 GKB2609G
There are with many capacitors aroundLinks about similar chips:
- https://commons.wikimedia.org/wiki/File:Samsung_Galaxy_Tab_2_10.1_-_Samsung_K3PE7E700M-XGC1-3956.jpg Interesting
The links talk about things like LPDDR2. The links are not for the same chip but, for the second part number, the reference is pretty close ( K3PE7E700M-XGC1 )
The third link has a description with "Mobile DRAM LPDDR2" and "Package: FBGA"
FBGA is "Fine Ball Grid Array based on ball grid array technology. It has thinner contacts and is mainly used in system-on-a-chip designs" according to wikipedia
SOC (and eMMC?):
SAMSUNG 210 KMVYLOOOLM-B503 CrBM60E1 Maybe MDL5 15
I'm not 100% sure of the last line (Maybe MDL5 15) as there are stuff printed with a blue ink on top (040321)
- Some links talk about "CPU":
- Other eMMC: http://forum.gsmhosting.com/vbb/f672/direct-emmc-connection-failed-pinout-wrong-1807131/
- Official support for CyanogenMod
- Unofficial LineageOS 13 for the I9100G
- Infos on the bootloader: https://forum.xda-developers.com/galaxy-s2/development/guide-repair-totally-sleep-dead-boot-t1701471
- Infos on xloader and how to make a serial port adapter
Updated by Hpag Seddy about 3 years ago · 80 revisions