ModemFirmwarePartitions » History » Version 2
Denis 'GNUtoo' Carikli, 02/24/2021 02:22 PM
update firmware partition parsing tool link
1 | 1 | Denis 'GNUtoo' Carikli | h1. ModemFirmwarePartitions |
---|---|---|---|
2 | |||
3 | h2. Modem partitions |
||
4 | |||
5 | |_. Name |_. Content |_. GT-I9100 |_. GT-N7000 |_. GT-I9250 |_. GT-I9300 |_. GT-N7100 |_. GT-P3100 |_. GT-N5100 |_. GT-P5100 | |
||
6 | | TOC | Partition table |\3. None |\4. [ 0x0 -> 0xfff ] |TODO | |
||
7 | | PSIRAM | First stage bootloader |\3. [ 0x0 -> 0xefff ] |\5. [ 0x1000 -> 0xefff ] | |
||
8 | | EBL | Second stage bootloader ? |\8. [ 0xF000 -> 0x27fff ] | |
||
9 | | MAIN | ? |\3. [ 0x28000 -> 0x9fffff ] |\5. [ 0x28000 -> 0x9ff7ff ] | |
||
10 | | SECPACK | ? |\8. [ 0x9ff800 -> 0x9fffff ] | |
||
11 | | NV | nvdata default values |\8. [ 0xa00000 -> 0xbfffff ] | |
||
12 | |||
13 | |_. Name |_. Content |_. aries | |
||
14 | | TOC | Partition table | None | |
||
15 | | PSIRAM | First stage bootloader | [ 0x0-> 0x4fff ] | |
||
16 | | MAIN? | Modem firmware? Is it splitable? | [ 0x5000 -> 0x9fffff ] | |
||
17 | | NV | ? (/efs/nv_data.bin loaded instead) | | |
||
18 | |\2. Filled with only 0xffff | [ 0xa00000 -> 0xbfffff ] | |
||
19 | |\2. Modem firmware size | 12 MiB | |
||
20 | |||
21 | |_. Name |_. Content |_. crespo | |
||
22 | | TOC | Partition table |\ None | |
||
23 | | PSIRAM | First stage bootloader | [ 0x0-> 0x4fff ] | |
||
24 | | MAIN? | Modem firmware? Is it splitable? | [ 0x5000 -> 0x9fffff ] | |
||
25 | | NV | ? (/efs/nv_data.bin loaded instead) | |
||
26 | | Beside very few data (144 bytes starting at 0xc00000 ), it's filled with 0xFFs | [ 0xa00000 -> 0xd7ffff ] | |
||
27 | |\2. Modem firmware size | 13.5 MiB | |
||
28 | |||
29 | And the respective libsamsung-ipc functions: |
||
30 | |||
31 | |_. Partition |_. Content |_. aries |_. crespo |_. GT-I9100 |_. GT-N7000 |_. GT-I9250 |_. GT-I9300 |_. GT-N7100 |_. GT-P3100 |_. GT-P5100 |_. GT-N5100 | |
||
32 | | PSIRAM | First stage bootloader |\2. xmm616_psi_send |\2. xmm626_hsic_psi_send | xmm626_mipi_psi_send |\2. xmm626_hsic_psi_send |\2. xmm626_mipi_psi_send | xmm626_hsic_psi_send | |
||
33 | | EBL | Second stage bootloader ? |\2. ? |\2. xmm626_hsic_ebl_send | xmm626_mipi_ebl_send |\2. xmm626_hsic_ebl_send |\2. xmm626_mipi_ebl_send | xmm626_hsic_ebl_send | |
||
34 | | MAIN | ? |\2. xmm616_firmware_send |\2. xmm626_hsic_firmware_send | xmm626_mipi_firmware_send |\2. xmm626_hsic_firmware_send |\2. xmm626_mipi_firmware_send | xmm626_hsic_firmware_send | |
||
35 | | SECPACK | ? |\2. ? |\2. xmm626_hsic_sec_start_send | xmm626_mipi_sec_start_send |\2. xmm626_hsic_sec_start_send |\2. xmm626_mipi_sec_start_send | xmm626_hsic_sec_start_send | |
||
36 | | NV |nvdata default values |\2. xmm616_nv_data_send |\2. xmm626_hsic_nv_data_send | xmm626_mipi_nv_data_send |\2. xmm626_hsic_nv_data_send |\2. xmm626_mipi_nv_data_send | xmm626_hsic_nv_data_send | |
||
37 | |||
38 | At least some of these functions can be merged together if we have a modem_data_send function: |
||
39 | * The only difference between xmm626_mipi_nv_data_send and xmm626_mipi_hsic_data_send is the use of xmm626_mipi_modem_data_send vs xmm626_hsic_modem_data_send |
||
40 | |||
41 | TODO: find the place in libsamsung-ipc source mentioning that |
||
42 | |||
43 | References for the table: |
||
44 | * https://git.replicant.us/replicant/hardware_replicant_libsamsung-ipc/tree/samsung-ipc/devices/i9300/i9300.h?id=9ff9785a7f48e32f107ca7fb2e298b1320ad4cbc |
||
45 | * https://git.replicant.us/replicant/hardware_replicant_libsamsung-ipc/tree/samsung-ipc/devices/n7100/n7100.h?id=9ff9785a7f48e32f107ca7fb2e298b1320ad4cbc |
||
46 | * Verified on GT-I9300 and GT-N7100 modem partition table |
||
47 | |||
48 | h4. GT-I9300, GT-N7100, GT-P3100 modem partition table dump |
||
49 | |||
50 | TODO: |
||
51 | 2 | Denis 'GNUtoo' Carikli | * Send patch for the "modem-partition-tool":https://git.replicant.us/contrib/GNUtoo/hardware_replicant_libsamsung-ipc/tree/tools/modem-image-tool.c?h=patches-todo/modem-firwmare-toc#n33 |
52 | 1 | Denis 'GNUtoo' Carikli | * Make sure that we know the device from the command line |
53 | * Understand the field depths along the way when supporting more devices |
||
54 | * Document all other devices that don't have this partition table |
||
55 | * Find the name of this partition table |
||
56 | |||
57 | <pre> |
||
58 | $ hexdump -C RADIO.img |
||
59 | 00000000 50 53 49 52 41 4d 00 00 00 00 00 00 00 10 00 00 |PSIRAM..........| |
||
60 | 00000010 00 00 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 |................| |
||
61 | 00000020 45 42 4c 00 00 00 00 00 00 00 00 00 00 f0 00 00 |EBL.............| |
||
62 | 00000030 00 00 00 60 00 90 01 00 00 00 00 00 00 00 00 00 |...`............| |
||
63 | 00000040 4d 41 49 4e 00 00 00 00 00 00 00 00 00 80 02 00 |MAIN............| |
||
64 | 00000050 00 00 30 60 00 78 9d 00 00 00 00 00 00 00 00 00 |..0`.x..........| |
||
65 | 00000060 53 45 43 50 41 43 4b 00 00 00 00 00 00 f8 9f 00 |SECPACK.........| |
||
66 | 00000070 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 |................| |
||
67 | 00000080 4e 56 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 |NV..............| |
||
68 | 00000090 00 00 e8 60 00 00 20 00 00 00 00 00 00 00 00 00 |...`.. .........| |
||
69 | 000000a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| |
||
70 | * |
||
71 | [...] |
||
72 | </pre> |
||
73 | |||
74 | h3. Devices with a different partition table |
||
75 | |||
76 | * The devices with a Qualcomm modem like the GT-I9305 and the GT-N7105 have individual files inside the vfat modem partition. See the "Samsung_Midas_4G":https://osmocom.org/projects/quectel-modems/wiki/Samsung_Midas_4G on the quectel-modems osmocom project for more details. |
||
77 | |||
78 | h3. Unknown |
||
79 | |||
80 | We would need to get a device and dump the modem firmware to check, but given the offset of the PSIRAM, it probably contains the same header: |
||
81 | * Galaxy Note 8.0 |
||
82 | * GT-P5100 is untested but but it's probably similar to the GT-P3100 |