OMAPBootrom » History » Version 8
Denis 'GNUtoo' Carikli, 03/29/2020 12:24 AM
1 | 1 | Denis 'GNUtoo' Carikli | h1. OMAPBootrom |
---|---|---|---|
2 | |||
3 | 8 | Denis 'GNUtoo' Carikli | h2. Generic documentation |
4 | |||
5 | TODO: Read the various TRM and push the info to wikidata: |
||
6 | * check the various SOCs the sram size limit in the TRM. |
||
7 | * check the load address / memory mapping of MLO in case of USB boot or boot from eMMC in the TRM. |
||
8 | * Check mmc1 booting constraint (card size, look if < 4GiB works) in the TRM |
||
9 | |||
10 | Also: |
||
11 | * Read the TRM sections about SYS_BOOT and booting and document that, ideally write a tool for it, or upstream the code in some other tool. |
||
12 | |||
13 | 6 | Denis 'GNUtoo' Carikli | h2. Documentation |
14 | |||
15 | 2 | Denis 'GNUtoo' Carikli | The "droiddevelopers website":http://droiddevelopers.org has some information on trying to use bugs run free software on several Motorola devices. |
16 | |||
17 | | Device | SOC | |
||
18 | | "Motorola Milestone":https://en.wikipedia.org/wiki/Motorola_Milestone | OMAP 3430 | |
||
19 | 3 | Denis 'GNUtoo' Carikli | | "Motorola Milestone 2":https://en.wikipedia.org/wiki/Motorola_Milestone_2| OMAP 3630 | |
20 | 1 | Denis 'GNUtoo' Carikli | | "Motorola Defy (MB525)":https://en.wikipedia.org/wiki/Motorola_Defy | OMAP3630? | |
21 | 6 | Denis 'GNUtoo' Carikli | | Motorola Defy+ (MB526) | OMAP3 (which one?) | |
22 | |||
23 | That website has many information: |
||
24 | * It has documentation on the structure of signed MLOs |
||
25 | 2 | Denis 'GNUtoo' Carikli | |
26 | 7 | Denis 'GNUtoo' Carikli | TODO: |
27 | * Read droiddevelopers more to understand restricted boot better. |
||
28 | * Also the OMAP wiki might have some information on OMAP restricted boot. |
||
29 | * Also look if there is substancial information in the Technical Reference Manual (TRM) about fuses but that's unlikely. |
||
30 | |||
31 | 5 | Denis 'GNUtoo' Carikli | h2. Code |
32 | 1 | Denis 'GNUtoo' Carikli | |
33 | 7 | Denis 'GNUtoo' Carikli | * As march 2020, there are no fuses driver or code for any OMAP in either u-boot, Barebox, Linux, or crucible. |
34 | 1 | Denis 'GNUtoo' Carikli | * U-boot documentation mention TI tools that have to be obtained after signing an NDA |
35 | 7 | Denis 'GNUtoo' Carikli | * TODO: check if chipsec has infos on OMAP fuses |
36 | 5 | Denis 'GNUtoo' Carikli | |
37 | h2. Possible attacks |
||
38 | |||
39 | * Even if it's unlikely, once we understand the OMAP restricted boot better, we could check if some devices are signed but not in enforcing mode. |
||
40 | 4 | Denis 'GNUtoo' Carikli | |
41 | 1 | Denis 'GNUtoo' Carikli | h2. Links |
42 | |||
43 | * http://www.droid-developers.org : This attempts to run user code on several Motorolla smartphones. It includes analysis of the boot chain: |
||
44 | ** "Application_Processor_Boot_ROM":http://www.droid-developers.org/wiki/Application_Processor_Boot_ROM |
||
45 | ** "Booting_chain":http://www.droid-developers.org/wiki/Booting_chain |