Project

General

Profile

OMAPBootrom » History » Version 8

Denis 'GNUtoo' Carikli, 03/29/2020 12:24 AM

1 1 Denis 'GNUtoo' Carikli
h1. OMAPBootrom
2
3 8 Denis 'GNUtoo' Carikli
h2. Generic documentation
4
5
TODO: Read the various TRM and push the info to wikidata:
6
* check the various SOCs the sram size limit in the TRM.
7
* check the load address / memory mapping of MLO in case of USB boot or boot from eMMC in the TRM.
8
* Check mmc1 booting constraint (card size, look if < 4GiB works) in the TRM
9
10
Also:
11
* Read the TRM sections about SYS_BOOT and booting and document that, ideally write a tool for it, or upstream the code in some other tool.
12
13 6 Denis 'GNUtoo' Carikli
h2. Documentation
14
15 2 Denis 'GNUtoo' Carikli
The "droiddevelopers website":http://droiddevelopers.org has some information on trying to use bugs run free software on several Motorola devices.
16
17
| Device | SOC |
18
| "Motorola Milestone":https://en.wikipedia.org/wiki/Motorola_Milestone | OMAP 3430 |
19 3 Denis 'GNUtoo' Carikli
| "Motorola Milestone 2":https://en.wikipedia.org/wiki/Motorola_Milestone_2| OMAP 3630 |
20 1 Denis 'GNUtoo' Carikli
| "Motorola Defy (MB525)":https://en.wikipedia.org/wiki/Motorola_Defy | OMAP3630? |
21 6 Denis 'GNUtoo' Carikli
| Motorola Defy+ (MB526) | OMAP3 (which one?) |
22
23
That website has many information:
24
* It has documentation on the structure of signed MLOs
25 2 Denis 'GNUtoo' Carikli
26 7 Denis 'GNUtoo' Carikli
TODO:
27
* Read droiddevelopers more to understand restricted boot better.
28
* Also the OMAP wiki might have some information on OMAP restricted boot.
29
* Also look if there is substancial information in the Technical Reference Manual (TRM) about fuses but that's unlikely.
30
31 5 Denis 'GNUtoo' Carikli
h2. Code
32 1 Denis 'GNUtoo' Carikli
33 7 Denis 'GNUtoo' Carikli
* As march 2020, there are no fuses driver or code for any OMAP in either u-boot, Barebox, Linux, or crucible.
34 1 Denis 'GNUtoo' Carikli
* U-boot documentation mention TI tools that have to be obtained after signing an NDA
35 7 Denis 'GNUtoo' Carikli
* TODO: check if chipsec has infos on OMAP fuses
36 5 Denis 'GNUtoo' Carikli
37
h2. Possible attacks
38
39
* Even if it's unlikely, once we understand the OMAP restricted boot better, we could check if some devices are signed but not in enforcing mode.
40 4 Denis 'GNUtoo' Carikli
41 1 Denis 'GNUtoo' Carikli
h2. Links
42
43
* http://www.droid-developers.org : This attempts to run user code on several Motorolla smartphones. It includes analysis of the boot chain:
44
** "Application_Processor_Boot_ROM":http://www.droid-developers.org/wiki/Application_Processor_Boot_ROM
45
** "Booting_chain":http://www.droid-developers.org/wiki/Booting_chain