Project

General

Profile

SamsungSerial » History » Revision 13

Revision 12 (Paul Kocialkowski, 09/11/2011 10:19 AM) → Revision 13/33 (Paul Kocialkowski, 09/11/2011 04:30 PM)

== Introduction == 
 This page contains information on how to work on a bootloader replacement. 

 == Informations == 
  * The [http://git.denx.de/cgi-bin/gitweb.cgi?p=u-boot.git;a=summary official u-boot source code] already has support for the S5PC110 SOC(system on a chip) that the Nexus S uses 
  * The S5PC110 has a bootrom 
  * The Nexus S has an usb port with an FSA9480 behind it 

 === Partitioning informations === 

 Here's a detailed output showing the partitioning of the NAND that you can obtain with {{{ heimdall print-pit }}} with the device in download mode (VOL+ and VOL- held at reboot): 
 {{{ 
 Entry Count: 16 
 Unknown 1: 0 
 Unknown 2: 0 
 Unknown 3: 0 
 Unknown 4: 0 
 Unknown 5: 0 
 Unknown 6: 0 
 Unknown 7: 0 
 Unknown 8: 0 


 --- Entry #0 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 0 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 1 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: IPBL 
 Filename: bootloader.img 


 --- Entry #1 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 1 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 7 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: SBL 
 Filename:  


 --- Entry #2 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 2 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 7 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: SBL2 
 Filename:  


 --- Entry #3 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 3 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 4 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: PARAM 
 Filename:  


 --- Entry #4 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 4 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 5 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: MISC 
 Filename:  


 --- Entry #5 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 5 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 32 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: BOOT 
 Filename: boot.img 


 --- Entry #6 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 6 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 32 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: RECOVERY 
 Filename: recovery.img 


 --- Entry #7 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 7 
 Partition Flags: 1 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 1878 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: CACHE 
 Filename: cache.img 


 --- Entry #8 --- 
 Unused: Yes 
 Partition Type: 0 (RFS) 
 Partition Identifier: 8 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 54 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: RADIO 
 Filename: radio.img 


 --- Entry #9 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 9 
 Partition Flags: 1 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 27 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: EFS 
 Filename:  


 --- Entry #10 --- 
 Unused: No 
 Partition Type: 0 (RFS) 
 Partition Identifier: 10 
 Partition Flags: 0 (R) 
 Unknown 1: 0 
 Partition Block Size: 256 
 Partition Block Count: 1 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: DGS 
 Filename: dgs.img 


 --- Entry #11 --- 
 Unused: No 
 Partition Type: 2 (EXT4) 
 Partition Identifier: 0 
 Partition Flags: 2 (R/W) 
 Unknown 1: 0 
 Partition Block Size: 512 
 Partition Block Count: 2048 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: PGPT 
 Filename: emmc.img 


 --- Entry #12 --- 
 Unused: No 
 Partition Type: 2 (EXT4) 
 Partition Identifier: 1 
 Partition Flags: 2 (R/W) 
 Unknown 1: 0 
 Partition Block Size: 512 
 Partition Block Count: 1048576 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: SYSTEM 
 Filename: system.img 


 --- Entry #13 --- 
 Unused: No 
 Partition Type: 2 (EXT4) 
 Partition Identifier: 2 
 Partition Flags: 2 (R/W) 
 Unknown 1: 0 
 Partition Block Size: 512 
 Partition Block Count: 2097152 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: USERDATA 
 Filename: userdata.img 


 --- Entry #14 --- 
 Unused: No 
 Partition Type: 2 (EXT4) 
 Partition Identifier: 3 
 Partition Flags: 2 (R/W) 
 Unknown 1: 0 
 Partition Block Size: 512 
 Partition Block Count: 33554432 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: MEDIA 
 Filename: media.img 


 --- Entry #15 --- 
 Unused: No 
 Partition Type: 2 (EXT4) 
 Partition Identifier: 4 
 Partition Flags: 2 (R/W) 
 Unknown 1: 0 
 Partition Block Size: 512 
 Partition Block Count: 33 
 Unknown 2: 0 
 Unknown 3: 0 
 Partition Name: SGPT 
 Filename:  
 }}} 

 == Serial Console == 

 It is possible to setup a serial console on the Nexus S. It will show: 
  * the 1st bootloader output 
  * the 2nd bootloader output 
  * the 2nd bootloader #2 output 
  * the fiq debugger 
  * (the kernel output if enabled) 

 === How to enable serial console === 

  * completely turn off the Nexus S 
  * attach the microUSB connector to the Nexus S 
  * wire GND and ID (from the microUSB connector) to a 150K resistor 
  * get an UART to USB module like this one: http://www.dealextreme.com/p/usb-to-uart-5-pin-cp2102-module-serial-converter-81872 
  * wire it following this table: 
 || UART to USB board output || resistor || microUSB connector(s) name(s) || microUSB wire color || 
 || N/A || 150K Ohm || ID and GND || ID not wired (the 5th connector that is unused), GND is black || 
 || 3.3V || N/A || V+ || red || 
 || GND || N/A || GND || black || 
 || Rx || N/A || D- || white || 
 || Tx || N/A || D+ || green || 

 '''Warning: the voltage to use is 3.3V and not 5V! Using 5V can cause serious damages to the UART component.''' 

 When the USB to UART module is connected to the host PC, a new tty node will be created on the host PC, usually {{{ /dev/ttyUSB0 }}}.  
 To read/write on the serial, you can use screen (or picocomm, or any other software that deals with serial consoles): 
 {{{ screen /dev/ttyUSB0 115200 }}} 
 115200 is the baud rate to use (certainly with most UART to USB board).  

 Photos: here's what it looks like when all setup: 

 Then, do a regular boot. You should see the second bootloader #2 output. To get the 1st and 2nd bootloaders output, press <enter> to get in fiq debugger and write "reboot" then <enter>. 


 Photos: here's what it looks like when all setup: 

 [[Image(http://download.paulk.fr/replicant/crespo/uart/uart_board.jpg)]] 

 The UART to USB board. USB is connected to the host PC, UART pins to the microUSB connector. 

 [[Image(http://download.paulk.fr/replicant/crespo/uart/nexuss_resistor.jpg)]] 

 The 150K resistor (two resistors here that make 150K together) soldered to the microUSB connector, that is attached to the Nexus S. 

 ''Note: it was done the quick and dirty way here, it's better to use a protoboard (prototyping board).''  

 [[Image(http://download.paulk.fr/replicant/crespo/uart/nexuss_global_text.jpg)]] 

 The USB cable that is connected to the Nexus S ends on the connectors attached to the UART to USB board. 
 ''Note: it was done the quick and dirty way here, it's better to use a protoboard (prototyping board).''  

 === Bootloaders outputs === 

 first bootloader: 
 {{{ 
 ----------------------------------------------------------- 
    Samsung Primitive Bootloader (PBL) v3.0 
    Copyright (C) Samsung Electronics Co., Ltd. 2006-2010 
 ----------------------------------------------------------- 

 Muxed OneNAND 512MB (0x50) Sync 
 Scanning Bad Block ....... 
 Bad Block 77 (5) 
 Bad Block 295 (5) 
 Bad Block 1232 (5) 
 Bad Block 1646 (5) 
 Bad Block 1831 (5) 
 Bad Block 2047 (0) 
 SBL loadding success 

 Set cpu clk. from 400MHz to 800MHz. 
 OM=0x9, device=OnenandMux(Audi) 
 IROM e-fused - Secure Boot Version. 
 }}} 

 second bootloader: 
 {{{ 
 ----------------------------------------------------------- 
    Samsung Secondary Bootloader (SBL) v3.0 
    Copyright (C) Samsung Electronics Co., Ltd. 2006-2010 

    Board Name: HERRING REV 52 
    Build On: Jan 20 2011 17:19:41 
 ----------------------------------------------------------- 

 MMC SEM16G 15188 MB 
 Re_partition: magic code(0x0) 
 Muxed OneNAND 512MB (0x50) Sync 
 Scanning Bad Block ....... 
 Bad Block 77 (5) 
 Bad Block 295 (5) 
 Bad Block 1232 (5) 
 Bad Block 1646 (5) 
 Bad Block 1831 (5) 
 Bad Block 2047 (0) 
 Partitions loading success 
 Read image(PARAM) from flash ....... 
 Done 
 init_fuel_gauge: vcell = 4083mV, soc = 94 
 PMIC_IRQ1      = 0xc0  
 PMIC_IRQ2      = 0x0  
 PMIC_IRQ3      = 0x0  
 PMIC_IRQ4      = 0x0  
 PMIC_STATUS1 = 0x0  
 PMIC_STATUS2 = 0x0  
 PMIC_STATUS3 = 0x0  
 PMIC_STATUS4 = 0x0  
 PMIC_STATUS5 = 0x0  
 PMIC_SMPL      = 0x0  
 Key scan = 0x0 
 message.command =  
 message.status =  
 message.recovery =  
 }}} 

 second bootloader #2: 
 {{{ 
 BOOT_MODE_NORMAL (SW_RST(0x00000004), INFORM(0x000000ee)) 
 LCD ID = 0x0060a953 
 Done 
 Kernel(boot.img) read success from partition no.5 
 Setting param.serialnr = 0x3733bab6 0x6de200ec 
 Setting param.board_rev = 0x34 
 Setting param.cmdline = console=ttyFIQ0 no_console_suspend androidboot.serialno=3733BAB66DE200EC androidboot.bootloader=I9020XXKA3 androidboot.baseband=I9020XXKB3 androidboot.info=0x4,0xee,1 androidboot.carrier=EUR gain_code=3 s3cfb.bootloaderfb=0x34a00000 mach-herring.lcd_type=0x00000000 oem_state=unlocked  
 Setting param.initrd_start = 0x31000000, param.initrd_size = 0x23265 

 Starting kernel at 0x30008000... 

 Uncompressing Linux... done, booting the kernel. 
 }}} 

 kernel 
 {{{ 
 <hit enter to activate fiq debugger> 
 }}} 

 == TODO == 
  * Look if [http://www.glassechidna.com.au/products/heimdall/ Heimdall] can talk to the bootrom 
  * Serial console: 
   * Use the correct resistors enabling the serial console on the FSA9480 
   * Mesure the voltage of the Nexus S serial port 
   * Make a level shifter to shift the serial port levels  
   * Cross compile microcom or picocom  
   * get a serial console 
  * Find the JTAG 
  * look if the first stage bootloader(after the bootrom) is signed