Project

General

Profile

SamsungSerial » History » Version 31

Wolfgang Wiedmeyer, 04/28/2017 01:40 PM
typos and formatting

1 16 Paul Kocialkowski
h2. Introduction
2
3 31 Wolfgang Wiedmeyer
This page contains information on how to get serial on at least the following phones:
4 26 Denis 'GNUtoo' Carikli
* Nexus S
5
* Galaxy Nexus
6 1 Denis 'GNUtoo' Carikli
7
8 31 Wolfgang Wiedmeyer
h2. Information
9 1 Denis 'GNUtoo' Carikli
10 16 Paul Kocialkowski
* The S5PC110 has a bootrom
11 31 Wolfgang Wiedmeyer
* The Nexus S has an USB port with an FSA9480 behind it
12 10 Paul Kocialkowski
13 16 Paul Kocialkowski
h2. Serial Console
14
15 10 Paul Kocialkowski
It is possible to setup a serial console on the Nexus S. It will show:
16 16 Paul Kocialkowski
* the 1st bootloader output
17
* the 2nd bootloader output
18
* the 2nd bootloader #2 output
19
* the fiq debugger
20
* (the kernel output if enabled)
21 10 Paul Kocialkowski
22 9 Paul Kocialkowski
23 16 Paul Kocialkowski
h3. How to enable serial console
24
25 31 Wolfgang Wiedmeyer
* Completely turn off the Nexus S
26
* Attach the microUSB connector to the Nexus S
27
* Wire GND and ID (from the microUSB connector) to a 150K resistor
28
* Get an UART to USB module like this one: http://www.dealextreme.com/p/usb-to-uart-5-pin-cp2102-module-serial-converter-81872
29
* Wire it following this table:
30 16 Paul Kocialkowski
31 17 Paul Kocialkowski
|_. UART to USB board output |_. Resistor |_. microUSB connector(s) name(s) |_. microUSB wire color |
32
| N/A | 150K Ohm | ID and GND | ID not wired (the 5th connector that is unused), GND is black |
33
| 3.3V | N/A | V+ | red |
34
| GND | N/A | GND | black |
35
| Rx | N/A | D- | white |
36
| Tx | N/A | D+ | green |
37
38 13 Paul Kocialkowski
*Warning: the voltage to use is 3.3V and not 5V! Using 5V can cause serious damages to the UART component.*
39 1 Denis 'GNUtoo' Carikli
40 16 Paul Kocialkowski
To read/write on the serial, you can use screen (or picocomm, or any other software that deals with serial consoles):
41
115200 is the baud rate to use (certainly with most UART to USB board). 
42 1 Denis 'GNUtoo' Carikli
43 13 Paul Kocialkowski
Then, do a regular boot. You should see the second bootloader #2 output. To get the 1st and 2nd bootloaders output, press <enter> to get in fiq debugger and write "reboot" then <enter>.
44
45
Photos: here's what it looks like when all setup:
46 28 Wolfgang Wiedmeyer
!serial_1145.jpeg!
47
!serial_1150.JPG!
48
!serial_1151.jpeg!
49 13 Paul Kocialkowski
50 29 Wolfgang Wiedmeyer
!uart_board.jpg!
51 13 Paul Kocialkowski
52
The UART to USB board. USB is connected to the host PC, UART pins to the microUSB connector.
53
54 29 Wolfgang Wiedmeyer
!nexuss_resistor.jpg!
55 1 Denis 'GNUtoo' Carikli
56
The 150K resistor (two resistors here that make 150K together) soldered to the microUSB connector, that is attached to the Nexus S.
57 16 Paul Kocialkowski
58 9 Paul Kocialkowski
_Note: it was done the quick and dirty way here, it's better to use a protoboard (prototyping board)._ 
59
60 29 Wolfgang Wiedmeyer
!nexuss_global_text.jpg!
61 9 Paul Kocialkowski
62 16 Paul Kocialkowski
The USB cable that is connected to the Nexus S ends on the connectors attached to the UART to USB board.
63 9 Paul Kocialkowski
64
_Note: it was done the quick and dirty way here, it's better to use a protoboard (prototyping board)._ 
65 16 Paul Kocialkowski
66
h3. Bootloaders outputs
67
68 24 Paul Kocialkowski
h4. Nexus S
69
70 9 Paul Kocialkowski
first bootloader:
71 16 Paul Kocialkowski
<pre>
72 9 Paul Kocialkowski
-----------------------------------------------------------
73
   Samsung Primitive Bootloader (PBL) v3.0
74 1 Denis 'GNUtoo' Carikli
   Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
75 9 Paul Kocialkowski
-----------------------------------------------------------
76
77
Muxed [[OneNAND]] 512MB (0x50) Sync
78 16 Paul Kocialkowski
Scanning Bad Block .......
79 9 Paul Kocialkowski
Bad Block 77 (5)
80
Bad Block 295 (5)
81
Bad Block 1232 (5)
82
Bad Block 1646 (5)
83
Bad Block 1831 (5)
84
Bad Block 2047 (0)
85
SBL loadding success
86
87
Set cpu clk. from 400MHz to 800MHz.
88
OM=0x9, device=OnenandMux(Audi)
89
IROM e-fused - Secure Boot Version.
90 16 Paul Kocialkowski
</pre>
91 9 Paul Kocialkowski
92 17 Paul Kocialkowski
second bootloader:51ea3aaa63e65b74b7386fe1365d7b52f4495c43
93 16 Paul Kocialkowski
<pre>
94 1 Denis 'GNUtoo' Carikli
-----------------------------------------------------------
95 9 Paul Kocialkowski
   Samsung Secondary Bootloader (SBL) v3.0
96
   Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
97
98
   Board Name: HERRING REV 52
99
   Build On: Jan 20 2011 17:19:41
100
-----------------------------------------------------------
101 1 Denis 'GNUtoo' Carikli
102
MMC SEM16G 15188 MB
103
Re_partition: magic code(0x0)
104 16 Paul Kocialkowski
Muxed [[OneNAND]] 512MB (0x50) Sync
105 1 Denis 'GNUtoo' Carikli
Scanning Bad Block .......
106
Bad Block 77 (5)
107
Bad Block 295 (5)
108
Bad Block 1232 (5)
109
Bad Block 1646 (5)
110
Bad Block 1831 (5)
111
Bad Block 2047 (0)
112
Partitions loading success
113 9 Paul Kocialkowski
Read image(PARAM) from flash .......
114
Done
115
init_fuel_gauge: vcell = 4083mV, soc = 94
116
PMIC_IRQ1    = 0xc0 
117
PMIC_IRQ2    = 0x0 
118
PMIC_IRQ3    = 0x0 
119
PMIC_IRQ4    = 0x0 
120
PMIC_STATUS1 = 0x0 
121
PMIC_STATUS2 = 0x0 
122
PMIC_STATUS3 = 0x0 
123
PMIC_STATUS4 = 0x0 
124
PMIC_STATUS5 = 0x0 
125
PMIC_SMPL    = 0x0 
126
Key scan = 0x0
127
message.command = 
128
message.status = 
129
message.recovery = 
130 16 Paul Kocialkowski
</pre>
131 9 Paul Kocialkowski
132
second bootloader #2:
133 16 Paul Kocialkowski
<pre>
134 9 Paul Kocialkowski
BOOT_MODE_NORMAL (SW_RST(0x00000004), INFORM(0x000000ee))
135
LCD ID = 0x0060a953
136
Done
137
Kernel(boot.img) read success from partition no.5
138
Setting param.serialnr = 0x3733bab6 0x6de200ec
139
Setting param.board_rev = 0x34
140
Setting param.cmdline = console=ttyFIQ0 no_console_suspend androidboot.serialno=3733BAB66DE200EC androidboot.bootloader=I9020XXKA3 androidboot.baseband=I9020XXKB3 androidboot.info=0x4,0xee,1 androidboot.carrier=EUR gain_code=3 s3cfb.bootloaderfb=0x34a00000 mach-herring.lcd_type=0x00000000 oem_state=unlocked 
141
Setting param.initrd_start = 0x31000000, param.initrd_size = 0x23265
142
143
Starting kernel at 0x30008000...
144
145 4 Denis 'GNUtoo' Carikli
Uncompressing Linux... done, booting the kernel.
146 16 Paul Kocialkowski
</pre>
147 4 Denis 'GNUtoo' Carikli
148
kernel
149 16 Paul Kocialkowski
<pre>
150 4 Denis 'GNUtoo' Carikli
<hit enter to activate fiq debugger>
151 24 Paul Kocialkowski
</pre>
152
153 25 Paul Kocialkowski
h4. Galaxy S
154
155
<pre>
156
-----------------------------------------------------------
157
   Samsung Primitive Bootloader (PBL) v3.0
158
   Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
159
-----------------------------------------------------------
160
161
+n1stVPN       2688 
162
+nPgsPerBlk    64 
163
PBL found bootable SBL: Partition(3).
164
165
Set cpu clk. from 400MHz to 800MHz.
166
OM=0x9, device=OnenandMux(Audi)
167
IROM e-fused - Non Secure Boot Version.
168
169
-----------------------------------------------------------
170
   Samsung Secondary Bootloader (SBL) v3.0
171
   Copyright (C) Samsung Electronics Co., Ltd. 2006-2010
172
173
   Board Name: ARIES REV 03
174
   Build On: Dec 29 2011 16:57:09
175
-----------------------------------------------------------
176
177
Re_partition: magic code(0x0)
178
[PAM:   ] ++FSR_PAM_Init
179
[PAM:   ]   OneNAND physical base address       : 0xb0000000
180
[PAM:   ]   OneNAND virtual  base address       : 0xb0000000
181
[PAM:   ]   OneNAND nMID=0xec : nDID=0x50
182
[PAM:   ] --FSR_PAM_Init
183
fsr_bml_load_partition: pi->nNumOfPartEntry = 12
184
partitions loading success
185
board partition information update.. source: 0x0
186
.Done.
187
read 1 units.
188
==== PARTITION INFORMATION ====
189
 ID         : IBL+PBL (0x0)
190
 ATTR       : RO SLC (0x1002)
191
 FIRST_UNIT : 0
192
 NO_UNITS   : 1
193
===============================
194
 ID         : PIT (0x1)
195
 ATTR       : RO SLC (0x1002)
196
 FIRST_UNIT : 1
197
 NO_UNITS   : 1
198
===============================
199
 ID         : EFS (0x14)
200
 ATTR       : RW STL SLC (0x1101)
201
 FIRST_UNIT : 2
202
 NO_UNITS   : 40
203
===============================
204
 ID         : SBL (0x3)
205
 ATTR       : RO SLC (0x1002)
206
 FIRST_UNIT : 42
207
 NO_UNITS   : 5
208
===============================
209
 ID         : SBL2 (0x4)
210
 ATTR       : RO SLC (0x1002)
211
 FIRST_UNIT : 47
212
 NO_UNITS   : 5
213
===============================
214
 ID         : PARAM (0x15)
215
 ATTR       : RW STL SLC (0x1101)
216
 FIRST_UNIT : 52
217
 NO_UNITS   : 20
218
===============================
219
 ID         : KERNEL (0x6)
220
 ATTR       : RO SLC (0x1002)
221
 FIRST_UNIT : 72
222
 NO_UNITS   : 30
223
===============================
224
 ID         : RECOVERY (0x7)
225
 ATTR       : RO SLC (0x1002)
226
 FIRST_UNIT : 102
227
 NO_UNITS   : 30
228
===============================
229
 ID         : FACTORYFS (0x16)
230
 ATTR       : RW STL SLC (0x1101)
231
 FIRST_UNIT : 132
232
 NO_UNITS   : 1146
233
===============================
234
 ID         : DBDATAFS (0x17)
235
 ATTR       : RW STL SLC (0x1101)
236
 FIRST_UNIT : 1278
237
 NO_UNITS   : 536
238
===============================
239
 ID         : CACHE (0x18)
240
 ATTR       : RW STL SLC (0x1101)
241
 FIRST_UNIT : 1814
242
 NO_UNITS   : 140
243
===============================
244
 ID         : MODEM (0xb)
245
 ATTR       : RO SLC (0x1002)
246
 FIRST_UNIT : 1954
247
 NO_UNITS   : 50
248
===============================
249
loke_init: j4fs_open success..
250
load_lfs_parameters valid magic code and version.
251
load_debug_level reading debug level from file successfully(0x574f4c44).
252
init_fuel_gauge: vcell = 4062mV, soc = 95
253
reading nps status file is successfully!.
254
nps status=0x504d4f43
255
PMIC_IRQ1    = 0x0 
256
PMIC_IRQ2    = 0x0 
257
PMIC_IRQ3    = 0x0 
258
PMIC_IRQ4    = 0x0 
259
PMIC_STATUS1 = 0x0 
260
PMIC_STATUS2 = 0x0 
261
get_debug_level current debug level is 0x574f4c44.
262
aries_process_platform: Debug Level Low
263
keypad_scan: key value ----------------->= 0x0
264
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48 
265
aries_process_platform: final s1 booting mode = 0
266
DISPLAY_PATH_SEL[MDNIE 0x1]is on
267
MDNIE setting Init start!!
268
vsync interrupt is off
269
video interrupt is off
270
[fb0] turn on
271
MDNIE setting Init end!!
272
273
Autoboot (0 seconds) in progress, press any key to stop 
274
get_debug_level current debug level is 0x574f4c44.
275
get_debug_level current debug level is 0x574f4c44.
276
boot_kernel: Debug Level Low
277
FOTA Check Bit 
278
 Read BML page=, NumPgs=
279
FOTA Check Bit (0xffffffff)
280
Load Partion idx = (6)
281
..............................done
282
Kernel read success from kernel partition no.6, idx.6.
283
setting param.serialnr=0x38301804 0xb3e900ec
284
setting param.board_rev=0x30
285
setting param.cmdline=console=ttySAC2,115200 loglevel=4
286
287
Starting kernel at 0x32000000...
288
</pre>
289
290 24 Paul Kocialkowski
h4. Galaxy Nexus 
291
292
<pre>
293
reading nps status file is successfully!.
294
nps status=0x504d4f43
295
PMIC_IRQ1    = 0x80 
296
PMIC_IRQ2    = 0x0 
297
PMIC_IRQ3    = 0x1 
298
PMIC_IRQ4    = 0x0 
299
PMIC_STATUS1 = 0x80 
300
PMIC_STATUS2 = 0x0 
301
get_debug_level current debug level is 0x574f4c44.
302
aries_process_platform: Debug Level Low
303
keypad_scan: key value ----------------->= 0x40
304
CONFIG_ARIES_REV:48 , CONFIG_ARIES_REV03:48 
305
aries_process_platform: final s1 booting mode = 0
306
DISPLAY_PATH_SEL[MDNIE 0x1]is on
307
MDNIE setting Init start!!
308
vsync interrupt is off
309
video interrupt is off
310
[fb0] turn on
311
MDNIE setting Init end!!
312
313
Autoboot (0 seconds) in progress, press any key to stop 
314
get_debug_level current debug level is 0x574f4c44.
315
get_debug_level current debug level is 0x574f4c44.
316
boot_kernel: Debug Level Low
317
FOTA Check Bit 
318
 Read BML page=, NumPgs=
319
FOTA Check Bit (0xffffffff)
320
Load Partion idx = (6)
321
..............................done
322
Kernel read success from kernel partition no.6, idx.6.
323
setting param.serialnr=0x38301804 0xb3e900ec
324
setting param.board_rev=0x30
325
setting param.cmdline=console=ttySAC2,115200 loglevel=4
326
327
Starting kernel at 0x32000000...
328 16 Paul Kocialkowski
</pre>
329 1 Denis 'GNUtoo' Carikli
330 18 Paul Kocialkowski
h2. JTAG
331 16 Paul Kocialkowski
332 18 Paul Kocialkowski
Here is the location and the description of the JTAG pins on the Nexus S board:
333 16 Paul Kocialkowski
334 30 Wolfgang Wiedmeyer
!jtag-pins.png!
335
!jtag-pins-desc.png!
336 18 Paul Kocialkowski
337 19 Paul Kocialkowski
JTAG was untested on the device so far. 
338 1 Denis 'GNUtoo' Carikli
339 19 Paul Kocialkowski
h2. Conclusions
340 1 Denis 'GNUtoo' Carikli
341 31 Wolfgang Wiedmeyer
* Heimdall mode is accessible but we didn't try to flash images with Heimdall
342 19 Paul Kocialkowski
* Serial can be set up and works
343 31 Wolfgang Wiedmeyer
* The bootrom (IROM) seems signed: @IROM e-fused@
344 19 Paul Kocialkowski
* JTAG is there but we didn't try it
345
346
*As the IROM is apparently signed, porting a free bootloader will most likely fail as Primary Boot Loader (PBL).*