[R&D] Port SDCard Recovery to Other Exynos4412 Devices

AdamOutler · 02:47 AM

[R&D] Port SDCard Recovery to Other Exynos4412 Devices

This thread's purpose is to port the Boot from SD recovery from Galaxy S3 to other devices. Since there is no procedure, and I am performing the work, the final output will be named UnBrickable SD to follow along with my previous work with UnBrickable Mod.

Goals:

Obtain IROM Dump [100%]
The IROM contains information about the internal workings of the processor. We now have an Exynos 4412 IROM and IRAM dump which contains all information about booting procedures. Thanks to mdrjr for using his 4412 development board in UBOOT mode to pull the dumps.
Analyze IROM for boot-from-ExternalSD bit [100%]- In Progress
We've sucesfully booted from SDCard and run unsecure code.
Define General structures which may help to identify future boot-from-ExternalSD temp-mod [30%]
Once the memory location of the boot-from-ExternalSD pin is known, testing can occur and generalizations can be made.
Make an overlay template of the Exynos4412 processor [0%]
This overlay will make finding the pin on future Exynos4 devices easier. Requires removal of a processor from an Exynos device.
Find a way to make an UnBrickable Mod [10%]
This goal may be removed pending IROM analysis. We've booted from SDCard and run unsecure code.
Port to other devices
They will be listed here and this thread may be moved to Hardware Hacking eventually.
[ X ]Galaxy Camera http://forum.xda-developers.com/show....php?t=2023069
[ ]Galaxy Note 2 (All Variants)
[ ]Galaxy SIII (All Exynos variants other than i9300)
[ ]Meizu MX2

Initial information
Here's what I've been able to pull up about the device so far.

Exynos 4412 manual
http://com.odroid.com/sigong/nf_file...=&tag=&bid=118

How to recover an i9300 from bootloader failure
This can be used as a model for what is trying to be accomplished here. This will be reproduced, the goal is to identify the proper resistor on each device which is mentioned in the PDF below.
Samsung PDF: http://forum.xda-developers.com/atta...5&d=1341007899
Sboot for odin: http://forum.xda-developers.com/show...57&postcount=2

We may be looking for an XOM resistor
I believe the resistor triggers an XOM[] resistor (as Samsung calls them) or Boot Mode resisor. XOM resistors are responsible for switching on or off a register inside the processor which is cheked by IROM on each boot. When the array of XOM registers match a value, the processor is commanded to boot from a predetermined source such as OneNAND, EMMC, or USB. The XOM5 resistor on the Hummingbird (AKA Exynos3xxx) processor was responsible for boot-from-USB mode and enabled UnBrickable Mod to take shape with the elite assembly hacking from Rebellos.

This image shows the XOM[0] value. Unlike the Exynos3, XOM[0] does not control boot sequence. Until I saw this picture, I had hypothesized based upon my work with Exynos 42xx processors that the XOM[0] and XOM[6] registers control clocks. This image confirms it.

So, this narrows it down somewhat, but not much. Based on my previous work, we are likely looking for XOM[1...5],

The Memory
Here is an example from the Exynos42xx IROM which was decompiled into assembly, then converted into C and annotated properly by Ralekdev. http://pastie.org/private/p9x0yhcmegxjrxtkn6nxoq . The Exynos 42xx processor is very much different from the Exynos 3xxx processor. And to throw another monkey wrench into the gears, the Exynos 44xx processor is different from the 42xx processor in regards of this thread.

Here is the memory map pulled from the Exynos4412 processor. This shows the IROM location in which we are interested.

The Resistor
I can infer from the documentation that the resistor which is shorted is part of a voltage divider. The divider's operation causes the voltage to be either low or high normally and the shorting action causes the divider to swing the other direction. This divider may or may not be present on other Exynos devices as the feature is not documented, we cannot rely on this structure being there. The resistor will be there for sure, but it may not be as simple as shorting two contacts.

Current Tasks

Galaxy S2 (all variants except Skyrocket)
Galaxy Note 1 and 2 (non-qualcomm variants)

pandaball · 07:03 AM

I found this picture of the Exynos 4412 taken from a SGS3, with resistors. It gets cut out a bit on the top, but that's the best I managed to find.
http://www.chipworks.com/media/wpmu/...06/Exynos1.jpg

This one is from a development board; at first glance the resistors look different compared to the one above, but I'll link to it anyway:
http://www.cnx-software.com/wp-conte...CPU_module.jpg

And these two are for the motherboard:
Front: http://www.chipworks.com/media/wpmu/.../06/Board1.jpg
Back: http://www.chipworks.com/media/wpmu/.../06/Board2.jpg

Bologna · 12th November 2012, 09:49 AM

Always on great projects Adam

i9300 Irom dump Attached

Rebellos · 12th November 2012, 12:19 PM

Quote:

Originally Posted by Bologna

Always on great projects Adam

i9300 Irom dump Attached

Not sure if you've noticed. But dumps are empty

Why? It's protected memory area using ARM TrustZone and it's unreadable from kernel level. Someone with JTAG access could dump it before SBL gets executed. Or maybe there's some engineering version of bootloaders that doesn't block iROM in TZ.

Once again, Samsung decided to screw us.

AdamOutler · 13th November 2012, 07:48 PM

Hopefully droid 4412 has less security than gs3. http://odroid.foros-phpbb.com/t1671-irom-dump

mdrjr · 14th November 2012, 06:50 PM

as I said to adam on odroid forums.

I'll get in touch with him to help with that.

AdamOutler · 15th November 2012, 01:15 AM

I have a Meizu MX HK version(now my wife's phone) in front of me. I tried running viewmem on it..

Code:

shell@android:/data/local/tmp # ./viewmem 0x02020000 0x10000                   
[INFO] Reading 65536 bytes at 0x2020000...
[2] + Stopped (signal)     ./viewmem 0x02020000 0x10000 
[1] - Bus error            ./viewmem 0x02000000 0x10000 
shell@android:/data/local/tmp #

so then I tried from a UART prompt.

Code:

root@android:/data/local/tmp # ./viewmem 0x02020000 0x10000 
[INFO] Reading 65{0}[  100.815755] Unhandled fault: external abort on non-linefetch (0x018) at 0x400fc000
536 bytes at 0x2020000...
{0}[  101.126633] Unhandled fault: external abort on non-linefetch (0x018) at 0x400fc000
[1] + Stopped (signal)     ./viewmem 0x02020000 0x10000 
{0}[  101.417026] Unhandled fault: external abort on non-linefetch (0x018) at 0x400fc000
root@android:/data/local/tmp #

Rebellos, can you tell anything by these kernel messages? external abort on non-linefetch? These are kinda cryptic but I guess it's saying the input was aborted?

Anyway.. I then tried to analyze the bootloader messages...

Code:

OK

U-Boot 2010.12-svn_ver_6708 (Jun 13 2012 - 18:46:00) for MEIZU MX Oversea


CPU: S5PC220 [Samsung SOC on SMP Platform Base on ARM CortexA9]
APLL = 600MHz, MPLL = 800MHz
DRAM:  1023 MiB
TrustZone Enabled BSP
BL1 version: 20120510


Checking Boot Mode ... EMMC4.41
REVISION: 1.1
there are pending interrupts 0x00000001
NAME: S5P_MSHC4
eMMC OPEN Success.!!
                        !!!Notice!!!
!You must close eMMC boot Partition after all image writing!
!eMMC boot partition has continuity at image writing time.!
!So, Do not close boot partition, Before, all images is written.!
eMMC CLOSE Success.!!
eMMC OPEN Success.!!
                        !!!Notice!!!
!You must close eMMC boot Partition after all image writing!
!eMMC boot partition has continuity at image writing time.!
!So, Do not close boot partition, Before, all images is written.!
eMMC CLOSE Success.!!
MMC Device 0: 30432 MB
MMC Device 1 not found
NAME: S5P_MSHC4
*** Warning - using default environment

Not factory mode
CHARGE_MODE_BOOT
inform = 0x01000000
reconfig inform4 0x01000000
tiny_kernel_type = 0
Press ctrl+c to stop autoboot:  0 
reading kernel..device 0 Start 4096, Count 10240 
MMC read: dev # 0, block # 4096, count 10240 ... 10240 blocks read: OK
completed
reading RFS..device 0 Count 24576, Start 10240 
MMC read: dev # 0, block # 24576, count 10240 ... 10240 blocks read: OK
completed
eMMC OPEN Success.!!
                        !!!Notice!!!
!You must close eMMC boot Partition after all image writing!
!eMMC boot partition has continuity at image writing time.!
!So, Do not close boot partition, Before, all images is written.!
reading FWBL1 ..device 0 Start 0, Count 30 
MMC read: dev # 0, block # 0, count 30 ... 30 blocks read: OK
completed
eMMC CLOSE Success.!!
eMMC OPEN Success.!!
                        !!!Notice!!!
!You must close eMMC boot Partition after all image writing!
!eMMC boot partition has continuity at image writing time.!
!So, Do not close boot partition, Before, all images is written.!
reading FWBL1 ..device 0 Start 0, Count 30 
MMC read: dev # 0, block # 0, count 30 ... 30 blocks read: OK
completed
eMMC CLOSE Success.!!
Boot with zImage
## Loading init Ramdisk from Legacy Image at 41000000 ...
   Image Name:   ramdisk
   Image Type:   ARM Linux RAMDisk Image (uncompressed)
   Data Size:    331777 Bytes = 331777    Load Address: 40800000
   Entry Point:  40800000

Starting kernel ...

Starting kernel ...

Uncompressing Linux... done, booting the kernel.
{0}[    0.000000] Initializing cgroup subsys cpu
{0}[    0.000000] Linux version 3.0.15-oversea-svn7447 (root@cefanty-desktop) (gcc version 4.4.3 (GCC) ) #2 SMP PREEMPT2
{0}[    0.000000] CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c5387d
{0}[    0.000000] CPU: VIPT nonaliasing data cache, VIPT aliasing instruction cache
{0}[    0.000000] Machine: MX
{0}[    0.000000] Memory policy: ECC disabled, Data cache writealloc
{0}[    0.000000] Support Trustzone Feature
{0}[    0.000000] S3C24XX Clocks, Copyright 2004 Simtec Electronics
{0}[    0.000000] s3c_register_clksrc: clock audiocdclk has no registers set
{0}[    0.000000] audiocdclk: no parent clock specified
{0}[    0.000000] s3c_register_clksrc: clock armclk has no registers set
{0}[    0.000000] uclk1: source is mout_mpll_user (6), rate is 100000000
{0}[    0.000000] uclk1: source is mout_mpll_user (6), rate is 100000000
{0}[    0.000000] uclk1: source is mout_mpll_user (6), rate is 100000000
{0}[    0.000000] uclk1: source is mout_mpll_user (6), rate is 100000000
{0}[    0.000000] sclk_csis: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_csis: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_cam0: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_cam1: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_fimc: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_fimc: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_fimc: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_fimc: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_fimd: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_fimd: source is xusbxti (1), rate is 1500000
{0}[    0.000000] sclk_mfc: source is mout_mfc0 (0), rate is 50000000
{0}[    0.000000] sclk_g3d: source is mout_g3d0 (0), rate is 50000000
{0}[    0.000000] sclk_pwi: source is xusbxti (1), rate is 1500000
{0}[    0.000000] PERCPU: Embedded 5 pages/cpu @c185f000 s6848 r0 d13632 u32768
{0}[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 259842
{0}[    0.000000] Kernel command line: console=ttySAC3,115200n8 androidboot.console=ttySAC3
{0}[    0.000000] PID hash table entries: 4096 (order: 2, 16384 bytes)
{0}[    0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
{0}[    0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
{0}[    0.000000] Memory: 1023MB = 1023MB total
{0}[    0.000000] Memory: 873048k/873048k available, 174504k reserved, 293888K highmem
{0}[    0.000000] Virtual kernel memory layout:
{0}[    0.000000]     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
{0}[    0.000000]     fixmap  : 0xfff00000 - 0xfffe0000   ( 896 kB)
{0}[    0.000000]     DMA     : 0xfea00000 - 0xffe00000   (  20 MB)
{0}[    0.000000]     vmalloc : 0xee800000 - 0xf6000000   ( 120 MB)
{0}[    0.000000]     lowmem  : 0xc0000000 - 0xee000000   ( 736 MB)
{0}[    0.000000]     pkmap   : 0xbfe00000 - 0xc0000000   (   2 MB)
{0}[    0.000000]     modules : 0xbf000000 - 0xbfe00000   (  14 MB)
{0}[    0.000000]       .init : 0xc0008000 - 0xc003c000   ( 208 kB)
{0}[    0.000000]       .text : 0xc003c000 - 0xc06f8000   (6896 kB)
{0}[    0.000000]       .data : 0xc06f8000 - 0xc0765ce0   ( 440 kB)
{0}[    0.000000]        .bss : 0xc0765d04 - 0xc08a73f8   (1286 kB)
{0}[    0.000000] SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
{0}[    0.000000] Preemptible hierarchical RCU implementation.
{0}[    0.000000] NR_IRQS:456
{0}[    0.000000] Calibrating delay loop... 1195.21 BogoMIPS (lpj=2988032)
{0}[    0.060000] pid_max: default: 32768 minimum: 301
{0}[    0.060000] Mount-cache hash table entries: 512
{0}[    0.060000] Initializing cgroup subsys debug
{0}[    0.060000] Initializing cgroup subsys cpuacct
{0}[    0.060000] Initializing cgroup subsys freezer
{0}[    0.060000] CPU: Testing write buffer coherency: ok
{0}[    0.060000] CPU0: thread -1, cpu 0, socket 10, mpidr 80000a00
{0}[    0.060000] L310 cache controller enabled
{0}[    0.060000] l2x0: 16 ways, CACHE_ID 0x4100c4c8, AUX_CTRL 0x7e470001, Cache size: 1048576 B
{1}[    0.100000] CPU1: Booted secondary processor
{1}[    0.100000] CPU1: thread -1, cpu 1, socket 10, mpidr 80000a01
{2}[    0.130000] CPU2: Booted secondary processor
{2}[    0.130000] CPU2: thread -1, cpu 2, socket 10, mpidr 80000a02
{3}[    0.160000] CPU3: Booted secondary processor
{3}[    0.160000] CPU3: thread -1, cpu 3, socket 10, mpidr 80000a03
{0}[    0.170000] Brought up 4 CPUs
{0}[    0.170000] SMP: Total of 4 processors activated (4780.85 BogoMIPS).
{0}[    0.185000] print_constraints: dummy: 
{0}[    0.190000] NET: Registered protocol family 16
{0}[    0.190000] ram_console: ram_console_module_init
{0}[    0.190000] Registered chained gpio int handler for interrupt 111.
{0}[    0.190000] Registered interrupt support for gpio group 9.
{0}[    0.210000] ram_console: got buffer at 6dfd4000, size 1f000
{0}[    0.210000] ram_console: found existing buffer, size 47577, start 47577
{0}[    0.310000] console [ram-1] enabled
{0}[    0.310000] ram_console: Boot from: 1, software reboot, 12582925
{0}[    0.315000] ram_console: Boot stat:
{0}[    0.315000] ram_console: 0, fresh boot, 2147483649
{0}[    0.315000] ram_console: 1, software reboot, 12582925
{0}[    0.315000] ram_console: 2, oops reboot, 0
{0}[    0.315000] ram_console: 3, panic reboot, 0
{0}[    0.315000] ram_console: 4, halt reboot, 70368744177664
{0}[    0.315000] ram_console: 5, poweroff reboot, 1
{0}[    0.315000] ram_console: 6, kexec reboot, 0
{0}[    0.315000] ram_console: 7, emerg reboot, 18015223143202816
{0}[    0.315000] ram_console: 8, warm reset, 0
{0}[    0.315000] ram_console: 9, watchdog reset, 0
{0}[    0.315000] ram_console: 10, pin reset, 1
{0}[    0.315000] ram_console: 11, unknow reason, 0
{0}[    0.315000] S3C Power Management, Copyright 2004 Simtec Electronics
{0}[    0.320000] samsung-pd samsung-pd.0: power domain registered
{0}[    0.320000] samsung-pd samsung-pd.1: power domain registered
{0}[    0.320000] samsung-pd samsung-pd.2: power domain registered
{0}[    0.320000] samsung-pd samsung-pd.5: power domain registered
{0}[    0.320000] samsung-pd samsung-pd.4: power domain registered
{0}[    0.320000] samsung-pd samsung-pd.6: power domain registered
{0}[    0.320000] samsung-pd samsung-pd.7: power domain registered
{0}[    0.325000] samsung-pd samsung-pd.8: power domain registered
{0}[    0.325000] s3c24xx-pwm s3c24xx-pwm.0: tin at 100000000, tdiv at 100000000, tin=divclk, base 0
{0}[    0.325000] s3c24xx-pwm s3c24xx-pwm.1: tin at 100000000, tdiv at 100000000, tin=divclk, base 8
{0}[    0.325000] UMP: UMP device driver 7447 loaded
{0}[    0.365000] bio: create slab <bio-0> at 0
{0}[    0.365000] registered panel driver(ls040b3sx01) to mipi-dsi driver.
{0}[    0.365000] print_constraints: VDD_1.8V: 1800 mV 
{0}[    0.365000] print_constraints: DC_5V: 5000 mV 
{0}[    0.365000] print_constraints: VDD_3.3V: 3300 mV 
{0}[    0.365000] print_constraints: VDD_5.5V: 5500 mV 
{0}[    0.365000] print_constraints: SPDIF 1.8V: 1800 mV 
{0}[    0.365000] print_constraints: SENSOR_POWER 2.8V: 2800 mV 
{0}[    0.370000] print_constraints: iNAND_POWER 2.8V: 2800 mV 
{0}[    0.370000] print_constraints: HSIC_1.0V: 1000 mV 
{0}[    0.370000] print_constraints: VDD_1.0V: 1000 mV 
{0}[    0.370000] print_constraints: VDD_1.2V: 1200 mV 
{0}[    0.370000] print_constraints: VDD_1.2V: 1200 mV 
{0}[    0.370000] rdev_init_debugfs: VDD_1.2V: Failed to create debugfs directory
{0}[    0.375000] i2c-core: driver [bu26507-led] using legacy suspend method
{0}[    0.375000] i2c-core: driver [bu26507-led] using legacy resume method
{0}[    0.375000] SCSI subsystem initialized
{0}[    0.375000] usbcore: registered new interface driver usbfs
{0}[    0.375000] usbcore: registered new interface driver hub
{0}[    0.380000] usbcore: registered new device driver usb
{0}[    0.380000] i2c-gpio i2c-gpio.8: using pins 67 (SDA) and 74 (SCL)
{0}[    0.380000] i2c-gpio i2c-gpio.9: using pins 274 (SDA) and 275 (SCL)
{0}[    0.380000] i2c-gpio i2c-gpio.10: using pins 269 (SDA) and 270 (SCL)
{0}[    0.380000] i2c-gpio i2c-gpio.11: using pins 287 (SDA) and 288 (SCL)
{0}[    0.385000] i2c-gpio i2c-gpio.12: using pins 170 (SDA) and 169 (SCL)
{0}[    0.400000] bu26507_i2c_probe: doned
{0}[    0.400000] i2c-gpio i2c-gpio.13: using pins 77 (SDA) and 75 (SCL)
{0}[    0.400000] s3c-i2c s3c2440-i2c.0: i2c-0: S3C I2C adapter
{0}[    0.400000] s3c-i2c s3c2440-i2c.1: i2c-1: S3C I2C adapter
{0}[    0.400000] max77686 3-0009: device found, device_id = 2
{0}[    0.405000] max77686_irq_init+
{0}[    0.405000] max77686_irq_lock
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.405000] max77686_irq_lock
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.405000] max77686_irq_lock
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.405000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.410000] max77686_irq_lock
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.410000] max77686_irq_lock
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.410000] max77686_irq_lock
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.410000] max77686_irq_lock
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.410000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.415000] max77686_irq_lock
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.415000] max77686_irq_lock
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.415000] max77686_irq_lock
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.415000] max77686_irq_lock
{0}[    0.415000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.420000] max77686_irq_lock
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.420000] max77686_irq_lock
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.420000] max77686_irq_lock
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.420000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.425000] max77686_irq_lock
{0}[    0.425000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.425000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.425000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.425000] max77686_irq_lock
{0}[    0.425000] max77686_irq_sync_unlock: mask_reg[0]=0x4, cur=0xff
{0}[    0.425000] max77686_irq_sync_unlock: mask_reg[1]=0x5, cur=0xff
{0}[    0.425000] max77686_irq_sync_unlock: mask_reg[2]=0x1, cur=0xff
{0}[    0.425000] max77686_irq_init-
{0}[    0.430000] print_constraints: vdd_mif range: 850 <--> 1050 mV at 1050 mV 
{0}[    0.430000] print_constraints: vdd_arm range: 600 <--> 1400 mV at 1100 mV 
{0}[    0.435000] print_constraints: vdd_int range: 850 <--> 1037 mV at 1000 mV 
{0}[    0.435000] print_constraints: vdd_g3d range: 850 <--> 1200 mV at 1050 mV 
{0}[    0.435000] print_constraints: vdd_mem_on: 1200 mV 
{0}[    0.435000] print_constraints: vdd_1.35v: 1350 mV 
{0}[    0.435000] print_constraints: vdd_2.00v: 2000 mV 
{0}[    0.440000] print_constraints: vdd_2.80v: 2800 mV 
{0}[    0.440000] print_constraints: vdd_ldo1 range: 1000 mV 
{0}[    0.440000] print_constraints: vdd_ldo2 range: 1200 mV 
{0}[    0.440000] print_constraints: vdd_ldo3 range: 1800 mV 
{0}[    0.445000] print_constraints: vdd_ldo4 range: 2800 mV 
{0}[    0.445000] print_constraints: vdd_ldo6 range: 1000 mV 
{0}[    0.445000] print_constraints: vdd_ldo7 range: 1000 mV 
{0}[    0.450000] print_constraints: vdd_ldo11 range: 1800 mV 
{0}[    0.450000] print_constraints: vdd_ldo14 range: 1800 mV 
{0}[    0.450000] print_constraints: vdd_ldo22 range: 2800 mV 
{0}[    0.450000] print_constraints: CAM0_ISP_1.2V: 1200 mV 
{0}[    0.455000] print_constraints: CAM_1.8V: 1800 mV 
{0}[    0.455000] print_constraints: vdd_ldo8 range: 1000 mV 
{0}[    0.455000] print_constraints: GPS_1.8V: 1800 mV 
{0}[    0.455000] print_constraints: vdd_ldo10 range: 1800 mV 
{0}[    0.460000] print_constraints: vdd_ldo12 range: 3000 mV 
{0}[    0.460000] print_constraints: vdd_ldo13 range: 1800 mV 
{0}[    0.460000] print_constraints: vdd_ldo15 range: 1000 mV 
{0}[    0.465000] print_constraints: vdd_ldo16 range: 1800 mV 
{0}[    0.465000] print_constraints: CAM0_SENSOR_1.2V: 1200 mV 
{0}[    0.465000] print_constraints: vdd_ldo18 range: 1800 mV 
{0}[    0.465000] print_constraints: vdd_ldo19 range: 1800 mV 
{0}[    0.470000] print_constraints: vdd_ldo20 range: 1200 mV 
{0}[    0.470000] print_constraints: CAM1_2.8V: 2800 mV 
{0}[    0.470000] print_constraints: CAM0_SENSOR_2.7V: 2700 mV 
{0}[    0.475000] print_constraints: CAM0_AF_2.7V: 2700 mV 
{0}[    0.475000] print_constraints: vdd_ldo25 range: 2800 mV 
{0}[    0.475000] print_constraints: vdd_ldo26 range: 3000 mV 
{0}[    0.475000] print_constraints: 32KHZ_PMIC: 
{0}[    0.475000] s3c-i2c s3c2440-i2c.3: i2c-3: S3C I2C adapter
{0}[    0.480000] max77665 4-0066: device ID: 0x2
{0}[    0.495000] [drivers/regulator/max77665.c:643] pdata->num_regulators:6
{0}[    0.495000] [drivers/regulator/max77665.c:649] for in pdata->num_regulators:6
{0}[    0.500000] print_constraints: safeout1 range: at 4900 mV 
{0}[    0.500000] [drivers/regulator/max77665.c:649] for in pdata->num_regulators:6
{0}[    0.500000] print_constraints: safeout2 range: at 4900 mV 
{0}[    0.500000] [drivers/regulator/max77665.c:649] for in pdata->num_regulators:6
{0}[    0.500000] print_constraints: CHARGER: 60 <--> 2580 mA at 460 mA 
{0}[    0.500000] [drivers/regulator/max77665.c:649] for in pdata->num_regulators:6
{0}[    0.500000] print_constraints: FLASH LED: 15 <--> 1000 mA at 312 mA 
{0}[    0.505000] [drivers/regulator/max77665.c:649] for in pdata->num_regulators:6
{0}[    0.505000] print_constraints: TORCH LED: 15 <--> 250 mA at 15 mA 
{0}[    0.505000] [drivers/regulator/max77665.c:649] for in pdata->num_regulators:6
{0}[    0.505000] #### max77665_reverse_reg_disable
{0}[    0.505000] print_constraints: REVERSE: 
{0}[    0.505000] s3c-i2c s3c2440-i2c.4: i2c-4: S3C I2C adapter
{0}[    0.505000] s3c-i2c s3c2440-i2c.5: i2c-5: S3C I2C adapter
{0}[    0.510000] s3c-i2c s3c2440-i2c.6: i2c-6: S3C I2C adapter
{0}[    0.510000] s3c-i2c s3c2440-i2c.7: i2c-7: S3C I2C adapter
{0}[    0.510000] Advanced Linux Sound Architecture Driver Version 1.0.24.
{0}[    0.510000] 0-003e: A1028: load a1028_24m_soc_fw.bin
{0}[    0.515000] Bluetooth: Core ver 2.16
{0}[    0.515000] NET: Registered protocol family 31
{0}[    0.515000] Bluetooth: HCI device and connection manager initialized
{0}[    0.515000] Bluetooth: HCI socket layer initialized
{0}[    0.515000] Bluetooth: L2CAP socket layer initialized
{0}[    0.515000] Bluetooth: SCO socket layer initialized
{0}[    0.515000] Switching to clocksource mct-frc
{0}[    0.516593] Switched to NOHz mode on CPU #0
{2}[    0.517035] Switched to NOHz mode on CPU #2
{3}[    0.517047] Switched to NOHz mode on CPU #3
{1}[    0.517066] Switched to NOHz mode on CPU #1
{0}[    0.519777] NET: Registered protocol family 2
{0}[    0.520532] IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
{0}[    0.522737] TCP established hash table entries: 131072 (order: 8, 1048576 bytes)
{0}[    0.525616] TCP bind hash table entries: 65536 (order: 8, 1572864 bytes)
{0}[    0.528280] TCP: Hash tables configured (established 131072 bind 65536)
{0}[    0.528574] TCP reno registered
{0}[    0.528790] UDP hash table entries: 512 (order: 3, 32768 bytes)
{0}[    0.529137] UDP-Lite hash table entries: 512 (order: 3, 32768 bytes)
{0}[    0.530125] NET: Registered protocol family 1
{0}[    0.530785] Trying to unpack rootfs image as initramfs...
{0}[    0.561988] Freeing initrd memory: 324K
{0}[    0.562479] PMU: registered new PMU device of type 0
{0}[    0.562939] A1028: starting to load fw ...
{3}[    0.565431] input: wakeup_assist as /devices/platform/wakeup_assist.0/input/input0
{3}[    0.566214] gps successfully probed!
{3}[    0.567334] [BT] Device Powering ON
{3}[    0.720484] [BT] Device Powering OFF
{3}[    0.720753] [BT] driver loaded!
{3}[    0.722616] Loaded driver for PL330 DMAC-0 s3c-pl330
{3}[    0.722913]       DBUFF-64x8bytes Num_Chans-8 Num_Peri-1 Num_Events-32
{3}[    0.723311] Loaded driver for PL330 DMAC-1 s3c-pl330
{3}[    0.723607]       DBUFF-32x4bytes Num_Chans-8 Num_Peri-32 Num_Events-32
{3}[    0.723995] Loaded driver for PL330 DMAC-2 s3c-pl330
{3}[    0.724286]       DBUFF-32x4bytes Num_Chans-8 Num_Peri-32 Num_Events-32
{3}[    0.732479] highmem bounce pool size: 64 pages
{3}[    0.733138] ashmem: initialized
{3}[    0.753725] fuse init (API version 7.16)
{3}[    0.755545] msgmni has been set to 1131
{3}[    0.757968] io scheduler noop registered
{3}[    0.758179] io scheduler deadline registered
{3}[    0.758543] io scheduler cfq registered (default)
{3}[    0.761055] crc32: CRC_LE_BITS = 64, CRC_BE BITS = 64
{3}[    0.761345] crc32: self tests passed, processed 225944 bytes in 1119417 nsec
{3}[    0.762677] crc32c: CRC_LE_BITS = 64
{3}[    0.762967] crc32c: self tests passed, processed 225944 bytes in 557167 nsec
{3}[    0.764305] s5p-mipi-dsim s5p-mipi-dsim.0: lcd_drv->id = -1, lcd_dev->id = -1
{3}[    0.764604] s5p-mipi-dsim s5p-mipi-dsim.0: lcd_dev->bus_id = 0, dsim->id = 0
{0}[    0.805050] ls040b3sx01_probe finish
{0}[    0.819826] s5p-mipi-dsim s5p-mipi-dsim.0: DSI Master driver has been completed.
{0}[    0.820152] s5p-mipi-dsim s5p-mipi-dsim.0: DSI Master state is stop state
{0}[    0.839731] s5p-mipi-dsim s5p-mipi-dsim.0: mipi-dsi driver(RGB mode) has been probed.
{0}[    0.841069] s3cfb s3cfb.0: [fb2] dma: 0x6d574000, cpu: 0xee871000, size: 0x004b0000
{0}[    0.845902] s3cfb_draw_logo: draw mx logo:base=0xee871000, yres=960, xres=640, height=84, width=56
{0}[    0.931713] s3cfb s3cfb.0: parent clock: 800000000, vclk: 38725000, vclk div: 21
{0}[    0.932160] s3cfb s3cfb.0: registered successfully
{0}[    0.933575] s5pv210-uart.0: ttySAC0 at MMIO 0x13800000 (irq = 16) is a S3C6400/10
{0}[    1.045160] s5pv210-uart.1: ttySAC1 at MMIO 0x13810000 (irq = 20) is a S3C6400/10
{0}[    1.125155] s5pv210-uart.2: ttySAC2 at MMIO 0x13820000 (irq = 24) is a S3C6400/10
{0}[    1.205162] s5pv210-uart.3: ttySAC3 at MMIO 0x13830000 (irq = 28) is a S3C6400/10
{0}[    2.995911] console [ttySAC3] enabled

....
....

{0}[    3.199061] lis3dh: probe start.
{0}[    3.202563] lis3dh: hw init start
{0}[    3.211309] lis3dh: hw init done
{1}[    3.215570] input: lis3dh as /devices/platform/i2c-gpio.9/i2c-9/9-0019/input/input3
{1}[    3.223167] lis3dh 9-0019: lis3dh: probed
{1}[    3.228301] input: gyroscope as /devices/platform/i2c-gpio.11/i2c-11/11-0069/input/input4
{1}[    3.235577] l3g4200d_gyro_update_odr: poll_interval_us = 200000, set odr to 0
{0}[    3.245960] print_constraints: AVDD1: 2400 <--> 3100 mV 
{0}[    3.252340] print_constraints: DCVDD: 1000 <--> 1300 mV 
{0}[    3.273149] wm8994 0-001a: WM8958 revision B
{0}[    3.329504] wm8994 0-001a: No interrupt specified, no interrupts
{0}[    3.335742] i2c-core: driver [wm8994] using legacy suspend method
{0}[    3.340859] i2c-core: driver [wm8994] using legacy resume method
{0}[    3.348180] PPP generic driver version 2.4.2
{2}[    3.352260] PPP Deflate Compression module registered
{2}[    3.357000] PPP BSD Compression module registered
{2}[    3.362228] PPP MPPE Compression module registered
{2}[    3.366975] NET: Registered protocol family 24
{2}[    3.372116] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
{0}[    3.380422] s5p-ehci s5p-ehci: power on usb PHY
{0}[    3.383960] s5p-ehci s5p-ehci: Change USB MUX from Device to Host
{0}[    3.390564] s5p-ehci s5p-ehci: S5P EHCI Host Controller
{0}[    3.395796] s5p-ehci s5p-ehci: new USB bus registered, assigned bus number 1
{0}[    3.403320] s5p-ehci s5p-ehci: irq 134, io mem 0x12580000
{0}[    3.415073] s5p-ehci s5p-ehci: USB 0.0 started, EHCI 1.00
{0}[    3.419705] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
{0}[    3.426516] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
{0}[    3.434058] usb usb1: Product: S5P EHCI Host Controller
{0}[    3.439527] usb usb1: Manufacturer: Linux 3.0.15-oversea-svn7447 ehci_hcd
{0}[    3.446472] usb usb1: SerialNumber: s5p-ehci
{0}[    3.452121] hub 1-0:1.0: USB hub found
{0}[    3.454978] hub 1-0:1.0: 3 ports detected
{0}[    3.460175] Initializing USB Mass Storage driver...
{0}[    3.464690] usbcore: registered new interface driver usb-storage
{0}[    3.470608] USB Mass Storage support registered.
{3}[    3.476159] s3c-udc : S3C HS USB OTG Device Driver,(c) 2008-2009 Samsung Electronics
{3}[    3.476170] s3c-udc : version 15 March 2009
{3}[    3.492126] android_usb gadget: Mass Storage Function, version: 2009/09/11
{3}[    3.498016] android_usb gadget: Number of LUNs=1
{3}[    3.502953]  lun0: LUN: removable file: (no medium)
{3}[    3.508575] android_usb gadget: android_usb ready
{3}[    3.513022] Registered gadget driver 'android_usb'
{3}[    3.520388] input: gpio-keys as /devices/platform/gpio-keys.0/input/input5
{0}[    3.590260] A1028: fw load successfully 
{0}[    3.615070] A1028: set a1028 into Suspend mode
{0}[    3.645590] atmel_mxt_ts 6-004a: Family ID: 129 Variant ID: 1 Version: 16 Build: 170
{0}[    3.652345] atmel_mxt_ts 6-004a: Matrix X Size: 17 Matrix Y Size: 13 Object Num: 18
{0}[    3.663021] input: m03x_ts as /devices/platform/s3c2440-i2c.6/i2c-6/6-004a/input/input6
{2}[    3.670972] input: mx-touch-keypad as /devices/platform/s3c2440-i2c.6/i2c-6/6-004a/input/input7

......
.....

{0}[    4.270918] S3C2410 Watchdog Timer, (c) 2004 Simtec Electronics
{0}[    4.277442] s3c2410-wdt s3c2410-wdt: starting watchdog timer
{0}[    4.282705] s3c2410-wdt s3c2410-wdt: watchdog active, reset enabled, irq disabled
{2}[    4.290633] watchdog_thread: Enter into watchdog_thread


.........
.........

{0}[    5.505978] charger_work_func, charger_status:1
{0}[    5.510550] mxt_write_charger_param charger_status:1
{0}[    5.646850] EXT4-fs warning (device mmcblk0p2): ext4_clear_journal_err:4153: Filesystem error recorded from previe
{0}[    5.658134] EXT4-fs warning (device mmcblk0p2): ext4_clear_journal_err:4154: Marking fs in need of filesystem che.
{0}[    5.670484] EXT4-fs (mmcblk0p2): warning: mounting fs with errors, running e2fsck is recommended
{1}[    5.680379] EXT4-fs (mmcblk0p2): recovery complete
{1}[    5.685806] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null)
{1}[    5.694962] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null)
{1}[    5.711443] EXT4-fs (mmcblk0p3): mounted filesystem with ordered data mode. Opts: noauto_da_alloc
{3}[    5.752503] EXT4-fs (mmcblk0p4): mounted filesystem with ordered data mode. Opts: (null)
{1}[    5.826504] EXT4-fs (mmcblk0p5): mounted filesystem with ordered data mode. Opts: (null)
{3}[    5.834031] m6mo_mipi_cam_power():1
{1}[    5.993173] init: cannot find '/system/etc/install-recovery.sh', disabling 'flash_recovery'
{1}[    6.005965] adb_bind_config
{3}[    6.012931] warning: `adbd' uses 32-bit capabilities (legacy support in use)
{0}[    6.019652] adb_open
{3}[    6.072095] wm8994-codec wm8994-codec:  fw=  (null)!
root@android:/ #

I had to edit out parts of the above log. This UART device is /dev/ttySAC3, which i found interesting because on Samsung they are usually /dev/ttySAC2

This is a U-Boot device.. Amongst the messages I see press ... but ctrl+c does nothing at all. I can't get into the UART prompt. I suppose that inserting a custom U-Boot would render the TrustZone inoperative and then crash the device.. I don' t really know.. I don't have a way to recover yet either. So, any suggestions are appreciated.

AdamOutler · 04:46 AM

I have a binary. Over at the Odroid forum, someone was able to pull a dump from U-Boot under minicom. So i had a HexDump format. I wrote the following Java file to convert the hex dump to a binary

ConvertHexToBinary.java:

Code:

/*ConvertHexToBinary Converts UBOOT md.b hexdumps to a binary file 
  Usage: ConvertHexToBinary inputFile outputFolder
    Copyright (C) 2012  AdamOutler

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
import java.io.BufferedOutputStream;
import java.io.DataInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;

public class ConvertHexToBinary {
	static String inFile = "/home/adam/Desktop/minicom.txt";
	static String outFolder = "/home/adam/Desktop/";
	static String outFile = outFolder + "file.bin";
	static FileInputStream in = null;
	static BufferedOutputStream out = null;

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		try {
			if (args[0].length() > 1) {
				inFile = args[0];
				outFolder = args[1];
			}
		} catch (java.lang.ArrayIndexOutOfBoundsException ex) {
			System.out
					.println("Usage: ConvertHexToBinary inputFile outputFolder");
		}
		new ConvertHexToBinary().doit();
	}

	private void doit() {
		try {
			in = new FileInputStream(inFile);
		} catch (FileNotFoundException e) {
			e.printStackTrace();
		}

		try {
			out = new BufferedOutputStream(new FileOutputStream(outFile));
		} catch (FileNotFoundException e) {
			e.printStackTrace();
		}
		doConversion(in, out);
		System.exit(0);

	}

	private void doConversion(FileInputStream in, BufferedOutputStream out) {
		DataInputStream buffer = new DataInputStream(in);
		try {
			String s;
			while ((s = buffer.readLine()) != null) {
				System.out.println(s);
				if (s.startsWith("ODROID4412")) {
					out = new BufferedOutputStream(new FileOutputStream(
							outFolder + s.split(" ")[3]));
					continue;
				}
				s = s.split(": ")[1].split("    ")[0].replace(" ", "");
				byte[] data = hexStringToByteArray(s);
				for (int i = 0; i < data.length; i++) {
					System.out.print(data[i]);
					out.write(data[i]);
				}
			}
		} catch (IOException e) {
			e.printStackTrace();
		}
		return;
	}

	public static byte[] hexStringToByteArray(String s) {
		int len = s.length();
		byte[] data = new byte[len / 2];
		for (int i = 0; i < len; i += 2) {
			data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character
					.digit(s.charAt(i + 1), 16));
		}
		return data;
	}
}

The following are messages from inside the converted-from-UART-UBOOT-hex-to-binary file

Code:

SB20_CONTEXT
SB10
[UART BOOT] Fail, Can not receive data ack
[UART BOOT] Fail, Can not connect to DNW
[UART BOOT] Load boot binary and then press any key to download

Looks like we got what we need. Rebellos, Ralekdev, can you verify this?

Attatched is the original hexdump and the recombined binary using the above program for the first time. Also, i've attatched files by memory locations 0x02000000(IROM) and 0x02020000(IRAM).

Rebellos · 16th November 2012, 01:22 AM

@External abort on non-linefetch - this is for sure abort generated by ARM TZ subsystem when there's memory access request from non-secure to secure area.

@Dump -I can confirm this is full iROM dump. Just not sure if iRAM (containing iROM bss section and EBL+IBL) isn't somehow corrupted.

AdamOutler · 03:15 AM

I was hacking around in the memory on my Galaxy Camera(basically the same as an S3). By trial and error I found the lowest readable section of memory was 0x40000000. At that location I found this message:

Code:

ATconsole=ram loglevel=4 sec_debug.level=0 sec_watchdog.sec_pet=5 androidboot.debug_level=0x4f4c sec_log=0x200000@0x46000000 s3cfb.bootloaderfb=0x5ec00000 sysscope=0xee000000 lcdtype=0 consoleblank=0 lpcharge=0 lpj=3981312 vmalloc=144m oops=panic pmic_info=67 cordon=b4c230bbb3d4a1ecc04492a6e7fb7512 androidboot.emmc_checksum=3 androidboot.odin_download=80300280 androidboot.bootloader=GC100XXALJF androidboot.serialno=4208fcaa2cd59fc5 snd_soc_core.pmdown_time=1000

So i decided to check out the sec_log at 0x46000000. It appears to be a rolling log. It continually updates and contains several copies of the same information.

Here's a memory log of Bootloader+first bit of kernel. I'm used to seeing this information in UART. It's written to memory on this device:

Code:

PMIC rev = PASS2(4)
CHECK PWROFFSRC = 0x00 
CHECK RTC PWROFFSRC = 0x00 
[s5m8767] update LDO2 onoff[1]
[s5m8767] update LDO4 onoff[1]
[s5m8767] update LDO5 onoff[0]
[s5m8767] update LDO6 onoff[1]
[s5m8767] update LDO7 onoff[1]
[s5m8767] update LDO8 onoff[1]
[s5m8767] update LDO9 vol[1800]
[s5m8767] update LDO10 onoff[1]
[s5m8767] update LDO11 vol[1950], onoff[1]
[s5m8767] update LDO12 onoff[1]
[s5m8767] update LDO13 onoff[0]
[s5m8767] update LDO14 vol[1950], onoff[1]
[s5m8767] update LDO15 onoff[1]
[s5m8767] update LDO16 onoff[1]
[s5m8767] update LDO19 vol[1800], onoff[1]
[s5m8767] update LDO20 vol[3300]
[s5m8767] update LDO21 vol[3300]
[s5m8767] update LDO22 vol[2800]
[s5m8767] update LDO27 vol[1500]
cardtype: 0x00000007
SB_MMC_HS_52MHZ_1_8V_3V_IO
mmc->card_caps: 0x00000311
mmc->host_caps: 0x00000311
mmc_initialize: mmc->capacity = 15269888

Samsung S-Boot 4.0-413474 for EK-GC100_EUR_XX (Oct 27 2012 - 03:30:02)

EXYNOS4412(EVT 1.1) / 1023MB / 7456MB / Rev 11 / GC100XXALJF /(PKG_ID 0x19115008)

initialize_ddi_data: usable! (3:0xc)
PARAM ENV VERSION: v1.0..
init_fuelgauge: fuelgauge power ok
init_fuelgauge: not POR status
init_fuelgauge: is reset case, skip soc-cal.
get_table_soc: vcell(3663) is caculated to t-soc(2.897)
init_fuelgauge: start: vcell(3663), vfocv(3720), soc(19), table soc(2)
init_fuelgauge: finish: vcell(3663), vfocv(3720), soc(19), table soc(2)
init_microusb_ic: MUIC: CONTROL1:0x09
init_microusb_ic: MUIC: CONTROL1:0x09
init_microusb_ic: MUIC: CONTROL2:0x3e
init_microusb_ic: MUIC: CONTROL2:0x3e
====================
s5m8767 pmic register 
====================
ID = 0x05 
ONSRC = 0x01 
STATUS1 = 0x10 
STATUS2 = 0x10 
STATUS3 = 0x07 
IRQ1 = 0x0b 
IRQ2 = 0x3b 
IRQ3 = 0x00 
PWROFFSRC = 0x00 
PMIC_RTC_WTSR_SMPL_REG = 0x80
S5M8767_REG_BUCHG = 0x6f


s5p_check_keypad: 0x0
s5p_check_reboot_mode: INFORM3 = 12345670 ... skip
s5p_check_upload: MAGIC(0x0), RST_STAT(0x20000000)
s5p_check_download: 0
microusb_get_attached_device: STATUS1:0x3f, 2:0x41
check_pm_status: normal reset, do not enter LPM mode.
cmu_div:5, div:2, src_clk:800000000, pixel_clk:66765600
s6d6aa1_write :: retry: 1
s6d6aa1_write :: 0x11
Prev dlinfo Value : 80300280
Fail count : 0, Success count : 0, prev result : 3, Downloaded Partition : 280
Partition index table
BOOTLOADER : 0
TZSW : 1
PIT : 2
MD5HDR : 3
EFS : 4
PARAM : 5
BOOT : 6
RECOVERY : 7
RADIO : 8
CACHE : 9
SYSTEM : 10
HIDDEN : 11
USERDATA : 12
<start_checksum:394>CHECKSUM_HEADER_SECTOR :4096
<start_checksum:396>offset:50, size:6296
<start_checksum:400>CHECKSUM_HEADER_INFO : NeedChecksum:0 PartNo:17
Not Need Movinand Checksum
Movinand Checksum Confirmation Pass
load_kernel: loading boot image from 81920..
- read_bl1
pit_check_signature (BOOT) valid.
if_ddi_data: succeeded. (3:0xc)
ATAG_CORE: 5 54410001 0 0 0
ATAG_MEM: 4 54410002 10000000 40000000
ATAG_MEM: 4 54410002 10000000 50000000
ATAG_MEM: 4 54410002 10000000 60000000
ATAG_MEM: 4 54410002 ff00000 70000000
ATAG_SERIAL: 4 54410006 4208fcaa 2cd59fc5
ATAG_INITRD2: 4 54420005 42000000 82bde
ATAG_REVISION: 3 54410007 b
ATAG_CMDLINE: 76 54410009 'console=ram loglevel=4 sec_debug.level=0 sec_watchdog.sec_pet=5 androidboot.debug_level=0x4f4c sec_log=0x200000@0x46000000 s3cfb.bootloaderfb=0x5ec00000 sysscope=0xee000000 lcdtype=0 consoleblank=0 lpcharge=0 lpj=3981312 vmalloc=144m oops=panic pmic_info=67 cordon=b4c230bbb3d4a1ecc04492a6e7fb7512 androidboot.emmc_checksum=3 androidboot.odin_download=80300280 androidboot.bootloader=GC100XXALJF androidboot.serialno=4208fcaa2cd59fc5 snd_soc_core.pmdown_time=1000'
ATAG_NONE: 0 0

Starting kernel at 0x40008000...

SWITCH_SEL(3)
<6>[    0.000000] c0 Initializing cgroup subsys cpu
<5>[    0.000000] c0 Linux version 3.0.31-413474 (se.infra@SEP-131) (gcc version 4.4.3 (GCC) ) #1 SMP PREEMPT Sat Oct 27 03:30:48 KST 2012
<4>[    0.000000] c0 CPU: ARMv7 Processor [413fc090] revision 0 (ARMv7), cr=10c5387d
<4>[    0.000000] c0 CPU: VIPT nonaliasing data cache, VIPT aliasing instruction cache
<4>[    0.000000] c0 Machine: SMDK4x12
<6>[    0.000000] c0 cma: CMA: reserved 40 MiB at 50800000
<6>[    0.000000] c0 cma: CMA: reserved 16 MiB at 72000000
<6>[    0.000000] c0 Memory policy: ECC disabled, Data cache writealloc
<4>[    0.000000] c0 CPU EXYNOS4412 (id 0xe4412211)
<7>[    0.000000] c0 exynos4_init_clocks: initializing clocks
<6>[    0.000000] c0 S3C24XX Clocks, Copyright 2004 Simtec Electronics
<3>[    0.000000] c0 s3c_register_clksrc: clock audiocdclk has no registers set
<3>[    0.000000] c0 audiocdclk: no parent clock specified
<3>[    0.000000] c0 s3c_register_clksrc: clock armclk has no registers set
<7>[    0.000000] c0 exynos4_setup_clocks: registering clocks
<7>[    0.000000] c0 exynos4_setup_clocks: xtal is 24000000
<6>[    0.000000] c0 EXYNOS4: PLL settings, A=800000000, M=800000000, E=96000000 V=108000000
<6>[    0.000000] c0 EXYNOS4: ARMCLK=800000000, DMC=400000000, ACLK200=24000000
<6>[    0.000000] c0 ACLK160=160000000, ACLK133=133333333, ACLK100=100000000
<6>[    0.000000] c0 EXYNOS4: ACLK400=24000000 ACLK266=800000000
<6>[    0.000000] c0 uclk1: source is mout_mpll_user (6), rate is 200000000
<6>[    0.000000] c0 uclk1: source is mout_mpll_user (6), rate is 200000000
<6>[    0.000000] c0 uclk1: source is mout_mpll_user (6), rate is 200000000
<6>[    0.000000] c0 uclk1: source is mout_mpll_user (6), rate is 200000000
<6>[    0.000000] c0 sclk_csis: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_csis: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_cam0: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_cam1: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_fimc: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_fimc: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_fimc: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_fimc: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_fimd: source is mout_mpll_user (6), rate is 133333333
<6>[    0.000000] c0 sclk_fimd: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_mdnie: source is mout_mpll_user (6), rate is 133333333
<6>[    0.000000] c0 sclk_mdnie: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_mdnie_pwm: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_mdnie_pwm: source is xusbxti (1), rate is 1500000
<6>[    0.000000] c0 sclk_mfc: source is mout_mfc0 (0), rate is 50000000
<6>[    0.000000] c0 sclk_g3d: source is mout_g3d0 (0), rate is 50000000
<6>[    0.000000] c0 sclk_pwi: source is xusbxti (1), rate is 3000000
<6>[    0.000000] c0 S5P/CMA: Reserved 0x71700000/0x00800000 for 'fimd'
<6>[    0.000000] c0 S5P/CMA: Reserved 0x6f800000/0x01e60000 for 'fimc0'
<6>[    0.000000] c0 S5P/CMA: Reserved 0x6f700000/0x00100000 for 'srp'
<6>[    0.000000] c0 S5P/CMA: Reserved 0x5ec00000/0x01fa4000 for 'fimc1'
<6>[    0.000000] c0 S5P/CMA: Reserved 0x5e000000/0x00400000 for 'mfc-normal'
<6>[    0.000000] c0 S5P/CMA: Reserving 0xb800000 for secure region aligned by 0x8000000.
<6>[    0.000000] c0 S5P/CMA: Reserved 0x50000000/0x00400000 for 'sectbl'
<6>[    0.000000] c0 S5P/CMA: Reserved 0x50400000/0x03100000 for 'mfc-secure'
<6>[    0.000000] c0 S5P/CMA: Reserved 0x53500000/0x08300000 for 'ion'
<0>[    0.000000] c0 (sec_debug_set_upload_magic) 66262564
<0>[    0.000000] c0 (sec_debug_set_upload_cause) cafebabe
<7>[    0.000000] c0 On node 0 totalpages: 261888
<7>[    0.000000] c0 free_area_init_node: node 0, pgdat c08f6020, node_mem_map c0cf7000
<7>[    0.000000] c0   Normal zone: 1632 pages used for memmap
<7>[    0.000000] c0   Normal zone: 0 pages reserved
<7>[    0.000000] c0   Normal zone: 207264 pages, LIFO batch:31
<7>[    0.000000] c0   HighMem zone: 414 pages used for memmap
<7>[    0.000000] c0   HighMem zone: 52578 pages, LIFO batch:15
<6>[    0.000000] c0 sec_debug_magic_init: success reserving magic code area
<6>[    0.000000] c0 PERCPU: Embedded 7 pages/cpu @c14ff000 s6912 r8192 d13568 u32768
<7>[    0.000000] c0 pcpu-alloc: s6912 r8192 d13568 u32768 alloc=8*4096
<7>[    0.000000] c0 pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3 
<6>[    0.000000] c0 Built 1 zonelists in Zone order, mobility grouping on.Total pages: 259842
<5>[    0.000000] c0 Kernel command line: console=ram loglevel=4 sec_debug.level=0 sec_watchdog.sec_pet=5 androidboot.debug_level=0x4f4c sec_log=0x200000@0x46000000 s3cfb.bootloaderfb=0x5ec00000 sysscope=0xee000000 lcdtype=0 consoleblank=0 lpcharge=0 lpj=3981312 vmalloc=144m oops=panic pmic_info=67 cordon=b4c230bbb3d4a1ecc04492a6e7fb7512 androidboot.emmc_checksum=3 androidboot.odin_download=80300280 androidboot.bootloader=GC100XXALJF androidboot.serialno=4208fcaa2cd59fc5 snd_soc_core.pmdown_time=1000
<6>[    0.000000] c0 sec_log_setup: *sec_log_mag:4d474f4c *sec_log_ptr:56d916 sec_log_buf:fd200000 sec_log_size:2097152
<6>[    0.000000] c0 sec_log_save_old: saved old log at 131072@c151e120
<6>[    0.000000] c0 sec_getlog_supply_kloginfo: 0xc6000000
<6>[    0.000000] c0 battery_get_lpm_state: Low power charging mode: 0
<6>[    0.000000] c0 drivers/misc/max77693-muic.c get_if_pmic_inifo: switch_sel: 3 if_pmic_rev:4
<6>[    0.000000] c0 PID hash table entries: 4096 (order: 2, 16384 bytes)
<6>[    0.000000] c0 Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
<6>[    0.000000] c0 Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
<6>[    0.000000] c0 Memory: 1023MB = 1023MB total
<5>[    0.000000] c0 Memory: 740664k/740664k available, 306888k reserved, 211968K highmem
<5>[    0.000000] c0 Virtual kernel memory layout:
<5>[    0.000000] c0     vector  : 0xffff0000 - 0xffff1000   (   4 kB)
<5>[    0.000000] c0     fixmap  : 0xfff00000 - 0xfffe0000   ( 896 kB)
<5>[    0.000000] c0     DMA     : 0xfea00000 - 0xffe00000   (  20 MB)
<5>[    0.000000] c0     vmalloc : 0xf3800000 - 0xfc000000   ( 136 MB)
<5>[    0.000000] c0     lowmem  : 0xc0000000 - 0xf3000000   ( 816 MB)
<5>[    0.000000] c0     pkmap   : 0xbfe00000 - 0xc0000000   (   2 MB)
<5>[    0.000000] c0     modules : 0xbf000000 - 0xbfe00000   (  14 MB)
<5>[    0.000000] c0       .init : 0xc0008000 - 0xc003e000   ( 216 kB)
<5>[    0.000000] c0       .text : 0xc003e000 - 0xc079e000   (7552 kB)
<5>[    0.000000] c0       .data : 0xc079e000 - 0xc090a1a0   (1457 kB)
<5>[    0.000000] c0        .bss : 0xc090a1c4 - 0xc0cf60c8   (4016 kB)
<6>[    0.000000] c0 SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
<6>[    0.000000] c0 Preemptible hierarchical RCU implementation.
<6>[    0.000000] c0 NR_IRQS:501
<6>[    0.000000] c0 notifier_call_chain : NOTIFY BAD tick_notify
<6>[    0.000000] c0 Console: colour dummy device 80x30
<6>[    0.000000] c0 Calibrating delay loop (skipped) preset value.. 1592.52 BogoMIPS (lpj=3981312)
<6>[    0.000000] c0 pid_max: default: 32768 minimum: 301
<6>[    0.000000] c0 Mount-cache hash table entries: 512
<6>[    0.000000] c0 Initializing cgroup subsys debug
<6>[    0.000000] c0 Initializing cgroup subsys cpuacct
<6>[    0.000000] c0 Initializing cgroup subsys freezer
<6>[    0.000000] c0 CPU: Testing write buffer coherency: ok
<6>[    0.000000] c0 notifier_call_chain : NOTIFY BAD tick_notify
<6>[    0.000000] c0 notifier_call_chain : NOTIFY BAD tick_notify
<6>[    0.000000] c0 L310 cache controller enabled
<6>[    0.000000] c0 l2x0: 16 ways, CACHE_ID 0x4100c4c8, AUX_CTRL 0x7e470001, Cache size: 1048576 B
<4>[    0.030000] c1 CPU1: Booted secondary processor
<6>[    0.030000] c1 notifier_call_chain : NOTIFY BAD tick_notify
<4>[    0.060000] c2 CPU2: Booted secondary processor
<6>[    0.060000] c2 notifier_call_chain : NOTIFY BAD tick_notify
<4>[    0.090000] c3 CPU3: Booted secondary processor
<6>[    0.090000] c3 notifier_call_chain : NOTIFY BAD tick_notify
<6>[    0.100000] c0 Brought up 4 CPUs
<6>[    0.100000] c0 SMP: Total of 4 processors activated (6370.09 BogoMIPS).
<3>[    0.105000] c0 gpio: GPK0 has missing PM functions
<6>[    0.105000] c0 print_constraints: dummy: 
<6>[    0.110000] c0 NET: Registered protocol family 16
<7>[    0.110000] c0 migrating range 72000 72280, retry (0)
<6>[    0.125000] c0 DMA: preallocated 2560 KiB pool for atomic coherent allocations
<7>[    0.130000] c0 midas_config_gpio_table
<6>[    0.130000] c0 midas_power_init
<6>[    0.130000] c0 melfas-ts : GC TSP init() is called : [11]
<6>[    0.130000] c0 Registered chained gpio int handler for interrupt 110.
<6>[    0.130000] c0 Registered interrupt support for gpio group 25.
<6>[    0.130000] c0 melfas-ts : midas_tsp_init touch : 387
<6>[    0.130000] c0 Sound: start midas_sound_init
<6>[    0.130000] c0 Registered chained gpio int handler for interrupt 111.
<6>[    0.130000] c0 Registered interrupt support for gpio group 10.
<6>[    0.130000] c0 mipi_fb_init :: fb_platform_data.hw_ver = 0x70
<7>[    0.130000] c0 usb: smdk4212_usbgadget_init: default luns=0, new luns=2
<4>[    0.130000] c0 brcm_wlan_init: start
<4>[    0.130000] c0 brcm_init_wlan_mem: WIFI MEM Allocated
<4>[    0.130000] c0 -----------------------------------------------------
<4>[    0.130000] c0 -----------------------------------------------------
<4>[    0.130000] c0 -----------------------------------------------------
<4>[    0.130000] c0 regist ret:0
<3>[    0.130000] c0 ram_console: invalid start 0 or end 0
<6>[    0.140000] c0 Registered interrupt support for gpio group 7.
<6>[    0.145000] c0 exynos4_pmu_init: PMU supports 4412(96)
<6>[    0.145000] c0 S3C Power Management, Copyright 2004 Simtec Electronics
<6>[    0.145000] c0 EXYNOS4: Initializing architecture
<6>[    0.145000] c0 s3c-adc samsung-adc-v4: attached adc driver
<6>[    0.145000] c0 samsung-pd samsung-pd.0: power domain registered
<6>[    0.145000] c0 samsung-pd samsung-pd.1: power domain registered
<6>[    0.145000] c0 samsung-pd samsung-pd.2: power domain registered
<6>[    0.145000] c0 lcd0 disable skip only one time
<6>[    0.145000] c0 samsung-pd samsung-pd.5: power domain registered
<6>[    0.145000] c0 samsung-pd samsung-pd.4: power domain registered
<6>[    0.145000] c0 samsung-pd samsung-pd.6: power domain registered
<6>[    0.145000] c0 samsung-pd samsung-pd.7: power domain registered
<6>[    0.145000] c0 s3c24xx-pwm s3c24xx-pwm.0: tin at 100000000, tdiv at 100000000, tin=divclk, base 0
<6>[    0.145000] c0 s3c24xx-pwm s3c24xx-pwm.1: tin at 100000000, tdiv at 100000000, tin=divclk, base 8
<6>[    0.145000] c0 s3c24xx-pwm s3c24xx-pwm.2: tin at 100000000, tdiv at 100000000, tin=divclk, base 12
<6>[    0.145000] c0 s3c24xx-pwm s3c24xx-pwm.3: tin at 100000000, tdiv at 100000000, tin=divclk, base 16
<4>[    0.145000] c0 UMP: UMP device driver  loaded
<6>[    0.145000] c0 s5p-sysmmu s5p-sysmmu.15: Initialized for s5p-fimg2d.
<6>[    0.145000] c0 s5p-sysmmu s5p-sysmmu.1: Initialized for s3c-fimc.0.
<6>[    0.145000] c0 s5p-sysmmu s5p-sysmmu.2: Initialized for s3c-fimc.1.
<6>[    0.150000] c0 s5p-sysmmu s5p-sysmmu.3: Initialized for s3c-fimc.2.
<6>[    0.150000] c0 s5p-sysmmu s5p-sysmmu.4: Initialized for s3c-fimc.3.
<6>[    0.150000] c0 s5p-sysmmu s5p-sysmmu.5: Initialized for s5p-jpeg.
<6>[    0.150000] c0 s5p-sysmmu s5p-sysmmu.13: Initialized for s3c-mfc.
<6>[    0.150000] c0 s5p-sysmmu s5p-sysmmu.14: Initialized for s3c-mfc.
<6>[    0.150000] c0 s5p-sysmmu s5p-sysmmu.12: Initialized for s5p-tvout.
<6>[    0.175000] c0 bio: create slab <bio-0> at 0
<6>[    0.175000] c0 print_constraints: VBATT: 5000 mV 
<7>[    0.175000] c0 max77686_pmic_init
<5>[    0.180000] c0 SCSI subsystem initialized
<6>[    0.180000] c0 usbcore: registered new interface driver usbfs
<6>[    0.180000] c0 usbcore: registered new interface driver hub
<6>[    0.180000] c0 usbcore: registered new device driver usb
<6>[    0.180000] c0 i2c-gpio i2c-gpio.5: using pins 18 (SDA) and 19 (SCL)
<6>[    0.180000] c0 i2c-gpio i2c-gpio.8: using pins 115 (SDA) and 114 (SCL)
<4>[    0.180000] c0 i2c-gpio: probe of i2c-gpio.9 failed with error -16
<6>[    0.180000] c0 i2c-gpio i2c-gpio.10: using pins 151 (SDA) and 152 (SCL)
<6>[    0.180000] c0 i2c-gpio i2c-gpio.14: using pins 61 (SDA) and 60 (SCL)
<6>[    0.180000] c0 max77693_i2c_probe: device found: rev.0x4, ver.0x0
<6>[    0.250000] c0 max77693-safeout max77693-safeout: max77693_pmic_probe
<6>[    0.250000] c0 [drivers/regulator/max77693.c:488] pdata->num_regulators:3
<6>[    0.250000] c0 [drivers/regulator/max77693.c:494] for in pdata->num_regulators:3
<6>[    0.250000] c0 regulator regulator.2: func:max77693_reg_enable
<6>[    0.250000] c0 regulator regulator.2: func:max77693_get_rid
<6>[    0.250000] c0 regulator regulator.2: func:max77693_get_enable_register
<6>[    0.250000] c0 regulator regulator.2: func:max77693_get_voltage
<6>[    0.250000] c0 regulator regulator.2: func:max77693_get_rid
<6>[    0.250000] c0 regulator regulator.2: func:max77693_get_voltage_register
<6>[    0.250000] c0 regulator regulator.2: func:max77693_get_rid
<6>[    0.250000] c0 regulator regulator.2: func:max77693_list_voltage_safeout
<6>[    0.250000] c0 print_constraints: safeout1 range: at 4900 mV 
<6>[    0.250000] c0 [drivers/regulator/max77693.c:494] for in pdata->num_regulators:3
<6>[    0.250000] c0 regulator regulator.3: func:max77693_get_voltage
<6>[    0.250000] c0 regulator regulator.3: func:max77693_get_rid
<6>[    0.250000] c0 regulator regulator.3: func:max77693_get_voltage_register
<6>[    0.250000] c0 regulator regulator.3: func:max77693_get_rid
<6>[    0.250000] c0 regulator regulator.3: func:max77693_list_voltage_safeout
<6>[    0.250000] c0 print_constraints: safeout2 range: at 4900 mV 
<6>[    0.250000] c0 [drivers/regulator/max77693.c:494] for in pdata->num_regulators:3
<6>[    0.255000] c0 regulator regulator.4: func:max77693_reg_enable
<6>[    0.255000] c0 regulator regulator.4: func:max77693_get_rid
<6>[    0.255000] c0 regulator regulator.4: func:max77693_get_enable_register
<6>[    0.255000] c0 regulator regulator.4: func:max77693_get_voltage
<6>[    0.255000] c0 regulator regulator.4: func:max77693_get_rid
<6>[    0.255000] c0 regulator regulator.4: func:max77693_get_voltage_register
<6>[    0.255000] c0 regulator regulator.4: func:max77693_get_rid
<6>[    0.255000] c0 regulator regulator.4: func:max77693_list_voltage
<6>[    0.255000] c0 print_constraints: CHARGER: 60 <--> 2580 mA at 500 mA 
<6>[    0.255000] c0 i2c-gpio i2c-gpio.17: using pins 266 (SDA) and 267 (SCL)
<6>[    0.255000] c0 i2c-gpio i2c-gpio.21: using pins 72 (SDA) and 71 (SCL)
<6>[    0.255000] c0 s3c-i2c s3c2440-i2c.0: i2c-0: S3C I2C adapter
<6>[    0.255000] c0 s3c-i2c s3c2440-i2c.1: i2c-1: S3C I2C adapter
<6>[    0.255000] c0 s3c-i2c s3c2440-i2c.3: i2c-3: S3C I2C adapter
<6>[    0.255000] c0 s3c-i2c s3c2440-i2c.4: i2c-4: S3C I2C adapter
<7>[    0.260000] c0 s5m8767_pmic_probe: PMIC DEVICE ID=> 0x5
<6>[    0.260000] c0 print_constraints: vdd_mif range: 850 <--> 1100 mV at 1000 mV 
<6>[    0.260000] c0 print_constraints: vdd_arm range: 850 <--> 1500 mV at 1100 mV 
<6>[    0.260000] c0 print_constraints: vdd_int range: 850 <--> 1100 mV at 1000 mV 
<6>[    0.260000] c0 print_constraints: vdd_g3d range: 850 <--> 1075 mV at 1000 mV 
<6>[    0.265000] c0 print_constraints: CAM_ISP_1.2V: 1000 <--> 1200 mV at 1200 mV 
<6>[    0.265000] c0 print_constraints: VCC_1.8V_AP: 1800 mV 
<6>[    0.265000] c0 print_constraints: VMIPI_1.0V: 1000 mV 
<6>[    0.265000] c0 print_constraints: CAM_ISP_1.8V: 1800 mV 
<6>[    0.265000] c0 print_constraints: VMIPI_1.8V: 1800 mV 
<6>[    0.265000] c0 print_constraints: VABB1_1.95V: 1950 mV 
<6>[    0.265000] c0 print_constraints: VUOTG_3.0V: 3000 mV 
<6>[    0.270000] c0 print_constraints: VABB2_1.95V: 1950 mV 
<6>[    0.270000] c0 print_constraints: LCD_IO_1.8V: 1800 mV 
<6>[    0.270000] c0 print_constraints: TSP_AVDD_3.3V: 3300 mV 
<6>[    0.270000] c0 print_constraints: MOT_3.3V: 3300 mV 
<6>[    0.270000] c0 print_constraints: CAM_SENSOR_2.8V: 2800 mV 
<6>[    0.270000] c0 print_constraints: VTF_2.8V: 2800 mV 
<6>[    0.270000] c0 print_constraints: LED_3.3V: 3000 mV 
<6>[    0.270000] c0 print_constraints: CAM_SENSOR_CORE_1.2V: 1200 mV 
<6>[    0.275000] c0 print_constraints: CAM_SENSOR_1.8V: 1800 mV 
<6>[    0.275000] c0 print_constraints: OIS_1.5V: 1500 mV 
<6>[    0.275000] c0 print_constraints: TSP_VDD_1.8V: 1800 mV 
<6>[    0.275000] c0 s5m87xx 7-0066: S5M87xx MFD probe done!!! 
<6>[    0.275000] c0 s3c-i2c s3c2440-i2c.7: i2c-7: S3C I2C adapter
<6>[    0.275000] c0 Advanced Linux Sound Architecture Driver Version 1.0.24.
<6>[    0.275000] c0 Bluetooth: Core ver 2.16
<6>[    0.275000] c0 NET: Registered protocol family 31
<6>[    0.275000] c0 Bluetooth: HCI device and connection manager initialized
<6>[    0.275000] c0 Bluetooth: HCI socket layer initialized
<6>[    0.275000] c0 Bluetooth: L2CAP socket layer initialized
<6>[    0.275000] c0 Bluetooth: SCO socket layer initialized
<6>[    0.275000] c0 cfg80211: Calling CRDA to update world regulatory domain
<6>[    0.280000] c0 Switching to clocksource mct-frc
<6>[    0.280284] c3 Switched to NOHz mode on CPU #3
<6>[    0.280313] c2 Switched to NOHz mode on CPU #2
<6>[    0.280350] c1 Switched to NOHz mode on CPU #1
<6>[    0.284927] c0 Switched to NOHz mode on CPU #0
<6>[    0.293415] c0 NET: Registered protocol family 2
<6>[    0.293660] c0 IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
<6>[    0.294418] c0 TCP established hash table entries: 131072 (order: 8, 1048576 bytes)
<6>[    0.296345] c0 TCP bind hash table entries: 65536 (order: 7, 786432 bytes)
<6>[    0.297451] c0 TCP: Hash tables configured (established 131072 bind 65536)
<6>[    0.297489] c0 TCP reno registered
<6>[    0.297517] c0 UDP hash table entries: 512 (order: 2, 16384 bytes)
<6>[    0.297579] c0 UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
<6>[    0.298063] c0 NET: Registered protocol family 1
<6>[    0.298241] c0 Trying to unpack rootfs image as initramfs...
<6>[    0.334760] c0 Freeing initrd memory: 520K
<6>[    0.334885] c0 PMU: registered new PMU device of type 0
<6>[    0.335133] c0 Exynos4 : ARM Clock down on idle mode is enabled
<7>[    0.336956] c0 gps_bcm475x_init - system_rev : b
<6>[    0.336986] c0 accel_gpio_init
<6>[    0.337011] c0 gyro_gpio_init
<6>[    0.337202] c0 i2c 1-0019: i2c_add_devices - added lsm330dlc_accel successfully
<6>[    0.337390] c0 i2c 1-006b: i2c_add_devices - added lsm330dlc_gyro successfully
<6>[    0.337430] c0 ak8963c_gpio_init
<6>[    0.337471] c0 Registered interrupt support for gpio group 11.
<6>[    0.337659] c0 i2c 10-000c: i2c_add_devices - added ak8963 successfully
<6>[    0.338703] c0 wake enabled for irq 374
<6>[    0.338921] c0 sec-thermistor sec-thermistor: sec_therm_probe: SEC Thermistor Driver Loading
<7>[    0.339373] c0 migrating range 72280 72281, retry (0)
<6>[    0.348796] c0 Loaded driver for PL330 DMAC-0 s3c-pl330
<6>[    0.348831] c0 	DBUFF-64x8bytes Num_Chans-8 Num_Peri-1 Num_Events-32
<7>[    0.349031] c0 migrating range 72281 72282, retry (0)
<6>[    0.358443] c0 Loaded driver for PL330 DMAC-1 s3c-pl330
<6>[    0.358478] c0 	DBUFF-32x4bytes Num_Chans-8 Num_Peri-32 Num_Events-32
<7>[    0.358689] c0 migrating range 72282 72283, retry (0)
<6>[    0.367915] c0 Loaded driver for PL330 DMAC-2 s3c-pl330
<6>[    0.367950] c0 	DBUFF-32x4bytes Num_Chans-8 Num_Peri-32 Num_Events-32
<4>[    0.373533] c0 highmem bounce pool size: 64 pages