FORUMS
Remove All Ads from XDA

[DEV] Building a custom kernel and kernel modules for stock kernel

83 posts
Thanks Meter: 71
 
Post Reply Email Thread
Since fire phone doesn't have a bootloader unlock at the moment. There is no point in building a custom kernel. But By building a kernel we can build kernel modules which work on the stock kernel. And yes you can load unsigned kernel modules without a problem since fire phone doesn't use tz apps to verify kernel modules like Samsung does.

Setup

Source
Download the fire phone sources for firmware 4.6.1 from here. And extract the platfrom.tar inside the archive to somewhere(KERNEL_DIR).

toolchain
You can use the android ndk from google, But it requires some setup. I'm using linaro toolchain from here. You can use compiler version 4.7, 4.8 or 4.9. Kernel I'm using (Firmware 4.6.3 - Linux 3.4-perf-g280c96c) is built with gcc-4.7. But I'm using this gcc-4.9. Download it, extract is somewhere(TOOLCHAIN_DIR) and add the $TOOLCHAIN_DIR/bin to your PATH. Theoretically you would be able to build the kernel on windows using Cygwin or MSYS tools but using Linux is better.

config
Connect your phone trough adb and run
Code:
adb pull /proc/config.gz
zcat config.gz > $KERNEL_DIR/kernel/qcom/3.4/.config
With this config you will run into some problems because of a missing "trapz_generated_kernel.h". I don't know if this is an auto generated file when they build android as a whole or amazon removed this explicitly(can they do that without violating GPL?). Anyway It looks trapz is some low level kernel debugging function(comment here if you know more about it). We can safely disable it. Open $KERNEL_DIR/kernel/qcom/3.4/.config in a text editor and change the lines
Code:
CONFIG_TRAPZ=y
CONFIG_TRAPZ_TP=y
CONFIG_TRAPZ_TRIGGER=y
CONFIG_HAVOK=y
to
Code:
#CONFIG_TRAPZ=y
#CONFIG_TRAPZ_TP=y
#CONFIG_TRAPZ_TRIGGER=y
#CONFIG_HAVOK=y
building
Now edit the $KERNEL_DIR/kernel/qcom/3.4/Makefile and add this changes

Code:
EXTRAVERSION = -perf-g280c96c
This is at the top of the makefile. If we don't add this, vermagic for the modules will differ from stock kernel and they won't load.

Quote:

ARCH=arm
CROSS_COMPILE=arm-linux-gnueabihf-

Here arm-linux-gnueabihf- is my cross compiler frefix. Look in $TOOLCHAIN_DIR/bin/ to find it.

Now cd into $KERNEL_DIR/kernel/qcom/3.4/ and do
Code:
make
The build will fail a few times complaining about missing headers. Most of the time it's just
Code:
#include <myheader.h>
instead of
Code:
#include "myheader.h"
Edit the source file where the build fails and change <>s to ""s. (maybe android ndk ignores the difference and include the headers anyway)

After kernel compiles, we are good to go. We can use this kernel sources to build kernel modules for stock kernel.

Kernel modules
To build the kernel modules, we basically need two things. An approximate kernel source and the Module.symvers file from the original kernel. We can get the Module.symvers file by building the complete kernel as explained above or Just extract it from our stock kernel.
To extract the Module.symvers from the stock kernel, extract the boot.img file from firmware update image. Get mkbootimg tools from here compile it and run
Code:
unmkbootimg --kernel zImage ---ramdisk ramdisk.cpio.gz -i boot.img
After you get the zImage. Download extract-symvers script from here and run
Code:
python2 extract-symvers.py -B 0xc0008000 zImage > Module.symvers
place this file in $KERNEL_DIR/kernel/qcom/3.4/ (You still have to do the changes mentioned above in kernel config and building section run make in the $KERNEL_DIR/kernel/qcom/3.4 and intrupt it after few seconds)

Now you can build loadable modules against this source. Here is a hello world kernel module.
Code:
//hello.c
#include<linux/module.h>
#include<linux/kernel.h>
#include<linux/init.h>

static int __init hello_start(void)
{
  printk("hello to the world from module");
  return 0;
}

static void __exit hello_end(void)
{
  printk("heloo exit");
}

module_init(hello_start);
module_exit(hello_end);
Code:
#Makefile
KERNEL_DIR=<your kernel dir>/kernel/qcom/3.4

obj-m := hello.o
PWD := $(shell pwd)

default:
	$(MAKE) ARCH=arm CROSS_COMPILE=armeb-linux-gnueabi- -C $(KERNEL_DIR) SUBDIRS=$(PWD) modules
Put this files in a folder and run make in it. Change the paths and cross compiler prefix according to your setup. and run make.
After the build push the hello.ko to the phone.
Code:
adb push hello.ko /sdcard/
adb shell
su
cd sdcard
insmod hello.ko
run dmesg and you'll see the message.

I'm currently trying to build kexec module from hashcode's sources and USB OTG modules.

I'm attaching a few thing helped me do this.
Attached Files
File Type: zip config_module_symvers_makefile.zip - [Click for QR Code] (137.4 KB, 370 views)
File Type: zip hello.zip - [Click for QR Code] (10.6 KB, 178 views)
File Type: gz config.gz - [Click for QR Code] (22.5 KB, 140 views)
The Following 16 Users Say Thank You to madushan1000 For This Useful Post: [ View ] Gift madushan1000 Ad-Free
8th September 2015, 04:33 AM |#2  
Member
Thanks Meter: 36
 
More
since they have released this version of the fire os they have to provide the source code
see
http://www.gnu.org/licenses/gpl-faq....cePostedPublic

you have just shown that the source code they releases for the kernel does not match the one used to build the kernel. This means it is a clear violation of the gpl and amazon is in breach and can be sued.

on another note.
are the drivers for the nfc and camera compiled as a module or into the kernel?
10th September 2015, 05:09 AM |#3  
OP Member
Flag Ratnapura
Thanks Meter: 71
 
Donate to Me
More
They have yet to provide 4.6.3 and 4.6.4 kernel sources too.

I don't know exactly but in order for NFC and camera to work drivers are required and they are in fact compiled into the kernel.
The problem we currently have with NFC and camera is proprietary hal (hardware abstraction libraries) They are a part of Android and does not subject to GPL. Amazon changed the original android way how hal works and didn't release the sources!

by looking at the kernel drivers maybe we would be able to implement hal from scratch. But I don't see that intense dev support for fire phone. If you are up for it camera sources are at $KERNEL_DIR/kernel/qcom/3.4/drivers/media/platform/msm/camera_v2/
The Following User Says Thank You to madushan1000 For This Useful Post: [ View ] Gift madushan1000 Ad-Free
11th September 2015, 07:29 AM |#4  
Moogagot's Avatar
Member
Thanks Meter: 18
 
More
Major MAJOR respect for all of you making the Fire Phone even better!
The Following User Says Thank You to Moogagot For This Useful Post: [ View ] Gift Moogagot Ad-Free
21st November 2015, 02:25 AM |#5  
Senior Member
Flag Somewhere over the rainbow!!
Thanks Meter: 179
 
More
@madushan1000

Could we do something like this to install a custom boot.img?

http://forum.xda-developers.com/opti...ocked-t3249828
30th December 2015, 07:49 PM |#6  
spudowiar's Avatar
Senior Member
Thanks Meter: 144
 
Donate to Me
More
I don't own this device but has anyone tried to see if kexec works?
31st December 2015, 05:37 AM |#7  
OP Member
Flag Ratnapura
Thanks Meter: 71
 
Donate to Me
More
Quote:
Originally Posted by spudowiar

I don't own this device but has anyone tried to see if kexec works?

Nope, I was working on it. But then I got a job. It will be sometime before I can start working on it again.
Okarin
8th February 2016, 09:21 PM |#8  
Guest
Thanks Meter: 0
 
More
Could someone please provide the config extracted from /proc/config.gz?
I can't find this on CM11 rom for some reason.
Okarin
9th February 2016, 06:16 PM |#9  
Guest
Thanks Meter: 0
 
More
Building the kernel now.

Some bugs are in the code and -Wall and gcc-wrapper.py escalate the warnings.
I wonder if those errors are there on purpose XD

helloworld.ko loaded successfully

I was able to execute kexec without anything. Just the binary.

Will keep you posted - this hacking might take a while to figure it all out.

I already have 3.4 kernel from the amazon sources.
I have the kexec userland program.
What is left is a loadable kexec kernel module (if that is possible at all).
The Following 2 Users Say Thank You to For This Useful Post: [ View ] Gift Ad-Free
10th February 2016, 07:11 AM |#11  
OP Member
Flag Ratnapura
Thanks Meter: 71
 
Donate to Me
More
Quote:
Originally Posted by Okarin

Are we even sure those Amazon Kernel Sources are correct?
Those errors caught by the wrapper scripts are giving me the creeps.

Git the kexec_load.ko build.

Currently hands on insmod.

Phone doesn't do a reboot any longer:
insmod kexec_load.ko

init_module(0xb6e6c008, 408241, "") = -1 ENOENT (No such file or directory)
write(2, "insmod: init_module '/sdcard/kex"..., 79insmod: init_module '/sdcard/kexec_load.ko' failed (No such file or directory)
) = 79
munmap(0xb6e6c000, 409600) = 0
mprotect(0xb6f8c000, 4096, PROT_READ|PROT_WRITE) = 0
mprotect(0xb6f8c000, 4096, PROT_READ) = 0
close(0) = 0
close(1) = 0
close(2) = 0
futex(0xb6f6cd74, FUTEX_WAKE_PRIVATE, 2147483647) = 0
munmap(0xb6f8c000, 4096) = 0
exit_group(-1) = ?

First goal is to get module loaded.

Goal reached:
kexec_load 27813 0 - Live 0x00000000 (O)
procfs_rw 12770 0 - Live 0x00000000 (O)
wlan 3793980 0 - Live 0x00000000 (O)

Shouldn't be functional at all..

I disabled some function calls just to get the module loaded.

The missing symbols are:
soft_restart
arch_kexec
machine_shutdown
And the version I use does some insane function hooking ..
More rework is needed.

[email protected]:/data/local # ./kexec /sdcard/vmlinux
kernel: 0xaf12d008 kernel_size: 7e1354c
unrecoverable error: could not scan "/proc/device-tree/": No such file or directory

<6>[ 97.681256] Kexec_load: Replacement... :
<6>[ 97.681344] kexec_load : my_syscall_table : c0106244
<6>[ 97.681405] kexec_load : kexec_load before replacement : c01b346c
<6>[ 97.681480] kexec_load : kexec_load after replacement : bf3a5650
<6>[ 97.681546] kexec_load : reboot before replacement : c01a83f0
<6>[ 97.681616] kexec_load : reboot after replacement : bf3a6348
<6>[ 97.681675] Kexec_load: End replacement... :
<6>[ 202.694691] Kexec: - Starting kexec_load...
<6>[ 202.694849] Kexec: - ---- kexec_load - result : '0'

It gets better:
255|[email protected]:/data/local # ./kexec --dtb=/sdcard/zImage-dtb /sdcard/vmlinux
kernel: 0xaf1b1008 kernel_size: 7e1354c
kexec-zImage-arm : dtb.img BEFORE CUT : Start : '0xae66f008' - Length : '0xb411e9' - End : '0xaf1b01f1'
Segmentation fault

More tomorrow.

Where are you getting your kexec module sources from? BTW try using the original amazon kernal binary the phone is shipped with (we are sure it works). Don't use the custom kernel for the kexec tests (We don't know the custom kernel actually works)
Post Reply Subscribe to Thread

Tags
fire phone, kernel, kexec, modules

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes