[UTIL] Kexecboot Bootloader for Galaxy Note i717 - Boot Multiple Kernels

Search This thread

CalcProgrammer1

Senior Member
Oct 8, 2007
650
756
Kansas City
Well, it only took 2 years lol!

What is Kexec?

Kexec (kernel-execute) is a function of the Linux kernel that allows it to act as a bootloader to boot other kernels. Unfortunately, the standard implementation of kexec doesn't work quite right on most ARM devices due to poor driver support for hardware resets. The workaround is kexec-hardboot, a patch set that allows a kernel to be staged in RAM before performing an actual hardware reset through the phone's bootloader. Upon reboot the kexec-supporting kernel will check the magic location in RAM to see if a previously stored kernel is available, and if so, it will transfer execution to that kernel instead of booting itself.

Why use Kexec

It's a second-stage bootloader. The standard Android bootloader only allows two kernels to be installed at once - boot and recovery. This means that if you want a working recovery, you're only allowed one real OS kernel. If you want to dual-boot (or tri-boot or more) you're screwed. Kexec provides an answer to this. By replacing the boot kernel, kexec (with the kexecboot GUI) acts as a "second stage bootloader" allowing you to boot any number of kernels from any available storage devices. For instance, you have kexecboot in your boot partition and you can keep a kernel for Android installed in your Android system partition as well as an Ubuntu kernel and root filesystem on your SD card and be able to switch between Android and Ubuntu at boot time.

What is kexecboot

http://imgur.com/4GYomKX

Kexecboot is a graphical front-end for kexec. I have modified it to work with the kexec-hardboot patches. It scans all available storage devices for a boot.cfg file in which you define kernels, ramdisks, and kernel commandlines. You control it using volume up and down to move cursor, power to select.

Download

Get it here: https://mega.co.nz/#F!0ct3EaTD!wHWnGo1M_2smyKdzGMIYmw

The code

Kernel builder: https://github.com/CalcProgrammer1/kernel_quincyatt_kexec

This repository contains all the things you need to build a flashable kexecboot/kexec-hardboot enabled kernel image. It contains the ramdisk with the kexecboot binary and a script to package a flashable zip file. Included as submodules are the kernel source itself (kexec-hardboot branch, required to build the image) and the kexecboot source (optional, not used by default as you must build it using an ARM system, a pre-built binary is included if you don't want to build your own). The kernel source includes a defconfig called kexec_quincyatt_defconfig that sets the required config options for building a kexec-hardboot kernel.

Kexecboot Configuration File

Kexecboot replaces your boot kernel, so when you power up your phone it will go straight to the Kexecboot screen. The issue is now to provide kernels for kexecboot to boot into. This requires some work on your part, as you will have to store the kernel files (zImage and initrd) in a partition and write a configuration file to tell kexecboot where they are. This configuration file may contain multiple kernels, allowing you to have several different kernels available for the same OS or multiple OSes entirely. If you're coming from an Android system that distributes their kernel as a boot.img, you can use the abootimg program to extract it into a separate zImage and initrd.img binary.

The configuration file must be located on the path /boot/boot.cfg. This is relative to whatever partition/disk you are on, so for instance if you're setting up Android to boot from kexecboot, you would put your configuration file in /system/boot/boot.cfg (/data/boot/boot.cfg would work as well). You can also put a boot.cfg file on your SD card as long as you follow the /boot/boot.cfg path. Kexecboot automatically scans all available partitions for a boot.cfg file before it starts and builds a list of all available kernels across all detected boot.cfg files, so you may have Android in your /system partition and Debian on your SD card and both kernel lists will be shown together.

The Kexecboot web site provides a nice tutorial: http://kexecboot.org/documentation/how_to_write_config

The Note i717 bootloader passes a fairly long string of kernel arguments to the boot kernel. Since kexecboot overrides this for the kexec-booted kernel, you must provide this boot string in your boot.cfg file. Additionally, you may edit or add arguments to the command string here (such as setting console=tty0 instead of the default console=null so you can use the framebuffer console).

For example, here is my /system/boot/boot.cfg for CyanogenMod 11 (with kernel and initrd.img, extracted via abootimg, in /system/boot/)

Code:
# kexecboot configuration file

# CM11 default kernel
LABEL=CyanogenMod 11
KERNEL=/boot/zImage
INITRD=/boot/initrd.img
APPEND="androidboot.hardware=qcom usb_id_pin_rework=true no_console_suspend=true zcache sec_log=0x80000@0x40270008 sec_dbg=0x100000@0x402f000c sec_debug.reset_reason=0x1a2b3c00 pmem_sf_addr=0x7a000000 pmem_sf_size=0x6000000 console=null sec_debug.enable=0 sec_debug.enable_user=0 appsbark=0 msm_watchdog.enable=1 msm_watchdog.bark_time=30 msm_watchdog.bite_time=31 vmalloc=512m hw_rev=12 lpj=67702 androidboot.emmc=true androidboot.serialno=32c245ca androidboot.baseband=csfb"

I'm not sure how much of that you actually need, but you do need at least some of it because with an empty APPEND= it does not boot. You also do have to put the quotation marks around it or else parsing of one of the options will fail.
 
Last edited:

lactardjosh

Senior Member
Dec 25, 2010
554
298
I'll admit limited understanding of what you're accomplishing here, but seems to me that this could lead to dual booting on the Note. Nice work.

Good luck.
 
Last edited:

Jiggity Janx

Senior Member
Feb 19, 2010
1,397
286
Nice work! Thanks for the work you've done thus far. Unfortunately I have no way to help you out other than morale support! :highfive:
 

CalcProgrammer1

Senior Member
Oct 8, 2007
650
756
Kansas City
My main goal here is native Linux, but if kexec works then you can boot custom Android dev kernels, native Linux kernels, other mobile OS'es, etc. The SGSIII team seems to have found some interesting kexec solutions for the Verizon SGSIII due to its locked bootloader. They've posted a good deal of kexec patches which I'm trying to bring to the Note, including a custom kexec-hardboot option that fully reboots the device into the new kernel (apparently to make sure the radio and such are working).
 
J

juwttt

Guest
My main goal here is native Linux, but if kexec works then you can boot custom Android dev kernels, native Linux kernels, other mobile OS'es, etc. The SGSIII team seems to have found some interesting kexec solutions for the Verizon SGSIII due to its locked bootloader. They've posted a good deal of kexec patches which I'm trying to bring to the Note, including a custom kexec-hardboot option that fully reboots the device into the new kernel (apparently to make sure the radio and such are working).

Wonderful, wonderful work!!! :thumbup::thumbup::thumbup:

Sent from my SAMSUNG-SGH-I717 using xda premium
 

gregsarg

Senior Member
Apr 8, 2011
5,149
4,078
B.F.E.
Uh...It all sounded like this:
dual kernel (i'm gonna brick) kexec will allow (me to brick my phone).....with native linux applications ('im gonna brick my phone cause i'm stupid)....LOL

while i know what your doing, that in no way means i will ever understand it...LOL
But i will thank you in advance for what sounds like a sick mod for our notes...

Many thanks Dev !!!!
 

CalcProgrammer1

Senior Member
Oct 8, 2007
650
756
Kansas City
Kexec is actually (if done right) a good way *not* to brick your phone. To run kernels, you usually have to flash them to a restricted boot section of the memory, and if you flash all non-working kernels (to download, recovery, and main) then you have no way to use your phone, as it won't boot up. If you use kexec, your working kernel is safely stored on the boot partition and your development kernels can be wherever, and if it doesn't boot you can just hold down POWER to hard reboot into your good kernel.

The problem is that it doesn't seem to be working, I think I have the kexec support built properly but haven't been able to boot any kernels without it crashing.
 

gregsarg

Senior Member
Apr 8, 2011
5,149
4,078
B.F.E.
Kexec is actually (if done right) a good way *not* to brick your phone. To run kernels, you usually have to flash them to a restricted boot section of the memory, and if you flash all non-working kernels (to download, recovery, and main) then you have no way to use your phone, as it won't boot up. If you use kexec, your working kernel is safely stored on the boot partition and your development kernels can be wherever, and if it doesn't boot you can just hold down POWER to hard reboot into your good kernel.

The problem is that it doesn't seem to be working, I think I have the kexec support built properly but haven't been able to boot any kernels without it crashing.
I know you'll crack it ....
And when you do ....you'll be the galaxy note GOD !!!....LOL
your effort is much appreciated Sir ....even if I'm scared to use it , but will anyway ...lol
 

CalcProgrammer1

Senior Member
Oct 8, 2007
650
756
Kansas City
Ok, so long-time-no-see but I'm reviving this post! Now that my Note 3 is happily running Cyanogenmod I have no urgent need for my Note 1 and can hack on it!

So far I haven't gotten kexec working, but I do have:

1. Kexecboot (graphical kexec frontend) is working, detects OS images appropriately

2. Framebuffer Console (text-mode display, USB OTG keyboard supported for interactive command line)

3. Overriding bootloader command line (to enable the fbconsole you need console=tty1 but the bootloader passes console=null)

4. Framebuffer console rotation (boot up in landscape or portrait, no way to switch without recompiling at the moment)

5. Most of kexec-hardboot ported from the HP TouchPad port, no clue if it's promising or not as so far it just crashes after a while of nothing

6. Ubuntu 13.04 (desktop edition) rootfs installed on SD card in a chroot, also taken from HP TouchPad

What I'm working on:

1. Kexec-hardboot port (needed to use kexec properly and boot kernels)

2. Fixing fbconsole glitching (framebuffer console displays garbled text that slowly clears up, no clue why...reading /dev/fb0 repeatedly clears up the display immediately and is a dirty hack that works well enough for testing)

3. Networking (either USB Ethernet or integrated WiFi, going to try backported brcmfmac driver)

4. Ubuntu (that's the long-term plan here)

5. Note 3 S800 port if I get everything figured out here
 

Demmonnixx

Senior Member
Mar 20, 2013
180
60
Ok, so long-time-no-see but I'm reviving this post! Now that my Note 3 is happily running Cyanogenmod I have no urgent need for my Note 1 and can hack on it!

So far I haven't gotten kexec working, but I do have:

1. Kexecboot (graphical kexec frontend) is working, detects OS images appropriately

2. Framebuffer Console (text-mode display, USB OTG keyboard supported for interactive command line)

3. Overriding bootloader command line (to enable the fbconsole you need console=tty1 but the bootloader passes console=null)

4. Framebuffer console rotation (boot up in landscape or portrait, no way to switch without recompiling at the moment)

5. Most of kexec-hardboot ported from the HP TouchPad port, no clue if it's promising or not as so far it just crashes after a while of nothing

6. Ubuntu 13.04 (desktop edition) rootfs installed on SD card in a chroot, also taken from HP TouchPad

What I'm working on:

1. Kexec-hardboot port (needed to use kexec properly and boot kernels)

2. Fixing fbconsole glitching (framebuffer console displays garbled text that slowly clears up, no clue why...reading /dev/fb0 repeatedly clears up the display immediately and is a dirty hack that works well enough for testing)

3. Networking (either USB Ethernet or integrated WiFi, going to try backported brcmfmac driver)

4. Ubuntu (that's the long-term plan here)

5. Note 3 S800 port if I get everything figured out here

Long time in the making. Glad to see you're still at it. Hope you are able to get it working. Would be pretty cool. Good luck
 

AdShea

Member
Apr 27, 2012
16
3
If you can get this working up to kernel with freedreno I'd be all over working on getting Plasma Active onto this thing. I've missed having a real linux phone since my n900 died.
 
  • Like
Reactions: computerinfo21

CalcProgrammer1

Senior Member
Oct 8, 2007
650
756
Kansas City
Got Bluetooth working from the command line!

Code:
# rfkill unblock all
# hciattach /dev/ttyHS0 any
# hcitool scan

It detected my Note 3 which I had set to visible! Hopefully I can pair a BT keyboard with this and lose the USB OTG dependency. Still working on figuring out WiFi, I have the brcmfmac driver from 3.13 backports compiled and loaded but the WiFi chip isn't being detected so the driver never creates an interface for it. The chip is a Broadcom BCM4330 WiFi/Bluetooth chip, and although both WiFi and Bluetooth share the same chip they use different interfaces to the SoC (UART for BT and SDIO for WiFi).

I plan on doing more research into getting the hardware working before I do any more work on kexec. It will be much easier to debug kexec I think knowing how to use WiFi/BT/USB/etc. The only hardware I'm not going to attempt at all is the modem as I don't use this device as a phone anymore and don't have a SIM card in it. That said, all the rmnetX entries that I think are modem interfaces show in ifconfig -a so maybe it is working.

My kernel source is here:

https://github.com/CalcProgrammer1/ubuntu-kernel-quincyatt

The kexec branch will have the kexec hardboot patches once I figure them out. I've also got a folder set up with a script to automatically build the kernel zImage, build the modules, build the backport driver modules, build the ramdisk from a ramdisk root folder, build the boot.img, and then package that up in a flashable .zip. I'll upload parts of this system as I complete them. I also have an Ubuntu rootfs on my external ext4 (or was it 3?) SD card that I ripped straight off my TouchPad. For now I'm just using a busybox shell in my ramdisk, dropping out of kexecboot into ash, setting up a chroot for the SD card, and chrooting into the Ubuntu rootfs that way. It's not ideal since Ubuntu's init process doesn't run but it does allow me to run all the installed utilites from said rootfs.

Edit: Rii Mini Bluetooth Keyboard paired and working! It was a roundabout way of doing so because dbus and upstart don't work in chroot so I had to use an old package called bluez-compat which provides the hidd command. I sideloaded the .deb with a flash drive. The command to pair a keyboard:

Code:
# hcitool scan
Scanning ...
        XX:XX:XX:XX:XX:XX    Bluetooth device name

# hidd --connect XX:XX:XX:XX:XX:XX &

XX:XX:XX:XX:XX:XX will be a hex value that is your keyboard's address. You find the address with the scan command and enter it on the hidd command to connect. I didn't have to enter any kind of passcode or pairing key, after running hidd it just started working.

http://imgur.com/2sV3TJr
 
Last edited:
  • Like
Reactions: computerinfo21

CalcProgrammer1

Senior Member
Oct 8, 2007
650
756
Kansas City
I got it! I finally managed to get kexec hardboot working! I had to rewrite a bit of code in the kexecboot program to support kexec-hardboot better but I now have a bootloader that is working correctly, if slowly. I'll be posting my kernel source soon (it's a branch off of CyanogenMod's msm8660-common kernel) as well as my modifications to kexecboot itself. The kexec-tools binary I took out of the HP TouchPad port unmodified so I don't have the source for that (though it shouldn't be hard to find). I'll be looking into a Note 3 port soon, basically used the Note 1 as the guinea pig for this experiment.
 

dparrothead1

Senior Member
Mar 13, 2011
2,570
1,801
Florida
If, somehow, you could adapt this for the ATT Mega 6.3 so as to bypass the locked tight bootloater.....you would be considered a hero!! People would build statues of you....write songs and name their children after you!!!!!?

Sent from my SM-T310 using XDA Premium 4 mobile app
 

CalcProgrammer1

Senior Member
Oct 8, 2007
650
756
Kansas City
Unfortunately you require an unlocked bootloader to install the kexecboot kernel. This isn't going to be a magic bullet for locked bootloaders. People have tried. For devices with exploitable bootloaders, it may help as you won't have to fake-sign kexec-booted kernels though.
 

dparrothead1

Senior Member
Mar 13, 2011
2,570
1,801
Florida
Unfortunately you require an unlocked bootloader to install the kexecboot kernel. This isn't going to be a magic bullet for locked bootloaders. People have tried. For devices with exploitable bootloaders, it may help as you won't have to fake-sign kexec-booted kernels though.

Grasping at straws, My Friend. Hoping that maybe this could be something like SafeStrap and could be d/l and installed as an APK.

Sent from my SAMSUNG-SGH-I527 using XDA Premium 4 mobile app
 

CalcProgrammer1

Senior Member
Oct 8, 2007
650
756
Kansas City
Got Debian booting! I also figured out how to get WiFi working from a non-Android Linux OS so this is definitely on track towards a full desktop OS!

To-do:

* X server, preferably with Freedreno GPU driver eventually

* Audio (q6.* firmware files and possibly an ALSA config)

* Startup scripts for Bluetooth initialization

* Figure out how to rotate the screen
 

captemo

Senior Member
Jan 13, 2012
2,141
1,459
Kentucky
If, somehow, you could adapt this for the ATT Mega 6.3 so as to bypass the locked tight bootloater.....you would be considered a hero!! People would build statues of you....write songs and name their children after you!!!!!?

Sent from my SM-T310 using XDA Premium 4 mobile app

I wont be having anymore children to name, but I can do a dog. He is too stoopid to know the difference. I can say aluminum foil and he will come running.

Sent from my SAMSUNG-SGH-I527 using XDA Free mobile app
 

Top Liked Posts

  • There are no posts matching your filters.
  • 20
    Well, it only took 2 years lol!

    What is Kexec?

    Kexec (kernel-execute) is a function of the Linux kernel that allows it to act as a bootloader to boot other kernels. Unfortunately, the standard implementation of kexec doesn't work quite right on most ARM devices due to poor driver support for hardware resets. The workaround is kexec-hardboot, a patch set that allows a kernel to be staged in RAM before performing an actual hardware reset through the phone's bootloader. Upon reboot the kexec-supporting kernel will check the magic location in RAM to see if a previously stored kernel is available, and if so, it will transfer execution to that kernel instead of booting itself.

    Why use Kexec

    It's a second-stage bootloader. The standard Android bootloader only allows two kernels to be installed at once - boot and recovery. This means that if you want a working recovery, you're only allowed one real OS kernel. If you want to dual-boot (or tri-boot or more) you're screwed. Kexec provides an answer to this. By replacing the boot kernel, kexec (with the kexecboot GUI) acts as a "second stage bootloader" allowing you to boot any number of kernels from any available storage devices. For instance, you have kexecboot in your boot partition and you can keep a kernel for Android installed in your Android system partition as well as an Ubuntu kernel and root filesystem on your SD card and be able to switch between Android and Ubuntu at boot time.

    What is kexecboot

    http://imgur.com/4GYomKX

    Kexecboot is a graphical front-end for kexec. I have modified it to work with the kexec-hardboot patches. It scans all available storage devices for a boot.cfg file in which you define kernels, ramdisks, and kernel commandlines. You control it using volume up and down to move cursor, power to select.

    Download

    Get it here: https://mega.co.nz/#F!0ct3EaTD!wHWnGo1M_2smyKdzGMIYmw

    The code

    Kernel builder: https://github.com/CalcProgrammer1/kernel_quincyatt_kexec

    This repository contains all the things you need to build a flashable kexecboot/kexec-hardboot enabled kernel image. It contains the ramdisk with the kexecboot binary and a script to package a flashable zip file. Included as submodules are the kernel source itself (kexec-hardboot branch, required to build the image) and the kexecboot source (optional, not used by default as you must build it using an ARM system, a pre-built binary is included if you don't want to build your own). The kernel source includes a defconfig called kexec_quincyatt_defconfig that sets the required config options for building a kexec-hardboot kernel.

    Kexecboot Configuration File

    Kexecboot replaces your boot kernel, so when you power up your phone it will go straight to the Kexecboot screen. The issue is now to provide kernels for kexecboot to boot into. This requires some work on your part, as you will have to store the kernel files (zImage and initrd) in a partition and write a configuration file to tell kexecboot where they are. This configuration file may contain multiple kernels, allowing you to have several different kernels available for the same OS or multiple OSes entirely. If you're coming from an Android system that distributes their kernel as a boot.img, you can use the abootimg program to extract it into a separate zImage and initrd.img binary.

    The configuration file must be located on the path /boot/boot.cfg. This is relative to whatever partition/disk you are on, so for instance if you're setting up Android to boot from kexecboot, you would put your configuration file in /system/boot/boot.cfg (/data/boot/boot.cfg would work as well). You can also put a boot.cfg file on your SD card as long as you follow the /boot/boot.cfg path. Kexecboot automatically scans all available partitions for a boot.cfg file before it starts and builds a list of all available kernels across all detected boot.cfg files, so you may have Android in your /system partition and Debian on your SD card and both kernel lists will be shown together.

    The Kexecboot web site provides a nice tutorial: http://kexecboot.org/documentation/how_to_write_config

    The Note i717 bootloader passes a fairly long string of kernel arguments to the boot kernel. Since kexecboot overrides this for the kexec-booted kernel, you must provide this boot string in your boot.cfg file. Additionally, you may edit or add arguments to the command string here (such as setting console=tty0 instead of the default console=null so you can use the framebuffer console).

    For example, here is my /system/boot/boot.cfg for CyanogenMod 11 (with kernel and initrd.img, extracted via abootimg, in /system/boot/)

    Code:
    # kexecboot configuration file
    
    # CM11 default kernel
    LABEL=CyanogenMod 11
    KERNEL=/boot/zImage
    INITRD=/boot/initrd.img
    APPEND="androidboot.hardware=qcom usb_id_pin_rework=true no_console_suspend=true zcache sec_log=0x80000@0x40270008 sec_dbg=0x100000@0x402f000c sec_debug.reset_reason=0x1a2b3c00 pmem_sf_addr=0x7a000000 pmem_sf_size=0x6000000 console=null sec_debug.enable=0 sec_debug.enable_user=0 appsbark=0 msm_watchdog.enable=1 msm_watchdog.bark_time=30 msm_watchdog.bite_time=31 vmalloc=512m hw_rev=12 lpj=67702 androidboot.emmc=true androidboot.serialno=32c245ca androidboot.baseband=csfb"

    I'm not sure how much of that you actually need, but you do need at least some of it because with an empty APPEND= it does not boot. You also do have to put the quotation marks around it or else parsing of one of the options will fail.
    4
    I finally figured out how to properly reset the phone! No more waiting 30+ seconds for the watchdog timer to throw the reset switch now. It reboots almost instantly after hitting the go button. Uploading the changes to the kernel and will post a new build soon.

    Edit: New build up, and I fixed the broken colors as well!

    I should dust off the i717 and try her out. Now that kexec is working perhaps multirom is in order.. :)
    4
    Kexec is actually (if done right) a good way *not* to brick your phone. To run kernels, you usually have to flash them to a restricted boot section of the memory, and if you flash all non-working kernels (to download, recovery, and main) then you have no way to use your phone, as it won't boot up. If you use kexec, your working kernel is safely stored on the boot partition and your development kernels can be wherever, and if it doesn't boot you can just hold down POWER to hard reboot into your good kernel.

    The problem is that it doesn't seem to be working, I think I have the kexec support built properly but haven't been able to boot any kernels without it crashing.
    3
    So I'm still confused as to why my kexec didn't work. I'm going to build a TouchPad kernel with it enabled and repeat the test on it, since I have a known-good kernel to boot against. I'll let you know how that goes.

    Sent from my SAMSUNG-SGH-I717
    3
    Ok, so long-time-no-see but I'm reviving this post! Now that my Note 3 is happily running Cyanogenmod I have no urgent need for my Note 1 and can hack on it!

    So far I haven't gotten kexec working, but I do have:

    1. Kexecboot (graphical kexec frontend) is working, detects OS images appropriately

    2. Framebuffer Console (text-mode display, USB OTG keyboard supported for interactive command line)

    3. Overriding bootloader command line (to enable the fbconsole you need console=tty1 but the bootloader passes console=null)

    4. Framebuffer console rotation (boot up in landscape or portrait, no way to switch without recompiling at the moment)

    5. Most of kexec-hardboot ported from the HP TouchPad port, no clue if it's promising or not as so far it just crashes after a while of nothing

    6. Ubuntu 13.04 (desktop edition) rootfs installed on SD card in a chroot, also taken from HP TouchPad

    What I'm working on:

    1. Kexec-hardboot port (needed to use kexec properly and boot kernels)

    2. Fixing fbconsole glitching (framebuffer console displays garbled text that slowly clears up, no clue why...reading /dev/fb0 repeatedly clears up the display immediately and is a dirty hack that works well enough for testing)

    3. Networking (either USB Ethernet or integrated WiFi, going to try backported brcmfmac driver)

    4. Ubuntu (that's the long-term plan here)

    5. Note 3 S800 port if I get everything figured out here