FORUMS
Remove All Ads from XDA

[R&D] Unlock Bootloaders

5,224 posts
Thanks Meter: 9,890
 
By AdamOutler, Inactive Recognized Developer on 13th July 2012, 04:50 AM
Thread Closed Email Thread
10th August 2012, 11:00 PM |#241  
E:V:A's Avatar
Inactive Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,217
 
More
The MSM8960 Boot Architechture
The MSM8960 Boot Architecture (Ref: 80-N5009-1 B)

We still have not understood how the MSM8960 Boots up. Here is an attempt to
summarize the content in the only document available on the topic. If we do not
understand this properly there will little or no hope to unlock our bootloader.

First thing to understand is that the MSM contains several processors, each
designated to work an a particular subsystem. The table below lists the
processor types and boot addresses.

Code:
Subsystem       Processor       Boot address
---------------------------------------------------------------------
RPM             ARM7            0x0     
DSPS            ARM7            0x0 (hardware remap)
KxPSS           Krait           Configurable
Modem (FW)      Hexagon         Configurable
Modem (SW)      Hexagon         Configurable
LPASS           Hexagon         Configurable
RIVA SS         ARM9            0x0(hardware or software remap)
The boot code flow through the subsystems can be visualized like this:



Compared to other Snapdragons, the MSM8960 seem to employ much more strict
security measures by default. It is using the Secure Boot 3.0 (SB3) Call Stack
to accomplish this. Here is picture how this look.



Next we have a look at the entire boot process.

The Secure Boot 3.0 Process

The boot procedure is in the order as follows.

Code:
PBL

• RPM processor starts executing PBL in boot ROM
• PBL determines cold boot or warm boot
• PBL increases RPM clock speed from XO to 60 MHz
• RPM processor start address is 0x0
• For cold boot, next step is to detect Flash device that chip will boot from, 
  based on the boot options
• When detected, PBL downloads SBL1 (RPMSBL) from Flash to System IMEM
• SBL1 authenticates SBL2 (Krait PBL)
• RPM uses Crypto Engine 4.0 to authenticate images
• SBL1 jumps to start of SBL2 (Krait PBL)

SBL1

• SBL1 configures MIMEM and GMEM, then loads and authenticates the SBL2 there;
  MIMEM is 192 KB, so when SBL2 grows, it will spill to GMEM
• SBL1 takes Krait out of reset
• SBL1 waits for signal from Krait SBL
• When desired signal is received, SBL1 executes RPM firmware, 
  which is downloaded by SBL2
• If RPM firmware image authentication/download fails, Krait SBL2 resets MSM and 
  enters into Boot ROM Emergency Download mode

SBL2

• After being taken out of reset, Krait jumps to start of SBL2
 - Krait boot address is software-configurable via register APCS_START_ADDR
• SBL2 increases Krait clock speed
• SBL2 downloads TZ image to TZ-dedicated system IMEM
  - TZ image occupies at least 188 KB in system IMEM
  - TZ image sets up security environment (configures xPU, etc.)
• SBL2 authenticates TZ image
  - SBL2 uses CE-4.0 to perform authentication
• SBL2 downloads RPM firmware to Code RAM and authenticates it
• SBL2 configures DDR
• SBL2 sends RPM firmware-ready signal to RPM and lets RPM continue to 
  execute RPM firmware
• SBL2 jumps to SBL3

SBL3

• SBL3 bumps the system clock
• SBL3 loads and authenticates APPSBL
• SBL3 waits for the RPM process ready interrupt
• Once the interrupt is coming, SBL3 jumps to APPSBL 

SBL3/APPSBL/HLOS

• SBL3 (Krait SBL) loads and authenticates APPSBL and apps kernel
• Krait executes APPSBL and HLOS
• Krait loads and authenticates modem Hexagon firmware and 
  Hexagon software images, then takes them out of reset as needed
• Krait loads and authenticates LPA Hexagon image, then takes it out 
  of reset as needed
• Krait loads and authenticates DSPS ARM7 images, then takes them 
  out of reset as needed
• Krait loads and authenticates RIVA ARM9 images, then takes them 
  out of reset as needed
• Order of loading modem Hexagon, LPA Hexagon, and DSPS ARM7 
  can be decided by HLOS
The pictorial diagram:



Here the blue and white parts are executed in the RPM ARM7, while the grey parts are executed in the Krait.
Eventually the Krait takes over completely and we are left with the following flow .



PBL Boot Options


The BOOT_CONFIG[0..6] GPIOs or BOOT_CONFIG fuses can be used to
select the boot option, as shown below. Once the fuse is blown, the
GPIOs used for the boot option are free to be used as common GPIOs.

Code:
-------------------------------------------------------------------------------
BC[5:0] BOOT_CONFIG     MSM8960                                 Comments
-------------------------------------------------------------------------------
00000   0               BOOT_DEFAULT_OPTION
00001   1               BOOT_SDC_PORT3_THEN_SDC_PORT1_OPTION
00010   2               BOOT_SDC_PORT3_THEN_SDC_PORT2_OPTION
00011   3               BOOT_SDC_PORT1_OPTION
00100   4               BOOT_SDC_PORT2_OPTION
00101   5               BOOT_SPI_ON_GSBI1_OPTION
00110   6               BOOT_SPI_ON_GSBI2_OPTION                Not supported
00111   7               BOOT_SPI_ON_GSBI3_OPTION                Not supported
01000   8               BOOT_SPI_ON_GSBI4_OPTION                Not supported
01001   9               BOOT_SPI_ON_GSBI5_OPTION
01010   0x0A            BOOT_SPI_ON_GSBI6_OPTION                Not supported
01011   0x0B            BOOT_SPI_ON_GSBI8_OPTION                Not supported
01100   0x0C            BOOT_NAND_OPTION                        Not supported
01101   0x0D            BOOT_USB_OPTION
01110   0x0E            BOOT_SDC_PORT1_4BIT_OPTION
01111   0x0F            BOOT_SDC_PORT2_4BIT_OPTION
10000   0x10            BOOT_SPI_ON_GSBI9_OPTION
-------------------------------------------------------------------------------
BC[5:0] = BOOT_CONFIG[5:0]
SDC1 = eMMC
SDC2 = SD2 (not used)
SDC3 = SD1 (built in)
-------------------------------------------------------------------------------
BC6 = (0 - Secure Boot, 1 - Fast Boot)
-------------------------------------------------------------------------------
But this was all according to the Qualcomm MSM8960 specification. However, the
reference design schematic was simplified by omitting some of these
BC[x] pins, specifically the BC[2-5] pins, which are just used as regular
GPIO's, by just tying them directly to the antenna switch chips.

Thus the resulting configuration is as follows:

Code:
------------------------------------------------------------------
BC[5:0]         Mapping
------------------------------------------------------------------
0b00000         Emergency Boot from SDC3 (SD) followed by USB-HS
0b00001         SDC3 followed by SDC1 (eMMC)
0b00010         SDC3 followed by SDC2 (if used)
0b00011         SDC1 (eMMC)
------------------------------------------------------------------
However, this is not necessarily what is happening inside our SCH-I535,
because it is not confimed that the Service Manual schematics (which seem
to follow most of the reference schematic) is what is actually present on
the PCB. The reasons are that:
1) The reference schematic states that BC[0:6] are internally pulled-down.
2) Pull-ups are not needed if related Qfuses has been blown.
3) That (1) and (2) refers to Revisions C & D of reference design.

Thus we have to manually test what is going on on our device!

<< To Be Continued ... >>
Attached Thumbnails
Click image for larger version

Name:	MSM8960_BA_secure_boot_1.jpg
Views:	88750
Size:	21.9 KB
ID:	1253716   Click image for larger version

Name:	SB3_Call_Stack.jpg
Views:	88573
Size:	32.8 KB
ID:	1253726   Click image for larger version

Name:	LoadProcess_all_4.jpg
Views:	90584
Size:	40.6 KB
ID:	1253747   Click image for larger version

Name:	SB3_3.jpg
Views:	87562
Size:	50.7 KB
ID:	1254094  
The Following 28 Users Say Thank You to E:V:A For This Useful Post: [ View ] Gift E:V:A Ad-Free
10th August 2012, 11:36 PM |#242  
E:V:A's Avatar
Inactive Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,217
 
More
The Secure Boot Loaders

The table below list the various boot loaders and their code execution address,
code location and the type of memory it is executed in. WARNING!
Do not take these values as a fact, until we can verify them. The documentation
this is based on is already quite old and OEMs (like Samsung) are always changing and
tweaking things, including publishing poorly quality controlled documentation.



Code:
Component       Processor       Loc     ExecAddr        ExecMemType
-------------------------------------------------------------------------------
PBL             ARM7            *ROM    0x0             RPM ROM and RAM (stack) 
SBL1            ARM7            eMMC    0x2A000000      System IMEM     
SBL2            Krait           eMMC    0x2E000000      GMEM
RPM FW          ARM7            eMMC    x20000          RPM code RAM
TZ image        Krait           eMMC    0x2a020000      System IMEM
SBL3            Krait           eMMC    0x47f00000      LPDDR2
APPSBL          Krait           eMMC    TBD             LPDDR2
HLOS            Krait           eMMC    TBD             LPDDR2
-------------------------------------------------------------------------------
*RPM Boot ROM
But Ralekdev, noticed that these deviates for our device. He'd like to see:

Code:
TZ              0x2A000000
SBL3            0x8FF00000
APPSBL/aboot    0x88E00000
Obviously the PBL is the mother of all boot loaders, and is the most important to everyone.
So we need to show and understand the memory map of that.

The PBL Memory Map



The PBL Error Handler

But what use is a memory map without an error handler? In fact the error handler explain how to reach
the HS-USB Emergency Download mode. Which is what we are discussing here, since it could
be disabled by blowing a Qfuse. The error log goes directly into memory (RPM RAM) as was also the case for the boot
log shown in a previous post.

Debugging can be done by inspecting the 1KB Error Log in the RAM at location 0x3FF18.

Log content is defined in the following format:
Code:
typedefstructboot_pbl_error_log_location_type {
        uint32 line_num;
        char *filename;
        pbl_err_code_enum_typeerr_code;
} boot_pbl_error_log_location_type;

-------------------------------------------------------------------------------
PBL Error Code Definitions
-------------------------------------------------------------------------------
typedefenum { 
        PBL_NO_ERR= 0,
        PBL_FLASH_DET_OR_RW_ERR,
        PBL_FLASH_TIMEOUT_ERR,
        PBL_ASSERT_ERR,
        PBL_LOAD_RPM_SBL_ERR,
        PBL_RPM_SBL_FORMAT_ERR,
        PBL_FLASH_SPEC_VER_ERR,
        PBL_CERT_CHAIN_VERIFY_ERR,
        PBL_SIGNATURE_VERIFY_ERR,
        PBL_MISC_OR_EXCEPTION_ABORT_ERR,
        PBL_LOAD_DLOAD_ERR,
        PBL_BOOT_SELECT_OPTION_ERR,
        PBL_SDCC_SPEED_SELECT_ERR,
        PBL_OUT_OF_BOUND_ERR,
        PBL_NULL_PTR_ERR,               /* null pointer error */
        PBL_ROLLBACK_ERR,               /* Denotes older secure image is being used */
        PBL_OEM_NUM_ROOT_CERTS_ERR,     /* Denotes the number of OEM root certswere invalid */
        PBL_OEM_ROOT_CERT_SEL_ERR,      /* Denotes the OEM root cert selected is invalid */
        PBL_INVALID_IMAGE_TYPE_ERR,     /* invalid image being authenticated */
        PBL_INVALID_PMIC_ERR,           /* no PMIC, or not an expected Qualcomm PMIC connected */
        PBL_PMIC_FLCB_ERR,              /* Error during fast low current boot sequence ==> PMIC power down MSM. */
        PBL_USB_ENUM_ERR,               /* USB enumeration failed */
        MAX_ERR_CODE = 0x7FFFFFFF       /* To ensure it's 32 bits wide */
} pbl_err_code_enum_type;




<< To Be Continued... >>
Attached Thumbnails
Click image for larger version

Name:	SB3_PBL_memory_map.jpg
Views:	83935
Size:	37.0 KB
ID:	1253776   Click image for larger version

Name:	SB3_PBL_error_handler2.jpg
Views:	83724
Size:	32.5 KB
ID:	1253777  
The Following 20 Users Say Thank You to E:V:A For This Useful Post: [ View ] Gift E:V:A Ad-Free
10th August 2012, 11:46 PM |#243  
Retired Senior Recognized Developer
Thanks Meter: 385
 
Donate to Me
More
Quote:
Originally Posted by E:V:A

The Secure Boot Loaders

The table below list the various boot loaders and their code execution address,
code location and the type of memory it is executed in.

Code:
Component       Processor       Loc     ExecAddr        ExecMemType
-------------------------------------------------------------------------------
PBL             ARM7            *ROM    0x0             RPM ROM and RAM (stack) 
SBL1            ARM7            eMMC    0x2A000000      System IMEM     
SBL2            Krait           eMMC    0x2E000000      GMEM
RPM FW          ARM7            eMMC    x20000          RPM code RAM
TZ image        Krait           eMMC    0x2a020000      System IMEM
SBL3            Krait           eMMC    0x47f00000      LPDDR2
APPSBL          Krait           eMMC    TBD             LPDDR2
HLOS            Krait           eMMC    TBD             LPDDR2
-------------------------------------------------------------------------------
*RPM Boot ROM

It looks like ours deviates slightly from this.

If the headers are to be believed,
TZ is loaded at 0x2A000000
SBL3 is loaded at 0x8FF00000
APPSBL/aboot is loaded at 0x88E00000
The Following 9 Users Say Thank You to Ralekdev For This Useful Post: [ View ] Gift Ralekdev Ad-Free
sextape
11th August 2012, 01:10 AM |#244  
Guest
Thanks Meter: 0
 
More
Samsung L300 PIT FILE

http://devhost.xda-developers.com/rmS


Bootloader will be locked!





So question will providing the bootloader from an unlocked flash file help of course this is a different device but locked in the same matter as VZWs
The Following 7 Users Say Thank You to For This Useful Post: [ View ] Gift Ad-Free
11th August 2012, 01:14 AM |#245  
pyrostic's Avatar
Senior Member
Flag Chicago - Northwest Suburbs
Thanks Meter: 213
 
More
Quote:
Originally Posted by sextape

Samsung L300 PIT FILE

http://devhost.xda-developers.com/rmS


Bootloader will be locked!





So question will providing the bootloader from an unlocked flash file help of course this is a different device but locked in the same matter as VZWs

I just really don't know how you do it. The L300 has the same Chipset as us. Furthermore, AdamOutler and E:V:A please PM me I need to get you in contact with Sextape. He has more but He'd rather discuss this elsewhere.
The Following 2 Users Say Thank You to pyrostic For This Useful Post: [ View ] Gift pyrostic Ad-Free
sextape
11th August 2012, 01:31 AM |#246  
Guest
Thanks Meter: 0
 
More
just to confirm yes the L300 has the same chipset as the GS3
The Following 5 Users Say Thank You to For This Useful Post: [ View ] Gift Ad-Free
11th August 2012, 02:30 AM |#247  
E:V:A's Avatar
Inactive Recognized Developer
Flag -∇ϕ
Thanks Meter: 2,217
 
More
I need a JTAG expert!
Somehow I cannot just ignore and stop thinking about this post:

"How to enable/disable the secure boot authentication feature on MSM8660 by using the JTAG"

The reason is that the MSM8660 is essentially the same as our MSM8960 apart some little quirks...(to be determined.)
Here is an edited summary:
NOTE:
a) This solution does not apply to all MSM8660 versions
b) This solution does not apply to the RPM JTAG disable cases
c) This solution only uses for debug purpose.

For some reasons, if you need to to run unsigned software on a secure boot
enabled (the AUTH_EN bit in SECURE_BOOT1 register is blown) MSM8660 chip, the
following instruction is able to disable the secure boot authentication by using
RPM-JTAG.

1. Launch the Daisy Chain RPM-JTAG shortcut (i.e modem_proc\tools\t32\DC7_ARM7_RPM).
2. Execute the cmm script which contain the following command:

Code:
system.option resbreak on
system.up
g 0x7ce8 /o /cmd "r.s r0 0x0" ; 0x0 for disabling the secure boot authentication
wait 1ms
g
Of course, you can simply modify the cmm script (listed below) to enable the
secure boot authentication without blowing SECURE_BOOT1 register on MSM8660 chip
by using RPM-JTAG or short the GPIO_76 pin.
Code:
system.option resbreak on
system.up
g 0x7ce8 /o /cmd "r.s r0 0x1" ;    0x1 for enabling the secure boot authentication
wait 1ms
g 
What is this command doing exactly?
My guess is that 0x7ce8 is an address, but for what?
The Following User Says Thank You to E:V:A For This Useful Post: [ View ] Gift E:V:A Ad-Free
11th August 2012, 02:44 AM |#248  
Well, I have some supposedly unsecure scandalous sextape files.. I attempted to pack and flash via Odin Tar file. They failed secure checks via Odin, but I believe that means nothing to the actual device itself. I'm going to manually flash these files.

This may end up with me bricking my device, but I feel like it is worth it to prove or disprove the fact that these files work. So, I wanted to post this and then begin preparations. If anyone has any reason I should not flash these files, let me know. I will be out of commission if this fails.
The Following 9 Users Say Thank You to AdamOutler For This Useful Post: [ View ] Gift AdamOutler Ad-Free
11th August 2012, 02:45 AM |#249  
pyrostic's Avatar
Senior Member
Flag Chicago - Northwest Suburbs
Thanks Meter: 213
 
More
Quote:
Originally Posted by AdamOutler

Well, I have some supposedly unsecure scandalous sextape files.. I attempted to pack and flash via Odin Tar file. They failed secure checks via Odin, but I believe that means nothing to the actual device itself. I'm going to manually flash these files.

This may end up with me bricking my device, but I feel like it is worth it to prove or disprove the fact that these files work. So, I wanted to post this and then begin preparations. If anyone has any reason I should not flash these files, let me know. I will be out of commission if this fails.

well the aboot will probably brick you. it is a secure file. and different size than the ours.
11th August 2012, 02:46 AM |#250  
prdog1's Avatar
Senior Member
Flag Houston, Texas
Thanks Meter: 5,483
 
More
Quote:
Originally Posted by E:V:A

Somehow I cannot just ignore and stop thinking about this post:

"How to enable/disable the secure boot authentication feature on MSM8660 by using the JTAG"

The reason is that the MSM8660 is essentially the same as our MSM8960 apart some little quirks...(to be determined.)
Here is an edited summary:

NOTE:
a) This solution does not apply to all MSM8660 versions
b) This solution does not apply to the RPM JTAG disable cases
c) This solution only uses for debug purpose.

For some reasons, if you need to to run unsigned software on a secure boot
enabled (the AUTH_EN bit in SECURE_BOOT1 register is blown) MSM8660 chip, the
following instruction is able to disable the secure boot authentication by using
RPM-JTAG.

1. Launch the Daisy Chain RPM-JTAG shortcut (i.e modem_proc\tools\t32\DC7_ARM7_RPM).
2. Execute the cmm script which contain the following command:

Code:
system.option resbreak on
system.up
g 0x7ce8 /o /cmd "r.s r0 0x0" ; 0x0 for disabling the secure boot authentication
wait 1ms
g
Of course, you can simply modify the cmm script (listed below) to enable the
secure boot authentication without blowing SECURE_BOOT1 register on MSM8660 chip
by using RPM-JTAG or short the GPIO_76 pin.
Code:
system.option resbreak on
system.up
g 0x7ce8 /o /cmd "r.s r0 0x1" ;    0x1 for enabling the secure boot authentication
wait 1ms
g 
What is this command doing exactly?
My guess is that 0x7ce8 is an address, but for what?

Contact Josh at http://www.google.com/url?sa=t&rct=j...zn8hBViW_D6Bnw
11th August 2012, 02:49 AM |#251  
Senior Member
Thanks Meter: 505
 
More
Adam, might I recommend making an Odin-friendly file?

Quote:

md5sum -t package_name.tar >> package_name.tar
mv package_name.tar package_name.tar.md5

http://forum.xda-developers.com/show....php?t=1777579
The Following User Says Thank You to LLStarks For This Useful Post: [ View ] Gift LLStarks Ad-Free
Thread Closed Subscribe to Thread

Tags
d2vzw, locked bootloader
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes