[G386F] Dual booting from SD card and concept of bypassing secure boot for Core LTE

Search This thread

Agasharr

Senior Member
Oct 3, 2013
77
31
www.krafciarka.pl
Dual booting - the idea:

Use of recovery partition to boot second rom ( stock recovery isn't very useful anyway)
How to on post:
http://forum.xda-developers.com/showpost.php?p=63735205&postcount=10

Already tested:
Boot from SD card possible.
Video:
http://www.dailymotion.com/video/x3d8xq1_g386f-dual-boot-from-sd-card_tech

Cons:
lack of recovery makes flashing roms rather complicated (but we can't use stock recovery for that anyways)
second rom must be compatible with kernel

I know there's nothing interesting to be booted from sd card for now. But I hope that it'll be useful to test any compiled or ported rom, yet still have a fully usable phone.


Bypassing secure boot - kexec idea:

Kexec
is a mechanism of the Linux kernel that allows "live" booting of a new kernel "over" the currently running one
In short words it runs "stock" kernel and then it runs any other kernel.
As we know that stock kernel can be modified and repacked in boot.img.
The difficult is to implement kexec hardboot to kernel.
I already tried twice with no succes.

More detailed description:
http://forum.xda-developers.com/showthread.php?t=2104706

TO DO LIST:
boot from /recovery
- add hard kexec to Samsung kernel - most important
- repartition phone with 'parted' to dualboot from internal memory - low priority, but everyone may try

Already done:
- boot from /recovery with custom Samsung kernel (should be easy)
- boot from sd card possible
- boot from /recovery with changed initramfs - is it possible or will secure boot react?
 
Last edited:

bobo159951

Member
Sep 1, 2014
25
2
--------------------------------------------------------------------------------------------------------------
Version Anglaise - English Version
--------------------------------------------------------------------------------------------------------------

Hello,
I'm very thankful that you're there to lead this project.
Such as you, I want to pass this problem of secure boot to create a custom ROM (cyanogenmod in fact).
However I'm just a web developer (PHP, Javascript...) and I know just a little (very little :D) the Java (but no oriented-object).

I want to be useful... So have you some tasks to assign me ?
While I'm waiting your answer, I will read some docs !

(Sorry for my english, if you don't understand me I could try to explain in other words :) )

--------------------------------------------------------------------------------------------------------------
Version Française - French Version
--------------------------------------------------------------------------------------------------------------

Bonjour,
Je suis vraiment content que tu sois là pour gérer ce projet.
Comme toi, je voudrai passer ce problème de sécurité au démarrage pour créer une ROM custom (Cyanogenmod en fait).
Cependant je suis juste un développeur Web (PHP, Javascript) et je connais un petit peu (vraiment un petit peu) le Java (mais pas la programmation orientée objet).

Je souhaiterai être utile... As-tu quelques tâches à me confier ?
En attendant ta réponse, je vais lire quelques documentations !
 
Last edited:

AmineI

Senior Member
Dec 14, 2014
68
35
Hello ! In the past, i already managed to compile a CWM and TWRP for our phone. But well, sadly i ran into the secure boot issue.
Now i can't even work anymore on that, since my pc is broken, and i lost almost everything. But if we understand how to bypass it i'll be glad to restart my work on it anyway, as soon as i got a new computer ^^

BTW i'm french too :p
 

Szawo

Member
Nov 4, 2015
21
9
Thanks for awesome job, @Agasharr.
After seeing many questions how to help you with development, I thought it would be nice to have a TODO list in first post so anyone could try to "do the magic" with their devices.
Example goals:

boot from /recovery
☐ boot from /recovery with custom Samsung kernel (should be easy)
☐ boot from /recovery with changed initramfs - is it possible or will secure boot react?
☐ add hard kexec to Samsung kernel - most important
☐ repartition phone with 'parted' to dualboot from internal memory - low priority, but everyone may try
☐ fix power off problem
Please write your own list and add to main post.

Could you answer me a question in 3rd goal - can we change initramfs when secure boot is enabled?

Sorry about my English and a bit low quality of this post but I think we have to make the thread alive and every help count. I don't have Core LTE atm but it is sad how few ppl are working with it.
 

Agasharr

Senior Member
Oct 3, 2013
77
31
www.krafciarka.pl
Hi.
Firstly:
Your english is perfectly understandable. It's not a native language for most of us, mistakes are naturally so we shouldn't care that much about it. It's not a english philology.
Second:
To do list is a great idea, I'll update the first post, hope You don't mind if I just copy yours :)
As for initramfs I'll check and let You know next week.
Third:
I know some c++ and php basis, but never consider myself as a dev. I'm just and user who can't wait any longer for someone to do the job ;) I spend almost all my free time "playing" with this phone. The problem is that I've full time job, wife, 2 kids, i'm helping my wife run her business, and i'm selling modules on prestashop addons so my all free time is in fact very little.

PS. broken PC is not an excuse ;P I currently run on old netbook with amd e450 cpu as graphic card in my PC breaks up almost 2 months ago.
 

bobo159951

Member
Sep 1, 2014
25
2
Great idea for the todo list !
Firstly, I tried to extract my boot.img however the tuto which I read wasn't very adapted...
Have you some websites to advise me ?
 

Agasharr

Senior Member
Oct 3, 2013
77
31
www.krafciarka.pl

bobo159951

Member
Sep 1, 2014
25
2
We may decide on which firmware of this phone we will work together in order to haven't any sort of compatibily problems, no ?
I download this firmware personally : G386FXWUAOI2

-- On devrait peut-être décider sur quel firmware de ce téléphone nous devrions travailler pour ne pas avoir de problème de compatibilité, non ?
J'ai téléchargé ce firmware personnellement : G386FXWUAOI2
 
Last edited:

Agasharr

Senior Member
Oct 3, 2013
77
31
www.krafciarka.pl
Post updated:


How to dual boot from sd card:


What You need:
sd card - kinda obvious ;)
micro sd card reader - can be useful ;)
linux (or other way to unpack and copy system.img to sd card)
Terminal Emulator installed on phone.

How to:
With gparted on linux (or on windows with any program capable of creating ext4 partition)
Create partitions on sd card:
1. it not necessary but I advice to create some fat32 partition of size You wont, it will be available as sd card on base rom, without this partition base rom will constantly notify that sd card is damaged and You need to format it.
2. cache partition - ext4 format - stock size is 200 MB
3. system partition - ext4 format - stock size is 1475 MB
4. data partition - ext4 format - size You want
Copy system.img to system partition:
On linux:
unpack system.img to some folder
copy simg2img to that folder and create in the same place folder sys (it's an example)
open terminal and paste:
Code:
simg2img system.img sys.raw
then:
Code:
sudo mount -t ext4 -o loop,rw sys.raw sys/
sys.raw will be mounted in sys folder and You can copy files from there
if You need a root for that, open terminal in sys folder and paste:
Code:
sudo cp -r * /patch/to/your/system/partition/on/sd/card

On windows:
unknown

When You all done with sd card it's time to place it in phone and make sure how partitions are mounted.
Run terminal emulator and type:
Code:
cat /proc/partitions
It'll show all partitions on a phone, check your partitions names if You are not sure check size. You need some math to do so, as You have to divide blocks by 1024, for example 204800 / 1024 it's 200 MB.
It's time to mod fstab.u2evm from boot.img . It defines mount points so You have to change mount points for system, cache and data partitions.
It looks like "/dev/block/mmcblk0p18" (stock cache) and after change: "/dev/block/mmcblk1p6" (cache on sd card) in my case.
On windows:
Repack boot.img, rename new file to "recovery.img" and make flashable tar with
"tar-Tool_Odin3-v3.07_by_mkh.mourad"
http://forum.xda-developers.com/showthread.php?t=2446269
Flash with Odin and boot to recovery.
First boot take about 15 minutes.
 

Attachments

  • simg2img.zip
    14.1 KB · Views: 85
  • tar-Tool_Odin3-v3.07_by_mkh.mourad.zip
    2.5 MB · Views: 83
  • ALL_phones_Boot_Recovery_repack_util_for_WINDOWS_v2.zip
    3 MB · Views: 113
Last edited:
  • Like
Reactions: bobo159951

bobo159951

Member
Sep 1, 2014
25
2
Great works ! doesn't it slow down ?
I'm sorry I didn't have so much time to work on it but also I have a problem with the Java JDK on linux :-/
 
Last edited:

Agasharr

Senior Member
Oct 3, 2013
77
31
www.krafciarka.pl
Great works ! doesn't it slow down ?
I'm sorry I didn't have so much time to work on it but also I have a problem with the Java JDK on linux :-/

Well, phone boots like 3 times slower than normal and lags at the beginning, but after a while it runs almost like normal (at least with less demanding tasks). Performance drop is strictly related to sd card quality. Better the card better the performance will be. I have old 8 GB card class 10.
I'll update the first post with a short video.

As for your problems with java, You can use builduntu:
is a custom branch of the Ubuntu operating system for compiling Android ROMs from source. It includes everything you need to sync with the repo of your choice (Cyanogenmod, AOSP, etc) and start building.
http://forum.xda-developers.com/showthread.php?t=2585828
 

AmineI

Senior Member
Dec 14, 2014
68
35
It's interesting that you can boot on sdcard. But can you do the same with recovery ? Booting a recovery in a micro sd ? y the way i'm still searching for hints to bypass the secure boot.
I made some tests :
--Booting Stock recovery with stock kernel (but reflashed) - OK
--Stock Recovery extracted, Edited (config text files) and repacked - OK, Boot after showing the red exclamation mark
-- Custom recovery with stock kernel - won't skip the red exclamation mark
--Stock Recovery Extracted and repacked with custom kernel - Not Yet Tested
--Custom Recovery with custom kernel : Not Yet Tested
wondering if a custom kernel would change something, since the G386W needed a custom kernel to boot into custom recovery
 
  • Like
Reactions: Szawo

Agasharr

Senior Member
Oct 3, 2013
77
31
www.krafciarka.pl
It's interesting that you can boot on sdcard. But can you do the same with recovery ? Booting a recovery in a micro sd ?

No, I'm not booting "boot" partition from sd card, just replace recovery with another boot that points to system on sd instead of internal memory.

Stock Recovery Extracted and repacked with custom kernel - Not Yet Tested
If stock boot partition can be repacked with custom kernel and it works well, I presume that recovery will work in similar way.

wondering if a custom kernel would change something, since the G386W needed a custom kernel to boot into custom recovery

Not sure if it'll help but I already removed SECURE_BOOT_ENABLE verification from drivers/char/rtapi/rtboot/rtboot and rt_boot_sub
changing in rt_boot_sub from:

Code:
#ifdef SECURE_BOOT_ENABLE
		data_addr = ioremap(PRIMARY_COPY_ADDR, info.image_size);
#else
		data_addr = ioremap(info.boot_addr, info.image_size);
#endif
to:
Code:
data_addr = ioremap(info.boot_addr, info.image_size);

and in rtboot from:
Code:
#ifdef SECURE_BOOT_ENABLE
	phys_cert_addr = (PRIMARY_COPY_ADDR + g_rtboot_info.image_size + 0x00001000) & (0xFFFFF000);
	cert_size = read_rt_cert(phys_cert_addr);
	if (cert_size == 0) {
		MSG_ERROR("[RTBOOTK]   |read_rt_cert failed\n");
		do_iounmap_register();
		ret = misc_deregister(&g_device);
		if (0 != ret)
			MSG_ERROR("[RTBOOTK]   |misc_deregister failed ret[%d]\n", ret);
		MSG_HIGH("[RTBOOTK]OUT|[%s] ret = 1\n", __func__);
		return 1;
	}

	ret = sec_hal_memcpy((uint32_t)g_rtboot_info.boot_addr, (uint32_t)PRIMARY_COPY_ADDR, (uint32_t)g_rtboot_info.image_size);
	if (ret == SEC_HAL_CMN_RES_OK) {
		ret = sec_hal_authenticate(phys_cert_addr, cert_size, NULL);
		if (ret != SEC_HAL_CMN_RES_OK)
			MSG_ERROR("[RTBOOTK]   |sec_hal_authenticate ret[%d], phys_cert_addr[0x%08x], cert_size[%d]\n",
				ret, phys_cert_addr, cert_size);
	}

	if (SEC_HAL_CMN_RES_OK != ret) {
		MSG_ERROR("[RTBOOTK]   |RT boot secure error\n");
		MSG_ERROR("[RTBOOTK]   |boot_addr[0x%08x], image_size[%d]\n", g_rtboot_info.boot_addr, g_rtboot_info.image_size);
		do_iounmap_register();
		ret = misc_deregister(&g_device);
		if (0 != ret)
			MSG_ERROR("[RTBOOTK]   |misc_deregister failed ret[%d]\n", ret);
		MSG_HIGH("[RTBOOTK]OUT|[%s] ret = 1\n", __func__);
		return 1;
	}
	MSG_ERROR("[RTBOOTK]   |secure boot on\n");
#else
	MSG_LOW("[RTBOOTK]   |write_rt_imageaddr bootaddr[%x]\n", bootaddr);

	MSG_LOW("[RTBOOTK]   |write_rt_imageaddr start\n");
	write_rt_imageaddr(bootaddr);
#endif

to:

Code:
	MSG_LOW("[RTBOOTK]   |write_rt_imageaddr bootaddr[%x]\n", bootaddr);

	MSG_LOW("[RTBOOTK]   |write_rt_imageaddr start\n");
	write_rt_imageaddr(bootaddr);
 
  • Like
Reactions: Szawo

Top Liked Posts

  • There are no posts matching your filters.
  • 4
    Dual booting - the idea:

    Use of recovery partition to boot second rom ( stock recovery isn't very useful anyway)
    How to on post:
    http://forum.xda-developers.com/showpost.php?p=63735205&postcount=10

    Already tested:
    Boot from SD card possible.
    Video:
    http://www.dailymotion.com/video/x3d8xq1_g386f-dual-boot-from-sd-card_tech

    Cons:
    lack of recovery makes flashing roms rather complicated (but we can't use stock recovery for that anyways)
    second rom must be compatible with kernel

    I know there's nothing interesting to be booted from sd card for now. But I hope that it'll be useful to test any compiled or ported rom, yet still have a fully usable phone.


    Bypassing secure boot - kexec idea:

    Kexec
    is a mechanism of the Linux kernel that allows "live" booting of a new kernel "over" the currently running one
    In short words it runs "stock" kernel and then it runs any other kernel.
    As we know that stock kernel can be modified and repacked in boot.img.
    The difficult is to implement kexec hardboot to kernel.
    I already tried twice with no succes.

    More detailed description:
    http://forum.xda-developers.com/showthread.php?t=2104706

    TO DO LIST:
    boot from /recovery
    - add hard kexec to Samsung kernel - most important
    - repartition phone with 'parted' to dualboot from internal memory - low priority, but everyone may try

    Already done:
    - boot from /recovery with custom Samsung kernel (should be easy)
    - boot from sd card possible
    - boot from /recovery with changed initramfs - is it possible or will secure boot react?
    1
    I was using boot and system img from latest polish and french firmware and mixed them without any problems. But we can stick with french.
    1
    Post updated:


    How to dual boot from sd card:


    What You need:
    sd card - kinda obvious ;)
    micro sd card reader - can be useful ;)
    linux (or other way to unpack and copy system.img to sd card)
    Terminal Emulator installed on phone.

    How to:
    With gparted on linux (or on windows with any program capable of creating ext4 partition)
    Create partitions on sd card:
    1. it not necessary but I advice to create some fat32 partition of size You wont, it will be available as sd card on base rom, without this partition base rom will constantly notify that sd card is damaged and You need to format it.
    2. cache partition - ext4 format - stock size is 200 MB
    3. system partition - ext4 format - stock size is 1475 MB
    4. data partition - ext4 format - size You want
    Copy system.img to system partition:
    On linux:
    unpack system.img to some folder
    copy simg2img to that folder and create in the same place folder sys (it's an example)
    open terminal and paste:
    Code:
    simg2img system.img sys.raw
    then:
    Code:
    sudo mount -t ext4 -o loop,rw sys.raw sys/
    sys.raw will be mounted in sys folder and You can copy files from there
    if You need a root for that, open terminal in sys folder and paste:
    Code:
    sudo cp -r * /patch/to/your/system/partition/on/sd/card

    On windows:
    unknown

    When You all done with sd card it's time to place it in phone and make sure how partitions are mounted.
    Run terminal emulator and type:
    Code:
    cat /proc/partitions
    It'll show all partitions on a phone, check your partitions names if You are not sure check size. You need some math to do so, as You have to divide blocks by 1024, for example 204800 / 1024 it's 200 MB.
    It's time to mod fstab.u2evm from boot.img . It defines mount points so You have to change mount points for system, cache and data partitions.
    It looks like "/dev/block/mmcblk0p18" (stock cache) and after change: "/dev/block/mmcblk1p6" (cache on sd card) in my case.
    On windows:
    Repack boot.img, rename new file to "recovery.img" and make flashable tar with
    "tar-Tool_Odin3-v3.07_by_mkh.mourad"
    http://forum.xda-developers.com/showthread.php?t=2446269
    Flash with Odin and boot to recovery.
    First boot take about 15 minutes.
    1
    It's interesting that you can boot on sdcard. But can you do the same with recovery ? Booting a recovery in a micro sd ? y the way i'm still searching for hints to bypass the secure boot.
    I made some tests :
    --Booting Stock recovery with stock kernel (but reflashed) - OK
    --Stock Recovery extracted, Edited (config text files) and repacked - OK, Boot after showing the red exclamation mark
    -- Custom recovery with stock kernel - won't skip the red exclamation mark
    --Stock Recovery Extracted and repacked with custom kernel - Not Yet Tested
    --Custom Recovery with custom kernel : Not Yet Tested
    wondering if a custom kernel would change something, since the G386W needed a custom kernel to boot into custom recovery
    1
    It's interesting that you can boot on sdcard. But can you do the same with recovery ? Booting a recovery in a micro sd ?

    No, I'm not booting "boot" partition from sd card, just replace recovery with another boot that points to system on sd instead of internal memory.

    Stock Recovery Extracted and repacked with custom kernel - Not Yet Tested
    If stock boot partition can be repacked with custom kernel and it works well, I presume that recovery will work in similar way.

    wondering if a custom kernel would change something, since the G386W needed a custom kernel to boot into custom recovery

    Not sure if it'll help but I already removed SECURE_BOOT_ENABLE verification from drivers/char/rtapi/rtboot/rtboot and rt_boot_sub
    changing in rt_boot_sub from:

    Code:
    #ifdef SECURE_BOOT_ENABLE
    		data_addr = ioremap(PRIMARY_COPY_ADDR, info.image_size);
    #else
    		data_addr = ioremap(info.boot_addr, info.image_size);
    #endif
    to:
    Code:
    data_addr = ioremap(info.boot_addr, info.image_size);

    and in rtboot from:
    Code:
    #ifdef SECURE_BOOT_ENABLE
    	phys_cert_addr = (PRIMARY_COPY_ADDR + g_rtboot_info.image_size + 0x00001000) & (0xFFFFF000);
    	cert_size = read_rt_cert(phys_cert_addr);
    	if (cert_size == 0) {
    		MSG_ERROR("[RTBOOTK]   |read_rt_cert failed\n");
    		do_iounmap_register();
    		ret = misc_deregister(&g_device);
    		if (0 != ret)
    			MSG_ERROR("[RTBOOTK]   |misc_deregister failed ret[%d]\n", ret);
    		MSG_HIGH("[RTBOOTK]OUT|[%s] ret = 1\n", __func__);
    		return 1;
    	}
    
    	ret = sec_hal_memcpy((uint32_t)g_rtboot_info.boot_addr, (uint32_t)PRIMARY_COPY_ADDR, (uint32_t)g_rtboot_info.image_size);
    	if (ret == SEC_HAL_CMN_RES_OK) {
    		ret = sec_hal_authenticate(phys_cert_addr, cert_size, NULL);
    		if (ret != SEC_HAL_CMN_RES_OK)
    			MSG_ERROR("[RTBOOTK]   |sec_hal_authenticate ret[%d], phys_cert_addr[0x%08x], cert_size[%d]\n",
    				ret, phys_cert_addr, cert_size);
    	}
    
    	if (SEC_HAL_CMN_RES_OK != ret) {
    		MSG_ERROR("[RTBOOTK]   |RT boot secure error\n");
    		MSG_ERROR("[RTBOOTK]   |boot_addr[0x%08x], image_size[%d]\n", g_rtboot_info.boot_addr, g_rtboot_info.image_size);
    		do_iounmap_register();
    		ret = misc_deregister(&g_device);
    		if (0 != ret)
    			MSG_ERROR("[RTBOOTK]   |misc_deregister failed ret[%d]\n", ret);
    		MSG_HIGH("[RTBOOTK]OUT|[%s] ret = 1\n", __func__);
    		return 1;
    	}
    	MSG_ERROR("[RTBOOTK]   |secure boot on\n");
    #else
    	MSG_LOW("[RTBOOTK]   |write_rt_imageaddr bootaddr[%x]\n", bootaddr);
    
    	MSG_LOW("[RTBOOTK]   |write_rt_imageaddr start\n");
    	write_rt_imageaddr(bootaddr);
    #endif

    to:

    Code:
    	MSG_LOW("[RTBOOTK]   |write_rt_imageaddr bootaddr[%x]\n", bootaddr);
    
    	MSG_LOW("[RTBOOTK]   |write_rt_imageaddr start\n");
    	write_rt_imageaddr(bootaddr);