I disassembled nougat bootloader(7.1.17) and found some information.
1. copy_dtb(copy device tree blob) function has excluded.
copy_dtb function is enable device to boot boot.img which is included QCDT(Qualcomm Device Tree).
Originally, copy_dtb function is included in LK bootloader, but not in xiaomi nougat bootloader binary.
In detail, the function prologue exists but the function inside is empty.
I don't know why xiaomi did.
Anyway, Appending dtb to zImage(Image.gz, not end of boot.img) is only way to boot device property.
since previous bootloader can allow attended dtb boot.img too, I suggest changing the way to include dtb.
For example, I made some boot.img
LineageOS 14.1 170127 boot.img
https://drive.google.com/open?id=0ByP6S_Z3vDjWX1lmUzJ4cXVtTm8
TWRP Recovery 3.0.3.0
https://drive.google.com/open?id=0ByP6S_Z3vDjWY1hhdFhfdnhvVVU
both are booted successfully with nougat bootloader, also previous bootloader
2. Store location of unlock token has changed.
Token offset has changed from 0x60 to 0xe4 .
To use custom rom, unlocking device again with xiaomi unlock application is imperative.
I recommend to erase devinfo partition before flashing nougat bootloader.
3. TrustZone(L4) apps updated.
TrustZone is related to important function(modem, authentication, keystore, payment, etc..)
I think authentication process in trustzone has changed.
To custom rom user
When you flash nougat blob, turn off security feature(pin, pattern, password) before flashing blob
otherwise, the device will not be unlocked even though the correct password is entered.
1. copy_dtb(copy device tree blob) function has excluded.
copy_dtb function is enable device to boot boot.img which is included QCDT(Qualcomm Device Tree).
Originally, copy_dtb function is included in LK bootloader, but not in xiaomi nougat bootloader binary.
In detail, the function prologue exists but the function inside is empty.
I don't know why xiaomi did.
Anyway, Appending dtb to zImage(Image.gz, not end of boot.img) is only way to boot device property.
since previous bootloader can allow attended dtb boot.img too, I suggest changing the way to include dtb.
For example, I made some boot.img
LineageOS 14.1 170127 boot.img
https://drive.google.com/open?id=0ByP6S_Z3vDjWX1lmUzJ4cXVtTm8
TWRP Recovery 3.0.3.0
https://drive.google.com/open?id=0ByP6S_Z3vDjWY1hhdFhfdnhvVVU
both are booted successfully with nougat bootloader, also previous bootloader
2. Store location of unlock token has changed.
Token offset has changed from 0x60 to 0xe4 .
To use custom rom, unlocking device again with xiaomi unlock application is imperative.
I recommend to erase devinfo partition before flashing nougat bootloader.
3. TrustZone(L4) apps updated.
TrustZone is related to important function(modem, authentication, keystore, payment, etc..)
I think authentication process in trustzone has changed.
To custom rom user
When you flash nougat blob, turn off security feature(pin, pattern, password) before flashing blob
otherwise, the device will not be unlocked even though the correct password is entered.
Attachments
Last edited:
