NexusSI902xBootloader » History » Version 1
Paul Kocialkowski, 01/16/2015 03:08 PM
| 1 | 1 | Paul Kocialkowski | h1. Nexus S (I902x) Bootloader |
|---|---|---|---|
| 2 | |||
| 3 | The Nexus S (I902x) ships with a set of proprietary bootloaders: the Samsung Primitive Bootloader (PBL), executed first by the bootrom, followed by the Samsung Secondary Bootloader (SBL). |
||
| 4 | These bootloaders are proprietary software. |
||
| 5 | |||
| 6 | h2. Secure boot |
||
| 7 | |||
| 8 | The bootrom and the bootloaders appear to be implementing secure boot mechanisms that enforce signature checks on each bootloader. |
||
| 9 | However, there is no signature check enforced regarding the Linux kernel. |
||
| 10 | |||
| 11 | Changing a single byte on the first bootloader ended up in the system refusing to boot. In addition, a few messages from the bootloaders output suggest that such signature checks are enforced: @IROM e-fused - Secure Boot Version@. |
||
| 12 | |||
| 13 | Since signature checks are enforced by the bootrom and provided that there is apparently no easy way of replacing the public key the signatures are checked against, running a free software bootloader on the Nexus S (I902x) seems impossible. |
||
| 14 | |||
| 15 | h2. Stock bootloaders output |
||
| 16 | |||
| 17 | <pre> |
||
| 18 | ----------------------------------------------------------- |
||
| 19 | Samsung Primitive Bootloader (PBL) v3.0 |
||
| 20 | Copyright (C) Samsung Electronics Co., Ltd. 2006-2010 |
||
| 21 | ----------------------------------------------------------- |
||
| 22 | |||
| 23 | Muxed [[OneNAND]] 512MB (0x50) Sync |
||
| 24 | Scanning Bad Block ....... |
||
| 25 | Bad Block 77 (5) |
||
| 26 | Bad Block 295 (5) |
||
| 27 | Bad Block 1232 (5) |
||
| 28 | Bad Block 1646 (5) |
||
| 29 | Bad Block 1831 (5) |
||
| 30 | Bad Block 2047 (0) |
||
| 31 | SBL loadding success |
||
| 32 | |||
| 33 | Set cpu clk. from 400MHz to 800MHz. |
||
| 34 | OM=0x9, device=OnenandMux(Audi) |
||
| 35 | IROM e-fused - Secure Boot Version. |
||
| 36 | |||
| 37 | ----------------------------------------------------------- |
||
| 38 | Samsung Secondary Bootloader (SBL) v3.0 |
||
| 39 | Copyright (C) Samsung Electronics Co., Ltd. 2006-2010 |
||
| 40 | |||
| 41 | Board Name: HERRING REV 52 |
||
| 42 | Build On: Jan 20 2011 17:19:41 |
||
| 43 | ----------------------------------------------------------- |
||
| 44 | |||
| 45 | MMC SEM16G 15188 MB |
||
| 46 | Re_partition: magic code(0x0) |
||
| 47 | Muxed [[OneNAND]] 512MB (0x50) Sync |
||
| 48 | Scanning Bad Block ....... |
||
| 49 | Bad Block 77 (5) |
||
| 50 | Bad Block 295 (5) |
||
| 51 | Bad Block 1232 (5) |
||
| 52 | Bad Block 1646 (5) |
||
| 53 | Bad Block 1831 (5) |
||
| 54 | Bad Block 2047 (0) |
||
| 55 | Partitions loading success |
||
| 56 | Read image(PARAM) from flash ....... |
||
| 57 | Done |
||
| 58 | init_fuel_gauge: vcell = 4083mV, soc = 94 |
||
| 59 | PMIC_IRQ1 = 0xc0 |
||
| 60 | PMIC_IRQ2 = 0x0 |
||
| 61 | PMIC_IRQ3 = 0x0 |
||
| 62 | PMIC_IRQ4 = 0x0 |
||
| 63 | PMIC_STATUS1 = 0x0 |
||
| 64 | PMIC_STATUS2 = 0x0 |
||
| 65 | PMIC_STATUS3 = 0x0 |
||
| 66 | PMIC_STATUS4 = 0x0 |
||
| 67 | PMIC_STATUS5 = 0x0 |
||
| 68 | PMIC_SMPL = 0x0 |
||
| 69 | Key scan = 0x0 |
||
| 70 | message.command = |
||
| 71 | message.status = |
||
| 72 | message.recovery = |
||
| 73 | |||
| 74 | BOOT_MODE_NORMAL (SW_RST(0x00000004), INFORM(0x000000ee)) |
||
| 75 | LCD ID = 0x0060a953 |
||
| 76 | Done |
||
| 77 | Kernel(boot.img) read success from partition no.5 |
||
| 78 | Setting param.serialnr = 0x3733bab6 0x6de200ec |
||
| 79 | Setting param.board_rev = 0x34 |
||
| 80 | Setting param.cmdline = console=ttyFIQ0 no_console_suspend androidboot.serialno=3733BAB66DE200EC androidboot.bootloader=I9020XXKA3 androidboot.baseband=I9020XXKB3 androidboot.info=0x4,0xee,1 androidboot.carrier=EUR gain_code=3 s3cfb.bootloaderfb=0x34a00000 mach-herring.lcd_type=0x00000000 oem_state=unlocked |
||
| 81 | Setting param.initrd_start = 0x31000000, param.initrd_size = 0x23265 |
||
| 82 | |||
| 83 | Starting kernel at 0x30008000... |
||
| 84 | |||
| 85 | Uncompressing Linux... done, booting the kernel. |
||
| 86 | </pre> |