NexusSI902xBootloader » History » Version 2
Paul Kocialkowski, 01/16/2015 03:09 PM
| 1 | 1 | Paul Kocialkowski | h1. Nexus S (I902x) Bootloader |
|---|---|---|---|
| 2 | |||
| 3 | 2 | Paul Kocialkowski | The Nexus S (I902x) ships with a set of proprietary bootloaders: the Samsung Primitive Bootloader (PBL), executed first by the bootrom, followed by the Samsung Secondary Bootloader (SBL). These bootloaders are proprietary software. |
| 4 | 1 | Paul Kocialkowski | |
| 5 | h2. Secure boot |
||
| 6 | |||
| 7 | The bootrom and the bootloaders appear to be implementing secure boot mechanisms that enforce signature checks on each bootloader. |
||
| 8 | However, there is no signature check enforced regarding the Linux kernel. |
||
| 9 | |||
| 10 | Changing a single byte on the first bootloader ended up in the system refusing to boot. In addition, a few messages from the bootloaders output suggest that such signature checks are enforced: @IROM e-fused - Secure Boot Version@. |
||
| 11 | |||
| 12 | Since signature checks are enforced by the bootrom and provided that there is apparently no easy way of replacing the public key the signatures are checked against, running a free software bootloader on the Nexus S (I902x) seems impossible. |
||
| 13 | |||
| 14 | h2. Stock bootloaders output |
||
| 15 | |||
| 16 | <pre> |
||
| 17 | ----------------------------------------------------------- |
||
| 18 | Samsung Primitive Bootloader (PBL) v3.0 |
||
| 19 | Copyright (C) Samsung Electronics Co., Ltd. 2006-2010 |
||
| 20 | ----------------------------------------------------------- |
||
| 21 | |||
| 22 | Muxed [[OneNAND]] 512MB (0x50) Sync |
||
| 23 | Scanning Bad Block ....... |
||
| 24 | Bad Block 77 (5) |
||
| 25 | Bad Block 295 (5) |
||
| 26 | Bad Block 1232 (5) |
||
| 27 | Bad Block 1646 (5) |
||
| 28 | Bad Block 1831 (5) |
||
| 29 | Bad Block 2047 (0) |
||
| 30 | SBL loadding success |
||
| 31 | |||
| 32 | Set cpu clk. from 400MHz to 800MHz. |
||
| 33 | OM=0x9, device=OnenandMux(Audi) |
||
| 34 | IROM e-fused - Secure Boot Version. |
||
| 35 | |||
| 36 | ----------------------------------------------------------- |
||
| 37 | Samsung Secondary Bootloader (SBL) v3.0 |
||
| 38 | Copyright (C) Samsung Electronics Co., Ltd. 2006-2010 |
||
| 39 | |||
| 40 | Board Name: HERRING REV 52 |
||
| 41 | Build On: Jan 20 2011 17:19:41 |
||
| 42 | ----------------------------------------------------------- |
||
| 43 | |||
| 44 | MMC SEM16G 15188 MB |
||
| 45 | Re_partition: magic code(0x0) |
||
| 46 | Muxed [[OneNAND]] 512MB (0x50) Sync |
||
| 47 | Scanning Bad Block ....... |
||
| 48 | Bad Block 77 (5) |
||
| 49 | Bad Block 295 (5) |
||
| 50 | Bad Block 1232 (5) |
||
| 51 | Bad Block 1646 (5) |
||
| 52 | Bad Block 1831 (5) |
||
| 53 | Bad Block 2047 (0) |
||
| 54 | Partitions loading success |
||
| 55 | Read image(PARAM) from flash ....... |
||
| 56 | Done |
||
| 57 | init_fuel_gauge: vcell = 4083mV, soc = 94 |
||
| 58 | PMIC_IRQ1 = 0xc0 |
||
| 59 | PMIC_IRQ2 = 0x0 |
||
| 60 | PMIC_IRQ3 = 0x0 |
||
| 61 | PMIC_IRQ4 = 0x0 |
||
| 62 | PMIC_STATUS1 = 0x0 |
||
| 63 | PMIC_STATUS2 = 0x0 |
||
| 64 | PMIC_STATUS3 = 0x0 |
||
| 65 | PMIC_STATUS4 = 0x0 |
||
| 66 | PMIC_STATUS5 = 0x0 |
||
| 67 | PMIC_SMPL = 0x0 |
||
| 68 | Key scan = 0x0 |
||
| 69 | message.command = |
||
| 70 | message.status = |
||
| 71 | message.recovery = |
||
| 72 | |||
| 73 | BOOT_MODE_NORMAL (SW_RST(0x00000004), INFORM(0x000000ee)) |
||
| 74 | LCD ID = 0x0060a953 |
||
| 75 | Done |
||
| 76 | Kernel(boot.img) read success from partition no.5 |
||
| 77 | Setting param.serialnr = 0x3733bab6 0x6de200ec |
||
| 78 | Setting param.board_rev = 0x34 |
||
| 79 | Setting param.cmdline = console=ttyFIQ0 no_console_suspend androidboot.serialno=3733BAB66DE200EC androidboot.bootloader=I9020XXKA3 androidboot.baseband=I9020XXKB3 androidboot.info=0x4,0xee,1 androidboot.carrier=EUR gain_code=3 s3cfb.bootloaderfb=0x34a00000 mach-herring.lcd_type=0x00000000 oem_state=unlocked |
||
| 80 | Setting param.initrd_start = 0x31000000, param.initrd_size = 0x23265 |
||
| 81 | |||
| 82 | Starting kernel at 0x30008000... |
||
| 83 | |||
| 84 | Uncompressing Linux... done, booting the kernel. |
||
| 85 | </pre> |