OMAPBootrom » History » Version 8
Denis 'GNUtoo' Carikli, 03/29/2020 12:24 AM
| 1 | 1 | Denis 'GNUtoo' Carikli | h1. OMAPBootrom |
|---|---|---|---|
| 2 | |||
| 3 | 8 | Denis 'GNUtoo' Carikli | h2. Generic documentation |
| 4 | |||
| 5 | TODO: Read the various TRM and push the info to wikidata: |
||
| 6 | * check the various SOCs the sram size limit in the TRM. |
||
| 7 | * check the load address / memory mapping of MLO in case of USB boot or boot from eMMC in the TRM. |
||
| 8 | * Check mmc1 booting constraint (card size, look if < 4GiB works) in the TRM |
||
| 9 | |||
| 10 | Also: |
||
| 11 | * Read the TRM sections about SYS_BOOT and booting and document that, ideally write a tool for it, or upstream the code in some other tool. |
||
| 12 | |||
| 13 | 6 | Denis 'GNUtoo' Carikli | h2. Documentation |
| 14 | |||
| 15 | 2 | Denis 'GNUtoo' Carikli | The "droiddevelopers website":http://droiddevelopers.org has some information on trying to use bugs run free software on several Motorola devices. |
| 16 | |||
| 17 | | Device | SOC | |
||
| 18 | | "Motorola Milestone":https://en.wikipedia.org/wiki/Motorola_Milestone | OMAP 3430 | |
||
| 19 | 3 | Denis 'GNUtoo' Carikli | | "Motorola Milestone 2":https://en.wikipedia.org/wiki/Motorola_Milestone_2| OMAP 3630 | |
| 20 | 1 | Denis 'GNUtoo' Carikli | | "Motorola Defy (MB525)":https://en.wikipedia.org/wiki/Motorola_Defy | OMAP3630? | |
| 21 | 6 | Denis 'GNUtoo' Carikli | | Motorola Defy+ (MB526) | OMAP3 (which one?) | |
| 22 | |||
| 23 | That website has many information: |
||
| 24 | * It has documentation on the structure of signed MLOs |
||
| 25 | 2 | Denis 'GNUtoo' Carikli | |
| 26 | 7 | Denis 'GNUtoo' Carikli | TODO: |
| 27 | * Read droiddevelopers more to understand restricted boot better. |
||
| 28 | * Also the OMAP wiki might have some information on OMAP restricted boot. |
||
| 29 | * Also look if there is substancial information in the Technical Reference Manual (TRM) about fuses but that's unlikely. |
||
| 30 | |||
| 31 | 5 | Denis 'GNUtoo' Carikli | h2. Code |
| 32 | 1 | Denis 'GNUtoo' Carikli | |
| 33 | 7 | Denis 'GNUtoo' Carikli | * As march 2020, there are no fuses driver or code for any OMAP in either u-boot, Barebox, Linux, or crucible. |
| 34 | 1 | Denis 'GNUtoo' Carikli | * U-boot documentation mention TI tools that have to be obtained after signing an NDA |
| 35 | 7 | Denis 'GNUtoo' Carikli | * TODO: check if chipsec has infos on OMAP fuses |
| 36 | 5 | Denis 'GNUtoo' Carikli | |
| 37 | h2. Possible attacks |
||
| 38 | |||
| 39 | * Even if it's unlikely, once we understand the OMAP restricted boot better, we could check if some devices are signed but not in enforcing mode. |
||
| 40 | 4 | Denis 'GNUtoo' Carikli | |
| 41 | 1 | Denis 'GNUtoo' Carikli | h2. Links |
| 42 | |||
| 43 | * http://www.droid-developers.org : This attempts to run user code on several Motorolla smartphones. It includes analysis of the boot chain: |
||
| 44 | ** "Application_Processor_Boot_ROM":http://www.droid-developers.org/wiki/Application_Processor_Boot_ROM |
||
| 45 | ** "Booting_chain":http://www.droid-developers.org/wiki/Booting_chain |