sciphone g2: loading a linux kernel
Incoming braindump…
Connect phone using serial cable (after you built one).
~# cd osmocom-bb/src/host/osmocon ~# ./osmocon -p /dev/ttyUSB0 -m mtk ../../target/firmware/board/mt62xx/loader.mtkram.bin got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . Sending MTK romloader beacon... Sending MTK romloader beacon... Sending MTK romloader beacon...
osmocon waits for answer packets from the phone, keep pressing the power button, the romloader will send the beacon and osmocon will upload the ramloader:
Sending MTK romloader beacon... got 1 bytes from modem, data looks like: 5f _ Received init magic byte 1 got 1 bytes from modem, data looks like: f5 . Received init magic byte 2 got 1 bytes from modem, data looks like: af . Received init magic byte 3 got 1 bytes from modem, data looks like: fa . Received init magic byte 4, requesting write got 1 bytes from modem, data looks like: a1 . Received write ack, sending load address got 1 bytes from modem, data looks like: 40 @ got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 14 . got 1 bytes from modem, data looks like: 00 . Received address ack from phone, sending loadsize read_file(../../target/firmware/board/mt62xx/loader.mtkram.bin): file_size=13856, hdr_len=0, dnload_len=13859 Preparing block 1 got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 1c . got 1 bytes from modem, data looks like: 00 . Received size ack handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 1 finished Received Block 1 preparing next block Preparing block 2 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 2 finished Received Block 2 preparing next block Preparing block 3 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 3 finished Dropping sample '0' Received Block 3 preparing next block Preparing block 4 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 4 finished Received Block 4 preparing next block Preparing block 5 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 5 finished Received Block 5 preparing next block Preparing block 6 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 6 finished Received Block 6 preparing next block Preparing block 7 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 7 finished Received Block 7 preparing next block Preparing block 8 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 8 finished Received Block 8 preparing next block Preparing block 9 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 9 finished Received Block 9 preparing next block Preparing block 10 handle_write_block(): 1024 bytes (1024/1024) Dropping sample 'X' handle_write_block(): Block 10 finished Received Block 10 preparing next block Preparing block 11 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 11 finished Received Block 11 preparing next block Preparing block 12 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 12 finished Received Block 12 preparing next block Preparing block 13 handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 13 finished Received Block 13 preparing next block Preparing the last block, filling 480 bytes handle_write_block(): 1024 bytes (1024/1024) handle_write_block(): Block 14 finished Finished, sent 14 blocks in total Sending branch command got 1 bytes from modem, data looks like: a8 . Received branch command ack, sending address got 1 bytes from modem, data looks like: 40 @ got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 14 . got 1 bytes from modem, data looks like: 00 . Received branch address ack, code should run now Running on mt62xx in environment mtkram HW_CODE = 0x6235
The ramloader has been loaded successfully.
Keep osmocom running, go to a different terminal window and upload the uboot image using osmoload:
~# cd osmocom-bb/src/host/osmocon ~# ./osmoload memload 0x500000 ~/g2_uboot.bin Loading 160144 bytes of memory to address 0x500000 from file /home/stkn/uboot-mt623x/u-boot.bin .................................................................................................. .................................................................................................. .................................................................................................. .................................................................................................. .................................................................................................. .................................................................................................. ................................................................................done. ~# ./osmoload jump 0x500000 Confirmed jump to 0x500000.Close osmocon in the first terminal(!). Open a serial terminal program (e.g. minicom), parameters for the serial connection are: 115200,8n1 (no handshake).
Sciphone> help ? - alias for 'help' base - print or set address offset bootm - boot application image from memory cmp - memory compare cp - memory copy crc32 - checksum calculation env - environment handling commands exit - exit script ext2load- load binary file from a Ext2 filesystem ext2ls - list files in a directory (default /) false - do nothing, unsuccessfully fatinfo - print information about filesystem fatload - load binary file from a dos filesystem fatls - list files in a directory (default /) go - start application at address 'addr' help - print command description/usage loadb - load binary file over serial line (kermit mode) loady - load binary file over serial line (ymodem mode) loop - infinite loop on address range md - memory display mm - memory modify (auto-incrementing address) mmc - MMC sub system mmcinfo - display MMC info mtest - simple RAM read/write test mw - memory write (fill) nand - NAND sub-system nboot - boot from NAND device nm - memory modify (constant address) printenv- print environment variables reset - Perform RESET of the CPU run - run commands in an environment variable setenv - set environment variables showvar - print local hushshell variables test - minimal test like /bin/sh true - do nothing, successfully version - print monitor versionLoad the linux kernel (i’m using the kermit protocol here):
Sciphone> loadb ## Ready for binary (kermit) download to 0x00800000 at 115200 bps...Press Ctrl+S to open the upload menu, select kermit, navigate to the directory where you keep the g2_uImage.bin file, select the file with Space and start the upload with the Okay button. Kermit will start the upload (this will take a couple of minutes!). After the upload is finished, start the kernel:
Sciphone> bootm 0x800000 ## Booting kernel from Legacy Image at 00800000 ... Image Name: Linux-2.6.36-next-20101029+ Image Type: ARM Linux Kernel Image (uncompressed) Data Size: 1516416 Bytes = 1.4 MiB Load Address: 00008000 Entry Point: 00008000 Verifying Checksum ... OK Loading Kernel Image ... OK OK Starting kernel ... Uncompressing Linux... done, booting the kernel. Linux version 2.6.36-next-20101029+ (xpumami@xpumami-desktop) (gcc version 4.4.1 (Sourcery G++ Lite 2009q3-67) ) #72 PREEMPT Wed Nov 17 14:10:39 CET 2010 CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00053177 CPU: VIVT data cache, VIVT instruction cache Machine: Sciphone G2 Memory policy: ECC disabled, Data cache writeback pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768 pcpu-alloc: [0] 0 Built 1 zonelists in Zone order, mobility grouping on. Total pages: 16256 Kernel command line: console=ttyMTK0,115200n8 mem=64M@0 PID hash table entries: 256 (order: -2, 1024 bytes) Dentry cache hash table entries: 8192 (order: 3, 32768 bytes) Inode-cache hash table entries: 4096 (order: 2, 16384 bytes) Memory: 64MB = 64MB total Memory: 61676k/61676k available, 3860k reserved, 0K highmem Virtual kernel memory layout: vector : 0xffff0000 - 0xffff1000 ( 4 kB) fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB) DMA : 0xffc00000 - 0xffe00000 ( 2 MB) vmalloc : 0xc4800000 - 0xe0000000 ( 440 MB) lowmem : 0xc0000000 - 0xc4000000 ( 64 MB) modules : 0xbf000000 - 0xc0000000 ( 16 MB) .init : 0xc0008000 - 0xc0192000 (1576 kB) .text : 0xc0192000 - 0xc0318000 (1560 kB) .data : 0xc0318000 - 0xc0323260 ( 45 kB) Preemptable hierarchical RCU implementation. RCU-based detection of stalled CPUs is disabled. Verbose stalled-CPUs detection is disabled. NR_IRQS:50 Calibrating delay loop... 104.24 BogoMIPS (lpj=521216) pid_max: default: 32768 minimum: 301 Mount-cache hash table entries: 512 CPU: Testing write buffer coherency: ok bio: create slab <bio-0> at 0 Switching to clocksource gpt_3 msgmni has been set to 120 Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254) io scheduler noop registered io scheduler deadline registered io scheduler cfq registered (default) mt62xx_serial.0: ttyMTK0 at MMIO 0xf1030000 (irq = 7) is a MT62XX Serial Port console [ttyMTK0] enabled brd: module loaded Freeing init memory: 1576K init started: BusyBox v1.17.3 (2010-11-17 07:35:14 CET) starting pid 93, tty '': '/etc/rc.init' Please press Enter to activate this console.Press Enter to get a console.
starting pid 95, tty '/dev/ttyMTK0': '/bin/ash' / # ls bin dev etc init proc sbin sys tmp usr / # ps PID USER VSZ STAT COMMAND 1 0 1764 S init 2 0 0 SW [kthreadd] 3 0 0 SW [ksoftirqd/0] 4 0 0 SW [kworker/0:0] 5 0 0 SW [kworker/u:0] 6 0 0 SW< [khelper] 7 0 0 SW [kworker/u:1] 21 0 0 SW [sync_supers] 23 0 0 SW [bdi-default] 25 0 0 SW< [kblockd] 45 0 0 SW [kswapd0] 46 0 0 SW [fsnotify_mark] 47 0 0 SW< [aio] 48 0 0 SW< [crypto] 95 0 1768 S /bin/ash 96 0 0 SW [kworker/0:1] 98 0 1768 R ps / #Links:
[1] Marcin Mielczarczyk’s uboot and kernel image can be found here
