[maemo-developers] 0xFFFF: GPL-licensed flasher for n770 and n800

From: Igor Stoppa igor.stoppa at nokia.com
Date: Sat Apr 14 23:20:01 EEST 2007
On Sat, 2007-04-14 at 19:39 +0200, ext Visti Andresen wrote:
> On Fri, 13 Apr 2007 21:47:47 +0200
> Visti Andresen <talpa at galnet.dk> wrote:
> > On Fri, 13 Apr 2007 09:47:01 +0300
> > Igor Stoppa <igor.stoppa at nokia.com> wrote:
> > 
> > 
> > > > Depends on what you mean by 'from scratch'.  If the unit does not have a
> > > > bootloader _at all_, then you need to flash a bootloader via JTAG.  But
> > > > that's mildly convoluted.
> > > 
> > > Serial console is the usual way to go. There is rom code that provides
> > > this facility. Of course a serial programmer (aka flasher) is needed.
> > 
> > Are you telling me that the N770 has a ROM (not EEPROM or FLASH) that allows one to rewrite the Flash no matter how badly you screwed any part of the programmable memory?
> > I'm asking as I have until now been quite cautious in my experiments with the Nokia, knowing that there is a way to recover the device (by my self) would put my mind at ease :)
> > 
> > If it has such a marvellous ROM bootloader, is it by any chance one with any documentation regarding the "protocol"?
> > Something like UBoot would really nice :)
> > 
> I have been digging around and it actually seems that a omap1710 has a boot rom?

It's a feature common to many SoC. I don't know how detailed the
information available in the public TRM is, but i would recommend
googling for web sites devoted to phone hacking.

Note that it's up to you to figure out if tampering with the device at
such level is legal in your country. I really have no clue.

The outcome could be at worst a dead device (not bricked, you can really
kill the processor if you get the connection wrong or exceed the voltage
levels) or anyway a device bricked in such a way that will probably void
the warranty and make it necessary to get it re-flashed by the service

> On some development boards one has to move a jumper for the bootloader to be run (changes the memory map), and it isn't uboot but an iboot/ihost bootloader, capable of flashing over usb?
> Do we have to hold down some button in order for the boot loader to start(at powerup)?

No, i wish it was so simple. Unfortunately the internet tablets have
inherited some legacy features from the phones, features that are
purposefully intended to prevent or at least make it difficult to do a

Incidentally this detail comes in the way of disclosing informations
since they would be useful also for hacking phones (which has
significant legal implications).

> An omap1710 could be seen as an OMAP5912 according to http://focus.ti.com/general/docs/wtbu/wtbusplashcontent.tsp?templateId=6123&contentId=4753
> http://focus.ti.com/docs/prod/folders/print/omap5912.html contains data sheets for this processor
> http://tree.celinuxforum.org/CelfPubWiki/FlashRecoveryUtility seems to be an open source "iboot a like" program to be able to flash an omap cpu over USB.
> The protocol seems quite straight forward

iirc usb flashing requires a different hw configurations (done by
connecting resistors of a certain value to the proper pads)
we should have OMAP configured for serial port so i don't think that
option is viable.

So maybe we have here something to add to the wishlist for maemo, albeit
i'm not sure that it includes hw features.
I think the opinion from the internet tablet hackers would be valuable.

Cheers, Igor

Igor Stoppa <igor.stoppa at nokia.com>
(Nokia Multimedia - CP - OSSO / Helsinki, Finland)

More information about the maemo-developers mailing list