EmbeddedRelated.com
Forums
The 2024 Embedded Online Conference
   Forums    More Forums    comp.arch.embedded  

How do I build my own boot loader for Qualcomm msm8974?

Started by Unknown July 7, 2015
Greetings
   I think I may need to build a boot loader for my prototype, which is a smart phone. It is Samsung Note 3; it has Qualcomm SOC msm8974 based on ARM architecture. I think I may need to do this so I have more freedom on my access to service, which may be limited after the kernel takes over. I like the group to please provide feedback as to whether this is a worthwhile effort, if anyone else has attempted it, *and* if it is even possible. It is my understanding that this platform has a primary boot loader, and then there are three secondary boot loaders. I am not clear as to which one does what; it is intuitive that the primary does the most preliminary setup tasks. But why there are three stages; I have no idea. I also don't know why the stock rom only comes with the sbl2 ( I am guessing secondary boot loader stage 2? ). The file extension is mbn; darned if know how to open it so any help in this front is greatly appreciated. Like any other human being, I assume my audience knows some of the items so please let me know if I missed something and I'll be glad to elaborate. So in short do you think I am on the right path, or am I completely off path and or for some reason I will run into a roadblock? But if I am on the right path, is there a body of work, which I can leverage? By that I mean has anyone tried to port Das U-boot or some other boot loader for this platform? And if they have how can I get a copy of the code or view their advice please? 
Regards-
Sean
Reply by Theo Markettos July 8, 20152015-07-08
persspolice@gmail.com wrote:

> Greetings
>    I think I may need to build a boot loader for my prototype, which is a
> smart phone.  It is Samsung Note 3; it has Qualcomm SOC msm8974 based on
> ARM architecture.  I think I may need to do this so I have more freedom on
> my access to service, which may be limited after the kernel takes over.  I
> like the group to please provide feedback as to whether this is a
> worthwhile effort, if anyone else has attempted it, *and* if it is even
> possible.  It is my understanding that this platform has a primary boot
> loader, and then there are three secondary boot loaders.  I am not clear
> as to which one does what; it is intuitive that the primary does the most
> preliminary setup tasks.  But why there are three stages; I have no idea. 
> I also don't know why the stock rom only comes with the sbl2 ( I am
> guessing secondary boot loader stage 2?  ).  The file extension is mbn;
> darned if know how to open it so any help in this front is greatly
> appreciated.  Like any other human being, I assume my audience knows some
> of the items so please let me know if I missed something and I'll be glad
> to elaborate.  So in short do you think I am on the right path, or am I
> completely off path and or for some reason I will run into a roadblock? 
> But if I am on the right path, is there a body of work, which I can
> leverage?  By that I mean has anyone tried to port Das U-boot or some
> other boot loader for this platform?  And if they have how can I get a
> copy of the code or view their advice please?


You'll probably get better answers on XDA Developers as there's a decent
Qualcomm hacking forum:
http://forum.xda-developers.com/hardware-hacking/hardware
for instance:
http://forum.xda-developers.com/showthread.php?t=1856327
(different chip but probably similar - the first few posts are particularly
relevant)

Generally, the primary bootloader is just enough to read the secondary
bootloader from storage - the primary is ROMmed, while the secondary is in
some kind of flash.  That means the primary can't be changed after
manufacture - bit awkward if there's a bug.

I don't know what the .mbn is without an example (have looked at such
firmware images in the past, but don't have the files to hand), but note
there is both ARM code and Qualcomm Hexagon DSP code in the filesystem
images.  The bootloader code may not be for an ARM (indeed the link above
suggests it's another processor).

I think this is a pretty hard project: it's a complex SoC, all the
documentation is secret, and debugging bootloaders is quite painful (you
really need JTAG as a minimum).  Plus you're up against TrustZone or
whatever the pre-existing bootloader enables.

An alternative idea might be to write your code to look like a Linux kernel
and then kexec the existing kernel from there.  However if KNOX, TrustZone
or whatever are enabled then you won't get around them (without an exploit).

I think 'buy another platform' is the best advice if you can't get access
from the kernel.

Theo
You might also like... (promoted content)
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
Check out Memfault's New Sandbox!
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
The 2024 Embedded Online Conference - Register Early and Save with Promo Code ER2024!
Upcoming Course - Python Applications for Digital Design and Signal Processing
Upcoming Course - Python Applications for Digital Design and Signal Processing
Upcoming Course - Python Applications for Digital Design and Signal Processing
The 2024 Embedded Online Conference