How do I build my own boot loader for Qualcomm msm8974?

Greetings I think I may need to build a boot loader for my prototype, which is a s mart phone. It is Samsung Note 3; it has Qualcomm SOC msm8974 based on ARM architecture. I think I may need to do this so I have more freedom on my ac cess to service, which may be limited after the kernel takes over. I like t he group to please provide feedback as to whether this is a worthwhile effo rt, if anyone else has attempted it, *and* if it is even possible. It is my understanding that this platform has a primary boot loader, and then there are three secondary boot loaders. I am not clear as to which one does what ; it is intuitive that the primary does the most preliminary setup tasks. B ut why there are three stages; I have no idea. I also don't know why the st ock rom only comes with the sbl2 ( I am guessing secondary boot loader stag e 2? ). The file extension is mbn; darned if know how to open it so any hel p in this front is greatly appreciated. Like any other human being, I assum e my audience knows some of the items so please let me know if I missed som ething and I'll be glad to elaborate. So in short do you think I am on the right path, or am I completely off path and or for some reason I will run i nto a roadblock? But if I am on the right path, is there a body of work, wh ich I can leverage? By that I mean has anyone tried to port Das U-boot or s ome other boot loader for this platform? And if they have how can I get a c opy of the code or view their advice please? Regards- Sean

Reply to
persspolice
Loading thread data ...

You'll probably get better answers on XDA Developers as there's a decent Qualcomm hacking forum:

formatting link
for instance:
formatting link
(different chip but probably similar - the first few posts are particularly relevant)

Generally, the primary bootloader is just enough to read the secondary bootloader from storage - the primary is ROMmed, while the secondary is in some kind of flash. That means the primary can't be changed after manufacture - bit awkward if there's a bug.

I don't know what the .mbn is without an example (have looked at such firmware images in the past, but don't have the files to hand), but note there is both ARM code and Qualcomm Hexagon DSP code in the filesystem images. The bootloader code may not be for an ARM (indeed the link above suggests it's another processor).

I think this is a pretty hard project: it's a complex SoC, all the documentation is secret, and debugging bootloaders is quite painful (you really need JTAG as a minimum). Plus you're up against TrustZone or whatever the pre-existing bootloader enables.

An alternative idea might be to write your code to look like a Linux kernel and then kexec the existing kernel from there. However if KNOX, TrustZone or whatever are enabled then you won't get around them (without an exploit).

I think 'buy another platform' is the best advice if you can't get access from the kernel.

Theo

Reply to
Theo Markettos

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.