I have compiled kernel for sm-t725 device and flashed it from twrp. The bootloader is unlocked. After restarting the device it boots to twrp again. Then I choose boot to system and it does not boot.
I can't post photo, but it shows samsung label, yellow exclamation point with text "The tablet is not running Samsung official software..." and some other text at the top left corner of the screen that I don't understand:
Current Binary: Custom (0x30E)
FRP LOCK : OFF
OEM LOCK: ON (U)
KG STATUS: CHECKING
WARRANTY VOID : 0x1 (0x0)
RP SWREV : <some number>
QUALCOMM SECUREBOOT: ENABLE
SECURE DOWNLOAD : ENABLE
ENG MODE : DEV DEVICE
DID : <some number>
I wan't simple to build kernel (maybe rebuild stock) before try to change it.
Maybe I compiled it somehow wrong? I got sources from http://opensource.samsung.com/reception.do (search for sm-t725)
I packed kernel with mkbootimg, I also packed the original kernel to boot.img and it boots well, so there can't be mistake.
Maybe something is wrong with security, perhaps vbmeta, but I flashed vbmeta patition by instruction of installing Lineage OS for this device and think that all security mehanisms are disabled.
From recovery I can get /proc/last_kmsg but I don't know what to search for.
I can post it, and also can post kernel config file.
I solved it. I must use proper dts file. So, to get everything work you need to make dtb file
Code:
dtc -I dts -O dtb -f sdm670.dts -o sdm670.dtb
and then append it to kernel
Code:
cat Image.gz sdm670.dtb > zImage.gz-dtb
and after that make boot.img and flash it to boot partition.
Now my compiled kernel boots and works.
Related
I've tried fastboot mode on xt720 and it actually worked. It can flash (without signature check) separate partitions system, userdata... But it seems that it checks signature on boot. It also can flash custom boot.img (kernel + ramdisk) but it can't boot because of sig checks. But the most interesting thing is that it can boot custom boot.img without flashing it. It is achieved with "fastboot boot boot.img" command. So we can run custom kernel without checking it. I've created custom boot.img with custom init.rc and it booted fine. Then I've changed one byte in the stock kernel and it also booted fine (many thanks to #milestone-modding devs). I've tried to build custom kernel but unfortunately I haven't figured out how to configure the build for xt720.
For booting to fastboot mode you should do this steps
1. Connect your phone to PC in debug mode
2. Run the following command
adb reboot bootloader
3. Download fastboot for windows from http://forum.xda-developers.com/showthread.php?t=463627
4. Then you can boot custom boot.img with command
fastboot boot boot.img
what revision of the boot is your phone? it might actually be a solution to booting custom roms, ie. 1st boot original kernel, then a hijack in mot_boot_mode to reboot using fastboot with custom boot.img, and wupti! you got your custom kernel loaded.
maybe the same boot loader works on milestone, as it has been tested upto 90.78 and did not work with fastboot, only developer phones has this enabled.
I had alreay do.. like a 2.6.32.9 kernel for milestone
but it doesn't work to my xt720(kor skt)
In my case I made a boot.img(kernel + ramdisk into original boot.img with hex edit)
it works and memory more available
but display 2.6.29-omap1
kernel & ramdisk from froyoModV1 boot.img
Dexter_nlb said:
what revision of the boot is your phone? it might actually be a solution to booting custom roms, ie. 1st boot original kernel, then a hijack in mot_boot_mode to reboot using fastboot with custom boot.img, and wupti! you got your custom kernel loaded.
maybe the same boot loader works on milestone, as it has been tested upto 90.78 and did not work with fastboot, only developer phones has this enabled.
Click to expand...
Click to collapse
The version of bootloader on xt720 is 80.89, there is a dump of mbm and mbmloader on and-developers, but there is no sbf file.
totoro1233 said:
I had alreay do.. like a 2.6.32.9 kernel for milestone
but it doesn't work to my xt720(kor skt)
In my case I made a boot.img(kernel + ramdisk into original boot.img with hex edit)
it works and memory more available
but display 2.6.29-omap1
kernel & ramdisk from froyoModV1 boot.img
Click to expand...
Click to collapse
There is mkbootimg tool which can make boot.img from kernel and ramdisk. Here is the guide http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
what do you mean by "memory more available" is it more then 256MB? how much is it exactly now?
korean motoroi(xt720) is available memory about 30MB
but lots of memory leak
(kr xt720 have 256MB RAM)
so I try to make a boot.img
prepare file list
original boot.img in xt720 2.6.29-omap1 dump file
boot.img in milestone 2.6.32.9 dump file
you have to split boot.img for milestone to kernel and ramdisk
now you have 2.6.29 boot.img and kernel, ramdisk
open the boot.img, kernel,ramdisk with hex edit program
boot.img : find 00 00 A0 E1 hex code (first item)
if you find, kernel all things copy and paste write to boot.img
boot.img : find 1F 8B 08 00 hex code (last item)
if you find, ramdisk all things copy and paste write to boot.img
and than save custom boot.img and boot possible
p.s
your custom boot.img file have to same MB with origin
I'm using HxD edit program
Thanks for sharing
I would like to try, but my milestone xt720 is bricked Hope that others will try...
totoro1233: you just booted with fastboot boot boot.img or you actually flashed boot.img with fastboot? If you have just booted then after restarting the phone stock kernel is booted.
resar said:
totoro1233: you just booted with fastboot boot boot.img or you actually flashed boot.img with fastboot? If you have just booted then after restarting the phone stock kernel is booted.
Click to expand...
Click to collapse
sorry ..
I had already flashed in GOT recovery(change the script to md5 checking remove)
So does it work??????
Dexter_nlb said:
what revision of the boot is your phone? it might actually be a solution to booting custom roms, ie. 1st boot original kernel, then a hijack in mot_boot_mode to reboot using fastboot with custom boot.img, and wupti! you got your custom kernel loaded.
maybe the same boot loader works on milestone, as it has been tested upto 90.78 and did not work with fastboot, only developer phones has this enabled.
Click to expand...
Click to collapse
Wow, subscribed to this thread, hopefully totoro1233 can provide more files and information as to how he got it to work.
totoro1233 said:
korean motoroi(xt720) is available memory about 30MB
but lots of memory leak
(kr xt720 have 256MB RAM)
so I try to make a boot.img
Click to expand...
Click to collapse
why make a custom boot.img?
- Milestone 2.6.32 kernel + ramdisk is the only parts in the boot.img
- a Custom boot.img with Milestone kernel + ramdisk xt720 is a NO-GO!!!
2.2 froyo require correct services loaded,and thats not gonna happen with a xt720 ramdisk.
- if you think a XT720 kernel + froyo ramdisk, im sure its not gonna free up any memory like that.
So purpose of splitting boot.img and remerging is less to 0 or lower than 0.
Dexter_nlb said:
why make a custom boot.img?
- Milestone 2.6.32 kernel + ramdisk is the only parts in the boot.img
- a Custom boot.img with Milestone kernel + ramdisk xt720 is a NO-GO!!!
2.2 froyo require correct services loaded,and thats not gonna happen with a xt720 ramdisk.
- if you think a XT720 kernel + froyo ramdisk, im sure its not gonna free up any memory like that.
So purpose of splitting boot.img and remerging is less to 0 or lower than 0.
Click to expand...
Click to collapse
Dexter can't we just boot milestone boot.img? If it can boot milestone kernel then maybe it can boot kernel + ramdisk. If not then we must find a way to configure xt720 build configuration.
Here's any idea: Grab any boot.img (the most inappropriate one, like one from some HTC phone), grab the fastboot tool, reboot into fastboot (not the one where you can flash RSDlite!), then:
Code:
fastboot boot boot.img
...if it crashes, then we know it at least tried to boot the file. [EDIT]This means you lucky people can boot custom kernels![/EDIT] Since we aren't doing the flash command (fastboot flash boot boot.img)....
It should be 20000% safe.
[EDIT]I just tried it on my Milestone - I took a boot.img from a Droid rom (bugless beast, to be exact) and unfortunately it didn't transfer at all. Seems like they locked this one down? According to Dexter, they sure did! It would be nice if someone can confirm my findings.
It seems that no one interested to try....
Can anyone try to boot Milestone boot.img?
If you wanna flash tune image, your phone have to stock firmware
If you not than you'll should brick the phone..
In my case also brick my phone
so I had flashed sbf image
In addition fastboot isn't recommanded, fastboot is force flashing not available
Interested to try but it seems that it can brick the phone... So i wait for you to find a way resar..... loool
And sorry but i don t know a thing about boot img so you ll have to explain more what to do....
B_e_n said:
Interested to try but it seems that it can brick the phone... So i wait for you to find a way resar..... loool
And sorry but i don t know a thing about boot img so you ll have to explain more what to do....
Click to expand...
Click to collapse
As Lollipop_Lawlipop said you can just boot custom boot.img(kernel + ramdisk). It won't brick your phone. If it won't boot you can just restart your phone and and it will boot fine. There is no risk in booting boot.img. If you flash boot image it can of course brick your phone, but we don't need to flash.
totoro1233 said:
If you wanna flash tune image, your phone have to stock firmware
If you not than you'll should brick the phone..
In my case also brick my phone
so I had flashed sbf image
In addition fastboot isn't recommanded, fastboot is force flashing not available
Click to expand...
Click to collapse
You can flash only signed images to your phone but fastboot can boot custom image. If the milestone image won't work, we'll have to build custom kernel for xt720, and I'm 90% sure that it'll work.
Will the Samsung bootloader check for the indication from kernel when start ? Not the corresponding version of the don't give you start?
For example, CONFIG_SENSORS_SSP_SHTC1_VER= "GT-I9500" in kerne configuration file and the ro.product.model=SCH-I9500 in.build.prop
Samsumg uses Little Kernel + ABOOT as the OS bootloader. So, no.
It will only check the kernel image signature against the boot certificate chain when SecureBoot is on.
greenboxal said:
Samsumg uses Little Kernel + ABOOT as the OS bootloader. So, no.
It will only check the kernel image signature against the boot certificate chain when SecureBoot is on.
Click to expand...
Click to collapse
What's the kernel image signature against the boot certificate chain?Which part is in open source?
smallcsduck said:
What's the kernel image signature against the boot certificate chain?Which part is in open source?
Click to expand...
Click to collapse
With SecureBoot, all boot images, that's SBL1, SBL2, SBL3, ABOOT, and the kernel, are signed with Samsumg private RSA keys(see link 1). Before booting each image, the previous stage of the bootloader checks the next one with a public key that is embed on the current code.
For your question, the ABOOT image which is based on LK, loads the kernel on memory, and before executing it, checks the signature with the embedded public key that is on ABOOT. I don't really know where are the sources for Samsumg ABOOT, nor if they are public. They should be by LK's GPL license.
See link 2 for information on exploiting SGS4 secure boot and information about LK and ABOOT.
[1]: http://en.wikipedia.org/wiki/RSA_(algorithm)#Signing_messages
[2]: http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html
Hey all.
I was playing around with my old Pixel earlier and I realized that using twrp, as far as from fastboot is concerned, can be loaded: 'fastboot boot twrp.img' while Essential users do 'fastboot flash boot twrp.img'. On an adventure, I tried 'fastboot boot twrp.img' on my Essential, but to no success "FAILED (remote: unknown command)". I've tracked down that fastboot expects a kernel and ramdisk, which is contained in a boot.img. I took a look inside the two img files (stock boot.img, versus twrp_mata_11.img) but I don't really know what I'm looking at. I see a very obvious difference in size for the ramdisk and in the below code the 'cmdline' which, I'm taking an uneducated guess is basically extra arguments sent to the kernel(?) during boot.
So I'm curious, why is it that Pixel can boot without installing over the in-place boot, while Essential must overwrite it? They're both A/B phones.
I'm just asking out of the sake of curiosity. I am here to learn.
Thank you.
actual boot image:
Code:
$ ./bootimg.exe --unpack-bootimg boot.img
arguments: [bootimg file]
bootimg file: boot.img
output: kernel[.gz] ramdisk[.gz] second[.gz]
base: 0x0
ramdisk_addr: 0x1000000
second_addr: 0xf00000
tags_addr: 0x100
page_size: 4096
name: ""
cmdline: "quiet androidboot.hardware=mata user_debug=31 msm_rtb.filter=0x237 ehci-hcd.park=3 lpm_levels.sleep_disabled=1 sched_enable_hmp=1 sched_enable_power_aware=1 service_locator.enable=1 swiotlb=2048 androidboot.configfs=true androidboot.usbcontroller=a800000.dwc3 androidboot.selinux=permissive buildvariant=user veritykeyid=id:84678c054b9c09576bf1ecb156ea6e5e65f52593"
padding_size=4096
arguments: [ramdisk file] [directory]
ramdisk file: ramdisk.gz
directory: initrd
output: cpiolist.txt
compress: True
twrp boot image:
Code:
$ ./bootimg.exe --unpack-bootimg boot.img
arguments: [bootimg file]
bootimg file: boot.img
output: kernel[.gz] ramdisk[.gz] second[.gz]
base: 0x80000000
ramdisk_addr: 0x81000000
second_addr: 0x80f00000
tags_addr: 0x80000100
page_size: 4096
name: ""
cmdline: "androidboot.hardware=mata user_debug=31 ehci-hcd.park=3 lpm_levels.sleep_disabled=1 [email protected] buildvariant=eng"
padding_size=4096
arguments: [ramdisk file] [directory]
ramdisk file: ramdisk.gz
directory: initrd
output: cpiolist.txt
compress: True
What is going on.... Is that with Pixel devices....you BOOT TWRP first on its own sans flashing. Then you install TWRP from within TWRP. Hence, "fastboot boot twrp.img" versus "fastboot flast boot boot.img". On Pixel devices, TWRP gets installed to your A and B ROM firmware slots, whereas on Essential TWRP lives in the boot partition.
At least that is my loose understanding of it.
https://forum.xda-developers.com/pixel-xl/development/twrp-alpha1-pixel-devices-t3500312
Whereas TWRP on Essential is always temporary.
Skripka said:
What is going on.... Is that with Pixel devices....you BOOT TWRP first on its own sans flashing. Then you install TWRP from within TWRP. Hence, "fastboot boot twrp.img" versus "fastboot flast boot boot.img". On Pixel devices, TWRP gets installed to your A and B ROM firmware slots, whereas on Essential TWRP lives in the boot partition.
At least that is my loose understanding of it.
https://forum.xda-developers.com/pixel-xl/development/twrp-alpha1-pixel-devices-t3500312
Whereas TWRP on Essential is always temporary.
Click to expand...
Click to collapse
Thanks for the reply!
Is it then theoretically possible to make a bootable twrp that we don't actually write to Essential boot?
For instance, since twrp is always and forever temporary on the Essential, just for simplicity, wouldn't it be a lot easier to just boot from a "temp twrp boot image" (not actually installing it) to install zips? Then we don't have to redo the stock boot, then custom kernel (if applicable) and then Magisk (if applicable) each time?
Again, just here to learn so if this is not feasible, it is what it is.
Thanks again.
jake5253 said:
Thanks for the reply!
Is it then theoretically possible to make a bootable twrp that we don't actually write to Essential boot?
For instance, since twrp is always and forever temporary on the Essential, just for simplicity, wouldn't it be a lot easier to just boot from a "temp twrp boot image" (not actually installing it) to install zips? Then we don't have to redo the stock boot, then custom kernel (if applicable) and then Magisk (if applicable) each time?
Again, just here to learn so if this is not feasible, it is what it is.
Thanks again.
Click to expand...
Click to collapse
That would be a question for someone who knows a ton more about TWRP than I.
I suspect it has to do with how Essential is partitioned and loads things. But that is just a hunch. Although with for example LineageOS's built-in updater and how Magisk work--there's very little need for regular TWRP access...unlike the Good Old Days even 2 years ago where TWRP was where everything was to do anything firmware related on your phone.
we dont have that command available, which is why it doesnt work.
there is no "fastboot boot" anything available
aer0zer0 said:
we dont have that command available, which is why it doesnt work.
there is no "fastboot boot" anything available
Click to expand...
Click to collapse
I guess I thought 'boot' was an argument as part of the fastboot command on the PC end of things. (Which it probably is, and then fastboot sends whatever commands to the phone which on the Pixel cause it to boot a 'temp image', just doesn't work the same on Essential as it does for others)
I just tried to 'fastboot boot' an actual boot.img and I get the same command failed, so this makes sense; it just doesn't have the ability to boot from an unflashed, temp boot.img... I don't know why I didn't think to test booting an actual boot image before asking.
I just assumed that fastboot was created equally for any phones that allowed fastboot at all.
From my searching, its actually kind of hard to track down any documentation worth reading on fastboot. The best I was able to locate was basically man page for fastboot, which is minimal at best.
Thanks guys for clearing this up!
jake5253 said:
I guess I thought 'boot' was an argument as part of the fastboot command on the PC end of things. (Which it probably is, and then fastboot sends whatever commands to the phone which on the Pixel cause it to boot a 'temp image', just doesn't work the same on Essential as it does for others)
I just tried to 'fastboot boot' an actual boot.img and I get the same command failed, so this makes sense; it just doesn't have the ability to boot from an unflashed, temp boot.img... I don't know why I didn't think to test booting an actual boot image before asking.
I just assumed that fastboot was created equally for any phones that allowed fastboot at all.
From my searching, its actually kind of hard to track down any documentation worth reading on fastboot. The best I was able to locate was basically man page for fastboot, which is minimal at best.
Thanks guys for clearing this up!
Click to expand...
Click to collapse
we have beat that drum at the AMA's to get them to add fastboot boot to the aboot. You should too, since you realize the potential
aer0zer0 said:
we have beat that drum at the AMA's to get them to add fastboot boot to the aboot. You should too, since you realize the potential
Click to expand...
Click to collapse
I always miss the AMAs. If I'm reading the most current plans, it should be the 3rd Wednesday each month, so March 21st? I also see on the latest one, there's a decently up-voted post which suggests adding fastboot boot, amongst other things.
Essential eeven responded with:
I too like to be able to boot a boot.img from memory, and we have this in our backlog, but it just isn't getting any love from our developers given our other priorities. No promises, but it's on our radar.
Click to expand...
Click to collapse
I'll attempt to be a part of the next AMA and push for fastboot boot.
Thanks
Hello.
I would like to use custom kernels with enabled modprobe supporting. But I am afraid to flash third party modules with magisk because of potential data lost or boot loops or something like that.
So I want to loading kernel without flashing with fastboot like a:
Code:
fastboot boot boot.img
However, I don't know why, all custom kernels ditribute with 'zImage' file. Therefore I need to repack boot.img manualy:
Code:
abootimg -x boot.img
(abootimg deb package)
or
Code:
unpack boot.img
(whiteboard[at]ping[at]se/Android/Unmkbootimg)
or
Code:
mkboot boot.img out/
(github[at]com/xiaolu/mkbootimg_tools)
In all cases I have the same result (files have identical md5sum).
But when I try to build boot.img I've obtain not bootable image.
Also I noticed that after rebuilds boot.img lose 100MB:
original boot.img - 128M
new_boot.img - 17M
Also notice, I didn't make anything changes!
Please tell me, what I do wrong?
Thank you.
Code:
ODIN MODE
DOWNLOAD SPEED: FAST
PRODUCT NAME: SM-P610
CURRENT BINARY: Samsung Official
KG STATE : Prenomal (00)
FRP LOCK: OFF
OEM LOCK: OFF (U)
Secure Download : Enabled
CCIC = SM5713
WARRENTY VOID: 1 (0x0303)
RP SWREV: B:2 K:2 S:2
DID = 201ad5cc98435011
EVT 0.3
ECT : PARA003t
LOT_ID = N1W03
CHIP_ID = 1ad5cc984350
LPDDR4 manufacturer = Samsung
LPDDR4 process ver = D1X
LPDDR4 size = 4gb
Only official released binaries are allowed to be flashed($)
$ can be Recovery, Boot, VBMeta, and etc...
I tried Magisk with Full AP.tar and just recovery.img/boot.img, it's same.
I changed Odin version and patch, USB Port, reinstalling drivers, USB Cable, ...
ADB Sideload fails with error 21, fastboot flash command stucks at Sending
I can't fix it, what should I do?
+ I just tried lock it and unlock again, but i can't unlock. Got OEM Locked, OEM Unlocking is gone and KG State became Prenormal.
Also fastboot oem unlock(-go) and flashing unlock not working. (No output)
and can't get any props containing OEM and Unlock.
I see only "Entering fastboot..." in bootloader whatever i do
Your KG state is Prenormal. Follow these instructions; when OEM Unlocking is visible in Developer Options, KG State should show Completed
You may have to manually set your clock ahead one week