sicelo | we've generally said N900 is unbrickable. what about N9? | 13:54 |
---|---|---|
KotCzarny | n9 bricks by itself thanks to aegis ;) | 13:55 |
sicelo | juiceme: still maintaining ubiboot? | 13:55 |
sicelo | hehe, KotCzarny, i think there was openmode kernel or similar | 13:55 |
joerg | indeed, just I think it still needs the signed initial stage bootloader | 17:29 |
sicelo | so, it should be possible to completely nuke n9 rootfs and use something else, and be able to reflash harmattan later? | 17:33 |
joerg | not sure. The flasher on N9/HARMattan refuses to flash an older firmware version over a new one. So it looks what's on the phone before it starts doing its job. IIRC | 18:14 |
joerg | I never tried flashiung a N9 / harmattan image using a fremantle flasher | 18:15 |
joerg | there might be some never published "vulnerabilities" there, regarding this Aegis PITA | 18:17 |
joerg | and the complete "chain-of-trust" signature infra involved in boot | 18:18 |
joerg | a few months ago I charged battery and powered up my N950, and thought "let's see... opening a shell, and ..." BOOOM already Aegified | 18:20 |
joerg | and honestly, I forgot how to cope with this, and that "this" is exactly the reason why I felt like never again touching harmattan devices, incl the N950 | 18:21 |
joerg | fremantle / CSSU / N810+N900 was basically a user friendly welcoming system. Harmattan (N950 / N9) felt like you were fighting against your device | 18:24 |
joerg | IOW, when I'm tolerating *this* sh.t then I can get better platform: Android | 18:25 |
sixwheeledbeast | I never understood how N9 seemed like an upgrade | 18:29 |
joerg | :nod: | 18:32 |
* joerg should finally sell his N950 as very rare collector's item, for some 1.5k to 2k € | 18:33 | |
joerg | sixwheeledbeast: chck the N9/N950/HARMattan dirs at reisenweber.org | 18:34 |
joerg | wait | 18:34 |
joerg | reisenweber.net of course | 18:35 |
joerg | http://reisenweber.net/950/ http://reisenweber.net/HARM/ | 18:36 |
joerg | http://reisenweber.net/Aegis-kills-device.jpg | 18:39 |
sicelo | or if someone doesn't mind forever breaking harmattan, presumably they could just flash whatever they want, and life goes on? | 18:49 |
joerg | yes | 18:55 |
joerg | I tricked myself into malf by http://reisenweber.net/HARM/N9/openmode_kernel_PR1.1/opensh/ | 18:56 |
joerg | sicelo: however "flash whatever you want" means a) you need to trick the flasher into actually flashing that $whatever image, and b) there's most certainly hardly any drivers for all the tricky hw like camera, modem, you name it | 19:01 |
joerg | for a) there might be another approach: finding the JTAG pins on device internally, to actually directly flash the storage with a flasher device | 19:04 |
joerg | but, you MUST have a Bootloader 1st stage that comes with the right signature done by owner of the privatekey, matching the CPU's mask ROM pubkey | 19:07 |
sicelo | mmm, sounds hectic | 19:07 |
joerg | afaik the SoC won't boot up if the 1st stage bootloader can't get veryfied by ROMBOOT | 19:07 |
sicelo | all that stuff is in NAND, right? | 19:08 |
joerg | I don't know where it is, on N9(50) since you can't even _read_ the partitioning and partition kabels etc | 19:14 |
joerg | labels* | 19:14 |
joerg | but yeah, usually on OMAP it should be in NAND | 19:15 |
joerg | unless it's somewhere else | 19:15 |
sicelo | at least according to n9(50) DTS upstream, it is, https://github.com/torvalds/linux/blob/master/arch/arm/boot/dts/omap3-n950-n9.dtsi#L411-L442 | 19:15 |
joerg | looks about correct, or plausible | 19:18 |
joerg | afk, need shopping | 19:18 |
joerg | BBL | 19:18 |
joerg | gg for "OMAP-BOOT, romboot omap" I found http://www.ti.com/lit/sprab41f which may or may not be applicable to "our" SoC, at least it shows some similar complexity | 20:34 |
joerg | sicelo: https://mg.pov.lt/maemo-irclog/search?q=ROMBL | 20:45 |
joerg | https://mg.pov.lt/maemo-irclog/%23maemo.2012-04-16.log.html#t2012-04-16T01:53:40 | 20:46 |
joerg | https://mg.pov.lt/maemo-irclog/%23maemo.2012-04-16.log.html#t2012-04-16T01:49:59 | 20:49 |
joerg | https://mg.pov.lt/maemo-irclog/%23maemo.2012-04-16.log.html#t2012-04-16T01:53:56 | 20:50 |
sicelo | nice gems of information there! | 20:51 |
joerg | >>DocScrutinizerand I assume the PKI in ROM is per customer?<< >>jacekowskiDocScrutinizer: i couldn't find any info on that<< | 20:52 |
joerg | https://mg.pov.lt/maemo-irclog/%23maemo.2011-11-14.log.html#t2011-11-14T22:30:06 ~aegis | 21:06 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!