OpenIPC
/
wiki
mirror of https://github.com/OpenIPC/wiki.git
1
0
Fork 0
Code Activity

introduce $flashsize for universal macro

pull/74/head
Paul Philippov 2023-02-09 17:43:12 -05:00
parent a693bb56e8
commit b83099dbeb
1 changed files with 136 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

219
en/help-uboot.md
View File

@ -1,31 +1,36 @@
# OpenIPC Wiki # OpenIPC Wiki
[Table of Content](../index.md) [Table of Content](../index.md)
Help: U-boot Help: U-Boot
------------ ------------
### Environment ### Prepare the enviroment
In booloader shell, check if `baseaddr` variable is already defined.
If you get `Too many args` error while trying to set an environment variable,
try to do that from within Linux using `fw_setenv` instead of `setenv` in U-boot.
__U-boot console:__
``` ```
hisilicon # setenv uk 'mw.b 0x82000000 ff 1000000; tftp 0x82000000 uImage.${soc}; sf probe 0; sf erase 0x50000 0x200000; sf write 0x82000000 0x50000 ${filesize}' printenv baseaddr
** Too many args (max. 16) ** ```
If it is not there, set it yourself.
```
# Look up address for your SoC at https://openipc.org/supported-hardware/
setenv baseaddr 0x80600000
```
Assign the hex size of your flash chip to a variable called `flashsize`.
```
# Use 0x800000 for an 8MB flash chip, 0x1000000 for 16MB.
setenv flashsize 0x800000
```
Save these values into the environment afterwards.
```
saveenv
``` ```
__OpenIPC Linux:__ ### Saving original firmware without using TFTP.
```
root@openipc-hi3518ev100:~# fw_setenv uk 'mw.b 0x82000000 ff 1000000; tftp 0x82000000 uImage.${soc}; sf probe 0; sf erase 0x50000 0x200000; sf write 0x82000000 0x50000 ${filesize}'
root@openipc-hi3518ev100:~#
```
### Saving original firmware without using tftp. Before you start, [prepare the enviroment](#prepare-the-enviroment).
In the terminal program you use connect to UART port with, enable saving a log In the terminal program that you use to connect to the UART port, enable saving
file of the session. I like to use `screen` for that, and my command to connect log file of the session. I like to use `screen` for this and my command for
to the UART adapter with logging of the active session into a file would look connect to the UART adapter with logging the active session to a file would look
like this: like this:
``` ```
$ screen -L -Logfile fulldump.log /dev/ttyUSB0 115200 $ screen -L -Logfile fulldump.log /dev/ttyUSB0 115200
@ -35,25 +40,11 @@ After connecting to the bootloader console, run a set of commands for reading
whole amount of data from flash memory chip into RAM, and then dumping it as whole amount of data from flash memory chip into RAM, and then dumping it as
hexadecimal values into terminal window. hexadecimal values into terminal window.
Use hexadecimal notation for addresses, where 0 is 0x0, 8 MB is 0x800000, and
16 MB is 0x1000000.
For reading whole 8 MB flash memory run
``` ```
mw.b 0x82000000 ff 0x800000 mw.b ${baseaddr} 0xff ${flashsize}
sf probe 0 sf probe 0
sf read 0x82000000 0x0 0x800000 sf read ${baseaddr} 0x0 ${flashsize}
md.b 0x82000000 0x800000 md.b ${baseaddr} ${flashsize}
```
and for 16 MB flash memory run
```
mw.b 0x82000000 ff 0x1000000
sf probe 0
sf read 0x82000000 0x0 0x1000000
md.b 0x82000000 0x1000000
``` ```
Since the process of reading is going to take a considerable amount of time Since the process of reading is going to take a considerable amount of time
@ -76,6 +67,8 @@ Use [binwalk](https://github.com/ReFirmLabs/binwalk) to unpack the binary file.
### Saving firmware via SD card. ### Saving firmware via SD card.
Before you start, [prepare the enviroment](#prepare-the-enviroment).
Sometimes your camera only has a wireless connection, which does not work Sometimes your camera only has a wireless connection, which does not work
directly from the bootloader. Very often such cameras have a microSD card slot. directly from the bootloader. Very often such cameras have a microSD card slot.
In this case you can try to save a copy of the original firmware using an In this case you can try to save a copy of the original firmware using an
@ -119,25 +112,20 @@ the RAM of the camera. To do that, clear a section of RAM (0x800000 bytes for a
the entire contents to the prepared space in RAM. Then export the copied data the entire contents to the prepared space in RAM. Then export the copied data
from RAM to the card. from RAM to the card.
NB! In the example below we use the ${baseaddr} assuming it is set in your camera's environment.
If not, then set it yourself. Use numeric value from SoC data sheet, look ip up at the
[automatically generated install instructions](https://openipc.org/supported-hardware),
or seek help on [our Telegram channel][telegram].
Example for 8MB: Example for 8MB:
``` ```
mw.b ${baseaddr} ff 0x800000 mw.b ${baseaddr} ff ${flashsize}
sf probe 0 sf probe 0
sf read ${baseaddr} 0x0 0x800000 sf read ${baseaddr} 0x0 ${flashsize}
mmc write ${baseaddr} 0x10 0x4000 mmc write ${baseaddr} 0x10 0x4000
``` ```
Another example, for 16MB: Another example, for 16MB:
``` ```
mw.b ${baseaddr} ff 0x1000000 mw.b ${baseaddr} ff ${flashsize}
sf probe 0 sf probe 0
sf read ${baseaddr} 0x0 0x1000000 sf read ${baseaddr} 0x0 ${flashsize}
mmc write ${baseaddr} 0x10 0x8000 mmc write ${baseaddr} 0x10 0x8000
``` ```
@ -158,69 +146,112 @@ sudo dd bs=512 skip=16 count=32768 if=/dev/sdc of=./fulldump.bin
### Uploading binary image via serial connection. ### Uploading binary image via serial connection.
There are cameras that only have wireless connection unavailable directly from There are cameras that only have wireless connection unavailable directly from
bootloader. Most of such cameras also have SD card slot but some don't, or it does bootloader. Most of such cameras also have SD card slot but some don't, or it
not work for some reason, or you don't have a card, or something. Anyway, you still does not work for some reason, or you don't have a card, or something. Anyway,
can upload a binary image onto camera and either run it, or save it into the flash you still can upload a binary image onto camera and either run it, or save it
memory. Here's how. into the flash memory. Here's how.
First of all, you'll need to install `lrzsz` package on your desktop computer. First of all, you'll need to install `lrzsz` package on your desktop computer.
I presume it runs Linux and preferrably of a Debian family, that'll be easier on I presume it runs Linux and preferrably of a Debian family, that'll be easier
examples. So, run this command to satisfy prerequisites: on examples. So, run this command to satisfy prerequisites:
``` ```
apt install lrzsz apt install lrzsz
``` ```
Now you are ready. Now you are ready.
Place the binary file you are going to upload into the same directory where you will Place the binary file you are going to upload into the same directory where you
be starting a `screen` session to your camera from. Start the session and boot into will be starting a `screen` session to your camera from. Start the session and
the bootloader console interrupting booting routine with a key combo. boot into the bootloader console interrupting booting routine with a key combo.
Now you can run `help` and check what data transfer protocols are supported by
your version of bootloader. If you see `loady` in the list of commands, then
you can use ymodem protocol. Run `loady` on you camera, then press `Ctrl-a`
followed by `:` (semi-colon). It will switch you into command line at the very
bottom of the screen.
Now you can run `help` and check what data transfer protocols are supported by your
version of bootloader. If you see `loady` in the list of commands, then you can use
ymodem protocol. Run `loady` on you camera, then press `Ctrl-a` followed by `:`
(semi-colon). It will switch you into command line at the very bottom of the screen.
Enter `exec !! sz --ymodem filename.bin` where _filename.bin_ and see your file Enter `exec !! sz --ymodem filename.bin` where _filename.bin_ and see your file
uploading via serial connection. At 115200 bps. Slow, very slow. uploading via serial connection. At 115200 bps. Slow, very slow.
After the file is uploaded, you can do the usual magic. Either boot from the memory After the file is uploaded, you can do the usual magic. Either boot from the
image right away using `bootm`, or write it into the flash memory. memory image right away using `bootm`, or write it into the flash memory.
### Flashing full image via serial connection
Before you start, [prepare the enviroment](#prepare-the-enviroment).
Download the full firmware binary for your SoC and flash chip from
[OpenIPC web site](https://openipc.org/supported-hardware/) after submitting the
settings form and clicking the link hidden under "Alternative method" button.
![](../images/firmware-full-binary-link.webp)
Open `screen` and connect to UART port.
```
screen /dev/ttyUSB0 115200
```
Sign in into bootloader shell and run:
```
mw.b ${baseaddr} 0xff ${flashsize}
loady
```
press "Ctrl-a" followed by ":", then type
```
exec !! sz --ymodem fullimage.bin
```
after the image is loaded, continue
```
sf probe 0
sf erase 0x0 ${flashsize}
sf write ${baseaddr} 0x0 ${filesize}
```
### Reading binary image from SD card. ### Reading binary image from SD card.
If your camera supports SD card and you have `fatload` command in bootloader, then Before you start, [prepare the enviroment](#prepare-the-enviroment).
you can read firmware binary files from an SD card.
First, prepage the card: format it into FAT filesystem and place bootloader, kernel, If your camera supports SD card and you have `fatload` command in bootloader,
and rootsf binary files there. Insert the card into camera and boot into bootloader then you can read firmware binary files from an SD card.
console.
First, prepage the card: format it into FAT filesystem and place bootloader,
kernel, and rootsf binary files there. Insert the card into camera and boot
into bootloader console.
Check that you have access to the card. Check that you have access to the card.
``` ```
mmc rescan mmc rescan
``` ```
Then unlock access to flash memory and start writing content of the files from the card Then unlock access to flash memory and start writing content of the files from
into the flash memory. the card into the flash memory.
NB! Please note that load address and names of files used in this example not necessarily NB! Please note that load address and names of files used in this example not
match those for your particular camera. Consult documentation, or seek help on [our Telegram channel][telegram]. necessarily match those for your particular camera. Consult documentation, or
seek help on [our Telegram channel][telegram].
Flash bootloader.
``` ```
mw.b ${baseaddr} 0xff 0x50000
sf probe 0 sf probe 0
mw.b 0x80600000 ff 1000000
sf erase 0x0 0x50000 sf erase 0x0 0x50000
fatload mmc 0:1 0x80600000 u-boot-with-spl.bin fatload mmc 0:1 ${baseaddr} u-boot-with-spl.bin
sf write 0x80600000 0x0 ${filesize} sf write ${baseaddr} 0x0 ${filesize}
```
mw.b 0x80600000 ff 1000000 Flash kernel.
```
mw.b ${baseaddr} 0xff 0x200000
sf probe 0
sf erase 0x50000 0x200000 sf erase 0x50000 0x200000
fatload mmc 0:1 0x80600000 uimage.t31 fatload mmc 0:1 ${baseaddr} uimage.${soc}
sf write 0x80600000 0x50000 ${filesize} sf write ${baseaddr} 0x50000 ${filesize}
```
mw.b 0x80600000 ff 1000000 Flash root filesystem.
```
mw.b ${baseaddr} 0xff 0x500000
sf probe 0
sf erase 0x250000 0x500000 sf erase 0x250000 0x500000
fatload mmc 0:1 0x80600000 rootfs.squashfs.t31 fatload mmc 0:1 ${baseaddr} rootfs.squashfs.${soc}
sf write 0x80600000 0x250000 ${filesize} sf write ${baseaddr} 0x250000 ${filesize}
``` ```
### Bypassing password-protected bootloader. ### Bypassing password-protected bootloader.
@ -245,17 +276,37 @@ bootloader, you could install the OpenIPC firmware in a regular way.
#### Side-loading unlocked bootloader. #### Side-loading unlocked bootloader.
Modern cameras utilize fastboot protocol that allows camera to sideload a bootloader Many modern cameras utilize fastboot protocol that allows camera to load a
into memory and then run it from there. Check if [burn](https://github.com/OpenIPC/burn) bootloader binary code directly into memory and then run it from there.
utility supports your SoC. Check if our [burn utility][burn] supports your camera's SoC.
#### Modifying stock firmware. #### Modifying stock firmware.
One way to bypass the bootloader protection is to dump original firmware and replace One way to bypass the bootloader protection is to dump original firmware and
bootloader there with an unlocked alternative. Or you could flash the entire OpenIPC replace bootloader there with an unlocked alternative. Or you could flash the
firmware since you have the chip in the programmer, anyway. entire OpenIPC firmware since you have the chip in the programmer, anyway.
__DO NOT FORGET TO MAKE A BACKUP OF YOUR ORIGINAL FIRMWARE!__ __DO NOT FORGET TO MAKE A BACKUP OF YOUR ORIGINAL FIRMWARE!__
## Troubleshooting
Before you start, [prepare the enviroment](#prepare-the-enviroment).
If you get `Too many args` error while trying to set an environment variable,
try to do that from within Linux using `fw_setenv` instead of `setenv` in U-boot.
__U-boot console:__
```
hisilicon # setenv uk 'mw.b ${baseaddr} 0xff ${flashsize}; tftp ${baseaddr} uImage.${soc}; sf probe 0; sf erase 0x50000 0x200000; sf write ${baseaddr} 0x50000 ${filesize}'
** Too many args (max. 16) **
```
__OpenIPC Linux:__
```
root@openipc-hi3518ev100:~# fw_setenv uk 'mw.b ${baseaddr} 0xff ${flashsize}; tftp ${baseaddr} uImage.${soc}; sf probe 0; sf erase 0x50000 0x200000; sf write ${baseaddr} 0x50000 ${filesize}'
```
[burn]: https://github.com/OpenIPC/burn
[telegram]: https://t.me/OpenIPC [telegram]: https://t.me/OpenIPC