DrSchottky Posted August 20, 2018 Posted August 20, 2018 Hi there, I've just got my first H3 board (OPi Zero +2) and I'm interested in learning how boot process works in detail, with a focus on Security ID features. As far I can see there's not that much documentation about S/NBROM (essentially linux-sunxi's Wiki and Allwinner-info git repo) and what's supposed to be H3's NBROM (header 1100, 1100, 1633) looks like slightly different from A10's one (from git) at first glance. Is there anyone here who has already worked on it and/or has info/symbols/pseudocode/whatever might speed up the reversing process? Thank you!
Tido Posted August 21, 2018 Posted August 21, 2018 Hi Schottky, How much do you know already about the boot process with the device tree on ARM devices ?
DrSchottky Posted August 21, 2018 Author Posted August 21, 2018 Hi Tido, I know the basic theory behind DTs, but never wrote one from scratch nor played that much with them
Tido Posted August 21, 2018 Posted August 21, 2018 Here you find a link in the post https://forum.armbian.com/topic/5442-armbian-on-a-custom-board-issues/?do=findComment&comment=41523
DrSchottky Posted August 21, 2018 Author Posted August 21, 2018 Thank you, but I don't get how DTs could help me to understand BROM internals (my goal atm is to understand all the steps from reset vector to BT0/TOC0/FEL)
Tido Posted August 21, 2018 Posted August 21, 2018 10 hours ago, DrSchottky said: in learning how boot process works in detail well, you wrote that. ARM has no BIOS it has Device Tree
tkaiser Posted August 21, 2018 Posted August 21, 2018 10 hours ago, DrSchottky said: Is there anyone here who has already worked on it and/or has info/symbols/pseudocode/whatever might speed up the reversing process? This here is most probably the wrong location to ask for. Armbian is about adding stuff at the distro level and keeping track of kernel changes. We seldomly touch bootloader stuff. If not already done I would better ask in linux-sunxi IRC (remain patient, people are from all timezones and all the regulars read the backlog so it's quite common to get individual answers hours or days later)
DrSchottky Posted August 21, 2018 Author Posted August 21, 2018 12 hours ago, tkaiser said: This here is most probably the wrong location to ask for. Armbian is about adding stuff at the distro level and keeping track of kernel changes. We seldomly touch bootloader stuff. If not already done I would better ask in linux-sunxi IRC (remain patient, people are from all timezones and all the regulars read the backlog so it's quite common to get individual answers hours or days later) Ok, thanks for the hint. Oh, since I haven't found one I made a little tool to dump the bootrom from userspace (tested on Armbian for H2+/H3, but should work on other SoCs too). I leave it here, just in case someone wants to play with this stuff 1
Recommended Posts