ShaRose Posted June 22, 2019 Posted June 22, 2019 I'm still running binwalk over stuff, but I was looking over a log of normal boot (from the hard drive) and I noticed it actually prints out a memory address for what I'm looking for: I tried to copy it out with dd, but it doesn't seem to have resulted in valid results (At least according to file). Here's the log: ## Flattened Device Tree blob at 01f00000 Booting using the fdt blob at 0x1f00000 reserving fdt memory region: addr=0 size=30000 reserving fdt memory region: addr=1f000 size=1000 reserving fdt memory region: addr=30000 size=d0000 reserving fdt memory region: addr=1b00000 size=400000 reserving fdt memory region: addr=1ffe000 size=4000 reserving fdt memory region: addr=10000000 size=14000 reserving fdt memory region: addr=2200000 size=400000 reserving fdt memory region: addr=3200000 size=b800000 reserving fdt memory region: addr=2600000 size=c00000 reserving fdt memory region: addr=11000000 size=3c00000 Using Device Tree in place at 0000000001f00000, end 0000000001f122aa I tried copying it out with dd if=/dev/sdf$i bs=1 seek=32505856 count=74410 of=test$i.dtb with a loop: I also used the drive itself, but I feel like it's probably using an image and using memory addresses. Not sure how I'd be able to find out how to get it though. 0 Quote
danman Posted June 22, 2019 Posted June 22, 2019 @ShaRose, try following: strings -t x <your_image> | grep rtd129x-usb2phy you should find an aproximate location of your DTB. 0 Quote
ShaRose Posted June 22, 2019 Posted June 22, 2019 Wouldn't that fail if it was compressed though? 0 Quote
danman Posted June 22, 2019 Posted June 22, 2019 For me it works, let's assume it's not compressed. If it is, binwalk should find tar, gzip, xz or something.... these have signatures. 0 Quote
Staars Posted June 22, 2019 Author Posted June 22, 2019 Meanwhile I downloaded the 12GB-GPL-Package from WD and it contains a lot of stuff. I suppose one of the DTB's with the WD-prefix could be usable for @ShaRose. The rest of the kernel-4.1.17-tree should not be that helpful. I will add them to my kernel repo, but maybe you can test it before. The second interesting thing could be the bootloader-folder, but I still have to digest it. 0 Quote
ShaRose Posted June 22, 2019 Posted June 22, 2019 3 hours ago, Staars said: Meanwhile I downloaded the 12GB-GPL-Package from WD and it contains a lot of stuff. I suppose one of the DTB's with the WD-prefix could be usable for @ShaRose. The rest of the kernel-4.1.17-tree should not be that helpful. I will add them to my kernel repo, but maybe you can test it before. The second interesting thing could be the bootloader-folder, but I still have to digest it. I found the wd-monarch-1GB.dts file, but I wasn't able to compile it: I'm assuming it has a bunch of preprocessor things to do during compilation, but the compile script wipes it away each time. Not really sure how I'd be able to compile it into a dtb. EDIT: Never mind, just realized I could just compile the WD kernel and grab the dtb files from that. Sadly, it still doesn't work, either for wd-monarch-1GB.dtb or wd-monarch-1GB.SATA.dtb. Maybe it needs to be built along with the kernel I'm actually using? Not really sure. I'll try a few other dtb files. EDIT 2: Ok, as somewhat expected, nothing works: but it seems the most correct one is wd-monarch-1gb.sata.dtb from checking the logs. wd-monarch-1gb.dtb had an additional error, which is kind of my baseline at this point. Here's the logs for that one (After it does usb scanning and stuff): reading boot/vmlinuz-4.9.181-rtd1295 Filesize: 8249990 bytes 8249990 bytes Size: 8249990, got: 8249990 8249990 bytes read (take 525ms) reading boot/dtb-4.9.181-rtd1295/realtek/rtd129x/wd-monarch-1gb.sata.dtb Filesize: 62123 bytes 62123 bytes Size: 62123, got: 62123 62123 bytes read (take 211ms) libfdt fdt_path_offset() returned FDT_ERR_NOTFOUND Info: Try to add new node /factory... ***************************************** factory { bootstate = "3"; bna = "0"; nbr = "B"; cbr = "B"; ver = "4.1.4"; serial = "CENSORED"; ipaddr = "192.168.100.1"; ethaddr = "00:00:00:00:00:00"; }; ***************************************** EXPORT ENV AT 0x10000000, ENV size info:0x00002000,0x00001ffc,0x00000004 rtk_preload_bootimages_spi : header info 0x00000600 0x00067440 0x00010b00 0x00000000 0x00005040 0x00000000 0x00000000 0x00026360 0x00000000 rtk_preload_bootimages_spi : load U-Boot 64 from 0x8819de60 to 0x01500000 with size 0x00026360 rtk_preload_bootimages_spi : load BL31 from 0x88198e00 to 0x10120000 with size 0x00005040 copy_2nd_bootloader_and_run : src:0x01500000, dst:0x00021000, size:0x00028000 Jumping to 2nd bootloader... U-Boot 2015.07-g5a4a178-dirty (Jun 22 2016 - 11:33:46 +0800) CPU : Cortex-A53 Quad Core Board: Realtek QA Board [ERR] get_accessible_ddr_size: hw setting error. (impossible value 0x0) [ERR] Fall back to using CONFIG_SYS_RAM_DCU1_SIZE DRAM: 1 GiB mapping memory 0x20000000-0x40000000 non-cached In: serial Out: serial Err: serial Hit any key to stop autoboot: 0 Unknown command 'usb' - try 'help' rtk_plat_set_fw not port yet, use default configs Not raw Image, Starting Decompress Image.gz... ## Flattened Device Tree blob at 01f00000 Booting using the fdt blob at 0x1f00000 reserving fdt memory region: addr=0 size=30000 reserving fdt memory region: addr=1f000 size=1000 reserving fdt memory region: addr=30000 size=d0000 reserving fdt memory region: addr=1b00000 size=400000 reserving fdt memory region: addr=1ffe000 size=4000 reserving fdt memory region: addr=10000000 size=14000 reserving fdt memory region: addr=2200000 size=400000 reserving fdt memory region: addr=3200000 size=b800000 reserving fdt memory region: addr=2600000 size=c00000 reserving fdt memory region: addr=11000000 size=3c00000 Using Device Tree in place at 0000000001f00000, end 0000000001f122aa Bring UP slave CPUs Starting Kernel ... [ 0.000000] Booting Linux on physical CPU 0x0 [ 0.000000] Linux version 4.9.181-rtd1295 (root@build-virtual-machine) (gcc version 7.4.1 20181213 [linaro-7.4-2019.02 revision 56ec6f6b99cc167ff0c2f8e1a2eed33b1edc85d4] (Linaro GCC 7.4-2019.02) ) #1 SMP PREEMPT Thu Jun 20 20:31:22 NDT 2019 [ 0.000000] Boot CPU: AArch64 Processor [410fd034] [ 0.000000] DT: logo_start_addr 0x0, size 0x0 [ 0.000000] DT: of_cma_info.region_enable 1 [ 0.000000] DT: saving_section_page_table 0 [ 0.000000] earlycon: uart8250 at MMIO32 0x0000000098007800 (options '') [ 0.000000] bootconsole [uart8250] enabled [ 0.000000] efi: Getting EFI parameters from FDT: [ 0.000000] efi: UEFI not found. [ 0.000000] cma: fdt region 0 [ 0.000000] cma: size 0x0000000002000000, base 0x0000000020000000, fixed(1) [ 0.000000] cma: Reserved 32 MiB at 0x0000000020000000 [ 0.000000] missing or invalid resume-entry-addr property [ 0.000000] missing or invalid resume-entry-addr property [ 0.000000] missing or invalid resume-entry-addr property [ 0.000000] percpu: Embedded 22 pages/cpu s53144 r8192 d28776 u90112 [ 0.000000] Detected VIPT I-cache on CPU0 [ 0.000000] CPU features: enabling workaround for ARM erratum 845719 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 257536 [ 0.000000] Kernel command line: earlycon=uart8250,mmio32,0x98007800 console=ttyS0,115200 noinitrd root=/dev/mmcblk0p1 rootfs=ext4 init=/sbin/init [ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes) [ 0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes) [ 0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes) [ 0.000000] Memory: 704360K/1046528K available (12540K kernel code, 1682K rwdata, 3612K rodata, 1152K init, 488K bss, 309400K reserved, 32768K cma-reserved) [ 0.000000] Virtual kernel memory layout: [ 0.000000] modules : 0xffffff8000000000 - 0xffffff8008000000 ( 128 MB) [ 0.000000] vmalloc : 0xffffff8008000000 - 0xffffffbebfff0000 ( 250 GB) [ 0.000000] .text : 0xffffff8008280000 - 0xffffff8008ec0000 ( 12544 KB) [ 0.000000] .rodata : 0xffffff8008ec0000 - 0xffffff8009250000 ( 3648 KB) [ 0.000000] .init : 0xffffff8009250000 - 0xffffff8009370000 ( 1152 KB) [ 0.000000] .data : 0xffffff8009370000 - 0xffffff8009514a00 ( 1683 KB) [ 0.000000] .bss : 0xffffff8009514a00 - 0xffffff800958eb7c ( 489 KB) [ 0.000000] fixed : 0xffffffbefe7fb000 - 0xffffffbefec00000 ( 4116 KB) [ 0.000000] PCI I/O : 0xffffffbefee00000 - 0xffffffbeffe00000 ( 16 MB) [ 0.000000] vmemmap : 0xffffffbf00000000 - 0xffffffc000000000 ( 4 GB maximum) [ 0.000000] 0xffffffbf00000000 - 0xffffffbf01000000 ( 16 MB actual) [ 0.000000] memory : 0xffffffc000000000 - 0xffffffc040000000 ( 1024 MB) [ 0.000000] Preemptible hierarchical RCU implementation. [ 0.000000] Build-time adjustment of leaf fanout to 64. [ 0.000000] RCU restricting CPUs from NR_CPUS=4 to nr_cpu_ids=1. [ 0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=64, nr_cpu_ids=1 [ 0.000000] NR_IRQS:64 nr_irqs:64 0 [ 0.000000] arm_arch_timer: Architected cp15 timer(s) running at 27.00MHz (phys). [ 0.000000] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0x63a1e71a3, max_idle_ns: 440795203123 ns [ 0.000006] sched_clock: 56 bits at 27MHz, resolution 37ns, wraps every 4398046511093ns [ 0.009201] rmem_count: 1 [ 0.013124] [ 0.014798] rsvmem_remap 143, rmem->name ramoops_mem [ 0.021374] rsvmem_remap 147, no compatible prop [ 0.027954] Console: colour dummy device 80x25 [ 0.032992] Calibrating delay loop (skipped), value calculated using timer frequency.. 54.00 BogoMIPS (lpj=108000) [ 0.044670] pid_max: default: 32768 minimum: 301 [ 0.050043] Security Framework initialized [ 0.054673] SELinux: Initializing. [ 0.058749] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes) [ 0.066316] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes) [ 0.075286] ftrace: allocating 40059 entries in 157 pages [ 0.199328] sched-energy: CPU device node has no sched-energy-costs [ 0.206445] Invalid sched_group_energy for CPU0 [ 0.211566] CPU0: update cpu_capacity 1024 [ 0.216203] ASID allocator initialised with 32768 entries [ 0.257861] EFI services will not be available. [ 0.271040] Brought up 1 CPUs [ 0.274382] SMP: Total of 1 processors activated. [ 0.279719] CPU features: detected feature: 32-bit EL0 Support [ 0.286310] CPU features: detected feature: Kernel page table isolation (KPTI) [ 0.297850] CPU: All CPU(s) started at EL2 [ 0.302498] alternatives: patching kernel code [ 0.307778] Invalid sched_group_energy for CPU0 [ 0.312905] CPU0: update max cpu_capacity 1024 [ 0.317926] Invalid sched_group_energy for Cluster0 [ 0.324207] devtmpfs: initialized [ 0.352378] DMI not present or invalid. [ 0.357186] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns [ 0.368238] futex hash table entries: 256 (order: 3, 32768 bytes) [ 0.377289] pinctrl core: initialized pinctrl subsystem [ 0.385487] NET: Registered protocol family 16 [ 0.402737] cpuidle: using governor ladder [ 0.419434] cpuidle: using governor menu [ 0.424155] vdso: 2 pages (1 code @ ffffff8008ec7000, 1 data @ ffffff8009374000) [ 0.432519] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers. [ 0.441794] DMA: preallocated 256 KiB pool for atomic allocations [ 0.449380] rst-control : base ffffff800804b600, offset 0xb4 [ 0.455880] ****** rtk_lockapi_init 620, chip: id=0x00000000, revision=0x00010000 [ 0.471873] gpiochip_add_data: GPIOs 0..100 (rtk_misc_gpio) failed to register [ 0.480349] [drivers/gpio/gpio-rtd129x.c] rtk_gpio_probe line: 844 [ 0.493472] [GPIO] set_default_gpio: Could not get gpio from of [ 0.500234] [GPIO] set_default_gpio: Could not get gpio from of [ 0.507567] gpiochip_add_data: GPIOs 101..135 (rtk_iso_gpio) failed to register [ 0.515931] [drivers/gpio/gpio-rtd129x.c] rtk_gpio_probe line: 844 [ 0.525116] [GPIO] No default gpio need to set [ 0.540036] [RTK_SB2_DBG] Info 0x10000 [ 0.544457] [RTK_SB2_DBG] memory monitor 0x98013b00 - 0x98013c00 [ 0.551418] [RTK_SB2_DBG] initialized [ 0.668278] ACPI: Interpreter disabled. [ 0.673084] Unable to handle kernel NULL pointer dereference at virtual address 000000d4 [ 0.682335] [00000000000000d4] user address but active_mm is swapper [ 0.689550] Internal error: Oops: 96000045 [#1] PREEMPT SMP [ 0.695824] Modules linked in: [ 0.699268] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.181-rtd1295 #1 [ 0.706809] Hardware name: Realtek_RTD1295 (DT) [ 0.711909] task: ffffffc0222dcd80 task.stack: ffffffc0222e0000 [ 0.718581] PC is at acpu_set_flag+0x50/0xb0 [ 0.723388] LR is at acpu_set_flag+0x3c/0xb0 [ 0.728194] pc : [<ffffff8008762a70>] lr : [<ffffff8008762a5c>] pstate: 80000045 [ 0.736521] sp : ffffffc0222e3d00 [ 0.740249] x29: ffffffc0222e3d00 x28: ffffff8009324c90 [ 0.746234] x27: 0000000000000005 x26: ffffff80092be7b0 [ 0.752219] x25: ffffff8009518000 x24: ffffff8009250468 [ 0.758204] x23: ffffff8009242330 x22: ffffff800956c000 [ 0.764188] x21: 00000000000000d4 x20: 0000000000000000 [ 0.770171] x19: 0000000000000000 x18: 0000000000000000 [ 0.776154] x17: 0000000000000000 x16: 000000000000000e [ 0.782137] x15: ffffffffffffffff x14: ffffffffffffffff [ 0.788121] x13: ffffffffffffffff x12: 0000000000000008 [ 0.794104] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f [ 0.800087] x9 : fefefefefefeff64 x8 : 7f7f7f7f7f7f7f7f [ 0.806072] x7 : 616e716f6e737460 x6 : 0080808080808080 [ 0.812054] x5 : 0000000000000000 x4 : ffffffffffffffff [ 0.818038] x3 : 0000000000000000 x2 : 00000000000000d4 [ 0.824020] x1 : 0000000000000200 x0 : 0000000000000000 [ 0.830004] [ 0.830004] SP: 0xffffffc0222e3c80: [ 0.835591] 3c80 0956c000 ffffff80 09242330 ffffff80 09250468 ffffff80 09518000 ffffff80 [ 0.844830] 3ca0 092be7b0 ffffff80 00000005 00000000 09324c90 ffffff80 222e3d00 ffffffc0 [ 0.854064] 3cc0 08762a5c ffffff80 222e3d00 ffffffc0 08762a70 ffffff80 80000045 00000000 [ 0.863298] 3ce0 222e3d00 ffffffc0 08762a4c ffffff80 ffffffff ffffffff 08762a5c ffffff80 [ 0.872533] 3d00 222e3d30 ffffffc0 0928a820 ffffff80 0928a7f0 ffffff80 090fa000 ffffff80 [ 0.881768] 3d20 0956c760 ffffff80 08678624 ffffff80 222e3dd0 ffffffc0 08283c3c ffffff80 [ 0.891001] 3d40 0928a7f0 ffffff80 00000000 00000000 222dcd80 ffffffc0 092be7d0 ffffff80 [ 0.900237] 3d60 09242330 ffffff80 09250468 ffffff80 09518000 ffffff80 092be7b0 ffffff80 [ 0.909491] [ 0.909491] X29: 0xffffffc0222e3c80: [ 0.915176] 3c80 0956c000 ffffff80 09242330 ffffff80 09250468 ffffff80 09518000 ffffff80 [ 0.924411] 3ca0 092be7b0 ffffff80 00000005 00000000 09324c90 ffffff80 222e3d00 ffffffc0 [ 0.933645] 3cc0 08762a5c ffffff80 222e3d00 ffffffc0 08762a70 ffffff80 80000045 00000000 [ 0.942881] 3ce0 222e3d00 ffffffc0 08762a4c ffffff80 ffffffff ffffffff 08762a5c ffffff80 [ 0.952114] 3d00 222e3d30 ffffffc0 0928a820 ffffff80 0928a7f0 ffffff80 090fa000 ffffff80 [ 0.961346] 3d20 0956c760 ffffff80 08678624 ffffff80 222e3dd0 ffffffc0 08283c3c ffffff80 [ 0.970583] 3d40 0928a7f0 ffffff80 00000000 00000000 222dcd80 ffffffc0 092be7d0 ffffff80 [ 0.979818] 3d60 09242330 ffffff80 09250468 ffffff80 09518000 ffffff80 092be7b0 ffffff80 [ 0.989053] [ 0.990726] Process swapper/0 (pid: 1, stack limit = 0xffffffc0222e0000) [ 0.998273] Stack: (0xffffffc0222e3d00 to 0xffffffc0222e4000) [ 1.004745] 3d00: ffffffc0222e3d30 ffffff800928a820 ffffff800928a7f0 ffffff80090fa000 [ 1.013565] 3d20: ffffff800956c760 ffffff8008678624 ffffffc0222e3dd0 ffffff8008283c3c [ 1.022385] 3d40: ffffff800928a7f0 0000000000000000 ffffffc0222dcd80 ffffff80092be7d0 [ 1.031206] 3d60: ffffff8009242330 ffffff8009250468 ffffff8009518000 ffffff80092be7b0 [ 1.040028] 3d80: 0000000000000005 ffffff8009324c90 ffffff80092890b4 0000000000000000 [ 1.048851] 3da0: ffffffc0222dcd80 ffffff80092be7d0 ffffff8009242330 ffffff8009250468 [ 1.057672] 3dc0: ffffffc0222e3dd0 ffffff8008283c3c ffffffc0222e3e40 ffffff8009250cec [ 1.066492] 3de0: 00000000000001aa ffffff8009518000 0000000000000004 ffffff80092be7b0 [ 1.075314] 3e00: 0000000000000000 ffffff8009324b80 ffffff80093913c8 0000000000000000 [ 1.084134] 3e20: 0000000000000000 ffffff80090a8d78 0000000400000004 ffffff80090a1058 [ 1.092956] 3e40: ffffffc0222e3ea0 ffffff8008eaced0 ffffff8008eaceb8 0000000000000000 [ 1.101776] 3e60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.110597] 3e80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.119417] 3ea0: 0000000000000000 ffffff8008283980 ffffff8008eaceb8 0000000000000000 [ 1.128236] 3ec0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.137056] 3ee0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.145877] 3f00: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.154696] 3f20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.163515] 3f40: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.172335] 3f60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.181156] 3f80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.189976] 3fa0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.198796] 3fc0: 0000000000000000 0000000000000005 0000000000000000 0000000000000000 [ 1.207615] 3fe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 1.216432] Call trace: [ 1.219183] Exception stack(0xffffffc0222e3b30 to 0xffffffc0222e3c60) [ 1.226435] 3b20: 0000000000000000 0000007fffffffff [ 1.235257] 3b40: ffffffc0222e3d00 ffffff8008762a70 ffffff80095685d8 0000000000000001 [ 1.244077] 3b60: ffffffc02222f590 ffffff8009555000 0000000080000000 00000000024000c0 [ 1.252898] 3b80: 0000000000000040 ffffff80092be7b0 ffffffc0222e3bb0 ffffff8008eb3454 [ 1.261720] 3ba0: 0000000000000040 ffffffc02229a8f0 ffffffc0222e3bd0 ffffff8008676ee8 [ 1.270540] 3bc0: ffffff80095685d8 0000000000000001 0000000000000000 0000000000000200 [ 1.279361] 3be0: 00000000000000d4 0000000000000000 ffffffffffffffff 0000000000000000 [ 1.288182] 3c00: 0080808080808080 616e716f6e737460 7f7f7f7f7f7f7f7f fefefefefefeff64 [ 1.297004] 3c20: 7f7f7f7f7f7f7f7f 0101010101010101 0000000000000008 ffffffffffffffff [ 1.305823] 3c40: ffffffffffffffff ffffffffffffffff 000000000000000e 0000000000000000 [ 1.314646] [<ffffff8008762a70>] acpu_set_flag+0x50/0xb0 [ 1.320634] [<ffffff800928a820>] rtk_suspend_init+0x30/0x80c [ 1.327010] [<ffffff8008283c3c>] do_one_initcall+0x44/0x130 [ 1.333289] [<ffffff8009250cec>] kernel_init_freeable+0x190/0x234 [ 1.340151] [<ffffff8008eaced0>] kernel_init+0x18/0x108 [ 1.346033] [<ffffff8008283980>] ret_from_fork+0x10/0x50 [ 1.352019] Code: d503201f 14000001 d503201f 52804001 (b90002a1) [ 1.358886] ---[ end trace 1c1cf6cb41d444c2 ]--- [ 1.364214] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 1.364214] [ 1.374520] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 1.374520] 0 Quote
chwe Posted June 23, 2019 Posted June 23, 2019 So you glue a BSP DTB from a 4.1 kernel together with a BSP 4.9 kernel.. good luck to get these things working.. In theory DTS should be backwords compatible, assuming that the drivers in the kernel are written properly.. well for a moment, we don't assume that all BSP drivers are written properly.. On 6/22/2019 at 2:15 AM, ShaRose said: When compiling the DTS I did get a LOT of warnings, so I'm not sure if that's normal depends what warnings.. a compile log might be helpful.. did you check how many partitions this WD thingie has? Those android based system have often a bunch of them.. with some weird schema.. so you can probably guess on which one it should be found.. If stuff is not encrypted.. 5 hours ago, ShaRose said: ## Flattened Device Tree blob at 01f00000 just tells you the memory adress this thing is loaded into it.. to actually see where it comes form, you probably have to look into sources.. But it's a Flattened device tree.. so it should be a own file for the dtb, it's not glued to the kernel so hope might be there that you just find it somewhere in the boot partition of your device.. 1 hour ago, ShaRose said: Maybe it needs to be built along with the kernel I'm actually using? Not really sure. I'll try a few other dtb files. if it would be backwards compatible drivers then not (but since bsp kernels don't give a fuck about this.. it might mess.. it might also mess if you compile this dt with a new kernel..) On 6/22/2019 at 2:15 AM, ShaRose said: I also noticed when trying out different dtb files that the kernel would panic sooner or later: Some got as far as 9 seconds in. Not sure if that's good or bad though. did you also test if the kernel panics reliable on the same event? When I had fun with the mediatek stuff.. it wasn't as predictable when the kernel crashed.. it was just sure that it will happen.. 1 hour ago, ShaRose said: I found the wd-monarch-1GB.dts file, but I wasn't able to compile it: I'm assuming it has a bunch of preprocessor things to do during compilation, but the compile script wipes it away each time. Not really sure how I'd be able to compile it into a dtb. does it throws you errors during compilation? and when which one? did you also check which dts or dtsi files are included in these dts.. did you copy them as well? lastly. believe that a vendor DTS is correct is IMO naive.. my experience is more that the vendor dts is glued together from some reference-board dts modified until the thing actually boots up and mostly works before nobody ever has a look at those files.. a bunch of nodes are there witch are not populated on the actual board, on the other hand.. those there might not be 100% correct.. But you might frankenstein together a 4.9 DTS from some reference boards there by looking into a working 4.1 DTS (for the 4.1 kernel).. if the same reference boards are present on a 4.1 and a 4.9 kernel it might be easy to get an idea how things have to change.. 0 Quote
Staars Posted June 23, 2019 Author Posted June 23, 2019 , yes that is not really unexpected. But I think, we still can get some information from it. (BTW, I will not be able to contribute very much in the next few days) 0 Quote
ShaRose Posted June 23, 2019 Posted June 23, 2019 14 hours ago, chwe said: So you glue a BSP DTB from a 4.1 kernel together with a BSP 4.9 kernel.. good luck to get these things working.. In theory DTS should be backwords compatible, assuming that the drivers in the kernel are written properly.. well for a moment, we don't assume that all BSP drivers are written properly.. I don't really know anything about embedded stuff, so I figured it was worth a shot. 14 hours ago, chwe said: depends what warnings.. a compile log might be helpful.. Considering it was coming from a tarred device tree, probably not, but here. <stdout>: Warning (unit_address_vs_reg): Node /soc has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /rtk_iso_gpio@98007100/scdc_rr@98007200 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /dwc3_u3host_usb2phy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /dwc3_u3host_usb3phy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /timer0@9801b000 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /ramoops@10014000 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /rtk_dwc3_drd@98013200/rtk_dwc3_drd_type_c has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /rfkilligpio@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /usb_phy_rle0599 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_bus_h has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_vodma has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_acpu has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_ddsa has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_ddsb has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_scpu has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_bus has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_gpu has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_ve1 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/pll_ve2 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/clk_vodma has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/clk_gpu has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/clk_sys has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/clk_ve1 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/clk_ve2 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /clocks/clk_ve3 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/ir@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/ir@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/rgmii@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/rgmii@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2c@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2c@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2c@2 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2c@3 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2c@4 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2c@5 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2c@6 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/spi@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/spi@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/tp0@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/tp0@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/tp1@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/tp1@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/etn_led@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/spdif@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/scpu_ejtag@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/scpu_ejtag@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/pwm0_0@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/pwm0_1@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/pwm3_0@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/pwm3_1@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/uart0@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/uart1@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/uart2@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/uart2@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/gspi@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2s_out@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/i2s_out@1 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/pcie@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/sdcard_low@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/pwm1@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/pwm2@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/sdio@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/dc_fan_sensor@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/sdcard_high@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /pinctrl@9801A000/acpu_ejtag@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_iso_mis has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_nat_wrap has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_mipi_aphy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_mhl3_en has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_cp has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_cr has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_md has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_se has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_tp has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_vo has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_disp_top has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_cecrx_aphy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_usb_p3_mac_A has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_gpu has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_mis has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_sb2 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_rsa has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_ve1 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_ve2 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_ve3 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_scpu_wrapper has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_emmc has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_gspi has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_jpeg has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_mipi has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_nand has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_sata has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_sdio has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_usb_p0_iso has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_usb_p0_mac has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_usb_p0_phy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_usb_p3_iso has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_usb_p3_phy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_hdmirx has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_jd_top has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_lsadc_top has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_cbus has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_sdio has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_iso_sata_p0 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_iso_sata_p1 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_cectx_aphy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_pcie1 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_pcie2 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_disp_core has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_usb_p0 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_usb_p1 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_usb_p2 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_l4_icg_usb_p3 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_adc has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_gpu has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_nat has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_rtc has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_ve1 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_ve2 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_ve3 has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_cr has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/pctrl_usb_p3_mac_ECO_B has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/dc0_pll has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power_control/dc1_pll has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /memory has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /timer1@9801b000 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /resets/usb_rst has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /reserved-memory/ramoops_mem has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /mem_remap/rbus has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /mem_remap/ringbuf has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /mem_remap/common has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /dwc3_drd_usb2phy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /dwc3_drd_usb3phy has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /rtd1295-lsadc@0x98012800/rtd1295-lsadc1-pad0@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /rtd1295-lsadc@0x98012800/rtd1295-lsadc1-pad1@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /rtd1295-lsadc@0x98012800/rtd1295-lsadc0-pad0@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /rtd1295-lsadc@0x98012800/rtd1295-lsadc0-pad1@0 has a unit name, but no reg property <stdout>: Warning (unit_address_vs_reg): Node /rtk_usb_power_manager has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /power-management has a reg or ranges property, but no unit name <stdout>: Warning (unit_address_vs_reg): Node /dwc3_u2host_usb2phy has a reg or ranges property, but no unit name <stdout>: Warning (pci_bridge): Node /pcie2@9803B000 node name is not "pci" or "pcie" <stdout>: Warning (unit_address_format): Failed prerequisite 'pci_bridge' <stdout>: Warning (pci_device_reg): Failed prerequisite 'pci_bridge' <stdout>: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' 14 hours ago, chwe said: did you check how many partitions this WD thingie has? Those android based system have often a bunch of them.. with some weird schema.. so you can probably guess on which one it should be found.. If stuff is not encrypted.. just tells you the memory adress this thing is loaded into it.. to actually see where it comes form, you probably have to look into sources.. But it's a Flattened device tree.. so it should be a own file for the dtb, it's not glued to the kernel so hope might be there that you just find it somewhere in the boot partition of your device.. 24 partitions, 23 of them for the system, one for user data. I know any of the partitions that could mount didn't have it because one of the first things I did was run a for loop to mount every one into /mnt/wdcloud/part_xx, and then ran file / grep. 14 hours ago, chwe said: did you also test if the kernel panics reliable on the same event? When I had fun with the mediatek stuff.. it wasn't as predictable when the kernel crashed.. it was just sure that it will happen.. If you mean with the same DTB, yes: The only difference (once you remove timestamps) is the trace ID at the end of the crash. 14 hours ago, chwe said: does it throws you errors during compilation? and when which one? did you also check which dts or dtsi files are included in these dts.. did you copy them as well? lastly. believe that a vendor DTS is correct is IMO naive.. my experience is more that the vendor dts is glued together from some reference-board dts modified until the thing actually boots up and mostly works before nobody ever has a look at those files.. a bunch of nodes are there witch are not populated on the actual board, on the other hand.. those there might not be 100% correct.. But you might frankenstein together a 4.9 DTS from some reference boards there by looking into a working 4.1 DTS (for the 4.1 kernel).. if the same reference boards are present on a 4.1 and a 4.9 kernel it might be easy to get an idea how things have to change.. The dtsi files weren't included in the vendor output, and even in the source area there weren't any for the wd_stuff. As for editing the 4.9 DTS files to match, I still don't know how to stop compile.sh from blowing away any changes I make, nor do I know how to just tell it to build the DTS files and nothing else (without cleaning anything). 0 Quote
danman Posted June 24, 2019 Posted June 24, 2019 On 6/23/2019 at 1:24 AM, ShaRose said: Using Device Tree in place at 0000000001f00000, end 0000000001f122aa @ShaRose, do you have root access on your original system? Can you try: dd if=/dev/mem bs=1 skip=32505856 count=74410 of=original.dtb (skip and count are translated from hex to dec) @others Meanwhile I was experimenting with the d/g/r> shell. I'm struggling to make ymodem work in minicom but I have some ideas... 1 Quote
ShaRose Posted June 24, 2019 Posted June 24, 2019 8 hours ago, danman said: @ShaRose, do you have root access on your original system? Can you try: dd if=/dev/mem bs=1 skip=32505856 count=74410 of=original.dtb (skip and count are translated from hex to dec) @others Meanwhile I was experimenting with the d/g/r> shell. I'm struggling to make ymodem work in minicom but I have some ideas... Wouldn't really matter since I was able to compile the DTB from the gpl sources though, would it? 0 Quote
danman Posted June 24, 2019 Posted June 24, 2019 I managed to make the ymodem upload work in minicom: https://github.com/danielkucera/minicom-ymodem But I was not able to boot it this way anyway. I'm proceeding according to: http://wiki.banana-pi.org/Getting_Started_with_BPI-W2#Burn_OpenWRT_with_Linux_kernel_4.4 Any ideas? 0 Quote
Staars Posted June 25, 2019 Author Posted June 25, 2019 9 hours ago, danman said: Any ideas? Sorry, no. Does your boot log suggest, that the box even tries to access the SPI-flash? Or does it not matter, what you have written to the SPI? 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 @Staars, I think it doesn't matter. But I'm celebrating first success booting code from d/g/n d/g/r>h download to 0x80005EF0 Ymodem: CCCCCCCC d/g/r>s 98007058 98007058 = 0x00020000 d/g/r>d download to 0x00020000 Ymodem: CCCCCCCCCCCCCCCCCCCCCCCCC crc32:0xA96F74D3, len:0x000B21E0 d/g/r>g jump to 0x00020000 64b U-Boot 2012.07 (Aug 13 2016 - 10:06:21) CPU : Cortex-A53 quad core - AARCH32 Board: Realtek QA Board DRAM: 0 Bytes Watchdog: Disabled Cache: Enabled Non-Cache Region: 1 MB@0x07900000 MMC: rtk_emmc : Detect chip rev. >= B RTD1295 eMMC: 0 rtk_emmc : Detect chip rev. >= B EMMC ERROR ---------> Response timeout Card did not respond to voltage select! mmc->version=0x00010000 version=0x00000004 [LY] cardtype=57, mmc->card_caps=0f [LY] freq = 00464388, clk diver = 00000080 [LY] speed up emmc at HS-200 [LY] HS-200 bus width=2 [LY] mmc->boot_caps = 20b TEMP TX_WINDOW=0x1ffffff8, TX_best=0xf RX_WINDOW=0xffff41ff, RX_best=0x1c TX1_WINDOW=0x1fffff80, TX_best=0x11 [LY] hs200 : 0 [HC] WPG_SIZE = 4194304 Device: RTD1295 eMMC Manufacturer ID: 11 OEM: 100 Name: 008G7 Tran Speed: 5f5e100 Rd Block Len: 512 MMC version 4.0 High Capacity: No Capacity: 7.3 GiB Bus Width: 8-bit Speed: HS200 Factory: MMC Factory: pp:0, seq#:0x25, size:0x25a00 ------------tmp/factory/000BootParam.h found [logo]src w/h=1280/720 dst w/h=3840/2160 In: serial Out: serial Err: serial Net: Realtek PCIe GBE Family Controller mcfg = 0024 dev->name=r8168#0 Hit Esc or Tab key to enter console mode or rescue linux: 0 ------------can't find tmp/factory/recovery ======== Checking into android recovery ==== Start Boot Setup ... ---------------LOAD NORMAL FW TABLE --------------- [INFO] fw desc table base: 0x00620000, count: 22 Normal boot fw follow... Kernel: FW Image to 0x03000000, size=0x00f3d000 (0x03f3d000) FW Image fr 0x02b30400 DT: FW Image to 0x01f00000, size=0x0000f448 (0x01f0f448) FW Image fr 0x027b0200 Audio FW: FW Image to 0x01b00000, size=0x003401a8 (0x01e401a8) FW Image fr 0x027f0200 IMAGE FILE: FW Image to 0x1e800000, size=0x00384000 (0x1eb84000) FW Image fr 0x199002000 Start A/V Firmware ... kylin_bring up hwsetting Finish kylin_bring_temp hwsetting [+][AO][aio_HWEnable] [AO]aio_CRTOn: SYS_CLOCK_ENABLE1 [ 0x9800000c]: 0x13dec561 SYS_CLOCK_ENABLE2 [ 0x98000010]: 0x58ffe416 SYS_SOFT_RESET1 [ 0x98000000]: 0xb7da1001 SYS_SOFT_RESET4 [ 0x98000050]: 0x0000801f [AO]ao_SetDACAnalogOn: TVE_VDAC_CTR1 [ 0x980183a0]: 0xa86c0280 x1O_O_ACANA_GCTL1 [ 0x980066E0X4P]:OR 0T xE24N9V 5A15T0 04 NAI0O_00I_00A0CA 64_tAkD_pC_reGCloTaLd2 _b[o o0xti98ma0g06es61 :0 ]:l oa0xd 8U80-Bao3ao0t0 0IfOro_Im_ 0AxDC0_0T0C2O81N 2[5 t0ox9 08x00016650f0c]00:0 0 wx2i2th1 fs00i0z0e Ax0IO0_10I_0A00DC0_ TCON [ 0x980066fc]: 0x221fff00 [-][AO][aio_HWEnable] [ACPU] Set protect, start: 0x00000000 end: 0x00001000 moduleid:6 HDMI Raw Enable: MPG AC3 DTS MPEG2 AAC DDP WMAPRO MLP SPDIF Raw Enable: MPG AC3 DTS MPEG2 AAC DDP WMAPRO MLP Force 2ch Format: DTS DTSHD AC3 DDP MLP AAC WMAPRO @@@@@@@One Step TV System magic number = 0xffffffff, addr = 0xa001f800@@@@@@@ [AUDIO WARNING] ERR UNCACHEABLE_VADDR 0xb8071200 @ 0x81b2e590 @@@@One Step magic number not match! use fw default TV System! [@@VIDEO_RPC_VOUT_ToAgent_ConfigTVSystem_0_svc]type 0! HDMIOff = 0 [VO]vo->is_hdmi_off_clock_on:86248 [@@VIDEO_RPC_VOUT_ToAgent_ConfigVideoStandard_0_svc] [VO_SetVideoStandard]st 25 p 1 1 0 [VO_SetVideoStandard]ped 1 data0 0x00000004 data1 0x00000000 VO_SetVideoStandard]HDMIoff 0c oipsy__t2vned__obno o1t luosaedre_rc_vabnsd__orfufn 0: slrvcd:s0.xf0o1r5m0a0t0 000 ,p odrstt_:s0ext0ti0n0g2 1 000x00,0 0s0i0z3e81: 0lxv0d0s0_bw1b0 000 .JVuOm pseitnTgV Sttoa n2dnadr db o2o5t l3oDa d0e r0.]. ( TVE) TVE_DAC_mode 0,cmd->enProg 1!! TV_NTSC_J ~~comp 0, ch2 1, mode_3D 0!! ~~comp 0, ch2 1, mode_3D 0!! ~~TVE standard# SetVideoStandard return! [@@VIDEO_RPC_VOUT_ToAgent_ConfigHdmiInfoFrame_0_svc] (VO_ConfigHDMI_InfoFrame) L:236, is_hdmi_plugin 1, hdmiMode 1!!Mode 1 dataByte1 0x00000040 0x000000a8 0x00000000 dataByte4 0x00000000 0x00000000 int0 0x00000001 (HDMI_3D) mode 1, HDMI_gen 1, En_3D 0, Format_3D 0 scramble:0!!@@@@DeepColor:0 deep Depth:0 go back SET_HDMI!!boot_info 0xa001f600 magic 0x2452544b en 1 boot_info.w 1280 h 720 boot_addr 0x1e800000 w 1280, h 720, img0 0x1e800000, pitch0 5120 disp.x 0 y 0 w 1920 h 1080 PowerOnOSD~~ [AO][_AO_if_video_HDMI_mode]gpAudio->HDMI_output_en = 0 U-Boot 2015.07-ge1162f1 (Aug 02 2016 - 11:24:56 +0800) CPU : Cortex-A53 Quad Core Board: Realtek QA Board [ERR] get_accessible_ddr_size: hw setting error. (impossible value 0x0) [ERR] Fall back to using CONFIG_SYS_RAM_DCU1_SIZE DRAM: 1 GiB mapping memory 0x20000000-0x40000000 non-cached In: serial Out: serial Err: serial Hit any key to stop autoboot: 0 rtk_plat_set_fw not port yet, use default configs ## Flattened Device Tree blob at 01f00000 Booting using the fdt blob at 0x1f00000 reserving fdt memory region: addr=0 size=30000 reserving fdt memory region: addr=1f000 size=1000 reserving fdt memory region: addr=30000 size=d0000 reserving fdt memory region: addr=2c00000 size=b800000 reserving fdt memory region: addr=1b00000 size=4be000 reserving fdt memory region: addr=2600000 size=600000 reserving fdt memory region: addr=1ffe000 size=4000 reserving fdt memory region: addr=11000000 size=9200000 reserving fdt memory region: addr=10000000 size=14000 reserving fdt memory region: addr=2200000 size=400000 Using Device Tree in place at 0000000001f00000, end 0000000001f12447 Bring UP slave CPUs Jump to BL31 entrypoint "Synchronous Abort" handler, esr 0x02000000 ELR: 10120000 LR: 23e90 x0 : 0000000000280000 x1 : 0000000001f00000 x2 : 0000000010120000 x3 : 0000000000000000 x4 : 000000000000d40a x5 : 0000000001f0e000 x6 : 0000000001f00000 x7 : 0000000001f0d4f2 x8 : 0000000001f000d8 x9 : 0000000001008000 x10: 000000000a200023 x11: 0000000000000002 x12: 0000000000000002 x13: 00000000000fec10 x14: 0000000001f0e000 x15: 00000000000228e4 x16: 0000000000022b8c x17: 5090100082221ac5 x18: 000000003ff44ea8 x19: 0000000000000400 x20: 0000000000000400 x21: 00000000000477e8 x22: 0000000000000003 x23: 00000000000ffd50 x24: 0000000000000000 x25: 0000000000000000 x26: 0000000001400000 x27: 0000000000023e48 x28: 0000000000000000 x29: 00000000000ffba0 Resetting CPU ... resetting ... "Synchronous Abort" handler, esr 0x96000021 ELR: 233dc LR: 2416c x0 : 00000000000000a5 x1 : 0000000000d7c601 x2 : 0000000000d7c601 x3 : 0000000000000001 x4 : 000000009801b50c x5 : ffffffff00000000 x6 : 000000000003b000 x7 : 000000000000000f x8 : 0000000001f000d8 x9 : 0000000001008000 x10: 000000000a200023 x11: 000000000000000c x12: 0000000000000002 x13: 00000000000fec10 x14: 0000000001f0e000 x15: 00000000000228e4 x16: 0000000000022b8c x17: 5090100082221ac5 x18: 000000003ff44ea8 x19: 00000000000ffaa0 x20: 0000000000000400 x21: 00000000000477e8 x22: 0000000000000003 x23: 00000000000ffd50 x24: 0000000000000000 x25: 0000000000000000 x26: 0000000001400000 x27: 0000000000023e48 x28: 0000000000000000 x29: 00000000000ff950 Resetting CPU ... resetting ... "Synchronous Abort" handler, esr 0x96000021 ELR: 233dc LR: 2416c x0 : 00000000000000a5 x1 : 0000000001326344 x2 : 0000000001326344 x3 : 0000000000000001 x4 : 000000009801b50c x5 : ffffffff00000000 x6 : 000000000003b000 x7 : 000000000000000f x8 : 0000000001f000d8 x9 : 0000000001008000 x10: 000000000a200023 x11: 000000000000000c x12: 0000000000000002 x13: 00000000000fec10 x14: 0000000001f0e000 x15: 00000000000228e4 x16: 0000000000022b8c x17: 5090100082221ac5 x18: 000000003ff44ea8 x19: 00000000000ff850 x20: 0000000000000400 x21: 00000000000477e8 x22: 0000000000000003 x23: 00000000000ffd50 x24: 0000000000000000 x25: 0000000000000000 x26: 0000000001400000 x27: 0000000000023e48 x28: 0000000000000000 x29: 00000000000ff700 Resetting CPU ... or d/g/r>h download to 0x80005EF0 Ymodem: CCCCCCCCCCxBFD37A61, len:0x00000680 d/g/r>s 98007058 98007058 = 0x10100000 d/g/r>d download to 0x10100000 Ymodem: CCCCCCCCCC crc32:0xD5BB5842, len:0x00010BA0 d/g/r>g jump to 0x10100000 64b <=============================================> fsbl_main: sys_secure_type = 0x0000BEEE fsbl_main: sys_boot_type = 0x00000002 fsbl_main: sys_boot_enc = 0x00000000 fsbl_main: sys_bisr_done = 0x00000000 Time out Time out Time out sys_hwsetting_size:B25F8493 sys_bootcode_size:B6A21E75 sys_secure_fsbl_size:1E28B723 sys_secure_os_size:26B3B9BB sys_bl31_size:738D6681 sys_rsa_key_fw_size:E42FBBDF sys_rsa_key_tee_size:DAE32C2D sys_rescue_size:9E8B6998 HwSetting: hwsetting_blk_no:00000100 hwsetting_total_size:B25F8513 hwsetting_blk_count:00592FC3 Bootcode: bootcode_blk_no:005930C3 bootcode_total_size:B6A21E95 bootcode_blk_count:005B5110 FSBL: secure_fsbl_blk_no:00B481D3 secure_fsbl_total_size:1E28B743 secure_fsbl_blk_count:000F145C TEE OS: secure_os_blk_no:00C3962F secure_os_total_size:26B3B9DB secure_os_blk_count:001359DD BL31: bl31_blk_no:00D6F00C bl31_total_size:738D66A1 bl31_blk_count:0039C6B4 RSA Key Fw: rsa_key_fw_blk_no:0110B6C0 rsa_key_fw_total_size:E42FBBFF rsa_key_fw_blk_count:007217DE RSA Key TEE: rsa_key_tee_blk_no:0182CE9E rsa_key_tee_total_size:DAE32C4D rsa_key_tee_blk_count:006D7197 Rescue: rescue_blk_no:01F04035 rescue_total_size:9E8B69B8 rescue_blk_count:004F45B5 ********** FW_TYPE_GOLD_TEE ********** fwInfo->fwType: 00000023 fwInfo->isGolden: 00000001 fwInfo->ddrReadAddr: 00520000 fwInfo->ddrDestAddr: 10200000 fwInfo->flashType: 00000002 fwInfo->flashUnitSize: 00000200 fwInfo->flashOffset: 872C5E00 fwInfo->dataSize: 26B3B9DB body_size:26B3B9BB flash_unit_no:0043962F flash_unit_count:001359DD Time out Time out Time out Time out Time out 0 Quote
Staars Posted June 25, 2019 Author Posted June 25, 2019 🤔, it is a start. slightly off-topic: Is there any use for the SPI-flash on your zidoo, when using it as a TV-box? It seems to get ignored anyway or did I misunderstand something? 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 It's main purpose is to help with boot but without switching BOOTSEL it cannot be used. So currently it is doing nothing and I'm out of ideas how to find it... :/ Perhaps you could X-ray my box too? But first, I'd like to have a reliable way to recover whole eMMC without attached wires which is very close now. Then I'd like to experiment with running various systems (your armbian, porting Android 7 from w2, etc.) to be able to use HDMI input with hw encoding, prefferably with ffmpeg. SPI is only a bonus milestone for me. 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 this is an interresting reading: https://github.com/BPI-SINOVOIP/BPI-W2-bsp/commit/c8e8e9cea4e84934744a100727975cd912f1fc73 I'll try to compile and boot BPI's uboot today... 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 this shows how all the boot binary blobs are chained: https://github.com/BPI-SINOVOIP/BPI-W2-bsp/blob/a6d9f8d7be34cd734179bc528d4ab03d1972be28/u-boot-rt/examples/flash_writer/tools/bindAllBins/bindAllBins.c 0 Quote
Staars Posted June 25, 2019 Author Posted June 25, 2019 4 hours ago, danman said: It's main purpose is to help with boot but without switching BOOTSEL it cannot be used. So currently it is doing nothing and I'm out of ideas how to find it... :/ Perhaps you could X-ray my box too That is my impression too. I better put my box in my bag for tomorrow now. Yesterday I forgot it. At least we will get a very special product picture My interest in the SPI-solution is based on the hope, to get rid of the encrypted bootloaders. On the Lake1 we would have to keep the partition structure of the emmc as delivered, because the fixed boot process breaks, if anything unplanned happens to the emmc (and not only to a boot partition). So ATM you better not touch the emmc. 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 Btw, do you have two Lake1 boxes now? Don't you want to try to recover the bricked one using one of my methods (soldering or d/g/r boot) ? Can you send me first 20 megs of eMMC from a working one? 0 Quote
Staars Posted June 25, 2019 Author Posted June 25, 2019 29 minutes ago, danman said: Btw, do you have two Lake1 boxes now? Don't you want to try to recover the bricked one using one of my methods (soldering or d/g/r boot) ? Can you send me first 20 megs of eMMC from a working one? Yes, I have two now. Some posts ago I shortly described, how I bricked the first one. d/g/r needs SPI-flash, which is not populated on the Lake1. The first try, to solder a chip went wrong (probably incompatible chip, maybe a defective one or bad soldering). Now I wait for some weeks for the arrival of new chips (the one I got told from chwe), but somehow it takes a very long time. I think, that your soldering trick will not work with my box. I can flash all sorts of firmware without a problem, but the box complains about an encyption error early in the boot process. That’s why I believe, that a pure emmc-boot is impossible forever on that box. I could send you the data, but I would not recommend it. As long as we are not totally shure, what happens with cross flashing and the SPI-path is not working, it might lead to a bricked box. AFAIK the zidoo boxes are exceptions with their firmware with more unencrypted parts, means I would especially not cross flash a zidoo box (unless you find a believable report, that this works). BTW, technically you can simply flash the (easy to find) lake-firmware on your box with the realtek utility, but again: I DO NOT RECOMMEND THIS BASED ON MY CURRENT KNOWLEDGE. 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 3 minutes ago, Staars said: d/g/r needs SPI-flash I'm convinced this is not true and I can prove it later. 4 minutes ago, Staars said: That’s why I believe, that a pure emmc-boot is impossible forever on that box. I think this is also not true. 5 minutes ago, Staars said: I can flash all sorts of firmware without a problem What do you mean by this? Does the box boot? My idea how to save your box: 1. extract hwconfig and uboot from the dump I asked for and a bootlog (it shows blob locations) 2. boot these using d/g/r into u-boot 3. reflash full emmc dump from working box to not working one within u-boot or recovery linux 0 Quote
Staars Posted June 25, 2019 Author Posted June 25, 2019 I really hope you are right and will gladly change my opinion. In this post: ... you see the bootlog of the bricked box after flashing an Android image (OTP verification) including my incorrect assumption about ‚uu3‘. On the bricked box I can not reach any prompt. It is just the flashing procedure with the windows tools, that works without an error message. 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 So you can flash from the windows utility but the box still doesn't boot, right? Can you reach d/g/r from terminal using Ctrl+q? 0 Quote
Staars Posted June 25, 2019 Author Posted June 25, 2019 2 hours ago, danman said: So you can flash from the windows utility but the box still doesn't boot, right? Can you reach d/g/r from terminal using Ctrl+q? Yes I can flash, no I can‘t boot. No, I can‘t reach d/g/r using ctrl+q. 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 @Staars, just because of you I did a test. I removed SPI flash and wiped first 4megs by writing zeroes: $ sudo dd if=/dev/zero of=/dev/sdc bs=1M count=4 4+0 records in 4+0 records out 4194304 bytes (4.2 MB, 4.0 MiB) copied, 0.686883 s, 6.1 MB/s result: C1:80000000 C2 ? C3hswitch frequency to 0x00000046 frequency divider is 0x00000080 switch frequency to 0x00000046 frequency divider is 0x00000004 switch to SDR 8 bit switch bus width to 0x00000008 bits success 0000001� C1:80000000 C2 ?uu3-1 but when I hold Ctrl+q while booting: C1:80000000 C2 ? d/g/r> d/g/r> d/g/r> d/g/r> d/g/r> d/g/r> d/g/r> So I am 99% sure d/g/r works regardless on what you have on you emmc, if you have SPI or whatever. I believe this is firmware inside of the SoC. What terminal are you using? 0 Quote
Staars Posted June 25, 2019 Author Posted June 25, 2019 Yes, I see. I tried „screen“ and „miniterm“ on macos and „hypertrm“ (the recommended one from bananapi) on win10. I think @jeanrhum also tried it without success, but I do not know, which terminal he used. I think that this d/g/r-thingie os part of the soc-firmware too, but it might be possible, that a compatible SPI-chip is needed or (additional) a resistor or something has to be added or removed, before the SOC decides to launch this prompt. Keep in mind, that the Lake1 (and some other boxes) do not have a SPI-chip when they leave the factory. They only have the unpopulated connector and maybe there is a missing secret sauce. Anyway, I already have my bricked box prepared and it will get the x-ray-treatment tomorrow (if I do not forget it ). BTW, I wonder what the box expects to find on the usb device at the stage of „uu3-1“? 0 Quote
danman Posted June 25, 2019 Posted June 25, 2019 My box also comes without SPI. Can you try minicom? Is it available on mac? You should first press and hold both keys (you should see your USB-serial TX LED blinking quicky) and while holding, connevt power to your box. 0 Quote
chwe Posted June 25, 2019 Posted June 25, 2019 6 minutes ago, Staars said: They only have the unpopulated connector and maybe there is a missing secret sauce. I would check the schematics of the BPi W2 (assuming that those boards are more or less reference design at this part).. Maybe check CS pin during boot? or soldering a logic analyzer to sniff? 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.