<apritzel>
I guess it's the same FEL confusion/crash/reset as with uart0-helloworld-sdboot?
<Lightsword>
apritzel, not exactly the same
<Lightsword>
for uart0-helloworld-sdboot it would usually(but not always) return to FEL mode, with the first bootinfo it would return the first time to FEL but not the second time fairly consistantly
<apritzel>
and while thinking about it, I think I figured why the smc trick doesn't work on the A133: it does an ERET to get back to our code, which means it's secure, but not the highest exception level anymore
<apritzel>
(which is a subtle, but important difference between ARMv7 and ARMv8)
<Lightsword>
failed to return to FEL, and has "usb_bulk_send() ERROR -1: Input/Output Error" error
<apritzel>
ah, the garbled characters are probably because something reset, and the BROM tried reading from SD card again, hitting the UART pins in the process
<Lightsword>
apritzel, ah, yeah, could be
<apritzel>
yeah, bummer, there must be more then
<Lightsword>
apritzel, more register differences?
<apritzel>
yes, but afraid to have to call it day for now - don't want to end up as late as you yesterday ;-)
<Lightsword>
apritzel, heh, yeah
<apritzel>
and you didn't have any luck with running something from SD card?
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
apritzel has quit [Ping timeout: 480 seconds]
warpme has quit [Ping timeout: 480 seconds]
<Lightsword>
apritzel, not really so far
warpme has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
cnxsoft has joined #linux-sunxi
warpme has joined #linux-sunxi
hexdump02 has joined #linux-sunxi
hexdump0815 has quit [Ping timeout: 480 seconds]
warpme has quit [Ping timeout: 480 seconds]
gsz has joined #linux-sunxi
Daanct12 has joined #linux-sunxi
warpme has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
hexdump0815 has joined #linux-sunxi
hexdump02 has quit [Ping timeout: 480 seconds]
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
hexdump02 has joined #linux-sunxi
hexdump01 has quit [Ping timeout: 480 seconds]
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
cnxsoft has quit [Remote host closed the connection]
JohnDoe_71Rus has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
gsz has quit [Ping timeout: 480 seconds]
dsimic is now known as Guest12927
dsimic has joined #linux-sunxi
Guest12927 has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
cnxsoft has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
Daanct12 has quit [Quit: WeeChat 4.6.0]
warpme has joined #linux-sunxi
Daanct12 has joined #linux-sunxi
Schimsalabim has quit [Ping timeout: 480 seconds]
Schimsalabim has joined #linux-sunxi
warpme is now known as Guest12930
warpme has joined #linux-sunxi
Guest12930 has quit [Ping timeout: 480 seconds]
warpme has quit [Quit: My MacBook Air has gone to sleep. ZZZzzz…]
warpme has joined #linux-sunxi
colinsane has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
apritzel has joined #linux-sunxi
colinsane has quit [Ping timeout: 480 seconds]
warpme has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
apritzel has quit [Ping timeout: 480 seconds]
apritzel has joined #linux-sunxi
Schimsalabim has quit [Ping timeout: 480 seconds]
Schimsalabim has joined #linux-sunxi
gsz has joined #linux-sunxi
Schimsalabim has quit [Ping timeout: 480 seconds]
Schimsalabim has joined #linux-sunxi
Schimsalabim has quit [Read error: Connection reset by peer]
Schimsalabim has joined #linux-sunxi
Daanct12 has quit [Quit: WeeChat 4.6.0]
warpme has quit []
apritzel has quit [Ping timeout: 480 seconds]
blathijs has quit [Quit: brb - reboot]
blathijs has joined #linux-sunxi
cnxsoft has quit [Remote host closed the connection]
apritzel has joined #linux-sunxi
gsz has quit [Ping timeout: 480 seconds]
evgeny_boger has joined #linux-sunxi
Hypfer has quit [Ping timeout: 480 seconds]
apritzel has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
Schimsalabim has quit [Ping timeout: 480 seconds]
Schimsalabim has joined #linux-sunxi
aggi has quit [Remote host closed the connection]
Hypfer has joined #linux-sunxi
ungeskriptet_ has joined #linux-sunxi
ungeskriptet has quit [Ping timeout: 480 seconds]
ungeskriptet_ has quit [Remote host closed the connection]
hazardchem has quit [Read error: Connection reset by peer]
hazardchem has joined #linux-sunxi
Schimsalabim has quit [Read error: Connection reset by peer]
Schimsalabim has joined #linux-sunxi
warpme has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
ftg has joined #linux-sunxi
warpme has joined #linux-sunxi
warpme has quit [Ping timeout: 480 seconds]
apritzel has quit [Ping timeout: 480 seconds]
warpme has joined #linux-sunxi
<Lightsword>
apritzel, so getting the smc trick working is needed on my board to FEL boot uboot right?
warpme has quit [Ping timeout: 480 seconds]
<smaeul>
It's needed to run any 64-bit code at all
<Lightsword>
smaeul, that's only when FEL booting through? or USB/NAND as well?
<smaeul>
yes, only when FEL booting. If the SBROM finds a valid TOC0, it will be executed in secure state
<smaeul>
Lightsword: were you not able to boot a TOC0?
<Lightsword>
smaeul, so far only been able to boot vendor images with their bsp created TOC0
<smaeul>
you mean that e.g. if you put uart0-helloworld-sdboot.toc0 on a SD card, it still dumps you into FEL mode?
<Lightsword>
smaeul, does allwinner bsp use smc trick as well for FEL booting?
<Lightsword>
smaeul, yeah drops to FEL mode
<smaeul>
Lightsword: dunno, but it's not really necessary, since you can write to any boot device (SD, SPI, NAND) by executing 32-bit code from non-secure FEL.
<smaeul>
so if you have a valid signed firmware, you can recover the device without it the smc trick
<smaeul>
Lightsword: if you are able to execute any code in secure state in FEL, even if it crashes afterward, you should dump the eFuse to see what the ROTPK hash is
<Lightsword>
smaeul, oh, how would I do that?
<smaeul>
it depends on what works after the SMC trick -- can you execute more FEL commands?
<smaeul>
but essentially you want to dump the range SID+0x200 to SID+0x400
<Lightsword>
smaeul, ummm, in some cases it can return to FEL mode it seems after SMC trick I think
<Lightsword>
smaeul, do I use a sunxi-fel command to dump those ranges?
warpme has joined #linux-sunxi
<smaeul>
if you're in secure state `sunxi-fel hex 0x3006200 0x100` should be sufficient
warpme has quit [Ping timeout: 480 seconds]
<smaeul>
if everything after the first 3 lines is zeroes, you are _not_ in secure state. (the LCJS word at 0x48 must have at least one bit set, because that's what puts the chip into secure mode)
<apritzel>
smaeul: so the smc trick works, but some details are different from at least the A64 way: the smc returns in *monitor* mode, so if you just "bx lr" to the BROM, it will crash, because some registers are banked
<apritzel>
we tried to force it back to (now secure) SVC, by writing to CPSR, syncing LR and SP beforehand, but it's still not working
<apritzel>
my hunch is it somehow crashes or accidentally resets, triggering a new FEL init, so we are back in non-secure
<apritzel>
looking at the ARM ARM, it says SCTLR and VBAR are banked between secure and non-secure, so maybe those need to be copied, but I don't see any differences between their values
warpme has joined #linux-sunxi
<apritzel>
Lightsword: I wonder how many of those boards you have? Maybe you could try to write the ROTPK hash to all ones, disabling the key checking, which might relax the BROM checks
<apritzel>
or at least frees you from the need to get the signature 100% correct
<apritzel>
there is a chance that this could brick the SoC, though, so be warned
<Lightsword>
apritzel, only have 1 board with fel setup, others only have ssh access to remotely
<apritzel>
booting mainline through FEL relies on being able to return to the BROM's FEL routine, and staying secure
<apritzel>
I see, it would just be a test to unblock you, and getting into mainline U-Boot and then the mainline kernel
<Lightsword>
apritzel, ah, anything else i should try for fixing smc trick?
<apritzel>
I am thinking about copying SCTLR and VBAR (from non-secure to secure), but I am not sure it would change things
warpme has quit [Ping timeout: 480 seconds]
<apritzel>
and maybe it's an IRQ problem, as the GIC differentiates between secure and non-secure interrupts
<apritzel>
smaeul: did you ever burn the secure boot fuse on any H616 board?