<Svanto24>
i don't even see them needing signing keys for this...
<robimarko>
I am going to repeat myself
<robimarko>
If secure boot is enabled then you cannot, I repeat cannot flash u-boot that is either
<robimarko>
1. Unsigned
<robimarko>
2. Signed with incorrect keys
<robimarko>
It will simply refuse to boot it
tersono has joined #openwrt-devel
<\x>
another way is to ready your hot air station and find a compatible stencil hah
<Svanto24>
ohh okay so it's about secure boot fuses in qfprom? Thing is i do not know if secure boot is enabled or if akronite even supports it. MR33 uses the IPQ4028 (Dakota) which came after the IPQ8068 (Akronite)
<Svanto24>
\x: Swapping the SoC for an unfused one you mean?
<Svanto24>
I could do that. Maybe. Would first experiment with nand though. I heard there are clips that work without desoldering?
<Svanto24>
I could at least dump the flash that way.
<\x>
i havent messed with those things, maybe the smallest flash i messed with is like soic8/sop8
<robimarko>
IPQ806x supports secure boot, they all do
tersono has quit [Ping timeout: 480 seconds]
<robimarko>
Considering your u-boot is rather cripled I am not sure if its worth the time to sink it
<robimarko>
All of the giant ODM devices are usually modified in rather non-standard ways
<Svanto24>
You are most likely correct but if nothing else it's a learning excercise. I'm learning a lot from you guys. thank you
<Svanto24>
\x: I disassembled it a while back and there is both a soic8 NOR flash and TSOP48 NAND
<Svanto24>
I was thinking of experimenting of dumping and flashing the memory chips directly
<Svanto24>
might not work but I would like to learn
<Svanto24>
robimarko: Got it... well, maybe it's not enabled like on the MR33... didn't see it on the bootlog. if it is, maybe I can hexdump the keys. I think it's worth a shot.
<slh>
the spi-nor would be easy (writing something else won't work, due to the secure boot signature checks), the NAND won't be
<robimarko>
Svanto24: you cannot dump the keys
<robimarko>
They are not fused in the soc, only the hash of the signing keys is fused
Svanto24 has quit [Remote host closed the connection]
tersono has joined #openwrt-devel
<robimarko>
So unless they forgotten the keys in GPL you are out of luck
<robimarko>
If they enabled secure boot
Svanto24 has joined #openwrt-devel
<tmn505>
robimarko: what if sbl on nor flash would be replaced with one being verbose (like it normaly is) from similar board? At least it should show if secure boot is enabled.
<robimarko>
Yeah, that should at least let him know if secure boot is enabled
<tmn505>
Svanto24: ^^
<tmn505>
that should be Your first course of action
<Svanto24>
robimarko: understood, thank you very much for elaborating. I sent an email to foss@huawei.com yesterday, wonder if they reply
<Svanto24>
slh: oh, can't flash TSOP48? damn.
<slh>
not easily
<Svanto24>
tmn505: there's SBL on both NOR and NAND flash, idk which it uses. worth a shot however, I'll keep it in mind as soon as I can get my hands on a programmer. thanks!
Tapper has quit [Ping timeout: 480 seconds]
<robimarko>
Usually they keep bootloader and all of that on NOR
<robimarko>
That would be ideal as they are easy to backup
<slh>
and easier too bootstrap, less likely to get faulty - that's why using spi-nor for the bootloader and calibration data makes sense and is often done, NAND is a quite different beast to deal with
<Svanto24>
slh: Oh... then perhaps in the ideal scenario, if booting via console won't work out, I could replace the NAND with an empty chip and flash the NOR?
<robimarko>
Which would help you how?
Svanto24 has quit [Remote host closed the connection]
Svanto24 has joined #openwrt-devel
<Svanto24>
my understanding is that the u-boot is stored on NOR from what you said. naturally this would be after verifying secure boot is not involved.
<slh>
while spi-nor is easier to work with, it still doesn't get you past the signature verification
<slh>
on a 'normal' (no secure boot) system, yes, there it would make things easier
n3ph_ has joined #openwrt-devel
<Svanto24>
Still holding on to that hope, I guess.
<robimarko>
Does you u-boot or stock FW have md ?
<robimarko>
Or devmem?
n3ph has quit [Ping timeout: 480 seconds]
<Svanto24>
the partition scheme looks like this: NAND Flash (128 MB):
<Svanto24>
SBL1: 256 KB
<Svanto24>
MIBIB: 1.25 MB
<Svanto24>
SBL2: 1.25 MB
<Svanto24>
SBL3: 2.5 MB
<Svanto24>
DDRCONFIG: 1.125 MB
<Svanto24>
SSD: 1.125 MB
<Svanto24>
TZ: 2.5 MB
<Svanto24>
RPM: 2.5 MB
<Svanto24>
APPSBL: 7.5 MB
<Svanto24>
ROOTFSA: 26 MB
Svanto24 has quit [Remote host closed the connection]
<Svanto24>
robimarko: I don't think so unfortunately. Just the commands I posted on the forum
<robimarko>
Not even bootm?
<Svanto24>
Nope, tried that yesterday. but there is an interface to upgrade both uboot and the firmware. I just need the device tree to test whether it will slap me in the face with signature verification but I am kinda hopeful since the manuals urge people to do these checks manually
<Svanto24>
as in, check the signatures manually with openpgp before loading them.
cmonroe_ has joined #openwrt-devel
cmonroe_ has quit []
<Svanto24>
I was hoping huawei would send me the codes but maybe that's naive. I might just wait a week or so and then ask the gplviolations people.
cmonroe_ has joined #openwrt-devel
cmonroe has quit [Ping timeout: 480 seconds]
damo22 has quit [Read error: Connection reset by peer]
ScrewDriver1337 has quit [Ping timeout: 480 seconds]
ScrewDriver1337 has joined #openwrt-devel
ScrewDriver1337 has quit [Ping timeout: 480 seconds]
ScrewDriver1337 has joined #openwrt-devel
Svanto24 has joined #openwrt-devel
Svanto24_ has joined #openwrt-devel
<Svanto24>
slh: You mentioned that NAND was a lot more difficult to flash than NOR earlier, whar makes it so?
Stat_headcrabbed has quit [Quit: Stat_headcrabbed]
Stat_headcrabbed has joined #openwrt-devel
<slh>
Svanto24: in general. you don't have to deal with data degradation on spi-nor (if you do, the chip is dead), unless you really do high-frequency changes (data logging or similar) on NOR flash. on NAND, you do, the data will degrade all the time, even by just reading it. as a consequence you must do wear levelling, you must do ECC to detect- and correct bitflips, even in highly ciritical code (1st stage
<slh>
bootloader and upwards), all the time (see the OKD on the rt3200 for an example)
<slh>
as a consequence, there are maaaaany different ways to accomplish this, to deal with ECC, in-band, out-of-band, yada, yada - you must get it 100% right or the device is toast
<slh>
that makes recovery more difficult (unless the vendor helpfully left JTAG pins in working order, real JTAG, not just serial, so you can do in-circuit reprogramming using the normal tools <-- but JTAG still requires very intimate knowledge and support files for the SOC in question) - out-of-circuit (external) reflashing is very difficult (as you need to get all the details 101% right)
Svanto24 has quit [Ping timeout: 480 seconds]
Svanto24 has joined #openwrt-devel
GNUmoon has quit [Remote host closed the connection]
GNUmoon has joined #openwrt-devel
tersono has quit [Ping timeout: 480 seconds]
Svanto24 has quit [Ping timeout: 480 seconds]
Svanto24 has joined #openwrt-devel
zer0def has quit [Ping timeout: 480 seconds]
Fijxu has joined #openwrt-devel
n3ph_ has quit [Read error: No route to host]
plappermaul has joined #openwrt-devel
tersono has joined #openwrt-devel
<Svanto24_>
slh: whoa, that's a lot more complex than I imagined. Thanks!
<slh>
on top of that, there are almost half a dozen different ways to electrically connect NAND (serial, parallel, raw, different protocols)
<Svanto24>
i thought nand was always serial and nor was always parallel
<jakllsch>
nope
n3ph has joined #openwrt-devel
tersono has quit [Ping timeout: 480 seconds]
<slh>
there's a reason why you see a (often working, empty, but with surrounding chicken food) spi-nor header on quite a few NAND-only devices. NOR makes early device development and bringup much, much easier - but above 32 MB, NOR gets expensive, while NAND remains dirt cheap
<Svanto24_>
ahh
<Habbie>
hehe, chicken food
<Svanto24_>
Yeah the funny thing is, the chip that came up when I put the nor part number into google was actually a 32 mb chip, but there's only 4mb NOR memory on the device
<slh>
SMD resistors, SMD capacitors and other passive components
<Habbie>
please note that those chips are often specced in megabits, not megabytes
<Svanto24_>
It would be best if I could make the device boot from usb but that's probably not realistic
<jakllsch>
uh, flash is usually marked in bits
<Habbie>
32 megabits is 4 megabytes
<Svanto24_>
Habbie: Ah, that explains it
maciekb721 has quit [Quit: bye]
maciekb721 has joined #openwrt-devel
<Svanto24_>
Well, if it's that complex I best keep trying to debrick whatever I did yesterday
<Svanto24_>
Unfortunately still no response to the sources request I made to huawei
tersono has joined #openwrt-devel
Svanto24 has quit [Ping timeout: 480 seconds]
Stat_headcrabbed has quit [Quit: Stat_headcrabbed]