See OMAPBootrom for more information on the OMAP restricted boot.
hpagseddy and GNUtoo also found that when using odin to flash the MLO partition, odin interface makes the user think that the MLO partition was flashed correctly, while odin didn't flash anything. That may be due to the partition being set Read-Only and/or to the "File Offset" and "File Size" being 0.
-- Entry #0 --- Binary Type: 0 (AP) Device Type: 2 (MMC) Identifier: 1 Attributes: 0 (Read-Only) Update Attributes: 0 Partition Block Size/Offset: 0 Partition Block Count: 0 File Offset (Obsolete): 0 File Size (Obsolete): 0 Partition Name: X-loader Flash Filename: MLO FOTA Filename:
We know that nothing was successfuly flashed as we dumped MLO, and verified that the binary was signed by looking if it contained the strings that indicate that (PRIMAPP, KEYS, CertPK_)
As MLO is under the GPLv2+, its binaries are also under that license.
This means that if the binaries are not signed, they are legally speaking and practically speaking free software. So if we find the full and corresponding source code (which is or was probably distributed by Samsung on opensource.samsung.com) we can use them and redistribute them very easily.
As for the signed versions, while we can legally distribute them as well, as they are legally under a free software license, they are signed with keys that users don't have. If users don't have the ability to run modified version then they are practically speaking not free software.
Weather or not the binaries also work on unsigned devices and if they can be modified on such devices remains to be tested.
| Device | Android version | String | Signed |
|---|---|---|---|
| I9100G_CHN_CHN | Android 2.3.6 | Texas Instruments X-Loader 1.41 (Mar 20 2012 - 11:20:26) | Yes |
| ? | Android 4.1.2 | Texas Instruments X-Loader 1.41 (Jun 27 2013 - 18:34:17) | Yes |
To do that you need to get into the ODIN MODE that is typically used to install the Replicant recovery:
When this is done, it should show some text:
ODIN MODE PRODUCT NAME: GT-I9100G_CHN_CHN
Here CHN_CHN probably refers to the Chinese version. And it looks like that version has a signed bootloader: According to a thread on the XDA developers forum "Means that you own a chinese bootloader locked I9100G. You can't flash any other bootloader than the chinese one."
If we do that, we get the following in the kernel log of your laptop:
usb 1-1: new high-speed USB device number 24 using ehci-pci usb 1-1: unable to get BOS descriptor or descriptor too short usb 1-1: New USB device found, idVendor=0451, idProduct=d00f, bcdDevice= 0.00 usb 1-1: New USB device strings: Mfr=33, Product=37, SerialNumber=0 usb 1-1: Product: OMAP4430 usb 1-1: Manufacturer: Texas Instruments
Note that your kernel might need to be compiled with CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
to print that. In Parabola CONFIG_USB_ANNOUNCE_NEW_DEVICES=y is enabled.
We can also try to get a bit more infos with omap-usb-boot:
$ sudo omap-usb-boot -v -w boot invalidbootmedia Finding and opening USB device Found and opened omap4 USB device: OMAP4430 ASIC device id: 4430, HS device Booting from device invalidbootmedia... Booting device invalidbootmedia not found Booting from device failed
Here we know the device is signed because it's a "HS device".
If it was not signed it would print "GP device" instead.
hpagseddy/i9100g_xloader is based on ths-backup/i9100g_xloader which has an ics (Icecream Sandwitch, an Android version) branch only. According to hpagseddy, that branch is also used for Android Jelly brean.
It's still unclear if there is some correlation between Android version and signed bootloaders.
The device that was given to GNUtoo that has a signed bootloader also has the following characteristics:
Software state: Running the stock OS, unmodified
Android version: Android 2.3.6
Baseband version: IG9100GZCLC2
Build number: GINGERBREAD.ZCLC2
Kernel version: 2.6.35.7 se.infra@SEI-30#2
According to a thread on XDA there is a corelation between the Baseband version and the geographic zone that is targeted. And as we can see above, the Build number seem to be related to the Baseband version as well. While the list of baseband versions is incomplete, we can still use it to avoid the Chinese version (CHN_CHN) which has a signed bootloader.
At this point it's also still unclear if any of the other characteristics above correlate to signed or unsigned bootloaders.
As the binaries are under the GPLv2 or later, It would also be a good idea to collect all of them, match them with the device characteristics like the Build number and Baseband version, and verify if they are signed or not with some free software tool.
We could even publish the unsigned versions. As for the signed versions, if they cannot run on devices that don't enforce bootloader signatures, it would probably not be a good idea to publish them as the binaries wouldn't respect the 4 freedoms, but we can still check with the FSF if they have good ideas on that point.