OMAPBootrom » History » Revision 7
Revision 6 (Denis 'GNUtoo' Carikli, 03/27/2020 01:16 AM) → Revision 7/23 (Denis 'GNUtoo' Carikli, 03/27/2020 01:30 AM)
h1. OMAPBootrom h2. Documentation The "droiddevelopers website":http://droiddevelopers.org has some information on trying to use bugs run free software on several Motorola devices. | Device | SOC | | "Motorola Milestone":https://en.wikipedia.org/wiki/Motorola_Milestone | OMAP 3430 | | "Motorola Milestone 2":https://en.wikipedia.org/wiki/Motorola_Milestone_2| OMAP 3630 | | "Motorola Defy (MB525)":https://en.wikipedia.org/wiki/Motorola_Defy | OMAP3630? | | Motorola Defy+ (MB526) | OMAP3 (which one?) | That website has many information: * It has documentation on the structure of signed MLOs TODO: * Read droiddevelopers more to understand restricted boot better. * Also the OMAP wiki might have some information on OMAP restricted boot. * Also look if there is substancial information in the Technical Reference Manual (TRM) about fuses but that's unlikely. h2. Code * As march 2020, there are no fuses driver or code for any OMAP in either u-boot, Barebox, Linux, barebox, linux, or crucible. * U-boot documentation mention TI tools that have to be obtained after signing an NDA * TODO: check if chipsec has infos on OMAP fuses h2. Possible attacks * Even if it's unlikely, once we understand the OMAP restricted boot better, we could check if some devices are signed but not in enforcing mode. h2. Links * http://www.droid-developers.org : This attempts to run user code on several Motorolla smartphones. It includes analysis of the boot chain: ** "Application_Processor_Boot_ROM":http://www.droid-developers.org/wiki/Application_Processor_Boot_ROM ** "Booting_chain":http://www.droid-developers.org/wiki/Booting_chain