Project

General

Profile

Actions
History

CellularModem » ModemProtocols » Samsung-ipc »

XMMBoot » History » Revision 76

« Previous | Revision 76/213 (diff) | Next »
Denis 'GNUtoo' Carikli, 03/25/2020 05:20 PM

XMMBoot

Introduction

For both libsamsung-ipc and the Linux driver it's interesting to understand better the boot of the modem in order to come with good names for the abstraction.

Abstraction

  • hci_power -> link_power
TODO:
  • Find the difference between power_on and boot_power_on
    • Look at the GPIOs and understand what they do
    • Just read the code that use the GPIOs
    • Diff both procedures
  • Look which device has which XMM626X
  • Add XMM6210 devices too

GPIOs

Devices GPIOs assignement and drivers

Variant SOC Modem Link GPIO usage GPIO assignement
Galaxy S:
GT-I91000 		Exynos 3110
Nexus S:
GT-I9020
GT-I9020A
GT-I9023 		Exynos 3110
Galaxy SII:
GT-I9100 		Exynos 4410 XMM6260 CONFIG_UMTS_MODEM_XMM6260=y
Galaxy Nexus:
GT-I9250 		OMAP 4460
Galaxy SIII:
GT-I9300 		Exynos 4412 XMM6262 HSIC CONFIG_UMTS_MODEM_XMM6262=y
Makefile
modem_modemctl_device_xmm6262.c 		CONFIG_SEC_MODEM_M0=y
Makefile
board-m0-modems.c
CONFIG_MACH_M0=y
gpio-midas.h
gpio-rev00-m0.h
Galaxy Note 8.0 GSM:
GT-N5100 		Exynos 4412
Galaxy Note II:
GT-N7100 		Exynos 4412
Galaxy Tab 2:
GT-P3100
GT-P5100 		OMAP 4430

GPIOs usage

TODO: make sure to mention what applies to what device
  • Start with I9300. Assume I9300 if device is not mentioned. Mention device when not I9300
  • Add more devices and mention them
gpio platform data name present absent Implementation comments
gpio_cp_on powers on the modem? in which state (PMIC?, CPU?)
* On GT-I9100 it's connected to the ON1 modem pin and ON2 is not connected.
gpio_cp_reset Resets the modem CPU? PMIC?:
* ''check the reset timming with C2C connection'' : Here C2C probably means chip to chip
Can also read the modem CPU? and/or PMIC? reset state?
* Reads from the GPIO and ''CP not ready, Active State low'' comment
gpio_reset_req_n
gpio_pda_active Tell the modem if the SOC CPUs are sleeping/active or not?
* PDA == Application processor
* ''PDA_ACTIVE, let cp know AP sleep'' comment in status gc1-gpio.c
* PDA_ACTIVE set to 0 right after cpu_pm_enter()
* PDA_ACTIVE set to 1 right before cpu_pm_exit()
* GPIO direction is output on AP side and input on BP side, which is also confirmed by the pinout table in XDA
gpio_phone_active
gpio_cp_dump_int
gpio_flm_uart_sel Only used for the Galaxy Nexus in libsamsung-ipc Modem download mode ?
gpio_cp_warm_reset
gpio_revers_bias_clear
gpio_revers_bias_restore
gpio_sim_detect Detect SIM card presence ?

Libsamsung-ipc

ioctl / function Devices
GT-I9250 (maguro) GT-I9100 GT-I9300 GT-N5100 GT-N7100 GT-P3100 / GT-P5100 (piranah)
open, close, read, write
fmt/rfs
gprs
power 		Yes
boot_power
status_online_wait 		Yes No
hci_power
link_control_enable
link_control_active
link_control_wait
link_get_hostwake_wait 		No Yes No
TODO:
  • Don't use abbreviated function names

libsamsung-ipc <-> kernel functions <-> gpios

libsamsung-ipc Kernel
Function using the ioctl ioctl name function pointer name GPIO used
xmm626_kernel_smdk4412_power IOCTL_MODEM_ON
IOCTL_MODEM_OFF 		modem_on
modem_off 		gpio_cp_on
gpio_cp_reset
gpio_reset_req_n
gpio_pda_active
gpio_phone_active
gpio_cp_dump_int
xmm626_kernel_smdk4412_boot_power IOCTL_MODEM_BOOT_ON
IOCTL_MODEM_BOOT_OFF 		modem_boot_on
modem_boot_off 		gpio_flm_uart_sel
gpio_cp_warm_reset
gpio_revers_bias_clear
gpio_revers_bias_restore
gpio_sim_detect

Glossary

Terms for the modem CPU:
  • BP: Baseband processor
  • CP: Cellular? processor
Term for the CPU of the system on a chip running Replicant:
  • AP: Application processor

TODO: move in its own page and point to it

SIM card presence detection

Do we really want to check the SIM card presence?

Would it be possible not to for privacy reasons?

Example:
  • Boot a modem with a SIM
  • Take away the SIM card
  • Go to a protest with only the SIM card and a phone with no data on it to be able to call if necessary.

TODO

  • check gpio_flm_uart_sel in smdk4412 kernel too

Modem partitions

GT-I9300, GT-N7100

Location Name Content
[ 0x0 -> 0xfff ] ? Partition table ?
[ 0x1000 -> 0xefff ] PSIRAM First stage bootloader ?
[ 0xF000 -> 0x27fff ] EBL Second stage bootloader ?
[ 0x28000 -> 0x9ff7ff ] MAIN ?
[ 0x9ff800 -> 0x9fffff ] SECPACK ?
[ 0xa00000 -> 0xbfffff ] NV nvdata default values?
TODO: find the place in libsamsung-ipc source mentioning that
References for the table:

GT-I9300 and GT-N7100 modem partition table dump

TODO:
  • Send patch for the modem-partition-tool#n33
  • Make sure that we know the device from the command line
  • Understand the field depths along the way when supporting more devices
  • Document all other devices that don't have this partition table
  • Find the name of this partition table
$ hexdump -C RADIO.img
00000000  50 53 49 52 41 4d 00 00  00 00 00 00 00 10 00 00  |PSIRAM..........|
00000010  00 00 00 00 00 e0 00 00  00 00 00 00 00 00 00 00  |................|
00000020  45 42 4c 00 00 00 00 00  00 00 00 00 00 f0 00 00  |EBL.............|
00000030  00 00 00 60 00 90 01 00  00 00 00 00 00 00 00 00  |...`............|
00000040  4d 41 49 4e 00 00 00 00  00 00 00 00 00 80 02 00  |MAIN............|
00000050  00 00 30 60 00 78 9d 00  00 00 00 00 00 00 00 00  |..0`.x..........|
00000060  53 45 43 50 41 43 4b 00  00 00 00 00 00 f8 9f 00  |SECPACK.........|
00000070  00 00 00 00 00 08 00 00  00 00 00 00 00 00 00 00  |................|
00000080  4e 56 00 00 00 00 00 00  00 00 00 00 00 00 a0 00  |NV..............|
00000090  00 00 e8 60 00 00 20 00  00 00 00 00 00 00 00 00  |...`.. .........|
000000a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
[...]

Devices without a partition table or with a different one

  • GT-I9100, GT-I9250, GT-N7000, GT-P3100
  • Probably GT-P5100 as well, as it's similar to GT-P3100
  • All the devices with Qualcomm modems (GT-I9305, GT-N7105)
Unknown:
  • Galaxy Note 8.0

Links

Updated by Denis 'GNUtoo' Carikli about 5 years ago · 76 revisions

Also available in: PDF HTML TXT