EC20 QFlash » History » Version 1
lynxis, 09/02/2017 05:04 PM
| 1 | 1 | lynxis | h1. EC20 QFlash |
|---|---|---|---|
| 2 | |||
| 3 | The EC20 Qflash utility is using 3 different device modes to update the firmware: |
||
| 4 | a) QDL |
||
| 5 | b) QDL SBL / also named "Go mode" by Qflash |
||
| 6 | c) fastboot |
||
| 7 | |||
| 8 | h2. Overview of one flash procedure |
||
| 9 | |||
| 10 | # Reboot into QDL mode |
||
| 11 | # QDL: Upload NPRG9x15.hex to enter QDL Streaming Mode |
||
| 12 | # Streaming: Flash *.mbn |
||
| 13 | # Streaming: Flash SBL2_temp |
||
| 14 | # Reboot into fastboot mode |
||
| 15 | # fastboot: Flash other parts |
||
| 16 | # Reboot into QDL |
||
| 17 | # QDL: Upload ENPRG9x15.hex to enter QDL Streaming Mode |
||
| 18 | # Streaming: Flash SBL2 |
||
| 19 | # Reboot into new Firmware |
||
| 20 | |||
| 21 | h2. QFLash in detail |
||
| 22 | |||
| 23 | h3. How to enter QDL mode |
||
| 24 | |||
| 25 | Do one of: |
||
| 26 | * Erase everything |
||
| 27 | * Pull down/up a specific GPIO |
||
| 28 | * AT+QDL |
||
| 29 | |||
| 30 | h3. QDL mode |
||
| 31 | |||
| 32 | The QDL mode allows to load code into memory and execute it. |
||
| 33 | It's also possible to read Memory https://lkml.org/lkml/2017/8/8/177 |
||
| 34 | QFlash is using loading and executing *NPRG9x15.hex* or *ENPRG9x15.hex*. to enter the |
||
| 35 | |||
| 36 | Try: ./ec20/NPRG9x15.hex or if it fails try ./ec20/ENPRG9x15.hex to enter next mode. E in ENPRG9x15 stand for emergency. |
||
| 37 | |||
| 38 | h3. Qflash in QDL |
||
| 39 | |||
| 40 | Send Nop `0x7e 0x06 CRC 0x7e` |
||
| 41 | Send preq `0x7e 0x07 CRC 0x7e` |
||
| 42 | Upload hex file `0x7e 0x0f loadaddr|32bit size|16bit data CRC 0x7e`. |
||
| 43 | Go `0x7e 0x05 loadaddr|32bit CRC 0x7e`. |
||
| 44 | The device now go's into SBL / Go Mode |
||
| 45 | |||
| 46 | h3. SBL / Go mode |
||
| 47 | |||
| 48 | Magic enter "QCOM fast download protocol host" |
||
| 49 | Upload partition table `0x7e 0x19 data CRC 0x7e` |
||
| 50 | - use partition.mbn if not accepted, try partition2.mbn |
||
| 51 | Flash mbns: |
||
| 52 | - SBL1: `sbl1.mbn` |
||
| 53 | - SBL2: `sbl2_tmp.mbn` |
||
| 54 | - RPM: `rpm.mbn` |
||
| 55 | - APPSBL: `appsboot_tmp.mbn` |
||
| 56 | |||
| 57 | The device now reboots into fastboot using the USB id 18d1:d00d (Google fastboot). |
||
| 58 | |||
| 59 | h3. Device is in fastboot mode |
||
| 60 | |||
| 61 | flash parts: |
||
| 62 | - sbl2 |
||
| 63 | - aboot |
||
| 64 | - dsp1 |
||
| 65 | - dsp2 |
||
| 66 | - dsp3 |
||
| 67 | - system |
||
| 68 | - userdata |
||
| 69 | - recoveryfs |
||
| 70 | - boot |
||
| 71 | - recovery |
||
| 72 | |||
| 73 | Now reboots. |
||
| 74 | |||
| 75 | h3. 2nd QDL and QDL SBL mode: |
||
| 76 | |||
| 77 | The devices now reboots into QDL mode. |
||
| 78 | Enter SBL mode / Go mode using the emergency **ENPRG9x15.hex**. |
||
| 79 | |||
| 80 | It's flashing now the *real* SBL2 bootloader. |
||
| 81 | |||
| 82 | h2. How Qflash finds out in which mode the device is? |
||
| 83 | |||
| 84 | Send `0x7e 0x06 CRC 0x73` |
||
| 85 | if recv "0x7e,0x02,0x6a,0xd3,0x7e" => download mode (QDL) |
||
| 86 | if recv "0x13,0x06,0x88,0xd5,0x7e" => normal mode (diag?) |
||
| 87 | if recv "0x7e,0x0e" => go mode (SBL) |
||
| 88 | |||
| 89 | h2. FAQ: The device is in QDL and disconnect and reconnecting every 2 seconds |
||
| 90 | |||
| 91 | Uninstall the gobi-loader. The gobi-loader will try to load the Gobi2000 firmware into |
||
| 92 | the EC20 because the udev rules contains the QDL usb id (9008). |
