EC20 QFlash¶
The EC20 Qflash utility is using 3 different device modes to update the firmware:
a) QDL
b) QDL SBL / also named "Go mode" by Qflash
c) fastboot
Overview of one flash procedure¶
- Reboot into QDL mode
- QDL: Upload NPRG9x15.hex to enter QDL Streaming Mode
- Streaming: Flash *.mbn
- Streaming: Flash SBL2_temp
- Reboot into fastboot mode
- fastboot: Flash other parts
- Reboot into QDL
- QDL: Upload ENPRG9x15.hex to enter QDL Streaming Mode
- Streaming: Flash SBL2
- Reboot into new Firmware
QFLash in detail¶
How to enter QDL mode¶
Do one of:- Erase everything
- Pull down/up a specific GPIO
- AT+QDL
QDL mode¶
The QDL mode allows to load code into memory and execute it.
It's also possible to read Memory https://lkml.org/lkml/2017/8/8/177
QFlash is using loading and executing NPRG9x15.hex or ENPRG9x15.hex. to enter the
Try: ./ec20/NPRG9x15.hex or if it fails try ./ec20/ENPRG9x15.hex to enter next mode. E in ENPRG9x15 stand for emergency.
Qflash in QDL¶
Send Nop `0x7e 0x06 CRC 0x7e`
Send preq `0x7e 0x07 CRC 0x7e`
Upload hex file `0x7e 0x0f loadaddr|32bit size|16bit data CRC 0x7e`.
Go `0x7e 0x05 loadaddr|32bit CRC 0x7e`.
The device now go's into SBL / Go Mode
SBL / Go mode¶
Magic enter "QCOM fast download protocol host"
Upload partition table `0x7e 0x19 data CRC 0x7e`
- use partition.mbn if not accepted, try partition2.mbn
Flash mbns:
- SBL1: `sbl1.mbn`
- SBL2: `sbl2_tmp.mbn`
- RPM: `rpm.mbn`
- APPSBL: `appsboot_tmp.mbn`
The device now reboots into fastboot using the USB id 18d1:d00d (Google fastboot).
Device is in fastboot mode¶
flash parts:
- sbl2
- aboot
- dsp1
- dsp2
- dsp3
- system
- userdata
- recoveryfs
- boot
- recovery
Now reboots.
2nd QDL and QDL SBL mode:¶
The devices now reboots into QDL mode.
Enter SBL mode / Go mode using the emergency ENPRG9x15.hex.
It's flashing now the real SBL2 bootloader.
How Qflash finds out in which mode the device is?¶
Send `0x7e 0x06 CRC 0x73`
if recv "0x7e,0x02,0x6a,0xd3,0x7e" => download mode (QDL)
if recv "0x13,0x06,0x88,0xd5,0x7e" => normal mode (diag?)
if recv "0x7e,0x0e" => go mode (SBL)
FAQ: The device is in QDL and disconnect and reconnecting every 2 seconds¶
Uninstall the gobi-loader. The gobi-loader will try to load the Gobi2000 firmware into
the EC20 because the udev rules contains the QDL usb id (9008).
links¶
- https://github.com/alex-kas/nec_terrain directory /9008/
- https://github.com/aureljared/unbrick_8960
- qmi-firmware-update part of libqmi
Updated by lynxis over 6 years ago · 2 revisions
