EC20 QFlash » History » Version 2
lynxis, 09/03/2017 02:04 PM
add section links
1 | 1 | lynxis | h1. EC20 QFlash |
---|---|---|---|
2 | |||
3 | The EC20 Qflash utility is using 3 different device modes to update the firmware: |
||
4 | a) QDL |
||
5 | b) QDL SBL / also named "Go mode" by Qflash |
||
6 | c) fastboot |
||
7 | |||
8 | h2. Overview of one flash procedure |
||
9 | |||
10 | # Reboot into QDL mode |
||
11 | # QDL: Upload NPRG9x15.hex to enter QDL Streaming Mode |
||
12 | # Streaming: Flash *.mbn |
||
13 | # Streaming: Flash SBL2_temp |
||
14 | # Reboot into fastboot mode |
||
15 | # fastboot: Flash other parts |
||
16 | # Reboot into QDL |
||
17 | # QDL: Upload ENPRG9x15.hex to enter QDL Streaming Mode |
||
18 | # Streaming: Flash SBL2 |
||
19 | # Reboot into new Firmware |
||
20 | |||
21 | h2. QFLash in detail |
||
22 | |||
23 | h3. How to enter QDL mode |
||
24 | |||
25 | Do one of: |
||
26 | * Erase everything |
||
27 | * Pull down/up a specific GPIO |
||
28 | * AT+QDL |
||
29 | |||
30 | h3. QDL mode |
||
31 | |||
32 | The QDL mode allows to load code into memory and execute it. |
||
33 | It's also possible to read Memory https://lkml.org/lkml/2017/8/8/177 |
||
34 | QFlash is using loading and executing *NPRG9x15.hex* or *ENPRG9x15.hex*. to enter the |
||
35 | |||
36 | Try: ./ec20/NPRG9x15.hex or if it fails try ./ec20/ENPRG9x15.hex to enter next mode. E in ENPRG9x15 stand for emergency. |
||
37 | |||
38 | h3. Qflash in QDL |
||
39 | |||
40 | Send Nop `0x7e 0x06 CRC 0x7e` |
||
41 | Send preq `0x7e 0x07 CRC 0x7e` |
||
42 | Upload hex file `0x7e 0x0f loadaddr|32bit size|16bit data CRC 0x7e`. |
||
43 | Go `0x7e 0x05 loadaddr|32bit CRC 0x7e`. |
||
44 | The device now go's into SBL / Go Mode |
||
45 | |||
46 | h3. SBL / Go mode |
||
47 | |||
48 | Magic enter "QCOM fast download protocol host" |
||
49 | Upload partition table `0x7e 0x19 data CRC 0x7e` |
||
50 | - use partition.mbn if not accepted, try partition2.mbn |
||
51 | Flash mbns: |
||
52 | - SBL1: `sbl1.mbn` |
||
53 | - SBL2: `sbl2_tmp.mbn` |
||
54 | - RPM: `rpm.mbn` |
||
55 | - APPSBL: `appsboot_tmp.mbn` |
||
56 | |||
57 | The device now reboots into fastboot using the USB id 18d1:d00d (Google fastboot). |
||
58 | |||
59 | h3. Device is in fastboot mode |
||
60 | |||
61 | flash parts: |
||
62 | - sbl2 |
||
63 | - aboot |
||
64 | - dsp1 |
||
65 | - dsp2 |
||
66 | - dsp3 |
||
67 | - system |
||
68 | - userdata |
||
69 | - recoveryfs |
||
70 | - boot |
||
71 | - recovery |
||
72 | |||
73 | Now reboots. |
||
74 | |||
75 | h3. 2nd QDL and QDL SBL mode: |
||
76 | |||
77 | The devices now reboots into QDL mode. |
||
78 | Enter SBL mode / Go mode using the emergency **ENPRG9x15.hex**. |
||
79 | |||
80 | It's flashing now the *real* SBL2 bootloader. |
||
81 | |||
82 | h2. How Qflash finds out in which mode the device is? |
||
83 | |||
84 | Send `0x7e 0x06 CRC 0x73` |
||
85 | if recv "0x7e,0x02,0x6a,0xd3,0x7e" => download mode (QDL) |
||
86 | if recv "0x13,0x06,0x88,0xd5,0x7e" => normal mode (diag?) |
||
87 | if recv "0x7e,0x0e" => go mode (SBL) |
||
88 | |||
89 | h2. FAQ: The device is in QDL and disconnect and reconnecting every 2 seconds |
||
90 | |||
91 | Uninstall the gobi-loader. The gobi-loader will try to load the Gobi2000 firmware into |
||
92 | the EC20 because the udev rules contains the QDL usb id (9008). |
||
93 | 2 | lynxis | |
94 | h1. links |
||
95 | |||
96 | * https://github.com/alex-kas/nec_terrain directory /9008/ |
||
97 | * https://github.com/aureljared/unbrick_8960 |
||
98 | * qmi-firmware-update part of libqmi |