Bootloader

From Samsung H1 Wiki

Introduction

Samsung uses a proprietary Bootloader Stack for most of their devices, including the H1 and M1. This page will document how they work and how to replace them.

Samsung Bootloader Stack

The Bootloader Stack from Samsung consists of 2/3 Stages.

Stage 0

Not confirmed yet.

OneNAND contains a 2K big area (of which only 1K can be used) for a minimal bootloader,

which is used to jump to the real bootloader in NAND.

Posts on the U-Boot mailinglist indicate, that Samsung is using XLOADER to do that.

XLOADER would jump to PBL.

Stage 1

PBL, the Primitive Boot Loader, is Samsungs proprietary Stage 1 Bootloader.

It is used to do basic hardware initialization to get ready for the Stage 2 loader.

It is contained in the firmware files as "boot.bin".

Stage 2

SBL, the Secondary Boot Loader, is Samsungs proprietary Stage 2 Bootloader.

After PBL has done basic initialization, the job of SBL is to make the system ready for the operating system.

It also loads the Linux kernel and passes the necessary arguments (ATAGs) to it. Those are hardcoded in Sbl.

Despite of that it also draws the Samsung Logo on the display and lets the phone vibrate after turning it on.

Also it has the Odin_protocol implemented and is used for firmware updating.

Bypass SBL arguments using Linux

As Sbl has the ATAGs hardcoded, it is currently not possible to change the arguments it passes to Linux. But this can be bypassed by patching Linux and using the built in commandline, CONFIG_CMDLINE.

This line has to be commented so it isn't used:

linux/arch/arm/kernel/setup.c:
__tagtable(ATAG_CMDLINE, parse_tag_cmdline);

It is not a nice solution, but it works so far.