Flashing an eMMC image returns "Error: Not implemented yet"

[l29ah]

Waiting for USB device...  
Found USB device: RX-51/RM-680 (0x421:0x1c8) in Mk II protocol mode
USB device product string: N900 (PC-Suite Mode)
USB device serial number string: (not detected)
Detected USB device: RX-51            

Initializing Mk II protocol...
Detected Mk II protocol version: 
Supported images by current device configuration: xloader secondary kernel mmc cmt-2nd cmt-algo cmt-mcusw
Mode: Update
Device: RX-51
HW revision: 2101
NOLO version: (not detected)
Kernel version: (not detected)
Initfs version: (not detected)
Software release version: RX-51_2009SE_21.2011.38-1_PR_MR0
Content eMMC version: (not detected)
Root device: (not detected)
USB host mode: (not detected)
R&D mode: (not detected)

Error: Not implemented yet

[pali]

That is truth, flashing via Mk II protocol is not implemented yet. It is also written in TODO:

0xFFFF/TODO

Lines 22 to 23 in 3344248

	mkii:
	* Support for flashing

Protocol is described in file doc/mkii and some initial code is in src/mkii.c

0xFFFF/src/mkii.c

Lines 191 to 337 in 3344248

	int mkii_flash_image(struct usb_device_info * dev, struct image * image) {
	char buf1[512];
	char buf[2048];
	struct mkii_message * msg1;
	struct mkii_message * msg;
	char * ptr;
	const char * type;
	uint8_t len;
	uint16_t hash;
	uint32_t size;
	int ret;
	ERROR("Not implemented yet");
	return -1;
	if ( ! ( dev->data & (1UL << image->type) ) ) {
	ERROR("Flashing image %s is not supported in current device configuration", image_type_to_string(image->type));
	return -1;
	}
	msg = (struct mkii_message *)buf;
	msg1 = (struct mkii_message *)buf1;
	ptr = msg->data;
	/* Signature */
	memcpy(ptr, "\x2E\x19\x01\x01", 4);
	ptr += 4;
	/* Space */
	memcpy(ptr, "\x00", 1);
	ptr += 1;
	/* Hash */
	hash = htons(image->hash);
	memcpy(ptr, &hash, 2);
	ptr += 2;
	/* Type */
	type = image_type_to_string(image->type);
	if ( ! type )
	ERROR_RETURN("Unknown image type", -1);
	memset(ptr, 0, 12);
	strncpy(ptr, type, 12);
	ptr += 12;
	/* Size */
	size = htonl(image->size);
	memcpy(ptr, &size, 4);
	ptr += 4;
	/* Space */
	memcpy(ptr, "\x00\x00\x00\x00", 4);
	ptr += 4;
	/* Device & hwrev */
	if ( image->devices ) {
	int i;
	uint8_t len;
	char buf[9];
	char ** bufs = NULL;
	struct device_list * device = image->devices;
	while ( device ) {
	if ( device->device == dev->device && hwrev_is_valid(device->hwrevs, dev->hwrev) )
	break;
	device = device->next;
	}
	if ( device )
	bufs = device_list_alloc_to_bufs(device);
	if ( bufs ) {
	memset(buf, 0, sizeof(buf));
	snprintf(buf, 8+1, "%d", dev->hwrev);
	for ( i = 0; bufs[i]; ++i ) {
	len = ((uint8_t*)bufs[i])[0];
	if ( MEMMEM(bufs[i]+1, len, buf, strlen(buf)) )
	break;
	}
	if ( bufs[i] ) {
	/* Device & hwrev string header */
	memcpy(ptr, "\x32", 1);
	ptr += 1;
	/* Device & hwrev string size */
	memcpy(ptr, &len, 1);
	ptr += 1;
	/* Device & hwrev string */
	memcpy(ptr, bufs[i]+1, len);
	ptr += len;
	}
	free(bufs);
	}
	}
	/* Version */
	if ( image->version ) {
	len = strnlen(image->version, 255) + 1;
	/* Version string header */
	memcpy(ptr, "\x31", 1);
	ptr += 1;
	/* Version string size */
	memcpy(ptr, &len, 1);
	ptr += 1;
	/* Version string */
	memcpy(ptr, image->version, len);
	ptr += len;
	}
	/* append layout subsection */
	if ( image->layout ) {
	len = strlen(image->layout);
	/* Layout header */
	memcpy(ptr, "\x33", 1);
	ptr += 1;
	/* Layout size */
	memcpy(ptr, &len, 1);
	ptr += 1;
	/* Layout string */
	memcpy(ptr, image->layout, len);
	ptr += len;
	}
	/* end */
	memcpy(ptr, "\x00", 1);
	ptr += 1;
	ret = mkii_send_receive(dev->udev, 0x03, msg1, 0, msg1, sizeof(buf1));
	if ( ret != 1 || msg1->data[0] != 0 )
	return -1;
	ret = mkii_send_receive(dev->udev, 0x04, msg, ptr - msg->data, msg, sizeof(buf));
	if ( ret != 9 )
	return -1;
	/* TODO: send image itself */
	return 0;
	}

Patches for full implementation are welcome :-)

[l29ah]

It support via USB flashing any image type to Maemo device

in README is incorrect then, ok

[l29ah]

I'll give it a try.

[l29ah]

Does the raw data on ep=2 size=1048576 correspond to the stuff i get by calling image_read?

[pali]

Yes. You can look at nolo_send_image() which is similar, but data over usb are sent differently.

[pali]

In attachment you can find sniffed usb log when flashing emmc image. mkii.log For such purpose there libusb-sniff.c library.

[l29ah]

Damn, it seems like i bricked it even more than it used to be. It times out at ret = mkii_send_receive(dev->udev, 0x03, msg1, 0, msg1, sizeof(buf1)); every time and the screen behaviour suggests it tries to boot or smth.

[l29ah]

Oh, nvm, it times out in the raw data sending after 100s. I wonder if i must/should usb_bulk_write the whole 1048576 pack at once.

[pali]

I have no idea. This is something which I not tested yet...

[l29ah]

Also i wonder if usb 1-1.2: usbfs: process 17803 (0xFFFF) did not claim interface 2 before use is related to my troubles.

[l29ah]

Hmm, usb_strerror at the entrance of mkii_flash_image says Error: could not detach kernel driver from interface 1: No data available.

The current state of my code is there: l29ah@4580ed4
Maybe i'm missing something, but now the usb_bulk_write exits either with a timeout, or with error submitting URB: No such file or directory.

[pali]

Hmm, usb_strerror at the entrance of mkii_flash_image says Error: could not detach kernel driver from interface 1: No data available.

Maybe thats because there is no attached kernel driver, so nothing is possible to detach?

The current state of my code is there: l29ah@4580ed4
Maybe i'm missing something, but now the usb_bulk_write exits either with a timeout, or with error submitting URB: No such file or directory.

You can recheck which data are sending/receiving via USB bus with libusb-sniff.

[pali]

The best way is really to run 0xFFFF under libusb-sniff. That mkii.log file was created by running flasher-3.5 under libusb-sniff. Just call make libusb-sniff-64.so (or -32.so) and run sudo LD_PRELOAD=./libusb-sniff-64.so ./0xFFFF ... Or look into libusb-sniff.c source for details.