Orange Pi 2G IoT Board Can Now Boot Linux from NAND Flash

Orange Pi 2G IoT is a $10 development board with a 2G cellular modem that was launched last March. The board is based on RDA Micro RDA8810PL processor designed for cheap Android phones, but Linux support was also promoted, and an RDA8810 Android SDK was released in April. It was the first time RDA8810 was used in a development board, and unsurprisingly it was, and still is, a challenge to use such board, as software support is on-going… So people who purchased the board has troubles with controlling GPIOs, or booting Linux from the SoC’s built-in NAND flash, instead reverting to booting from a micro SD card. Luckily, Orange Pi forum’s user surfero75 worked on the latter, found a solution, and posted instructions in Spanish. He wrote those instructions leveraging the work done by Aib user, and I summarized the main steps below explaining how install and boot from NAND flash (Warning: This could potentially brick your board if something …

Hacking ARM TrustZone / Secure Boot on Amlogic S905 SoC

Amlogic S905 processor used in many Android TV boxes and ODROID-C2 development board implements ARM TrustZone security extensions to run a Trusted Execution Environment (TEE) used for DRM & other security features. However, Frédéric Basse, a security engineer, worked with others and managed to bypass secure boot in one Amlogic S905 powered Android TV box, namely Inphic i7, but any other device based on the processor would have made the same thing possible. He explains the steps they went through and how they managed to exploit vulnerability to bypass secure boot in a detailed technical blog post. They first started by looking for info in Amlogic S905 datasheet, but most info about TrustZone had been removed from the public version. So not that much help here except a potential address for BOM Root (ROMBOOT_START   0xD9040000). The next step was to connect the UART pins in order to access the serial console, but he could not read the BootROM from …

Raspberry Pi Bootloader License Precludes it to Run on Competing Broadcom BCM283x Boards

Yesterday I wrote about ArduCAM Raspberry Pi compatible module, that packs most of the features of Raspberry Pi Zero or Pi Compute module into a 24x24mm board, and is based on Broadcom BCM2835 processor. One person also started a thread on Raspberry Pi forums about the tiny module, and one of the Raspberry Pi engineer and forum moderator replied that will would breach the bootloader license. The important part is the sentence highlighted above: This software may only be used for the purpose of developing for, running or using a Raspberry Pi device. ArduCAM module is only Raspberry Pi compatible, so it would indeed breach the license, and you can get into troubles if you planned to use that module in a commercial project, especially in countries where IP protection is taking seriously. This raises a few questions. First why did the Raspberry Pi foundation chose that restrictive license? The obvious answer would be to protect there investment, but it’s …

Preliminary Open Source Bootloader for Raspberry Pi Boards Released

Raspberry Pi boards require a closed-source binary to boot. I understand it this is handled by VideoCore IV GPU,  and so  far the Raspberry Pi foundation are not release source code for the bootloader, possibly due to legal reason (e.g. NDA to Broadcom). But I noticed people chatting about an open source bootloader for Raspberry Pi on sunxi-linux IRC channel. The bootloaded called rpi-open-firmware has been developed by Kristina Brooks (christinaa), who previously did some work on the VideoCore IV GPU, as you can see on her blog and github account. Kristina describe the project as follows: This is a small firmware for RPi VPU (VideoCore4) versions 1/2/3 that is capable of initializing VPU PLL (PLLC), UART, SDRAM and ARM itself. It’s intended to be used instead of stock bootcode.bin on RPi’s SD card. You need to have UART to see anything meaningful as far as output goes. This has been tested on RPi1 Model B (Hynix PoP DDR), RPi …

MYiR Tech Announces Low Cost Rico and Z-turn Boards Powered by TI AM437x and Xilinx Zynq-7010 SoCs

Shenzhen based MYIR Tech has just launched two new single board computers with Rico board featuring Texas Instruments Sitara AM437x ARM Cortex A9 industrial processor, and Z-Turn board based on Xilinx Zynq-7010 ARM Cortex A9 + FPGA SoC. Both boards sell for $99 in single quantity. Rico Board Specifications: SoC – Texas Instruments AM4379 single core ARM Cortex A9 processor @ 1.0GHz with PowerVR SGX530 GPU, and 4x PRU @ 200 MHz. Other AM437x on request. System Memory – 512MB DDR3 (Options: 256MB or 1GB) Storage – 4GB eMMC, 256 or 512 MB NAND flash (reserved), 16MB QSPI flash, 32KB EEPROM, and micro SD slot Video Output – HDMI and LCD interfaces (LCD connector located on bottom of the board). Connectivity  – 10/100/1000 Mbps Ethernet USB – 1x mini USB 2.0 device port, 1x USB 2.0 host post Camera – 2x 30-pin camera interface Debugging – 1x debug serial port, 1x 20-pin JTAG interface, 1x 14-pin JTAG interface Expansion Headers …

AllWinner Linux-sunxi Community Presentation and Status Report – FOSDEM 2014

Oliver Schinagl, a member of linux-sunxi community working on open source kernel and bootloader for AllWinner SoCs, has given a presentation of the community at FOSDEM 2014 to give an overview, and show what progress has been made to date. I’ll write a summary in this post, but if you want to watch the video and/or access the slides scroll down at the bottom of the post. After explaining what sunxi is, and introducing himself, he gave some information about AllWinner and their SoCs: Founded in 2007 in Zhuhai, Chiang now with 550 employees including 450+ engineers 15% market share in 2013 for tablet SoCs, only behind Apple. Products: F-series SoC (2010), A10 (2011), A13, A10s (2012), and A20 (2013). (cnsoft He skipped A31(s) and A80 here as they are not really supported by the community). They list “Open Source Source” and “GPLv3” in their marketing materials although they clearly violate GPL in some part of the code. Progress is …

Geniatech Releases ATV510B Source Code, Teases Dual and Quad Core ATV130 and ATV180 mini PCs

XBMCHUB (not affiliated with XBMC) reports that Geniatech has released the Android and Linux source code for ATV510B, one of Geniatech set-top boxes based on AML8726-M3 Cortex A9 processor. ATV510B is the design used by devices such as Pivos XIOS DS, Jynxbox Android HD, Sumvision Cyclone Nano M3, and MyGica ATV510B Enjoy TV Nano 3, among others. Pivos has made U-boot, Linux and XBMC source code available in github for a little while now, but this new release is a pretty large file (2.39 GB) called xbmcandroid_com-ics-base-M3-20121212.tar.bz2 that includes Android 4.0 source including the kernel and the bootloader. This source code should work with “stvmc” hardware, as found in build.prop’s ro.product.name or ro.product.device keys. I haven’t looked into details, but here’s the content of the root directory of the archive: On a separate note, Geniatech also showed the picture below on their Facebook page, with 2 new Android TV Sticks: one based on AML8726-MX with MHL support called ATV130, and …

Booting Linux in Less Than 1 Second in AllWinner A10 Devices? Yes! You Can!

threewater, a Chinese developer, has just posted a very interesting demo on linux-sunxi mailing list showing a device based on AllWinner A10 boot linux within 0.85s, and if you add a Qt app, the total time is just about 1.2s. This appears to be a custom hardware (EM6000), but we do know it’s based on AllWinner A10, comes with 512 MB RAM, and 4GB NAND Flash. On the software side, the device runs kernel 3.4 from linux-sunxi, with a customized version of uboot, a squashfs rootfs, and a Qt 4.7.4 app showing a gauge. Both the rootfs (7MB) and the kernel (2MB) have been compressed with LZO. All that boots from NAND flash for optimal speed. The 1.2 second time includes kernel + rootfs + app time, and the total time is a bit longer, but this is still impressive. Here’s the boot log:

If you just boot to the command line, it’s even faster:

This is not …