I have a little confused.
[If your console is new (you bought it 09 or later)you could still have the 1bl updated
If its 8xxx then you have updated and there currently is no way to run xbr/freeboot/xell.]
From http://free60.git.sourceforge.net/git/gitweb.cgi?p=free60/tools;a=blob;f=imgbuild/hack.txt;h=a5675bfa4e414b3688197528b76307f0f5af2ccc;hb=HEAD
[If the 2BL pairing block is all-zero, the
pairing block will not be checked. However, a bit is set so that the kernel
doesn't boot the dashboard binary, but a special binary called
"MfgBootLauncher", where "Mfg" probably stands for "Manufacturing". So this
is a leftover of the production process, where the flash image is used on
all hardware, probably also before any CPU-key has been programmed.]
My console is 8955, and bought at 2010
So the question are?
1. Where is the CPU-key stored? Is it in the CPU chip?
I think all the CPU chip is the same before assembled on PCB.
And doc. on free60 mentioned CPU-key maybe been programmed after manufacturing stage.
And is it possible to program CPU-key ourself?
2. If I use SMT socket which means I can program any data I want to NAND, without any exploit to use.
Is there still no way for Downgrading? Is the reason I don't get the CPU-key for the console?
3. I know 1bl is about 32KB rom code that buried deep inside the CPU die. The only work to do is to load
2bl from nand and decrypts to internal ram. Then transfer PC to 2bl. It seems no exploit used at this stage.
Any docs?
Thanks!
Best Regards
Jerry
Author
Topic: 4 Step Guide To Flashing Xbreboot With Gentoo Linux (Read 509 times)