Sunday, July 8, 2012

Kexec, and a Proof-of-Concept Source-Built Kernel for the Verizon SGS3

Here at Team Epic, we're excited that five US carriers are releasing nearly-identical models of the Samsung Galaxy S III.  Although we're focused on the Sprint model, such similarity across devices allows us to share code and ideas with development teams that focus on the SGS3 for other carriers.

Thus, we were disappointed to learn that the Verizon SGS3 model ships with a "locked" bootloader, that refuses to boot custom kernels.  We frown upon this situation, as such restrictions limit users' capability to make the best of devices they own.

However, it's been recently discovered that the Verizon SGS3 is capable of booting custom recoveries.  Also recently, we've finished porting kexec hardboot—a method of booting kernels through recovery without needing to flash them to the device—to the Sprint SGS3, a feature that would also enable Verizon SGS3 users to make use of custom kernels despite the locked bootloader.

And so, we now announce a proof-of-concept source-built kernel for the Verizon SGS3, complete with kexec hardboot support.  This kernel serves a few purposes:
  1. To be included in custom recovery images, as it proves the capability of booting-via-kexec custom kernels from recovery.
  2. To serve as a proof-of-concept boot kernel, to demonstrate that custom kernels are capable of running on the Verizon SGS3 in its present form.
  3. Allow a convenient method to multiboot into alternate ROM's.  For example, after CM9 for SGS3 LTE becomes available, bbelos will have a toolkit for you to install CM9-on-EMMC.  This allows for rapid, temporary use of alternate ROM's without any changing anything about your phone's standard ROM.
We hope that our kexec port, as demonstrated by our proof-of-concept kernel, proves useful to Verizon SGS3 developers and users.  However, beware that by virtue of the device shipping with a (partially) locked bootloader, a subsequent OTA update may remove the Verizon SGS3's ability to use the kexec hardboot approach in the future.  Thus, we warn Verizon SGS3 users to not apply any over-the-air (OTA) update, until it is first confirmed that custom recovery booting remains intact.

To Try Our Proof-of-Concept Kernel

WARNING: This is a proof-of-concept kernel intended for developers and experienced testers.  It offers no new features in addition to the stock kernel.  While we don't expect these kernel images to cause touble, improper installation of these kernel images may cause irreparable harm.  Use at your own risk.

1. Download the recovery.img (MD5: f1c01ad20e02751a73188f173eb412ca), which combines our source-based kernel with our previously released CWM v4.

2. Flash the recovery.img following these instructions, that is:
adb push recovery.img /sdcard/
adb shell
su
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p18 bs=256k
sync

3. Download these additional files:
  • boot.img (MD5: 30f89f6a6816c13bac2a39b419288d94), which combines our source-based kernel with the stock LF2 initrd.
  • boot_emmc_boot_img.zip (MD5: 84a3f98c194f6dedc583dbc75ccc34c2) or boot_sdcard_boot_img.zip (MD5: 88904d7e69d455ff88756b4d1ad79aac), which are applied in recovery to kexec (boot) the custom boot.img.

4. Place boot.img either on the internal SD card (the /sdcard/ folder), or on the external SD card (the /mnt/extSdCard/ folder).

The boot.img kernel boots directly out of one of these folders, it will not (and should not) be flashed to the device.

5.  If you're using the internal SD card, place boot_emmc_boot_img.zip in /sdcard/ as well.  If you're using the external SD card, place boot_sdcard_boot_img.zip in /mnt/extSdCard/.

6. Reboot into recovery.

7. If using the internal SD card, select "choose zip from internal sdcard", then "boot_emmc_boot_img.zip".  Alternatively, if using the external SD card, select "choose zip from sdcard", then "boot_sdcard_boot_img.zip".

At this point, the device should reboot "in the middle" of applying the update, temporarily booting boot.img.  If the update "completes" and returns to the CWM menu, kexec has failed.  Please check the locations of boot.img, and boot_emmc_boot_img.zip or boot_sdcard_boot_img.zip.

8.  Once booted, the custom kernel can be confirmed by checking "Kernel version" in "Settings", "About device".  It should report:
3.0.8-gdefeb6f
ic382@ganon #1
SMP PREEMPT Sun Jul 8 04:27:58 EDT
2012

9. To reboot into the stock kernel, select "Restart" from the Power menu, which will actually reboot into CWM recovery.  Press the Power button to select "reboot system now" and leave recovery.

Known Issues

At preset, reboot behavior while running kexec'd kernels is unusual.  Selecting "Restart" from the Power menu reboots into recovery automatically.  If the device is powered off, it may reboot into recovery on the next power on.  LPM (battery charging) mode may also not work immediately after powering off from a kexec'd kernel.

We are presently working to address these reboot issues in our SGS3 kexec port.  The problems are temporary, and resolve the next time the stock kernel is booted.  Should at any time the device appears frozen and unresponsive, holding the Power button for 5-10 seconds should force a reboot.  Alternatively, try holding Volume-up, Home, and Power to reboot into recovery.

Finally, at present, kexec hardboot is capable of booting source-based kernels only, as patches to the Linux decompressor are required to pass the appropriate boot options to the kexec'd kernel.

Kernel Sources

As of writing, Samsung has yet to release the official Verizon SGS3 (SCH-I535) kernel sources.  Our proof-of-concept kernel is built from the Sprint SGS3 (SPH-L710) source tree using the included m2_vzw_defconfig.

Our kexec hardboot port and additional boot.zip examples are available on GitHub:
Finally, for those interested: technical details of the kexec hardboot approach.  This was originally written for the Epic 4G, but the description applies to all devices kexec hardboot has been ported to.

If you appreciate our work, please consider supporting Team Epic with a tiny contribution!

11 comments:

  1. Could a checksum be included for the download links, please?

    ReplyDelete
    Replies
    1. Added, apologies for the oversight.

      Delete
  2. a large part of the android community is smiling right now :)

    ReplyDelete
  3. Kudos gentlemen. I had a feeling using the recovery to boot a kernel was the answer. Q though, is the recovery partition large enough to compile a kernel boot.IMG into it and boot from there as well? May be a secondary option. Build your recovery/kernel together and use the recovery to boot into the custom kernel. A little of a hassle, but plausible.

    ReplyDelete
    Replies
    1. The recovery partition is 10.5 MB, so it's large enough to house a single kernel image and a combined boot and recovery initrd. The bootloader even provides a command line argument that says when it's (trying) to boot recovery. So yes, we could use a multi-stage init to make the recovery partition dual-purposed.

      That's effectively what we've done on past Samsung devices that only have one kernel partition. But from a development perspective it's a pain, and it ties together the boot kernel and the recovery, which folks often like to replace separately.

      Delete
  4. Source has been released for kernel so that should be helpful!

    ReplyDelete
  5. Is this method sgs3 only, or can this be used to ignore other pesky locked down bootloaders on Verizon, such as the RAZR?

    ReplyDelete
    Replies
    1. There's nothing about the method that's specific to the SGS3. However it does rely on the ability to use a custom recovery kernel. I believe Motorola devices allows neither the boot nor the recovery kernel to be replaced, so no, this approach won't work there.

      Delete
  6. What kernel version are the patches for? I would like to implement kexec on the Samsung Galaxy Note i717 for booting testing/development kernels and working on an Ubuntu/other Native Linux port. I compiled the newly released 3.0.8 source with kexec support and built kexec-tools but it doesn't appear to be booting (just black screens and reboots after 3 seconds or so). I think there may be a problem with the kexec implementation of the kernel. If I could apply a patch to fix kexec on this kernel it would be great!

    ReplyDelete