Version 6 - History - EC20 DFOTA - Qualcomm Linux Modems by Quectel & Co - Open Source Mobile Communications

EC20 DFOTA » History » Version 6

zecke, 12/23/2016 10:39 AM

-zecke
+h1. EC20/EC25 Delta Firmware over the air (DFOTA) upgrades
-zecke
+An example of the DFOTA file is here: http://dfota.quectel-service.com:8088/Dfiles/EC20/EC20EQAR02A05V03-R02A09V02.zip. EC25 seems to use the stock "recovery"/"applypatch".
 zecke
-zecke
+h2. Mechanism
 It is based on the recovery.git of Android. For the EC20 the delta format (and RSA signing) has been replaced by the usage of
 RedBend FOTA. The RedBend FOTA is used by other Qualcomm customers too and is also used on the UC20. For the EC25 it
 seems that the stock Android/LinuxFoundation @recovery@ is used.
 The general approach is:
 * APN is configured for the Linux system
 * AT+QFOTADL is handled by atfwd_daemon and starts @wget@ to write to @update.zip@
 * @"IP_START_UPDATE" > /cache/fota/ipth_config_dfs.txt@
 * Reboot into the recovery image
 * recovery will apply the update.
-zecke
+h2. Start delta upgrade
 <pre>
-zecke
+AT+QICSGP=1,1,"APN_NAME_HERE","","",1
-zecke
+AT+QFOTADL="http://dfota.quectel-service.com:8088/Dfiles/EC20/EC20EQAR02A05V03-R02A09V02.zip"
 </pre>
 It will start an internal connection manager to terminate data on the Linux module and then run wget to store the file to
 "update.zip". If it worked a reboot into the recovery system will be made.
 h2. Recovery image
 It seems that /usr/bin/recovery will be started and finds a update.zip in the right partition and will then apply
-zecke
+the delta updates. On exit it will reboot the system.
 zecke
 h2. Delta format
-zecke
+Delta updates are available for the bootloader (?), dsp, userdata and system. The delta image contains a
 FileNamesTable that has a null terminated ascii string of which part to update. The partition table for RedBend
 is populated with information if this is a filsystem or image update.
 zecke
 <pre>
 struct upgrade_file_begin {
    uint32_t checksum; // ???? different in all of these upgrades
-zecke
+   uint32_t __le len; // len.. E.g. 184014 of a 184059 file, len includes the size of len+checksum too
-zecke
+   ... still a lot of 32bit length.. not really TLV
 };
 struct upgrade_file_trailer {
   uint32_t __le len;
   char name[len]; with trailing \0
   uint32_t null_end (four bytes 0x00)
 };
 </pre>
 zecke
-zecke
+<pre>
-zecke
+Trailer... checksum.. len.. data..  chunks a 32bit aligned with 0x00 padding inbetween.. can be seen with the dsp2.diff
 zecke
-zecke
+# system.diff
 c113566 2b00000050400100803801000000000000030000010000000700000073797374656d0000000000
 # userdata.diff
 f30 2d00000050400100803801000000000000030000010000000900000075736572646174610000000000
-zecke
+# dsp2.diff
-zecke
+ecbcdc 20000000504001008038010000000000000300000000000000000000
 four byte?
-zecke
+</pre>
 zecke
 h2. Kicking the recovery binary
 * mount /dev/mtdblock14 /mnt..
 * Place update.zip to /cache/
 * echo "IP_START_UPDATE" > /cache/fota/ipth_config_dfs.txt  to say what to do
 Was difficult to repeat, e.g. creating backup and mounting system partition failed on second/third tries
 <pre>
 / # ./strace -o foo.txt -f ./recovery2
 mount: mounting none on /sys/kernel/debug failed: Device or resource busy
 Starting recovery on Fri Oct 14 12:39:48 2016
 recovery filesystem table
 =========================
 /tmp ramdisk (null) (null) 0
 / auto rootfs (null) 0
 /proc proc proc (null) 0
 /dev/pts devpts devpts (null) 0
 /proc/bus/usb usbfs usbfs (null) 0
 /dev/shm tmpfs tmpfs (null) 0
 /cache yaffs2 /dev/mtdblock9 (null) 0
 /media/card auto /dev/mmcblk0p1 (null) 0
 /system yaffs2 /dev/mtdblock14 (null) 0
 /data yaffs2 /dev/mtdblock15 (null) 0
 /misc mtd /dev/mtdblock10 (null) 0
 rootfs on / type rootfs (rw)
 /dev/root on / type yaffs2 (rw,relatime)
 proc on /proc type proc (rw,relatime)
 sysfs on /sys type sysfs (rw,relatime)
 tmpfs on /dev type tmpfs (rw,relatime,size=64k,mode=755)
 devpts on /dev/pts type devpts (rw,relatime,mode=600)
 tmpfs on /dev/shm type tmpfs (rw,relatime,mode=777)
 /dev/mtdblock15 on /usr type yaffs2 (rw,relatime)
 /dev/mtdblock9 on /cache type yaffs2 (rw,relatime)
 /dev/mtdblock13 on / type yaffs (rw,relatime)
 tmpfs on /dev type tmpfs (rw,relatime,size=64k,mode=755)
 /dev/mtdblock9 on /cache type yaffs2 (rw,relatime)
 none on /sys type sysfs (rw,relatime)
 none on /sys/kernel/debug type debugfs (rw,relatime)
 proc on /proc type proc (rw,relatime)
 total 3
 lrwxrwxrwx    1 root     root            31 Jul 21 07:10 boot_hsic_composition -> /usr/bin/usb/compositions/empty
 lrwxrwxrwx    1 root     root            30 Jul 21 07:10 boot_hsusb_composition -> /usr/bin/usb/compositions/9215
 drwxr-xr-x    1 root     root          2048 Jul 21 07:10 compositions
 crw--w----    1 root     root      247,   0 Jan  8  1970 /dev/ttyGS0
 RB_Progress: fwrite "/dev/ttyGS1" fail
 I:Checking delta update status...
 handle_redbend_update: START_DELTA_UPDATE
 I:Setting delta update status...
 I:Delta update status is set to (IP_PREVIOUS_UPDATE_IN_PROGRESS 0)
 I:Start delta update...
 I:Setting recovery boot...
 I:Recovery mode reached maximum retry. Clear boot message.
 mtd: successfully wrote block at bebe0f4800000000
 I:Set boot command ""
 I:boot.command=
 I:boot.recovery=
 I:Update location: /cache/update.zip
 I:number of files in zip is 1
 I:verifying file at index 0
 I:No radio diff images found
 I:system.diff found
 E:No modem package available.
 E:No modem update needed. returning O.K
 mtd: successfully wrote block at bebe23a000000000
 I:Reset FOTA cookie done.
 start fota update (/cache/fota/system.diff)
 redbend_fs_entry: device_name: /dev/mtdblock14
 redbend_fs_entry: mount_point: /tmp/system
 redbend_fs_entry: update_name: /cache/fota/system.diff
 redbend_fs_entry: part_name: system
 RB_GetDelta: offset 0x0(0), size 0x14(20)
 RB_GetDelta: offset 0x0(0), size 0x18(24)
 RB_GetDelta: offset 0x4(4), size 0x3508(13576)
 RB_GetDelta: offset 0x0(0), size 0x40(64)
 RB_GetDelta: offset 0x350c(13580), size 0x18(24)
 RB_GetDelta: offset 0x3510(13584), size 0x27(39)
 RB_GetDelta: offset 0x0(0), size 0x14(20)
 RB_GetDelta: offset 0x0(0), size 0x18(24)
 RB_GetDelta: offset 0x350c(13580), size 0x18(24)
 RB_GetDelta: offset 0x0(0), size 0x18(24)
 RB_GetDelta: offset 0x0(0), size 0x18(24)
 RB_GetDelta: offset 0x350c(13580), size 0x18(24)
 RB_GetDelta: offset 0x3524(13604), size 0x4(4)
 RB_GetDelta: offset 0x3528(13608), size 0x4(4)
 RB_GetDelta: offset 0x352c(13612), size 0x7(7)
 RB_GetDelta: offset 0x0(0), size 0x40(64)
 RB_GetDelta: offset 0x0(0), size 0x40(64)
 RB_GetDelta: offset 0x40(64), size 0x304(772)
 RB_GetDelta: offset 0x344(836), size 0xd(13)
 RB_GetDelta: offset 0x351(849), size 0x4a8(1192)
 FS partition delta dump
 RedBend: Delta Info: delta_sig - 0x6d0d05e5
 RedBend: Delta Info: delta_size - 13580
 RedBend: Delta Info: ver - 82000
 RedBend: Delta Info: scout_ver - 80000
 RedBend: Delta Info: flags - 0x80000000
 RedBend: Delta Info: runtype_flags - 0x280
 RedBend: Delta Info: ram_size - 0x200c8
 RedBend: Delta Info: sector_size - 0x40000
 RedBend: Delta Info: dic_sz - 0xdc8
 RedBend: Delta Info: compress_sz - 0x4b5
 RedBend: Delta Info: min_alloc_ram_use - 0x22
 RedBend: Delta Info: ext_info_sz - 2
 RedBend: Delta Info: num_copy - 0
 RedBend: Delta Info: num_diff - 95
 RedBend: Delta Info: num_insert - 3
 RedBend: Delta Info: num_delete - 0
 RedBend: Delta Info: num_del_dirs - 0
 RedBend: Delta Info: num_dirs - 0
 RedBend: Delta Info: num_del_link - 0
 RedBend: Delta Info: num_link - 4
 RedBend: Delta Info: num_critical_update - 95
 RedBend: Delta Info: num_critical_insert - 3
 RB_CreateFolder: /cache/fota/a, mode:0x1ff
 open file /cache/fota/a/backup
 RB_OpenFile: Path:/cache/fota/a/backup | Mode: RDONLY
  First open() with error 2
 open file /tmp/system/etc/version
 RB_OpenFile: Path:/tmp/system/etc/version | Mode: RDONLY
  First open() with error 2
 open file /tmp/system/etc/version
 RB_OpenFile: Path:/tmp/system/etc/version | Mode: RDONLY
  First open() with error 2
 RedBend: Error in scout, file signature mismatch in file /tmp/system/etc/version
 umount: can't umount /tmp/system: No such file or directory
 fota update fail (/cache/fota/system.diff)
 I:fs:/cache/update.zip update err
 mtd: successfully wrote block at bebe23a000000000
 I:Reset FOTA cookie done.
 mtd: successfully wrote block at bebe0f3800000000
 I:Set boot command ""
 I:Setting delta update status...
 I:Delta update status is set to (IP_PREVIOUS_UPDATE_FAILED 500)
 handle_redbend_update: DELTA_UPDATE_IN_PROGRESS
 I:Setting delta update status...
 I:Delta update status is set to (IP_PREVIOUS_UPDATE_IN_PROGRESS 0)
 I:Start delta update...
 I:Setting recovery boot...
 I:Error opening recovery count file. Ignore.
 mtd: successfully wrote block at bebe0f4800000000
 I:Set boot command "boot-recovery"
 I:boot.command=boot-recovery
 I:boot.recovery=recovery
 I:Update location: /cache/update.zip
 E:Can't open /cache/update.zip
 (No such file or directory)
 mtd: successfully wrote block at bebe0f3800000000
 I:Set boot command ""
 I:Setting delta update status...
 I:Delta update status is set to (IP_PREVIOUS_UPDATE_FAILED 410)
 mtd: successfully wrote block at bebe23a000000000
 I:Reset FOTA cookie done.
 RB_Progress: fwrite "/dev/ttyGS1" fail
 precent:0 total:1 cur:1
 Rebooting after recovery
 I:Rebooting at the end of recovery module.
 mtd: successfully wrote block at bebe0f8000000000
 I:Set boot command ""
 </pre>

Project

General

Profile

Cellular Modem Information » Qualcomm Linux Modems by Quectel & Co

EC20 DFOTA » History » Version 6