Linux + u-boot port to MT6235

Steve Markgraf steve at
Sat Oct 30 12:53:01 UTC 2010

Hi Marcin,

On 30.10.2010 13:51, Marcin Mielczarczyk wrote:

> In this case, first I'll explain how it works.
> Nomenclature:
> 1) internal bootloader - bootloader placed at 0x48000000 in System ROM
> 2) 2nd stage bootloader or extarnal bootloader - bootloader placed in
> NAND - initializes DRAM controller and boots MTK's software - this
> bootloader prints info on UART by default
> When MT6235 processor starts it has RM1 bit disabled in EMI_GENA
> register (External Memory Interface controller),
> which forces ARM926 core to jump first to System ROM (0x48000000).
> When internal bootloader is executed it initializes UART to 19200n8
> and checks if specific character is received.

Alright, this is how it works on the MT622x as well.

> This is source code where you can build your own Download Agent. This
> is how I first executed my own code on MT6235. It has all make files
> and it's prepared for ADS compiler.
> When you'll build your own Download Agent you just select this file in
> FlashTool and you have your code executed in RAM.
> I saw that you can use it on all MTK platforms.
> FlashTool links are also available on
> I didn't analyze this path of bootloader, but it could be good to have
> it if we would like to create our own flashing tool under Linux (i.e.
> for flashing U-Boot).

That's pretty interesting, since it could be used to create 
authentificated code for other phones with the secure romloader, too.

>> This is great.  So far, we have not seen any MT622x based phone that has
>> JTAG exposed.  Even the Huayu development modules for the MT622x don't have
>> it.

Well, there is the CECT C3100 which has JTAG solder pads. OpenOCD 
successfully detected the CPU, but I couldn't halt the ARM core (same 
problem on the Calypso btw). I tried other random ARM7 targets which had 
the same EmbeddedICE revision and there it worked.

> Yes, I agree.
> In this case to download U-Boot to NAND we can use FlashTool (only for Windows).
> Then as you stated we can use U-Boot to load code from SD/MMC/serial.

Getting osmocon to work with the secure romloader could be an option as 
well. Currently it only supports the non-secure romloader without that 
*.auth and SLA_Challenge.dll stuff.
Plus we have a CFI-flash driver for the Compal phones, which might work 
on the MTK platform with a few modifications. If that works, we could 
flash U-Boot without any proprietary Flashtool/DownloadAgent.


More information about the baseband-devel mailing list