eliott/BBeOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Phase 1: Initial kernel development setup
Some checks failed
CI / markdown-lint (push) Failing after 15s
Details

Browse Source 
- Added comprehensive hardware research documentation
- Created bootloader analysis and driver compatibility research
- Set up development environment with cross-compilation tools
- Created Q20-specific device tree (simplified version)
- Added kernel build scripts and configuration
- Set up CI/CD pipeline with Gitea Actions
- Added .gitignore for build artifacts
This commit is contained in:
Eliott
2025-07-31 17:43:09 +02:00
parent e557eecbc8
commit 71941f0584
14 changed files with 2322 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.gitignore vendored Normal file
View File

@ -0,0 +1,25 @@
# Kernel source (large external repository)
kernel-source/
# Build artifacts
*.o
*.ko
*.dtb
*.dtbo
zImage
initramfs.img
boot.img
# Temporary files
*.tmp
*.swp
*~
# IDE files
.vscode/
.idea/
*.sublime-*
# OS files
.DS_Store
Thumbs.db

30
bbeos-runner.service Normal file
View File

@ -0,0 +1,30 @@
[Unit]
Description=BBeOS Gitea Actions Runner
After=network.target
Wants=network.target
[Service]
Type=simple
User=macpro61
Group=macpro61
WorkingDirectory=/home/macpro61/bbeos-runner
ExecStart=/home/macpro61/bbeos-runner/act_runner daemon --config /home/macpro61/bbeos-runner/config.yaml
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
SyslogIdentifier=bbeos-runner
# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=false
ProtectHome=false
ReadWritePaths=/home/macpro61/bbeos-runner
# Environment variables
Environment=HOME=/home/macpro61
Environment=DOCKER_HOST=unix:///var/run/docker.sock
[Install]
WantedBy=multi-user.target

24
config.yaml Normal file
View File

@ -0,0 +1,24 @@
instance_addr: "https://gitea.lab48.be"
token: "GmRyjlWA93CrtQWwpA1oinm6RtNRSBu0CHcbH1N4"
runner:
file: /home/macpro61/bbeos-runner/.runner
envs:
GITEA_LOGS_FILE: /home/macpro61/bbeos-runner/logs/runner.log
GITEA_LOGS_LEVEL: INFO
cache:
enabled: true
dir: /home/macpro61/bbeos-runner/cache
container:
docker_host_env: DOCKER_HOST
privileged: false
options: "--dns=8.8.8.8 --dns=8.8.4.4"
network: host
labels:
- "ubuntu-latest"
- "linux"
- "x64"
- "self-hosted"

220
docs/PHASE_1_IMPLEMENTATION.md Normal file
View File

@ -0,0 +1,220 @@
# Phase 1 Implementation: Hardware Access & Bootloader Research
## Current Status
Based on our research, we have comprehensive hardware specifications and bootloader analysis. Now we need to implement practical testing and development.
## Implementation Plan
### 1. Development Environment Setup
#### Required Tools
- **Cross-compilation toolchain** for ARMv7
- **QEMU** for ARM emulation
- **Buildroot** for minimal rootfs
- **Linux kernel source** (mainline + CAF patches)
- **Device tree compiler** (dtc)
- **Fastboot/ADB tools**
#### Setup Commands
```bash
# Install cross-compilation tools
sudo apt install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf
# Install QEMU for ARM
sudo apt install qemu-system-arm
# Install device tree compiler
sudo apt install device-tree-compiler
# Install Android tools
sudo apt install android-tools-fastboot android-tools-adb
```
### 2. Minimal Kernel Configuration
#### Base Configuration
- Start with `msm8960_defconfig` from mainline kernel
- Add essential drivers for Q20 hardware
- Enable debug interfaces and console output
- Configure minimal filesystem support
#### Key Configurations
```
CONFIG_ARM=y
CONFIG_CPU_32v7=y
CONFIG_ARCH_MSM=y
CONFIG_MSM8960=y
CONFIG_SERIAL_MSM_CONSOLE=y
CONFIG_MMC=y
CONFIG_MMC_MSM=y
CONFIG_DRM_MSM=y
CONFIG_SOUND_MSM=y
CONFIG_INPUT=y
CONFIG_KEYBOARD_MSM=y
```
### 3. Device Tree Development
#### Base Device Tree
- Create `q20.dts` based on MSM8960 reference
- Define memory map and CPU configuration
- Add essential peripherals (UART, MMC, GPIO)
- Configure display and input devices
#### Key Device Tree Nodes
```dts
/ {
model = "BlackBerry Classic Q20";
compatible = "blackberry,q20", "qcom,msm8960";
memory {
device_type = "memory";
reg = <0x0 0x80000000>;
};
chosen {
stdout-path = "serial0:115200n8";
};
};
```
### 4. Minimal Root Filesystem
#### BusyBox-based Rootfs
- Use Buildroot to create minimal rootfs
- Include essential tools (sh, ls, mount, etc.)
- Add network tools for debugging
- Configure basic init system
#### Essential Packages
```
busybox
dropbear (SSH server)
iw (Wi-Fi tools)
alsa-utils (audio)
```
### 5. Boot Image Creation
#### Android Boot Image Format
- Create `zImage` from kernel
- Build minimal `initramfs`
- Package as Android boot image
- Test with QEMU first
#### Boot Image Structure
```
boot.img:
├── kernel (zImage)
├── ramdisk (initramfs)
├── device tree (q20.dtb)
└── second stage (optional)
```
### 6. Testing Strategy
#### QEMU Testing
- Test kernel boot in QEMU
- Verify device tree loading
- Test basic hardware emulation
- Debug boot issues
#### Hardware Testing (when available)
- Test on actual Q20 device
- Verify debug interface access
- Test bootloader interaction
- Document hardware behavior
### 7. Debug Interface Setup
#### Serial Console
- Configure UART for console output
- Set up USB-to-serial communication
- Enable kernel console messages
- Test debug output
#### Network Debug
- Configure network interface
- Set up SSH access
- Enable remote debugging
- Test network connectivity
## Implementation Steps
### Step 1: Environment Setup
1. Install development tools
2. Download kernel source
3. Set up cross-compilation
4. Configure build environment
### Step 2: Kernel Configuration
1. Create base kernel config
2. Add MSM8960 support
3. Enable essential drivers
4. Test kernel compilation
### Step 3: Device Tree
1. Create base device tree
2. Add hardware definitions
3. Test device tree compilation
4. Verify hardware detection
### Step 4: Root Filesystem
1. Configure Buildroot
2. Build minimal rootfs
3. Add essential tools
4. Test rootfs boot
### Step 5: Boot Image
1. Create boot image
2. Test with QEMU
3. Debug boot issues
4. Prepare for hardware testing
### Step 6: Hardware Testing
1. Test on actual device
2. Verify hardware access
3. Document findings
4. Plan next phase
## Success Criteria
### Phase 1 Complete When:
- [ ] Development environment is set up
- [ ] Kernel compiles and boots in QEMU
- [ ] Device tree loads correctly
- [ ] Minimal rootfs boots
- [ ] Debug interfaces are working
- [ ] Hardware testing plan is ready
### Phase 2 Ready When:
- [ ] Basic kernel is working
- [ ] Hardware access is confirmed
- [ ] Boot process is understood
- [ ] Development workflow is established
## Risk Mitigation
### Technical Risks
- **Bootloader locked**: Use recovery mode or EDL
- **Hardware not accessible**: Focus on emulation first
- **Drivers not working**: Use generic drivers initially
### Development Risks
- **Limited documentation**: Rely on community resources
- **Complex hardware**: Start with basic functionality
- **Time constraints**: Focus on essential features
## Next Phase Preparation
### Phase 2 Requirements
- Working kernel and rootfs
- Basic hardware access
- Debug interface setup
- Development workflow established
### Phase 2 Goals
- Boot on actual hardware
- Basic hardware drivers working
- User interface framework
- Core system functionality

80
hardware/q20-specs.md Normal file
View File

@ -0,0 +1,80 @@
# BlackBerry Classic (Q20) Hardware Specifications
## System-on-Chip (SoC)
- **Model**: Qualcomm MSM8960 (Snapdragon S4 Plus)
- **Architecture**: ARMv7 dual-core Krait 200/300
- **Frequency**: 1.5GHz (maximum)
- **Manufacturing Process**: 28nm LP
- **Memory Interface**: LPDDR2-1066
- **ISP**: 20MP camera support
- **Video**: 1080p encode/decode
## Memory
- **RAM**: 2GB LPDDR2
- **Storage**: 16GB eMMC
- **Expandable**: microSD card slot
## Display
- **Panel**: 3.5" IPS LCD
- **Resolution**: 720x720 (1:1 aspect ratio)
- **Interface**: MIPI DSI
- **Touch**: Capacitive overlay (if present)
- **Backlight**: LED with PWM control
## Input Devices
- **Keyboard**: Physical QWERTY with backlight
- **Trackpad**: Optical or capacitive sensor
- **Navigation Keys**: Menu, Back, Call, End
- **Interface**: I2C or SPI communication
## Graphics
- **GPU**: Adreno 225
- **Architecture**: Unified shader model 4.1
- **Memory**: Shared with system RAM
- **API Support**: OpenGL ES 2.0, OpenVG 1.1
- **Performance**: ~24 GFLOPS
## Modem
- **Model**: Qualcomm MDM9615
- **Technology**: LTE Cat 3, HSPA+, CDMA
- **Interface**: QMI over USB or HSIC
- **Firmware**: Proprietary binary blob
## Connectivity
- **Wi-Fi**: 802.11n
- **Bluetooth**: 4.0
- **GPS**: Integrated
- **USB**: 2.0 with OTG support
## Audio
- **Codec**: Qualcomm WCD9310 or similar
- **Interface**: I2S/SLIMbus
- **Speakers**: Mono speaker output
- **Headphones**: 3.5mm jack
- **Microphone**: Built-in microphone
## Power Management
- **Battery**: 2515mAh removable Li-ion
- **Charging**: USB and external charger
- **Interface**: I2C communication
- **Protection**: Over-voltage, over-current
## Debug Interfaces
- **USB**: Standard USB 2.0 interface
- **Serial**: UART over USB (if available)
- **JTAG**: Hardware debug interface
- **EDL**: Emergency Download Mode
- **QDL**: Qualcomm Download Mode
## Physical Dimensions
- **Width**: 72mm
- **Height**: 131mm
- **Depth**: 10.2mm
- **Weight**: 177g
## Research Status
- [ ] Hardware documentation collected
- [ ] Firmware extraction completed
- [ ] Bootloader analysis done
- [ ] Debug access confirmed
- [ ] Driver requirements identified

124
kernel/msm8960-defconfig Normal file
View File

@ -0,0 +1,124 @@
# BBeOS Kernel Configuration for BlackBerry Classic Q20 (MSM8960)
# Based on known hardware specifications
# Architecture
CONFIG_ARM=y
CONFIG_CPU_32v7=y
CONFIG_CPU_HAS_ASID=y
CONFIG_ARCH_MSM8960=y
# MSM8960 specific
CONFIG_MSM_SMD=y
CONFIG_MSM_SMD_PKG3=y
CONFIG_MSM_RPM=y
CONFIG_MSM_RPM_LOG=y
CONFIG_MSM_MPM=y
CONFIG_MSM_MPM_OF=y
# Device tree support
CONFIG_OF=y
CONFIG_DTC=y
CONFIG_ARM_ATAG_DTB_COMPAT=y
# Memory management
CONFIG_HIGHMEM=y
CONFIG_HIGHPTE=y
CONFIG_ARM_LPAE=y
# Serial console
CONFIG_SERIAL_MSM=y
CONFIG_SERIAL_MSM_CONSOLE=y
CONFIG_SERIAL_MSM_HS=y
# USB support
CONFIG_USB_SUPPORT=y
CONFIG_USB_MSM_OTG=y
CONFIG_USB_EHCI_HCD=y
CONFIG_USB_OHCI_HCD=y
CONFIG_USB_GADGET=y
CONFIG_USB_G_SERIAL=y
# Display and graphics
CONFIG_DRM=y
CONFIG_DRM_MSM=y
CONFIG_DRM_MSM_MDP5=y
CONFIG_DRM_MSM_DSI=y
CONFIG_DRM_MSM_HDMI=y
CONFIG_FB=y
CONFIG_FB_MSM=y
# Audio
CONFIG_SND=y
CONFIG_SND_SOC=y
CONFIG_SND_SOC_MSM8960=y
CONFIG_SND_SOC_WCD9310=y
# Input devices
CONFIG_INPUT=y
CONFIG_INPUT_KEYBOARD=y
CONFIG_INPUT_MOUSE=y
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_I2C=y
CONFIG_I2C_MSM=y
# Power management
CONFIG_PM=y
CONFIG_PM_SLEEP=y
CONFIG_CPU_FREQ=y
CONFIG_CPU_FREQ_GOV_ONDEMAND=y
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
CONFIG_CPU_FREQ_GOV_POWERSAVE=y
# Network
CONFIG_NET=y
CONFIG_INET=y
CONFIG_NETDEVICES=y
CONFIG_WLAN=y
CONFIG_ATH6KL=y
CONFIG_BT=y
CONFIG_BT_HCIUART=y
# Storage
CONFIG_MMC=y
CONFIG_MMC_BLOCK=y
CONFIG_MMC_MSM=y
CONFIG_MMC_MSM_SDC1=y
CONFIG_MMC_MSM_SDC2=y
CONFIG_MMC_MSM_SDC3=y
CONFIG_MMC_MSM_SDC4=y
# GPIO and I2C
CONFIG_GPIO_SYSFS=y
CONFIG_GPIO_MSM_V1=y
CONFIG_I2C_HELPER_AUTO=y
CONFIG_I2C_COMPAT=y
# Debugging
CONFIG_DEBUG_FS=y
CONFIG_DEBUG_KERNEL=y
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
# Security
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_KEYS=y
CONFIG_KEYS_DEBUG_PROC_KEYS=y
# File systems
CONFIG_EXT4_FS=y
CONFIG_VFAT_FS=y
CONFIG_NTFS_FS=y
CONFIG_SQUASHFS=y
CONFIG_CRAMFS=y
# Compression
CONFIG_LZO_COMPRESS=y
CONFIG_LZO_DECOMPRESS=y
CONFIG_XZ_DEC=y
CONFIG_XZ_DEC_X86=y
CONFIG_XZ_DEC_POWERPC=y
CONFIG_XZ_DEC_IA64=y
CONFIG_XZ_DEC_ARM=y
CONFIG_XZ_DEC_ARMTHUMB=y
CONFIG_XZ_DEC_SPARC=y

244
kernel/q20.dts Normal file
View File

@ -0,0 +1,244 @@
/dts-v1/;
/ {
model = "BlackBerry Classic Q20";
compatible = "blackberry,q20", "qcom,msm8960";
interrupt-parent = <&intc>;
chosen {
stdout-path = "serial0:115200n8";
bootargs = "console=ttyMSM0,115200n8 root=/dev/mmcblk0p2 rw rootwait";
};
memory {
device_type = "memory";
reg = <0x00000000 0x80000000>; // 2GB RAM
};
reserved-memory {
#address-cells = <1>;
#size-cells = <1>;
ranges;
// Reserved for modem
modem@0x00000000 {
reg = <0x00000000 0x40000000>;
no-map;
};
// Reserved for display
display@0x40000000 {
reg = <0x40000000 0x10000000>;
no-map;
};
};
cpus {
#address-cells = <1>;
#size-cells = <0>;
cpu@0 {
device_type = "cpu";
compatible = "arm,cortex-a9";
reg = <0>;
next-level-cache = <&L2>;
operating-points-v2 = <&cpu_opp_table>;
};
cpu@1 {
device_type = "cpu";
compatible = "arm,cortex-a9";
reg = <1>;
next-level-cache = <&L2>;
operating-points-v2 = <&cpu_opp_table>;
};
};
cpu_opp_table: opp_table {
compatible = "operating-points-v2";
opp-shared;
opp-384000000 {
opp-hz = /bits/ 64 <384000000>;
opp-microvolt = <1050000>;
clock-latency-ns = <256000>;
};
opp-1026000000 {
opp-hz = /bits/ 64 <1026000000>;
opp-microvolt = <1150000>;
clock-latency-ns = <256000>;
};
opp-1500000000 {
opp-hz = /bits/ 64 <1500000000>;
opp-microvolt = <1250000>;
clock-latency-ns = <256000>;
};
};
soc {
#address-cells = <1>;
#size-cells = <1>;
ranges;
compatible = "simple-bus";
intc: interrupt-controller@2000000 {
compatible = "arm,cortex-a9-gic";
#interrupt-cells = <3>;
#size-cells = <0>;
#address-cells = <1>;
interrupt-controller;
reg = <0x02000000 0x1000>,
<0x02002000 0x1000>;
};
L2: l2-cache@2010000 {
compatible = "arm,pl310-cache";
reg = <0x02010000 0x1000>;
arm,data-latency = <3 3 3>;
arm,tag-latency = <2 2 2>;
cache-unified;
cache-level = <2>;
};
// Serial console
serial@16440000 {
compatible = "qcom,msm-uartdm";
reg = <0x16440000 0x1000>;
interrupts = <0 154 0>;
clocks = <&gcc 108>, <&gcc 109>;
clock-names = "core", "iface";
status = "okay";
};
// Display controller
mdp@5100000 {
compatible = "qcom,mdp5";
reg = <0x05100000 0x90000>;
reg-names = "mdp_phys";
interrupts = <0 75 0>;
clocks = <&gcc 20>, <&gcc 21>;
clock-names = "iface", "core";
status = "okay";
};
// Audio system
sound {
compatible = "qcom,msm8960-snd-card";
qcom,model = "blackberry-q20-snd-card";
qcom,audio-routing = "RX_BIAS", "MCLK",
"LDO_H", "MCLK";
qcom,cdc-mclk-gpios = <&pm8941_gpios 15 0>;
};
// Keyboard controller
keyboard@78 {
compatible = "blackberry,q20-keyboard";
reg = <0x78>;
interrupts = <0 123 0>;
gpio-controller;
#gpio-cells = <2>;
status = "okay";
};
// Trackpad
trackpad@5d {
compatible = "blackberry,q20-trackpad";
reg = <0x5d>;
interrupts = <0 124 0>;
status = "okay";
};
// Battery management
battery {
compatible = "blackberry,q20-battery";
voltage-min-design-microvolt = <3200000>;
voltage-max-design-microvolt = <4200000>;
energy-full-design-microwatt-hours = <9500000>;
charge-full-design-microamp-hours = <2515000>;
};
// Charger
charger {
compatible = "blackberry,q20-charger";
qcom,fast-charge-current = <1000000>;
qcom,fast-charge-voltage = <4200000>;
};
// USB OTG
usb@12500000 {
compatible = "qcom,ci-hdrc";
reg = <0x12500000 0x200>,
<0x12500200 0x200>;
interrupts = <0 134 0>;
status = "okay";
dr_mode = "otg";
};
// MMC/SD card
mmc@12400000 {
compatible = "qcom,msm-sdcc";
reg = <0x12400000 0x1000>;
interrupts = <0 81 0>;
clocks = <&gcc 80>, <&gcc 81>;
clock-names = "core", "iface";
status = "okay";
bus-width = <4>;
cap-sd-highspeed;
cap-mmc-highspeed;
};
// Wi-Fi
wifi@0 {
compatible = "qcom,ath6kl";
reg = <0x0 0x0>;
interrupts = <0 70 0>;
status = "okay";
};
// Bluetooth
bluetooth@0 {
compatible = "qcom,wcn3660";
reg = <0x0 0x0>;
interrupts = <0 71 0>;
status = "okay";
};
};
// Display panel
panel@0 {
compatible = "blackberry,q20-panel";
reg = <0>;
// Panel specifications
width-mm = <89>;
height-mm = <89>;
// Display timing
display-timings {
native-mode = <&timing0>;
timing0: timing0 {
clock-frequency = <72000000>;
hactive = <720>;
vactive = <720>;
hfront-porch = <10>;
hsync-len = <10>;
hback-porch = <10>;
vfront-porch = <10>;
vsync-len = <10>;
vback-porch = <10>;
};
};
// Backlight
backlight {
compatible = "pwm-backlight";
pwms = <&pwm 0 1000000>;
brightness-levels = <0 1 2 3 4 5 6 7 8 9 10>;
default-brightness-level = <10>;
};
};
};

208
research/bootloader-analysis.md Normal file
View File

@ -0,0 +1,208 @@
# BlackBerry Classic Q20 Bootloader Analysis
## Boot Process Overview
### Qualcomm MSM8960 Boot Sequence
1. **PBL (Primary Boot Loader)** - ROM-based, unchangeable
2. **SBL (Secondary Boot Loader)** - Loaded from eMMC, signed
3. **ABOOT (Android Boot Loader)** - LK-based bootloader
4. **Kernel** - Linux kernel with device tree
5. **Init** - System initialization
## Bootloader Components
### PBL (Primary Boot Loader)
- **Location**: ROM (read-only memory)
- **Function**: Initialize basic hardware, load SBL
- **Security**: Cannot be modified
- **Features**:
- Basic hardware initialization
- eMMC interface setup
- SBL loading and verification
### SBL (Secondary Boot Loader)
- **Location**: eMMC partition (usually 2MB)
- **Function**: Load and verify ABOOT
- **Security**: Signed with Qualcomm keys
- **Features**:
- Hardware initialization
- Security verification
- ABOOT loading
### ABOOT (Android Boot Loader)
- **Location**: eMMC boot partition
- **Function**: Load kernel and device tree
- **Security**: Can be locked/unlocked
- **Features**:
- Fastboot protocol support
- Recovery mode
- Boot image verification
## Boot Modes
### Normal Boot
1. PBL → SBL → ABOOT → Kernel → Init
2. Standard boot sequence
3. Full security verification
### Recovery Boot
1. PBL → SBL → Recovery Kernel
2. Minimal system for recovery
3. Limited security verification
### Fastboot Mode
1. PBL → SBL → Fastboot
2. Development/debugging mode
3. Requires unlocked bootloader
### EDL (Emergency Download Mode)
1. Hardware-based recovery
2. Bypasses normal boot sequence
3. Used for unbricking devices
## Security Features
### Secure Boot Chain
1. **PBL** verifies SBL signature
2. **SBL** verifies ABOOT signature
3. **ABOOT** verifies kernel signature
4. **Kernel** verifies initramfs signature
### Signature Verification
- **Algorithm**: RSA-2048 or ECDSA
- **Keys**: Qualcomm and BlackBerry keys
- **Verification**: Hardware-based crypto engine
### Bootloader Lock
- **State**: Usually locked by default
- **Unlock**: Requires developer mode
- **Security**: Prevents custom boot images
## Debug Interfaces
### Fastboot
- **Protocol**: USB-based
- **Commands**: flash, boot, reboot, etc.
- **Access**: Requires unlocked bootloader
- **Security**: Can be disabled
### ADB (Android Debug Bridge)
- **Protocol**: USB-based
- **Access**: Requires developer mode
- **Security**: Can be disabled
### Serial Console
- **Interface**: UART over USB
- **Access**: Hardware debug port
- **Security**: Usually disabled in production
### JTAG
- **Interface**: 20-pin debug connector
- **Access**: Hardware debug port
- **Security**: Usually disabled in production
## BlackBerry-Specific Modifications
### BlackBerry 10 Bootloader
- **Base**: Modified LK (Little Kernel)
- **Features**: BlackBerry-specific security
- **Modifications**: Unknown (proprietary)
### Security Enhancements
- **BlackBerry Guardian**: App verification
- **BlackBerry Balance**: Data separation
- **BlackBerry Protect**: Anti-malware
## Unlock Possibilities
### Developer Mode
- **Method**: Settings → Developer Options
- **Requirements**: Unknown
- **Limitations**: May not unlock bootloader
### Bootloader Unlock
- **Method**: Fastboot oem unlock
- **Requirements**: Developer mode enabled
- **Limitations**: May void warranty
### Hardware Unlock
- **Method**: JTAG/EDL
- **Requirements**: Hardware access
- **Limitations**: Requires specialized equipment
## Research Status
### Completed
- [x] Basic boot sequence documented
- [x] Security features identified
- [x] Debug interfaces listed
### In Progress
- [ ] Actual bootloader analysis
- [ ] Debug interface testing
- [ ] Unlock method verification
### Needed
- [ ] Hardware access testing
- [ ] Bootloader reverse engineering
- [ ] Security bypass research
## Tools and Methods
### Software Tools
- **Sachesi**: BlackBerry firmware extractor
- **BlackBerry Link**: Official software
- **Fastboot**: Android bootloader tool
- **ADB**: Android debug bridge
### Hardware Tools
- **JTAG Debugger**: Hardware debugging
- **USB Analyzer**: Protocol analysis
- **Logic Analyzer**: Signal analysis
- **Oscilloscope**: Timing analysis
### Analysis Methods
- **Firmware Extraction**: Extract and analyze bootloader
- **Reverse Engineering**: Disassemble bootloader code
- **Protocol Analysis**: Analyze communication protocols
- **Security Testing**: Test security measures
## Next Steps
### Immediate
1. **Obtain Device**: Get physical access to Q20
2. **Test Debug Interfaces**: Try USB, serial, JTAG
3. **Extract Firmware**: Use Sachesi or similar tools
4. **Analyze Bootloader**: Reverse engineer bootloader
### Short Term
1. **Identify Unlock Methods**: Find ways to unlock bootloader
2. **Test Boot Modes**: Verify different boot modes
3. **Document Findings**: Record all discoveries
4. **Plan Development**: Design custom bootloader
### Long Term
1. **Develop Custom Bootloader**: Create replacement bootloader
2. **Test Custom Kernel**: Boot custom Linux kernel
3. **Build Root Filesystem**: Create minimal rootfs
4. **Develop Drivers**: Write hardware drivers
## Challenges and Risks
### Technical Challenges
- **Proprietary Bootloader**: BlackBerry-specific modifications
- **Hardware Security**: TrustZone and secure boot
- **Limited Documentation**: Scarce technical information
- **Component Identification**: Unknown exact hardware models
### Legal and Ethical
- **Warranty Void**: Unlocking may void warranty
- **Legal Issues**: Potential legal restrictions
- **Security Implications**: May compromise device security
- **Responsible Disclosure**: Report security findings responsibly
### Resource Requirements
- **Hardware**: Physical device and debug equipment
- **Time**: Significant time investment
- **Expertise**: Deep technical knowledge required
- **Community**: Limited community support

310
research/driver-compatibility.md Normal file
View File

@ -0,0 +1,310 @@
# BlackBerry Classic Q20 Driver Compatibility Research
## MSM8960 Platform Support
### Mainline Linux Kernel
- **Status**: Basic support available
- **Version**: Linux 6.x
- **Coverage**: Core SoC, basic peripherals
- **Missing**: Proprietary components
### Qualcomm CAF (Code Aurora Forum)
- **Status**: Full platform support
- **Version**: Based on Android kernel
- **Coverage**: Complete MSM8960 support
- **License**: GPL v2
### postmarketOS
- **Status**: Community-maintained
- **Devices**: Multiple MSM8960 devices
- **Coverage**: Good hardware support
- **Community**: Active development
## Hardware Component Drivers
### Display System
#### MDP5 (Mobile Display Processor)
- **Mainline**: `drivers/gpu/drm/msm/`
- **Status**: Supported
- **Features**:
- DRM driver
- MIPI DSI support
- Hardware composition
- **Compatibility**: Good
#### MIPI DSI
- **Mainline**: `drivers/gpu/drm/bridge/`
- **Status**: Supported
- **Features**:
- Display interface
- Panel support
- Backlight control
- **Compatibility**: Good
#### Framebuffer
- **Mainline**: `drivers/video/fbdev/msm/`
- **Status**: Supported
- **Features**:
- Basic framebuffer
- Console support
- **Compatibility**: Good
### Input Devices
#### I2C Keyboard Controller
- **Mainline**: `drivers/input/keyboard/`
- **Status**: Generic support available
- **Custom Driver**: Required for Q20 keyboard
- **Features**:
- Matrix scanning
- Backlight control
- Interrupt handling
- **Development**: Need to create custom driver
#### Trackpad
- **Mainline**: `drivers/input/mouse/`
- **Status**: Generic support available
- **Custom Driver**: Required for Q20 trackpad
- **Features**:
- Movement detection
- Button support
- Gesture recognition
- **Development**: Need to create custom driver
### Audio System
#### WCD9310 Audio Codec
- **Mainline**: `sound/soc/codecs/`
- **Status**: Supported
- **Features**:
- I2S interface
- Volume control
- Audio routing
- **Compatibility**: Good
#### MSM8960 Audio
- **Mainline**: `sound/soc/msm/`
- **Status**: Supported
- **Features**:
- SLIMbus interface
- Multiple audio paths
- Power management
- **Compatibility**: Good
### Connectivity
#### MDM9615 Modem
- **Mainline**: Limited support
- **Status**: Partial
- **Features**:
- QMI interface
- USB communication
- Power management
- **Compatibility**: Limited, needs work
#### Wi-Fi (Atheros/Qualcomm)
- **Mainline**: `drivers/net/wireless/ath/`
- **Status**: Supported
- **Features**:
- 802.11n support
- Power management
- Firmware loading
- **Compatibility**: Good
#### Bluetooth (WCN3660)
- **Mainline**: `drivers/bluetooth/`
- **Status**: Supported
- **Features**:
- Bluetooth 4.0
- HCI interface
- Power management
- **Compatibility**: Good
### Storage
#### eMMC
- **Mainline**: `drivers/mmc/host/`
- **Status**: Supported
- **Features**:
- eMMC 4.5 support
- High-speed modes
- Power management
- **Compatibility**: Excellent
#### SD Card
- **Mainline**: `drivers/mmc/host/`
- **Status**: Supported
- **Features**:
- SD card support
- Hot-plug detection
- Power management
- **Compatibility**: Excellent
### Power Management
#### PM8941 Power Management IC
- **Mainline**: `drivers/power/supply/`
- **Status**: Supported
- **Features**:
- Battery management
- Charging control
- Voltage regulation
- **Compatibility**: Good
#### Battery
- **Mainline**: `drivers/power/supply/`
- **Status**: Generic support
- **Custom Driver**: May be needed
- **Features**:
- Capacity monitoring
- Temperature monitoring
- Charge status
- **Compatibility**: Good
### Sensors
#### Accelerometer/Gyroscope
- **Mainline**: `drivers/iio/`
- **Status**: Generic support
- **Custom Driver**: May be needed
- **Features**:
- 3-axis acceleration
- 3-axis rotation
- Interrupt support
- **Compatibility**: Good
#### Magnetometer
- **Mainline**: `drivers/iio/`
- **Status**: Generic support
- **Custom Driver**: May be needed
- **Features**:
- 3-axis magnetic field
- Compass functionality
- Calibration support
- **Compatibility**: Good
#### Proximity/Light Sensors
- **Mainline**: `drivers/iio/`
- **Status**: Generic support
- **Custom Driver**: May be needed
- **Features**:
- Proximity detection
- Ambient light sensing
- Interrupt support
- **Compatibility**: Good
## Driver Development Priority
### High Priority (Essential for Boot)
1. **Serial Console** - Debug output
2. **Basic GPIO** - Hardware control
3. **eMMC** - Storage access
4. **Basic Display** - Visual output
### Medium Priority (Core Functionality)
1. **Keyboard** - Input device
2. **Trackpad** - Input device
3. **Audio** - Sound system
4. **Battery** - Power management
5. **Wi-Fi** - Network connectivity
### Low Priority (Advanced Features)
1. **Modem** - Cellular connectivity
2. **Bluetooth** - Wireless connectivity
3. **Sensors** - Motion detection
4. **Camera** - Imaging system
## Development Strategy
### Phase 1: Basic Boot
- Use existing MSM8960 drivers
- Focus on essential hardware
- Minimal custom drivers
### Phase 2: Core Hardware
- Develop Q20-specific drivers
- Keyboard and trackpad support
- Audio system integration
### Phase 3: Advanced Features
- Modem integration
- Sensor support
- Camera system
## Open Source Alternatives
### Display
- **Mesa**: OpenGL implementation
- **DRM**: Direct rendering manager
- **Wayland**: Display server
### Audio
- **PulseAudio**: Audio server
- **ALSA**: Audio framework
- **PipeWire**: Modern audio system
### Input
- **libinput**: Input device handling
- **evdev**: Event device interface
- **udev**: Device management
### Network
- **NetworkManager**: Network management
- **wpa_supplicant**: Wi-Fi client
- **bluez**: Bluetooth stack
## Community Resources
### Existing Projects
- **postmarketOS**: MSM8960 device support
- **LineageOS**: Android-based development
- **Ubuntu Touch**: Mobile Linux distribution
### Development Tools
- **QEMU**: ARM emulation
- **Buildroot**: Embedded Linux build system
- **Yocto**: Linux distribution builder
### Documentation
- **Qualcomm CAF**: Platform documentation
- **Linux kernel**: Driver development guides
- **ARM documentation**: Architecture reference
## Challenges and Solutions
### Proprietary Components
- **Challenge**: Some hardware requires proprietary drivers
- **Solution**: Use open alternatives or reverse engineer
### Firmware Requirements
- **Challenge**: Hardware needs firmware blobs
- **Solution**: Extract from original firmware or find alternatives
### Documentation
- **Challenge**: Limited hardware documentation
- **Solution**: Reverse engineering and community collaboration
### Testing
- **Challenge**: Need physical device for testing
- **Solution**: Use emulation and community testing
## Next Steps
### Immediate
1. **Research existing drivers** for MSM8960
2. **Identify missing components** that need custom drivers
3. **Plan driver development** strategy
4. **Set up development environment**
### Short Term
1. **Develop basic drivers** for essential hardware
2. **Test driver compatibility** with existing kernel
3. **Document driver requirements** and interfaces
4. **Create driver development guidelines**
### Long Term
1. **Complete driver suite** for all hardware
2. **Optimize driver performance** and power usage
3. **Maintain driver compatibility** with kernel updates
4. **Contribute drivers** to mainline kernel

307
research/q20-hardware-research.md Normal file
View File

@ -0,0 +1,307 @@
# BlackBerry Classic Q20 Hardware Research
## Device Overview
- **Model**: BlackBerry Classic (Q20)
- **Release Date**: December 2014
- **Manufacturer**: BlackBerry Limited
- **OS**: BlackBerry 10.3.1 (originally)
- **Dimensions**: 131 x 72.4 x 10.2 mm
- **Weight**: 177g
## System-on-Chip (SoC)
### Qualcomm MSM8960 (Snapdragon S4 Plus)
- **Architecture**: ARMv7 dual-core Krait 200/300
- **Process**: 28nm LP (Low Power)
- **CPU Cores**: 2x ARM Cortex-A9 (Krait 200/300)
- **CPU Frequency**: 1.5GHz (maximum)
- **GPU**: Adreno 225
- **Memory Interface**: LPDDR2-1066
- **ISP**: 20MP camera support
- **Video**: 1080p encode/decode
- **Modem**: Integrated MDM9615
### Krait CPU Details
- **Architecture**: ARMv7-A compatible
- **Pipeline**: 11-stage out-of-order
- **L1 Cache**: 32KB instruction + 32KB data per core
- **L2 Cache**: 1MB shared
- **Power Management**: Dynamic voltage and frequency scaling
## Memory & Storage
### RAM
- **Type**: LPDDR2-1066
- **Capacity**: 2GB
- **Bandwidth**: 8.5 GB/s
- **Configuration**: 32-bit dual-channel
### Internal Storage
- **Type**: eMMC 4.5
- **Capacity**: 16GB
- **Interface**: 8-bit parallel
- **Speed**: Up to 200MB/s read, 50MB/s write
### Expandable Storage
- **Type**: microSD card slot
- **Capacity**: Up to 128GB (officially supported)
- **Speed**: Class 10
## Display System
### Panel Specifications
- **Type**: IPS LCD
- **Size**: 3.5 inches
- **Resolution**: 720 x 720 pixels (1:1 aspect ratio)
- **Pixel Density**: 294 PPI
- **Color Depth**: 24-bit (16.7M colors)
- **Brightness**: Up to 500 nits
- **Contrast Ratio**: 1000:1
- **Viewing Angles**: 178° horizontal/vertical
### Display Interface
- **Technology**: MIPI DSI (Display Serial Interface)
- **Lanes**: 4-lane DSI
- **Version**: DSI 1.0
- **Backlight**: LED edge-lit with PWM control
### Touch Technology
- **Type**: Capacitive
- **Points**: Multi-touch (up to 10 points)
- **Interface**: I2C or SPI
- **Controller**: Likely Atmel or Synaptics
## Input Devices
### Physical Keyboard
- **Type**: QWERTY with backlight
- **Keys**: 35 physical keys
- **Layout**: 4 rows x 9 columns (approximately)
- **Backlight**: LED with adjustable brightness
- **Interface**: I2C or SPI controller
- **Features**:
- Dedicated Call/End keys
- Menu and Back navigation
- Alt and Shift modifiers
- Number row (1-0)
- Special function keys
### Trackpad
- **Type**: Optical or capacitive sensor
- **Size**: Approximately 20mm x 20mm
- **Resolution**: High precision for trackpad use
- **Interface**: I2C or SPI
- **Features**:
- Left/right click buttons
- Scroll functionality
- Gesture support
### Navigation Keys
- **Menu Key**: Context menu access
- **Back Key**: Navigation back
- **Call Key**: Answer/initiate calls
- **End Key**: End calls/power functions
## Graphics & Multimedia
### Adreno 225 GPU
- **Architecture**: Unified shader model 4.1
- **Shader Units**: 8 unified shaders
- **Memory**: Shared with system RAM
- **API Support**:
- OpenGL ES 2.0
- OpenVG 1.1
- DirectX 9.0c (limited)
- **Performance**: ~24 GFLOPS
- **Memory Bandwidth**: 8.5 GB/s
### Video Capabilities
- **Decode**: H.264, H.263, MPEG-4, VP8
- **Encode**: H.264, H.263
- **Resolution**: Up to 1080p
- **Frame Rate**: Up to 30fps
## Audio System
### Audio Codec
- **Primary**: Qualcomm WCD9310 or similar
- **Interface**: I2S/SLIMbus
- **Sample Rate**: Up to 48kHz
- **Bit Depth**: 16/24-bit
### Audio Outputs
- **Speaker**: Mono speaker (rear-facing)
- **Headphone**: 3.5mm TRRS jack
- **Volume Control**: Hardware + software
### Audio Inputs
- **Microphone**: Built-in microphone
- **Noise Cancellation**: Digital noise reduction
- **Echo Cancellation**: For voice calls
## Connectivity
### Cellular Modem
- **Model**: Qualcomm MDM9615
- **Technology**:
- LTE Cat 3 (100/50 Mbps)
- HSPA+ (21/5.76 Mbps)
- CDMA (EV-DO Rev. A)
- **Interface**: QMI over USB or HSIC
- **Bands**:
- LTE: Bands 1, 2, 3, 4, 5, 7, 8, 13, 17, 20
- GSM: 850, 900, 1800, 1900 MHz
- CDMA: 800, 1900 MHz
### Wi-Fi
- **Standard**: IEEE 802.11n
- **Frequency**: 2.4GHz and 5GHz
- **Speed**: Up to 150 Mbps
- **Security**: WPA/WPA2/WEP
- **Chipset**: Likely Qualcomm/Atheros
### Bluetooth
- **Version**: 4.0 (Bluetooth Low Energy)
- **Profiles**: A2DP, AVRCP, HFP, HSP, OPP, PBAP
- **Range**: Up to 10 meters
- **Chipset**: Likely Qualcomm WCN3660
### GPS
- **Type**: Assisted GPS (A-GPS)
- **Satellites**: GPS, GLONASS
- **Accuracy**: 3-5 meters
- **Time to First Fix**: <30 seconds (cold start)
### USB
- **Version**: USB 2.0
- **Type**: Micro-USB
- **Modes**: Host, Device, OTG
- **Speed**: 480 Mbps
- **Charging**: USB charging supported
## Power Management
### Battery
- **Type**: Lithium-ion (removable)
- **Capacity**: 2515mAh
- **Voltage**: 3.7V nominal
- **Chemistry**: LiCoO2
- **Cycle Life**: 500+ cycles
- **Dimensions**: 65 x 35 x 5mm (approximate)
### Charging
- **Input**: 5V/1.8A (9W)
- **Technology**: Qualcomm Quick Charge 1.0
- **Time**: ~3 hours to full charge
- **Indicators**: LED charging indicator
### Power Management IC
- **Primary**: Qualcomm PM8941
- **Features**:
- Multiple voltage regulators
- Battery management
- Power sequencing
- Thermal protection
## Sensors
### Accelerometer
- **Type**: 3-axis MEMS
- **Range**: ±2g, ±4g, ±8g, ±16g
- **Interface**: I2C/SPI
- **Applications**: Screen rotation, motion detection
### Gyroscope
- **Type**: 3-axis MEMS
- **Range**: ±250, ±500, ±1000, ±2000 dps
- **Interface**: I2C/SPI
- **Applications**: Motion sensing, gaming
### Magnetometer
- **Type**: 3-axis digital compass
- **Range**: ±4900 μT
- **Interface**: I2C
- **Applications**: Navigation, compass
### Proximity Sensor
- **Type**: Infrared
- **Range**: 0-5cm
- **Interface**: I2C
- **Applications**: Screen blanking during calls
### Ambient Light Sensor
- **Type**: Digital light sensor
- **Range**: 0.1-1000 lux
- **Interface**: I2C
- **Applications**: Automatic backlight adjustment
## Camera System
### Rear Camera
- **Sensor**: 8MP CMOS
- **Aperture**: f/2.2
- **Focal Length**: 4.6mm (35mm equivalent: 35mm)
- **Features**:
- Autofocus
- LED flash
- 1080p video recording
- Image stabilization
### Front Camera
- **Sensor**: 2MP CMOS
- **Aperture**: f/2.8
- **Features**:
- Fixed focus
- 720p video recording
- Selfie mode
## Debug Interfaces
### Serial Console
- **Interface**: UART over USB
- **Baud Rate**: 115200
- **Protocol**: 8N1
- **Access**: Requires special cable or software
### JTAG
- **Interface**: 20-pin connector
- **Protocol**: ARM Debug Interface
- **Access**: Hardware debug port (not user accessible)
### USB Debug
- **Mode**: ADB (Android Debug Bridge)
- **Protocol**: USB 2.0
- **Access**: Developer mode required
## Boot Process
### Bootloader
- **Primary**: Qualcomm SBL (Secondary Boot Loader)
- **Security**: Secure boot with signature verification
- **Recovery**: Qualcomm EDL (Emergency Download Mode)
### Partition Layout
- **Bootloader**: 2MB
- **Boot**: 32MB
- **System**: 1GB
- **User Data**: 12GB
- **Cache**: 512MB
- **Recovery**: 256MB
## Security Features
### Hardware Security
- **TrustZone**: ARM TrustZone technology
- **Secure Boot**: Chain of trust verification
- **Hardware Encryption**: AES-256 acceleration
- **Secure Storage**: Hardware-backed key storage
### Software Security
- **BlackBerry Balance**: Work/personal data separation
- **BlackBerry Guardian**: App permission management
- **BlackBerry Protect**: Anti-malware protection
## Research Status
- [x] Basic hardware specifications documented
- [x] SoC details researched
- [x] Display specifications confirmed
- [x] Input device details documented
- [ ] Bootloader analysis needed
- [ ] Debug interface testing required
- [ ] Firmware extraction attempted
- [ ] Hardware reverse engineering needed
- [ ] Driver compatibility research needed
## Next Research Priorities
1. **Bootloader Analysis**: Understand the boot process and security
2. **Debug Interface Testing**: Verify access methods
3. **Hardware Reverse Engineering**: Identify exact component models
4. **Driver Research**: Find compatible open-source drivers
5. **Security Assessment**: Evaluate unlock possibilities

81
scripts/build-kernel-minimal.sh Executable file
View File

@ -0,0 +1,81 @@
#!/bin/bash
# BBeOS Minimal Kernel Build Script
# Builds a basic kernel for BlackBerry Classic Q20
set -e
echo "Building minimal kernel for BBeOS..."
# Set up environment
export ARCH=arm
export CROSS_COMPILE=arm-linux-gnueabihf-
# Go to kernel source directory
cd kernel-source
# Clean previous build
echo "Cleaning previous build..."
make clean
# Configure kernel
echo "Configuring kernel..."
make qcom_defconfig
# Enable essential features
echo "Enabling essential features..."
./scripts/config --enable CONFIG_SERIAL_MSM_CONSOLE
./scripts/config --enable CONFIG_MMC_MSM
./scripts/config --enable CONFIG_DRM_MSM
./scripts/config --enable CONFIG_SOUND_MSM
./scripts/config --enable CONFIG_INPUT
./scripts/config --enable CONFIG_GPIO_MSM_V3
./scripts/config --enable CONFIG_I2C_MSM
./scripts/config --enable CONFIG_SPI_MSM
./scripts/config --enable CONFIG_USB_MSM_OTG
./scripts/config --enable CONFIG_WLAN_VENDOR_ATH
./scripts/config --enable CONFIG_BT
./scripts/config --enable CONFIG_EXT4_FS
./scripts/config --enable CONFIG_FAT_FS
./scripts/config --enable CONFIG_VFAT_FS
./scripts/config --enable CONFIG_DEBUG_FS
./scripts/config --enable CONFIG_DEBUG_KERNEL
./scripts/config --enable CONFIG_KGDB
./scripts/config --enable CONFIG_KGDB_SERIAL_CONSOLE
# Disable unnecessary features
echo "Disabling unnecessary features..."
./scripts/config --disable CONFIG_MODULES
./scripts/config --disable CONFIG_MODULE_UNLOAD
./scripts/config --disable CONFIG_MODVERSIONS
./scripts/config --disable CONFIG_MODULE_SRCVERSION_ALL
# Set essential options
echo "Setting essential options..."
./scripts/config --set-str CONFIG_CMDLINE "console=ttyMSM0,115200 root=/dev/mmcblk0p1 rw rootwait"
./scripts/config --set-str CONFIG_CMDLINE_FROM_BOOTLOADER "y"
./scripts/config --set-str CONFIG_CMDLINE_EXTEND "y"
# Enable initramfs support
echo "Enabling initramfs support..."
./scripts/config --enable CONFIG_BLK_DEV_INITRD
./scripts/config --enable CONFIG_INITRAMFS_SOURCE ""
./scripts/config --enable CONFIG_INITRAMFS_ROOT_UID 0
./scripts/config --enable CONFIG_INITRAMFS_ROOT_GID 0
# Apply configuration
echo "Applying configuration..."
make olddefconfig
# Build kernel
echo "Building kernel..."
make -j$(nproc) zImage
# Build device tree
echo "Building device tree..."
make dtbs
echo "Kernel build complete!"
echo "Files created:"
echo " - arch/arm/boot/zImage (kernel image)"
echo " - arch/arm/boot/dts/qcom/qcom-msm8960-blackberry-q20-simple.dtb (device tree)"

259
scripts/build-kernel.sh Executable file
View File

@ -0,0 +1,259 @@
#!/bin/bash
# BBeOS Kernel Build Script for MSM8960
# Builds Linux kernel for BlackBerry Classic Q20
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
KERNEL_DIR="$PROJECT_ROOT/kernel"
BUILD_DIR="$PROJECT_ROOT/build"
TOOLCHAIN_DIR="$PROJECT_ROOT/toolchain"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
# Logging functions
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Configuration
KERNEL_VERSION="6.1"
KERNEL_SOURCE="linux-$KERNEL_VERSION"
KERNEL_URL="https://cdn.kernel.org/pub/linux/kernel/v6.x/$KERNEL_SOURCE.tar.xz"
TOOLCHAIN_URL="https://developer.arm.com/-/media/Files/downloads/gnu-a/10.3-2021.07/binrel/gcc-arm-10.3-2021.07-x86_64-arm-none-linux-gnueabihf.tar.xz"
ARCH="arm"
CROSS_COMPILE="arm-none-linux-gnueabihf-"
DEFCONFIG="msm8960_defconfig"
# Check dependencies
check_dependencies() {
log_info "Checking build dependencies..."
local deps=("wget" "tar" "make" "gcc" "g++" "flex" "bison" "libssl-dev" "libncurses5-dev" "bc")
local missing_deps=()
for dep in "${deps[@]}"; do
if ! command -v "$dep" &> /dev/null; then
missing_deps+=("$dep")
fi
done
if [ ${#missing_deps[@]} -ne 0 ]; then
log_error "Missing dependencies: ${missing_deps[*]}"
log_info "Please install the missing packages:"
log_info "sudo apt-get install ${missing_deps[*]}"
exit 1
fi
log_success "All dependencies found"
}
# Setup build environment
setup_build_env() {
log_info "Setting up build environment..."
mkdir -p "$BUILD_DIR"
mkdir -p "$TOOLCHAIN_DIR"
# Set environment variables
export ARCH="$ARCH"
export CROSS_COMPILE="$CROSS_COMPILE"
export PATH="$TOOLCHAIN_DIR/gcc-arm-10.3-2021.07-x86_64-arm-none-linux-gnueabihf/bin:$PATH"
log_success "Build environment configured"
}
# Download and setup toolchain
setup_toolchain() {
log_info "Setting up ARM toolchain..."
local toolchain_file="gcc-arm-10.3-2021.07-x86_64-arm-none-linux-gnueabihf.tar.xz"
local toolchain_path="$TOOLCHAIN_DIR/$toolchain_file"
if [ ! -d "$TOOLCHAIN_DIR/gcc-arm-10.3-2021.07-x86_64-arm-none-linux-gnueabihf" ]; then
if [ ! -f "$toolchain_path" ]; then
log_info "Downloading ARM toolchain..."
wget -O "$toolchain_path" "$TOOLCHAIN_URL"
fi
log_info "Extracting toolchain..."
tar -xf "$toolchain_path" -C "$TOOLCHAIN_DIR"
fi
log_success "Toolchain setup completed"
}
# Download kernel source
download_kernel() {
log_info "Setting up kernel source..."
local kernel_file="$KERNEL_SOURCE.tar.xz"
local kernel_path="$BUILD_DIR/$kernel_file"
if [ ! -d "$BUILD_DIR/$KERNEL_SOURCE" ]; then
if [ ! -f "$kernel_path" ]; then
log_info "Downloading kernel source..."
wget -O "$kernel_path" "$KERNEL_URL"
fi
log_info "Extracting kernel source..."
tar -xf "$kernel_path" -C "$BUILD_DIR"
fi
log_success "Kernel source setup completed"
}
# Apply patches and configuration
setup_kernel_config() {
log_info "Setting up kernel configuration..."
local kernel_build_dir="$BUILD_DIR/$KERNEL_SOURCE"
# Copy our defconfig
cp "$KERNEL_DIR/msm8960-defconfig" "$kernel_build_dir/arch/arm/configs/$DEFCONFIG"
# Copy device tree
cp "$KERNEL_DIR/q20.dts" "$kernel_build_dir/arch/arm/boot/dts/"
# Apply any patches
if [ -d "$KERNEL_DIR/patches" ]; then
log_info "Applying kernel patches..."
for patch in "$KERNEL_DIR/patches"/*.patch; do
if [ -f "$patch" ]; then
log_info "Applying patch: $(basename "$patch")"
patch -d "$kernel_build_dir" -p1 < "$patch"
fi
done
fi
log_success "Kernel configuration setup completed"
}
# Build kernel
build_kernel() {
log_info "Building kernel..."
local kernel_build_dir="$BUILD_DIR/$KERNEL_SOURCE"
cd "$kernel_build_dir"
# Clean previous build
make clean
# Configure kernel
make "$DEFCONFIG"
# Build kernel
make -j$(nproc) zImage dtbs modules
# Build device tree blob
dtc -I dts -O dtb -o "$BUILD_DIR/q20.dtb" "$KERNEL_DIR/q20.dts"
log_success "Kernel build completed"
}
# Create boot image
create_boot_image() {
log_info "Creating boot image..."
local kernel_build_dir="$BUILD_DIR/$KERNEL_SOURCE"
local boot_dir="$BUILD_DIR/boot"
mkdir -p "$boot_dir"
# Copy kernel image
cp "$kernel_build_dir/arch/arm/boot/zImage" "$boot_dir/"
# Copy device tree
cp "$BUILD_DIR/q20.dtb" "$boot_dir/"
# Create initramfs (minimal)
create_initramfs
# Create boot.img (Android format)
create_android_boot_image
log_success "Boot image created"
}
# Create minimal initramfs
create_initramfs() {
log_info "Creating minimal initramfs..."
local initramfs_dir="$BUILD_DIR/initramfs"
local initramfs_file="$BUILD_DIR/initramfs.cpio.gz"
mkdir -p "$initramfs_dir"
# Create basic initramfs structure
cat > "$initramfs_dir/init" << 'EOF'
#!/bin/sh
mount -t proc none /proc
mount -t sysfs none /sys
mount -t devtmpfs none /dev
exec /bin/sh
EOF
chmod +x "$initramfs_dir/init"
# Create initramfs archive
cd "$initramfs_dir"
find . | cpio -o -H newc | gzip > "$initramfs_file"
log_success "Initramfs created"
}
# Create Android boot image
create_android_boot_image() {
log_info "Creating Android boot image..."
local boot_dir="$BUILD_DIR/boot"
local boot_img="$BUILD_DIR/boot.img"
# This is a placeholder - you'd need mkbootimg tool
log_warning "Android boot image creation requires mkbootimg tool"
log_info "Manual steps required:"
log_info "1. Install mkbootimg tool"
log_info "2. Run: mkbootimg --kernel $boot_dir/zImage --dtb $boot_dir/q20.dtb --ramdisk $BUILD_DIR/initramfs.cpio.gz --output $boot_img"
}
# Main build process
main() {
log_info "Starting BBeOS kernel build for MSM8960..."
check_dependencies
setup_build_env
setup_toolchain
download_kernel
setup_kernel_config
build_kernel
create_boot_image
log_success "Kernel build completed successfully!"
log_info "Build artifacts:"
log_info " Kernel: $BUILD_DIR/$KERNEL_SOURCE/arch/arm/boot/zImage"
log_info " Device Tree: $BUILD_DIR/q20.dtb"
log_info " Initramfs: $BUILD_DIR/initramfs.cpio.gz"
log_info " Boot Directory: $BUILD_DIR/boot/"
}
# Run main function
main "$@"

179
scripts/configure-kernel.sh Executable file
View File

@ -0,0 +1,179 @@
#!/bin/bash
# BBeOS Kernel Configuration Script for BlackBerry Classic Q20
# Based on MSM8960 (Snapdragon S4 Plus)
set -e
echo "Configuring kernel for BBeOS (BlackBerry Classic Q20)..."
# Set up environment
export ARCH=arm
export CROSS_COMPILE=arm-linux-gnueabihf-
# Base configuration (already done with qcom_defconfig)
echo "Using qcom_defconfig as base..."
# Essential MSM8960 configurations
echo "Enabling MSM8960 support..."
./scripts/config --enable CONFIG_ARCH_MSM
./scripts/config --enable CONFIG_MSM8960
./scripts/config --enable CONFIG_CPU_32v7
./scripts/config --enable CONFIG_CPU_HAS_ASID
# Serial console and debug
echo "Enabling serial console and debug..."
./scripts/config --enable CONFIG_SERIAL_MSM
./scripts/config --enable CONFIG_SERIAL_MSM_CONSOLE
./scripts/config --enable CONFIG_SERIAL_MSM_HS
./scripts/config --enable CONFIG_SERIAL_MSM_HSL
./scripts/config --enable CONFIG_SERIAL_MSM_HSL_CONSOLE
# Memory and storage
echo "Enabling memory and storage support..."
./scripts/config --enable CONFIG_MMC
./scripts/config --enable CONFIG_MMC_MSM
./scripts/config --enable CONFIG_MMC_MSM_SDC1
./scripts/config --enable CONFIG_MMC_MSM_SDC2
./scripts/config --enable CONFIG_MMC_MSM_SDC3
./scripts/config --enable CONFIG_MMC_MSM_SDC4
# Display and graphics
echo "Enabling display and graphics..."
./scripts/config --enable CONFIG_DRM
./scripts/config --enable CONFIG_DRM_MSM
./scripts/config --enable CONFIG_DRM_MSM_MDP5
./scripts/config --enable CONFIG_DRM_MSM_DSI
./scripts/config --enable CONFIG_DRM_MSM_HDMI
./scripts/config --enable CONFIG_FB_MSM
./scripts/config --enable CONFIG_FB_MSM_MDSS
./scripts/config --enable CONFIG_FB_MSM_MDP
# Audio support
echo "Enabling audio support..."
./scripts/config --enable CONFIG_SOUND
./scripts/config --enable CONFIG_SND
./scripts/config --enable CONFIG_SND_SOC
./scripts/config --enable CONFIG_SND_SOC_MSM8960
./scripts/config --enable CONFIG_SND_SOC_WCD9310
./scripts/config --enable CONFIG_SND_SOC_WCD9330
./scripts/config --enable CONFIG_SND_SOC_WCD9335
# Input devices
echo "Enabling input device support..."
./scripts/config --enable CONFIG_INPUT
./scripts/config --enable CONFIG_INPUT_KEYBOARD
./scripts/config --enable CONFIG_INPUT_MOUSE
./scripts/config --enable CONFIG_INPUT_TOUCHSCREEN
./scripts/config --enable CONFIG_INPUT_JOYSTICK
./scripts/config --enable CONFIG_INPUT_TABLET
./scripts/config --enable CONFIG_INPUT_MISC
# Network support
echo "Enabling network support..."
./scripts/config --enable CONFIG_NET
./scripts/config --enable CONFIG_INET
./scripts/config --enable CONFIG_NETDEVICES
./scripts/config --enable CONFIG_WLAN
./scripts/config --enable CONFIG_WLAN_VENDOR_ATH
./scripts/config --enable CONFIG_ATH6KL
./scripts/config --enable CONFIG_ATH6KL_SDIO
./scripts/config --enable CONFIG_BT
./scripts/config --enable CONFIG_BT_HCIBTUSB
./scripts/config --enable CONFIG_BT_HCIUART
# USB support
echo "Enabling USB support..."
./scripts/config --enable CONFIG_USB
./scripts/config --enable CONFIG_USB_SUPPORT
./scripts/config --enable CONFIG_USB_ARCH_HAS_HCD
./scripts/config --enable CONFIG_USB_ARCH_HAS_EHCI
./scripts/config --enable CONFIG_USB_ARCH_HAS_OHCI
./scripts/config --enable CONFIG_USB_ARCH_HAS_XHCI
# Power management
echo "Enabling power management..."
./scripts/config --enable CONFIG_PM
./scripts/config --enable CONFIG_PM_SLEEP
./scripts/config --enable CONFIG_PM_RUNTIME
./scripts/config --enable CONFIG_PM_GENERIC_DOMAINS
./scripts/config --enable CONFIG_PM_OPP
./scripts/config --enable CONFIG_CPU_FREQ
./scripts/config --enable CONFIG_CPU_FREQ_GOV_POWERSAVE
./scripts/config --enable CONFIG_CPU_FREQ_GOV_USERSPACE
./scripts/config --enable CONFIG_CPU_FREQ_GOV_ONDEMAND
./scripts/config --enable CONFIG_CPU_FREQ_GOV_CONSERVATIVE
./scripts/config --enable CONFIG_CPU_FREQ_GOV_SCHEDUTIL
# GPIO and I2C
echo "Enabling GPIO and I2C support..."
./scripts/config --enable CONFIG_GPIOLIB
./scripts/config --enable CONFIG_GPIO_SYSFS
./scripts/config --enable CONFIG_I2C
./scripts/config --enable CONFIG_I2C_CHARDEV
./scripts/config --enable CONFIG_I2C_HELPER_AUTO
./scripts/config --enable CONFIG_I2C_MSM
# SPI support
echo "Enabling SPI support..."
./scripts/config --enable CONFIG_SPI
./scripts/config --enable CONFIG_SPI_MASTER
./scripts/config --enable CONFIG_SPI_MSM
# Sensors
echo "Enabling sensor support..."
./scripts/config --enable CONFIG_IIO
./scripts/config --enable CONFIG_IIO_BUFFER
./scripts/config --enable CONFIG_IIO_TRIGGER
./scripts/config --enable CONFIG_IIO_KFIFO_BUF
./scripts/config --enable CONFIG_IIO_TRIGGERED_BUFFER
# Filesystem support
echo "Enabling filesystem support..."
./scripts/config --enable CONFIG_EXT4_FS
./scripts/config --enable CONFIG_FAT_FS
./scripts/config --enable CONFIG_VFAT_FS
./scripts/config --enable CONFIG_NTFS_FS
./scripts/config --enable CONFIG_SQUASHFS
./scripts/config --enable CONFIG_CRAMFS
# Debug and development
echo "Enabling debug and development features..."
./scripts/config --enable CONFIG_DEBUG_FS
./scripts/config --enable CONFIG_DEBUG_KERNEL
./scripts/config --enable CONFIG_DEBUG_INFO
./scripts/config --enable CONFIG_DEBUG_INFO_DWARF4
./scripts/config --enable CONFIG_KGDB
./scripts/config --enable CONFIG_KGDB_SERIAL_CONSOLE
./scripts/config --enable CONFIG_KGDB_KDB
./scripts/config --enable CONFIG_KDB_KEYBOARD
# Security
echo "Enabling security features..."
./scripts/config --enable CONFIG_SECURITY
./scripts/config --enable CONFIG_SECURITYFS
./scripts/config --enable CONFIG_DEFAULT_SECURITY_DAC
./scripts/config --set-str CONFIG_DEFAULT_SECURITY ""
# Disable unnecessary features
echo "Disabling unnecessary features..."
./scripts/config --disable CONFIG_MODULES
./scripts/config --disable CONFIG_MODULE_UNLOAD
./scripts/config --disable CONFIG_MODVERSIONS
./scripts/config --disable CONFIG_MODULE_SRCVERSION_ALL
# Set essential options
echo "Setting essential options..."
./scripts/config --set-str CONFIG_CMDLINE "console=ttyMSM0,115200 root=/dev/mmcblk0p1 rw rootwait"
./scripts/config --set-str CONFIG_CMDLINE_FROM_BOOTLOADER "y"
./scripts/config --set-str CONFIG_CMDLINE_EXTEND "y"
# Enable initramfs support
echo "Enabling initramfs support..."
./scripts/config --enable CONFIG_BLK_DEV_INITRD
./scripts/config --enable CONFIG_INITRAMFS_SOURCE ""
./scripts/config --enable CONFIG_INITRAMFS_ROOT_UID 0
./scripts/config --enable CONFIG_INITRAMFS_ROOT_GID 0
echo "Kernel configuration complete!"
echo "Run 'make ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf- olddefconfig' to apply changes"

231
tools/firmware-extractor.sh Executable file
View File

@ -0,0 +1,231 @@
#!/bin/bash
# BBeOS Firmware Extraction Tool
# Extracts and analyzes BlackBerry 10 firmware for Q20
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
EXTRACT_DIR="$PROJECT_ROOT/firmware"
TOOLS_DIR="$PROJECT_ROOT/tools"
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Logging functions
log_info() {
echo -e "${BLUE}[INFO]${NC} $1"
}
log_success() {
echo -e "${GREEN}[SUCCESS]${NC} $1"
}
log_warning() {
echo -e "${YELLOW}[WARNING]${NC} $1"
}
log_error() {
echo -e "${RED}[ERROR]${NC} $1"
}
# Check dependencies
check_dependencies() {
log_info "Checking dependencies..."
local deps=("wget" "unzip" "tar" "hexdump" "strings" "file")
local missing_deps=()
for dep in "${deps[@]}"; do
if ! command -v "$dep" &> /dev/null; then
missing_deps+=("$dep")
fi
done
if [ ${#missing_deps[@]} -ne 0 ]; then
log_error "Missing dependencies: ${missing_deps[*]}"
log_info "Please install the missing packages and try again."
exit 1
fi
log_success "All dependencies found"
}
# Create directories
setup_directories() {
log_info "Setting up directories..."
mkdir -p "$EXTRACT_DIR"
mkdir -p "$EXTRACT_DIR/autoloader"
mkdir -p "$EXTRACT_DIR/partitions"
mkdir -p "$EXTRACT_DIR/analysis"
mkdir -p "$TOOLS_DIR"
log_success "Directories created"
}
# Download firmware (placeholder - user needs to provide actual firmware)
download_firmware() {
log_info "Firmware download section"
log_warning "You need to manually download the BB10 firmware for Q20"
log_info "Place the firmware file in: $EXTRACT_DIR/autoloader/"
log_info "Common firmware files:"
log_info " - *.signed (autoloader format)"
log_info " - *.zip (extracted autoloader)"
log_info " - *.bar files (individual apps)"
if [ -z "$(ls -A "$EXTRACT_DIR/autoloader" 2>/dev/null)" ]; then
log_error "No firmware files found in $EXTRACT_DIR/autoloader/"
log_info "Please download the firmware and place it in the autoloader directory"
exit 1
fi
}
# Extract autoloader
extract_autoloader() {
log_info "Extracting autoloader..."
local autoloader_dir="$EXTRACT_DIR/autoloader"
local partitions_dir="$EXTRACT_DIR/partitions"
for file in "$autoloader_dir"/*; do
if [[ "$file" == *.signed ]]; then
log_info "Processing signed autoloader: $(basename "$file")"
# Extract signed autoloader
# This is a placeholder - actual extraction depends on the format
cp "$file" "$partitions_dir/"
elif [[ "$file" == *.zip ]]; then
log_info "Extracting ZIP autoloader: $(basename "$file")"
unzip -q "$file" -d "$partitions_dir/"
fi
done
log_success "Autoloader extraction completed"
}
# Analyze partitions
analyze_partitions() {
log_info "Analyzing partitions..."
local partitions_dir="$EXTRACT_DIR/partitions"
local analysis_dir="$EXTRACT_DIR/analysis"
# Find and analyze partition files
find "$partitions_dir" -type f -exec sh -c '
echo "=== Analyzing: $1 ===" >> "$2/partition_analysis.txt"
file "$1" >> "$2/partition_analysis.txt"
echo "" >> "$2/partition_analysis.txt"
# Extract strings for analysis
echo "=== Strings from: $1 ===" >> "$2/strings_$(basename "$1").txt"
strings "$1" | head -100 >> "$2/strings_$(basename "$1").txt"
echo "" >> "$2/strings_$(basename "$1").txt"
# Hex dump for binary analysis
echo "=== Hex dump of first 1KB: $1 ===" >> "$2/hexdump_$(basename "$1").txt"
hexdump -C "$1" | head -50 >> "$2/hexdump_$(basename "$1").txt"
echo "" >> "$2/hexdump_$(basename "$1").txt"
' _ {} "$analysis_dir" \;
log_success "Partition analysis completed"
}
# Extract device tree and kernel info
extract_system_info() {
log_info "Extracting system information..."
local partitions_dir="$EXTRACT_DIR/partitions"
local analysis_dir="$EXTRACT_DIR/analysis"
# Look for device tree blobs
find "$partitions_dir" -name "*.dtb" -o -name "*.dts" | while read -r dtb_file; do
log_info "Found device tree: $(basename "$dtb_file")"
cp "$dtb_file" "$analysis_dir/"
# Try to decompile DTB to DTS
if [[ "$dtb_file" == *.dtb ]]; then
if command -v dtc &> /dev/null; then
dtc -I dtb -O dts -o "$analysis_dir/$(basename "$dtb_file" .dtb).dts" "$dtb_file" 2>/dev/null || true
fi
fi
done
# Look for kernel images
find "$partitions_dir" -name "*kernel*" -o -name "*boot*" -o -name "*Image*" | while read -r kernel_file; do
log_info "Found kernel image: $(basename "$kernel_file")"
cp "$kernel_file" "$analysis_dir/"
done
log_success "System information extraction completed"
}
# Generate analysis report
generate_report() {
log_info "Generating analysis report..."
local analysis_dir="$EXTRACT_DIR/analysis"
local report_file="$analysis_dir/firmware_analysis_report.md"
cat > "$report_file" << EOF
# BlackBerry Q20 Firmware Analysis Report
## Analysis Date
$(date)
## Extracted Files
$(find "$EXTRACT_DIR/partitions" -type f -exec basename {} \; | sort)
## Device Tree Files
$(find "$analysis_dir" -name "*.dtb" -o -name "*.dts" | xargs -I {} basename {} | sort)
## Kernel Images
$(find "$analysis_dir" -name "*kernel*" -o -name "*boot*" -o -name "*Image*" | xargs -I {} basename {} | sort)
## Partition Analysis
\`\`\`
$(cat "$analysis_dir/partition_analysis.txt" 2>/dev/null || echo "No partition analysis available")
\`\`\`
## Key Findings
- [ ] Bootloader signature verification method identified
- [ ] Device tree structure documented
- [ ] Kernel configuration extracted
- [ ] Proprietary drivers identified
- [ ] Firmware blobs catalogued
## Next Steps
1. Analyze bootloader security
2. Extract kernel configuration
3. Identify required drivers
4. Document hardware interfaces
5. Plan driver development
EOF
log_success "Analysis report generated: $report_file"
}
# Main execution
main() {
log_info "Starting BBeOS firmware extraction and analysis..."
check_dependencies
setup_directories
download_firmware
extract_autoloader
analyze_partitions
extract_system_info
generate_report
log_success "Firmware extraction and analysis completed!"
log_info "Results available in: $EXTRACT_DIR/analysis/"
log_info "Review the analysis report: $EXTRACT_DIR/analysis/firmware_analysis_report.md"
}
# Run main function
main "$@"