persist partition: account information, DRM (Digital Rights Management) related files, sensor registry, essential for our wifi, Bluetooth, mac address.
Please note that restoring factory settings cannot clear the persist partition. In addition, the online flash package does not include the persist partition. Once a problem occurs, we need to repair it manually.
Modem&radio baseband partition: the partition that controls mobile phone communication functions. Once this partition is damaged, communication-related functions will most likely be lost. Specific manifestations include card failure, imei loss, etc.
fsg
fsc
modemst1
modemst2
These 4 partitions must be backed up
FRP (factory reset protect)
dsp
bluetooth
modem
persistsec
Select backup
misc partition
Recovery uses this partition to save some information about the upgrade to deal with the device power failure and restart during the upgrade process.
When the bootloader starts, it will read the information in this partition to determine whether the system will enter Recovery System or Main System.
fastboot –disable-verity –disable-verification flash vbmeta vbmeta.img
As the name suggests, FRP is used to protect factory settings. For example, if your phone is lost, the thief will usually restore it to factory settings to bypass the lock screen password so that it can be used. But if you log in with a Google account, you still have to enter your password or Google account at the boot time. This is using FRP. If the factory reset is triggered from the settings, FRP will not be triggered. Maybe Google thought during the design that it can be entered into the settings to operate. At this time, the desktop has been unlocked, so it is most likely thought to be the owner of the machine, so it will not be triggered.
| LABEL | PURPOSE OF THIS PARTITION |
|---|---|
| Modem | Partition for modem |
| fsc | Cookie partition to store Modem File System’s cookies. |
| Ssd | Partition for ssd diag module. stores the encrypted RSA keys |
| sbl1 | Partition for secondary boot loader |
| Sbl1bak | Back up Partition for secondary boot loader |
| Rpm | Partition for rpm image |
| Rpmbak | Back up Partition for rpm image |
| Tz | Partition for tz image |
| Tzbak | Back up Partition for tz image |
| Hyp | Partition for hypervisor image |
| Hypbak | Back up Partition for hypervisor image |
| Dsp | Partition for adsp dymanic loaders image |
| Modemst1 | Copy of Modem File System (Encrypted) |
| Modemst2 | Copy of Modem File System (Encrypted) |
| DDR | Partition for DDR. |
| fsg | Golden copy or backup of Modem File System (Encrypted) . Also used to pre-populate the file system. |
| Sec | Sec.dat contains fuse settings, mainly for secure boot and oem setting |
| Splash | The splash screen is displayed during the apps bootloader (also called the LK). The display driver in LK will read the splash image data from a separate eMMC partition named as ‘splash’ |
| Aboot | Partition for apps boot loader |
| Abootbak | Back up Partition for apps boot loader |
| Boot | This is the boot partition of your android device,It includes the android kernel and the ramdisk. |
| Recovery | This is specially designed for backup. The recovery partition can be considered as an alternative boot partition |
| Devinfo | Device information including:iis_unlocked, is_tampered, is_verified, charger_screen_enabled, display_panel, bootloader_version, radio_version All these attirbutes are set based on some specific conditions and written on devinfo partition,. |
| System | This partition contains the entire Android OS, other than the kernel and the ramdisk. This includes the Android GUI and all the system applications that come pre-installed on the device |
| Cache | This is the partition where Android stores frequently accessed data and app components |
| Persist | Partition entry for persist image. which contains data which shouldn’t be changed after the device shipped, for example: calibration data of chips(wifi, bt, camera, etc.) , certificates and other security related files. |
| Misc | This partition contains miscellaneous system settings in form of on/off switches. These settings may include CID (Carrier or Region ID), USB configuration and certain hardware settings etc |
| Keystore | Partition for keystore service. |
| Config | Partition needed during display panel initialization. More info at Display_panel_configuration_in_Device_Tree |
| OEM | “It is meant for storing OEM specific info. Customer in this case can decide whether he wants to keep this partition or not typically reserved partitions are kept for future use |
| Limits | Partition to store LMh params on 8976 target. LMh (Limits management) driver in SBL writes the LMh HW trimmed data into separate partition and uses the same data for later reboots |
| Mota | Backup partition for M ota upgrade |
| Devcfg | Partition needed by TZ for M upgrades. |
| Dip | Partition needed for SafeSwitch, feature (FR26255) designed to allow OEMs and carriers to address new smartphone theft bill issues. |
| mdtp | Partition needed for SafeSwitch, feature (FR26255) designed to allow OEMs and carriers to address new smartphone theft bill issues. |
| Userdata | Partition for userdata image |
| Cmnlib | Verified boot feature introduced in M needLK to load cmnlib corresponding partitions |
| Keymaster | Verified boot feature introduced in M needs LK to load keymaster from corresponding partitions |
| Syscfg | Syscfg is internal testing for Vmin and CPR characterization |
| f | All MBNs place holder in flash. Specific MBN would be loaded by mcfg image based on the SIM/Carrier. |
| msadp | Used for modem debug policy |
| Apdp | Used for persisting the debug policy. “Debug policy” is used to better support development and debug on secure/fuse-blown devices One instance of the debug policy will be signed for the AP |
| Dpo | This partition will store a policy override |
After the 5G parameters and IMEI are written to the Modemst1 partition,
copy all data in the Modemst1 partition to the FSG partition for storage;
Check whether the Modemst1 partition is reading and writing normally after each boot:
- When the Modemst1 partition reads and writes abnormally, clear the Modemst1 partition;
- When the Modemst1 partition is empty, copy the FSG partition to the Modemst1 partition for recovery;
- When the Modemst1 partition is read and written normally, the subsequent normal boot process is completed.
The advantage is that it makes full use of the storage space of the FSG partition and exists as a shadow of the Modemst1 partition, which improves partition utilization and enables IoT devices to completely restore factory settings
. It cleverly circumvents the previous problem that the Modemst1 partition cannot be reset after leaving the factory, and avoids the defect of having to return to the factory for repair due to abnormal 5G parameters.
The working partition of NV is defined by Qualcomm platform as modemst1 or modemst2. The working modemst1 partition or modemst2 partition is equivalent
The 5G parameters are always saved in the modemst1 partition when leaving the factory. The router continuously reads and writes with the modemst1 partition during operation.
The partition that stores the NV parameter initialization value is the FSG partition. The Qualcomm platform will create an image file containing the NV parameter initialization value and download this image file to the FSG partition.
The basis for the Qualcomm platform to copy the FSG partition to the modemst1 partition during the startup process is to determine whether the current NV working modemst1 partition is empty. If it is empty, the NV parameter initialization value in the image file in the FSG partition is updated to the modemst1 partition. middle.
Generally, after the 5G device downloads the software for the first time, because the modemst1 partition is empty, the NV parameter initialization value in the FSG partition will be written to the modemst1 partition. Then during the production process, important 5G parameters such as calibration parameters and IEMI will be written to the modemst1 partition, causing the modemst1 partition to be unable to be erased later. Because the modemst1 partition cannot be erased, it will naturally no longer be empty, and the data in the FSG partition will no longer have the opportunity to be written to the modemst1 partition. The reason why the modemst1 partition cannot be erased is not that the partition cannot be read and written, but that after the partition data is erased, the calibration parameters, IEMI and other important 5G parameters written at the factory will be lost. If these important 5G parameters are not returned to the factory for repair, there will be no backup on the IoT device.
First, download the software and install the soft system on the empty chip. The working mechanism of the Qualcomm platform will copy all the NV parameter initialization values stored in the FSG partition to the modemst1 partition when the modemst1 partition is empty.
Then write various factory settings and parameters to the modemst1 partition, for example, in order: write the single board number, write the calibration comprehensive test parameters, write the single board current parameters, write the single board functions, write the whole machine current, and couple Operations such
as writing , writing complete machine functions, and writing IMEI
Finally, copy the modemst1 partition that has been completed above to the FSG partition to complete the saving of 5G parameters of the IoT device.
IoT devices do not operate the fsg partition during normal use, and the fsg partition parameters are always the initial state when the device leaves the factory.
When an IoT device goes online and registers for a 5G network, it reads the parameters of the modemst1 partition as needed, and the operating status is written to the modemst1 partition of the device. Therefore, it continuously interacts with the modemst1 partition during operation.
Frequent data interaction naturally greatly increases the probability of errors in 5G parameters. When an abnormality occurs in reading and writing the modemst1 partition, the reading and writing exception affects the device registration network and the normal operation of the modem. At this time, the modemst1 partition needs to be restored to the factory state.
Users only need to restart the abnormal IoT device twice to solve the problem.
The first time is to clear the Modemst1 partition, and the second time is to completely Reset the Modemst1 partition (that is, copy fsg to moemst1)
After each boot, the IoT device checks the read and write functions of the modemst1 partition. There are three possibilities at this time: one is empty, the other is normal, and the third is abnormal.
1) When the Modemst1 partition reads and writes abnormally, clear the Modemst1 partition;
2) When the Modemst1 partition is empty, copy the FSG partition to the Modemst1 partition for recovery;
3) When the Modemst1 partition is read and written normally, complete the subsequent normal boot process.
fastboot flash fsg fsg.mbn
fastboot erase modemst1
fastboot erase modemst2
Production of Qualcomm Platform EFS
The machine used to make EFS is called A, and the machine used to verify EFS is called B.
1. Add the following three lines to modem_proc/core/storage/efs/inc/fs_config_i.h:
#ifndef FEATURE_EFS_ENABLE_FACTORY_IMAGE_SECURITY_HOLE
#define FEATURE_EFS_ENABLE_FACTORY_IMAGE_SECURITY_HOLE
#endif
2. For devices that do not enable secure boot, add the following in modem_proc/core/storage/fs _tar/ Add a line to src/fs_tar.c:
#define FEATURE_FS_TAR_ALLOW_DUMMY_KEY
enables the secure boot device, and there is no need to define the above macro.
3. Clear the modem and recompile. After compilation, enter the common/build directory to execute the script python update_common_info.py, and burn the newly generated common/build/bin/asic/NON-HLOS.bin file into the modem partition of the phone through fastboot.
4. Restart the phone, open the QPST Software Download software, switch to the Restore page, connect the phone via USB, and burn the QCN file (the QCN file is configured with several NV items) into the phone, and the phone will automatically restart.
5. After the restart is ready, connect the USB cable to the mobile phone, make sure the QPST Software Download software is open, put the modem_proc/core/storage/tools/efsreadimage.pl file in the C:\Users\yuntaohe\Desktop\EFS directory, and open it on Windows cmd window, enter the C:\Users\yuntaohe\Desktop\EFS directory, execute perl efsreadimage.pl -z, a new file fs_image.tar.gz will be generated in the current directory.
6. Upload fs_image.tar.gz to the modem_proc/core/storage/tools/qdst/ directory of ubuntu, and execute python QDSTMBN.py fs_image.tar.gz in this directory to generate fs_image.tar.gz.mbn
7. Copy fs_image.tar.gz.mbn and modem_proc/build/ms/bin/8909.gen.prod/efs_image_meta.bin to the modem_proc/core/bsp/efs_image_header/tools directory, and execute python efs_image_create.py efs_image_meta in this directory .bin fs_image.tar.gz.mbn, generate fs_image.tar.gz.mbn.img.
At this point, EFS production is completed. The verification process of EFS is as follows:
1. For devices that do not have secure boot enabled, add a line in modem_proc/core/storage/fs_tar/src/fs_tar.c:
#define FEATURE_FS_TAR_ALLOW_DUMMY_KEY
with secure boot enabled device, there is no need to define the above macro.
2. Clear the modem and recompile. After compilation, enter the common/build directory and execute the script python update_common_info.py to regenerate the common/build/bin/asic/NON-HLOS.bin file.
3. Generate a binary file with all 0s: execute dd if=/dev/zero of=zero.bin under Linux bs=<modem_st1 size> count=1, for modem_st1 size, please refer to the rawprogram0_unspare.xml file: <program SECTOR_SIZE_IN_BYTES=”512
″ file_sector_offset=”0″ filename=”zero.bin” label=”modemst1″ num_partition_sectors=”3072″ physical_partition_number=”0″ size_in_KB=”1536.0″ sparse=”false” start_byte_hex=”0x8680000″ start_sector=”275456″ />
this In the example, modem_st1 size = 1536 * 1024 = 1572864.
4. Put the NON-HLOS.bin generated in step 2, the zero.bin generated in step 3, and the fs_image.tar.gz.mbn.img generated by EFS into the flash package.
5. Modify the rawprogram0_unspare.xml file in the flash package:
-<program SECTOR_SIZE_IN_BYTES=”512″ file_sector_offset=”0″ filename=”” label=”modemst1″ num_partition_sectors=”3072″ physical_partition_number=”0″ size_in_KB=”1536.0″ sparse =”false” start_byte_hex=”0x8680000″ start_sector=”275456″ />
-<program SECTOR_SIZE_IN_BYTES=”512″ file_sector_offset=”0″ filename=”” label=”modemst2″ num_partition_sectors=”3072″ physical_partition_number=”0″ size_in_KB= ”1536.0″ sparse=”false” start_byte_hex=”0x8800000″ start_sector=”278528″ />
-<program SECTOR_SIZE_IN_BYTES=”512″ file_sector_offset=”0″ filename=”” label=”fsg” num_partition_sectors=”3072″ physical_partition_number=”0″ size_in_KB=”1536.0″ sparse=”false” start_byte_hex=”0xc008000″ start_sector=” 393280″ />
+<program SECTOR_SIZE_IN_BYTES=”512″ file_sector_offset=”0″ filename=”zero.bin” label=”modemst1″ num_partition_sectors=”3072″ physical_partition_number=”0″ size_in_KB=”1536.0″ sparse=”false” start_byte_hex =”0x8680000″ start_sector=”275456″ />
+<program SECTOR_SIZE_IN_BYTES=”512″ file_sector_offset=”0″ filename=”zero.bin” label=”modemst2″ num_partition_sectors=”3072″ physical_partition_number=”0″ size_in_KB=”1536.0 ″ sparse=”false” start_byte_hex=”0x8800000″ start_sector=”278528″ />
+<program SECTOR_SIZE_IN_BYTES=”512″ file_sector_offset=”0″ filename=”fs_image.tar.gz.mbn.img” label=”fsg” num_partition_sectors =”3072″ physical_partition_number=”0″ size_in_KB=”1536.0″ sparse=”false” start_byte_hex=”0xc008000″ start_sector=”393280″ /> 6. After flashing the machine with QFIL, connect the USB to the PC and use QXDM to check whether some NVs are
effective .
Note: If secure boot is enabled on machine B, the generated EFS file fs_image.tar.gz.mbn.img needs to be signed and put into the flash package.