![]() |
xFSTK
0.0.0
Intel SoC Cross Platform Firmware & Software Tool Kit
|
\title This document describes the steps to perform a secure eMMC Dump.
Steps to read a token (unique ID) from the device and write it to an unsigned firmware DNX using the xFSTK downloader.
unsigned_fwdnx
Unsigned firmware dnx that to be added with token/expiration time
--register
Register.
Collect a 16 byte ASCII format token which can be used while stitching the SMIP for CLVP and 32 byte ASCII format token for MOFD
token offset
Hex offset in unsigned firmware dnx that to store retrieved token string and its minimum and maximum expiration time. Default value for CLVP is 0x108, for MOFD is 0x10C
expiration duration
Supported format shall be in string starts with a numeric number following by h/d/m/y (h for hour, d for day, m for month and y for year). For example, if one provide 17d, it means the token string will expire in 17 days. If the value of the duration is zero (i.e. 0h, 0d, 0m or 0y), it means the token will never expire.
\nfs \image html emmc_signing.png <ul> <li>STEP 2: Customer Signing Utility (refer to diagram above) <ol> <li>Add the VRL to the unsigned firmware DNX using the Customer Signing Utility. </ol><br> </ul><br><br><br><br><br> \nfs \image html emmc_cdph.png <ul> <li>STEP 3: xFSTK-Stitcher, Stitch CDPH (refer to diagram above)<br> <ol> <li>Stitch the CDPH to the firmware DNX using the xFSTK-Stitcher. <li>Ensure your config file has the following fields set:<br> <ol> <li><b>PlatformType</b> = MFDD0 <li><b>ImageType</b> = FWUSB <li><b>Dnx_Key</b> = ./keys/CRAK_1_public.key <li><b>DnxFile_Input</b> = ./FW_Components/dnx_file_input.bin <li><b>DnxFile_Output</b> = ./dnx_output_file.bin <li><b>DnxKey_Index</b> = 1 <br> Please note the following description of the fields in the example above:<br> <b>Dnx_Key</b> is the public key associated with the <b>DnxKey_Index</b> specified. The key index here is indicative of which of the key indices 0 through 4 is used to hash verify the image against. The public Key specified for generating CDPH in step 3 should match the public key specified while signing the DnX in step 2.<br> <b>DnxFile_Input</b> is the INPUT file that is a signed DnX file. In this example \"./FW_Components/dnx_file_input.bin\" is the input binary.<br> <b>DnxFile_Output</b> is the OUTPUT file that is DnX module with CDPH header. In this example \"./dnx_output_file.bin\" is the location of the output file along with the name of the output file.<br> <li>Supply the platform file and the config file with the CDPH option that is -C to the xfstk-stitcher as:<br> <b>xfstk-stitcher -k \<platform.xml\> -c \<config.txt\> -C</b><br> Note: The output DnX file as specified in the config now has a VRL header, a token and the CDPH header stitched to it. </ol> </ol> </ul> \nfs \image html emmc_dump.png <ul> <li>STEP 4: xFSTK-Downloader, eMMC Dump (refer to diagram above)<br> Download the signed DNX to the device and execute an eMMC Dump. Failure in verifying the unique ID will prevent an eMMC Dump for the user partition. <ol> <li>Disconnect the phone from the Host PC USB port, and power off the Phone. <li>Using the xFSTK Downloader CLI, run the command:<br> <b>xfstk-dldr-solo.exe --emmcdump --fwdnx \<signed_fwdnx.bin\> -f \<outfile\> -p \<partition\> -b \<blocksize\> -c \<blockcount\> -o \<offset\></b> <li>Immediately connect the phone to the Host PC USB port to download the dnx and perform an eMMC Dump. </ol> </ul><br>
–file <filename> –partition <partition number> –blocksize <block size> –blockcount <count> | Extract |
\title From the context of the emmcdump utility, the term \"partition\" is referring to physical partitions within the eMMC card as defined by eMMC JEDEC JESD84-A441 standard. This standard defines 4 physical partitions: 2 boot partitions, 1 user partition, and 1 eCSD registerbank. The utilization of these physical partitions is application specific.<br> The Intel Medfield Platform Architecture utilizes the physical eMMC partitions as follows: <table> <tr> <td><b>Partition Number </b></td> <td><b>Usage</b></td> <td><b>Details</b></td> </tr> <tr> <td>0</td> <td>User Partition</td> <td>Holds Intel Firmware defined \"OS Image Profile\", Firmware \"OS Images blobs\" and the Main OS (Android) defined OS Filesystem (ext2/3/vfat). See Medfield Firmware Architecture Specification (FAS) for more details on OSIP and OS Image blobs. See Android / Kernel references for Main OS Filesystem.</td> </tr> <tr> <td>1</td> <td>Boot Partition</td> <td>Both Boot partition 1 and 2 hold redundant copies of the Integrated Firmware Image (IFWI) image.</td> </tr> <tr> <td>2</td> <td>Boot Partition</td> <td>Both Boot partition 1 and 2 hold redundant copies of the Integrated Firmware Image (IFWI) image.</td> </tr> <tr> <td>3</td> <td>ESCD</td> <td>Specifiying this partition will retrieve the \"Extended CSD\" registers of the eMMC Controller. This is a 512 byte binary file that represents the register setting of the emmc controller\'s \"Extended CSD\" register set as defined by the by JEDEC eMMC standard (JEDEC JESD84-A441). Please refer the JEDEC JESD84-A441 for more details.</td> </tr> </table>