Cannot read back gpt backup in MaskRom device mode

[levindu]

rkdeveloptool cannot read back the GPT backup partition info using the rl command. To show off this case, I've applied a little patch below:

diff --git a/main.cpp b/main.cpp
index a9a88bb2fe5a..229cbba122db 100644
--- a/main.cpp
+++ b/main.cpp
@@ -1039,6 +1039,23 @@ bool write_gpt(STRUCT_RKDEVICE_DESC &dev, char *szParameter)
                printf("\r\n");
                return bSuccess;
        }
+       BYTE check_gpt[33 * SECTOR_SIZE];
+       iRet = pComm->RKU_ReadLBA(total_size_sector - 33, 33, check_gpt);
+       if (iRet != ERR_SUCCESS) {
+               ERROR_COLOR_ATTR;
+               printf("Reading backup gpt failed!");
+               NORMAL_COLOR_ATTR;
+               printf("\r\n");
+               return bSuccess;
+       }
+       if (memcmp(backup_gpt, check_gpt, 33 * SECTOR_SIZE)) {
+               ERROR_COLOR_ATTR;
+               printf("Check backup gpt at %u failed!", total_size_sector - 33);
+               NORMAL_COLOR_ATTR;
+               printf("\r\n");
+               return bSuccess;
+       }
+

        bSuccess = true;
        CURSOR_MOVEUP_LINE(1);

Then turn the Firefly-RK3399 device into MaskRom mode, run the following commands:

$  ./rkdeveloptool db rk3399-miniloaderall.bin 
Downloading bootloader succeeded.

$  ./rkdeveloptool gpt parameter-ubuntu.txt 
Writing gpt...
Check backup gpt at 30535647 failed!

$  ./rkdeveloptool rl 30535647 33 >(hexdump -C)
Read LBA to file (100%)
00000000  cc cc cc cc cc cc cc cc  cc cc cc cc cc cc cc cc  |................|
*
00004200

$ ./rkdeveloptool rcb
Capability:07 00 00 00 00 00 00 00 
Direct LBA:     enabled
Vendor Storage: enabled
First 4m Access:        enabled

$ ./rkdeveloptool rfi
Flash Info:
        Manufacturer: SAMSUNG, value=00
        Flash Size: 14910 MB
        Block Size: 512 KB
        Page Size: 2 KB
        ECC Bits: 0
        Access Time: 40
        Flash CS: Flash<0> 

This does not happen in Loader mode. And I also meet the same situation with upgrade_tool.

A tip why this happens is greatly appreciated. I'm currently learning how to flash the firmware in MaskRom mode.

[levindu]

Or how can I switch to loader mode after db and ul to workaround this problem? Please comment, thanks!

@keveryang

[keveryang]

Below command can switch rockusb loader mode into maskrom mode: rkdeveloptool rd 3

[keveryang]

I think the loader you are using, has turn off the read back function to prevent the firmware leakage, all the read returns 'cc'. The gpt is actually write correctly into eMMC, what's your purpose to check it again?

[levindu]

Thanks for the tip. rkdeveloptool rd 3 is my favorite command to switch to MaskRom mode.

However, I wonder if there's a corresponding command of adb reboot bootload for rkdeveloptool to switch to Loader mode easily.

upgrade_tool do reading out to ensure the firmware is correctly written. I'm copying this behavior in rkdeveloptool.

[shineseth]

the reason that the data you read in maskrom is 0xcc .we switch read function off in maskrom to protect user data from stolen.thanks for your advice. we will support to switch adb into rockusb later.

[levindu]

Thanks for the quick reply. Shall I leave this issue open, or close it now?

[SciLor]

the reason that the data you read in maskrom is 0xcc .we switch read function off in maskrom to protect user data from stolen.thanks for your advice. we will support to switch adb into rockusb later.

Is there any documentation about that which rockchips support this and how it can be activated / deactivated, what the protection does etc. ?