R12 — ABL Crash → No 9008 Without Battery Drain
| Field | Value |
|---|---|
| Severity | 🔴 Critical |
| Incident | ABL v2.0 — raw MmioRead32(0x03069004) on unmapped TLMM page → data abort |
When ABL crashes before USB is initialized, no software EDL trigger is available. Device appears dead: red LED on, no USB enumeration, no 9008. Only recovery path: drain battery completely (~13 h from 45%) → cold PBL boot with hardware EDL cable.
Rules
- Never use raw
MmioRead32/MmioWrite32in ABL without GCD memory mapping viagDS->GetMemorySpaceDescriptor+AddMemorySpace+SetMemorySpaceAttributes(EFI_MEMORY_UC) - Even with GCD mapping, TLMM flat address range (0x03000000–0x0306FFFF) is XPU-blocked from ABL — causes indefinite bus stall. Use south tile address (0x03100000+) instead
- Before flashing any new ABL, identify the last known-good binary. First 9008 session after a bad flash MUST restore last known-good, not the untested new version
- Always use
tools/abl-build— never build or sign manually. Script enforces qtestsign-v 5