From 8575bef264123943fa7d9446421ac1c5c7f32814 Mon Sep 17 00:00:00 2001 From: Lakr Date: Wed, 4 Mar 2026 22:26:06 +0800 Subject: [PATCH] Support ramdisk kernel split and snapshot Add ramdisk-specific kernel snapshot and build logic so the installer ramdisk can boot with a conservative kernel while the restore target keeps the fully JB-patched kernel. Changes: - research/patch_comparison_all_variants.md: document the Ramdisk Kernel Split and intent. - scripts/fw_patch_jb.py: snapshot the base/dev-patched kernel before applying JB extensions (new helper and constants). - scripts/ramdisk_build.py: build krnl.ramdisk.img4 from the snapshot and krnl.img4 from the restore kernel when a snapshot exists; factor kernel IMG4 creation into build_kernel_img4. - scripts/ramdisk_send.sh: prefer krnl.ramdisk.img4 when present, falling back to krnl.img4; fail early if no kernel image found. This improves /dev/disk1s1 remount reliability during CFW/install by keeping the restore kernel JB-patched but booting the installer ramdisk with a more conservative kernel variant. --- research/patch_comparison_all_variants.md | 11 +++++ scripts/fw_patch_jb.py | 15 +++++++ scripts/ramdisk_build.py | 53 +++++++++++++++++++---- scripts/ramdisk_send.sh | 12 ++++- 4 files changed, 81 insertions(+), 10 deletions(-) diff --git a/research/patch_comparison_all_variants.md b/research/patch_comparison_all_variants.md index 90a7a42..303fc1a 100644 --- a/research/patch_comparison_all_variants.md +++ b/research/patch_comparison_all_variants.md @@ -184,6 +184,17 @@ Regular and Dev share the same 25 base kernel patches. JB adds 34 additional pat - `jb/org.coolstar.sileo_2.5.1_iphoneos-arm64.deb` - `basebin/*.dylib` (BaseBin hooks for JB-3) +## Ramdisk Kernel Split (JB mode) + +- `scripts/fw_patch_jb.py` now snapshots the base/dev-patched kernel before JB kernel extensions: + - `iPhone*_Restore/kernelcache.research.vphone600.ramdisk` +- `scripts/ramdisk_build.py` uses that snapshot to build: + - `Ramdisk/krnl.ramdisk.img4` (base/dev kernel for SSH ramdisk boot + CFW install) + - `Ramdisk/krnl.img4` (post-JB kernel, unchanged restore target) +- `scripts/ramdisk_send.sh` now prefers `krnl.ramdisk.img4` when present, otherwise falls back to `krnl.img4`. +- Intent: keep restore kernel fully JB-patched while booting the installer ramdisk with a + more conservative kernel variant to improve `/dev/disk1s1` remount reliability. + ## Dynamic Implementation Log (JB Patchers) ### TXM (`txm_dev.py`) diff --git a/scripts/fw_patch_jb.py b/scripts/fw_patch_jb.py index 0730153..d66dda8 100644 --- a/scripts/fw_patch_jb.py +++ b/scripts/fw_patch_jb.py @@ -9,6 +9,7 @@ This script extends fw_patch_dev with additional JB-oriented patches. """ import os +import shutil import sys from fw_patch import ( @@ -25,6 +26,9 @@ from fw_patch_dev import patch_txm_dev from patchers.iboot_jb import IBootJBPatcher from patchers.kernel_jb import KernelJBPatcher +RAMDISK_KERNEL_SUFFIX = ".ramdisk" +KERNEL_SEARCH_PATTERNS = ["kernelcache.research.vphone600"] + def patch_ibss_jb(data): p = IBootJBPatcher(data, mode="ibss", label="Loaded iBSS") @@ -71,6 +75,15 @@ JB_COMPONENTS = [ ] +def snapshot_base_kernel_for_ramdisk(restore_dir): + """Save base/dev-patched kernel before JB extensions for ramdisk boot.""" + kernel_path = find_file(restore_dir, KERNEL_SEARCH_PATTERNS, "kernelcache") + ramdisk_kernel_path = f"{kernel_path}{RAMDISK_KERNEL_SUFFIX}" + shutil.copy2(kernel_path, ramdisk_kernel_path) + print(f"[*] Saved ramdisk kernel snapshot: {ramdisk_kernel_path}") + return ramdisk_kernel_path + + def main(): vm_dir = sys.argv[1] if len(sys.argv) > 1 else os.getcwd() vm_dir = os.path.abspath(vm_dir) @@ -93,6 +106,8 @@ def main(): path = find_file(search_base, patterns, name) patch_component(path, patch_fn, name, preserve_payp) + snapshot_base_kernel_for_ramdisk(restore_dir) + if JB_COMPONENTS: print(f"\n[*] Applying {len(JB_COMPONENTS)} JB extension patches ...") for name, in_restore, patterns, patch_fn, preserve_payp in JB_COMPONENTS: diff --git a/scripts/ramdisk_build.py b/scripts/ramdisk_build.py index e1b51f0..aedf49b 100755 --- a/scripts/ramdisk_build.py +++ b/scripts/ramdisk_build.py @@ -57,6 +57,8 @@ RAMDISK_BOOT_ARGS = b"serial=3 rd=md0 debug=0x2014e -v wdt=-1 %s" # IM4P fourccs for restore mode TXM_FOURCC = "trxm" KERNEL_FOURCC = "rkrn" +RAMDISK_KERNEL_SUFFIX = ".ramdisk" +RAMDISK_KERNEL_IMG4 = "krnl.ramdisk.img4" # Files to remove from ramdisk to save space RAMDISK_REMOVE = [ @@ -198,6 +200,18 @@ def create_im4p_uncompressed(raw_data, fourcc, description, output_path): f.write(new_im4p.output()) +def build_kernel_img4(kernel_src, output_dir, temp_dir, im4m_path, output_name, temp_tag): + """Build one signed kernel IMG4 from a kernelcache source file.""" + kc_raw = os.path.join(temp_dir, f"{temp_tag}.raw") + kc_im4p = os.path.join(temp_dir, f"{temp_tag}.im4p") + _, data, original_raw = extract_to_raw(kernel_src, kc_raw) + print(f" source: {kernel_src}") + print(f" format: IM4P, {len(data)} bytes") + _save_im4p_with_payp(kc_im4p, KERNEL_FOURCC, data, original_raw) + sign_img4(kc_im4p, os.path.join(output_dir, output_name), im4m_path) + print(f" [+] {output_name}") + + # ══════════════════════════════════════════════════════════════════ # iBEC boot-args patching # ══════════════════════════════════════════════════════════════════ @@ -573,15 +587,36 @@ def main(): ], "kernelcache", ) - kc_raw = os.path.join(temp_dir, "kcache.raw") - im4p_obj, data, original_raw = extract_to_raw(kc_src, kc_raw) - print(f" format: IM4P, {len(data)} bytes") - kc_im4p = os.path.join(temp_dir, "krnl.im4p") - _save_im4p_with_payp(kc_im4p, KERNEL_FOURCC, data, original_raw) - sign_img4( - kc_im4p, os.path.join(output_dir, "krnl.img4"), im4m_path - ) - print(f" [+] krnl.img4") + kc_ramdisk_src = f"{kc_src}{RAMDISK_KERNEL_SUFFIX}" + if os.path.isfile(kc_ramdisk_src): + print(f" found ramdisk kernel snapshot: {kc_ramdisk_src}") + print(f" building {RAMDISK_KERNEL_IMG4} from base/dev snapshot") + build_kernel_img4( + kc_ramdisk_src, + output_dir, + temp_dir, + im4m_path, + RAMDISK_KERNEL_IMG4, + "kcache_ramdisk", + ) + print(" building krnl.img4 from restore kernel (post-JB)") + build_kernel_img4( + kc_src, + output_dir, + temp_dir, + im4m_path, + "krnl.img4", + "kcache_jb", + ) + else: + build_kernel_img4( + kc_src, + output_dir, + temp_dir, + im4m_path, + "krnl.img4", + "kcache", + ) # ── 8. Ramdisk + Trustcache ────────────────────────────────── print(f"\n{'=' * 60}") diff --git a/scripts/ramdisk_send.sh b/scripts/ramdisk_send.sh index b17839e..83b1987 100755 --- a/scripts/ramdisk_send.sh +++ b/scripts/ramdisk_send.sh @@ -18,6 +18,16 @@ fi echo "[*] Sending ramdisk from $RAMDISK_DIR ..." +KERNEL_IMG="$RAMDISK_DIR/krnl.img4" +if [[ -f "$RAMDISK_DIR/krnl.ramdisk.img4" ]]; then + KERNEL_IMG="$RAMDISK_DIR/krnl.ramdisk.img4" + echo " [*] Using ramdisk kernel variant: $(basename "$KERNEL_IMG")" +fi +[[ -f "$KERNEL_IMG" ]] || { + echo "[-] Kernel image not found: $KERNEL_IMG" + exit 1 +} + # 1. Load iBSS + iBEC (DFU → recovery) echo " [1/8] Loading iBSS..." "$IRECOVERY" -f "$RAMDISK_DIR/iBSS.vresearch101.RELEASE.img4" @@ -61,7 +71,7 @@ echo " [8/8] Loading SEP..." # 8. Load kernel and boot echo " [*] Booting kernel..." -"$IRECOVERY" -f "$RAMDISK_DIR/krnl.img4" +"$IRECOVERY" -f "$KERNEL_IMG" "$IRECOVERY" -c bootx echo "[+] Boot sequence complete. Device should be booting into ramdisk."