The TI-Nspire starts in 3 steps:

• Boot1
• Boot2
• OS

In this security model, each software component ensures the integrity of the next one.

Since last year, it became possible to reprogram the boot1 on prototypes TI-Nspire ClickPad from Q1 2007, permanently transforming these into production models accepting the latest OS released on TI website.
Indeed, these prototypes were using an external read-write Flash-NOR chip.

But this is not limited to prototypes!
We already knew that the TI-Nspire TouchPad had their Flash NOR chip moved into the ASIC chip. So so far, that chip is out of our reach.
We noticed in a previous news that TI-Nspire ClickPad Hardware Revision C and later had their Flash NOR chip incorporated into the ASIC chip too.

We do not know about hardware revisions B, but the very first production TI-Nspire released in 2007 and their hardware revision A have a motherboard similar to the prototypes with the same external Flash NOR chip!

The only problem is that their Flash NOR chip is physically set to read-only through a difference in the pinout:

But a tiny hardware modification was enough to make that chip rewriteable, as presented in a previous news for non-CAS TI-Nspire:

After a first successful test of a Boot1 reflashing in a previous news, I'm honored to present you today the lastest achievment of the TI community, Boot1 1.1.9999!


This is a patch for the Boot1 1.1.8916 coming with all production TI-Nspire ClickPad and TouchPad, which will allow you to install and run:

• production Boot2
• development Boot2
• modified Boot2
• production Diagnostics
• development diagnostis
• modified diagnostics

Meaning that is does accept modified images which don't pass the RSA signature check!  :crazy:

For example, here is a TI-Nspire with Boot1 1.1.9999, running on a 1.4.1571 Boot2 whose version string has been patched to 1.4.9999:



The possibilities are simply huge!

On the one hand, this is a feat far greater than in a nLaunch previous news.

Ndless was taking control of your TI-Nspire inside the OS 3.1.

nLaunch was allready one step above as it was taking control of your TI-Nspire inside the Boot2 1.4, meaning that you could do everything with the OS.

And now, we're taking full control of the hardware inside the Boot1 1.1.8916, meaning that we can do everything with the Boot2 and Diagnostics software, and by extension with the OS.


Everything is now possible, just be inspired and imagine:

• using development Diagnostics softares which much more interesting options ;D
  
• have our own diagnostics software or maintenance menu with much more options ;D
  
• using U-Boot to start Linux directly without having to go through the OS 3.1 and Ndless ;D
  
• having a boot menu to choose the OS to launch within a multi-boot ;D
  
• using a modified Boot2 that does not check the signatures of the OS to launch, the mode ID or CAS / non-CAS type
• programming and running all this in the Diags area which, unlike the Boot2 area, is not checked/reprogrammed after installing a new OS
  
• ...

As a bonus for you, here is the historical video of the live first flashing of Boot1 1.1.9999!



Source & downloads:
http://tiplanet.org/forum/viewtopic.php?t=11102&lang=en

What can I say but to agree with Art_of_camelot I keep thinking at each news 'ok, this is our last victory' but you guys keep going The possibility of cold launching linux and/or multiboot souds great!

You can already have linux bootloader as your OS with nLaunch .

If somebody else wants to flash it, does he/she still need to mod the hardware with that switch?

Yes, it's still needed.

Hi,

I've made a news with all available scans from the first TI-Nspire ClickPad ASIC (initial hardware + hardware revision A).
http://tiplanet.org/forum/viewtopic.php?t=10486

All scans (raw) come from microblog.routed.net:
http://microblog.routed.net/2008/08/15/ic-friday-tis-nspire/

But unfortunately, the site is not updated anymore. It could have been useful to get ClickPad revision C-J, TouchPad and CX ASIC scans and look for the internal NOR chip...