Long time no progress?
I will write a detailed post later, but here's what I've been working on for the past week.
-Kindle Touch can be put into "iMX50 USB Recovery Mode" by holding the home button, holding the power button for 15 seconds (20 seconds to be safe), and releasing the power button but continue to hold the home button then release the home button. (But we already know this from the Wiki)
-Kindle 4 can be put into the same mod by holding the DOWN button on the keypad, holding the power button for 15 seconds (20 seconds to be safe), and releasing the power button but continue to hold the down button and then release the down button. (This is new info. I found it by accident when my fingers slipped).
-In this mode, one can easily upload unsigned u-boot (thanks amazon for the source!) which can load an unsigned kernel (usb download mode can download linux kernel to RAM, but you need a custom uboot to load it).
-When u-boot crashes, the CPU falls back into USB download mode. This is NOT the same mode! In this mode, you CANNOT load a custom uboot because the device has already be initialized. This means if you bricked your Kindle and you automatically fall into USB download mode (USB HID as some call it), you STILL have to perform the directions above to get into the "proper" usb download mode.
-To compile u-boot, extract the sources from amazon and do:
TYPE=prod make CROSS_COMPILE=path-to-cc/arm-linux-gnueabi-
TYPE=prod make CROSS_COMPILE=path-to-cc/arm-linux-gnueabi- u-boot.bin
(thanks nueva for the advice about TYPE=prod)
-The kindle contains two uboots, the main uboot is small enough to fit on the OCRAM (128KB embedded in the CPU), but it also loads another uboot "BIST" (built in self test) into the DRAM (1-2GB in the kindle) that can be loaded by typing "bist" into the uboot shell. The bist uboot has more features such as read/write mmc blocks, read/write memory, upload files via serial to memory, etc.
Now what does that mean?
Some potential applications (no code has been written yet):
-De-bricking utility. You will ALWAYS be able to debrick a kindle (without a serial cable) even if you wipe the MMC clean since the usb download mode resides in the bootrom burnt into the CPU.
-Permanent jailbreak utility. Amazon (afaik) cannot turn this mode off (this isn't a "discovery" or "mistake", they purposely left this mode in. perhaps they would release a recovery tool in the future?). Because we can "hook" on to the very beginning of the boot process, we can load a custom uboot to load a custom kernel that auto-roots.
-Android. We could always have booted android (if someone ports it), but now that we can freely modify the bootloader, we don't have to "work around" anything anymore. Plus it would no longer be risky to try to develop an android port since bricking is fixable.
(once again, these are potentials but no actual code has been written).
What does this mean for you?
Nothing. Right now. I'll be writing a nice and easy "one click" tool sometime in the near future. For now, just sit tight and wait. If you have a bricked kindle, just put it on the shelves for now. If you want to attempt a solution, join the development chat room and if I have time I may help you. (but it won't be easy and it'll take time from making the tool! you need to be technically knowledged)