there is no way to backup bootoader from there, he ask for a mtd device that not represent bootloader.
anyway today bricked my f3, trying to burn a default zyxel f3 bootloader.
i discovered jtag pinout, but i can't read nothing about device in jtag chain.
only option left for me is to desolder nor flash and program externaly.
I'm new to this discussion, so shoot me if I'm off on what you're trying to achieve, but...
Can't you easily dump the bootloaders from U-boot?
First note, I don't have a "telenor" P-2812, so you probably need to adapt offsets to your box.
0. connect to serial port. My P-2812 runs at 115200;N;8;1
1. Boot device and quickly hit 'z' --> ZLO --> 'zlgu' to get to u-boot prompt.
2. VR9 # printenv
bootcmd=nand read 0x86a80000 0x0001C000 10000; go 0x86a80000
So, it reads sector from NAND into 0x86a80000 and runs it --> This example is "z-load".
So to dump z-load:
3. VR9 # nand read 0x86a80000 0x1c000 10000 (think I saw you post that the "telenor" z-load probably is at 0xb003b800)
4. md 0x86a80000 10000 (dumps everything to screen)
5. log this to file, write 10 lines of python to convert "text dump" to z-load.bin and there's the first bootloader (MIPS u-boot standalone application)
To dump Zboot (next loader in chain):
1. VR9 # nand read 0x86a90000 0x20000 20000 (these offsets are easily guessed from dump of z-load.bin. Just look in the binary)
2. md 0x86a90000 20000
3. reuse python converter script to get zboot.bin
These two puppies can easily be reversed and you'll find what''s needed to be able to flash (magics, etc.)
Now to my question. Where did you find the JTAG pin out?
Can you please post a picture?
JTAG is so much more interesting than the serial port