--- a/doc/Compal-unlock	Sat Jun 21 06:55:27 2014 +0000
+++ b/doc/Compal-unlock	Sat Jun 21 08:01:14 2014 +0000
@@ -142,6 +142,30 @@
 proceed directly to feeding loadagent to the Calypso boot ROM.  You should now
 be in full control of the phone via fc-loadtool.
 
+There is one additional quick worth mentioning.  It appears that Mot/Compal's
+main fw (at least TF's version 8.8.17, which is the version we break into with
+tfc139; other versions are anyone's guess) keeps resetting the RTC alarm
+registers in the Calypso DBB as it runs, always keeping the alarm time in the
+near future relative to the current time.  When one breaks into this firmware
+with tfc139 and takes over the control of the device with fc-loadtool, this
+alarm time will almost certainly be reached, and the RTC alarm will go off.
+This alarm has no effect on loadtool operation (i.e., it cannot reset the CPU
+or otherwise wrestle control away from loadtool, so it doesn't add any bricking
+risk), but it has one quite surprising effect upon exit, i.e., when you are
+done with your loadtool session and give it the exit command.
+
+Loadtool's configured default exit action for this target is to send a power-off
+command to the Iota ABB, leaving the device cleanly powered off.  However, if
+the RTC alarm has gone off previously during the session, the ABB will instantly
+power the phone back on, and put it through a new boot cycle.  The firmware
+(again, the only version this stuff can be tested on is the one that works with
+tfc139) handles this special form of boot rather oddly: it proceeds to the same
+end state it would have reached via a normal power button hold-down boot
+(powered on with the "Insert SIM" message on the LCD), but it reaches this state
+almost instantly, without going through the power-on LCD logo and buzz phase.
+Odd, but harmless.  This explanation has been included to save other hackers
+the hours of bewildered head-scratching I spent chasing this quick down.
+
 Dumping and reloading flash
 ===========================