Android Boot Loader

最新推荐文章于 2021-06-04 19:28:15 发布
最新推荐文章于 2021-06-04 19:28:15 发布
阅读量944 收藏 2
点赞数
分类专栏: Android

Android Boot loader 的 code 在 bootable/bootloader/lk 底下, LK 是 Little  Kernel 的缩写, 是 andriod bootloader 的核心精神.

入口函数在 kernel/main.c 中的 kmain(), 以下就来读读这一段 code.

  1. void kmain(void) 
  3.     // get us into some sort of thread context 
  4.     thread_init_early(); 
  5.     // early arch stuff 
  6.     arch_early_init(); 
  7.     // do any super early platform initialization 
  8.     platform_early_init(); 
  9.     // do any super early target initialization 
  10.     target_early_init(); 
  11.     dprintf(INFO, "welcome to lk/n/n"); 
  12.      
  13.     // deal with any static constructors 
  14.     dprintf(SPEW, "calling constructors/n"); 
  15.     call_constructors(); 
  16.     // bring up the kernel heap 
  17.     dprintf(SPEW, "initializing heap/n"); 
  18.     heap_init(); 
  19.     // initialize the threading system 
  20.     dprintf(SPEW, "initializing threads/n"); 
  21.     thread_init(); 
  22.     // initialize the dpc system 
  23.     dprintf(SPEW, "initializing dpc/n"); 
  24.     dpc_init(); 
  25.     // initialize kernel timers 
  26.     dprintf(SPEW, "initializing timers/n"); 
  27.     timer_init(); 
  28. #if (!ENABLE_NANDWRITE) 
  29.     // create a thread to complete system initialization 
  30.     dprintf(SPEW, "creating bootstrap completion thread/n"); 
  31.     thread_resume(thread_create("bootstrap2", &bootstrap2, NULL, DEFAULT_PRIORITY, DEFAULT_STACK_SIZE)); 
  32.     // enable interrupts 
  33.     exit_critical_section(); 
  34.     // become the idle thread 
  35.     thread_become_idle(); 
  36. #else 
  37.         bootstrap_nandwrite(); 
  38. #endif 

[c-sharp] view plain copy print ?
  1. void kmain(void) 
  3.     // get us into some sort of thread context 
  4.     thread_init_early(); 
  5.     // early arch stuff 
  6.     arch_early_init(); 
  7.     // do any super early platform initialization 
  8.     platform_early_init(); 
  9.     // do any super early target initialization 
  10.     target_early_init(); 
  11.     dprintf(INFO, "welcome to lk/n/n"); 
  12.      
  13.     // deal with any static constructors 
  14.     dprintf(SPEW, "calling constructors/n"); 
  15.     call_constructors(); 
  16.     // bring up the kernel heap 
  17.     dprintf(SPEW, "initializing heap/n"); 
  18.     heap_init(); 
  19.     // initialize the threading system 
  20.     dprintf(SPEW, "initializing threads/n"); 
  21.     thread_init(); 
  22.     // initialize the dpc system 
  23.     dprintf(SPEW, "initializing dpc/n"); 
  24.     dpc_init(); 
  25.     // initialize kernel timers 
  26.     dprintf(SPEW, "initializing timers/n"); 
  27.     timer_init(); 
  28. #if (!ENABLE_NANDWRITE) 
  29.     // create a thread to complete system initialization 
  30.     dprintf(SPEW, "creating bootstrap completion thread/n"); 
  31.     thread_resume(thread_create("bootstrap2", &bootstrap2, NULL,  
  32. DEFAULT_PRIORITY, DEFAULT_STACK_SIZE)); 
  33.     // enable interrupts 
  34.     exit_critical_section(); 
  35.     // become the idle thread 
  36.     thread_become_idle(); 
  37. #else 
  38.         bootstrap_nandwrite(); 
  39. #endif 

In include/debug.h: 我们可以看到 dprintf 的第一个参数是代表 debug level.

  1. /* debug levels */ 
  2. #define CRITICAL 0 
  3. #define ALWAYS 0 
  4. #define INFO 1 
  5. #define SPEW 2 

[c-sharp:nogutter] view plain copy print ?
  1. /* debug levels */ 
  2. #define CRITICAL 0 
  3. #define ALWAYS 0 
  4. #define INFO 1 
  5. #define SPEW 2 

In include/debug.h:

  1. #define dprintf(level, x...) do { if ((level) <= DEBUGLEVEL) { _dprintf(x); } } while (0) 

[c-sharp:nogutter] view plain copy print ?
  1. #define dprintf(level, x...) do { if ((level)  
  2. <= DEBUGLEVEL) { _dprintf(x); } } while (0) 

所以 dprintf 会依 DEBUGLEVEL 来判断是否输出信息.

来看第一个 call 的函数: thread_init_early, define in thread.c

  1. void thread_init_early(void) 
  3.         int i; 
  4.         /* initialize the run queues */ 
  5.         for (i=0; i < NUM_PRIORITIES; i++) 
  6.                 list_initialize(&run_queue[i]); 
  7.         /* initialize the thread list */ 
  8.         list_initialize(&thread_list); 
  9.         /* create a thread to cover the current running state */ 
  10.         thread_t *t = &bootstrap_thread; 
  11.         init_thread_struct(t, "bootstrap"); 
  12.         /* half construct this thread, since we're already running */ 
  13.         t->priority = HIGHEST_PRIORITY; 
  14.         t->state = THREAD_RUNNING; 
  15.         t->saved_critical_section_count = 1; 
  16.         list_add_head(&thread_list, &t->thread_list_node); 
  17.         current_thread = t; 

[c-sharp:nogutter] view plain copy print ?
  1. void thread_init_early(void) 
  3.         int i; 
  4.         /* initialize the run queues */ 
  5.         for (i=0; i < NUM_PRIORITIES; i++) 
  6.                 list_initialize(&run_queue[i]); 
  7.         /* initialize the thread list */ 
  8.         list_initialize(&thread_list); 
  9.         /* create a thread to cover the current running state */ 
  10.         thread_t *t = &bootstrap_thread; 
  11.         init_thread_struct(t, "bootstrap"); 
  12.         /* half construct this thread, since we're already running */ 
  13.         t->priority = HIGHEST_PRIORITY; 
  14.         t->state = THREAD_RUNNING; 
  15.         t->saved_critical_section_count = 1; 
  16.         list_add_head(&thread_list, &t->thread_list_node); 
  17.         current_thread = t; 

#define NUM_PRIORITIES 32 in include/kernel/thread.h

list_initialize() defined in include/list.h: initialized a list

  1. static inline void list_initialize(struct list_node *list) 
  3.         list->prev = list->next = list; 

[c-sharp:nogutter] view plain copy print ?
  1. static  
  2. inline void list_initialize(struct list_node *list) 
  4.         list->prev = list->next = list; 

run_queue 是 static struct list_node run_queue[NUM_PRIORITIES]

thread_list 是 static struct list_node thread_list

再来要 call  的函数是: arch_early_init() defined in arch/arm/arch.c

  1. void arch_early_init(void) 
  3.     /* turn off the cache */ 
  4.     arch_disable_cache(UCACHE); 
  5.     /* set the vector base to our exception vectors so we dont need to double map at 0 */ 
  6. #if ARM_CPU_CORTEX_A8 
  7.     set_vector_base(MEMBASE); 
  8. #endif 
  9. #if ARM_WITH_MMU 
  10.     arm_mmu_init(); 
  11.     platform_init_mmu_mappings(); 
  12. #endif 
  13.     /* turn the cache back on */ 
  14.     arch_enable_cache(UCACHE); 
  15. #if ARM_WITH_NEON 
  16.     /* enable cp10 and cp11 */ 
  17.     uint32_t val; 
  18.     __asm__ volatile("mrc   p15, 0, %0, c1, c0, 2" : "=r" (val)); 
  19.     val |= (3<<22)|(3<<20); 
  20.     __asm__ volatile("mcr   p15, 0, %0, c1, c0, 2" :: "r" (val)); 
  21.     /* set enable bit in fpexc */ 
  22.     val = (1<<30); 
  23.     __asm__ volatile("mcr  p10, 7, %0, c8, c0, 0" :: "r" (val)); 
  24. #endif 

[c-sharp:nogutter] view plain copy print ?
  1. void  
  2. arch_early_init(void) 
  4.     /* turn off the cache */ 
  5.     arch_disable_cache(UCACHE); 
  6.     /* set the vector base to our exception vectors so we dont need to 
  7. double map at 0 */ 
  8. #if ARM_CPU_CORTEX_A8 
  9.     set_vector_base(MEMBASE); 
  10. #endif 
  11. #if ARM_WITH_MMU 
  12.     arm_mmu_init(); 
  13.     platform_init_mmu_mappings(); 
  14. #endif 
  15.     /* turn the cache back on */ 
  16.     arch_enable_cache(UCACHE); 
  17. #if ARM_WITH_NEON 
  18.     /* enable cp10 and cp11 */ 
  19.     uint32_t val; 
  20.     __asm__ volatile("mrc   p15, 0, %0, c1, c0, 2" : "=r" (val)); 
  21.     val |= (3<<22)|(3<<20); 
  22.     __asm__ volatile("mcr   p15, 0, %0, c1, c0, 2" :: "r" (val)); 
  23.     /* set enable bit in fpexc */ 
  24.     val = (1<<30); 
  25.     __asm__ volatile("mcr  p10, 7, %0, c8, c0, 0" :: "r" (val)); 
  26. #endif 

现代操作系统普遍采用虚拟内存管理(Virtual Memory Management)机制,这需要处理器中的MMU(Memory Management Unit,

内存管理单元)提供支持。

CPU执行单元发出的内存地址将被MMU截获,从CPU到MMU的地址称为虚拟地址(Virtual Address,以下简称VA),而MMU将这个地

址翻译成另一个地址发到CPU芯片的外部地址引脚上,也就是将VA映射成PA

MMU将VA映射到PA是以页(Page)为单位的,32位处 理器的页尺寸通常是4KB。例如,MMU可以通过一个映射项将VA的一页

0xb7001000~0xb7001fff映射到PA的一页0x2000~0x2fff,如果CPU执行单元要访问虚拟地址0xb7001008,则实际访问到的物理地

址是0x2008。物理内存中的页称为物理页面或者页帧(Page Frame)。虚拟内存的哪个页面映射到物理内存的哪个页帧是通过页

表(Page Table)来描述的,页表保存在物理内存 中,MMU会查找页表来确定一个VA应该映射到什么PA。

操作系统和MMU是这样配合的:

1. 操作系统在初始化或分配、释放内存时会执行一些指令在物理内存中填写页表,然后用指令设置MMU,告诉MMU页表在物理内存中

   的什么位置。

2. 设置好之后,CPU每次执行访问内存的指令都会自动引发MMU做查表和地址转换操作,地址转换操作由硬件自动完成,不需要用指令

    控制MMU去做。

MMU除了做地址转换之外,还提供内存保护机制。各种体系结构都有用户模式(User Mode)和特权模式(Privileged Mode)之分,

操作系统可以在页表中设置每个内存页面的访问权限,有些页面不允许访问,有些页面只有在CPU处于特权模式时才允许访问,有些页面

在用户模式和特权模式都可以访问,访问权限又分为可读、可写和可执行三种。这样设定好之后,当CPU要访问一个VA时,MMU会检查

CPU当前处于用户模式还是特权模式,访问内存的目的是读数据、写数据还是取指令,如果和操作系统设定的页面权限相符,就允许访

问,把它转换成PA,否则不允许访问,产生一个异常(Exception)

常见的 segmentation fault 产生的原因:

用户程序要访问一段 VA, 经 MMU 检查后无权访问, MMU 会产生异常, CPU 从用户模式切换到特权模式, 跳转到内核代码中执行异常服务程序.

内核就会把这个异常解释为 segmentation fault, 将引发异常的程序终止.

简单的讲一下 NEON: NEON technology can accelerate multimedia and signal  processing algorithms such as video encode/decode,

2D/3D graphics, gaming, audio and speech processing, image  processing, telephony, and sound synthesis.

platform_early_init() defined in  platform/<your-platform>/platform.c

  1. void platform_early_init(void) 
  3.     uart_init(); 
  4.     platform_init_interrupts(); 
  5.     platform_init_timer(); 

[c-sharp:nogutter] view plain copy print ?
  1. void platform_early_init(void) 
  3.     uart_init(); 
  4.     platform_init_interrupts(); 
  5.     platform_init_timer(); 

uart_init.c defined in platform/<your-platform>/uart.c 所有用到的变数,也都定义在 uart.c

  1. void uart_init(void) 
  3.     uwr(0x0A, UART_CR);  /* disable TX and RX */ 
  4.      
  5.     uwr(0x30, UART_CR);  /* reset error status */ 
  6.     uwr(0x10, UART_CR);  /* reset receiver */ 
  7.     uwr(0x20, UART_CR);  /* reset transmitter */ 
  8.     
  9. #if PLATFORM_QSD8K 
  10.     /* TCXO */ 
  11.     uwr(0x06, UART_MREG); 
  12.     uwr(0xF1, UART_NREG); 
  13.     uwr(0x0F, UART_DREG); 
  14.     uwr(0x1A, UART_MNDREG); 
  15. #else 
  16.     /* TCXO/4 */ 
  17.     uwr(0xC0, UART_MREG); 
  18.     uwr(0xAF, UART_NREG); 
  19.     uwr(0x80, UART_DREG); 
  20.     uwr(0x19, UART_MNDREG);     
  21. #endif 
  22.      
  23.     uwr(0x10, UART_CR);  /* reset RX */ 
  24.     uwr(0x20, UART_CR);  /* reset TX */ 
  25.     uwr(0x30, UART_CR);  /* reset error status */ 
  26.     uwr(0x40, UART_CR);  /* reset RX break */ 
  27.     uwr(0x70, UART_CR);  /* rest? */ 
  28.     uwr(0xD0, UART_CR);  /* reset */ 
  29.      
  30.     uwr(0x7BF, UART_IPR); /* stale timeout = 630 * bitrate */ 
  31.     uwr(0, UART_IMR); 
  32.     uwr(115, UART_RFWR); /* RX watermark = 58 * 2 - 1 */ 
  33.     uwr(10, UART_TFWR);  /* TX watermark */ 
  34.      
  35.     uwr(0, UART_RFWR);  
  36.      
  37.     uwr(UART_CSR_115200, UART_CSR); 
  38.     uwr(0, UART_IRDA); 
  39.     uwr(0x1E, UART_HCR); 
  40. //  uwr(0x7F4, UART_MR1); /* RFS/ CTS/ 500chr RFR */ 
  41.     uwr(16, UART_MR1); 
  42.     uwr(0x34, UART_MR2); /* 8N1 */ 
  43.      
  44.     uwr(0x05, UART_CR); /* enable TX & RX */ 
  45.     uart_ready = 1; 

[c-sharp:nogutter] view plain copy print ?
  1. void uart_init(void) 
  3.     uwr(0x0A, UART_CR);  /* disable TX and RX */ 
  4.      
  5.     uwr(0x30, UART_CR);  /* reset error status */ 
  6.     uwr(0x10, UART_CR);  /* reset receiver */ 
  7.     uwr(0x20, UART_CR);  /* reset transmitter */ 
  8.     
  9. #if PLATFORM_QSD8K 
  10.     /* TCXO */ 
  11.     uwr(0x06, UART_MREG); 
  12.     uwr(0xF1, UART_NREG); 
  13.     uwr(0x0F, UART_DREG); 
  14.     uwr(0x1A, UART_MNDREG); 
  15. #else 
  16.     /* TCXO/4 */ 
  17.     uwr(0xC0, UART_MREG); 
  18.     uwr(0xAF, UART_NREG); 
  19.     uwr(0x80, UART_DREG); 
  20.     uwr(0x19, UART_MNDREG);     
  21. #endif 
  22.      
  23.     uwr(0x10, UART_CR);  /* reset RX */ 
  24.     uwr(0x20, UART_CR);  /* reset TX */ 
  25.     uwr(0x30, UART_CR);  /* reset error status */ 
  26.     uwr(0x40, UART_CR);  /* reset RX break */ 
  27.     uwr(0x70, UART_CR);  /* rest? */ 
  28.     uwr(0xD0, UART_CR);  /* reset */ 
  29.      
  30.     uwr(0x7BF, UART_IPR); /* stale timeout = 630 * bitrate */ 
  31.     uwr(0, UART_IMR); 
  32.     uwr(115, UART_RFWR); /* RX watermark = 58 * 2 - 1 */ 
  33.     uwr(10, UART_TFWR);  /* TX watermark */ 
  34.      
  35.     uwr(0, UART_RFWR);  
  36.      
  37.     uwr(UART_CSR_115200, UART_CSR); 
  38.     uwr(0, UART_IRDA); 
  39.     uwr(0x1E, UART_HCR); 
  40. //  uwr(0x7F4, UART_MR1); /* RFS/ CTS/ 500chr RFR */ 
  41.     uwr(16, UART_MR1); 
  42.     uwr(0x34, UART_MR2); /* 8N1 */ 
  43.      
  44.     uwr(0x05, UART_CR); /* enable TX & RX */ 
  45.     uart_ready = 1; 

platform_init_interrupts: defined in platform/msm8x60/interrupts.c

  1. void platform_init_interrupts(void) 
  3.     platform_gic_dist_init(); 
  4.     platform_gic_cpu_init(); 

[c-sharp:nogutter] view plain copy print ?
  1. void platform_init_interrupts(void) 
  3.     platform_gic_dist_init(); 
  4.     platform_gic_cpu_init(); 

GIC 指的是 Generic Interrupt Controller. The gic-cpu and gic-dist are  two subcomponents of GIC.

Devices are wired to the git-dist which is in charge of distributing  interrupts to the gic-cpu (per cpu IRQ IF).

platform_init_timer(): defined in  platform/<your-platform>/timer.c

  1. void platform_init_timer(void) 
  3.     writel(0, DGT_ENABLE); 

[c-sharp:nogutter] view plain copy print ?
  1. void platform_init_timer(void) 
  3.     writel(0, DGT_ENABLE); 

DGT: Digital Game Timer: presents the countdowns of two players, it  is also called chess timer or chess clock.

target_early_init(): defined in target/init.c

  1. /*
  2. * default implementations of these routines, if the target code
  3. * chooses not to implement.
  4. */ 
  5. __WEAK void target_early_init(void) 
  8. __WEAK void target_init(void) 

[c-sharp:nogutter] view plain copy print ?
  1. /*
  2. * default implementations of these routines, if the target code
  3. * chooses not to implement.
  4. */ 
  5. __WEAK void target_early_init(void) 
  8. __WEAK void target_init(void) 

call_constructors() is defined in kernel/main.c:

  1. static void call_constructors(void) 
  3.     void **ctor; 
  4.     
  5.     ctor = &__ctor_list; 
  6.     while(ctor != &__ctor_end) { 
  7.         void (*func)(void); 
  8.         func = (void (*)())*ctor; 
  9.         func(); 
  10.         ctor++; 
  11.     } 

[c-sharp:nogutter] view plain copy print ?
  1. static void call_constructors(void) 
  3.     void **ctor; 
  4.     
  5.     ctor = &__ctor_list; 
  6.     while(ctor != &__ctor_end) { 
  7.         void (*func)(void); 
  8.         func = (void (*)())*ctor; 
  9.         func(); 
  10.         ctor++; 
  11.     } 

heap_init is defined in lib/heap/heap.c:

  1. void heap_init(void) 
  3.     LTRACE_ENTRY; 
  4.     // set the heap range 
  5.     theheap.base = (void *)HEAP_START; 
  6.     theheap.len = HEAP_LEN; 
  7.     LTRACEF("base %p size %zd bytes/n", theheap.base, theheap.len); 
  8.     // initialize the free list 
  9.     list_initialize(&theheap.free_list); 
  10.     // create an initial free chunk 
  11.     heap_insert_free_chunk(heap_create_free_chunk(theheap.base, theheap.len)); 
  12.     // dump heap info 
  13. //  heap_dump(); 
  14. //  dprintf(INFO, "running heap tests/n"); 
  15. //  heap_test(); 

[c-sharp:nogutter] view plain copy print ?
  1. void  
  2. heap_init(void) 
  4.     LTRACE_ENTRY; 
  5.     // set the heap range 
  6.     theheap.base = (void *)HEAP_START; 
  7.     theheap.len = HEAP_LEN; 
  8.     LTRACEF("base %p size %zd bytes/n", theheap.base, theheap.len); 
  9.     // initialize the free list 
  10.     list_initialize(&theheap.free_list); 
  11.     // create an initial free chunk 
  12.     heap_insert_free_chunk(heap_create_free_chunk(theheap.base,  
  13. theheap.len)); 
  14.     // dump heap info 
  15. //  heap_dump(); 
  16. //  dprintf(INFO, "running heap tests/n"); 
  17. //  heap_test(); 

thread_init is defined in kernel/thread.c but nothing coded, 先记下.

  1. void thread_init(void) 

[c-sharp:nogutter] view plain copy print ?
  1. void  
  2. thread_init(void) 

dpc_init() is defined in kernel/dpc.c:

  1. void dpc_init(void) 
  3.     event_init(&dpc_event, false, 0); 
  4.     thread_resume(thread_create("dpc", &dpc_thread_routine, NULL, DPC_PRIORITY, DEFAULT_STACK_SIZE)); 

[c-sharp:nogutter] view plain copy print ?
  1. void  
  2. dpc_init(void) 
  4.     event_init(&dpc_event, false, 0); 
  5.     thread_resume(thread_create("dpc", &dpc_thread_routine, NULL,  
  6. DPC_PRIORITY, DEFAULT_STACK_SIZE)); 

dpc 为 Delayed Procedure Call 延迟过程调用的缩写.

timer_init() is defined in kernel/timer.c:

  1. void timer_init(void) 
  3.     list_initialize(&timer_queue); 
  4.     /* register for a periodic timer tick */ 
  5.     platform_set_periodic_timer(timer_tick, NULL, 10); /* 10ms */ 

[c-sharp:nogutter] view plain copy print ?
  1. void  
  2. timer_init(void) 
  4.     list_initialize(&timer_queue); 
  5.     /* register for a periodic timer tick */ 
  6.     platform_set_periodic_timer(timer_tick, NULL, 10); /* 10ms */ 

执行 thread_resume 或是 bootstrap_nandwrite

  1. #if (!ENABLE_NANDWRITE) 
  2.     // create a thread to complete system initialization 
  3.     dprintf(SPEW, "creating bootstrap completion thread/n"); 
  4.     thread_resume(thread_create("bootstrap2", &bootstrap2, NULL, DEFAULT_PRIORITY, DEFAULT_STACK_SIZE)); 
  5.     // enable interrupts 
  6.     exit_critical_section(); 
  7.     // become the idle thread 
  8.     thread_become_idle(); 
  9. #else 
  10.         bootstrap_nandwrite(); 
  11. #endif 

[c-sharp:nogutter] view plain copy print ?
  1. #if (!ENABLE_NANDWRITE) 
  2.     // create a thread to complete system initialization 
  3.     dprintf(SPEW, "creating bootstrap completion thread/n"); 
  4.     thread_resume(thread_create("bootstrap2", &bootstrap2, NULL,  
  5. DEFAULT_PRIORITY, DEFAULT_STACK_SIZE)); 
  6.     // enable interrupts 
  7.     exit_critical_section(); 
  8.     // become the idle thread 
  9.     thread_become_idle(); 
  10. #else 
  11.         bootstrap_nandwrite(); 
  12. #endif 

In kermel/main.c:

  1. static int bootstrap2(void *arg) 
  3.     dprintf(SPEW, "top of bootstrap2()/n"); 
  4.     arch_init(); 
  5.     // initialize the rest of the platform 
  6.     dprintf(SPEW, "initializing platform/n"); 
  7.     platform_init(); 
  8.      
  9.     // initialize the target 
  10.     dprintf(SPEW, "initializing target/n"); 
  11.     target_init(); 
  12.     dprintf(SPEW, "calling apps_init()/n"); 
  13.     apps_init(); 
  14.     return 0; 
  16. #if (ENABLE_NANDWRITE) 
  17. void bootstrap_nandwrite(void) 
  19.     dprintf(SPEW, "top of bootstrap2()/n"); 
  20.     arch_init(); 
  21.     // initialize the rest of the platform 
  22.     dprintf(SPEW, "initializing platform/n"); 
  23.     platform_init(); 
  24.     // initialize the target 
  25.     dprintf(SPEW, "initializing target/n"); 
  26.     target_init(); 
  27.     dprintf(SPEW, "calling nandwrite_init()/n"); 
  28.     nandwrite_init(); 
  29.     return 0; 
  31. #endif 

[c-sharp:nogutter] view plain copy print ?
  1. static int bootstrap2(void *arg) 
  3.     dprintf(SPEW, "top of bootstrap2()/n"); 
  4.     arch_init(); 
  5.     // initialize the rest of the platform 
  6.     dprintf(SPEW, "initializing platform/n"); 
  7.     platform_init(); 
  8.      
  9.     // initialize the target 
  10.     dprintf(SPEW, "initializing target/n"); 
  11.     target_init(); 
  12.     dprintf(SPEW, "calling apps_init()/n"); 
  13.     apps_init(); 
  14.     return 0; 
  16. #if (ENABLE_NANDWRITE) 
  17. void bootstrap_nandwrite(void) 
  19.     dprintf(SPEW, "top of bootstrap2()/n"); 
  20.     arch_init(); 
  21.     // initialize the rest of the platform 
  22.     dprintf(SPEW, "initializing platform/n"); 
  23.     platform_init(); 
  24.     // initialize the target 
  25.     dprintf(SPEW, "initializing target/n"); 
  26.     target_init(); 
  27.     dprintf(SPEW, "calling nandwrite_init()/n"); 
  28.     nandwrite_init(); 
  29.     return 0; 
  31. #endif 

continue to see apps_init(): app/app.c:void apps_init(void)

  1. #include <app.h> 
  2. #include <kernel/thread.h> 
  3. extern const struct app_descriptor __apps_start; 
  4. extern const struct app_descriptor __apps_end; 
  5. static void start_app(const struct app_descriptor *app); 
  6. /* one time setup */ 
  7. void apps_init(void) 
  9.     const struct app_descriptor *app; 
  10.     /* call all the init routines */ 
  11.     for (app = &__apps_start; app != &__apps_end; app++) { 
  12.         if (app->init) 
  13.             app->init(app); 
  14.     } 
  15.     /* start any that want to start on boot */ 
  16.     for (app = &__apps_start; app != &__apps_end; app++) { 
  17.         if (app->entry && (app->flags & APP_FLAG_DONT_START_ON_BOOT) == 0) { 
  18.             start_app(app); 
  19.         } 
  20.     } 
  22. static int app_thread_entry(void *arg) 
  24.     const struct app_descriptor *app = (const struct app_descriptor *)arg; 
  25.     app->entry(app, NULL); 
  26.     return 0; 
  28. static void start_app(const struct app_descriptor *app) 
  30.     printf("starting app %s/n", app->name); 
  31.     thread_resume(thread_create(app->name, &app_thread_entry, (void *)app, DEFAULT_PRIORITY, DEFAULT_STACK_SIZE));    

[c-sharp] view plain copy print ?
  1. #include  
  2. <app.h> 
  3. #include <kernel/thread.h> 
  4. extern const struct app_descriptor __apps_start; 
  5. extern const struct app_descriptor __apps_end; 
  6. static void start_app(const struct app_descriptor *app); 
  7. /* one time setup */ 
  8. void apps_init(void) 
  10.     const struct app_descriptor *app; 
  11.     /* call all the init routines */ 
  12.     for (app = &__apps_start; app != &__apps_end; app++) { 
  13.         if (app->init) 
  14.             app->init(app); 
  15.     } 
  16.     /* start any that want to start on boot */ 
  17.     for (app = &__apps_start; app != &__apps_end; app++) { 
  18.         if (app->entry && (app->flags &  
  19. APP_FLAG_DONT_START_ON_BOOT) == 0) { 
  20.             start_app(app); 
  21.         } 
  22.     } 
  24. static int app_thread_entry(void *arg) 
  26.     const struct app_descriptor *app = (const struct app_descriptor *)arg; 
  27.     app->entry(app, NULL); 
  28.     return 0; 
  30. static void start_app(const struct app_descriptor *app) 
  32.     printf("starting app %s/n", app->name); 
  33.     thread_resume(thread_create(app->name, &app_thread_entry, (void  
  34. *)app, DEFAULT_PRIORITY, DEFAULT_STACK_SIZE));   

至于会有那些 app 被放入 boot thread section, 则定义在 include/app.h 中的 APP_START(appname)

  1. #define APP_START(appname) struct app_descriptor _app_##appname __SECTION(".apps") = { .name = #appname, 
  2. #define APP_END }; 

[c-sharp:nogutter] view plain copy print ?
  1. #define APP_START(appname) struct  
  2. app_descriptor _app_##appname __SECTION(".apps") = { .name = #appname, 
  3. #define APP_END }; 

在 app 中只要像 app/aboot/aboot.c 指定就会在 bootloader bootup 时放入 thread  section 中被执行.

  1. APP_START(aboot) 
  2.         .init = aboot_init, 
  3. APP_END 

[c-sharp:nogutter] view plain copy print ?
  1. APP_START(aboot) 
  2.         .init = aboot_init, 
  3. APP_END 

在我的 bootloader 中有 app/aboot/aboot.c, app/tests/tests.c,  app/shell/shell.c, 及 app/stringtests/string_tests.c 皆有此声明.

接下来关注: aboot.c 中的 aboot_init()

  1. void aboot_init(const struct app_descriptor *app) 
  3.     unsigned reboot_mode = 0; 
  4.     unsigned disp_init = 0; 
  5.     unsigned usb_init = 0; 
  6.     //test_ram(); 
  7.     /* Setup page size information for nand/emmc reads */ 
  8.     if (target_is_emmc_boot()) 
  9.     { 
  10.         page_size = 2048; 
  11.         page_mask = page_size - 1; 
  12.     } 
  13.     else 
  14.     { 
  15.         page_size = flash_page_size(); 
  16.         page_mask = page_size - 1; 
  17.     } 
  18.     /* Display splash screen if enabled */ 
  19.     #if DISPLAY_SPLASH_SCREEN 
  20.     display_init(); 
  21.     dprintf(INFO, "Diplay initialized/n"); 
  22.     disp_init = 1; 
  23.     diplay_image_on_screen(); 
  24.     #endif 
  25.     /* Check if we should do something other than booting up */ 
  26.     if (keys_get_state(KEY_HOME) != 0) 
  27.         boot_into_recovery = 1; 
  28.     if (keys_get_state(KEY_BACK) != 0) 
  29.         goto fastboot; 
  30.     if (keys_get_state(KEY_CLEAR) != 0) 
  31.         goto fastboot; 
  32.     #if NO_KEYPAD_DRIVER 
  33.     /* With no keypad implementation, check the status of USB connection. */ 
  34.     /* If USB is connected then go into fastboot mode. */ 
  35.     usb_init = 1; 
  36.     udc_init(&surf_udc_device); 
  37.     if (usb_cable_status()) 
  38.         goto fastboot; 
  39.     #endif 
  40.     init_vol_key(); 
  41.     if(voldown_press()) 
  42.         goto fastboot; 
  43.     reboot_mode = check_reboot_mode(); 
  44.     if (reboot_mode == RECOVERY_MODE) { 
  45.         boot_into_recovery = 1; 
  46.     } else if(reboot_mode == FASTBOOT_MODE) { 
  47.         goto fastboot; 
  48.     } 
  49.     if (target_is_emmc_boot()) 
  50.     { 
  51.         boot_linux_from_mmc(); 
  52.     } 
  53.     else 
  54.     { 
  55.         recovery_init(); 
  56.         boot_linux_from_flash(); 
  57.     } 
  58.     dprintf(CRITICAL, "ERROR: Could not do normal boot. Reverting " 
  59.         "to fastboot mode./n"); 
  60. fastboot: 
  61.     if(!usb_init) 
  62.         udc_init(&surf_udc_device); 
  63.     fastboot_register("boot", cmd_boot); 
  64.     if (target_is_emmc_boot()) 
  65.     { 
  66.         fastboot_register("flash:", cmd_flash_mmc); 
  67.         fastboot_register("erase:", cmd_erase_mmc); 
  68.     } 
  69.     else 
  70.     { 
  71.         fastboot_register("flash:", cmd_flash); 
  72.         fastboot_register("erase:", cmd_erase); 
  73.     } 
  74.     fastboot_register("continue", cmd_continue); 
  75.     fastboot_register("reboot", cmd_reboot); 
  76.     fastboot_register("reboot-bootloader", cmd_reboot_bootloader); 
  77.     fastboot_publish("product", TARGET(BOARD)); 
  78.     fastboot_publish("kernel", "lk"); 
  79.      
  80.     fastboot_init(target_get_scratch_address(), 120 * 1024 * 1024); 
  81.      
  82.     udc_start(); 
  83.     target_battery_charging_enable(1, 0); 

[c-sharp:nogutter] view plain copy print ?
  1. void  
  2. aboot_init(const struct app_descriptor *app) 
  4.     unsigned reboot_mode = 0; 
  5.     unsigned disp_init = 0; 
  6.     unsigned usb_init = 0; 
  7.     //test_ram(); 
  8.     /* Setup page size information for nand/emmc reads */ 
  9.     if (target_is_emmc_boot()) 
  10.     { 
  11.         page_size = 2048; 
  12.         page_mask = page_size - 1; 
  13.     } 
  14.     else 
  15.     { 
  16.         page_size = flash_page_size(); 
  17.         page_mask = page_size - 1; 
  18.     } 
  19.     /* Display splash screen if enabled */ 
  20.     #if DISPLAY_SPLASH_SCREEN 
  21.     display_init(); 
  22.     dprintf(INFO, "Diplay initialized/n"); 
  23.     disp_init = 1; 
  24.     diplay_image_on_screen(); 
  25.     #endif 
  26.     /* Check if we should do something other than booting up */ 
  27.     if (keys_get_state(KEY_HOME) != 0) 
  28.         boot_into_recovery = 1; 
  29.     if (keys_get_state(KEY_BACK) != 0) 
  30.         goto fastboot; 
  31.     if (keys_get_state(KEY_CLEAR) != 0) 
  32.         goto fastboot; 
  33.     #if NO_KEYPAD_DRIVER 
  34.     /* With no keypad implementation, check the status of USB connection. 
  35. */ 
  36.     /* If USB is connected then go into fastboot mode. */ 
  37.     usb_init = 1; 
  38.     udc_init(&surf_udc_device); 
  39.     if (usb_cable_status()) 
  40.         goto fastboot; 
  41.     #endif 
  42.     init_vol_key(); 
  43.     if(voldown_press()) 
  44.         goto fastboot; 
  45.     reboot_mode = check_reboot_mode(); 
  46.     if (reboot_mode == RECOVERY_MODE) { 
  47.         boot_into_recovery = 1; 
  48.     } else if(reboot_mode == FASTBOOT_MODE) { 
  49.         goto fastboot; 
  50.     } 
  51.     if (target_is_emmc_boot()) 
  52.     { 
  53.         boot_linux_from_mmc(); 
  54.     } 
  55.     else 
  56.     { 
  57.         recovery_init(); 
  58.         boot_linux_from_flash(); 
  59.     } 
  60.     dprintf(CRITICAL, "ERROR: Could not do normal boot. Reverting " 
  61.         "to fastboot mode./n"); 
  62. fastboot: 
  63.     if(!usb_init) 
  64.         udc_init(&surf_udc_device); 
  65.     fastboot_register("boot", cmd_boot); 
  66.     if (target_is_emmc_boot()) 
  67.     { 
  68.         fastboot_register("flash:", cmd_flash_mmc); 
  69.         fastboot_register("erase:", cmd_erase_mmc); 
  70.     } 
  71.     else 
  72.     { 
  73.         fastboot_register("flash:", cmd_flash); 
  74.         fastboot_register("erase:", cmd_erase); 
  75.     } 
  76.     fastboot_register("continue", cmd_continue); 
  77.     fastboot_register("reboot", cmd_reboot); 
  78.     fastboot_register("reboot-bootloader", cmd_reboot_bootloader); 
  79.     fastboot_publish("product", TARGET(BOARD)); 
  80.     fastboot_publish("kernel", "lk"); 
  81.      
  82.     fastboot_init(target_get_scratch_address(), 120 * 1024 * 1024); 
  83.      
  84.     udc_start(); 
  85.     target_battery_charging_enable(1, 0); 


target_is_emmc_boot() is defined in target/init.c: _EMMC_BOOT 是 compiler 时的 flags

  1. __WEAK int target_is_emmc_boot(void) 
  3. #if _EMMC_BOOT 
  4.     return 1; 
  5. #else 
  6.     return 0; 
  7. #endif 

[c-sharp:nogutter] view plain copy print ?
  1. __WEAK  
  2. int target_is_emmc_boot(void) 
  4. #if _EMMC_BOOT 
  5.     return 1; 
  6. #else 
  7.     return 0; 
  8. #endif 

check_reboot_mode is defined in target/<your-platform>/init.c:

  1. unsigned check_reboot_mode(void) 
  3.         unsigned restart_reason = 0; 
  4.         void *restart_reason_addr = 0x401FFFFC; 
  5.         /* Read reboot reason and scrub it */ 
  6.         restart_reason = readl(restart_reason_addr); 
  7.         writel(0x00, restart_reason_addr); 
  8.         return restart_reason; 

[c-sharp:nogutter] view plain copy print ?
  1. unsigned 
  2. check_reboot_mode(void) 
  4.         unsigned restart_reason = 0; 
  5.         void *restart_reason_addr = 0x401FFFFC; 
  6.         /* Read reboot reason and scrub it */ 
  7.         restart_reason = readl(restart_reason_addr); 
  8.         writel(0x00, restart_reason_addr); 
  9.         return restart_reason; 

reboot mode in bootloader:

  1. #define RECOVERY_MODE   0x77665502 
  2. #define FASTBOOT_MODE   0x77665500 

[c-sharp:nogutter] view plain copy print ?
  1. #define RECOVERY_MODE   0x77665502 
  2. #define FASTBOOT_MODE   0x77665500 

再来就会执行 boot_linux_from_mmc():

  1. int boot_linux_from_mmc(void) 
  3.     struct boot_img_hdr *hdr = (void*) buf; 
  4.     struct boot_img_hdr *uhdr; 
  5.     unsigned offset = 0; 
  6.     unsigned long long ptn = 0; 
  7.     unsigned n = 0; 
  8.     const char *cmdline; 
  9.     uhdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR; 
  10.     if (!memcmp(uhdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) { 
  11.         dprintf(INFO, "Unified boot method!/n"); 
  12.         hdr = uhdr; 
  13.         goto unified_boot; 
  14.     } 
  15.     if(!boot_into_recovery) 
  16.     { 
  17.         ptn = mmc_ptn_offset("boot"); 
  18.         if(ptn == 0) { 
  19.             dprintf(CRITICAL, "ERROR: No boot partition found/n"); 
  20.                     return -1; 
  21.         } 
  22.     } 
  23.     else 
  24.     { 
  25.         ptn = mmc_ptn_offset("recovery"); 
  26.         if(ptn == 0) { 
  27.             dprintf(CRITICAL, "ERROR: No recovery partition found/n"); 
  28.                     return -1; 
  29.         } 
  30.     } 
  31.     if (mmc_read(ptn + offset, (unsigned int *)buf, page_size)) { 
  32.         dprintf(CRITICAL, "ERROR: Cannot read boot image header/n"); 
  33.                 return -1; 
  34.     } 
  35.     if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) { 
  36.         dprintf(CRITICAL, "ERROR: Invaled boot image header/n"); 
  37.                 return -1; 
  38.     } 
  39.     if (hdr->page_size && (hdr->page_size != page_size)) { 
  40.         page_size = hdr->page_size; 
  41.         page_mask = page_size - 1; 
  42.     } 
  43.     offset += page_size; 
  44.     n = ROUND_TO_PAGE(hdr->kernel_size, page_mask); 
  45.     if (mmc_read(ptn + offset, (void *)hdr->kernel_addr, n)) { 
  46.         dprintf(CRITICAL, "ERROR: Cannot read kernel image/n"); 
  47.                 return -1; 
  48.     } 
  49.     offset += n; 
  50.     n = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask); 
  51.     if (mmc_read(ptn + offset, (void *)hdr->ramdisk_addr, n)) { 
  52.         dprintf(CRITICAL, "ERROR: Cannot read ramdisk image/n"); 
  53.                 return -1; 
  54.     } 
  55.     offset += n; 
  56. unified_boot: 
  57.     dprintf(INFO, "/nkernel  @ %x (%d bytes)/n", hdr->kernel_addr, 
  58.         hdr->kernel_size); 
  59.     dprintf(INFO, "ramdisk @ %x (%d bytes)/n", hdr->ramdisk_addr, 
  60.         hdr->ramdisk_size); 
  61.     if(hdr->cmdline[0]) { 
  62.         cmdline = (char*) hdr->cmdline; 
  63.     } else { 
  64.         cmdline = DEFAULT_CMDLINE; 
  65.     } 
  66.     dprintf(INFO, "cmdline = '%s'/n", cmdline); 
  67.     dprintf(INFO, "/nBooting Linux/n"); 
  68.     boot_linux((void *)hdr->kernel_addr, (void *)TAGS_ADDR, 
  69.            (const char *)cmdline, board_machtype(), 
  70.            (void *)hdr->ramdisk_addr, hdr->ramdisk_size); 
  71.     return 0; 

[c-sharp:nogutter] view plain copy print ?
  1. int  
  2. boot_linux_from_mmc(void) 
  4.     struct boot_img_hdr *hdr = (void*) buf; 
  5.     struct boot_img_hdr *uhdr; 
  6.     unsigned offset = 0; 
  7.     unsigned long long ptn = 0; 
  8.     unsigned n = 0; 
  9.     const char *cmdline; 
  10.     uhdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR; 
  11.     if (!memcmp(uhdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) { 
  12.         dprintf(INFO, "Unified boot method!/n"); 
  13.         hdr = uhdr; 
  14.         goto unified_boot; 
  15.     } 
  16.     if(!boot_into_recovery) 
  17.     { 
  18.         ptn = mmc_ptn_offset("boot"); 
  19.         if(ptn == 0) { 
  20.             dprintf(CRITICAL, "ERROR: No boot partition found/n"); 
  21.                     return -1; 
  22.         } 
  23.     } 
  24.     else 
  25.     { 
  26.         ptn = mmc_ptn_offset("recovery"); 
  27.         if(ptn == 0) { 
  28.             dprintf(CRITICAL, "ERROR: No recovery partition found/n"); 
  29.                     return -1; 
  30.         } 
  31.     } 
  32.     if (mmc_read(ptn + offset, (unsigned int *)buf, page_size)) { 
  33.         dprintf(CRITICAL, "ERROR: Cannot read boot image header/n"); 
  34.                 return -1; 
  35.     } 
  36.     if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) { 
  37.         dprintf(CRITICAL, "ERROR: Invaled boot image header/n"); 
  38.                 return -1; 
  39.     } 
  40.     if (hdr->page_size && (hdr->page_size != page_size)) { 
  41.         page_size = hdr->page_size; 
  42.         page_mask = page_size - 1; 
  43.     } 
  44.     offset += page_size; 
  45.     n = ROUND_TO_PAGE(hdr->kernel_size, page_mask); 
  46.     if (mmc_read(ptn + offset, (void *)hdr->kernel_addr, n)) { 
  47.         dprintf(CRITICAL, "ERROR: Cannot read kernel image/n"); 
  48.                 return -1; 
  49.     } 
  50.     offset += n; 
  51.     n = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask); 
  52.     if (mmc_read(ptn + offset, (void *)hdr->ramdisk_addr, n)) { 
  53.         dprintf(CRITICAL, "ERROR: Cannot read ramdisk image/n"); 
  54.                 return -1; 
  55.     } 
  56.     offset += n; 
  57. unified_boot: 
  58.     dprintf(INFO, "/nkernel  @ %x (%d bytes)/n", hdr->kernel_addr, 
  59.         hdr->kernel_size); 
  60.     dprintf(INFO, "ramdisk @ %x (%d bytes)/n", hdr->ramdisk_addr, 
  61.         hdr->ramdisk_size); 
  62.     if(hdr->cmdline[0]) { 
  63.         cmdline = (char*) hdr->cmdline; 
  64.     } else { 
  65.         cmdline = DEFAULT_CMDLINE; 
  66.     } 
  67.     dprintf(INFO, "cmdline = '%s'/n", cmdline); 
  68.     dprintf(INFO, "/nBooting Linux/n"); 
  69.     boot_linux((void *)hdr->kernel_addr, (void *)TAGS_ADDR, 
  70.            (const char *)cmdline, board_machtype(), 
  71.            (void *)hdr->ramdisk_addr, hdr->ramdisk_size); 
  72.     return 0; 

mmc_read() is defined in platform/<your-platform>/mmc.c:

  1. unsigned int mmc_read (unsigned long long data_addr, unsigned int* out, unsigned int data_len) 
  3.     int val = 0; 
  4.     val = mmc_boot_read_from_card( &mmc_host, &mmc_card, data_addr, data_len, out); 
  5.     return val; 

[c-sharp:nogutter] view plain copy print ?
  1. unsigned 
  2. int mmc_read (unsigned long long data_addr, unsigned int* out, unsigned 
  3. int data_len) 
  5.     int val = 0; 
  6.     val = mmc_boot_read_from_card( &mmc_host, &mmc_card,  
  7. data_addr, data_len, out); 
  8.     return val; 

boot_linux(): 启动 Linux, 看看函数定义

  1. void boot_linux(void *kernel, unsigned *tags,  
  2.         const char *cmdline, unsigned machtype, 
  3.         void *ramdisk, unsigned ramdisk_size) 
  5.     unsigned *ptr = tags; 
  6.     unsigned pcount = 0; 
  7.     void (*entry)(unsigned,unsigned,unsigned*) = kernel; 
  8.     struct ptable *ptable; 
  9.     int cmdline_len = 0; 
  10.     int have_cmdline = 0; 
  11.     int pause_at_bootup = 0; 
  12.     /* CORE */ 
  13.     *ptr++ = 2; 
  14.     *ptr++ = 0x54410001; 
  15.     if (ramdisk_size) { 
  16.         *ptr++ = 4; 
  17.         *ptr++ = 0x54420005; 
  18.         *ptr++ = (unsigned)ramdisk; 
  19.         *ptr++ = ramdisk_size; 
  20.     } 
  21.     ptr = target_atag_mem(ptr); 
  22.     if (!target_is_emmc_boot()) { 
  23.         /* Skip NAND partition ATAGS for eMMC boot */ 
  24.         if ((ptable = flash_get_ptable()) && (ptable->count != 0)) { 
  25.             int i; 
  26.             for(i=0; i < ptable->count; i++) { 
  27.                 struct ptentry *ptn; 
  28.                 ptn =  ptable_get(ptable, i); 
  29.                 if (ptn->type == TYPE_APPS_PARTITION) 
  30.                     pcount++; 
  31.             } 
  32.             *ptr++ = 2 + (pcount * (sizeof(struct atag_ptbl_entry) / 
  33.                                sizeof(unsigned))); 
  34.             *ptr++ = 0x4d534d70; 
  35.             for (i = 0; i < ptable->count; ++i) 
  36.                 ptentry_to_tag(&ptr, ptable_get(ptable, i)); 
  37.         } 
  38.     } 
  39.     if (cmdline && cmdline[0]) { 
  40.         cmdline_len = strlen(cmdline); 
  41.         have_cmdline = 1; 
  42.     } 
  43.     if (target_is_emmc_boot()) { 
  44.         cmdline_len += strlen(emmc_cmdline); 
  45.     } 
  46.     if (target_pause_for_battery_charge()) { 
  47.         pause_at_bootup = 1; 
  48.         cmdline_len += strlen(battchg_pause); 
  49.     } 
  50.     if (cmdline_len > 0) { 
  51.         const char *src; 
  52.         char *dst; 
  53.         unsigned n; 
  54.         /* include terminating 0 and round up to a word multiple */ 
  55.         n = (cmdline_len + 4) & (~3); 
  56.         *ptr++ = (n / 4) + 2; 
  57.         *ptr++ = 0x54410009; 
  58.         dst = (char *)ptr; 
  59.         if (have_cmdline) { 
  60.             src = cmdline; 
  61.             while ((*dst++ = *src++)); 
  62.         } 
  63.         if (target_is_emmc_boot()) { 
  64.             src = emmc_cmdline; 
  65.             if (have_cmdline) --dst; 
  66.             have_cmdline = 1; 
  67.             while ((*dst++ = *src++)); 
  68.         } 
  69.         if (pause_at_bootup) { 
  70.             src = battchg_pause; 
  71.             if (have_cmdline) --dst; 
  72.             while ((*dst++ = *src++)); 
  73.         } 
  74.         ptr += (n / 4); 
  75.     } 
  76.     /* END */ 
  77.     *ptr++ = 0; 
  78.     *ptr++ = 0; 
  79.     dprintf(INFO, "booting linux @ %p, ramdisk @ %p (%d)/n", 
  80.         kernel, ramdisk, ramdisk_size); 
  81.     if (cmdline) 
  82.         dprintf(INFO, "cmdline: %s/n", cmdline); 
  83.     enter_critical_section(); 
  84.     platform_uninit_timer(); 
  85.     arch_disable_cache(UCACHE); 
  86.     arch_disable_mmu(); 
  87. #if DISPLAY_SPLASH_SCREEN 
  88.     display_shutdown(); 
  89. #endif 
  90.     entry(0, machtype, tags); 

[c-sharp:nogutter] view plain copy print ?
  1. void  
  2. boot_linux(void *kernel, unsigned *tags,  
  3.         const char *cmdline, unsigned machtype, 
  4.         void *ramdisk, unsigned ramdisk_size) 
  6.     unsigned *ptr = tags; 
  7.     unsigned pcount = 0; 
  8.     void (*entry)(unsigned,unsigned,unsigned*) = kernel; 
  9.     struct ptable *ptable; 
  10.     int cmdline_len = 0; 
  11.     int have_cmdline = 0; 
  12.     int pause_at_bootup = 0; 
  13.     /* CORE */ 
  14.     *ptr++ = 2; 
  15.     *ptr++ = 0x54410001; 
  16.     if (ramdisk_size) { 
  17.         *ptr++ = 4; 
  18.         *ptr++ = 0x54420005; 
  19.         *ptr++ = (unsigned)ramdisk; 
  20.         *ptr++ = ramdisk_size; 
  21.     } 
  22.     ptr = target_atag_mem(ptr); 
  23.     if (!target_is_emmc_boot()) { 
  24.         /* Skip NAND partition ATAGS for eMMC boot */ 
  25.         if ((ptable = flash_get_ptable()) && (ptable->count != 0)) { 
  26.             int i; 
  27.             for(i=0; i < ptable->count; i++) { 
  28.                 struct ptentry *ptn; 
  29.                 ptn =  ptable_get(ptable, i); 
  30.                 if (ptn->type == TYPE_APPS_PARTITION) 
  31.                     pcount++; 
  32.             } 
  33.             *ptr++ = 2 + (pcount * (sizeof(struct atag_ptbl_entry) / 
  34.                                sizeof(unsigned))); 
  35.             *ptr++ = 0x4d534d70; 
  36.             for (i = 0; i < ptable->count; ++i) 
  37.                 ptentry_to_tag(&ptr, ptable_get(ptable, i)); 
  38.         } 
  39.     } 
  40.     if (cmdline && cmdline[0]) { 
  41.         cmdline_len = strlen(cmdline); 
  42.         have_cmdline = 1; 
  43.     } 
  44.     if (target_is_emmc_boot()) { 
  45.         cmdline_len += strlen(emmc_cmdline); 
  46.     } 
  47.     if (target_pause_for_battery_charge()) { 
  48.         pause_at_bootup = 1; 
  49.         cmdline_len += strlen(battchg_pause); 
  50.     } 
  51.     if (cmdline_len > 0) { 
  52.         const char *src; 
  53.         char *dst; 
  54.         unsigned n; 
  55.         /* include terminating 0 and round up to a word multiple */ 
  56.         n = (cmdline_len + 4) & (~3); 
  57.         *ptr++ = (n / 4) + 2; 
  58.         *ptr++ = 0x54410009; 
  59.         dst = (char *)ptr; 
  60.         if (have_cmdline) { 
  61.             src = cmdline; 
  62.             while ((*dst++ = *src++)); 
  63.         } 
  64.         if (target_is_emmc_boot()) { 
  65.             src = emmc_cmdline; 
  66.             if (have_cmdline) --dst; 
  67.             have_cmdline = 1; 
  68.             while ((*dst++ = *src++)); 
  69.         } 
  70.         if (pause_at_bootup) { 
  71.             src = battchg_pause; 
  72.             if (have_cmdline) --dst; 
  73.             while ((*dst++ = *src++)); 
  74.         } 
  75.         ptr += (n / 4); 
  76.     } 
  77.     /* END */ 
  78.     *ptr++ = 0; 
  79.     *ptr++ = 0; 
  80.     dprintf(INFO, "booting linux @ %p, ramdisk @ %p (%d)/n", 
  81.         kernel, ramdisk, ramdisk_size); 
  82.     if (cmdline) 
  83.         dprintf(INFO, "cmdline: %s/n", cmdline); 
  84.     enter_critical_section(); 
  85.     platform_uninit_timer(); 
  86.     arch_disable_cache(UCACHE); 
  87.     arch_disable_mmu(); 
  88. #if DISPLAY_SPLASH_SCREEN 
  89.     display_shutdown(); 
  90. #endif 
  91.     entry(0, machtype, tags); 

配合 boot.img 来看会比较好理解.

由此可知 boot_img_hdr 中 各成员值为:

TAGS_ADDR 如上 target/<your-platform>/rules.mk 所定义的 : 0x40200100, 所 以 boot_linux(), 就是传入TAGS_ADDR,

然后将资料写入 tag, tag 的结构如下所示.

然后进入到 kernel 的入口函数: entry(0, machtype, tags)

来源:http://blog.csdn.net/sunrock/article/details/6233940

beyondioi
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
堆Heap块Chunk
分不清东西南北的Laffey
11-29 4207
堆&amp;块0x01 基础知识——Chunk0x02 基础知识——Heap0x03 堆的基本操作0x04 堆相关的函数1&gt;malloc2&gt;free0x05 堆溢出0x06 堆溢出比较重要的几个步骤·寻找堆分配函数realloc malloc calloc·寻找危险函数·确定填充长度0x07 Fast bin0x08 Unsort bin注意点Fastbin attack--blin...
Android Kernel - Boot Loader
hankhanti的专栏
01-13 1万+
Analysis Android Boot Loader, MMU/NEON/GIC 机制, DGT, DPC.
LK源码解析 2 main.c
茫茫大士的专栏
07-13 474
FORM:https://blog.csdn.net/xichangbao/article/details/51484564 kmain()。 /* called from crt0.S */ void kmain(void) __NO_RETURN __EXTERNALLY_VISIBLE; void kmain(void) { // get us into some sort o...
堆溢出 对HeapFree函数的详细调试
Misaka10046的博客
09-23 1481
代码 #include <windows.h> int main() { HLOCAL h1,h2,h3,h4,h5,h6; HANDLE hp; hp = HeapCreate(0,0x1000,0x10000); _asm int 3 h1 = HeapAlloc(hp,HEAP_ZERO_MEMORY,3); h2 = HeapAlloc(hp,HEAP_ZERO_MEMORY,5); h3 = HeapAlloc(hp,HEAP_ZERO_MEMORY,6); h4
Pwn-Overflow Free Chunk(堆溢出)
CharlesGodX的博客
03-22 1162
0x00:前言 这次介绍一种和栈溢出类似名字的堆溢出攻击,首先借用应用CTF-Wiki上的例子理解一下堆溢出。 0x01:漏洞介绍 堆溢出是指程序向某个堆块写入的字节数超过了堆块本身可使用的字节数(之所以是可使用而不是用户申请的字节数,是因为堆管理器会对用户所申请的字节数进行调整,这也导致可利用的字节数都不小于用户申请的字节数),因而导致了数据溢出,并覆盖到物理相邻的高地址的下一个堆块,我们用两...
little kernel的memory管理
jason的笔记
08-26 1811
在lk通过我们一般通过malloc来申请内存 void *malloc(size_t size) { return heap_alloc(size, 0); } malloc 直接调用heap_alloc 来申请。 lk_main函数通过调用heap_init来初始由于malloc申请的heap void heap_init(void) { LTRACE_ENTRY;
嵌入式Boot_Loader ,技术内幕
05-19
- **Android Bootloader**:针对Android设备的Boot_Loader,包括Fastboot和Recovery模式,用于系统更新和故障恢复。 Boot_Loader的配置和定制是嵌入式系统开发的重要环节,开发者需要根据目标硬件和需求来裁剪和...
高通 boot解包工具
12-16
Android系统boot.img是一个包含内核、RAMDisk(initrd)以及第二阶段引导程序(Second Stage Boot Loader, SBL1)的文件。高通Boot解包工具主要处理这种文件,将其拆分为更便于操作的组件。 2. Bootimg结构 ...
u-boot:Android 模拟器的 U-Boot 端口
06-18
U-Boot,全称Universal Boot Loader,是一款开源的、广泛应用的嵌入式设备引导加载程序。在Android模拟器环境,U-Boot扮演着至关重要的角色,它为Android系统提供了一个可靠的启动流程,使得开发者可以在没有真实...
smart210单板u-boot
06-29
U-Boot,全称 Universal Boot Loader,是嵌入式系统的一个开源引导加载程序,其主要任务是在系统启动时加载操作系统内核,并提供基本的硬件初始化、网络通信、文件系统操作等功能。在Smart210单板上,U-Boot的作用...
Android.Image.Kitchen.v3.5-Win32.zip
06-27
built-in support has now expanded to Android Verified Boot (AVBv1)/ChromeOS/SignBlob signed boot.img files, Barnes & Noble Nook "Green Loader" signed boot.img files, Samsung/Spreadtrum DHTB header ...
Boot_Loader 详解,非常详细
01-11
Boot_Loader 详解,非常详细 Boot_Loader 详解,非常详细 Boot_Loader 详解,非常详细
堆漏洞挖掘的Chunk分类(allocated chunk、free chunk、top chunk、last remainder chunk)
董哥的黑板报
07-22 3667
此图是在上篇文章介绍arena时用到的,我们可以看到:堆块被分为不同的种类,下面我们将来介绍这些 chunk的分类 每一类就是一个malloc_chunk结构体,因为这些chunk同属于一个堆块,所以在一块连续的内存,只是通过区域特定位置的某些标识符加以区分 glibc给我们申请的堆块主要分为以下几类: allocated chunk free chunk top chunk ...
android bootload漏洞,Boot loader引导程序现新漏洞Boothole,数以亿计的系统都有风险...
weixin_39899691的博客
06-04 190
拼 命 加 载 ...相信很多人对于Boot loader引导程序都不会陌生,它是BIOS用来加载操作系统的重要部分。但是现在安全研究人员在Bootloader里发现了一个称为Boothole的重大漏洞(CVE-2020-10713),其严重性使得数以亿计的Windows及Linux系统变得更加容易被攻击。GRUB2(GRand Unified Bootloader version 2)是一个...
Android boot 流程
A991192001的专栏
06-24 3709
Question • What happened when I press power on button in my Android device ? • bootloader ? • Zygote ? • init.rc ? • System Server ? BootloaderBootLoader是在操作系统内核运行之前运行。 为最终调用操作系统内核准备好
Android平台boot流程
weixin_34819401的博客
02-08 1498
Android平台boot流程 Android的启动流程是自下而上的,大体上分为三个阶段:1. BootLoader引导;2. 启动Kernel;3. 启动Android Step 1. Boot Rom 当长按开机键的时候,引导芯片开始从固化在ROM的预设代码开始执行。然后加载引导程序到RAM。 Step 2. BootLoader CPU通电复位后,执行第一道指令,该指令所在的内存地址是固定的,这个固定地址所保存的程序往往被称为"引导程序(BootLoader)",因为其...
安卓bootloader:三分钟让你彻底理解uboot的启动与功能
热门推荐
不忘初心
05-24 3万+
1. Bootloader简介 系统上电后,需要一段程序来进行初始化:关闭看门狗,改变系统时钟,初始化存储控制器,将更多的代码复制到内存等。它就是bootloaderbootloader的实现非常依赖具体硬件,在嵌入式系统,硬件配置千差万别,即使是相同的CPU,它的外设(比如flash)也可能不同,所以不可能有一个bootloader支持所有的CPU,所...
android x-loader和u-boot的关系
houyizi337825770的专栏
09-14 6597
这是官方文档,大家可以参考,我写这些东西只是为了给自己做个笔记,也给用的着的朋友参考下;官方文档:http://omappedia.org/wiki/Bootloader_Project ---------------------------------------------------------- 2012/09/14/五 -------------------------------
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值