转载请注明来源:cuixiaolei的技术博客
这里讲下android的分区。具体的使用在另一片文章中介绍,这里只是把它拿出来介绍。
android的存储分为两种
一种叫做RAM,如emmc标准的ddr3/4,容量比较小
一种叫做ROM,rom大小比较大,如8G/16G/32G/64G/128G。
我们给手机刷机,是把system.img/recovery.img/userdata.img等按照分区表烧写在对应地址的ROM上,这部分叫系统部分,如16G的手机,开机后只有11G,其中5G被这些分区占据了,用户能使用的存储大小为11G。
我们在bootloader阶段会从boot/recovery分区中读取kernel/ramdisk到ram上,然后引导kernel,加载虚拟文件系统ramdisk,启动init,然后读取rom中的文件系统的内容。
在boot.img/recovery.img的内容如下,bootloader会从boot header得到kernel/ramdisk/second/device的大小和要加载到ram上的地址,读取aboot/recovery分区的内容到ram上。
recovery.img/boot.img的构成是一样的,只是里面文件的大小和信息不同,文件名是一样的。
分析boot_img_hdr结构提
kernel_size kernel表示zImage的实际大小
kernel_addr kernel的zImage载入内存的物理地址,也是bootloader要跳转的地址
ramdisk_size ramdisk的实际大小
ramdisk_addr ramdisk加载到内存的实际物理地址,之后kernel会解压并把它挂载成根文件系统,我们的中枢神经-init.rc就隐藏于内
tags_addr tags_addr是传参数用的物理内存地址,它作用是把bootloader中的参数传递给kernel,参数放在这个地址上
page_size page_size是存储芯片(ram/emmc)的页大小,取决与存储芯片
cmdline command line它可以由bootloader向kernel传参的内容,存放在tag_addr地址 second 可选
** +-----------------+
** | boot header | 1 page
** +-----------------+
** | kernel | n pages
** +-----------------+
** | ramdisk | m pages
** +-----------------+
** | second stage | o pages
** +-----------------+
** | device tree | p pages
** +-----------------+
bootable/bootloader/lk/app/aboot/bootimg.h #ifndef _BOOT_IMAGE_H_ #define _BOOT_IMAGE_H_ typedef struct boot_img_hdr boot_img_hdr; #define BOOT_MAGIC "ANDROID!" #define BOOT_MAGIC_SIZE 8 #define BOOT_NAME_SIZE 16 #define BOOT_ARGS_SIZE 512 #define BOOT_IMG_MAX_PAGE_SIZE 4096 struct boot_img_hdr { unsigned char magic[BOOT_MAGIC_SIZE]; unsigned kernel_size; /* size in bytes */ unsigned kernel_addr; /* physical load addr */ unsigned ramdisk_size; /* size in bytes */ unsigned ramdisk_addr; /* physical load addr */ unsigned second_size; /* size in bytes */ unsigned second_addr; /* physical load addr */ unsigned tags_addr; /* physical addr for kernel tags */ unsigned page_size; /* flash page size we assume */ unsigned dt_size; /* device_tree in bytes */ unsigned unused; /* future expansion: should be 0 */ unsigned char name[BOOT_NAME_SIZE]; /* asciiz product name */ unsigned char cmdline[BOOT_ARGS_SIZE]; unsigned id[8]; /* timestamp / checksum / sha1 / etc */ }; /* ** +-----------------+ ** | boot header | 1 page ** +-----------------+ ** | kernel | n pages ** +-----------------+ ** | ramdisk | m pages ** +-----------------+ ** | second stage | o pages ** +-----------------+ ** | device tree | p pages ** +-----------------+ ** ** n = (kernel_size + page_size - 1) / page_size ** m = (ramdisk_size + page_size - 1) / page_size ** o = (second_size + page_size - 1) / page_size ** p = (dt_size + page_size - 1) / page_size ** 0. all entities are page_size aligned in flash ** 1. kernel and ramdisk are required (size != 0) ** 2. second is optional (second_size == 0 -> no second) ** 3. load each element (kernel, ramdisk, second) at ** the specified physical address (kernel_addr, etc) ** 4. prepare tags at tag_addr. kernel_args[] is ** appended to the kernel commandline in the tags. ** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr ** 6. if second_size != 0: jump to second_addr ** else: jump to kernel_addr */ boot_img_hdr *mkbootimg(void *kernel, unsigned kernel_size, void *ramdisk, unsigned ramdisk_size, void *second, unsigned second_size, unsigned page_size, unsigned *bootimg_size); void bootimg_set_cmdline(boot_img_hdr *hdr, const char *cmdline); #define KERNEL64_HDR_MAGIC 0x644D5241 /* ARM64 */ struct kernel64_hdr { uint32_t insn; uint32_t res1; uint64_t text_offset; uint64_t res2; uint64_t res3; uint64_t res4; uint64_t res5; uint64_t res6; uint32_t magic_64; uint32_t res7; }; #endif
MTK分区表存放位置:device/mediatek/build/build/tools/ptgen/xxx/xxx.xls ptgen.pl文件会把xls文件解析成xxxAndroid_scatter.txt放在out/target/product/xxx/中 mtk的flashtool工具会读取这个文件把相关的镜像烧写到rom中。 高通分区表存放位置:不同项目,位置不同,用find搜索partition.xml $find . -name "*partition*.xml",最后会生成rawprogram0.xml文件,高通的刷机工具会根据这个文件把相关的镜像烧写到rom中。 具体代码解析:
下面分析lk启动过程中另一个重要的函数boot_linux_from_mmc();它主要负责根据boot_into_xxx从对应的分区内读取相关信息并传给kernel,然后引导kernel。
程序走到这,说成没有进入fastboot模式,可能的情况有:正常启动,进入recovery,开机闹钟启动。
boot_linux_from_mmc()主要做下面的事情
1).程序会从boot分区或者recovery分区的header中读取地址等信息,然后把kernel、ramdisk加载到内存中。
2).程序会从misc分区中读取bootloader_message结构体,如果有boot-recovery,则进入recovery模式
3).更新cmdline,然后把cmdline写到tags_addr地址,把参数传给kernel,kernel起来以后会到这个地址读取参数。
int boot_linux_from_mmc(void) { struct boot_img_hdr *hdr = (void*) buf; //************buf和hdr指向相同的地址,可以理解为buf就是hdr struct boot_img_hdr *uhdr; unsigned offset = 0; int rcode; unsigned long long ptn = 0; int index = INVALID_PTN; unsigned char *image_addr = 0; unsigned kernel_actual; unsigned ramdisk_actual; unsigned imagesize_actual; unsigned second_actual = 0; unsigned int dtb_size = 0; unsigned int out_len = 0; unsigned int out_avai_len = 0; unsigned char *out_addr = NULL; uint32_t dtb_offset = 0; unsigned char *kernel_start_addr = NULL; unsigned int kernel_size = 0; int rc; #if DEVICE_TREE struct dt_table *table; struct dt_entry dt_entry; unsigned dt_table_offset; uint32_t dt_actual; uint32_t dt_hdr_size; unsigned char *best_match_dt_addr = NULL; #endif struct kernel64_hdr *kptr = NULL; if (check_format_bit()) //查找bootselect分区,查看分区表,没有此分区,所以返回值为false boot_into_recovery = 1; if (!boot_into_recovery) { //此时有两种可能,正常开机/进入ffbm工厂测试模式,进入工厂测试模式是正行启动,但是向kernel传参会多一个字符串"androidboot.mode='ffbm_mode_string'" memset(ffbm_mode_string, '\0', sizeof(ffbm_mode_string)); //ffbm_mode_string = "" rcode = get_ffbm(ffbm_mode_string, sizeof(ffbm_mode_string)); //从misc分区0地址中读取sizeof(ffbm_mode_string)的内容,如果内容是"ffbm-",返回1,否则返回0 if (rcode <= 0) { boot_into_ffbm = false; if (rcode < 0) dprintf(CRITICAL,"failed to get ffbm cookie"); } else boot_into_ffbm = true; } else //boot_into_recovery=true boot_into_ffbm = false; uhdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR; //uhdr指向boot分区header地址,header是什么东西,下面会详细介绍 if (!memcmp(uhdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) { //检查uhdr->magic 是否等于 "ANDROID!",不知到为什么要这么做,觉的没有什么作用 dprintf(INFO, "Unified boot method!\n"); hdr = uhdr; goto unified_boot; } if (!boot_into_recovery) { //如果不是recovery模式,可能是正常启动或者进入ffbm,再次生命ffbm和正常启动流程一样启动kernel,只是kernel起来以后,init.c文件会读取是否有"ffbm-" index = partition_get_index("boot"); //读取boot分区 ptn = partition_get_offset(index); //读取boot分区的偏移量 if(ptn == 0) { dprintf(CRITICAL, "ERROR: No boot partition found\n"); return -1; } } else { index = partition_get_index("recovery"); //进入recovery模式,读取recovery分区,并获得recovery分区的偏移量。recovery.img和boot.img的组成是一样的,下面有介绍 ptn = partition_get_offset(index); if(ptn == 0) { dprintf(CRITICAL, "ERROR: No recovery partition found\n"); return -1; } } /* Set Lun for boot & recovery partitions */ mmc_set_lun(partition_get_lun(index)); if (mmc_read(ptn + offset, (uint32_t *) buf, page_size)) { //从boot/recovery分区读取1字节的内容到buf(hdr)中,我们知道在boot/recovery中开始的1字节存放的是hdr的内容,下面有详细的介绍。 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n"); return -1; } if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) { //上面已经从boot/recovery分区读取了header到hdr,这里对比magic是否等于"ANDROID!",如果不是,则表明读取的header是错误的,也算是校验吧 dprintf(CRITICAL, "ERROR: Invalid boot image header\n"); return -1; } if (hdr->page_size && (hdr->page_size != page_size)) { //比较也的大小是否相同,应该都是相同的2048字节 if (hdr->page_size > BOOT_IMG_MAX_PAGE_SIZE) { dprintf(CRITICAL, "ERROR: Invalid page size\n"); return -1; } page_size = hdr->page_size; page_mask = page_size - 1; } /* ensure commandline is terminated */ hdr->cmdline[BOOT_ARGS_SIZE-1] = 0; kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask); //kernel所占的页的总大小 例如kernel大小0x01,kernel_actual = 2048 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask); //ramdisk所占的页的总大小 image_addr = (unsigned char *)target_get_scratch_address(); #if DEVICE_TREE dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask); //dt所占的页的大小 imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual); //image占的页的总大小 #else imagesize_actual = (page_size + kernel_actual + ramdisk_actual); #endif #if VERIFIED_BOOT boot_verifier_init(); //校验boot #endif if (check_aboot_addr_range_overlap((uint32_t) image_addr, imagesize_actual)) //校验image_addr是否被覆盖 { dprintf(CRITICAL, "Boot image buffer address overlaps with aboot addresses.\n"); return -1; } /* * Update loading flow of bootimage to support compressed/uncompressed * bootimage on both 64bit and 32bit platform. * 1. Load bootimage from emmc partition onto DDR. * 2. Check if bootimage is gzip format. If yes, decompress compressed kernel * 3. Check kernel header and update kernel load addr for 64bit and 32bit * platform accordingly. * 4. Sanity Check on kernel_addr and ramdisk_addr and copy data. */ dprintf(INFO, "Loading boot image (%d): start\n", imagesize_actual); bs_set_timestamp(BS_KERNEL_LOAD_START); /* Read image without signature */ if (mmc_read(ptn + offset, (void *)image_addr, imagesize_actual)) //读取boot/recovery分区到image_addr { dprintf(CRITICAL, "ERROR: Cannot read boot image\n"); return -1; } dprintf(INFO, "Loading boot image (%d): done\n", imagesize_actual); bs_set_timestamp(BS_KERNEL_LOAD_DONE); /* Authenticate Kernel */ dprintf(INFO, "use_signed_kernel=%d, is_unlocked=%d, is_tampered=%d.\n", (int) target_use_signed_kernel(), device.is_unlocked, device.is_tampered); if(target_use_signed_kernel() && (!device.is_unlocked)) //这里是false ,感兴趣可以追target_use_signed_kernel(),会发现这个函数返回的是0 { offset = imagesize_actual;uhdr->magic if (check_aboot_addr_range_overlap((uint32_t)image_addr + offset, page_size)) { dprintf(CRITICAL, "Signature read buffer address overlaps with aboot addresses.\n"); return -1; } /* Read signature */ if(mmc_read(ptn + offset, (voidffbm_mode_string *)(image_addr + offset), page_size)) { dprintf(CRITICAL, "ERROR: Cannot read boot image signature\n"); return -1; } verify_signed_bootimg((uint32_t)image_addr, imagesize_actual); } else { second_actual = ROUND_TO_PAGE(hdr->second_size, page_mask); #ifdef TZ_SAVE_KERNEL_HASH aboot_save_boot_hash_mmc((uint32_t) image_addr, imagesize_actual); #endif /* TZ_SAVE_KERNEL_HASH */ #if VERIFIED_BOOT if(boot_verify_get_state() == ORANGE) //校验boot { #if FBCON_DISPLAY_MSG display_bootverify_menu_thread(DISPLAY_MENU_ORANGE); wait_for_users_action(); #else dprintf(CRITICAL, "Your device has been unlocked and can't be trusted.\nWait for 5 seconds before proceeding\n"); mdelay(5000); #endif set_root_flag(ORANGE,1); } #endif #ifdef MDTP_SUPPORT { /* Verify MDTP lock. * For boot & recovery partitions, MDTP will use boot_verifier APIs, * since verification was skipped in aboot. The signature is not part of the loaded image. */ mdtp_ext_partition_verification_t ext_partition; ext_partition.partition = boot_into_recovery ? MDTP_PARTITION_RECOVERY : MDTP_PARTITION_BOOT; ext_partition.integrity_state = MDTP_PARTITION_STATE_UNSET; ext_partition.page_size = page_size; ext_partition.image_addr = (uint32)image_addr; ext_partition.image_size = imagesize_actual; ext_partition.sig_avail = FALSE; mdtp_fwlock_verify_lock(&ext_partition); } #endif /* MDTP_SUPPORT */ } #if VERIFIED_BOOT #if !VBOOT_MOTA // send root of trust if(!send_rot_command((uint32_t)device.is_unlocked)) ASSERT(0); #endif #endif /* * Check if the kernel image is a gzip package. If yes, need to decompress it. * If not, continue booting. */ //检测kernel image是否是gzip的包,如果是,解压,如果不是,继续boot。得到kernel的起始地址和大小 if (is_gzip_package((unsigned char *)(image_addr + page_size), hdr->kernel_size)) { out_addr = (unsigned char *)(image_addr + imagesize_actual + page_size); out_avai_len = target_get_max_flash_size() - imagesize_actual - page_size; dprintf(INFO, "decompressing kernel image: start\n"); rc = decompress((unsigned char *)(image_addr + page_size), hdr->kernel_size, out_addr, out_avai_len, &dtb_offset, &out_len); if (rc) { dprintf(CRITICAL, "decompressing kernel image failed!!!\n"); ASSERT(0); } dprintf(INFO, "decompressing kernel image: done\n"); kptr = (struct kernel64_hdr *)out_addr; kernel_start_addr = out_addr; kernel_size = out_len; } else { kptr = (struct kernel64_hdr *)(image_addr + page_size); kernel_start_addr = (unsigned char *)(image_addr + page_size); //kernel_start起始地址 kernel_size = hdr->kernel_size; //kernel大小 } /* * Update the kernel/ramdisk/tags address if the boot image header * has default values, these default values come from mkbootimg when * the boot image is flashed using fastboot flash:raw */ update_ker_tags_rdisk_addr(hdr, IS_ARM64(kptr)); //更新kernel/tags/ramdisk地址 /* Get virtual addresses since the hdr saves physical addresses. */ hdr->kernel_addr = VA((addr_t)(hdr->kernel_addr)); //保存虚拟地址(mmu) hdr->ramdisk_addr = VA((addr_t)(hdr->ramdisk_addr)); hdr->tags_addr = VA((addr_t)(hdr->tags_addr)); kernel_size = ROUND_TO_PAGE(kernel_size, page_mask); /* Check if the addresses in the header are valid. */ if (check_aboot_addr_range_overlap(hdr->kernel_addr, kernel_size) || //检测kernel/ramdisk/tags地址是否超出emmc地址 check_aboot_addr_range_overlap(hdr->ramdisk_addr, ramdisk_actual)) { dprintf(CRITICAL, "kernel/ramdisk addresses overlap with aboot addresses.\n"); return -1; } #ifndef DEVICE_TREE if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE)) { dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n"); return -1; } #endif /* Move kernel, ramdisk and device tree to correct address */ memmove((void*) hdr->kernel_addr, kernel_start_addr, kernel_size); //把kernel/ramdisk放在相应的地址上 memmove((void*) hdr->ramdisk_addr, (char *)(image_addr + page_size + kernel_actual), hdr->ramdisk_size); #if DEVICE_TREE //读取设备树信息,放在相应的地址上 if(hdr->dt_size) { dt_table_offset = ((uint32_t)image_addr + page_size + kernel_actual + ramdisk_actual + second_actual); table = (struct dt_table*) dt_table_offset; if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) { dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n"); return -1; } /* Find index of device tree within device tree table */ if(dev_tree_get_entry_info(table, &dt_entry) != 0){ dprintf(CRITICAL, "ERROR: Getting device tree address failed\n"); return -1; } if (is_gzip_package((unsigned char *)dt_table_offset + dt_entry.offset, dt_entry.size)) { unsigned int compressed_size = 0; out_addr += out_len; out_avai_len -= out_len; dprintf(INFO, "decompressing dtb: start\n"); rc = decompress((unsigned char *)dt_table_offset + dt_entry.offset, dt_entry.size, out_addr, out_avai_len, &compressed_size, &dtb_size); if (rc) { dprintf(CRITICAL, "decompressing dtb failed!!!\n"); ASSERT(0); } dprintf(INFO, "decompressing dtb: done\n"); best_match_dt_addr = out_addr; } else { best_match_dt_addr = (unsigned char *)dt_table_offset + dt_entry.offset; dtb_size = dt_entry.size; } /* Validate and Read device device tree in the tags_addr */ if (check_aboot_addr_range_overlap(hdr->tags_addr, dtb_size)) { dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n"); return -1; } memmove((void *)hdr->tags_addr, (char *)best_match_dt_addr, dtb_size); } else { /* Validate the tags_addr */ if (check_aboot_addr_range_overlap(hdr->tags_addr, kernel_actual)) { dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n"); return -1; } /* * If appended dev tree is found, update the atags with * memory address to the DTB appended location on RAM. * Else update with the atags address in the kernel header */ void *dtb; dtb = dev_tree_appended((void*)(image_addr + page_size), hdr->kernel_size, dtb_offset, (void *)hdr->tags_addr); if (!dtb) { dprintf(CRITICAL, "ERROR: Appended Device Tree Blob not found\n"); return -1; } } #endif if (boot_into_recovery && !device.is_unlocked && !device.is_tampered) target_load_ssd_keystore(); unified_boot: boot_linux((void *)hdr->kernel_addr, (void *)hdr->tags_addr, //进入boot_linux函数,此函数比较简单,更新cmdline。 (const char *)hdr->cmdline, board_machtype(), (void *)hdr->ramdisk_addr, hdr->ramdisk_size); return 0; }
总结:
void aboot_init(const struct app_descriptor *app)-----》调用boot_linux_from_mmc();
代码在lk层相关代码执行:aboot_init函数介绍:// aboot_init主要内容
//根据target_is_emmc_boot()判断是否是从emmc存储设备上启动,然后分别获取对应存储设备的页大小和页掩码
// 取得设备的device_info信息,保存到device变量中。device_info结构体定义在bootloader\lk\app\aboot\devinfo.h
void aboot_init(const struct app_descriptor *app)
{
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
/* Setup page size information for nand/emmc reads */ //设置关于nand/emmc读的页面大小信息
if (target_is_emmc_boot()) //target_is_emmc_boot()判断是否是从emmc存储设备上启动,然后分别获取对应存储设备的页大小和页掩码(从0开始所以要减一)
{
page_size = 2048; //也大小一般是2048
page_mask = page_size - 1;
}
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
if(target_use_signed_kernel())
{
//从devinfo分区表read data到device结构体
read_device_info(&device); //取得设备的device_info信息,保存到device变量中。device_info结构体定义为:lk/app/aboot/devinfo.h
//获取device_info信息,该函数决定fastboot是否被禁掉,boot.img是否需要鉴权等
}
target_serialno((unsigned char *) sn_buf); //获取emmc或者flash芯片的产品序列号,最后在启动kernel时通过cmdline中的androidboot.serialno参数传给内核
//获取emmc/ufs的product serial number,fastboot和cmdline都会用到
dprintf(SPEW,"serial number: %s\n",sn_buf);
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
/* Check if we should do something other than booting up */ //检查其它的启动
//keys_get_state(KEY_HOME) != 0 ||keys_get_state(KEY_VOLUMEUP) != 0 上键+电源键 进入recovery模式
if (keys_get_state(KEY_HOME) != 0)
boot_into_recovery = 1;// home键和音量上键同时按下,设置fastboot模式标志
if (keys_get_state(KEY_VOLUMEUP) != 0)
boot_into_recovery = 1;
//下键+back键进入fastboot模式,我的手机是有back实体键的
if(!boot_into_recovery)
{
if (keys_get_state(KEY_BACK) != 0)
goto fastboot;
if (keys_get_state(KEY_VOLUMEDOWN) != 0)
goto fastboot;
}
#if NO_KEYPAD_DRIVER // 没有按键驱动,不关注
if (fastboot_trigger())
goto fastboot;
#endif
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
//获取重启原因,设置相应的开机模式标志,之前使用的是共享内存记录重启原因,最新转为使用pmic的pon寄存器记录重启原因
reboot_mode = check_reboot_mode(); //检测开机原因,并且修改相应的标志位
if (reboot_mode == RECOVERY_MODE) {
boot_into_recovery = 1;
} else if(reboot_mode == FASTBOOT_MODE) {
goto fastboot;
}
if (target_is_emmc_boot())
{
if(emmc_recovery_init())
dprintf(ALWAYS,"error in emmc_recovery_init\n");
if(target_use_signed_kernel())
{
if((device.is_unlocked) || (device.is_tampered))
{
#ifdef TZ_TAMPER_FUSE
set_tamper_fuse_cmd();
#endif
#if USE_PCOM_SECBOOT
set_tamper_flag(device.is_tampered);
#endif
}
}
// boot_linux_from_mmc它主要负责根据boot_into_xxx从对应的分区内读取相关信息并传给kernel,然后引导kernel。
//程序走到这,说成没有进入fastboot模式,可能的情况有:正常启动,进入recovery,开机闹钟启动。
boot_linux_from_mmc(); //程序会跑到这里,又一个重点内容,下面会独立分析这个函数。
}
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
}
int boot_linux_from_mmc(void)函数说明:
/*
boot_linux_from_mmc()主要做下面的事情
从对应的分区内读取相关信息并传给kernel,然后引导kernel
1).程序会从boot分区或者recovery分区的header中读取地址等信息,然后把kernel、ramdisk加载到内存中。
2).程序会从misc分区中读取bootloader_message结构体,如果有boot-recovery,则进入recovery模式
3).更新cmdline,然后把cmdline写到tags_addr地址,把参数传给kernel,kernel起来以后会到这个地址读取参数。
*/
/*
#######################################################################
具体说明:
1 首先创建一个用来保存boot.img文件头信息的变量hdr,buf是一个4096byte的数组,hdr和hdr指向了同一个内存地址。
2 uhdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR,计算uhdr,uhdr指向boot分区header地址
3 检查uhdr->magic 是否等于 "Android!",如果是就直接跳转到kernel,这是非正常路径
4 如果不是recovery模式,可能是正常启动或者进入ffbm,这种情况下调用partition_get_index获取boot分区索引,调用partition_get_offset获取boot分区便宜。 如果是recovery模式,读取recovery分区,并获得recovery分区的偏移量。
5 调用mmc_read,从boot或者recovery分区读取1字节的内容到buf(hdr)中,我们知道在boot/recovery中开始的1字节存放的是hdr的内容。
6 调用memcmp,判断boot.img头结构体的魔数是否正确。
7 根据hdr->page_size,判断是否需要更新页大小。
8 最后在函数返回前,将会执行到boot_linux,在boot_linux中将会完成跳转到内核的操作。
######################################################################################
888
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
