查找env的偏移地址和大小:
通过查找saveenv命令,找到
```
#elif defined(CONFIG_ENV_IS_IN_NAND)
#undef CONFIG_ENV_SIZE
#define CONFIG_ENV_OFFSET (60 << 20)
#define CONFIG_ENV_SECT_SIZE (128 << 10)
#define CONFIG_ENV_SIZE CONFIG_ENV_SECT_SIZE
#endif
```
偏移地址为 0x3c00000,大小为 0x20000
在linux下,通过 ./nanddump -f mtd0_env -l 0x20000 -s 0x3c00000 /dev/mtd0 读取env数据
通过hexdump ,发现前4个bytes是类似校验的数据,在save函数中
int saveenv(void)
{
...
ret = env_export(env_new);
if (ret)
return ret;
...
}
env_export 函数定义
/* Emport the environment and generate CRC for it. */
int env_export(env_t *env_out)
{
char *res;
ssize_t len;
int ret;
res = (char *)env_out->data;
len = hexport_r(&env_htab, '\0', 0, &res, ENV_SIZE, 0, NULL);
if (len < 0) {
error("Cannot export environment: errno = %d\n", errno);
return 1;
}
/* Encrypt the env if desired. */
ret = env_aes_cbc_crypt(env_out, 1);
if (ret)
return ret;
env_out->crc = crc32(0, env_out->data, ENV_SIZE);
return 0;
}
由此可知env的前四个字节是CRC32校验
env_t 结构
typedef struct environment_s {
uint32_t crc; /* CRC32 over data bytes */
#ifdef CONFIG_SYS_REDUNDAND_ENVIRONMENT
unsigned char flags; /* active/obsolete flags */
#endif
unsigned char data[ENV_SIZE]; /* Environment data */
} env_t
# define ENV_HEADER_SIZE (sizeof(uint32_t))
#define ENV_SIZE (CONFIG_ENV_SIZE - ENV_HEADER_SIZE)