1 xLINK工具和MCU
1.1 DAPLink
ARM公司开发的开源仿真器,DAP是Debug Access Port的缩写,使用U盘模式拖拽(drag-n-drop)烧写MCU程序。github上搜索DAPLink。
1.2 JLINK
JLINK使用的SoC是AT91SAM7S64,JLINK是通用的开发工具,可以用于Keil MDK、IAR、ADS等平台,速度、效率、功能均比ULINK强。
1.3 STLINK
1.4 ULINK
ULINK是Keil公司开发的仿真器,专用于Keil MDK。
Flash算法文件扩展名:
.flm: Cortex M系列
.flx: ARM7和ARM9
Flash算法被ULINK下载到MCU SRAM里,让算法程序自己运行并写Flash,和IAP(In Application Programming)比较像。
Figure 1-1 IAR and MDK Flash loader
1.5 TAS1020B
TAS1020B(TI Audio Solutions)bootROM使用了DFU下载协议。
2 MSM CDT配置
2.1 QCOM SoC启动流程
BootROM (PBL) -> XBL -> ABL -> kernel
https://alephsecurity.com/2018/01/22/qualcomm-edl-1/
2.2 CDT配置格式
qcom, board-id = <0xSSPMPmPH, 0x0>
SS -- Subtype
PM -- Platform major version
Pm -- Platform minor version
PH -- Platform hardware CDP/MTP
例子:
qcom,board-id=<24 0>; // <platform_hw, platform_subtype>, such as <QRD skuf> or <CDP subtype_ID>
->
qcom,board-id=<0x000018 0>; // 分成B2, B3, B1, B4
->
CDT
<0x03, 0x18, 0x00, 0x00, 0x00, 0x00, end>
0x03, B1, B2, B3, B4,...
2.3 Kernel Image
boot.img: 2-Kbyte header + zImage + ...
RAR: Roshal Archive, it was developed in 1993 by Russian software engineer Eugene Roshal
uImage: 64-byte Uboot header + zImage
zip: The informal meaning of zip is "move at high speed". The name .ZIP was suggested by the creator's (Phil Katz) friend, Robert Mahoney
3 BIOS和UEFI
3.1 MBR
MBR实际上也是一个bootloader。dd命令参数bs表示Block Size。
dd if=/dev/sda of=./mbr.bin bs=512 count=1
3.2 IFWI
Intel平台的BIOS文件统一叫做IFWI,I不是Intel的缩写,而是Integrated Firmware Image。
IFWI中的SoC SoftStraps包含了HSIO Lane(PCIe, SATA, xHCI)的配置。
4 Kernelflinger
4.1 启动流程
NUC:kernelflinger (kernelflinger.c) 可执行文件由UEFI Shell加载和运行。
Head Unit: ABL (Automotive Bootloader) -> TZ -> efiwrapper (simulate a UEFI firmware) -> kernelflinger (kf4abl.c) -> Linux kernel
Android 8.0之后没有独立的recovery.img,boot.img根据cmdline参数来决定运行哪个ramdisk。
如果有skip_initramfs参数,那么运行打包在system.img中的normal ramdisk(CONFIG_BLK_DEV_INITRD);否则运行打包在boot.img中的recovery ramdisk。
参数BOARD_BUILD_SYSTEM_ROOT_IMAGE的配置决定是将normal ramdisk打包到boot.img中还是打包到system.img中。
打包到boot.img中:
BOARD_BUILD_SYSTEM_ROOT_IMAGE := false
打包到system.img中(system-as-root):
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
4.2 fastboot unlock
fastboot flashing unlock
or
fastboot oem unlock
5 MTK SoC
5.1 启动流程
BootROM -> BL2 (lk) -> BL33 (lk) -> kernel
MTK的BootROM内置了fastboot下载协议,BL2烧写在eMMC的boot分区,高通平台eMMC boot分区一般烧写CDT。
5.2 device tree
https://github.com/PabloCastellano/extract-dtb
out/soong/host/linux-x86/bin/dtc
python extract-dtb.py boot.img -o ./dtb/
dtc -I dtb -O dts <NAME>.dtb -o ./tmp.dts
6 Samsung SoC
S3C2440 uses DNW to download images.
IROM - BL1 - EPBL - BL2 - EL3 mon - LK
7 Abbreviations
ADP:QCOM Automotive Development Platform
AN:Application Note
ARC:Argonant RISC Core
AT91SAM9260:SAM means Smart ARM-based Microcontroller
ATMEL SAMBA:ATMEL Smart ARM-based Microcontroller Boot Assistant
CDT:Configuration Data Table
CDP: QCOM Core Development Platform
EPBL: Samsung EA9 Exynos Primary Bootloader
FSP:Intel Firmware Support Package
MBR:Master Boot Record
MDM:QCOM Mobile Data Modem
MPSSE:Multi-Protocol Synchronous Serial Engine
MSM:Mobile Station Modem
MTP: QCOM Modem Test Platform
QRD SKU:QCOM Reference Design Skull
SDM:SnapDragon Mobile
VPD:MTK Vital Product Data,vpd分区,保存MAC地址和序列号等
136
08-29
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
