1. 程式人生 > >lk啟動流程詳細分析(高通)

lk啟動流程詳細分析(高通)

複製程式碼
int boot_linux_from_mmc(void)                                  
{
    struct boot_img_hdr *hdr = (void*) buf;       //************buf和hdr指向相同的地址,可以理解為buf就是hdr
    struct boot_img_hdr *uhdr;
    unsigned offset = 0;
    int rcode;
    unsigned long long ptn = 0;
    int index = INVALID_PTN;

    unsigned 
char *image_addr = 0; unsigned kernel_actual; unsigned ramdisk_actual; unsigned imagesize_actual; unsigned second_actual = 0; unsigned int dtb_size = 0; unsigned int out_len = 0; unsigned int out_avai_len = 0; unsigned char *out_addr = NULL; uint32_t dtb_offset = 0; unsigned
char *kernel_start_addr = NULL; unsigned int kernel_size = 0; int rc; #if DEVICE_TREE                     struct dt_table *table; struct dt_entry dt_entry; unsigned dt_table_offset; uint32_t dt_actual; uint32_t dt_hdr_size; unsigned char *best_match_dt_addr = NULL; #endif
struct kernel64_hdr *kptr = NULL; if (check_format_bit())                        //查詢bootselect分割槽,檢視分割槽表,沒有此分割槽,所以返回值為false boot_into_recovery = 1; if (!boot_into_recovery) {                     //此時有兩種可能,正常開機/進入ffbm工廠測試模式,進入工廠測試模式是正行啟動,但是向kernel傳參會多一個字串"androidboot.mode='ffbm_mode_string'" memset(ffbm_mode_string, '\0', sizeof(ffbm_mode_string));     //ffbm_mode_string = "" rcode = get_ffbm(ffbm_mode_string, sizeof(ffbm_mode_string));  //從misc分割槽0地址中讀取sizeof(ffbm_mode_string)的內容,如果內容是"ffbm-",返回1,否則返回0 if (rcode <= 0) { boot_into_ffbm = false; if (rcode < 0) dprintf(CRITICAL,"failed to get ffbm cookie"); } else boot_into_ffbm = true; } else                                     //boot_into_recovery=true boot_into_ffbm = false; uhdr = (struct boot_img_hdr *)EMMC_BOOT_IMG_HEADER_ADDR;           //uhdr指向boot分割槽header地址,header是什麼東西,下面會詳細介紹 if (!memcmp(uhdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {      //檢查uhdr->magic 是否等於 "ANDROID!",不知到為什麼要這麼做,覺的沒有什麼作用 dprintf(INFO, "Unified boot method!\n"); hdr = uhdr; goto unified_boot; } if (!boot_into_recovery) {    //如果不是recovery模式,可能是正常啟動或者進入ffbm,再次生命ffbm和正常啟動流程一樣啟動kernel,只是kernel起來以後,init.c檔案會讀取是否有"ffbm-" index = partition_get_index("boot");         //讀取boot分割槽 ptn = partition_get_offset(index);      //讀取boot分割槽的偏移量 if(ptn == 0) { dprintf(CRITICAL, "ERROR: No boot partition found\n"); return -1; } } else { index = partition_get_index("recovery");        //進入recovery模式,讀取recovery分割槽,並獲得recovery分割槽的偏移量。recovery.img和boot.img的組成是一樣的,下面有介紹 ptn = partition_get_offset(index); if(ptn == 0) { dprintf(CRITICAL, "ERROR: No recovery partition found\n"); return -1; } } /* Set Lun for boot & recovery partitions */ mmc_set_lun(partition_get_lun(index));         if (mmc_read(ptn + offset, (uint32_t *) buf, page_size)) {                 //從boot/recovery分割槽讀取1位元組的內容到buf(hdr)中,我們知道在boot/recovery中開始的1位元組存放的是hdr的內容,下面有詳細的介紹。 dprintf(CRITICAL, "ERROR: Cannot read boot image header\n"); return -1; } if (memcmp(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {                   //上面已經從boot/recovery分割槽讀取了header到hdr,這裡對比magic是否等於"ANDROID!",如果不是,則表明讀取的header是錯誤的,也算是校驗吧 dprintf(CRITICAL, "ERROR: Invalid boot image header\n"); return -1; } if (hdr->page_size && (hdr->page_size != page_size)) {                   //比較也的大小是否相同,應該都是相同的2048位元組 if (hdr->page_size > BOOT_IMG_MAX_PAGE_SIZE) { dprintf(CRITICAL, "ERROR: Invalid page size\n"); return -1; } page_size = hdr->page_size; page_mask = page_size - 1; } /* ensure commandline is terminated */ hdr->cmdline[BOOT_ARGS_SIZE-1] = 0;          kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);          //kernel所佔的頁的總大小       例如kernel大小0x01,kernel_actual = 2048 ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);          //ramdisk所佔的頁的總大小 image_addr = (unsigned char *)target_get_scratch_address();             #if DEVICE_TREE dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);     //dt所佔的頁的大小 imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual);          //image佔的頁的總大小 #else imagesize_actual = (page_size + kernel_actual + ramdisk_actual); #endif #if VERIFIED_BOOT boot_verifier_init();   //校驗boot #endif if (check_aboot_addr_range_overlap((uint32_t) image_addr, imagesize_actual))       //校驗image_addr是否被覆蓋 { dprintf(CRITICAL, "Boot image buffer address overlaps with aboot addresses.\n"); return -1; } /* * Update loading flow of bootimage to support compressed/uncompressed * bootimage on both 64bit and 32bit platform. * 1. Load bootimage from emmc partition onto DDR. * 2. Check if bootimage is gzip format. If yes, decompress compressed kernel * 3. Check kernel header and update kernel load addr for 64bit and 32bit * platform accordingly. * 4. Sanity Check on kernel_addr and ramdisk_addr and copy data. */ dprintf(INFO, "Loading boot image (%d): start\n", imagesize_actual); bs_set_timestamp(BS_KERNEL_LOAD_START); /* Read image without signature */ if (mmc_read(ptn + offset, (void *)image_addr, imagesize_actual))        //讀取boot/recovery分割槽到image_addr { dprintf(CRITICAL, "ERROR: Cannot read boot image\n"); return -1; } dprintf(INFO, "Loading boot image (%d): done\n", imagesize_actual); bs_set_timestamp(BS_KERNEL_LOAD_DONE); /* Authenticate Kernel */ dprintf(INFO, "use_signed_kernel=%d, is_unlocked=%d, is_tampered=%d.\n", (int) target_use_signed_kernel(), device.is_unlocked, device.is_tampered); if(target_use_signed_kernel() && (!device.is_unlocked))               //這裡是false ,感興趣可以追target_use_signed_kernel(),會發現這個函式返回的是0 { offset = imagesize_actual;uhdr->magic if (check_aboot_addr_range_overlap((uint32_t)image_addr + offset, page_size)) { dprintf(CRITICAL, "Signature read buffer address overlaps with aboot addresses.\n"); return -1; } /* Read signature */ if(mmc_read(ptn + offset, (voidffbm_mode_string *)(image_addr + offset), page_size)) { dprintf(CRITICAL, "ERROR: Cannot read boot image signature\n"); return -1; } verify_signed_bootimg((uint32_t)image_addr, imagesize_actual); } else { second_actual = ROUND_TO_PAGE(hdr->second_size, page_mask);      #ifdef TZ_SAVE_KERNEL_HASH aboot_save_boot_hash_mmc((uint32_t) image_addr, imagesize_actual); #endif /* TZ_SAVE_KERNEL_HASH */ #if VERIFIED_BOOT if(boot_verify_get_state() == ORANGE)    //校驗boot { #if FBCON_DISPLAY_MSG display_bootverify_menu_thread(DISPLAY_MENU_ORANGE); wait_for_users_action(); #else dprintf(CRITICAL, "Your device has been unlocked and can't be trusted.\nWait for 5 seconds before proceeding\n"); mdelay(5000); #endif set_root_flag(ORANGE,1); } #endif #ifdef MDTP_SUPPORT { /* Verify MDTP lock. * For boot & recovery partitions, MDTP will use boot_verifier APIs, * since verification was skipped in aboot. The signature is not part of the loaded image. */ mdtp_ext_partition_verification_t ext_partition; ext_partition.partition = boot_into_recovery ? MDTP_PARTITION_RECOVERY : MDTP_PARTITION_BOOT; ext_partition.integrity_state = MDTP_PARTITION_STATE_UNSET; ext_partition.page_size = page_size; ext_partition.image_addr = (uint32)image_addr; ext_partition.image_size = imagesize_actual; ext_partition.sig_avail = FALSE; mdtp_fwlock_verify_lock(&ext_partition); } #endif /* MDTP_SUPPORT */ } #if VERIFIED_BOOT #if !VBOOT_MOTA // send root of trust if(!send_rot_command((uint32_t)device.is_unlocked)) ASSERT(0); #endif #endif /* * Check if the kernel image is a gzip package. If yes, need to decompress it. * If not, continue booting. */        //檢測kernel image是否是gzip的包,如果是,解壓,如果不是,繼續boot。得到kernel的起始地址和大小 if (is_gzip_package((unsigned char *)(image_addr + page_size), hdr->kernel_size)) { out_addr = (unsigned char *)(image_addr + imagesize_actual + page_size); out_avai_len = target_get_max_flash_size() - imagesize_actual - page_size; dprintf(INFO, "decompressing kernel image: start\n"); rc = decompress((unsigned char *)(image_addr + page_size), hdr->kernel_size, out_addr, out_avai_len, &dtb_offset, &out_len); if (rc) { dprintf(CRITICAL, "decompressing kernel image failed!!!\n"); ASSERT(0); } dprintf(INFO, "decompressing kernel image: done\n"); kptr = (struct kernel64_hdr *)out_addr; kernel_start_addr = out_addr; kernel_size = out_len; } else { kptr = (struct kernel64_hdr *)(image_addr + page_size); kernel_start_addr = (unsigned char *)(image_addr + page_size);   //kernel_start起始地址 kernel_size = hdr->kernel_size; //kernel大小 } /* * Update the kernel/ramdisk/tags address if the boot image header * has default values, these default values come from mkbootimg when * the boot image is flashed using fastboot flash:raw */ update_ker_tags_rdisk_addr(hdr, IS_ARM64(kptr)); //更新kernel/tags/ramdisk地址   /* Get virtual addresses since the hdr saves physical addresses. */ hdr->kernel_addr = VA((addr_t)(hdr->kernel_addr));        //儲存虛擬地址(mmu) hdr->ramdisk_addr = VA((addr_t)(hdr->ramdisk_addr)); hdr->tags_addr = VA((addr_t)(hdr->tags_addr)); kernel_size = ROUND_TO_PAGE(kernel_size, page_mask); /* Check if the addresses in the header are valid. */ if (check_aboot_addr_range_overlap(hdr->kernel_addr, kernel_size) ||                      //檢測kernel/ramdisk/tags地址是否超出emmc地址 check_aboot_addr_range_overlap(hdr->ramdisk_addr, ramdisk_actual)) { dprintf(CRITICAL, "kernel/ramdisk addresses overlap with aboot addresses.\n"); return -1; } #ifndef DEVICE_TREE if (check_aboot_addr_range_overlap(hdr->tags_addr, MAX_TAGS_SIZE)) { dprintf(CRITICAL, "Tags addresses overlap with aboot addresses.\n"); return -1; } #endif /* Move kernel, ramdisk and device tree to correct address */ memmove((void*) hdr->kernel_addr, kernel_start_addr, kernel_size);       //把kernel/ramdisk放在相應的地址上 memmove((void*) hdr->ramdisk_addr, (char *)(image_addr + page_size + kernel_actual), hdr->ramdisk_size); #if DEVICE_TREE   //讀取裝置樹資訊,放在相應的地址上 if(hdr->dt_size) { dt_table_offset = ((uint32_t)image_addr + page_size + kernel_actual + ramdisk_actual + second_actual); table = (struct dt_table*) dt_table_offset; if (dev_tree_validate(table, hdr->page_size, &dt_hdr_size) != 0) { dprintf(CRITICAL, "ERROR: Cannot validate Device Tree Table \n"); return -1; } /* Find index of device tree within device tree table */ if(dev_tree_get_entry_info(table, &dt_entry) != 0){ dprintf(CRITICAL, "ERROR: Getting device tree address failed\n"); return -1; } if (is_gzip_package((unsigned char *)dt_table_offset + dt_entry.offset, dt_entry.size)) { unsigned int compressed_size = 0; out_addr += out_len; out_avai_len -= out_len; dprintf(INFO, "decompressing dtb: start\n"); rc = decompress((unsigned char *)dt_table_offset + dt_entry.offset, dt_entry.size, out_addr, out_avai_len, &compressed_size, &dtb_size); if (rc) { dprintf(CRITICAL, "decompressing dtb failed!!!\n"); ASSERT(0); } dprintf(INFO, "decompressing dtb: done\n"); best_match_dt_addr = out_addr; } else { best_match_dt_addr = (unsigned char *)dt_table_offset + dt_entry.offset; dtb_size = dt_entry.size; } /* Validate and Read device device tree in the tags_addr */ if (check_aboot_addr_range_overlap(hdr->tags_addr, dtb_size)) { dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n"); return -1; } memmove((void *)hdr->tags_addr, (char *)best_match_dt_addr, dtb_size); } else { /* Validate the tags_addr */ if (check_aboot_addr_range_overlap(hdr->tags_addr, kernel_actual)) { dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n"); return -1; } /* * If appended dev tree is found, update the atags with * memory address to the DTB appended location on RAM. * Else update with the atags address in the kernel header */ void *dtb; dtb = dev_tree_appended((void*)(image_addr + page_size), hdr->kernel_size, dtb_offset, (void *)hdr->tags_addr); if (!dtb) { dprintf(CRITICAL, "ERROR: Appended Device Tree Blob not found\n"); return -1; } } #endif if (boot_into_recovery && !device.is_unlocked && !device.is_tampered) target_load_ssd_keystore(); unified_boot: boot_linux((void *)hdr->kernel_addr, (void *)hdr->tags_addr,           //進入boot_linux函式,此函式比較簡單,更新cmdline。 (const char *)hdr->cmdline, board_machtype(), (void *)hdr->ramdisk_addr, hdr->ramdisk_size); return 0; }
複製程式碼