# android boot image 全志 a64 linux sdk采用了android 的boot image，这里顺着该sdk系统理解android的引导镜像。 如下`linux-3.10/scripts/build.sh `代码片段显示，在完成内核编译后，改脚本直接将kernel的二进制可执行文件和cpio的gzip压缩包rootfs.cpio.gz 一起合并进入boot.img。 ```bash #linux-3.10/scripts/build.sh line.27 export MKBOOTIMG=${LICHEE_TOOLS_DIR}/pack/pctools/linux/android/mkbootimg local BIMAGE="output/bImage"; local RAMDISK="output/rootfs.cpio.gz"; #linux-3.10/scripts/build.sh line.287 ${MKBOOTIMG} --kernel ${BIMAGE} \ --ramdisk ${RAMDISK} \ --board ${CHIP} \ --base ${BASE} \ --kernel_offset ${KERNEL_OFFSET} \ --ramdisk_offset ${RAMDISK_OFFSET} \ -o output/boot.img ``` 对于如上 mkbootimg 通过review [github mkbootimg ](https://github.com/osm0sis/mkbootimg)代码片段确定该应用功能。 ```c //mkbootimg.c line466 if(write(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) goto fail; if(write_padding(fd, pagesize, sizeof(hdr))) goto fail; if(write(fd, kernel_data, hdr.kernel_size) != (ssize_t) hdr.kernel_size) goto fail; if(write_padding(fd, pagesize, hdr.kernel_size)) goto fail; if(write(fd, ramdisk_data, hdr.ramdisk_size) != (ssize_t) hdr.ramdisk_size) goto fail; if(write_padding(fd, pagesize, hdr.ramdisk_size)) goto fail; ``` 整合传递参数后，mkbootimg 依次将header（metadata）、kernel、ramdisk、等信息到一个文件。 ```c //mkboot.h line.166 /* When the boot image header has a version of BOOT_HEADER_VERSION_ONE, the structure of the boot * image is as follows: * * +-----------------+ * | boot header | 1 page * +-----------------+ * | kernel | n pages * +-----------------+ * | ramdisk | m pages * +-----------------+ * | second stage | o pages * +-----------------+ * | recovery dtbo | p pages * +-----------------+ * n = (kernel_size + page_size - 1) / page_size * m = (ramdisk_size + page_size - 1) / page_size * o = (second_size + page_size - 1) / page_size * p = (recovery_dtbo_size + page_size - 1) / page_size * * 0. all entities are page_size aligned in flash * 1. kernel and ramdisk are required (size != 0) * 2. recovery_dtbo is required for recovery.img in non-A/B devices(recovery_dtbo_size != 0) * 3. second is optional (second_size == 0 -> no second) * 4. load each element (kernel, ramdisk, second) at * the specified physical address (kernel_addr, etc) * 5. If booting to recovery mode in a non-A/B device, extract recovery dtbo and * apply the correct set of overlays on the base device tree depending on the * hardware/product revision. * 6. prepare tags at tag_addr. kernel_args[] is * appended to the kernel commandline in the tags. * 7. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr * 8. if second_size != 0: jump to second_addr * else: jump to kernel_addr */ ``` 这里需要深入理解metadata`boot_img_hdr_v1`,它描述这个引导镜像的kernel、ramfs 大小基地址。 ```c //bootimg.h line 121 struct boot_img_hdr_v1 { uint8_t magic[BOOT_MAGIC_SIZE]; uint32_t kernel_size; /* size in bytes */ uint32_t kernel_addr; /* physical load addr */ uint32_t ramdisk_size; /* size in bytes */ uint32_t ramdisk_addr; /* physical load addr */ uint32_t second_size; /* size in bytes */ uint32_t second_addr; /* physical load addr */ uint32_t tags_addr; /* physical addr for kernel tags */ uint32_t page_size; /* flash page size we assume */ /* * version for the boot image header. * alternately this is used as dt_size on some hardware. */ union { uint32_t header_version; uint32_t dt_size; /* device tree in bytes */ }; /* operating system version and security patch level; for * version "A.B.C" and patch level "Y-M-D": * ver = A << 14 | B << 7 | C (7 bits for each of A, B, C) * lvl = ((Y - 2000) & 127) << 4 | M (7 bits for Y, 4 bits for M) * os_version = ver << 11 | lvl */ uint32_t os_version; uint8_t name[BOOT_NAME_SIZE]; /* asciiz product name */ uint8_t cmdline[BOOT_ARGS_SIZE]; uint32_t id[8]; /* timestamp / checksum / sha1 / etc */ /* Supplemental command line data; kept here to maintain * binary compatibility with older versions of mkbootimg */ uint8_t extra_cmdline[BOOT_EXTRA_ARGS_SIZE]; uint32_t recovery_dtbo_size; /* size in bytes for recovery DTBO image */ uint64_t recovery_dtbo_offset; /* offset to recovery dtbo in boot image */ uint32_t header_size; } __attribute__((packed)); ``` 直接dump boot.img 验证如上首地址的metadata。 ```bash jay@mxj-build:~/a64_v4l2$ hexdump -n 100 -C /home/jay/a64_v4l2/out/sun50iw1p1/debian/common/boot.img 00000000 41 4e 44 52 4f 49 44 21 50 4b e8 00 00 00 08 41 |ANDROID!PK.....A| 00000010 69 d0 29 00 00 00 00 42 00 00 00 00 00 00 f0 41 |i.)....B.......A| 00000020 00 01 00 41 00 08 00 00 00 00 00 00 00 00 00 00 |...A............| 00000030 73 75 6e 35 30 69 00 00 00 00 00 00 00 00 00 00 |sun50i..........| 00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 00000064 ```