android boot image

全志 a64 linux sdk采用了android 的boot image,这里顺着该sdk系统理解android的引导镜像。

如下linux-3.10/scripts/build.sh代码片段显示,在完成内核编译后,改脚本直接将kernel的二进制可执行文件和cpio的gzip压缩包rootfs.cpio.gz 一起合并进入boot.img。

#linux-3.10/scripts/build.sh line.27
export MKBOOTIMG=${LICHEE_TOOLS_DIR}/pack/pctools/linux/android/mkbootimg
local BIMAGE="output/bImage";
local RAMDISK="output/rootfs.cpio.gz";
#linux-3.10/scripts/build.sh line.287
${MKBOOTIMG} --kernel ${BIMAGE} \
    --ramdisk ${RAMDISK} \
    --board ${CHIP} \
    --base ${BASE} \
    --kernel_offset ${KERNEL_OFFSET} \
    --ramdisk_offset ${RAMDISK_OFFSET} \
    -o output/boot.img

对于如上 mkbootimg 通过review github mkbootimg 代码片段确定该应用功能。

//mkbootimg.c line466
if(write(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) goto fail;
if(write_padding(fd, pagesize, sizeof(hdr))) goto fail;

if(write(fd, kernel_data, hdr.kernel_size) != (ssize_t) hdr.kernel_size) goto fail;
if(write_padding(fd, pagesize, hdr.kernel_size)) goto fail;

if(write(fd, ramdisk_data, hdr.ramdisk_size) != (ssize_t) hdr.ramdisk_size) goto fail;
if(write_padding(fd, pagesize, hdr.ramdisk_size)) goto fail;

整合传递参数后,mkbootimg 依次将header(metadata)、kernel、ramdisk、等信息到一个文件。

//mkboot.h line.166
/* When the boot image header has a version of BOOT_HEADER_VERSION_ONE, the structure of the boot
 * image is as follows:
 *
 * +-----------------+
 * | boot header     | 1 page
 * +-----------------+
 * | kernel          | n pages
 * +-----------------+
 * | ramdisk         | m pages
 * +-----------------+
 * | second stage    | o pages
 * +-----------------+
 * | recovery dtbo   | p pages
 * +-----------------+
 * n = (kernel_size + page_size - 1) / page_size
 * m = (ramdisk_size + page_size - 1) / page_size
 * o = (second_size + page_size - 1) / page_size
 * p = (recovery_dtbo_size + page_size - 1) / page_size
 *
 * 0. all entities are page_size aligned in flash
 * 1. kernel and ramdisk are required (size != 0)
 * 2. recovery_dtbo is required for recovery.img in non-A/B devices(recovery_dtbo_size != 0)
 * 3. second is optional (second_size == 0 -> no second)
 * 4. load each element (kernel, ramdisk, second) at
 *    the specified physical address (kernel_addr, etc)
 * 5. If booting to recovery mode in a non-A/B device, extract recovery dtbo and
 *    apply the correct set of overlays on the base device tree depending on the
 *    hardware/product revision.
 * 6. prepare tags at tag_addr.  kernel_args[] is
 *    appended to the kernel commandline in the tags.
 * 7. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
 * 8. if second_size != 0: jump to second_addr
 *    else: jump to kernel_addr
 */

这里需要深入理解metadataboot_img_hdr_v1,它描述这个引导镜像的kernel、ramfs 大小基地址。

//bootimg.h line 121
struct boot_img_hdr_v1 {
     uint8_t magic[BOOT_MAGIC_SIZE];

     uint32_t kernel_size; /* size in bytes */
     uint32_t kernel_addr; /* physical load addr */

     uint32_t ramdisk_size; /* size in bytes */
     uint32_t ramdisk_addr; /* physical load addr */

     uint32_t second_size; /* size in bytes */
     uint32_t second_addr; /* physical load addr */

     uint32_t tags_addr; /* physical addr for kernel tags */
     uint32_t page_size; /* flash page size we assume */
     /*
      * version for the boot image header.
      * alternately this is used as dt_size on some hardware.
      */
     union {
         uint32_t header_version;
         uint32_t dt_size; /* device tree in bytes */
     };

     /* operating system version and security patch level; for
      * version "A.B.C" and patch level "Y-M-D":
      * ver = A << 14 | B << 7 | C         (7 bits for each of A, B, C)
      * lvl = ((Y - 2000) & 127) << 4 | M  (7 bits for Y, 4 bits for M)
      * os_version = ver << 11 | lvl */
     uint32_t os_version;

     uint8_t name[BOOT_NAME_SIZE]; /* asciiz product name */

     uint8_t cmdline[BOOT_ARGS_SIZE];

     uint32_t id[8]; /* timestamp / checksum / sha1 / etc */

     /* Supplemental command line data; kept here to maintain
      * binary compatibility with older versions of mkbootimg */
     uint8_t extra_cmdline[BOOT_EXTRA_ARGS_SIZE];

     uint32_t recovery_dtbo_size;   /* size in bytes for recovery DTBO image */
     uint64_t recovery_dtbo_offset; /* offset to recovery dtbo in boot image */
     uint32_t header_size;
 } __attribute__((packed));

直接dump boot.img 验证如上首地址的metadata。

jay@mxj-build:~/a64_v4l2$ hexdump -n 100 -C /home/jay/a64_v4l2/out/sun50iw1p1/debian/common/boot.img   
00000000  41 4e 44 52 4f 49 44 21  50 4b e8 00 00 00 08 41  |ANDROID!PK.....A|
00000010  69 d0 29 00 00 00 00 42  00 00 00 00 00 00 f0 41  |i.)....B.......A|
00000020  00 01 00 41 00 08 00 00  00 00 00 00 00 00 00 00  |...A............|
00000030  73 75 6e 35 30 69 00 00  00 00 00 00 00 00 00 00  |sun50i..........|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000064