转载请注明来源:cuixiaolei的技术博客
这篇文章是lk启动流程分析,将会详细介绍下面的内容:
1).正常开机引导流程
2).recovery引导流程
3).fastboot引导流程
4).ffbm引导流程
5).lk向kernel传参
start----------------------------------------
在bootable/bootloader/lk/arch/arm/crt0.S文件中有下面代码,所以从kmain()开始介绍
bl kmain
kmain函数位于bootable/bootloader/lk/kernel/main.c
/* called from crt0.S */
void kmain(void) __NO_RETURN __EXTERNALLY_VISIBLE;
void kmain(void)
{
// get us into some sort of thread context
thread_init_early(); //初始化线程上下文
#ifdef FEATURE_AFTER_SALE_LOG_LK
// do console early init
console_init_early(); //初始化控制台
#endif
// early arch stuff
arch_early_init(); //架构初始化,如关闭cache,使能mmu
// do any super early platform initialization
platform_early_init(); //平台早期初始化
// do any super early target initialization
target_early_init(); //目标设备早期初始化,初始化串口
dprintf(INFO, "welcome to lk\n\n");
bs_set_timestamp(BS_BL_START);
// deal with any static constructors
dprintf(SPEW, "calling constructors\n");
call_constructors();
// bring up the kernel heap
dprintf(SPEW, "initializing heap\n");
heap_init(); //堆初始化
__stack_chk_guard_setup();
// initialize the threading system
dprintf(SPEW, "initializing threads\n");
thread_init(); //线程初始化
#ifdef FEATURE_AFTER_SALE_LOG_LK
// initialize the console layer
// TCTNB Wangyongliang task1167051
dprintf(SPEW, "initializing console layer\n");
console_init(); //初始化控制台
#endif
// initialize the dpc system
dprintf(SPEW, "initializing dpc\n");
dpc_init(); //lk系统控制器初始化
// initialize kernel timers
dprintf(SPEW, "initializing timers\n");
timer_init(); //kernel时钟初始化
#if (!ENABLE_NANDWRITE)
// create a thread to complete system initialization
dprintf(SPEW, "creating bootstrap completion thread\n");
thread_resume(thread_create("bootstrap2", &bootstrap2, NULL, DEFAULT_PRIORITY, DEFAULT_STACK_SIZE)); //创建一个线程初始化系统
// enable interrupts
exit_critical_section(); //使能中断
// become the idle thread
thread_become_idle(); //本线程切换成idle线程,idle为空闲线程,当没有更高优先级的线程时才执行
#else
bootstrap_nandwrite();
#endif
}
arch_early_init()负责使能内存管理单元mmu
bootable/bootloader/lk/arch/arm/arch.c
void arch_early_init(void)
{
/* turn off the cache */
arch_disable_cache(UCACHE); //关闭cache
/* set the vector base to our exception vectors so we dont need to double map at 0 */
#if ARM_CPU_CORTEX_A8
set_vector_base(MEMBASE); //设置异常向量基地址
#endif
#if ARM_WITH_MMU
arm_mmu_init(); //使能mmu
#endif
/* turn the cache back on */
arch_enable_cache(UCACHE); //打开cache
#if ARM_WITH_NEON
/* enable cp10 and cp11 */
uint32_t val;
__asm__ volatile("mrc p15, 0, %0, c1, c0, 2" : "=r" (val));
val |= (3<<22)|(3<<20);
__asm__ volatile("mcr p15, 0, %0, c1, c0, 2" :: "r" (val));
isb();
/* set enable bit in fpexc */
__asm__ volatile("mrc p10, 7, %0, c8, c0, 0" : "=r" (val));
val |= (1<<30);
__asm__ volatile("mcr p10, 7, %0, c8, c0, 0" :: "r" (val));
#endif
#if ARM_CPU_CORTEX_A8
/* enable the cycle count register */
uint32_t en;
__asm__ volatile("mrc p15, 0, %0, c9, c12, 0" : "=r" (en));
en &= ~(1<<3); /* cycle count every cycle */
en |= 1; /* enable all performance counters */
__asm__ volatile("mcr p15, 0, %0, c9, c12, 0" :: "r" (en));
/* enable cycle counter */
en = (1<<31);
__asm__ volatile("mcr p15, 0, %0, c9, c12, 1" :: "r" (en));
#endif
}
platform_early_init()平台早期初始化,初始化平台的时钟和主板
bootable\bootloader\lk\platform\msm8952\platform.cvoid platform_early_init(void)
{
board_init(); //主板初始化
platform_clock_init(); //时钟初始化
qgic_init();
qtimer_init();
}
从代码可知,会创建一个bootstrap2线程,并使能中断
static int bootstrap2(void *arg)
{
dprintf(SPEW, "top of bootstrap2()\n");
arch_init(); //架构初始化,此函数为空,什么都没做
// XXX put this somewhere else
#if WITH_LIB_BIO
bio_init();
#endif
#if WITH_LIB_FS
fs_init();
#endif
// initialize the rest of the platform
dprintf(SPEW, "initializing platform\n");
platform_init(); // 平台初始化,不同的平台要做的事情不一样,可以是初始化系统时钟,超频等
// initialize the target
dprintf(SPEW, "initializing target\n");
target_init(); //目标设备初始化,主要初始化Flash,整合分区表等
dprintf(SPEW, "calling apps_init()\n");
apps_init(); //应用功能初始化,主要调用boot_init,启动kernel,加载boot/recovery镜像等
return 0;
}
apps_init()通过下面方式进入aboot_init()函数
APP_START(aboot)
.init = aboot_init,
APP_END
bootable/bootloader/lk/app/app.cvoid apps_init(void)
{
const struct app_descriptor *app;
/* call all the init routines */
for (app = &__apps_start; app != &__apps_end; app++) {
if (app->init)
app->init(app);
}
/* start any that want to start on boot */
for (app = &__apps_start; app != &__apps_end; app++) {
if (app->entry && (app->flags & APP_FLAG_DONT_START_ON_BOOT) == 0) {
start_app(app);
}
}
}
从这里开始是这篇文章的重点,分析aboot.c文件。每个项目的文件可能会有不同,但是差别会很小。
bootable/bootloader/lk/app/aboot/aboot.c
void aboot_init(const struct app_descriptor *app)
{
unsigned reboot_mode = 0;
unsigned restart_reason = 0;
unsigned hard_reboot_mode = 0;
bool boot_into_fastboot = false;
uint8_t pon_reason = pm8950_get_pon_reason(); //pm8950_get_pon_reason() 获取开机原因
/* Setup page size information for nv storage */
if (target_is_emmc_boot()) //检测是emmc还是flash存储,并设置页大小,一般是2048
{
page_size = mmc_page_size();
page_mask = page_size - 1;
}
else
{
page_size = flash_page_size();
page_mask = page_size - 1;
}
ASSERT((MEMBASE + MEMSIZE) > MEMBASE); //断言,如果内存基地址+内存大小小于内存基地址,则直接终止错误
read_device_info(&device); //从devinfo分区表read data到device结构体
read_allow_oem_unlock(&device); //devinfo分区里记录了unlock状态,从device中读取此信息
/* Display splash screen if enabled */
if (!check_alarm_boot()) {
dprintf(SPEW, "Display Init: Start\n");
target_display_init(device.display_panel); //显示splash,Splash也就是应用程序启动之前先启动一个画面,上面简单的介绍应用程序的厂商,厂商的LOGO,名称和版本等信息,多为一张图片
dprintf(SPEW, "Display Init: Done\n");
}
#ifdef FEATURE_LOW_POWER_DISP_LK
if(is_low_voltage) { //如果电量低,则显示关机动画,并关闭设备
mdelay(2000);
//target_uninit();
target_display_shutdown();
shutdown_device();
}
#endif
is_alarm_boot = check_alarm_boot(); //检测开机原因是否是由于关机闹钟导致
target_serialno((unsigned char *) sn_buf);
dprintf(SPEW,"serial number: %s\n",sn_buf);
memset(display_panel_buf, ‘\0‘, MAX_PANEL_BUF_SIZE);
/*
* Check power off reason if user force reset,
* if yes phone will do normal boot.
*/
if (is_user_force_reset()) //如果强制重启,直接进入normal_boot
goto normal_boot;
dprintf(ALWAYS, "pon_reason=0x%02x\n", pon_reason);
/* Check if we should do something other than booting up */
if ( (pon_reason & USB_CHG) //启动原因是插上USB,并且用户同时按住了音量上下键,进入下载模式
&& (keys_get_state(KEY_VOLUMEUP) && keys_get_state(KEY_VOLUMEDOWN)))
{
display_dloadimage_on_screen(); //显示下载模式图片
volume_keys_init(); //初始化音量按键
int i = 0;
int j = 0;
int k = 0;
dload_flag = 1 ;
while(1) //进入下载模式后,通过不同的按键组合进入不同的模式,下面的代码逻辑很简单,就不介绍了
{
thread_sleep(200);
//dprintf(ALWAYS, "in while circle\n");
if ( check_volume_up_key() && !check_volume_down_key() && !check_power_key() )
{
/* Hold volume_up_key 3 sec to download mode, if not enough, need to hold another 3 sec. */
for(i = 0;i < 15;++i)
{
thread_sleep(200);
if (!check_volume_up_key())
{
dprintf(ALWAYS, "press volume_up not enough time\n");
break;
}
}
if(i == 15)
{
break;
}
}
else if (check_power_key() && !check_volume_up_key() && !check_volume_down_key())
{
/* Hold power_key 1 sec to normal boot, if not enough, need to hold another 1 sec. */
for(j = 0;j < 5;++j)
{
thread_sleep(200);
if (!check_power_key())
{
//dprintf(ALWAYS, "press power_key not enough time\n");
break;
}
}
if(j == 5)
{
goto normal_boot;
}
}
else if (!check_volume_down_key() && !check_volume_up_key() && !check_power_key())
{
/* Hold no key and go to normal boot 30 sec later. */
for(k = 0;k < 150;++k)
{
thread_sleep(200);
if (check_power_key() || check_volume_up_key())
{
//dprintf(ALWAYS, "press nothing\n");
break;
}
}
if(k == 150)
{
//dprintf(ALWAYS, "goto normal_boot\n");
goto normal_boot;
}
}
}
dprintf(CRITICAL,"dload mode key sequence detected\n");
if (set_download_mode(EMERGENCY_DLOAD))
{
dprintf(CRITICAL,"dload mode not supported by target\n");
}
else
{
reboot_device(DLOAD);
dprintf(ALWAYS,"Failed to reboot into dload mode\n");
}
boot_into_fastboot = true; //下载模式本质上是进入fastboot
}
if (!boot_into_fastboot) //如果不是通过usb+上下键进入下载模式
{
if (keys_get_state(KEY_HOME) || (keys_get_state(KEY_VOLUMEUP) && !keys_get_state(KEY_VOLUMEDOWN))) //上键+电源键 进入recovery模式
{
boot_into_recovery = 1;
struct recovery_message msg;
strcpy(msg.recovery, "recovery\n--show_text");
}
if (!boot_into_recovery &&
(keys_get_state(KEY_BACK) || (keys_get_state(KEY_VOLUMEDOWN) && !keys_get_state(KEY_VOLUMEUP)))) //下键+back键进入fastboot模式,我的手机是有back实体键的
boot_into_fastboot = true;
}
reboot_mode = check_reboot_mode(); //检测开机原因,并且修改相应的标志位
hard_reboot_mode = check_hard_reboot_mode();
if (reboot_mode == RECOVERY_MODE ||
hard_reboot_mode == RECOVERY_HARD_RESET_MODE) {
boot_into_recovery = 1;
} else if(reboot_mode == FASTBOOT_MODE ||
hard_reboot_mode == FASTBOOT_HARD_RESET_MODE) {
boot_into_fastboot = true;
} else if(reboot_mode == ALARM_BOOT ||
hard_reboot_mode == RTC_HARD_RESET_MODE) {
boot_reason_alarm = true;
}
else if (reboot_mode == DM_VERITY_ENFORCING)
{
device.verity_mode = 1;
write_device_info(&device);
} else if(reboot_mode == DM_VERITY_LOGGING) {
device.verity_mode = 0;
write_device_info(&device);
} else if(reboot_mode == DM_VERITY_KEYSCLEAR) {
if(send_delete_keys_to_tz())
ASSERT(0);
}
normal_boot:
if(dload_flag){
display_image_on_screen(); //显示界面,上面提到过
}
if (!boot_into_fastboot) //如果不是fastboot模式
{
if (target_is_emmc_boot())
{
if(emmc_recovery_init())
dprintf(ALWAYS,"error in emmc_recovery_init\n");
if(target_use_signed_kernel())
{
if((device.is_unlocked) || (device.is_tampered))
{
#ifdef TZ_TAMPER_FUSE
set_tamper_fuse_cmd();
#endif
#if USE_PCOM_SECBOOT
set_tamper_flag(device.is_tampered);
#endif
}
}
boot_linux_from_mmc(); //程序会跑到这里,又一个重点内容,下面会独立分析这个函数。
}
else
{
recovery_init();
#if USE_PCOM_SECBOOT
if((device.is_unlocked) || (device.is_tampered))
set_tamper_flag(device.is_tampered);
#endif
boot_linux_from_flash();
}
dprintf(CRITICAL, "ERROR: Could not do normal boot. Reverting "
"to fastboot mode.\n");
}
/* We are here means regular boot did not happen. Start fastboot. */
/* register aboot specific fastboot commands */
aboot_fastboot_register_commands(); //注册fastboot命令,建议看下此函数的源码,此函数是fastboot支持的命令,如flash、erase等等
/* dump partition table for debug info */
partition_dump();
/* initialize and start fastboot */
fastboot_init(target_get_scratch_address(), target_get_max_flash_size()); //初始化fastboot
#if FBCON_DISPLAY_MSG
display_fastboot_menu_thread(); //显示fastboot界面
#endif
}
关于device_info,这里多说一点
devinfo Device information including:iis_unlocked, is_tampered, is_verified, charger_screen_enabled, display_panel, bootloader_version, radio_version
All these attirbutes are set based on some specific conditions and written on devinfo partition.
devinfo是一个独立的分区,里面存放了下面的一些信息,上面是高通对这个分区的介绍。
struct device_info
{
unsigned char magic[DEVICE_MAGIC_SIZE];
bool is_unlocked;
bool is_tampered;
bool is_verified;
bool charger_screen_enabled;
char display_panel[MAX_PANEL_ID_LEN];
char bootloader_version[MAX_VERSION_LEN];
char radio_version[MAX_VERSION_LEN];
};
时间: 2024-10-10 20:21:03