Android Boot: After kernel stage

最新推荐文章于 2024-06-13 11:37:32 发布
原创 最新推荐文章于 2024-06-13 11:37:32 发布 · 1.6k 阅读 · 1 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#android #system #service #null #server #string

本文详细介绍了Android系统从内核启动后,如何通过init进程、Service Manager、app_process、ZygoteInit及SystemServer来一步步构建运行环境。首先init解析配置文件启动服务,接着Service Manager为启动app_process做准备,app_process运行ZygoteInit,通过Dalvik虚拟机启动Zygote。Zygote孵化SystemServer,加载libandroid_servers,注册JNI函数,并最终启动所有关键服务,完成Android系统的初始化。
本来一直在分析WIFI service,后来一直往底层追溯,就跟踪到了Android的service manager等“大户”的启动,再往上追就到了init了。先大概记录一下启动的流程,以后有空了再补充某些步骤的细节。由于分析的是Kernel起来之后剩下的启动过程,所以从init进程开始:

一,init
Init是由kernel启动的用户级进程,它始终是第一个存在进程。init起来之后会解析init.rc和init.{hardware}.rc,然后根据其内容启动基本服务和做些其他的东西。init*rc里面可以有(Actions, Commands, Services, Options)四种类型的声明,另外再分析。下面先看看init.rc里面的两行:
service servicemanager /system/bin/servicemanager
    ...
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
    ...

二,ServiceMangaer与app_process
其中servicemanager的代码为frameworks/base/cmds/servicemanager/service_manager.c,ServiceManager总管所有service(frameworks层次的service)的注册与查找(详情点击这里),先运行它主要是为后面的app_process启动zygote的过程提供前提条件。

app_prceoss的代码为frameworks/base/cmds/app_process/app_main.cpp,其主函数如下:
int main(int argc, const char* const argv[])
{
         ...
    AppRuntime runtime;
         ...    
    // Next arg is startup classname or "--zygote"
    if (i < argc) {
        arg = argv[i++];
        if (0 == strcmp("--zygote", arg)) {
            bool startSystemServer = (i < argc) ?
                    strcmp(argv[i], "--start-system-server") == 0 : false;
            setArgv0(argv0, "zygote");
            set_process_name("zygote");
            runtime.start("com.android.internal.os.ZygoteInit",
                startSystemServer);
        } else {
         ...
        }
    } else {
         ...
    }

}
其中以"com.android.internal.os.ZygoteInit"为类名调用AppRuntime : public AndroidRuntime的start()函数来启动zygote,其代码在frameworks/base/core/jni/AndroidRuntime.cpp中,start函数如下:
void AndroidRuntime::start(const char* className, const bool startSystemServer)
{
         ...
    if (startVm(&mJavaVM, &env) != 0)
        goto bail;
         ...
    if (startReg(env) < 0) {
        LOGE("Unable to register all android natives\n");
        goto bail;
    }
         ...
    startClass = env->FindClass(slashClassName);
    if (startClass == NULL) {
        LOGE("JavaVM unable to locate class '%s'\n", slashClassName);
        /* keep going */
    } else {
        startMeth = env->GetStaticMethodID(startClass, "main",
            "([Ljava/lang/String;)V");
        if (startMeth == NULL) {
            LOGE("JavaVM unable to find main() in '%s'\n", className);
            /* keep going */
        } else {
            env->CallStaticVoidMethod(startClass, startMeth, strArray);
         ...
}
startVm启动dalvik虚拟机,startReg负责把注册一些jni函数,然后就是找到名字为ZygoteInit的类并运行其main()函数。

三,ZygoteInit类
下面看看这个类的main函数,代码在frameworks/base/core/java/com/android/internal/os/ZygoteInit.java,主函数如下:
  public static void main(String argv[]) {
        try {
                  ...
            if (argv[1].equals("true")) {
                startSystemServer();
            } else if (!argv[1].equals("false")) {
                throw new RuntimeException(argv[0] + USAGE_STRING);
            }
                 ...
            if (ZYGOTE_FORK_MODE) {
                runForkMode();
            } else {
                runSelectLoopMode();
            }

            closeServerSocket();
        } catch (MethodAndArgsCaller caller) {
            caller.run();
        } catch (RuntimeException ex) {
            Log.e(TAG, "Zygote died with exception", ex);
            closeServerSocket();
            throw ex;
        }
    }
因为在AndroidRuntime::start中,"true"参数由strArray带进来,所以会调用到 startSystemServer()函数:
private static boolean startSystemServer()
            throws MethodAndArgsCaller, RuntimeException {
        /* Hardcoded command line to start the system server */
        String args[] = {
            "--setuid=1000",
            "--setgid=1000",
            "--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,3001,3002,3003",
            "--capabilities=130104352,130104352",
            "--runtime-init",
            "--nice-name=system_server",
            "com.android.server.SystemServer",
        };
        ZygoteConnection.Arguments parsedArgs = null;

        int pid;

        try {
                   ...
            /* Request to fork the system server process */
            pid = Zygote.forkSystemServer(    // 具体实现查看dalvik/vm/InternalNative.c
                    parsedArgs.uid, parsedArgs.gid,
                    parsedArgs.gids, debugFlags, null,
                    parsedArgs.permittedCapabilities,
                    parsedArgs.effectiveCapabilities);
        } catch (IllegalArgumentException ex) {
            throw new RuntimeException(ex);
        }

        /* For child process */
        if (pid == 0) {
            handleSystemServerProcess(parsedArgs);
        }

        return true;
    }
设置一堆启动参数之后,调用forkSystemServer启动子进程来跑handleSystemServerProcess(),父进程返回继续忙其他的事情(就是runForkMode或者runSelectLoopMode),然后这个函数又绕到了RuntimeInit.zygoteInit(parsedArgs.remainingArgs):
public static final void zygoteInit(String[] argv)
            throws ZygoteInit.MethodAndArgsCaller {
            ...
        commonInit();   // 做些初始化的工作
        zygoteInitNative();
            ...
        String startClass = argv[curArg++];
        String[] startArgs = new String[argv.length - curArg];

        System.arraycopy(argv, curArg, startArgs, 0, startArgs.length);
        invokeStaticMain(startClass, startArgs);
    }
invokeStaticMain这个函数在根据startArgs找到类名为"com.android.server.SystemServer"的main函数(还检查了public和static属性),然后通过throw new ZygoteInit.MethodAndArgsCaller(m, argv)返回。注意观察中间这些函数都带throws ZygoteInit.MethodAndArgsCaller的,所以这个 ZygoteInit.MethodAndArgsCaller最后会被ZygoteInit的main函数catch到然后通过 caller.run();启动SystemServer的main函数。


四,SystemServer类
类的代码在frameworks/base/services/java/com/android/server/SystemServer.java中,主函数:
public static void main(String[] args) {
              ...
        System.loadLibrary("android_servers");
        init1(args);
    }
先显式加载libandroid_servers,这个库由frameworks/base/services/jni中的代码生成,加载时会把onload.cpp里的JNI_OnLoad()跑一遍把jni函数注册上去:
    register_android_server_PowerManagerService(env);
    register_android_server_InputManager(env);
    register_android_server_LightsService(env);
    register_android_server_AlarmManagerService(env);
    register_android_server_BatteryService(env);
    register_android_server_UsbService(env);
    register_android_server_VibratorService(env);
    register_android_server_SystemServer(env);
    register_android_server_location_GpsLocationProvider(env);
库加载完后,SystemServer的main函数再调用init1(args)进行下一步的工作,这个函数在SystemServer.java中是这样定义的native public static void init1(String[] args);所以是通过jni的方式进行调用,init1的实现在libandroid_servers库的代码中:
static void android_server_SystemServer_init1(JNIEnv* env, jobject clazz)
{
    system_init();
}
system_init()的实现在frameworks/base/cmds/system_server/library/system_init.cpp中(生成的是libsystem_server):
extern "C" status_t system_init()
{
        ... // 先启动SurfaceFinger和SensorService等关键服务
    property_get("system_init.startsurfaceflinger", propBuf, "1");
    if (strcmp(propBuf, "1") == 0) {
        // Start the SurfaceFlinger
        SurfaceFlinger::instantiate();
    }

    // Start the sensor service
    SensorService::instantiate();

    // 如果是emulator的话直接在这里把下面的service也拉起来
    if (!proc->supportsProcesses()) {

        // Start the AudioFlinger
        AudioFlinger::instantiate();

        // Start the media playback service
        MediaPlayerService::instantiate();

        // Start the camera service
        CameraService::instantiate();

        // Start the audio policy service
        AudioPolicyService::instantiate();
    }
        ...
    LOGI("System server: starting Android services.\n");
    runtime->callStatic("com/android/server/SystemServer", "init2");
        ...
    return NO_ERROR;
}
通过callStatic调用,又绕回了java层去,SystemServer.java中得init2如下:
public static final void init2() {
        Slog.i(TAG, "Entered the Android system server!");
        Thread thr = new ServerThread();
        thr.setName("android.server.ServerThread");
        thr.start();
}
ServerThread的start()调用run()来启动所有的JAVA Service:

    @Override
    public void run() {
        EventLog.writeEvent(EventLogTags.BOOT_PROGRESS_SYSTEM_RUN,
            SystemClock.uptimeMillis());

        Looper.prepare();

        android.os.Process.setThreadPriority(
                android.os.Process.THREAD_PRIORITY_FOREGROUND);

        BinderInternal.disableBackgroundScheduling(true);
        android.os.Process.setCanSelfBackground(false);

        // Check whether we failed to shut down last time we tried.
        {
            final String shutdownAction = SystemProperties.get(
                    ShutdownThread.SHUTDOWN_ACTION_PROPERTY, "");
            if (shutdownAction != null && shutdownAction.length() > 0) {
                boolean reboot = (shutdownAction.charAt(0) == '1');

                final String reason;
                if (shutdownAction.length() > 1) {
                    reason = shutdownAction.substring(1, shutdownAction.length());
                } else {
                    reason = null;
                }

                ShutdownThread.rebootOrShutdown(reboot, reason);
            }
        }

        String factoryTestStr = SystemProperties.get("ro.factorytest");
        int factoryTest = "".equals(factoryTestStr) ? SystemServer.FACTORY_TEST_OFF
                : Integer.parseInt(factoryTestStr);

        LightsService lights = null;
        PowerManagerService power = null;
        BatteryService battery = null;
        ConnectivityService connectivity = null;
        IPackageManager pm = null;
        Context context = null;
        WindowManagerService wm = null;
        BluetoothService bluetooth = null;
        BluetoothA2dpService bluetoothA2dp = null;
        HeadsetObserver headset = null;
        DockObserver dock = null;
        UsbService usb = null;
        UiModeManagerService uiMode = null;
        RecognitionManagerService recognition = null;
        ThrottleService throttle = null;

        // Critical services...
        try {
                     ...
            // 类似下面这段代码,先创建JAVA Service类(new或者getInstance)
            // 再调用ServiceManager的addService API将系统的各种JAVA Service加进来
            try {
                Slog.i(TAG, "Connectivity Service");
                connectivity = ConnectivityService.getInstance(context);
                ServiceManager.addService(Context.CONNECTIVITY_SERVICE, connectivity);   
               // WIFI相关的service由connectivity service管理
               // getInstance()会调用ConnectivityService()构造函数,其中会通过
               // WifiStateTracker wst = new WifiStateTracker(context, mHandler);
               // WifiService wifiService = new WifiService(context, wst);
               // ServiceManager.addService(Context.WIFI_SERVICE, wifiService);
               // wifiService.startWifi(); 来启动wifi service
               // wifi相关的另文分析
            } catch (Throwable e) {
                Slog.e(TAG, "Failure starting Connectivity Service", e);
            }
                    ...

        // It is now time to start up the app processes...
        // Service加完后,可以通过systemReady()回调来通知各个Service现在可以开始自己的服务了
        if (devicePolicy != null) {
            devicePolicy.systemReady();
        }

        if (notification != null) {
            notification.systemReady();
        }

        if (statusBar != null) {
            statusBar.systemReady();
        }
        wm.systemReady();
        power.systemReady();
        try {
            pm.systemReady();
        } catch (RemoteException e) {
        }

        // These are needed to propagate to the runnable below.
        final StatusBarManagerService statusBarF = statusBar;
        final BatteryService batteryF = battery;
        final ConnectivityService connectivityF = connectivity;
        final DockObserver dockF = dock;
        final UsbService usbF = usb;
        final ThrottleService throttleF = throttle;
        final UiModeManagerService uiModeF = uiMode;
        final AppWidgetService appWidgetF = appWidget;
        final WallpaperManagerService wallpaperF = wallpaper;
        final InputMethodManagerService immF = imm;
        final RecognitionManagerService recognitionF = recognition;
        final LocationManagerService locationF = location;

        // We now tell the activity manager it is okay to run third party
        // code.  It will call back into us once it has gotten to the state
        // where third party code can really run (but before it has actually
        // started launching the initial applications), for us to complete our
        // initialization.
        ((ActivityManagerService)ActivityManagerNative.getDefault())
                .systemReady(new Runnable() {  // 这个回调将会通过发送intent.CATEGORY_HOME启动第一个activity,具体代码待分析
            public void run() {
                Slog.i(TAG, "Making services ready");

                if (statusBarF != null) statusBarF.systemReady2();
                if (batteryF != null) batteryF.systemReady();
                if (connectivityF != null) connectivityF.systemReady();
                if (dockF != null) dockF.systemReady();
                if (usbF != null) usbF.systemReady();
                if (uiModeF != null) uiModeF.systemReady();
                if (recognitionF != null) recognitionF.systemReady();
                Watchdog.getInstance().start();

                // It is now okay to let the various system services start their
                // third party code...

                if (appWidgetF != null) appWidgetF.systemReady(safeMode);
                if (wallpaperF != null) wallpaperF.systemReady();
                if (immF != null) immF.systemReady();
                if (locationF != null) locationF.systemReady();
                if (throttleF != null) throttleF.systemReady();
            }
        });

        // For debug builds, log event loop stalls to dropbox for analysis.
        if (StrictMode.conditionallyEnableDebugLogging()) {
            Slog.i(TAG, "Enabled StrictMode for system server main thread.");
        }

        Looper.loop();
        Slog.d(TAG, "System ServerThread is exiting!");
        }
    }

五,后续
至此,提供给app运行的环境已经搭建起来,但是某些步骤还是不太完善需要以后补充。其中关system_init()这个函数也可以通过/system/bin/system_server来显式调用。找到一段说明如下:
There is another way to start system server, which is through a program named system_server whose source is frameworks/base/cmds/system_server/system_main.cpp. It also calls system_init to start system services. So there is a question: why does Android have two methods to start system services? My guess is that directly start system_server may have synchronous problem with zygote because system_server will call JNI to start SystemServer::init2, while at that time zygote may not start JAVA VM yet. So Android uses another method. After zynote is initialized, fork a new process to start system services.

大致意思是,可以通过system_server这个命令调用system_init来启动system services,但是为什么Android要使用上述的方式来启动呢。据猜测是如果直接用命令来启动的话会跟zygote有同步的问题存在,因为system_init会通过JNI来调用SystemServer::init2,如果这时候zygote尚未启动JAVA VM就会出问题了。 
Linux内存管理(06):start_kernel 详解
私房菜
09-18 1241
bootloader 做好初始化工作后,将 kernel image 加载到内存后,就会跳到kernel 部分继续执行,跑的先是汇编部分的代码,进行各种设置和环境初始化后,就会跳到 kernel 的第一个函数start_kernel() 完成内核系统的所有配置和初始化,其中 setup_arch() 是早期系统的配置和初始化工作。该系列专栏,会通过源码的深入剖析来查看内存管理系统的原理。本文将会是这个系列专栏代码剖析的起点。
Kernel crash:总结
mzhan017的博客
05-25 1211
kernel crash的一个使用总结
kernel移植之linux stage1:内核引导
openCpu
10-07 1964
/* * linux/arch/arm/kernel/head.S * * Copyright (C) 1994-2002 Russell King * Copyright (c) 2003 ARM Limited * All Rights Reserved * * This program is free software; you can redistribute it
Android 关机/重启原因分析
纵容的博客
07-06 6298
frameworks/base/services/core/java/com/android/server/power/ShutdownThread.java的run方法会打印一些log和保存文件。详细介绍见https://source.android.google.cn/devices/bootloader/boot-reason。导出/data/vendor/aee_exp和/data/aee_exp下面的log文件。----- dbg文件。内存和重启问题的分析,多偏向于底层。
Android之广播与服务<一>
小样
07-24 2104
前言:作为四大组件成员--广播和服务,虽然在用户使用时它们通常是隐身的,但是好多地方都有它们的身影,如:发送短信,状态栏通知,夜间模式,后台音乐播放等等.... One  ----------- 广播: 一,基本知识: (1)名字:BroadcastReceiver (2)作用:用于监听系统全局的广播消息,以便实现系统中不同组件之间的通信 (3)经常用途:飞行模式,后台音乐播放(
android 系统UI模式的判断
a22422931的博客
11-02 3979
目前我们强大的android系统已经遍及手机,电视,等各个方面。 那么如何判断一个android系统 是支持手机UI 还是 boxUI呢。 如果知道这一属性,那么我们就可以在开发应用程序的时候对这个属性做判断(比如让我们的手机应用不能运行在box上)。怎么做到这一点呢, 今天我就给大家带来方法:  UiModeManager mUiModeManager = (UiModeManager)g
Android 系统服务一览表
张兴华的技术博客
05-01 9865
在《Zygote进程【3】——SystemServer的诞生》一文中介绍了SystemServer的诞生,本文来看一下SystemServer中初始化的系统服务。 AccountManagerServiceAccessibilityManagerService ActivityManagerService AlarmManagerService AppWidgetService
Android 进阶——系统启动之Android init进程的创建和启动(三)
最美不过,心中有梦,身旁有你!
05-12 2498
系统启动之Android init进程的创建和启动
U-Boot 启动kernel
Fay_ly的博客
01-03 848
UBoot 启动kernel代码流程
Android bootstrap 安卓开机流程最完整详细介绍
漂流瓶の海岸
06-13 1535
Android 开机流程最完整详细介绍。包含QNX启动QVM虚拟机过程。特别是从开机上电过程,用图描述,不贴啰嗦的代码。由于是工作中整理的拿出来先用蹩脚英文写的。我过些天忙完会用中文重新描述一下。
android boot 代码流程 2
weixin_30680385的博客
05-25 153
上回说到,开始调用 ZygoteInit main 函数,main 函数: registerZygoteServer:注册一个 zygote server socket,所有来自客户端的连接都通过 socket 方式连接; preload:预加载系统的类库和资源,这样其他程序启动将不再加载系统资源,只需加载自己程序的资源,这样就达到系统资源在程序之间共享; startSys...
Android系统10 RK3399 init进程启动(三十四) 常见Property属性
ldswfun的专栏
08-02 3283
通过getprop命令可以获取系统中大部分的属性,为啥说是大部分, 因为还有一些因为selinux权限原因, 不一定获取到到, 对于老版本Android系统, 是可以全部获取的
AFL-FUZZ学习笔记:QEMU模式的使用(MIPS架构)
niu_niu_的博客
08-16 6867
最近在学习使用AFL(American Fuzzy Lop)进行漏洞挖掘,简单的记录一下。
UiModeManager设置夜间模式和行车模式
weixin_33923762的博客
08-04 478
本文来自:安卓航班网 Android在2.2时新增了一个实用的类UiModeManager可以方便的管理当前Android设备的夜间模式和行车模式,位于android.app.UiModeManager这个包中。UiModeManager类使用Context.getSystemService(Context.UI_MODE_SERVICE) 来实例化,主要提供了以下几种方法voiddisab...
Android 判断设备类型(手表,车,电视,手机)
qq_32671919的博客
11-23 4979
UiModeManager uiModeManager = (UiModeManager) context.getSystemService(UI_MODE_SERVICE); if (uiModeManager.getCurrentModeType() == Configuration.UI_MODE_TYPE_TELEVISION) { Logger.d(TAG, "Running on a TV Device"); } else { .
Android 系统服务
EricFang的开发笔记
08-22 8900
Android系统服务大致分为三大类:本地守护进程、Native系统服务和Java系统服务。
AFL的安装和使用(三)——FFmpeg的白盒测试
qysh123的专栏
03-25 2298
至于这里是不是白盒测试我也不好说,就是有源码的情况下怎么使用AFL进行插桩和fuzzing,以FFmpeg为例(接上一篇博客:https://blog.youkuaiyun.com/qysh123/article/details/114794833) 其实这个问题也有很多朋友介绍了,例如:(https://blog.youkuaiyun.com/m0_37907383/article/details/105419989),但是我总觉得不是很详细,也有些问题没cover到。 首先,按照这里:https://lcamtuf.cor
android restart reason机制
Focus on the Linux kernel
01-06 5936
Reboot传递参数,使得开机进入参数固定的模式(通常有我们熟悉的bootloader和recovery等),本质是在kernel shutdown时会调用到restart, 将模式数值写到share memory中,那么在开机bootloader阶段,再去读取这块内存,boot进入指定的模式,要是匹配不起来就正常boot,以下是贴出的代码; a: android_reboot(A
/* * (C) Copyright 2000-2009 * Wolfgang Denk, DENX Software Engineering, wd@denx.de. * * SPDX-License-Identifier: GPL-2.0+ */ #ifndef USE_HOSTCC #include <common.h> #include <bootstage.h> #include <bzlib.h> #include <errno.h> #include <fdt_support.h> #include <lmb.h> #include <malloc.h> #include <asm/io.h> #include <linux/lzo.h> #include <lzma/LzmaTypes.h> #include <lzma/LzmaDec.h> #include <lzma/LzmaTools.h> #ifdef CONFIG_XZ #include <xz/xz.h> #include <xz/xz_config.h> #include <xz/xz_lzma2.h> #include <xz/xz_stream.h> #endif #if defined(CONFIG_CMD_USB) #include <usb.h> #endif #else #include "mkimage.h" #endif #include <command.h> #include <bootm.h> #include <image.h> #ifndef CONFIG_SYS_BOOTM_LEN /* use 16MByte as default max gunzip size */ #define CONFIG_SYS_BOOTM_LEN 0x1000000 #endif #define IH_INITRD_ARCH IH_ARCH_DEFAULT #ifndef USE_HOSTCC DECLARE_GLOBAL_DATA_PTR; static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[], bootm_headers_t *images, ulong *os_data, ulong *os_len); #ifdef CONFIG_LMB static void boot_start_lmb(bootm_headers_t *images) { ulong mem_start; phys_size_t mem_size; lmb_init(&images->lmb); mem_start = getenv_bootm_low(); mem_size = getenv_bootm_size(); lmb_add(&images->lmb, (phys_addr_t)mem_start, mem_size); arch_lmb_reserve(&images->lmb); board_lmb_reserve(&images->lmb); } #else #define lmb_reserve(lmb, base, size) static inline void boot_start_lmb(bootm_headers_t *images) { } #endif static int bootm_start(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { memset((void *)&images, 0, sizeof(images)); images.verify = getenv_yesno("verify"); boot_start_lmb(&images); bootstage_mark_name(BOOTSTAGE_ID_BOOTM_START, "bootm_start"); images.state = BOOTM_STATE_START; return 0; } static int bootm_find_os(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { const void *os_hdr; bool ep_found = false; int ret; /* get kernel image header, start address and length */ os_hdr = boot_get_kernel(cmdtp, flag, argc, argv, &images, &images.os.image_start, &images.os.image_len); if (images.os.image_len == 0) { puts("ERROR: can't get kernel image!\n"); return 1; } /* get image parameters */ switch (genimg_get_format(os_hdr)) { #if defined(CONFIG_IMAGE_FORMAT_LEGACY) case IMAGE_FORMAT_LEGACY: images.os.type = image_get_type(os_hdr); images.os.comp = image_get_comp(os_hdr); images.os.os = image_get_os(os_hdr); images.os.end = image_get_image_end(os_hdr); images.os.load = image_get_load(os_hdr); images.os.arch = image_get_arch(os_hdr); break; #endif #if defined(CONFIG_FIT) case IMAGE_FORMAT_FIT: if (fit_image_get_type(images.fit_hdr_os, images.fit_noffset_os, &images.os.type)) { puts("Can't get image type!\n"); bootstage_error(BOOTSTAGE_ID_FIT_TYPE); return 1; } if (fit_image_get_comp(images.fit_hdr_os, images.fit_noffset_os, &images.os.comp)) { puts("Can't get image compression!\n"); bootstage_error(BOOTSTAGE_ID_FIT_COMPRESSION); return 1; } if (fit_image_get_os(images.fit_hdr_os, images.fit_noffset_os, &images.os.os)) { puts("Can't get image OS!\n"); bootstage_error(BOOTSTAGE_ID_FIT_OS); return 1; } if (fit_image_get_arch(images.fit_hdr_os, images.fit_noffset_os, &images.os.arch)) { puts("Can't get image ARCH!\n"); return 1; } images.os.end = fit_get_end(images.fit_hdr_os); if (fit_image_get_load(images.fit_hdr_os, images.fit_noffset_os, &images.os.load)) { puts("Can't get image load address!\n"); bootstage_error(BOOTSTAGE_ID_FIT_LOADADDR); return 1; } break; #endif #ifdef CONFIG_ANDROID_BOOT_IMAGE case IMAGE_FORMAT_ANDROID: images.os.type = IH_TYPE_KERNEL; images.os.comp = IH_COMP_NONE; images.os.os = IH_OS_LINUX; images.os.end = android_image_get_end(os_hdr); images.os.load = android_image_get_kload(os_hdr); images.ep = images.os.load; ep_found = true; break; #endif default: puts("ERROR: unknown image format type!\n"); return 1; } /* If we have a valid setup.bin, we will use that for entry (x86) */ if (images.os.arch == IH_ARCH_I386 || images.os.arch == IH_ARCH_X86_64) { ulong len; ret = boot_get_setup(&images, IH_ARCH_I386, &images.ep, &len); if (ret < 0 && ret != -ENOENT) { puts("Could not find a valid setup.bin for x86\n"); return 1; } /* Kernel entry point is the setup.bin */ } else if (images.legacy_hdr_valid) { images.ep = image_get_ep(&images.legacy_hdr_os_copy); #if defined(CONFIG_FIT) } else if (images.fit_uname_os) { int ret; ret = fit_image_get_entry(images.fit_hdr_os, images.fit_noffset_os, &images.ep); if (ret) { puts("Can't get entry point property!\n"); return 1; } #endif } else if (!ep_found) { puts("Could not find kernel entry point!\n"); return 1; } if (images.os.type == IH_TYPE_KERNEL_NOLOAD) { images.os.load = images.os.image_start; images.ep += images.os.load; } images.os.start = (ulong)os_hdr; return 0; } static int bootm_find_ramdisk(int flag, int argc, char * const argv[]) { int ret; /* find ramdisk */ ret = boot_get_ramdisk(argc, argv, &images, IH_INITRD_ARCH, &images.rd_start, &images.rd_end); if (ret) { puts("Ramdisk image is corrupt or invalid\n"); return 1; } return 0; } #if defined(CONFIG_OF_LIBFDT) static int bootm_find_fdt(int flag, int argc, char * const argv[]) { int ret; /* find flattened device tree */ ret = boot_get_fdt(flag, argc, argv, IH_ARCH_DEFAULT, &images, &images.ft_addr, &images.ft_len); if (ret) { puts("Could not find a valid device tree\n"); return 1; } set_working_fdt_addr(images.ft_addr); return 0; } #endif int bootm_find_ramdisk_fdt(int flag, int argc, char * const argv[]) { if (bootm_find_ramdisk(flag, argc, argv)) return 1; #if defined(CONFIG_OF_LIBFDT) if (bootm_find_fdt(flag, argc, argv)) return 1; #endif return 0; } static int bootm_find_other(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) { if (((images.os.type == IH_TYPE_KERNEL) || (images.os.type == IH_TYPE_KERNEL_NOLOAD) || (images.os.type == IH_TYPE_MULTI)) && (images.os.os == IH_OS_LINUX || images.os.os == IH_OS_VXWORKS)) return bootm_find_ramdisk_fdt(flag, argc, argv); return 0; } #endif /* USE_HOSTCC */ int bootm_decomp_image(int comp, ulong load, ulong image_start, int type, void *load_buf, void *image_buf, ulong image_len, uint unc_len, ulong *load_end) { const char *type_name = genimg_get_type_name(type); // __attribute__((unused)) uint unc_len = CONFIG_SYS_BOOTM_LEN; *load_end = load; switch (comp) { case IH_COMP_XIP: case IH_COMP_NONE: if (load == image_start) { printf(" XIP %s ... ", type_name); }else if(IH_COMP_XIP==comp){ printf(" Force XIP %s ... ", type_name); image_start=load; }else { printf(" Loading %s ... ", type_name); memmove_wd(load_buf, image_buf, image_len, CHUNKSZ); } *load_end = load + image_len; break; #ifdef CONFIG_GZIP case IH_COMP_GZIP: printf(" Uncompressing %s ... \n", type_name); if (gunzip(load_buf, unc_len, image_buf, &image_len) != 0) { puts(" GUNZIP: uncompress, out-of-mem or overwrite error - must RESET board to recover\n"); return BOOTM_ERR_RESET; } *load_end = load + image_len; break; #endif /* CONFIG_GZIP */ #ifdef CONFIG_BZIP2 case IH_COMP_BZIP2: printf(" Uncompressing %s ... \n", type_name); /* * If we've got less than 4 MB of malloc() space, * use slower decompression algorithm which requires * at most 2300 KB of memory. */ int i = BZ2_bzBuffToBuffDecompress(load_buf, &unc_len, image_buf, image_len, CONFIG_SYS_MALLOC_LEN < (4096 * 1024), 0); if (i != BZ_OK) { printf(" BUNZIP2: uncompress or overwrite error %d - must RESET board to recover\n", i); return BOOTM_ERR_RESET; } *load_end = load + unc_len; break; #endif /* CONFIG_BZIP2 */ #if defined CONFIG_LZMA || defined CONFIG_XZ case IH_COMP_LZMA: { #ifdef CONFIG_XZ struct xz_buf b; struct xz_dec *s; enum xz_ret ret; printf(" Uncompressing %s ... \n", type_name); xz_crc32_init(); /* * Support up to 64 MiB dictionary. The actually needed memory * is allocated once the headers have been parsed. */ s = xz_dec_init(XZ_SINGLE, 16*1024); if(s==NULL) { printf(" xz_dec_init ERROR!!"); } b.in = image_buf/*hardcore here*/; b.in_pos = 0; b.in_size = image_len; b.out = load_buf; b.out_pos = 0; b.out_size = unc_len; ret = xz_dec_run(s, &b); // if(ret != XZ_OK || ret != XZ_STREAM_END) // printf("\nXZ: uncompress erro %d\n", ret); printf(" XZ: uncompressed size=0x%x, ret=%d\n",b.out_pos, ret); xz_dec_end(s); break; #else SizeT lzma_len = unc_len; int ret; printf(" Uncompressing %s ... \n", type_name); ret = lzmaBuffToBuffDecompress(load_buf, &lzma_len, image_buf, image_len); unc_len = lzma_len; if (ret != SZ_OK) { printf(" LZMA: uncompress or overwrite error %d - must RESET board to recover\n", ret); bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE); return BOOTM_ERR_RESET; } *load_end = load + unc_len; break; #endif } #endif /* CONFIG_LZMA */ #ifdef CONFIG_LZO case IH_COMP_LZO: { size_t size = unc_len; int ret; printf(" Uncompressing %s ... \n", type_name); ret = lzop_decompress(image_buf, image_len, load_buf, &size); if (ret != LZO_E_OK) { printf(" LZO: uncompress or overwrite error %d - must RESET board to recover\n", ret); return BOOTM_ERR_RESET; } *load_end = load + size; break; } #endif /* CONFIG_LZO */ #ifdef CONFIG_MZ case IH_COMP_MZ: { extern size_t tinfl_decompress_mem_to_mem(void *pOut_buf, size_t out_buf_len, const void *pSrc_buf, size_t src_buf_len, int flags); int ret=-1; printf(" Uncompressing %s ... \n", type_name); // printf(" 0x%08X, 0x%08X, 0x%08X, 0x%08X\n",load_buf, unc_len, image_buf, image_len); if ((ret=tinfl_decompress_mem_to_mem(load_buf, unc_len, image_buf, image_len, 0)) <0) { puts(" MZ: uncompress failed - must RESET board to recover\n"); return BOOTM_ERR_RESET; } else { printf(" MZ: uncompressed size=0x%x\n",ret); } *load_end = load + image_len; break; } #endif /* CONFIG_MZ */ default: printf(" Unimplemented compression type %d\n", comp); return BOOTM_ERR_UNIMPLEMENTED; } puts("OK\n"); return 0; } #ifndef USE_HOSTCC static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end, int boot_progress) { image_info_t os = images->os; ulong load = os.load; ulong blob_start = os.start; ulong blob_end = os.end; ulong image_start = os.image_start; ulong image_len = os.image_len; bool no_overlap; void *load_buf, *image_buf; int err; load_buf = map_sysmem(load, 0); image_buf = map_sysmem(os.image_start, image_len); err = bootm_decomp_image(os.comp, load, os.image_start, os.type, load_buf, image_buf, image_len,CONFIG_SYS_BOOTM_LEN, load_end); if (err) { bootstage_error(BOOTSTAGE_ID_DECOMP_IMAGE); return err; } flush_cache(load, (*load_end - load) * sizeof(ulong)); debug(" kernel loaded at 0x%08lx, end = 0x%08lx\n", load, *load_end); bootstage_mark_name(BOOTSTAGE_ID_KERNEL_LOADED,__FUNCTION__); no_overlap = (os.comp == IH_COMP_XIP || ( os.comp == IH_COMP_NONE && load == image_start )); if (!no_overlap && (load < blob_end) && (*load_end > blob_start)) { debug("images.os.start = 0x%lX, images.os.end = 0x%lx\n", blob_start, blob_end); debug("images.os.load = 0x%lx, load_end = 0x%lx\n", load, *load_end); /* Check what type of image this is. */ if (images->legacy_hdr_valid) { if (image_get_type(&images->legacy_hdr_os_copy) == IH_TYPE_MULTI) puts("WARNING: legacy format multi component image overwritten\n"); return BOOTM_ERR_OVERLAP; } else { puts("ERROR: new format image overwritten - must RESET the board to recover\n"); bootstage_error(BOOTSTAGE_ID_OVERWRITTEN); return BOOTM_ERR_RESET; } } return 0; } /** * bootm_disable_interrupts() - Disable interrupts in preparation for load/boot * * @return interrupt flag (0 if interrupts were disabled, non-zero if they were * enabled) */ ulong bootm_disable_interrupts(void) { ulong iflag; /* * We have reached the point of no return: we are going to * overwrite all exception vector code, so we cannot easily * recover from any failures any more... */ iflag = disable_interrupts(); #ifdef CONFIG_NETCONSOLE /* Stop the ethernet stack if NetConsole could have left it up */ eth_halt(); eth_unregister(eth_get_dev()); #endif #if defined(CONFIG_CMD_USB) /* * turn off USB to prevent the host controller from writing to the * SDRAM while Linux is booting. This could happen (at least for OHCI * controller), because the HCCA (Host Controller Communication Area) * lies within the SDRAM and the host controller writes continously to * this area (as busmaster!). The HccaFrameNumber is for example * updated every 1 ms within the HCCA structure in SDRAM! For more * details see the OpenHCI specification. */ #if 1//defined(CONFIG_MS_USB) printf("-usb_stop(USB_PORT0)\n"); usb_stop(USB_PORT0); #if defined(ENABLE_SECOND_EHC) printf("-usb_stop(USB_PORT1)\n"); usb_stop(USB_PORT1); #endif #if defined(ENABLE_THIRD_EHC) printf("-usb_stop(USB_PORT2)\n"); usb_stop(USB_PORT2); #endif #if defined(ENABLE_FOURTH_EHC) printf("-usb_stop(USB_PORT3)\n"); usb_stop(USB_PORT3); #endif #if defined(CONFIG_USB_XHCI) && defined(ENABLE_XHC) printf("-usb_stop(USB_PORT4)\n"); usb_stop_xhci(USB_PORT4, 1); //stop and turn off power #endif #else usb_stop(); #endif #endif return iflag; } #if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY) #define CONSOLE_ARG "console=" #define CONSOLE_ARG_LEN (sizeof(CONSOLE_ARG) - 1) static void fixup_silent_linux(void) { char *buf; const char *env_val; char *cmdline = getenv("bootargs"); int want_silent; /* * Only fix cmdline when requested. The environment variable can be: * * no - we never fixup * yes - we always fixup * unset - we rely on the console silent flag */ want_silent = getenv_yesno("silent_linux"); if (want_silent == 0) return; else if (want_silent == -1 && !(gd->flags & GD_FLG_SILENT)) return; debug("before silent fix-up: %s\n", cmdline); if (cmdline && (cmdline[0] != '\0')) { char *start = strstr(cmdline, CONSOLE_ARG); /* Allocate space for maximum possible new command line */ buf = malloc(strlen(cmdline) + 1 + CONSOLE_ARG_LEN + 1); if (!buf) { debug("%s: out of memory\n", __func__); return; } if (start) { char *end = strchr(start, ' '); int num_start_bytes = start - cmdline + CONSOLE_ARG_LEN; strncpy(buf, cmdline, num_start_bytes); if (end) strcpy(buf + num_start_bytes, end); else buf[num_start_bytes] = '\0'; } else { sprintf(buf, "%s %s", cmdline, CONSOLE_ARG); } env_val = buf; } else { buf = NULL; env_val = CONSOLE_ARG; } setenv("bootargs", env_val); debug("after silent fix-up: %s\n", env_val); free(buf); } #endif /* CONFIG_SILENT_CONSOLE */ /** * Execute selected states of the bootm command. * * Note the arguments to this state must be the first argument, Any 'bootm' * or sub-command arguments must have already been taken. * * Note that if states contains more than one flag it MUST contain * BOOTM_STATE_START, since this handles and consumes the command line args. * * Also note that aside from boot_os_fn functions and bootm_load_os no other * functions we store the return value of in 'ret' may use a negative return * value, without special handling. * * @param cmdtp Pointer to bootm command table entry * @param flag Command flags (CMD_FLAG_...) * @param argc Number of subcommand arguments (0 = no arguments) * @param argv Arguments * @param states Mask containing states to run (BOOTM_STATE_...) * @param images Image header information * @param boot_progress 1 to show boot progress, 0 to not do this * @return 0 if ok, something else on error. Some errors will cause this * function to perform a reboot! If states contains BOOTM_STATE_OS_GO * then the intent is to boot an OS, so this function will not return * unless the image type is standalone. */ int do_bootm_states(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[], int states, bootm_headers_t *images, int boot_progress) { boot_os_fn *boot_fn; ulong iflag = 0; int ret = 0, need_boot_fn; images->state |= states; /* * Work through the states and see how far we get. We stop on * any error. */ if (states & BOOTM_STATE_START) ret = bootm_start(cmdtp, flag, argc, argv); if (!ret && (states & BOOTM_STATE_FINDOS)) ret = bootm_find_os(cmdtp, flag, argc, argv); if (!ret && (states & BOOTM_STATE_FINDOTHER)) { ret = bootm_find_other(cmdtp, flag, argc, argv); argc = 0; /* consume the args */ } /* Load the OS */ if (!ret && (states & BOOTM_STATE_LOADOS)) { ulong load_end; iflag = bootm_disable_interrupts(); ret = bootm_load_os(images, &load_end, 0); if (ret == 0) lmb_reserve(&images->lmb, images->os.load, (load_end - images->os.load)); else if (ret && ret != BOOTM_ERR_OVERLAP) goto err; else if (ret == BOOTM_ERR_OVERLAP) ret = 0; #if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY) if (images->os.os == IH_OS_LINUX) fixup_silent_linux(); #endif } /* Relocate the ramdisk */ #ifdef CONFIG_SYS_BOOT_RAMDISK_HIGH if (!ret && (states & BOOTM_STATE_RAMDISK)) { ulong rd_len = images->rd_end - images->rd_start; ret = boot_ramdisk_high(&images->lmb, images->rd_start, rd_len, &images->initrd_start, &images->initrd_end); if (!ret) { setenv_hex("initrd_start", images->initrd_start); setenv_hex("initrd_end", images->initrd_end); } } //Copy ramdisk to the address given by kernel image if(!strncmp((char*)images->rd_end, "KIMG", 4)) { ulong rd_start = images->rd_start; ulong rd_len = images->rd_end - images->rd_start; images->initrd_start = *(ulong*)(images->rd_end+8); images->initrd_end = images->initrd_start + rd_len; memcpy((ulong*)images->initrd_start, (ulong*)images->rd_start, rd_len); //update new ramdisk address, it will pass to KERNEL later through ATAG format images->rd_start = images->initrd_start; images->rd_end = images->initrd_end; printf("[KIMG] initrd load to 0x%08X.[0x%08X, 0x%08X]\n", (unsigned int)images->rd_start,(unsigned int)rd_start,(unsigned int)rd_len); } else { //printf("ERR: Can't find KIMG header and initrd address, 0x%08X\n",(unsigned int)images->rd_end); images->rd_start = images->rd_end = 0; } #endif #if defined(CONFIG_OF_LIBFDT) && defined(CONFIG_LMB) if (!ret && (states & BOOTM_STATE_FDT)) { boot_fdt_add_mem_rsv_regions(&images->lmb, images->ft_addr); ret = boot_relocate_fdt(&images->lmb, &images->ft_addr, &images->ft_len); } #endif /* From now on, we need the OS boot function */ if (ret) return ret; boot_fn = bootm_os_get_boot_func(images->os.os); need_boot_fn = states & (BOOTM_STATE_OS_CMDLINE | BOOTM_STATE_OS_BD_T | BOOTM_STATE_OS_PREP | BOOTM_STATE_OS_FAKE_GO | BOOTM_STATE_OS_GO); if (boot_fn == NULL && need_boot_fn) { if (iflag) enable_interrupts(); printf("ERROR: booting os '%s' (%d) is not supported\n", genimg_get_os_name(images->os.os), images->os.os); bootstage_error(BOOTSTAGE_ID_CHECK_BOOT_OS); return 1; } /* Call various other states that are not generally used */ if (!ret && (states & BOOTM_STATE_OS_CMDLINE)) ret = boot_fn(BOOTM_STATE_OS_CMDLINE, argc, argv, images); if (!ret && (states & BOOTM_STATE_OS_BD_T)) ret = boot_fn(BOOTM_STATE_OS_BD_T, argc, argv, images); if (!ret && (states & BOOTM_STATE_OS_PREP)) ret = boot_fn(BOOTM_STATE_OS_PREP, argc, argv, images); #ifdef CONFIG_TRACE /* Pretend to run the OS, then run a user command */ if (!ret && (states & BOOTM_STATE_OS_FAKE_GO)) { char *cmd_list = getenv("fakegocmd"); ret = boot_selected_os(argc, argv, BOOTM_STATE_OS_FAKE_GO, images, boot_fn); if (!ret && cmd_list) ret = run_command_list(cmd_list, -1, flag); } #endif /* Check for unsupported subcommand. */ if (ret) { puts("subcommand not supported\n"); return ret; } /* Now run the OS! We hope this doesn't return */ if (!ret && (states & BOOTM_STATE_OS_GO)) ret = boot_selected_os(argc, argv, BOOTM_STATE_OS_GO, images, boot_fn); /* Deal with any fallout */ err: if (iflag) enable_interrupts(); if (ret == BOOTM_ERR_UNIMPLEMENTED) bootstage_error(BOOTSTAGE_ID_DECOMP_UNIMPL); else if (ret == BOOTM_ERR_RESET) do_reset(cmdtp, flag, argc, argv); return ret; } #if defined(CONFIG_CMD_BOOTMC1) int do_bootm_core1(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[], int states, bootm_headers_t *images, int boot_progress) { //boot_os_fn *boot_fn; ulong iflag = 0; int ret = 0;//, need_boot_fn; images->state |= states; /* * Work through the states and see how far we get. We stop on * any error. */ if (states & BOOTM_STATE_START) ret = bootm_start(cmdtp, flag, argc, argv); if (!ret && (states & BOOTM_STATE_FINDOS)) ret = bootm_find_os(cmdtp, flag, argc, argv); if (!ret && (states & BOOTM_STATE_FINDOTHER)) { ret = bootm_find_other(cmdtp, flag, argc, argv); argc = 0; /* consume the args */ } /* Load the OS */ if (!ret && (states & BOOTM_STATE_LOADOS)) { ulong load_end; iflag = bootm_disable_interrupts(); ret = bootm_load_os(images, &load_end, 0); if (ret == 0) lmb_reserve(&images->lmb, images->os.load, (load_end - images->os.load)); else if (ret && ret != BOOTM_ERR_OVERLAP) goto err; else if (ret == BOOTM_ERR_OVERLAP) ret = 0; #if defined(CONFIG_SILENT_CONSOLE) && !defined(CONFIG_SILENT_U_BOOT_ONLY) if (images->os.os == IH_OS_LINUX) fixup_silent_linux(); #endif } #define SECOND_START_ADDR_HI 0x1F20404C #define SECOND_START_ADDR_LO 0x1F204050 #define SECOND_MAGIC_NUMBER_ADDR 0x1F204058 *(volatile unsigned short *)SECOND_START_ADDR_LO = ((int)(images->ep) & 0xFFFF); *(volatile unsigned short *)SECOND_START_ADDR_HI = ((int)(images->ep) >> 16); *(volatile unsigned short *)SECOND_MAGIC_NUMBER_ADDR = 0xBABE; asm("dsb\n" "sev\n" "nop"); return 0; err: if (iflag) enable_interrupts(); return ret; } #endif #if defined(CONFIG_IMAGE_FORMAT_LEGACY) /** * image_get_kernel - verify legacy format kernel image * @img_addr: in RAM address of the legacy format image to be verified * @verify: data CRC verification flag * * image_get_kernel() verifies legacy image integrity and returns pointer to * legacy image header if image verification was completed successfully. * * returns: * pointer to a legacy image header if valid image was found * otherwise return NULL */ image_header_t *image_get_kernel(ulong img_addr, int verify) { image_header_t *hdr = (image_header_t *)img_addr; if (!image_check_magic(hdr)) { puts("Bad Magic Number\n"); bootstage_error(BOOTSTAGE_ID_CHECK_MAGIC); return NULL; } bootstage_mark(BOOTSTAGE_ID_CHECK_HEADER); if (!image_check_hcrc(hdr)) { puts("Bad Header Checksum\n"); bootstage_error(BOOTSTAGE_ID_CHECK_HEADER); return NULL; } bootstage_mark(BOOTSTAGE_ID_CHECK_CHECKSUM); image_print_contents(hdr); #if (!defined CONFIG_VERSION_FPGA) && (!defined CONFIG_VERSION_PZ1) if (verify) { puts(" Verifying Checksum ... "); if (!image_check_dcrc(hdr)) { printf("Bad Data CRC\n"); bootstage_error(BOOTSTAGE_ID_CHECK_CHECKSUM); return NULL; } puts("OK\n"); } #endif bootstage_mark(BOOTSTAGE_ID_CHECK_ARCH); if (!image_check_target_arch(hdr)) { printf("Unsupported Architecture 0x%x\n", image_get_arch(hdr)); bootstage_error(BOOTSTAGE_ID_CHECK_ARCH); return NULL; } return hdr; } #endif #if defined(CONFIG_HW_WATCHDOG) extern void hw_watchdog_disable(void); #endif /** * boot_get_kernel - find kernel image * @os_data: pointer to a ulong variable, will hold os data start address * @os_len: pointer to a ulong variable, will hold os data length * * boot_get_kernel() tries to find a kernel image, verifies its integrity * and locates kernel data. * * returns: * pointer to image header if valid image was found, plus kernel start * address and length, otherwise NULL */ #ifdef ENABLE_DOUBLE_SYSTEM_CHECK extern void cli_loop(void); #define KERNEL1_START_ADDR "0x260000" #define KERNEL1_IMAGE_SIZE "0x210000" int check_image_hash(void) { char * pchar = NULL; char* bootcmd1 = NULL; if(NULL == (pchar = getenv("image_index"))) { setenv("image_index", "1"); printf("check the kernel hash error and start the 2nd kernel ...\n"); setenv("sf_kernel_start", KERNEL1_START_ADDR); setenv("sf_kernel_size", KERNEL1_IMAGE_SIZE); if(NULL == (bootcmd1 = getenv("bootcmd"))) { printf("\nget bootcmd error!\n"); cli_loop(); } printf("\n>> run \"%s\" \n", bootcmd1); if (0 > run_command((const char *)bootcmd1, 0)) { printf("\n>> run \"%s\" error!\n", bootcmd1); cli_loop(); } } else { unsigned int image_idx = 0; image_idx = simple_strtoul(pchar, NULL, 16); if (1 == image_idx) { printf("check the kernel hash error and start to do netupgrade ...\n"); if(0 > run_command("net_upgrade", 0)) { cli_loop(); } } else { printf("get the kernel index(%d) is valid!\n", image_idx); run_command("setenv image_index", 0); run_command("saveenv", 0); return -1; } } return 0; } #endif static const void *boot_get_kernel(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[], bootm_headers_t *images, ulong *os_data, ulong *os_len) { #if defined(CONFIG_IMAGE_FORMAT_LEGACY) image_header_t *hdr; #endif ulong img_addr; const void *buf; const char *fit_uname_config = NULL; const char *fit_uname_kernel = NULL; #if defined(CONFIG_FIT) int os_noffset; #endif img_addr = genimg_get_kernel_addr_fit(argc < 1 ? NULL : argv[0], &fit_uname_config, &fit_uname_kernel); bootstage_mark(BOOTSTAGE_ID_CHECK_MAGIC); /* copy from dataflash if needed */ img_addr = genimg_get_image(img_addr); /* check image type, for FIT images get FIT kernel node */ *os_data = *os_len = 0; buf = map_sysmem(img_addr, 0); switch (genimg_get_format(buf)) { #if defined(CONFIG_IMAGE_FORMAT_LEGACY) case IMAGE_FORMAT_LEGACY: printf("## Booting kernel from Legacy Image at %08lx ...\n", img_addr); #if defined(CONFIG_HW_WATCHDOG) hw_watchdog_disable(); #endif hdr = image_get_kernel(img_addr, images->verify); if (!hdr) { #ifdef ENABLE_DOUBLE_SYSTEM_CHECK check_image_hash(); #endif return NULL; } bootstage_mark(BOOTSTAGE_ID_CHECK_IMAGETYPE); /* get os_data and os_len */ switch (image_get_type(hdr)) { case IH_TYPE_KERNEL: case IH_TYPE_KERNEL_NOLOAD: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break; case IH_TYPE_MULTI: image_multi_getimg(hdr, 0, os_data, os_len); break; case IH_TYPE_STANDALONE: *os_data = image_get_data(hdr); *os_len = image_get_data_size(hdr); break; default: printf("Wrong Image Type for %s command\n", cmdtp->name); bootstage_error(BOOTSTAGE_ID_CHECK_IMAGETYPE); return NULL; } /* * copy image header to allow for image overwrites during * kernel decompression. */ memmove(&images->legacy_hdr_os_copy, hdr, sizeof(image_header_t)); /* save pointer to image header */ images->legacy_hdr_os = hdr; images->legacy_hdr_valid = 1; bootstage_mark_name(BOOTSTAGE_ID_DECOMP_IMAGE, __FUNCTION__); break; #endif #if defined(CONFIG_FIT) case IMAGE_FORMAT_FIT: os_noffset = fit_image_load(images, img_addr, &fit_uname_kernel, &fit_uname_config, IH_ARCH_DEFAULT, IH_TYPE_KERNEL, BOOTSTAGE_ID_FIT_KERNEL_START, FIT_LOAD_IGNORED, os_data, os_len); if (os_noffset < 0) return NULL; images->fit_hdr_os = map_sysmem(img_addr, 0); images->fit_uname_os = fit_uname_kernel; images->fit_uname_cfg = fit_uname_config; images->fit_noffset_os = os_noffset; break; #endif #ifdef CONFIG_ANDROID_BOOT_IMAGE case IMAGE_FORMAT_ANDROID: printf("## Booting Android Image at 0x%08lx ...\n", img_addr); if (android_image_get_kernel(buf, images->verify, os_data, os_len)) return NULL; break; #endif default: printf("Wrong Image Format for %s command\n", cmdtp->name); bootstage_error(BOOTSTAGE_ID_FIT_KERNEL_INFO); return NULL; } debug(" kernel data at 0x%08lx, len = 0x%08lx (%ld)\n", *os_data, *os_len, *os_len); return buf; } #else /* USE_HOSTCC */ void memmove_wd(void *to, void *from, size_t len, ulong chunksz) { memmove(to, from, len); } static int bootm_host_load_image(const void *fit, int req_image_type) { const char *fit_uname_config = NULL; ulong data, len; bootm_headers_t images; int noffset; ulong load_end; uint8_t image_type; uint8_t imape_comp; void *load_buf; int ret; memset(&images, '\0', sizeof(images)); images.verify = 1; noffset = fit_image_load(&images, (ulong)fit, NULL, &fit_uname_config, IH_ARCH_DEFAULT, req_image_type, -1, FIT_LOAD_IGNORED, &data, &len); if (noffset < 0) return noffset; if (fit_image_get_type(fit, noffset, &image_type)) { puts("Can't get image type!\n"); return -EINVAL; } if (fit_image_get_comp(fit, noffset, &imape_comp)) { puts("Can't get image compression!\n"); return -EINVAL; } /* Allow the image to expand by a factor of 4, should be safe */ load_buf = malloc((1 << 20) + len * 4); ret = bootm_decomp_image(imape_comp, 0, data, image_type, load_buf, (void *)data, len,CONFIG_SYS_BOOTM_LEN, &load_end); free(load_buf); if (ret && ret != BOOTM_ERR_UNIMPLEMENTED) return ret; return 0; } int bootm_host_load_images(const void *fit, int cfg_noffset) { static uint8_t image_types[] = { IH_TYPE_KERNEL, IH_TYPE_FLATDT, IH_TYPE_RAMDISK, }; int err = 0; int i; for (i = 0; i < ARRAY_SIZE(image_types); i++) { int ret; ret = bootm_host_load_image(fit, image_types[i]); if (!err && ret && ret != -ENOENT) err = ret; } /* Return the first error we found */ return err; } #endif /* ndef USE_HOSTCC */
最新发布
10-08
`bootm` 是 U-Boot 中用于 **启动操作系统镜像** 的命令,支持多种镜像格式(如 Legacy Image、FIT Image、Android Boot Image 等),并支持多种压缩格式(如 gzip、lzma、xz、lzo 等)。 它的主要流程如下: --- ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值