本文详细介绍了F200设备搭载的MSM8960处理器启动过程,包括PBL、SBL1至SBL3等阶段的工作原理,以及HLOS、Modem等组件的加载流程。
http://bbs.gfan.com/android-5883867-1-1.html
首先我要声明的是,本研读与分享,欢迎大大们的参与及提供有用的资料。早日能解开F200的BL。
本资料集合了多个论坛。
因为时间原因,英文部分暂不翻译。
F200的CPU是高通(qualcomm)的MSM8960。所以先介绍MSM8960。
F200 存有30个分区:详情可参考http://bbs.gfan.com/forum.php?mod=viewthread&tid=5717767&extra=page%3D1%26filter%3Ddigest%26digest%3D1%26digest%3D1
PBL是存在MSM8960的IROM上。通电后,PBL 被执行。
- PBL测试是通电启动还是重启
- PBL提高RPM时钟到60MHz
- 通电启动: PBL将SBL1从Flash device下载到IMEM
- SBL1下载SBL2,用加密算法认证SBL2
- SBL1 将Krait复位(Krait在复位后,会跳到SBL2头)
- 等待Scorpion信号,收到后,执行RPM固件
- RPM固件执行完毕,发送INTR到Krait
Krait在复位后,会跳到SBL2头后
· SBL2提高Krait的时钟
· SBL2下载TZ到IMEM上
· SBL2用加密算法认证TZ
· 执行TZ (设置安全环境,参数,等等)
· 下载RPM固件到RAM上
· SBL2设置DDR
· SBL2下载SBL3到DDR上,用加密算法认证SBL3
· 发送Scorpion信号(Ready)
· 跳到SBL3头
2013-03-06 更新
SBL3 启动后:
· 提高系统时钟
· 下载APPSBL;认证APPSBL
· 等待RPM发送INTR信号
· 收到INTR信号,程序跳到APPSBL头
Now, let’s look into SBL3 image, to see what does it has:
· Test ADC
· Find out physical connected devices
· Adjust system clock
· Config SIM clock
· Config UART clock
· Config DAL spin clock
· Config target board
· PID, SWO, SWV, IMEI, BT, MAC, FOTAID,GSBI, misc, WebDL
· Test I2C
· Get INTR ID
总结一下:
2013-03-08
当收到INTR时,Krait会跳到APPSBL头:
· 下载HLOS,跳到HLOS
· HLOS 下载modemimage, 调用PIL服务进入TZ
· 认证image, 复位modem
· 下载LPA Hexagon image,调用PIL服务进入TZ
· 认证image, 复位LPA Hexagon
· 下载SPS ARM7 image,调用PIL服务进入TZ
· 认证image, 复位SPS ARM7
· 下载RIVA image,调用PIL服务进入TZ
· 认证image, 复位RIVA
Modem 分区:
这个分区可以用mount来获取其内容:
·
Dsp
·
Modem
·
q6: The qualcomm DSP for audio. QDSP6 is actually called “Hexagon”
·
tzapps: MSM_PIL_TZAPPS supports forbooting and shutting down TZApps
·
wcnss: Wireless ConNectivitySubSystem WLAN driver. The wcnss is anew hardware integration of WLAN, BT and FM technologies that is built into newMSM chip.
2013-03-14 更新
RPM 分区:
RPMsoftware, it handles apps, modem, lpass, riva, dsps, APSS MPSS_SW, MPSS_FW
Bootloader 系统启动加载器
BootLoader是在
操作系统内核运行之前运行。可以初始化硬件设备、建立内存空间映射图,从而将系统的软硬件环境带到一个合适状态,以便为最终调用
操作系统内核准备好正确的环境。BootLoader的主要运行任务就是将
内核映象从硬盘上读到 RAM 中,然后跳转到内核的入口点去运行,也即开始启动
操作系统。
The boot loader has to perform the following tasks:
·
Bring the kernel into memory
·
Provide the kernel with the information it needsto work
·
Switch to the work space that the kernel will workon
·
Release itself and transfer control to thekernel
At present,the popular bootloaders on the market are: redboot, U-boot, Blob, vivi, xboot,little kernel, etc. Many ARM embeddedsystems are using U-boot as the bootloader for their development boards. Recently, the Little Kernel(LK) has beenadopted by Qualcomm, TI, Samsung, Telechips, etc.
Little Kernel
Introduction
小内核是一种bootloader, 其本身包含了类似于操作系统的功能。LK除了启动外,还可实现recovery和fastboot等功能。在F200上,LG不但将fastboot的功能屏蔽了。而且锁死了bootloader。
This LK has thefollowing advantages:
·
Supports multiple NANDs
·
Provides USB driver so that upgrade imageprocess can be performed through USB
·
Provides keyboard driver so that thedeveloper can upgrade image through fastboot mode
·
Provides display driver so that thedeveloper can test and/debug the screen
·
Supports multiple threads
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
