原文地址:http://blog.chinaunix.net/uid-26009923-id-4232403.html
一. u-boot的编译与链接
1. lichee下编译命令
cong@dell:/work/ct/lichee$ ./build.sh -p sun7i_android -m uboot
u-boot的编译是用脚本lichee/u-boot/build.sh
-
function build_uboot()
-
{
-
make distclean CROSS_COMPILE=arm-linux-gnueabi-
-
make -j8 ${LICHEE_CHIP} CROSS_COMPILE=arm-linux-gnueabi-
-
[ $? -ne 0 ] && exit 1
-
cp -f u-boot.bin ../out/${LICHEE_PLATFORM}/common/
-
}
2. 链接
-
cd /work/ct/lichee/u-boot && arm-linux-gnueabi-ld -pie -T u-boot.lds -Bstatic -Ttext 0x4A000000 *.o -o u-boot
说明u-boot的text段是从 0x4A000000开始的,链接脚本是u-boot.lds
-
OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm")
-
OUTPUT_ARCH(arm)
-
ENTRY(_start)
-
SECTIONS
-
{
-
. = 0x00000000; //在链接时通过-Ttext改为0x4A000000
-
. = ALIGN(4);
-
.text :
-
{
-
arch/arm/cpu/armv7/start.o (.text) //u-boot的开始
-
*(.text)
-
}
-
}
因为boot.axf把u-boot.bin读到了0x4A000000,所以运行地址与加载地址相同.
二. u-boot分析
1. stars.S
在arch/arm/cpu/armv7/start.S中,这儿的start.S就非常简单了,因为运行地址与加载地址相同,所以代码不需要再拷贝到另外的地方去,
并且在此之前ram与cpu的频率都配好了,所以这儿在中断向量之后,稍做配置就进入了c代码的board_init_f
2. 启动linux
在arch/arm/lib/board.c中
好像这儿挺复杂的先进入board_init_f --> relocate_code --> start.S--> board_init_r
board_init_r中有main_loop--> run_command
启动内核的命令是:
bootcmd=run setargs_nand boot_normal
展开后就是:
run setenv bootargs console=ttyS0,115200 root=/dev/nandd
run sunxi_flash read 40007800 boot;boota 40007800
为什么这儿是40007800呢, 因为内核要运行在0x40008000处,而boot.img中前0x800(2048)字节是header(大小为0x800),
header之后是内核,所以将boot.img读到0x40007800,前0x800是header,那么内核就正好放在了0x40008000处.
boota 40007800
-
int do_boota (cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
-
{
-
addr = simple_strtoul(argv[1], NULL, 16); //将字符串0x40007800存在addr中
-
-
//这个fastboot_boot_img_hdr结构体与 pc上的mkbootimg的结构体是一个,只不过名字变了
-
struct fastboot_boot_img_hdr *fb_hdr = (struct fastboot_boot_img_hdr *)addr;
-
//hdr指向内核在内存的起始地址
-
image_header_t *hdr =(image_header_t *)(addr + CFG_FASTBOOT_MKBOOTIMAGE_PAGE_SIZE);
-
//将boot.img的header备份一下
-
memcpy(boot_hdr, (void*) addr, sizeof(*hdr));
-
if (memcmp(fb_hdr->magic, FASTBOOT_BOOT_MAGIC, 8)) { //检验
-
puts("boota: bad boot image magic, maybe not a boot.img?\n");
-
return 1;
-
}
-
-
kaddr = addr + fb_hdr->page_size;
-
raddr = kaddr + ALIGN(fb_hdr->kernel_size, fb_hdr->page_size);
-
-
if((fb_hdr->unused[0] == 0x55) &&(fb_hdr->unused[1] == 0xaa))
-
{
-
dbmsg("bootimg load in boot1!\n");
-
do_boota_linux(fb_hdr); //1.1内核的启动
-
tick_printf(__FILE__, __LINE__);
-
}
-
puts("Boot linux failed, control return to monitor\n");
-
return 0;
-
}
在arch/arm/lib/bootm.c中,传递initram的起始地址
-
int do_boota_linux (struct fastboot_boot_img_hdr *hdr)
-
{
-
ulong initrd_start, initrd_end;
-
void (*kernel_entry)(int zero, int arch, uint params);
-
bd_t *bd = gd->bd;
-
-
kernel_entry = (void (*)(int, int, uint))(hdr->kernel_addr); //将地址0x40008000转为函数
-
-
initrd_start = hdr->ramdisk_addr;
-
initrd_end = initrd_start + hdr->ramdisk_size;
-
-
setup_start_tag (bd); //配置tag结构体开始
-
//设置tag
-
....
-
setup_initrd_tag (bd, initrd_start, initrd_end); //配置initram,将起始地址与大小传给tag
-
-
setup_end_tag (bd); //配置tag结构体结束
-
-
sunxi_flash_exit();
-
-
announce_and_cleanup(); //引导内核前的初始,清tlb类似
-
-
*(volatile unsigned int *)(0x01c20C00 + 0x84 ) = 0;
-
*(volatile unsigned int *)(0x01c20C00 + 0x8C ) = 0x05DB05DB;
-
*(volatile unsigned int *)(0x01c20C00 + 0x80 ) = 0;
-
*(volatile unsigned int *)(0x01c20000 + 0x144) &= ~(1U << 31);
-
-
kernel_entry(0, bd->bi_arch_number, bd->bi_boot_params); //跳到0x40008000处运行
-
-
return 1;
-
}
上述启动linux过程,实际上是对boot.img的解析过程,下面就来看一下boot.img有什么.
三.boot.img分析
3.1 boot.im生成过程
./android42/out/host/linux-x86/bin/mkbootimg --kernel ./linux-3.3/bImage --ramdisk ./android42/out/target/product/sugar-cubietruck/ramdisk.img --base 0x40000000 --output ./android42/out/target/product/sugar-cubietruck/boot.img
mkbootimg有四个参数:
kernel 指定bImage的路径
ramdisk 指定ramdisk的路径
base 指定kerenel与ramdisk的基地址,为0x40000000
output 指定输出文件的路径
在android42/system/core/mkbootimg/mkbootimag.c中
-
int main(int argc, char **argv)
-
{
-
boot_img_hdr hdr;
-
-
unsigned base = 0x10000000; //由参数base确定0x40000000
-
unsigned kernel_offset = 0x00008000;
-
unsigned ramdisk_offset = 0x01000000;
-
unsigned second_offset = 0x00f00000;
-
unsigned tags_offset = 0x00000100;
-
-
hdr.page_size = pagesize;
-
hdr.kernel_addr = base + kernel_offset; //0x40008000
-
hdr.ramdisk_addr = base + ramdisk_offset; //0x41000000
-
hdr.second_addr = base + second_offset; //0x40f00000
-
hdr.tags_addr = base + tags_offset; //0x40000100
-
-
kernel_data = load_file(kernel_fn, &hdr.kernel_size); //将内核读取到buffer中(函数中有malloc)
-
ramdisk_data = load_file(ramdisk_fn, &hdr.ramdisk_size); //将ramdisk读取到buffer中(函数中有malloc)
-
memcpy(hdr.id, sha, SHA_DIGEST_SIZE > sizeof(hdr.id) ? sizeof(hdr.id) : SHA_DIGEST_SIZE);
-
fd = open(bootimg, O_CREAT | O_TRUNC | O_WRONLY, 0644); //打开输出文件boot.img
-
-
write(fd, &hdr, sizeof(hdr)); //将head写入到boot.img中
-
write_padding(fd, pagesize, sizeof(hdr)); //2048(0x800)字节对齐
-
-
write(fd, kernel_data, hdr.kernel_size); //将kernel写入到boot.img中
-
write_padding(fd, pagesize, hdr.kernel_size); //2048(0x800)字节对齐
-
-
write(fd, ramdisk_data, hdr.ramdisk_size); //将ramdisk写入到boot.img中
-
write_padding(fd, pagesize, hdr.ramdisk_size); //2048(0x800)字节对齐
-
return 0;
-
}
3.2 boot.img的组成
所以这个boot.img是由3部分组成
header (kernel_size代表了内核的大小,kernel_addr)
kernel
ramdisk
-
struct fastboot_boot_img_hdr {
-
unsigned char magic[FASTBOOT_BOOT_MAGIC_SIZE];
-
-
unsigned kernel_size; //内核的大小
-
unsigned kernel_addr; //内核的加载地址
-
-
unsigned ramdisk_size; //ramdisk的大小
-
unsigned ramdisk_addr; //ramdisk的起始地址
-
-
unsigned second_size; //其它
-
unsigned second_addr; //其它
-
-
unsigned tags_addr; //其它
-
unsigned page_size; //对齐到多少字节
-
unsigned unused[2]; //
-
-
unsigned char name[FASTBOOT_BOOT_NAME_SIZE]; /* asciiz product name */
-
-
unsigned char cmdline[FASTBOOT_BOOT_ARGS_SIZE];
-
-
unsigned id[8]; /* timestamp / checksum / sha1 / etc */
-
};
阅读(1647) | 评论(0) | 转发(0) |