Android开机流程-从Power ON到Kernel启动init历程(基于高通平台)
Android开机流程-从Power ON到Kernel启动init历程(基于高通平台)基础概念
进入正文之前,我们先了解下涉及到的一些缩写或者专业术语。
PBL:
Primary Bootloader(主要引导加载程序),或者叫Boot ROM。PBL 是启动过程的第一个阶段,负责初始化硬件并加载下一个阶段的引导加载程序。程序固化在只读存储上,一旦出厂便不可更改。
SBL:
Secondary Bootloader(二级引导加载程序),如今叫XBL (eXtended Boot Loader)。
XBL:
eXtensible Bootloader(可扩展引导加载程序)。XBL 是一个模块化和可扩展的引导加载程序,可以加载和实行不同的引导模块,支持机动的启动设置。提供的功能包罗部分硬件环境初始化(如DDR, clocks 和 USB 等),代码安全环境初始化 (TrustZone),高通 9008 模式(告急下载模式,Emergency Download Mode)。XBL程序存放在emmc中。
XBL用于代替SBL,在模块化、扩展能力、安全性、启动性能和可靠性方面都优于SBL。
ABL:
Android Bootloader(Android引导加载程序,或者叫aboot)。提供的功能包罗验证/加载boot.img, recovery模式,fastboot模式。ABL 功能比较复杂,内部其实运行着一个 mini 的操作系统,这个操作系统就是lk(https://github.com/littlekernel/lk),不过高通从MSM8998开始使用UEFI替代LK(Little Kernel)作为手机的Bootloader。其他平台也有使用uboot作为bootloader。
UEFI(统一可扩展固件接口)、u-boot(统一引导加载程序)和lk(Little Kernel)是三种不同的引导加载程序或固件,用于启动计算机或设备的操作系统。它们之间的区别主要体如今以下几个方面:
UEFI:UEFI是一种固件接口标准,用于替代传统的BIOS(基本输入/输出系统)。UEFI提供了更强大、更机动的引导和初始化系统的功能。UEFI支持图形界面、网络启动、安全启动等高级功能,使其在现代计算机系统中越来越受欢迎。
u-boot:u-boot是一种开源的引导加载程序,主要用于嵌入式系统。它提供了启动、初始化硬件以及加载操作系统等功能。u-boot通常被用于嵌入式系统中,如嵌入式Linux系统、嵌入式Android系统等。
lk:lk是一种轻量级的内核,主要用于嵌入式系统中的启动过程。lk通常用于启动Android系统的启动过程中,负责初始化硬件并启动操作系统。与u-boot相比,lk更加轻量级,适合于资源受限的嵌入式设备。LK明显的特点是实现了一个简单的线程机制(thread)。
UEFI是一种固件接口标准,而u-boot和lk是两种不同的引导加载程序,用于启动嵌入式系统中的操作系统。它们各自具有不同的特点和实用场景。
EL0, EL1, EL2, EL3
在 ARM 架构中,EL0 到 EL3 是指不同的特权级别,每个级别都有不同的访问权限和功能。高通(Qualcomm)处理器也是基于 ARM 架构的,因此遵循这些特权级别定义。详细来说:
EL0(用户模式,User Mode):
这是最低的特权级别,通常用于运行平凡的用户应用程序。应用程序在这个级别上运行时,不能直接访问硬件或修改系统的关键资源。主要目的是提供一个安全的环境,防止用户应用程序对系统造成破坏。
EL1(内核模式,Kernel Mode):
这是操作系统内核运行的特权级别。操作系统内核在这个级别上运行时,具有访问硬件和管理系统资源的权限。内核在EL1级别上管理历程调理、内存管理和其他系统服务。
EL2(Hypervisor Mode):
这是用于虚拟化的特权级别,主要用于运行虚拟机管理程(Hypervisor)。
Hypervisor可以创建和管理多个虚拟机,每个虚拟机运行在EL1或EL0级别上。在EL2级别上运行的Hypervisor可以直接控制硬件资源,并为每个虚拟机提供隔离和保护。
EL3(Secure Monitor Mode):
这是用于处理安全天下(Secure World)和平凡天下(Normal World)之间的切换的特权级别。在这个级别上运行的是Secure Monitor,它负责管理安全状态的转换。
TrustZone技术利用EL3来确保安全天下和平凡天下之间的隔离。
HLOS: High-Level Operating System(高级操作系统)。HLOS 是运行在移动设备(如智能手机和平板电脑)上的主要操作系统,它管理和控制设备的大多数功能和应用。HLOS 通常是指运行在 EL1 特权级别上的操作系统,比如 Android 或 Windows Mobile。
IMEM(Internal Memory):
在高通(Qualcomm)平台上,IMEM(Internal Memory)通常指的是片上(SOC)内部内存,用于在设备启动和运行过程中存储关键数据和代码。IMEM 是 SoC 的一部分,具有高访问速度和低延迟的特点。
开机流程讲解
开机流程概述
下面以高通SM6125平台为例,讲解下高通平台从上电到实行init整个过程。
https://i-blog.csdnimg.cn/direct/4c6aa3fe1aa646a284bf56924597376b.png
PBL 是启动过程的第一个阶段,设备上电PBL 实行, PBL 会将初始启动代码加载到 IMEM 中实行,进行基本的硬件初始化。 启动过程中,PBL 大概会将一些紧张的信息存储在 IMEM 中,以供后续阶段(如 XBL 和 ABL)访问。
PBL加载和验证 XBL, XBL 可以从 IMEM 中读取硬件设置参数和启动信息,以继续进行更高级别的硬件初始化。XBL 阶段初始化 DRAM、时钟、电源管理和其他外设,然后加载并实行 ABL。
ABL加载 boot.img,其中包含 Android 内核,跳转到内核入口点,启动内核。
ABL 启动 Linux Kernel 之后,内核进入用户态实行 init,init 进而启动 ueventd, zygote等native历程,zygote创建system_server及Java应用历程,完成整个Android系统的启动。感兴趣的朋友,可参考后续文章《Android开机流程-从Init历程启动到进入Android桌面》。
以下本文仅从log带大家看下简单系统启动过程。
开机log分析
PBL、XBL 阶段log
以下这段串口log对应的阶段是PBL->XBL->XBL加载abl镜像并准备启动。
//提供了系统信息,如版本字符串、启动接口、安全启动状态、核心频率等
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),D - Delta,S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.XF.4.0-00237-NICOBARLAZ-2
S - IMAGE_VARIANT_STRING=NicobarPkgLAA
S - OEM_IMAGE_VERSION_STRING=a9255d190943
S - Boot Interface: eMMC
S - Secure Boot: Off
S - Boot Config @ 0x01b46070 = 0x00000041
S - JTAG ID @ 0x01b46130 = 0x001750e1
S - OEM ID @ 0x01b46138 = 0x00000000
S - Serial Number @ 0x01b46134 = 0xd092f15a
S - OEM Config Row 0 @ 0x01b441b8 = 0x0000000000000000
S - OEM Config Row 1 @ 0x01b441c0 = 0x0000000000000000
S - Feature Config Row 0 @ 0x01b441d0 = 0x0850200018c00400
S - Feature Config Row 1 @ 0x01b441d8 = 0x00140000000090a0
S - Core 0 Frequency, 1305 MHz
S - PBL Patch Ver: 3
//初始化基本硬件,设置 PBL 频率为 600 MHz。
S - PBL freq: 600 MHZ
D - 5587 - pbl_apps_init_timestamp
D - 78083 - bootable_media_detect_timestamp
D - 1412 - bl_elf_metadata_loading_timestamp
D - 734 - bl_hash_seg_auth_timestamp
D - 14343 - bl_elf_loadable_segment_loading_timestamp
D - 5346 - bl_elf_segs_hash_verify_timestamp
D - 7450 - bl_sec_hash_seg_auth_timestamp
D - 952 - bl_sec_segs_hash_verify_timestamp
D - 32 - pbl_populate_shared_data_and_exit_timestamp
S - 113939 - PBL, End
//PBL结束,XBL启动
B - 135978 - SBL1, Start (MPM timestamp = 141459)
B - 252018 - SBL1 BUILD @ 17:10:51 on May6 2024
B - 257751 - usb: hs_phy_nondrive_start
B - 261972 - str_overflow
B - 265629 - usb: hs_phy_nondrive_finish
B - 268290 - boot_flash_init, Start
D - 14 - boot_flash_init, Delta
B - 275883 - xblconfig_init, Start
D - 955 - Auth Metadata
D - 25266 - xblconfig_init, Delta
B - 306217 - sbl1_ddr_set_default_params, Start
D - 16 - sbl1_ddr_set_default_params, Delta
B - 314353 - boot_config_data_table_init, Start
B - 319004 - Using default CDT
D - 4642 - boot_config_data_table_init, Delta - (0 Bytes)
B - 326786 - CDT Version:3,Platform ID:34,Major ID:1,Minor ID:0,Subtype:0
B - 340974 - pm_device_init, Start
B - 344176 - PM: PM 0=0x8000028000000001:0x0
B - 344521 - PM: HARD_RESET by PS_HOLD
B - 384495 - PM: SET_VAL:Skip
B - 384664 - PM: PSI: b0x00_v0x20
B - 391164 - PM: Device Init # SPMI Transn: 2678
D - 50194 - pm_device_init, Delta
B - 395920 - pm_driver_init, Start
B - 402616 - PM: Driver Init # SPMI Transn: 228
D - 3491 - pm_driver_init, Delta
B - 407568 - PM: CHG Init # SPMI Transn: 0
B - 411034 - vsense_init, Start
D - 1 - vsense_init, Delta
B - 421827 - sbl1_ddr_set_params, Start
B - 422691 - Pre_DDR_clock_init, Start
D - 48 - Pre_DDR_clock_init, Delta
D - 7860 - sbl1_ddr_set_params, Delta
B - 433474 - sbl1_ddr_init, Start
D - 3299 - sbl1_ddr_init, Delta
B - 440812 - DSF version = 43.0, DSF RPM version = 20.0
B - 444213 - Max Frequency = 1804 MHz
B - 449716 - do_ddr_training, Start
B - 458608 - Bootup frequency set to 1353600
D - 5313 - do_ddr_training, Delta
B - 463009 - pImem Init Start
D - 5572 - pImem Init End, Delta
B - 472200 - Relocate Pagetable to DDR, Start
B - 476526 - Relocate Pagetable to DDR, End
B - 480137 - External heap init, Start
B - 484436 - External heap init, End
B - 488279 - clock_init, Start
D - 33 - clock_init, Delta
B - 495540 - Loading APDP Image
D - 850 - Auth Metadata
D - 418 - Segments hash check
D - 8668 - Image Loaded, Delta - (8204 Bytes)
B - 507526 - usb: Serial - 3201f2d5
B - 512163 - usb: fedl, vbus_det_err
B - 516290 - PM: SMEM Chgr Info Write Success
B - 519927 - Loading OEM_MISC Image
D - 3942 - Image Loaded, Delta - (0 Bytes)
B - 527811 - Loading QTI_MISC Image
D - 4012 - Image Loaded, Delta - (0 Bytes)
B - 538146 - PM: PM Total Mem Allocated: 1188
B - 539785 - Loading RPM Image
D - 755 - Auth Metadata
D - 1737 - Segments hash check
D - 14960 - Image Loaded, Delta - (216184 Bytes)
B - 558060 - Loading QSEE Dev Config Image
D - 863 - Auth Metadata
D - 663 - Segments hash check
D - 11795 - Image Loaded, Delta - (36196 Bytes)
B - 573168 - Loading QSEE Image
D - 5257 - Auth Metadata
D - 13821 - Segments hash check
D - 48786 - Image Loaded, Delta - (2001026 Bytes)
B - 625633 - Loading SEC Image
D - 4538 - Image Loaded, Delta - (0 Bytes)
B - 633308 - Loading QHEE Image
D - 863 - Auth Metadata
D - 3163 - Segments hash check
D - 13853 - Image Loaded, Delta - (364984 Bytes)
B - 650835 - Loading STI Image
D - 4455 - Image Loaded, Delta - (0 Bytes)
//加载abl镜像,下一阶段就是启动abl
B - 659364 - Loading APPSBL Image
D - 1236 - Auth Metadata
D - 11755 - Segments hash check
D - 26987 - Image Loaded, Delta - (2097152 Bytes)
//SBL结束
B - 690476 - SBL1, End
D - 558589 - SBL1, Delta
S - Flash Throughput, 110000 KB/s(4774750 Bytes,43020 us)
S - DDR Frequency, 1353 MHz
日记范例分析
[*]S:统计日记,提供系统信息。
[*]B:启动日记,表示特定启动阶段的开始。每个阶段时间戳递增。时间单位为微秒。
B - 135978 - SBL1, Start (MPM timestamp = 141459)
B - 252018 - SBL1 BUILD @ 17:10:51 on May6 2024
B - 257751 - usb: hs_phy_nondrive_start
...
B - 633308 - Loading QHEE Image
B - 650835 - Loading STI Image
B - 659364 - Loading APPSBL Image
B - 690476 - SBL1, End
[*]D:时间间隔日记,表现启动日记中间特定事故之间的时间间隔。没有递增关系。时间单位为微秒。
D - 5587 - pbl_apps_init_timestamp
D - 78083 - bootable_media_detect_timestamp
D - 1412 - bl_elf_metadata_loading_timestamp
D - 734 - bl_hash_seg_auth_timestamp
ABL阶段log
以下是正常开机的ABL阶段串口log,此处ABL使用的是UEFI。
UEFI Start
- 0x05FC01000 Sec.efi
ASLR : ON
DEP : ON (RTB)
Timer Delta : +6 mS
RAM Entry 0 : Base 0x0000000040000000Size 0x000000003DA00000
RAM Entry 1 : Base 0x00000000C0000000Size 0x0000000080000000
RAM Entry 2 : Base 0x0000000080000000Size 0x0000000040000000
UART Buffer size set to 0x8000
Continue booting UEFI on Core 0
UEFI Ver : 5.0.240506.BOOT.XF.4.0-00237-NICOBARLAZ-2
Build Info: 64b May6 2024 17:11:06
Boot Device : eMMC
PROD Mode : TRUE
Retail : TRUE
HW Wdog Setting from PCD : Disabled
PM0: 45,
UsbConfigLibOpenProtocols: PMI8998 not detected
UsbConfigLibOpenProtocols: gPmicNpaClientSS1 cannot be created
UsbConfigPortsQueryConnectionChange: UFP and micro-USB
UsbConfigPortsQueryConnectionChange: usbport->connectstate: ATT
DisplayDxe: Resolution 720x1280 (1 intf)
------ABL FV already mounted
Disp init wait [ 1612]
DisplayDxe: Backlight enable gpio (6) config fialed - 7!
input CTRL+C enter ALLPIN mode
-----------------------------
Platform Init[ 2777] BDS
UEFI Ver : 5.0.240506.BOOT.XF.4.0-00237-NICOBARLAZ-2
Platform : IDP
Chip Name : QCM_NICOBAR
Chip Ver : 1.0
Chip Serial Number : 0xD092F15A
-----------------------------
QcomChargerApp:: QcomChargerApp_Entry Can not locate Charger Protocol = Not Found
Failed to launch default charger app, status: Device Error
UEFI Total : 1889 ms
POST Time [ 2798] OS Loader
Loader Build Info: May 15 2024 09:49:06
VB: Non-secure device: Security State: (0xF7F)
VB: RWDeviceState: Succeed using devinfo!
Failed to get recovery status, Not Found
Platform Info : 0x22
Total DDR Size: 0x00000000FDA00000
KeyPress:0, BootReason:0
Fastboot=0, Recovery:0
SilentBoot Mode:11
GetVmData: No Vm data present! Status = (0x3)
VM Hyp calls not present
Loading Image recovery_a Done : 2 ms, Image size : 4096 Bytes
Loading Image init_boot_a Done : 2 ms, Image size : 4096 Bytes
Booting from slot (_a)
Booting Into Mission Mode
UpdateRollbackSyscall: Older TZ, skipping updateLoading Image boot_a Done : 2 ms, Image size : 4096 Bytes
Load Image vbmeta_a total time: 2 ms
avb_vbmeta_image.c:207: ERROR: Hash does not match!
avb_slot_verify.c:818: ERROR: vbmeta_a: Error verifying vbmeta image: HASH_MISMATCH
Load Image boot_a total time: 326 ms
Load Image dtbo_a total time: 83 ms
Load Image vendor_boot_a total time: 326 ms
Load Image init_boot_a total time: 28 ms
GetHandleInfo: No media!
AvbGetSizeOfPartition: GetHandleInfo failedFtr OsVer:0x34000 SPL:0x2983
VB2: Authenticate complete! boot state is: orange
VB2: boot state: orange(1)
Silent Mode value: 11
Memory Base Address: 0x40000000
Override DTB: GetBlkIOHandles failed loading user_dtbo!
Apply Overlay total time: 277 ms
UsbPwrCtrlLib_GetVbusDetect Failed, Error
Error getting off mode charging info: Device Error
Unable to get hw fence Config, Not Found
Unable to get GPU Preempt Config, Not Found
Offlining Memory Not Supported
Cmdline: lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 cgroup.memory=nokmem,nosocket reboot=panic_warm log_buf_len=2M bootconfig buildvariant=userdebugandrFinal s
Add Base: 0x0000000040000000 Available Length: 0x000000003DA00000
Add Base: 0x00000000C0000000 Available Length: 0x0000000080000000
Add Base: 0x0000000080000000 Available Length: 0x0000000040000000
WARNING: Unsupported EFI_RAMPARTITION_PROTOCOL
ramdump region not found in device tree
PartialGoods Value: 0x0
Update Device Tree total time: 43 ms
Shutting Down UEFI Boot Services: 4060 ms
Start EBS [ 4060]
BDS: LogFs sync skipped, Unsupported
App Log Flush : 46 ms
Exit EBS [ 4132] UEFI End
kernel阶段log
ABL启动kernel,以下是kernel起始阶段串口log,kernel启动后会启动init历程。
[ 0.000000][ T0] Linux version 5.15.137-qki-consolidate-android13-8-g860b7653516f-dirty (build-user@build-host) (Android (8508608, based on r450784e) clang version 14.0.7 (https://android.googlesource.com/toolchain/llvm-project 4c603efb0cca074e9238af8b4106c30add4418f4
[ 0.000000][ T0] random: crng init done
[ 0.000000][ T0] **********************************************************
[ 0.000000][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
[ 0.000000][ T0] ** **
[ 0.000000][ T0] ** This system shows unhashed kernel memory addresses **
[ 0.000000][ T0] ** via the console, logs, and other interfaces. This **
[ 0.000000][ T0] ** might reduce the security of your system. **
[ 0.000000][ T0] ** **
[ 0.000000][ T0] ** If you see this message and you are not debugging **
[ 0.000000][ T0] ** the kernel, report this immediately to your system **
[ 0.000000][ T0] ** administrator! **
[ 0.000000][ T0] ** **
[ 0.000000][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
[ 0.000000][ T0] **********************************************************
[ 0.000000][ T0] OF: reserved mem: OVERLAP DETECTED!
[ 0.000000][ T0] disp_rdump_region@5c000000 (0x000000005c000000--0x000000005cf00000) overlaps with splash_region@5c000000 (0x000000005c000000--0x000000005cf00000)
...
...
[ 6.928931][ T1] F2FS-fs (mmcblk0p83): Found nat_bits in checkpoint
[ 6.945468][ T1] F2FS-fs (mmcblk0p83): Mounted with checkpoint version = 65171a90
[ 7.097129][ T1] printk: init: 190 output lines suppressed due to ratelimiting
[ 7.232333][ T1] init: Failed to open package /system/etc/selinux/apex/SEPolicy.zip: No such file or directory
[ 7.865559][ T91] audit: type=1403 audit(890.143:2): auid=4294967295 ses=4294967295 lsm=selinux res=1
[ 7.886301][ T1] init: global_bootmode
[ 7.996776][ T1] init: Init cannot set 'ro.boot.pmi632_exist' to 'false': Read-only property was already
logcat中kernel log以及dmesg log都是只能从kernel启动开始抓log,logcat和dmesg log中不包含PBL,XBL和ABL阶段log,这些只能从串口log中获取。
logcat中kernel log:
--------- beginning of kernel
01-01 08:14:42.288 0 0 I : Booting Linux on physical CPU 0x0000000000
01-01 08:14:42.288 0 0 I : Linux version 5.15.137-qki-consolidate-android13-8-g860b7653516f-dirty (build-user@build-host) (Android (8508608, based on r450784e) clang version 14.0.7 (https://android.googlesource.com/toolchain/llvm-project 4c603efb0cca074e9238af8b4106c30add4418f6), LLD 14.0.7) #1 SMP PREEMPT Tue May 14 03:07:26 UTC 2024
01-01 08:14:42.288 0 0 I random: crng init done
01-01 08:14:42.288 0 0 I Machine model: Qualcomm Technologies, Inc. TRINKET IOT IDP Overlay
01-01 08:14:42.288 0 0 W : **********************************************************
01-01 08:14:42.288 0 0 W : ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
01-01 08:14:42.288 0 0 W : ** **
01-01 08:14:42.288 0 0 W : ** This system shows unhashed kernel memory addresses **
01-01 08:14:42.288 0 0 W : ** via the console, logs, and other interfaces. This **
01-01 08:14:42.288 0 0 W : ** might reduce the security of your system. **
01-01 08:14:42.288 0 0 W : ** **
01-01 08:14:42.288 0 0 W : ** If you see this message and you are not debugging **
01-01 08:14:42.288 0 0 W : ** the kernel, report this immediately to your system **
01-01 08:14:42.288 0 0 W : ** administrator! **
01-01 08:14:42.288 0 0 W : ** **
01-01 08:14:42.288 0 0 W : ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
01-01 08:14:42.288 0 0 W : **********************************************************
01-01 08:14:42.288 0 0 I panic_on_taint: bitmask=0x20 nousertaint_mode=disabled
01-01 08:14:42.288 0 0 I efi : UEFI not found.
01-01 08:14:42.288 0 0 E OF : reserved mem: OVERLAP DETECTED!
01-01 08:14:42.288 0 0 E : disp_rdump_region@5c000000 (0x000000005c000000--0x000000005cf00000) overlaps with splash_region@5c000000 (0x000000005c000000--0x000000005cf00000)
01-01 08:14:42.288 0 0 I Reserved memory: created CMA memory pool at 0x00000000ff800000, size 4 MiB
01-01 08:14:42.288 0 0 I OF : reserved mem: initialized node sdsp_region, compatible id shared-dma-pool
01-01 08:14:42.288 0 0 I OF : reserved mem: 0x00000000ff800000..0x00000000ffbfffff (4096 KiB) map reusable sdsp_region
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]