参考链接
https://blog.csdn.net/kill150/article/details/129929641
https://blog.csdn.net/Harrison509/article/details/108659469
https://www.cnblogs.com/pngcui/p/4665106.html
系统启动流程概览
高通Android设备的启动流程通常遵循以下步骤:
-
PBL (Primary Boot Loader):
- 设备上电后,首先执行的是PBL,它固化在ROM中。
- PBL负责初始化DDR,加载SBL1(Secondary Boot Loader)。
-
SBL1:
- SBL1继续硬件初始化,包括CPU、内存控制器等。
- 加载并初始化TrustZone、QSEE(Qualcomm Secure Execution Environment)等安全组件。
-
TrustZone/QSEE:
- TrustZone是ARM技术,用于提供系统级的安全解决方案。
- QSEE是高通的安全执行环境,负责执行安全敏感的代码。
-
Bootloader:
- 在SBL1之后,设备加载Bootloader。
- Bootloader负责加载并验证内核(Linux Kernel)。
-
内核启动:
- 内核自解压并初始化硬件平台。
- 设置内存管理单元(MMU),加载必要的驱动程序。
-
init进程:
init
是Linux系统中的第一个用户空间进程。- 它负责挂载根文件系统,启动系统服务和守护进程。
-
Zygote进程:
- 在Android系统中,Zygote是所有应用程序的父进程。
- 它启动并为Android框架和应用程序提供服务。
-
SystemServer:
- SystemServer是Android系统的核心服务进程。
- 它启动包括窗口管理器、活动管理器、电源管理器等关键服务。
-
UEFI启动(如果设备支持UEFI):
- UEFI(统一可扩展固件接口)提供了一种新的启动方法。
- 它包括SEC(安全环境配置)、PEI(EFI前期初始化)、DXE(驱动执行环境)、BDS(启动设备选择)等阶段。
-
显示子系统启动:
- 在显示设备准备好之后,启动显示管理器和相关的显示服务。
-
用户界面:
- 最后,启动Home Launcher,用户界面完全加载,设备准备就绪供用户使用。
请注意,这个流程可能会根据不同的硬件平台、Android版本和制造商的定制有所变化。上述步骤提供了一个高通Android设备从上电到操作系统完全启动的一般概述。
源码分析
1、启动文件 sbl1_Aarch64.s(对应架构的.s)
fibo/bp_code/BOOT.XF.4.1/boot_images/QcomPkg/SocPkg/Library/XBLLoaderLib/sbl1_Aarch64.s
sbl1_entry_init_stack:
// -------------------------------
// add more assembly init code here for entering sbl1_main_ctl
//
// restore PBL parameter and enter sbl1_main_ctl
// -------------------------------
MOV w0, w7
BL sbl1_main_ctl
// For safety
BL boot_loop_here // never returns
2、sbl1_main_ctl :restore PBL parameter and enter sbl1_main_ctl
fibo/bp_code/BOOT.XF.4.1/boot_images/QcomPkg/SocPkg/Library/XBLLoaderLib/sbl1_mc.c
/*!
*
* @brief
* The Main Controller performs the following functions:
* - Initializes ram
* - And so on...
*
* @param[in] pbl_shared Pointer to shared data
*
* @par Dependencies
* None
*
* @retval
* None
*
* @par Side Effects
* This function never returns.
*
*/
void sbl1_main_ctl(boot_pbl_shared_data_type *pbl_shared)
{
DALResult bsy_wait_init;
/* Configure Domain access control register */
mmu_set_dacr(DACR_ALL_DOMAIN_CLIENTS);
/* Retrieve info passed from PBL*/
sbl1_retrieve_shared_info_from_pbl(pbl_shared);
/* Initialize shared functions structure - provides other images with function pointers in Loader */
boot_shared_functions_register();
/* Initialize SBL memory map */
sbl1_populate_initial_mem_map(&bl_shared_data);
/* Calculate the SBL start time for use during boot logger initialization. */
sbl_start_time = CALCULATE_TIMESTAMP(HWIO_IN(TIMETICK_QTIMER_CLK));
sbl_start_time_mpm = CALCULATE_MPM_TIMESTAMP(HWIO_IN(TIMETICK_CLK));
/* Initialize busywait module Note: required before logger init due to uart driver dependency on busywait */
BL_VERIFY((bsy_wait_init=boot_busywait_init()) == DAL_SUCCESS, (uint16)bsy_wait_init|BL_ERROR_GROUP_BUSYWAIT);
/* Enable qdss workaround*/
BL_VERIFY(boot_clock_debug_init() == TRUE, FALSE|BL_ERROR_GROUP_CLK );
/* Enter debug mode if debug cookie is set */
sbl1_debug_mode_enter();
/* Initialize the stack protection canary */
boot_init_stack_chk_canary();
/* Initialize boot shared imem */
boot_shared_imem_init(&bl_shared_data);
/* Initialize the ChipInfo driver */
ChipInfo_Init();
/* Initialize the QSEE interface */
sbl1_init_sbl_qsee_interface(&bl_shared_data, &sbl_verified_info);
/* Initialize dal heap using internal memory */
boot_DALSYS_HeapInit(boot_internal_heap, BOOT_INTERNAL_HEAP_SIZE, FALSE);
/*Initialize DAL, needs to be called before modules that uses DAL */
boot_DALSYS_InitMod(NULL);
/* Initialize boot logger and start the log timer.
This must be done after sbl1_retrieve_shared_info_from_pbl
and boot_secboot_ftbl_init. */
sbl1_boot_logger_init(&boot_log_data, pbl_shared);
boot_log_set_meta_info(boot_log_data.meta_info_start);
/* Set hash algorithm */
BL_VERIFY(boot_set_hash_algo(SBL_HASH_SHA256) == BL_ERR_NONE, BL_ERR_UNSUPPORTED_HASH_ALGO|BL_ERROR_GROUP_BOOT);
/* Call sbl1_hw_init to config pmic device so we can use PS_HOLD to reset */
sbl1_hw_init();
#if defined (FEATURE_DEVICEPROGRAMMER_IMAGE) || defined (FEATURE_DDI_IMAGE)
/* Enter device programmer does not return */
device_programmer_init(&bl_shared_data, pbl_shared);
#else
/* Store the sbl1 hash to shared imem */
boot_store_tpm_hash_block(&bl_shared_data, &sbl_verified_info);
/*-----------------------------------------------------------------------
Process the target-dependent SBL1 procedures
-----------------------------------------------------------------------*/
boot_config_process_bl(&bl_shared_data, SBL1_IMG, sbl1_config_table);
#endif
} /* sbl1_main_ctl() */
3、boot_config.c
sbl1_config_table 执行的回调函数table
fibo/bp_code/BOOT.XF.4.1/boot_images/QcomPkg/SocPkg/Library/XBLLoaderLib/sbl1_config.c
/*==========================================================================
DEFINE TARGET BOOT CONFIG TABLE
===========================================================================*/
boot_configuration_table_entry sbl1_config_table[] =
{
/* host_img_id host_img_type target_img_id target_img_type target_img_sec_type load auth exec jump exec_func jump_func pre_procs post_procs load_cancel target_img_partition_id target_img_str boot_ssa_enabled enable_xpu xpu_proc_id sbl_qsee_interface_index seg_elf_entry_point whitelist_ptr */
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_APDP_SW_TYPE, TRUE, TRUE, FALSE, FALSE, NULL, NULL, apdp_pre_procs, apdp_post_procs, apdp_load_cancel, apdp_partition_id, APDP_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, apdp_img_whitelist },
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_OEM_MISC_SW_TYPE, TRUE, TRUE, FALSE, FALSE, NULL, NULL, NULL, NULL, oem_misc_load_cancel, multi_image_partition_id, OEM_MISC_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, oem_misc_img_whitelist},
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_QTI_MISC_SW_TYPE, TRUE, TRUE, FALSE, FALSE, NULL, NULL, NULL, NULL, qti_misc_load_cancel, multi_image_qti_partition_id, QTI_MISC_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, qti_misc_img_whitelist},
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_RPM_FW_SW_TYPE, TRUE, TRUE, FALSE, FALSE, NULL, NULL, rpm_pre_procs, NULL, rpm_load_cancel, rpm_partition_id, RPM_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, rpm_img_whitelist },
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_QSEE_DEVCFG_SW_TYPE, TRUE, TRUE, FALSE, FALSE, NULL, NULL, NULL, NULL, qsee_devcfg_load_cancel, qsee_devcfg_image_partition_id, QSEE_DEVCFG_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, devcfg_img_whitelist },
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_QSEE_SW_TYPE, TRUE, TRUE, FALSE, FALSE, NULL, NULL, NULL, qsee_post_procs, NULL, qsee_partition_id, QSEE_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, qsee_img_whitelist },
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_SEC_SW_TYPE, TRUE, TRUE, FALSE, FALSE, NULL, NULL, NULL, NULL, sec_load_cancel, secdata_partition_id, SEC_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, sec_img_whitelist },
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_QHEE_SW_TYPE, TRUE, TRUE, FALSE, FALSE, NULL, NULL, NULL, NULL, NULL, qhee_partition_id, QHEE_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, qhee_img_whitelist },
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_WDT_SW_TYPE, TRUE, TRUE, FALSE, TRUE, NULL, sti_jump_func, NULL, NULL, sti_load_cancel, sti_partition_id, STI_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, 0x0, sti_img_whitelist },
{
SBL1_IMG, CONFIG_IMG_QC, GEN_IMG, CONFIG_IMG_ELF, SECBOOT_APPSBL_SW_TYPE, TRUE, TRUE, FALSE, TRUE, NULL, qsee_jump_func, NULL, appsbl_post_procs, appsbl_load_cancel, appsbl_partition_id, APPSBL_BOOT_LOG_STR, FALSE, FALSE, 0x0, 0x0, SCL_XBL_CORE_CODE_BASE, xbl_core_img_whitelist},
{
NONE_IMG, }
};
fibo/bp_code/BOOT.XF.4.1/boot_images/QcomPkg/XBLLoader/boot_config.c
boot_config_process_bl 处理每一个 sbl1_config_table 回调函数列表
/*!
*
* @brief
* Function to process and execute boot code based on information from the
* configuration table. This parses through the entire table and calls
* boot_config_process_entry() on each entry corresponding to the host
* image in order.
*
* @param[in] bl_shared_data - Pointer to the shared data structure
* @param[in] host_img - Image ID of the host boot loader
* @param[in] boot_config_table - Bootloader specific configuration table
*
* @par Dependencies
* None
*
* @retval
* None
*
* @par Side Effects
* None
*/
void boot_config_process_bl
(
bl_shared_data_type *bl_shared_data,
image_type host_img,
boot_configuration_table_entry * boot_config_table
)
{
boot_configuration_table_entry *curr_entry = NULL;
BL_VERIFY( bl_shared_data != NULL && boot_config_table != NULL,
BL_ERR_NULL_PTR_PASSED|BL_ERROR_GROUP_BOOT);
/* For every entry in the boot configuration table */
for(curr_entry = boot_config_table