Android210 uboot 调试-白红宇

Android210 uboot 调试

阅读量：6567 次

发布时间：2019-06-24

本文共 31411 字，大约阅读时间需要 104 分钟。

原文地址：

1.编译配置

2.u-boot.lds连接配置文件

3.Stage1之start.S

4.Stage2之入口start_armboot

1.编译配置

编译前先进行配置：make smdkv210single_config

其中，Makefile中make smdkv210single_config为：

smdkv210single_config : unconfig    @$(MKCONFIG) $(@:_config=) arm s5pc11x smdkc110 samsung s5pc110    @echo "TEXT_BASE = 0xc3e00000" > $(obj)board/samsung/smdkc110/config.mk

这里使用了Makefile中的替换引用规则，类似常看到的例子 obj=$(srcfiles:%.c=%.o): 由.c得到对应的.o文件.
这里是一样的道理: $(@:_config=) ，@代表的是target smdkv210single_config，那么$(@:_config=)就是将smdkv210single_config中的_config替换为空，

即得到smdkv210single。

这里$(@:_config=) arm s5pc11x smdkc110 samsung s5pc110都是mkconfig（即@$(MKCONFIG)）的参数，mkconfig即根目录下的脚本文件。

执行这句命令后，在include/下生成config.mk和config.h。并且Makefile包含这个config.mk。

config.mk文件：

ARCH   = armCPU    = s5pc11xBOARD  = smdkc110VENDOR = samsungSOC    = s5pc110

它指定里CPU架构，CPU型号，板子型号，CPU厂商，SOC？？（母鸡啦）

可以根据上面的这个信息找到对应的代码。比如说CPU代码在cpu/s5pc11x下，板子代码在board/samsung/smdkc110下。

2. u-boot.lds连接配置文件

对于.lds文件，它定义了整个程序编译之后的连接过程，决定了一个可执行程序的各个段的存储位置。u-boot.lds如何指定连接过程？首先它被根目录下config.mk引用，定义如下：LDSCRIPT := $(TOPDIR)/board/$(BOARDDIR)/u-boot.lds。根据这个路径，对于Android210而言，可以找到这个文件位于：board/samsung/smdkc110/u-boot.lds。其次，LDSCRIPT这个变量何时被用到？同样在config.mk中，可以找到：

LDFLAGS += -Bstatic -T $(LDSCRIPT) $(PLATFORM_LDFLAGS)

ifneq ($(TEXT_BASE),)

LDFLAGS += -Ttext $(TEXT_BASE)

endif

-T 参数指定生成可执行文件时ld连接器如何连接，TEXT_BASE是在make smdkv210single_config时写到board/samsung/smdkc110/config.mk中的，值为0xc3e00000。

/* * (C) Copyright 2002 * Gary Jennejohn, DENX Software Engineering, 
     
       * * See file CREDITS for list of people who contributed to this * project. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, * MA 02111-1307 USA */OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm");指定输出可执行文件是elf格式,32位ARM指令,小端/*OUTPUT_FORMAT("elf32-arm", "elf32-arm", "elf32-arm")*/OUTPUT_ARCH(arm);指定输出可执行文件的平台为ARMENTRY(_start);指定输出可执行文件的起始代码段为_startSECTIONS{    . = 0x00000000; ;从0x0位置开始    . = ALIGN(4);  ;代码以4字节对齐    .text      :     ;指定代码段    {      cpu/s5pc11x/start.o   (.text)      cpu/s5pc11x/s5pc110/cpu_init.o    (.text)      board/samsung/smdkc110/lowlevel_init.o    (.text)          cpu/s5pc11x/onenand_cp.o      (.text)                          cpu/s5pc11x/nand_cp.o (.text)                              cpu/s5pc11x/movi.o (.text)          board/samsung/smdkc110/flash.o (.text)          common/secure.o (.text)      common/ace_sha1.o (.text)      cpu/s5pc11x/pmic.o (.text)      *(.text)    }    . = ALIGN(4);    .rodata : { *(.rodata) }    ;指定只读数据段    . = ALIGN(4);    .data : { *(.data) }    ;指定读/写数据段    . = ALIGN(4);    .got : { *(.got) }   ;指定got段, got段式是uboot自定义的一个段, 非标准段    __u_boot_cmd_start = .;   ;把__u_boot_cmd_start赋值为当前位置, 即起始位置    .u_boot_cmd : { *(.u_boot_cmd) }   ;指定u_boot_cmd段, uboot把所有的uboot命令放在该段    __u_boot_cmd_end = .;  ;把__u_boot_cmd_end赋值为当前位置,即结束位置    . = ALIGN(4);    .mmudata : { *(.mmudata) }   ;内存管理单元数据段    . = ALIGN(4);    __bss_start = .;  ;把__bss_start赋值为当前位置,即bss段的开始位置    .bss : { *(.bss) }   ;指定bss段    _end = .;  ;把_end赋值为当前位置,即bss段的结束位置}

3.Stage1之start.S

uboot是典型的bootloader之一，大多数bootloader都分为stage1和stage2两部分，u-boot也不例外。依赖于CPU体系结构的代码（如设备初始化代码等）通常都放在stage1且可以用汇编语言来实现，而stage2则通常用C语言来实现，这样可以实现复杂的功能，而且有更好的可读性和移植性。u-boot的Stage1代码通常放在start.S文件中，他用汇编语言写成，其主要代码部分如下：

（1）定义入口。由于一个可执行的Image必须有一个入口点，并且只能有一个全局入口，通常这个入口放在ROM（Flash）的0x00000000地址，因此，必须通知编译器以使其知道这个入口，该工作可通过修改连接器脚本来完成。

（2）设置异常向量（Exception Vector）。

（3）设置CPU的速度、时钟频率及终端控制寄存器。

（4）初始化内存控制器。

（5）将ROM中的程序复制到RAM中。

（6）初始化堆栈。

（7）转到RAM中执行，该工作可使用指令ldr pc来完成。

根据config.mk中CPU的信息，找到对应的cpu目录为cpu/s5pc11x。首先看cpu/s5pc11x/start.S：

其中代码解释引自：http://www.cnblogs.com/Efronc/archive/2012/02/28/2371662.html

/* *  armboot - Startup Code for S5PC110/ARM-Cortex CPU-core * *  Copyright (c) 2009  Samsung Electronics * * * See file CREDITS for list of people who contributed to this * project. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of * the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, * MA 02111-1307 USA * * Base codes by scsuh (sc.suh) */#include 
     
      #include 
      
       #if defined(CONFIG_ENABLE_MMU)#include 
       
        #endif#include 
        
         #ifndef CONFIG_ENABLE_MMU#ifndef CFG_PHY_UBOOT_BASE#define CFG_PHY_UBOOT_BASE  CFG_UBOOT_BASE#endif#endif/* ************************************************************************* * * Jump vector table as in table 3.1 in [1] * ************************************************************************* */#if defined(CONFIG_EVT1) && !defined(CONFIG_FUSED)    //阶段启动相关配置    .word 0x2000    .word 0x0    .word 0x0    .word 0x0#endif.globl _start_start: b   reset    //复位入口，此处使用b指令为相对调整，不依赖运行地址    ldr pc, _undefined_instruction    //以下进入异常处理函数    ldr pc, _software_interrupt    ldr pc, _prefetch_abort    ldr pc, _data_abort    ldr pc, _not_used    ldr pc, _irq    ldr pc, _fiq_undefined_instruction:    //定义异常处理函数地址    .word undefined_instruction_software_interrupt:    .word software_interrupt_prefetch_abort:    .word prefetch_abort_data_abort:    .word data_abort_not_used:    .word not_used_irq:    .word irq_fiq:    .word fiq_pad:    .word 0x12345678 /* now 16*4=64 */    //保证16字节对齐.global _end_vect_end_vect:    .balignl 16,0xdeadbeef    //同样是保证16字节对齐，详见.align实验文章/* ************************************************************************* * * Startup Code (reset vector)    启动代码（复位向量）此处仅进行重要的初始化操作，搬移代码和建立堆栈 * * do important init only if we don't start from memory! * setup Memory and board specific bits prior to relocation. * relocate armboot to ram * setup stack * ************************************************************************* */_TEXT_BASE:    .word   TEXT_BASE    //TEST_BASE为根目录下Makefile传递进来的参数，具体为0xc3e00000/* * Below variable is very important because we use MMU in U-Boot. * Without it, we cannot run code correctly before MMU is ON. * by scsuh.    //下面的代码非常重要，因为我们使用了MMU，没有这段代码，在MMC开启前我们将不能正确的运行代码 */_TEXT_PHY_BASE:    .word   CFG_PHY_UBOOT_BASE    //由dram的物理地址0x20000000加上0x3e00000而得，即0x23e00000.这个地址为MMU开启前的物理地址.globl _armboot_start_armboot_start:    .word _start    //复位地址，具体为0xc3e00010/* * These are defined in the board-specific linker script. */.globl _bss_start_bss_start:    .word __bss_start    //__bss_start在链接脚本文件中的bss段开始，_end在bss段结尾，用于清零bss端，这两个值在链接时才确定.globl _bss_end_bss_end:    .word _end#if defined(CONFIG_USE_IRQ)    //如果使用中断，定义中断栈地址/* IRQ stack memory (calculated at run-time) */.globl IRQ_STACK_STARTIRQ_STACK_START:    .word   0x0badc0de/* IRQ stack memory (calculated at run-time) */.globl FIQ_STACK_STARTFIQ_STACK_START:    .word 0x0badc0de#endif/* * the actual reset code */reset:    /*     * set the cpu to SVC32 mode and IRQ & FIQ disable     */    @;mrs   r0,cpsr    @;bic   r0,r0,#0x1f    @;orr   r0,r0,#0xd3    @;msr   cpsr,r0    msr cpsr_c, #0xd3       @ I & F disable, Mode: 0x13 - SVC    //进入svc模式，中断禁止/* ************************************************************************* * * CPU_init_critical registers * * setup important registers * setup memory timing * ************************************************************************* */         /*         * we do sys-critical inits only at reboot,    //仅在关键初始化时执行，而不是在从ram复位时执行         * not when booting from ram!         */cpu_init_crit:#ifndef CONFIG_EVT1#if 0      bl  v7_flush_dcache_all#else    bl  disable_l2cache    //禁止l2cache    mov r0, #0x0    @    mov r1, #0x0    @ i    mov r3, #0x0    mov r4, #0x0lp1:    mov r2, #0x0    @ jlp2:       mov r3, r1, LSL #29     @ r3 = r1(i) <<29    mov r4, r2, LSL #6      @ r4 = r2(j) <<6    orr r4, r4, #0x2        @ r3 = (i<<29)|(j<<6)|(1<<1)    orr r3, r3, r4    mov r0, r3          @ r0 = r3    bl  CoInvalidateDCacheIndex    //清除数据缓存 8 * 1024    add r2, #0x1        @ r2(j)++    cmp r2, #1024       @ r2 < 1024    bne lp2         @ jump to lp2    add r1, #0x1        @ r1(i)++    cmp r1, #8          @ r1(i) < 8    bne lp1         @ jump to lp1    bl  set_l2cache_auxctrl    //锁定l2cache                                              bl  enable_l2cache    //使能l2cache地址对齐#endif#endif                                              bl  disable_l2cache    //禁止l2cache    bl  set_l2cache_auxctrl_cycle    //锁定l2cache    bl  enable_l2cache    //使能l2cache                                                 /*        * Invalidate L1 I/D        */        mov r0, #0                  @ set up for MCR        mcr p15, 0, r0, c8, c7, 0   @ invalidate TLBs    //禁止TLB        mcr p15, 0, r0, c7, c5, 0   @ invalidate icache    //禁止指令缓存       /*        * disable MMU stuff and caches        */        mrc p15, 0, r0, c1, c0, 0        bic r0, r0, #0x00002000     @ clear bits 13 (--V-)        bic r0, r0, #0x00000007     @ clear bits 2:0 (-CAM)        orr r0, r0, #0x00000002     @ set bit 1 (--A-) Align        orr r0, r0, #0x00000800     @ set bit 12 (Z---) BTB        mcr     p15, 0, r0, c1, c0, 0    //禁止MMC和cache        /* Read booting information */        ldr r0, =PRO_ID_BASE        ldr r1, [r0,#OMR_OFFSET]        bic r2, r1, #0xffffffc1    //读取启动信息#ifdef CONFIG_VOGUES    /* PS_HOLD(GPH0_0) set to output high */    ldr r0, =ELFIN_GPIO_BASE    ldr r1, =0x00000001    str r1, [r0, #GPH0CON_OFFSET]    ldr r1, =0x5500    str r1, [r0, #GPH0PUD_OFFSET]    ldr r1, =0x01    str r1, [r0, #GPH0DAT_OFFSET]#endif    /* NAND BOOT */    cmp r2, #0x0        @ 512B 4-cycle    //识别各种启动方式，并将识别到的启动识别码写入R3中    moveq   r3, #BOOT_NAND    cmp r2, #0x2        @ 2KB 5-cycle    moveq   r3, #BOOT_NAND    cmp r2, #0x4        @ 4KB 5-cycle   8-bit ECC    moveq   r3, #BOOT_NAND    cmp r2, #0x6        @ 4KB 5-cycle   16-bit ECC    moveq   r3, #BOOT_NAND    cmp r2, #0x8        @ OneNAND Mux    moveq   r3, #BOOT_ONENAND    /* SD/MMC BOOT */    cmp     r2, #0xc    moveq   r3, #BOOT_MMCSD    /* NOR BOOT */    cmp     r2, #0x14    moveq   r3, #BOOT_NOR  #if 0   /* Android C110 BSP uses OneNAND booting! */    /* For second device booting */    /* OneNAND BOOTONG failed */    cmp     r2, #0x8    moveq   r3, #BOOT_SEC_DEV#endif    /* Uart BOOTONG failed */    cmp     r2, #(0x1<<4)    moveq   r3, #BOOT_SEC_DEV                                              ldr r0, =INF_REG_BASE    str r3, [r0, #INF_REG3_OFFSET]    //将启动标识码写入INF_REG3中    /*     * Go setup Memory and board specific bits prior to relocation.    //重定位前初始化存储器和板特殊位     */    ldr sp, =0xd0036000 /* end of sram dedicated to u-boot */    //分配给u-boot的sram的结尾 sram为0xd0020000-d003ffff 分配大小为90k    sub sp, sp, #12 /* set stack */    mov fp, #0                                              bl  lowlevel_init   /* go setup pll,mux,memory */    //调用lowlevel_init函数初始化pll memory等与板子相关的内容 函数位于board目录下    /* To hold max8698 output before releasing power on switch,     * set PS_HOLD signal to high     */    ldr r0, =0xE010E81C  /* PS_HOLD_CONTROL register */    //PS_HOLD输出高电平，PS_HOLD使能。PMIC相关    ldr r1, =0x00005301  /* PS_HOLD output high */    str r1, [r0]    /* get ready to call C functions */    ldr sp, _TEXT_PHY_BASE  /* setup temp stack pointer */    //建立临时栈指针，内容为0x23e00000    sub sp, sp, #12    mov fp, #0          /* no previous frame, so fp=0 */    /* when we already run in ram, we don't need to relocate U-Boot.     * and actually, memory controller must be configured before U-Boot    //如果程序已经在ram中运行，我们不需要重新定位u-boot。     * is running in ram.    //实际上存储器一定在u-boot在ram中运行前被初始化了     */    ldr r0, =0xff000fff    bic r1, pc, r0      /* r0 <- current base addr of code */    //r1=当前PC    ldr r2, _TEXT_BASE      /* r1 <- original base addr in ram */    bic r2, r2, r0      /* r0 <- current base addr of code */    //r2=定位后运行地址    cmp     r1, r2                  /* compare r0, r1                  */    beq     after_copy      /* r0 == r1 then skip flash copy   */    //如果r1=r2，跳过复制部分#if defined(CONFIG_EVT1)    /* If BL1 was copied from SD/MMC CH2 */    ldr r0, =0xD0037488    ldr r1, [r0]    //取0xd0037488地址的值    ldr r2, =0xEB200000    cmp r1, r2    beq     mmcsd_boot    //如果等于0xEB200000,跳转到mmcsd_boot#endif    ldr r0, =INF_REG_BASE    //读取存储的INF_REG3中的启动类型    ldr r1, [r0, #INF_REG3_OFFSET]    cmp r1, #BOOT_NAND      /* 0x0 => boot device is nand */    beq nand_boot    cmp r1, #BOOT_ONENAND   /* 0x1 => boot device is onenand */    beq onenand_boot    cmp     r1, #BOOT_MMCSD    beq     mmcsd_boot    cmp     r1, #BOOT_NOR    beq     nor_boot    cmp     r1, #BOOT_SEC_DEV    beq     mmcsd_bootnand_boot:    mov r0, #0x1000    //以下函数实现代码的搬移    bl  copy_from_nand    b   after_copyonenand_boot:    bl  onenand_bl2_copy    b   after_copymmcsd_boot:#if DELETE    ldr     sp, _TEXT_PHY_BASE         sub     sp, sp, #12    mov     fp, #0#endif    bl      movi_bl2_copy    b       after_copynor_boot:    bl      read_hword    b       after_copyafter_copy:#if defined(CONFIG_ENABLE_MMU)enable_mmu:    /* enable domain access */    ldr r5, =0x0000ffff    //定义使能域的访问权限    mcr p15, 0, r5, c3, c0, 0       @load domain access register    /* Set the TTB register */    ldr r0, _mmu_table_base    ldr r1, =CFG_PHY_UBOOT_BASE    ldr r2, =0xfff00000    bic r0, r0, r2    orr r1, r0, r1    mcr p15, 0, r1, c2, c0, 0    //将MMU启用前的的mmu_table_base转成sdram中的地址，并写入cp15的c2中    /* Enable the MMU */mmu_on:    mrc p15, 0, r0, c1, c0, 0    //启用mmu    orr r0, r0, #1    mcr p15, 0, r0, c1, c0, 0    nop    nop    nop    nop#endifskip_hw_init:    /* Set up the stack                         */stack_setup:#if defined(CONFIG_MEMORY_UPPER_CODE)    ldr sp, =(CFG_UBOOT_BASE + CFG_UBOOT_SIZE - 0x1000)#else    ldr r0, _TEXT_BASE      /* upper 128 KiB: relocated uboot   */    sub r0, r0, #CFG_MALLOC_LEN /* malloc area                      */    sub r0, r0, #CFG_GBL_DATA_SIZE /* bdinfo                        */#if defined(CONFIG_USE_IRQ)    sub r0, r0, #(CONFIG_STACKSIZE_IRQ+CONFIG_STACKSIZE_FIQ)#endif    sub sp, r0, #12     /* leave 3 words for abort-stack    */    //为取址终止异常预留3个字空间#endifclear_bss:    ldr r0, _bss_start      /* find start of bss segment        */    ldr r1, _bss_end        /* stop here                        */    mov     r2, #0x00000000     /* clear                            */clbss_l:    str r2, [r0]        /* clear loop...                    */    //清除bss端内存    add r0, r0, #4    cmp r0, r1    ble clbss_l                                              ldr pc, _start_armboot_start_armboot:    //第一阶段结束，进入c程序阶段    .word start_armboot#if defined(CONFIG_ENABLE_MMU)_mmu_table_base:    .word mmu_table#endif/* * copy U-Boot to SDRAM and jump to ram (from NAND or OneNAND) * r0: size to be compared * Load 1'st 2blocks to RAM because U-boot's size is larger than 1block(128k) size */    .globl copy_from_nandcopy_from_nand:    push    {lr}        /* save return address */    mov r9, r0                                              mov r9, #0x100      /* Compare about 8KB */    bl  copy_uboot_to_ram    //从nandflash中读取512k到0x23e00000中    tst     r0, #0x0    bne copy_failed#if defined(CONFIG_EVT1)    ldr r0, =0xd0020000    //iram的起始地址#else      ldr r0, =0xd0030000    //iram的中间地址#endif    ldr r1, _TEXT_PHY_BASE  /* 0x23e00000 */1:  ldr r3, [r0], #4    //取r0+4地址的值到r3中    ldr r4, [r1], #4    //取r1+4地址的值到r4中    teq r3, r4    bne compare_failed  /* not matched */    //如果r3和r4不相等，比较失败    subs    r9, r9, #4    bne 1b    pop {pc}        /* all is OK */    //复制成功，返回copy_failed:    nop         /* copy from nand failed */    b   copy_failedcompare_failed:    nop         /* compare failed */    b   compare_failed/* * we assume that cache operation is done before. (eg. cleanup_before_linux()) * actually, we don't need to do anything about cache if not use d-cache in U-Boot * So, in this function we clean only MMU. by scsuh * * void theLastJump(void *kernel, int arch_num, uint boot_params); */#if defined(CONFIG_ENABLE_MMU)    .globl theLastJumptheLastJump:    mov r9, r0    //保存内核地址    ldr r3, =0xfff00000    ldr r4, _TEXT_PHY_BASE    adr r5, phy_last_jump    bic r5, r5, r3    orr r5, r5, r4    mov pc, r5phy_last_jump:    /*     * disable MMU stuff    //关闭MMU     */    mrc p15, 0, r0, c1, c0, 0    bic r0, r0, #0x00002300 /* clear bits 13, 9:8 (--V- --RS) */    bic r0, r0, #0x00000087 /* clear bits 7, 2:0 (B--- -CAM) */    orr r0, r0, #0x00000002 /* set bit 2 (A) Align */    orr r0, r0, #0x00001000 /* set bit 12 (I) I-Cache */    mcr p15, 0, r0, c1, c0, 0    mcr p15, 0, r0, c8, c7, 0   /* flush v4 TLB */    mov r0, #0    mov pc, r9    //跳转到内核地址#endif/* ************************************************************************* * * Interrupt handling * ************************************************************************* */@@ IRQ stack frame.@#define S_FRAME_SIZE    72#define S_OLD_R0    68#define S_PSR       64#define S_PC        60#define S_LR        56#define S_SP        52#define S_IP        48#define S_FP        44#define S_R10       40#define S_R9        36#define S_R8        32#define S_R7        28#define S_R6        24#define S_R5        20#define S_R4        16#define S_R3        12#define S_R2        8#define S_R1        4#define S_R0        0#define MODE_SVC 0x13#define I_BIT    0x80/*    //定义异常时保存寄存器的宏 * use bad_save_user_regs for abort/prefetch/undef/swi ... * use irq_save_user_regs / irq_restore_user_regs for IRQ/FIQ handling */    .macro  bad_save_user_regs    sub sp, sp, #S_FRAME_SIZE       @ carve out a frame on current user stack    stmia   sp, {r0 - r12}          @ Save user registers (now in svc mode) r0-r12    ldr r2, _armboot_start    sub r2, r2, #(CFG_MALLOC_LEN)    sub r2, r2, #(CFG_GBL_DATA_SIZE+8)  @ set base 2 words into abort stack    ldmia   r2, {r2 - r3}           @ get values for "aborted" pc and cpsr (into parm regs)    add r0, sp, #S_FRAME_SIZE       @ grab pointer to old stack    add r5, sp, #S_SP    mov r1, lr    stmia   r5, {r0 - r3}           @ save sp_SVC, lr_SVC, pc, cpsr    mov r0, sp              @ save current stack into r0 (param register)    .endm    .macro  irq_save_user_regs    sub sp, sp, #S_FRAME_SIZE    stmia   sp, {r0 - r12}          @ Calling r0-r12    add r8, sp, #S_PC           @ !!!! R8 NEEDS to be saved !!!! a reserved stack spot would be good.    stmdb   r8, {sp, lr}^           @ Calling SP, LR    str lr, [r8, #0]            @ Save calling PC    mrs r6, spsr    str r6, [r8, #4]            @ Save CPSR    str r0, [r8, #8]            @ Save OLD_R0    mov r0, sp    .endm    .macro  irq_restore_user_regs    ldmia   sp, {r0 - lr}^          @ Calling r0 - lr    mov r0, r0    ldr lr, [sp, #S_PC]         @ Get PC    add sp, sp, #S_FRAME_SIZE    subs    pc, lr, #4          @ return & move spsr_svc into cpsr    .endm    .macro get_bad_stack    ldr r13, _armboot_start     @ setup our mode stack (enter in banked mode)    sub r13, r13, #(CFG_MALLOC_LEN) @ move past malloc pool    sub r13, r13, #(CFG_GBL_DATA_SIZE+8) @ move to reserved a couple spots for abort stack    str lr, [r13]           @ save caller lr in position 0 of saved stack    mrs lr, spsr            @ get the spsr    str lr, [r13, #4]           @ save spsr in position 1 of saved stack    mov r13, #MODE_SVC          @ prepare SVC-Mode    @ msr   spsr_c, r13    msr spsr, r13           @ switch modes, make sure moves will execute    mov lr, pc              @ capture return pc    movs    pc, lr              @ jump to next instruction & switch modes.    .endm    .macro get_bad_stack_swi    sub r13, r13, #4            @ space on current stack for scratch reg.    str r0, [r13]           @ save R0's value.    ldr r0, _armboot_start      @ get data regions start    sub r0, r0, #(CFG_MALLOC_LEN)   @ move past malloc pool    sub r0, r0, #(CFG_GBL_DATA_SIZE+8)  @ move past gbl and a couple spots for abort stack    str lr, [r0]            @ save caller lr in position 0 of saved stack    mrs r0, spsr            @ get the spsr    str lr, [r0, #4]            @ save spsr in position 1 of saved stack    ldr r0, [r13]           @ restore r0    add r13, r13, #4            @ pop stack entry    .endm    .macro get_irq_stack            @ setup IRQ stack    ldr sp, IRQ_STACK_START    .endm    .macro get_fiq_stack            @ setup FIQ stack    ldr sp, FIQ_STACK_START    .endm/* * exception handlers    //异常处理句柄 */    .align  5undefined_instruction:    get_bad_stack    bad_save_user_regs    bl  do_undefined_instruction    .align  5software_interrupt:    get_bad_stack_swi    bad_save_user_regs    bl  do_software_interrupt    .align  5prefetch_abort:    get_bad_stack    bad_save_user_regs    bl  do_prefetch_abort    .align  5data_abort:    get_bad_stack    bad_save_user_regs    bl  do_data_abort    .align  5not_used:    get_bad_stack    bad_save_user_regs    bl  do_not_used#if defined(CONFIG_USE_IRQ)    .align  5irq:    get_irq_stack    irq_save_user_regs    bl  do_irq    irq_restore_user_regs    .align  5fiq:    get_fiq_stack    /* someone ought to write a more effiction fiq_save_user_regs */    irq_save_user_regs    bl  do_fiq    irq_restore_user_regs#else    .align  5irq:    get_bad_stack    bad_save_user_regs    bl  do_irq    .align  5fiq:    get_bad_stack    bad_save_user_regs    bl  do_fiq#endif    .align 5.global arm_cache_flusharm_cache_flush:       mcr     p15, 0, r1, c7, c5, 0           @ invalidate I cache       mov     pc, lr                          @ back to caller/* *     v7_flush_dcache_all() * *     Flush the whole D-cache. * *     Corrupted registers: r0-r5, r7, r9-r11 * *     - mm    - mm_struct describing address space */       .align 5.global v7_flush_dcache_allv7_flush_dcache_all:    ldr r0, =0xffffffff    mrc p15, 1, r0, c0, c0, 1       @ Read CLIDR    ands    r3, r0, #0x7000000    mov r3, r3, LSR #23             @ Cache level value (naturally aligned)    beq     Finished    mov r10, #0Loop1:            add r2, r10, r10, LSR #1        @ Work out 3xcachelevel    mov r1, r0, LSR r2              @ bottom 3 bits are the Ctype for this level    and r1, r1, #7                  @ get those 3 bits alone    cmp r1, #2    blt Skip                        @ no cache or only instruction cache at this level    mcr p15, 2, r10, c0, c0, 0      @ write the Cache Size selection register    mov r1, #0    mcr p15, 0, r1, c7, c5, 4       @ PrefetchFlush to sync the change to the CacheSizeID reg    mrc p15, 1, r1, c0, c0, 0       @ reads current Cache Size ID register    and r2, r1, #0x7                @ extract the line length field    add r2, r2, #4                  @ add 4 for the line length offset (log2 16 bytes)    ldr r4, =0x3FF    ands    r4, r4, r1, LSR #3          @ R4 is the max number on the way size (right aligned)    clz r5, r4                      @ R5 is the bit position of the way size increment    ldr r7, =0x00007FFF    ands    r7, r7, r1, LSR #13         @ R7 is the max number of the index size (right aligned)Loop2:            mov r9, r4                          @ R9 working copy of the max way size (right aligned)Loop3:            orr r11, r10, r9, LSL r5            @ factor in the way number and cache number into R11    orr r11, r11, r7, LSL r2            @ factor in the index number    mcr p15, 0, r11, c7, c6, 2      @ invalidate by set/way    subs    r9, r9, #1                  @ decrement the way number    bge Loop3    subs    r7, r7, #1                  @ decrement the index    bge Loop2Skip:             add r10, r10, #2                    @ increment the cache number    cmp r3, r10    bgt Loop1Finished:    mov pc, lr                                                 .align  5.global disable_l2cachedisable_l2cache:    mrc     p15, 0, r0, c1, c0, 1    bic     r0, r0, #(1<<1)    mcr     p15, 0, r0, c1, c0, 1    mov pc, lr       .align  5.global enable_l2cacheenable_l2cache:    mrc     p15, 0, r0, c1, c0, 1    orr     r0, r0, #(1<<1)    mcr     p15, 0, r0, c1, c0, 1    mov     pc, lr       .align  5.global set_l2cache_auxctrlset_l2cache_auxctrl:    mov r0, #0x0    mcr     p15, 1, r0, c9, c0, 2    mov     pc, lr       .align  5.global set_l2cache_auxctrl_cycleset_l2cache_auxctrl_cycle:    mrc     p15, 1, r0, c9, c0, 2    bic     r0, r0, #(0x1<<29)    bic     r0, r0, #(0x1<<21)    bic     r0, r0, #(0x7<<6)    bic     r0, r0, #(0x7<<0)    mcr     p15, 1, r0, c9, c0, 2    mov     pc,lr    .align 5CoInvalidateDCacheIndex:    ;/* r0 = index */    mcr     p15, 0, r0, c7, c6, 2    mov     pc,lr#if defined(CONFIG_INTEGRATOR) && defined(CONFIG_ARCH_CINTEGRATOR)/* Use the IntegratorCP function from board/integratorcp/platform.S */#elif defined(CONFIG_S5PC11X)/* For future usage of S3C64XX*/#else    .align  5.globl reset_cpureset_cpu:    ldr r1, rstctl  /* get addr for global reset reg */    mov r3, #0x2    /* full reset pll+mpu */    str r3, [r1]    /* force reset */    mov r0, r0_loop_forever:    b   _loop_foreverrstctl:    .word   PM_RSTCTRL_WKUP#endif

State 1最后，调用里start_armboot函数，这个函数是State2的入口函数。

4.Stage2之入口start_armboot

start_armboot函数是纯C写的，位于lib_arm/board.c中。此函数经过一系列的动作之后，最终进入main_loop循环。main_loop位于common/main.c中，它主要用于执行common下定义的一些cmd。在正常启动的情况下，main_loop会在abortboot处等待n秒中（n一般是设置在uboot环境变量中，可以用getenv冲env中读取，一般设置成3s），然后从env中读取bootcmd的值，用run_command执行bootcmd命令。对于原始Android210来讲，bootcmd=nand read C0008000 600000 400000;bootm C0008000。

bootcmd中调用里两个命令，分别是nand和bootm。

nand命令，对应的源文件是common/cmd_nand.c。它的主要功能是...

bootm命令，对应的源文件是common/cmd_bootm.c。命令格式：

U_BOOT_CMD(    bootm,  CFG_MAXARGS,    1,  do_bootm,    "bootm   - boot application p_w_picpath from memory\n",    "[addr [arg ...]]\n    - boot application p_w_picpath stored in memory\n"    "\tpassing arguments 'arg ...'; when booting a Linux kernel,\n"    "\t'arg' can be the address of an initrd p_w_picpath\n"#if defined(CONFIG_OF_LIBFDT)    "\tWhen booting a Linux kernel which requires a flat device-tree\n"    "\ta third argument is required which is the address of the\n"    "\tdevice-tree blob. To boot that kernel without an initrd p_w_picpath,\n"    "\tuse a '-' for the second argument. If you do not pass a third\n"    "\ta bd_info struct will be passed instead\n"#endif#if defined(CONFIG_FIT)    "\t\nFor the new multi component uImage format (FIT) addresses\n"    "\tmust be extened to include component or configuration unit name:\n"    "\taddr:
     
       - direct component p_w_picpath specification\n"    "\taddr#
      
          - configuration specification\n"    "\tUse iminfo command to get the list of existing component\n"    "\tp_w_picpaths and configurations.\n"#endif);

可以看到命令名为bootm，对应执行函数为do_bootm:

/*******************************************************************//* bootm - boot application p_w_picpath from p_w_picpath in memory *//*******************************************************************/int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[]){    p_w_picpath_header_t  *hdr;    ulong       addr;    ulong       iflag;    const char  *type_name;    uint        unc_len = CFG_BOOTM_LEN;    uint8_t     comp, type, os;    void        *os_hdr;    ulong       os_data, os_len;    ulong       p_w_picpath_start, p_w_picpath_end;    ulong       load_start, load_end;    ulong       mem_start;    phys_size_t mem_size;    struct lmb lmb;    memset ((void *)&p_w_picpaths, 0, sizeof (p_w_picpaths));    p_w_picpaths.verify = getenv_yesno ("verify");        ...........                                    lmb_reserve(&lmb, load_start, (load_end - load_start));#if defined(CONFIG_ZIMAGE_BOOT)after_header_check:    os = hdr->ih_os;#endif    switch (os) {    default:            /* handled by (original) Linux case */    case IH_OS_LINUX:#ifdef CONFIG_SILENT_CONSOLE        fixup_silent_linux();#endif        do_bootm_linux (cmdtp, flag, argc, argv, &p_w_picpaths);        break;    case IH_OS_NETBSD:        do_bootm_netbsd (cmdtp, flag, argc, argv, &p_w_picpaths);        break;        .............    return 1;}

其中有do_bootm_linux函数，这个函数是启动kernel的函数。对于Android210来讲，这个文件位于lib_arm/bootm.c中。do_bootm_linux:

void do_bootm_linux (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[],             bootm_headers_t *p_w_picpaths){    ulong   initrd_start, initrd_end;    ulong   ep = 0;    bd_t    *bd = gd->bd;    char    *s;    int machid = bd->bi_arch_number;    void    (*theKernel)(int zero, int arch, uint params);    int ret;#ifdef CONFIG_CMDLINE_TAG    char *commandline = getenv ("bootargs");#endif    /* find kernel entry point */    if (p_w_picpaths->legacy_hdr_valid) {        ep = p_w_picpath_get_ep (&p_w_picpaths->legacy_hdr_os_copy);#if defined(CONFIG_FIT)    } else if (p_w_picpaths->fit_uname_os) {        ret = fit_p_w_picpath_get_entry (p_w_picpaths->fit_hdr_os,                    p_w_picpaths->fit_noffset_os, &ep);        if (ret) {            puts ("Can't get entry point property!\n");            goto error;        }#endif    } else {        puts ("Could not find kernel entry point!\n");        goto error;    }    theKernel = (void (*)(int, int, uint))ep;    s = getenv ("machid");    if (s) {        machid = simple_strtoul (s, NULL, 16);        printf ("Using machid 0x%x from environment\n", machid);    }    ret = boot_get_ramdisk (argc, argv, p_w_picpaths, IH_ARCH_ARM,            &initrd_start, &initrd_end);    if (ret)        goto error;    show_boot_progress (15);    debug ("## Transferring control to Linux (at address %08lx) ...\n",           (ulong) theKernel);#if defined (CONFIG_SETUP_MEMORY_TAGS) || \    defined (CONFIG_CMDLINE_TAG) || \    defined (CONFIG_INITRD_TAG) || \    defined (CONFIG_SERIAL_TAG) || \    defined (CONFIG_REVISION_TAG) || \    defined (CONFIG_LCD) || \    defined (CONFIG_VFD) || \    defined (CONFIG_MTDPARTITION)    setup_start_tag (bd);#ifdef CONFIG_SERIAL_TAG    setup_serial_tag (¶ms);#endif#ifdef CONFIG_REVISION_TAG    setup_revision_tag (¶ms);#endif#ifdef CONFIG_SETUP_MEMORY_TAGS    setup_memory_tags (bd);#endif#ifdef CONFIG_CMDLINE_TAG    setup_commandline_tag (bd, commandline);#endif#ifdef CONFIG_INITRD_TAG    if (initrd_start && initrd_end)        setup_initrd_tag (bd, initrd_start, initrd_end);#endif#if defined (CONFIG_VFD) || defined (CONFIG_LCD)    setup_videolfb_tag ((gd_t *) gd);#endif#ifdef CONFIG_MTDPARTITION    setup_mtdpartition_tag();#endif    setup_end_tag (bd);#endif    /* we assume that the kernel is in place */    printf ("\nStarting kernel ...\n\n");#ifdef CONFIG_USB_DEVICE    {        extern void udc_disconnect (void);        udc_disconnect ();    }#endif    cleanup_before_linux ();    theKernel (0, machid, bd->bi_boot_params);    /* does not return */    return;error:    do_reset (cmdtp, flag, argc, argv);    return;}

do_bootm_linux中最后一个参数是bootm_headers_t *p_w_picpaths。

转载于:https://blog.51cto.com/7090376/1264709

你可能感兴趣的文章