Originally posted by Imroy
View Post
Announcement
Collapse
No announcement yet.
Linux 3.13 To Support EFI On ARM
Collapse
X
-
Originally posted by Ericg View PostYeah I wasn't referring to the hardware devel stages :P I was more asking what is the typical android phone's version of BIOS/(U)EFI, if it even had one at all?
Now there is at least one piece of good news; that one of the later stages of the bootloader chain is, indeed, open source. This part is actually part of AOSP and can be found here; https://android.googlesource.com/kernel/lk/ --- "lk" is for "Little Kernel", also known as "aboot".
I am mostly familiar with qualcomm SoC's, and the bootloader stages before lk are basically a nightmare. You have a small prom on the board with the PBL, then 4 partitions on the eMMC called SBL1, SBL2, SBL3, and TZ. PBL is the first thing that runs when the CPU powers on, and is just enough to get the eMMC going and have it start running SBL1. Every stage of this bootloader chain signature checks the next stage. TZ is basically "bad-DRM", known as "trust zone".
The initialization path goes like this; PBL --> SBL1 --> SBL2 --> TZ --> SBL2 --> SBL3 --> LK.
The SoC itself has a bank of fuses that tell SBL3 whether or not to signature check LK. If it is *not* blown, then you could replace LK with one built from source. If it is blown, then LK probably also signature checks the boot and recovery partitions.... i.e., those two partitions where you can find kernel+initrd. There are two differences between boot and recovery partitions; 1 is the payload of the initrd. 2 is the load priority. Boot is the default selected option for starting up Android, the recovery choice is tied to a gpio, typically volume up. This distinction is made by LK.
So LK is basically a triple boot loader. It defaults to loading boot, volup to load recovery, voldown to load *fastboot*, which is a super-recovery payload within LK itself. It basically lets you write filesystem images to the eMMC within a specified list of partitions.
So good news is that LK is open source, bad news is that it is prone to being locked down and possibly even butchered. If you've messed with Samsung phones, for example, you'll be aware of their "loader" mode, which is basically a butchered version of fastboot. It does about the same thing, but only responds to their proprietary software, rather than standard fastboot protocols. Not particularly complex though, and has been reverse engineered.
LK is basically the Android equivalent of GRUB. The crap before it, is a nightmare.
Comment
-
Originally posted by droidhacker View PostThings and stuff.
I had always assumed that the thing refused to boot due to a signed boot loading issue (on a prototype no less), but now I've got something approaching an explanation.
Comment
Comment