nboot 分析, 烧录信息分析,驱动格式化分析
2012-03-15 17:48
330 查看
了解nboot:
1:nboot 从nandflash的sector地址2*256=0x200地址上读取pToc
2:然后判断pToc是否合法,
3:然后根据pToc的内容, 读取内核信息,然后启动内核:
读内核的起始地址为0x2700(来自pToc->id[dwEntry].sgList[i].dwSector),读到ram的地址为0x30200000(来自pToc的dwLoadAddress)
读的sector数为ECD2相当于29.2MB字节(来自pToc->id[dwEntry].dwTtlSectors)
跳转到内核代码0X30201000(来自VIRTUAL_TO_PHYSICAL(pToc->id[dwEntry].dwJumpAddress) )
了解烧录信息:
擦除按钮是从0x13开始擦除整个nandflash的末尾.
nboot是烧录到sector地址0-7()
内核是烧录到Sector 0x00002700 上到Sector 0x000116ff 相当于29.99mb
在按下烧录内核按钮后, 会烧录toc信息到sector为0x200的地址上去,nboot启动的时候会读取这个地址上的toc信息,
Write nboot File Success!
0xFF22::FMD_WriteSector 0x00000200
Write NB0 File......................
0xFF22::FMD_WriteSector 0x00002700
2012年3月14日 11:56:16:
了解格式化,bpInit函数出书啊一些全局变量,建立了一个缓冲,地址是(0x803B0000 | 0x20000000) (程序写死的)
大小为块字节数+sector字节数, 初始化了g_partStateTable[4]为0,
g_pbMBRSector = pMemory; //size = g_FlashInfo.wDataBytesPerSector;
g_pbBlock = pMemory + g_FlashInfo.wDataBytesPerSector; //size = g_dwDataBytesPerBlock;
g_pSectorInfoBuf = (PSectorInfo)(g_pbBlock + g_dwDataBytesPerBlock); //size = g_FlashInfo.wSectorsPerBlock * sizeof(SectorInfo);
g_dwLastLogSector = 0;
BP_LowLevelFormat(nInBufSize,nOutBufSize,0);//nInBufSize等于0x13,nOutBufSize就是可以用的块总数4077
这个函数第一个参数为要操作的块地址,nOutBufSize貌似没用到, 该函数的目的就是写一个固定的512字节的MBR结构体信息
到块的第一个sector.
从块0x13开始检测好块,如果是都是好的,则,g_dwMBRSectorNum=0x13
然后指定:
g_dwMBRSectorNum = dwStartBlock * g_FlashInfo.wSectorsPerBlock;
然后
#define PARTTABLE_OFFSET (SECTOR_SIZE - SIZE_END_SIG - (sizeof(PARTENTRY) * NUM_PARTS))//大概SIZE_END_SIG 为2
memset (g_pbMBRSector, 0xff, g_FlashInfo.wDataBytesPerSector);
g_pbMBRSector[0] = 0xE9;
g_pbMBRSector[1] = 0xfd;
g_pbMBRSector[2] = 0xff;
g_pbMBRSector[SECTOR_SIZE-2] = 0x55;
g_pbMBRSector[SECTOR_SIZE-1] = 0xAA;
// Zero out partition table so that mspart treats entries as empty.
memset (g_pbMBRSector+PARTTABLE_OFFSET, 0, sizeof(PARTENTRY) * NUM_PARTS);
然后:把上面这个512的缓冲数据, 写到nandflash的g_dwMBRSectorNum地址(就是0x1300)上去,
hPart0 = BP_OpenPartition(0x1400,0x14000,PART_BINFS,FALSE,PART_OPEN_ALWAYS);//20块,320块
这个函数,从块0x13中读出MBR信息,然后再信息中把物理sector地址0x1400捆绑到0x2700,建立一个只读的binfs文件系统在0x1400到0x14000区域
然后把这个MBR信息写到块0x13上.
hPart1 = BP_OpenPartition(0x15400,(nOutBufSize+nInBufSize-340-29)*256,PART_DOS32,TRUE,PART_OPEN_ALWAYS);//
未知问题:
ptoc的内容除了pToc->id[dwEntry].dwTtlSectors外,其他都是固定的,那么应该是可以改动到yl-bios中去的,
怎么上电启动第一个应用程序的,
为什么,公司的内核为30MB
附录:
#define NUM_PARTS 4
#define SIZE_END_SIG 2
#define PART_ENTRY_SIG 0xabcdabcd
#define INVALID_ADDR 0xffffffff
#define INVALID_PART 0xffffffff
#define INVALID_HANDLE (HANDLE)-1
// end of sector - 2 bytes for signature - maximum of 4 16-byte partition records
#define PARTTABLE_OFFSET (SECTOR_SIZE - SIZE_END_SIG - (sizeof(PARTENTRY) * NUM_PARTS))
typedef struct _PARTENTRY {
BYTE Part_BootInd; // If 80h means this is boot partition
BYTE Part_FirstHead; // Partition starting head based 0
BYTE Part_FirstSector; // Partition starting sector based 1
BYTE Part_FirstTrack; // Partition starting track based 0
BYTE Part_FileSystem; // Partition type signature field
BYTE Part_LastHead; // Partition ending head based 0
BYTE Part_LastSector; // Partition ending sector based 1
BYTE Part_LastTrack; // Partition ending track based 0
DWORD Part_StartSector; // Logical starting sector based 0
DWORD Part_TotalSectors; // Total logical sectors in partition
} PARTENTRY;
typedef PARTENTRY UNALIGNED *PPARTENTRY;
typedef struct _TOC {
DWORD dwSignature;
// How to boot the images in this TOC.
// This could be moved into the image descriptor if desired,
// but I prefer to conserve space.
BOOT_CFG BootCfg;
// Array of Image Descriptors.
IMAGE_DESCRIPTOR id[MAX_TOC_DESCRIPTORS];
CHAININFO chainInfo;
} TOC, *PTOC; // 512 bytes
typedef struct _IMAGE_DESCRIPTOR {
// File version info
DWORD dwVersion; // e.g: build number
DWORD dwSignature; // e.g: "EBOT", "CFSH", etc
UCHAR ucString[IMAGE_STRING_LEN]; // e.g: "PocketPC_2002"
DWORD dwImageType; // IMAGE_TYPE_ flags
DWORD dwTtlSectors; // TTL image size in sectors.
// We store size in sectors instead of bytes
// to simplify sector reads in Nboot.
DWORD dwLoadAddress; // Virtual address to load image (ImageStart)
DWORD dwJumpAddress; // Virtual address to jump (StartAddress/LaunchAddr)
// This array equates to a sector-based MXIP MultiBINInfo in blcommon.
// Unused entries are zeroed.
// You could chain image descriptors if needed.
SG_SECTOR sgList[MAX_SG_SECTORS];
// BinFS support to load nk region only
//struct
//{
ULONG dwStoreOffset; // byte offset - not needed - remove!
//ULONG RunAddress; // nk dwRegionStart address
//ULONG Length; // nk dwRegionLength in bytes
//ULONG LaunchAddress; // nk dwLaunchAddr
//} NKRegion;
} IMAGE_DESCRIPTOR, *PIMAGE_DESCRIPTOR;
1:nboot 从nandflash的sector地址2*256=0x200地址上读取pToc
2:然后判断pToc是否合法,
3:然后根据pToc的内容, 读取内核信息,然后启动内核:
读内核的起始地址为0x2700(来自pToc->id[dwEntry].sgList[i].dwSector),读到ram的地址为0x30200000(来自pToc的dwLoadAddress)
读的sector数为ECD2相当于29.2MB字节(来自pToc->id[dwEntry].dwTtlSectors)
跳转到内核代码0X30201000(来自VIRTUAL_TO_PHYSICAL(pToc->id[dwEntry].dwJumpAddress) )
了解烧录信息:
擦除按钮是从0x13开始擦除整个nandflash的末尾.
nboot是烧录到sector地址0-7()
内核是烧录到Sector 0x00002700 上到Sector 0x000116ff 相当于29.99mb
在按下烧录内核按钮后, 会烧录toc信息到sector为0x200的地址上去,nboot启动的时候会读取这个地址上的toc信息,
Write nboot File Success!
0xFF22::FMD_WriteSector 0x00000200
Write NB0 File......................
0xFF22::FMD_WriteSector 0x00002700
2012年3月14日 11:56:16:
了解格式化,bpInit函数出书啊一些全局变量,建立了一个缓冲,地址是(0x803B0000 | 0x20000000) (程序写死的)
大小为块字节数+sector字节数, 初始化了g_partStateTable[4]为0,
g_pbMBRSector = pMemory; //size = g_FlashInfo.wDataBytesPerSector;
g_pbBlock = pMemory + g_FlashInfo.wDataBytesPerSector; //size = g_dwDataBytesPerBlock;
g_pSectorInfoBuf = (PSectorInfo)(g_pbBlock + g_dwDataBytesPerBlock); //size = g_FlashInfo.wSectorsPerBlock * sizeof(SectorInfo);
g_dwLastLogSector = 0;
BP_LowLevelFormat(nInBufSize,nOutBufSize,0);//nInBufSize等于0x13,nOutBufSize就是可以用的块总数4077
这个函数第一个参数为要操作的块地址,nOutBufSize貌似没用到, 该函数的目的就是写一个固定的512字节的MBR结构体信息
到块的第一个sector.
从块0x13开始检测好块,如果是都是好的,则,g_dwMBRSectorNum=0x13
然后指定:
g_dwMBRSectorNum = dwStartBlock * g_FlashInfo.wSectorsPerBlock;
然后
#define PARTTABLE_OFFSET (SECTOR_SIZE - SIZE_END_SIG - (sizeof(PARTENTRY) * NUM_PARTS))//大概SIZE_END_SIG 为2
memset (g_pbMBRSector, 0xff, g_FlashInfo.wDataBytesPerSector);
g_pbMBRSector[0] = 0xE9;
g_pbMBRSector[1] = 0xfd;
g_pbMBRSector[2] = 0xff;
g_pbMBRSector[SECTOR_SIZE-2] = 0x55;
g_pbMBRSector[SECTOR_SIZE-1] = 0xAA;
// Zero out partition table so that mspart treats entries as empty.
memset (g_pbMBRSector+PARTTABLE_OFFSET, 0, sizeof(PARTENTRY) * NUM_PARTS);
然后:把上面这个512的缓冲数据, 写到nandflash的g_dwMBRSectorNum地址(就是0x1300)上去,
hPart0 = BP_OpenPartition(0x1400,0x14000,PART_BINFS,FALSE,PART_OPEN_ALWAYS);//20块,320块
这个函数,从块0x13中读出MBR信息,然后再信息中把物理sector地址0x1400捆绑到0x2700,建立一个只读的binfs文件系统在0x1400到0x14000区域
然后把这个MBR信息写到块0x13上.
hPart1 = BP_OpenPartition(0x15400,(nOutBufSize+nInBufSize-340-29)*256,PART_DOS32,TRUE,PART_OPEN_ALWAYS);//
未知问题:
ptoc的内容除了pToc->id[dwEntry].dwTtlSectors外,其他都是固定的,那么应该是可以改动到yl-bios中去的,
怎么上电启动第一个应用程序的,
为什么,公司的内核为30MB
附录:
#define NUM_PARTS 4
#define SIZE_END_SIG 2
#define PART_ENTRY_SIG 0xabcdabcd
#define INVALID_ADDR 0xffffffff
#define INVALID_PART 0xffffffff
#define INVALID_HANDLE (HANDLE)-1
// end of sector - 2 bytes for signature - maximum of 4 16-byte partition records
#define PARTTABLE_OFFSET (SECTOR_SIZE - SIZE_END_SIG - (sizeof(PARTENTRY) * NUM_PARTS))
typedef struct _PARTENTRY {
BYTE Part_BootInd; // If 80h means this is boot partition
BYTE Part_FirstHead; // Partition starting head based 0
BYTE Part_FirstSector; // Partition starting sector based 1
BYTE Part_FirstTrack; // Partition starting track based 0
BYTE Part_FileSystem; // Partition type signature field
BYTE Part_LastHead; // Partition ending head based 0
BYTE Part_LastSector; // Partition ending sector based 1
BYTE Part_LastTrack; // Partition ending track based 0
DWORD Part_StartSector; // Logical starting sector based 0
DWORD Part_TotalSectors; // Total logical sectors in partition
} PARTENTRY;
typedef PARTENTRY UNALIGNED *PPARTENTRY;
typedef struct _TOC {
DWORD dwSignature;
// How to boot the images in this TOC.
// This could be moved into the image descriptor if desired,
// but I prefer to conserve space.
BOOT_CFG BootCfg;
// Array of Image Descriptors.
IMAGE_DESCRIPTOR id[MAX_TOC_DESCRIPTORS];
CHAININFO chainInfo;
} TOC, *PTOC; // 512 bytes
typedef struct _IMAGE_DESCRIPTOR {
// File version info
DWORD dwVersion; // e.g: build number
DWORD dwSignature; // e.g: "EBOT", "CFSH", etc
UCHAR ucString[IMAGE_STRING_LEN]; // e.g: "PocketPC_2002"
DWORD dwImageType; // IMAGE_TYPE_ flags
DWORD dwTtlSectors; // TTL image size in sectors.
// We store size in sectors instead of bytes
// to simplify sector reads in Nboot.
DWORD dwLoadAddress; // Virtual address to load image (ImageStart)
DWORD dwJumpAddress; // Virtual address to jump (StartAddress/LaunchAddr)
// This array equates to a sector-based MXIP MultiBINInfo in blcommon.
// Unused entries are zeroed.
// You could chain image descriptors if needed.
SG_SECTOR sgList[MAX_SG_SECTORS];
// BinFS support to load nk region only
//struct
//{
ULONG dwStoreOffset; // byte offset - not needed - remove!
//ULONG RunAddress; // nk dwRegionStart address
//ULONG Length; // nk dwRegionLength in bytes
//ULONG LaunchAddress; // nk dwLaunchAddr
//} NKRegion;
} IMAGE_DESCRIPTOR, *PIMAGE_DESCRIPTOR;
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- u-boot的norflash驱动分析,以及一些调试信息
- u-boot的NAND初始化分析,及cubieboard移植nand驱动初步分析
- MTD中的nand驱动初步分析---面向u-boot
- arm uboot平台烧录信息
- 全志平台boot框架中增加设备驱动过程分析
- MTD中的nand驱动初步分析---面向u-boot
- BeagleBoneBlack学习(3)——U-Boot中的I2C驱动分析
- 结合2012.10版本的u-boot分析SD卡驱动(笔记)
- linux驱动调试--段错误之oops信息分析
- u-boot的nand驱动写过程分析
- Nexus 9 摄像头驱动中的信息泄漏漏洞(CVE-2016-3794)分析
- u-boot的nand驱动写过程分析
- 全志平台boot框架中增加设备驱动过程分析
- linux驱动调试之段错误分析-根据栈信息分析函数调用过程
- U-Boot NAND FLASH驱动分析
- 千兆网口 Freescale ETSEC + Marvell 88E1111 uboot Linux 驱动分析 一
- linux驱动调试--段错误之oops信息分析
- 千兆网口 Freescale ETSEC + Marvell 88E1111 uboot Linux 驱动分析 一
- nandflash驱动分析 针对K9GAG08U0D uboot1.1.6(下)
- u-boot的nand驱动写过程分析