Uboot start Zimage (GO) and uimage (BOOTM) analysis

This is a creation in Article, where the information may have evolved or changed.

1. Differences between.
BOOTM load Linux image is loaded uiamge,uiamge is produced by Mkimage, and ziamge difference is uiamge is ziamge compressed, BOOTM need to extract the uiamge first, decompression address as the kernel entry address. When the decompression is complete uiamge and ziamge are almost the same, the specific differences can be discussed. Uboot currently can only support uimage boot, does not support zimage boot
2.BOOTM Decompression Process
---------------------------------------------------------------------------
# # Booting image at 08808000 ...
Image name:linux-2.6.14.7
Image Type:arm Linux Kernel image (uncompressed)
Data size:989172 Bytes = 966 KB
Load address:08008000
Entry point:08008000
Verifying Checksum ... Ok
OK uboot BOOTM command to UIAMGE decompression operation
---------------------------------------------------------------------------
Starting kernel ...
Passing the kernel parameter gives control to Arch/arm/boot/compressed]head. S
----------------------------------------------------------------------------
such as Mx1ads team memory start address is 0x0800_0000, through tftp download to 0x0800_8000 +offset, offset greater than 0x80_0000, that is tftp 0x0880_8000 then Bootm 0x0880_8000 that
Unzip the uiamge at the 0x0880_8000 location, which is the kernel entry address 0x0800_8000 mkimage set.
2.BOOTM Kernel boot Analysis
By analyzing the uboot to give control to kernel's moment, we can know what Bootm started the Linux kernel and what it did.
Specific source code in uboot1.16 lib_arm/armlinux.c do_bootm_linux (), we are interested to see the source, here is not careful analysis, online information super.
void (*thekernel) (int zero, int arch, UINT params) controls the handover of control from Uboot to Linux through the operation of this function pointer.
The function can be equivalent to set pc=0x0800_8000, R0=0, r1=0xa0 (ID of mx1ads chip), r2=0x08000100 (Bootargs parameter base).
I passed the emulator, set a command breakpoint at 0x0800_8000, and you can see the action uboot do in that instant.

>BKM>DR//View current time Universal Register value
R00 = 00000000 R01 = 000000a0 R02 = 08000100 R03 = 08008000
R04 = 00000000 R05 = 08000124 R06 = 083dc0a9 R07 = 0841bc9c
R08 = 083DBFDC R09 = 083E0260 R10 (SL) = 00000000 R11 (FP) = 00000002
R12 (IP) = 083dbfc0 R13 (SP) = 083dbd44 R14 (LR) = 08413984 PC = 08008000
CPSR = 600000d3 SPSR = b00000ff

>bkm>di 0x08008000//disassemble the address area code
08008000:mov r0,r0
08008004:mov r0,r0
08008008:mov r0,r0
0800800c:mov r0,r0
08008010:mov r0,r0
08008014:mov r0,r0
08008018:mov r0,r0
0800801c:mov r0,r0
08008020:b 0x8008030
08008024:. Long 0x16f2818
08008028:andeq r0,r0,r0
0800802C:STREQD R1,[PC],-R4
08008030:mov R7,R1
08008034:mov R8, #0
08008038:mrs R2,CPSR
0800803C:TST R2, #3
08008040:bne 0x800804c
08008044:mov R0, #0x17
08008048:swi 0x123456
0800804c:mrs R2,CPSR
08008050:orr R2,R2, #0xC0
08008054:MSR CPSR_C,R2
08008058:andeq r0,r0,r0
0800805c:andeq r0,r0,r0
08008060:add r0,pc, #0xC8
08008064:ldmia R0,{r1,r2,r3,r4,r5,r6,r12,r13}
08008068:sub R0,R0,R1
0800806c:beq 0x800809c

>bkm>dml 0x08000100 0x50//uboot Bootargs
08000100:00000005 54410001 00000000 00000000 ..... Ta..........
08000110:00000000 00000004 54410002 04000000 ..... Ta......
08000120:08000000 0000000F 54410009 736e6f63 ... Ta.. Snoc
08000130:3d656c6f 53797474 2c30584d 32353131 =elosytt,0xm2511
08000140:386e3030 3d706920 746f6f62 6f722070 8n00=pi Toobor p
08000150:2f3d746f 2f766564 0073666E 00000000/=to/ved.sfn ....
08000160:00000000 00000000 00000000 00000000 ..........
Through the emulator can be very clear see Bootm has completed 2 parts of the work. We can analyze Bootm source code
1.set Bootargs Pass Parameters
2.set pc=0x0800_8000, r0=0, r1=0xa0
3. Contrast Zimage analysis
Download Zimage directly to the 0x0800_8000 address via the TFTP 0x0800_8000 command
At this time the 0x08008000 disassembly can be obtained and arch/arm/boot/compressed/head. s consistent assembler code that explains this is the entrance to the kernel
08008000:MSR Cpsr_c, #0xD3
08008004:BL 0x8008150
08008008:mov R10,R5
0800800c:beq 0x8008148
08008010:BL 0x80081b0
08008014:mov R8,R5
08008018:beq 0x8008148
0800801C:BL 0x80080d8
08008020:ldr R13,[pc,#+4]
08008024:add r14,pc, #0x68
08008028:add Pc,r10, #0xC
0800802C:ANDGT R8,R0,R0,ASR R0
08008030:ANDGT r2,r11,r0
08008034:ANDGT r2,r11,r0
08008038:ANDGT R2,R12,R0,LSL #1
0800803c:ldrgth R14,[r13],-r12
08008040:ANDGT R5,r12,r12,asr #1
08008044:mulgts r12,r12,r0
08008048:ANDGT R5,r11,r12,asr #0x13
0800804c:ldrgtsh R3,[R11],-R8
08008050:sub r3,pc, #0x28
08008054:ldmia R3!,{R4,R5,R6,R7}
08008058:CMP R4,R5
0800805c:cmpne R5,R6
08008060:ldrne r11,[r4],#+4
08008064:strne r11,[r5],#+4
08008068:bne 0x800805c
0800806c:mov R11, #0
08008070:CMP R6,R7
08008074:STRCC r11,[r6],#+4
08008078:BCC 0x8008070
0800807c:ldmia R3,{r4,r5,r6,r13}
08008080:str R9,[r4,#+0]
The GO command go 0x08008000,go command is essentially changing the current PC value, i.e. Pc=go 0x08008000
Breakpoint position is 0x08008000, use go will stop at 0x08008000
>BKM>DR//At this time the universal register value is
R00 = 00000000 R01 = 083E0264 R02 = 000f0000 R03 = 0000000C
R04 = 08008000 R05 = 08808000 R06 = 41129200 R07 = 083E0264
R08 = 08000000 R09 = 18000000 R10 (SL) = 00000000 R11 (FP) = 00000020
R12 (IP) = 08808354 R13 (SP) = 088E9464 R14 (LR) = 08808298 PC = 08008000
CPSR = 400000d3 SPSR = b00000ff
Uboot Bootargs
08000100:00000000 00000000 00000000 00000000 ..........
08000110:00000000 00000000 00000000 00000000 ..........
08000120:00000000 00000000 00000000 00000000 ..........
08000130:00000000 00000000 00000000 00000000 ..........
08000140:00000000 00000000 00000000 00000000 ..........
08000150:00000000 00000000 00000000 00000000 ..........
08000160:00000000 00000000 00000000 00000000 ..........
08000170:00000000 00000000 00000000 00000000 ..........
08000180:00000000 00000000 00000000 00000000 ..........
08000190:00000000 00000000 00000000 00000000 ..........
080001a0:00000000 00000000 00000000 00000000 ..........
This time found that kernel could not start correctly zimage
4, the Go command is modified by simulator
A. Change the general register value to
R00 = 00000000 R01 = 000000a0 R02 = 08000100 R03 = 0000000C
R04 = 08008000 R05 = 08808000 R06 = 41129200 R07 = 083E0264
R08 = 08000000 R09 = 18000000 R10 (SL) = 00000000 R11 (FP) = 00000020
R12 (IP) = 08808354 R13 (SP) = 088E9464 R14 (LR) = 08808298 PC = 08008000
CPSR = 400000d3 SPSR = b00000ff
B. Modifying the value of a 0x08000100 address through the emulator
SML 0x08000100 00000005 54410001 00000000 00000000 00000000 00000004 54410002 04000000 08000000 0000000F 54410009 736E6F63
SML 0x08000130 3d656c6f 53797474 2c30584d 32353131 386E3030 3d706920 746f6f62 6f722070 2f3d746f 2f766564 0073666E 00000000
>BKM>DML 0x08000100 0x50
08000100:00000005 54410001 00000000 00000000 ..... Ta..........
08000110:00000000 00000004 54410002 04000000 ..... Ta......
08000120:08000000 0000000F 54410009 736e6f63 ... Ta.. Snoc
08000130:3d656c6f 53797474 2c30584d 32353131 =elosytt,0xm2511
08000140:386e3030 3d706920 746f6f62 6f722070 8n00=pi Toobor p
08000150:2f3d746f 2f766564 0073666E 00000000/=to/ved.sfn ....
08000160:00000000 00000000 00000000 00000000 ..........
Then let the program execute, so that through Uboot can also allow Zimage to execute.

The difference between go and BOOTM is that go just rewrites the PC value, and Bootm delivers R0,R1,R2 and Bootargs