锋影
e-mail 174176320@qq.com
QNX源码下三大主分支,也是组成QNX系统的三大模块:Initial program loader(IPL)、Startup、Flash Filesystem
1、IPL介绍
IPL是一段初始化启动程序类似于uboot,在启动QNX时也可以用uboot替代,不过IPL更加简洁,启动时间更快。IPL的主要职责就是进行最小的硬件配置以启动Startup程序,从而启动microkernel,至少包括以下工作:
①从重置向量开始执行
②配置内存控制器
③配置时钟
④设置一个栈,以允许IPL库执行操作系统的验证和设置(download, scan, set up, and jump to the OS image)
根据bsp_working_dir/src/hardware/ipl/boards/mx6q_sabresmart/mx6q_sabresmart.lnk的链接来看
TARGET(elf32-littlearm)OUTPUT_FORMAT(elf32-littlearm)ENTRY(_start)MEMORY{ stack : ORIGIN = 0x90C000, LENGTH = 0x1000 rom : ORIGIN = 0x907000, LENGTH = 0x6000}SECTIONS{ .text : { image_header.o (.text.imageheader) *(.text) *(.note.gnu.build-id) *(.rodata*) } > rom . = ALIGN(4); _etext = .; .data : { *(.data) *(.sdata) } > rom . = ALIGN(4); _ecopy = .; .bss : { *(.bss) *(.sbss) } > rom}IPL第一个执行的部分就是bsp_working_dir/src/hardware/ipl/boards/mx6q_sabresmart/_start.S,这是一段汇编代码
_start:/* * 将CPU设置为SVC32管理模式 */mrsr0, cpsrbicr0, r0, #0x1forrr0, r0, #0xd3msrcpsr,r0/* * 禁止 L1 I/D and TLBs */movr0, #0@ set up for MCRmcrp15, 0, r0, c8, c7, 0@ invalidate TLBsmcrp15, 0, r0, c7, c5, 0@ invalidate icache/** 禁止 MMU and Caches*/mrcp15, 0, r0, c1, c0, 0bicr0, r0, #0x00002000@ clear bits 13 (--V-)bicr0, r0, #0x00000007@ clear bits 2:0 (-CAM)orrr0, r0, #0x00000002@ set bit 1 (--A-) Alignorrr0, r0, #0x00000800@ set bit 12 (Z---) BTBmcrp15, 0, r0, c1, c0, 0mrcp15, 0, ip, c1, c0, 0orrip, ip, #(1 << 12)// enable I Cachemcrp15, 0, ip, c1, c0, 0dsbisbmovr0, r0movr0, r0movr0, r0movr0, r0inv_dcache /*禁止D-Cache*/init_l2cc /*禁止I-Cache*//* Setup the Stack */ldrsp, =0x90C000blmain /*跳入C语言代码*/
bsp_working_dir/src/hardware/ipl/boards/mx6q_sabresmart/main.c
int main(){unsigned image = QNX_LOAD_ADDR; //0x18000000char c = 'M'; /* default: load ifs from SD card *//* Allow access to the AIPS registers */init_aips();/* Initialise the system clocks */init_clocks();init_pinmux(); //引脚配置,这里包括串口、装置image的SD/* Init serial interface *//* 115200bps, 80MHz clk, divisor (RFDIV 1-7) 2 */init_sermx6(MX6X_UART1_BASE, 115200, 80000000, 2); //初始化串口ser_putstr("\nWelcome to QNX Neutrino Initial Program Loader for Freescale i.MX6Q Sabre-Smart (ARM Cortex-A9 MPCore)\n");while (1) {if (!c) {ser_putstr("Command:\n");ser_putstr("Press 'D' for serial download, using the 'sendnto' utility\n");ser_putstr("Press 'M' for SDMMC download, IFS filename MUST be 'QNX-IFS'.\n");c = ser_getchar();}switch (c) {case 'D':case 'd':ser_putstr("send image now...\n");if (image_download_ser(image)) {ser_putstr("download failed...\n");c = 0;}elseser_putstr("download OK...\n");break;case 'M':case 'm':ser_putstr("SDMMC download...\n");if (sdmmc_load_file(image, "QNX-IFS") == 0) { //加载image(QNX-IFS),所以需要把编译的好的image 改名为QNX-IFSser_putstr("load image done.\n");/* Proceed to image scan */}else {ser_putstr("Load image failed.\n");c = 0;}break;default:ser_putstr("Unknown command.\n");c = 0;}if (!c) continue;image = image_scan_2(image, image + 0x200,1); //关键函数1if (image != 0xffffffff) {ser_putstr("Found image @ 0x");ser_puthex(image);ser_putstr("\n");image_setup(image); //关键函数2ser_putstr("Jumping to startup @ 0x");ser_puthex(startup_hdr.startup_vaddr);ser_putstr("\n\n");image_start(image); //关键函数3/* Never reach here */return 0;}ser_putstr("Image_scan failed...\n");}return 0;}在分析三个关键函数之前,先了解下一个重要的结构体struct startup_header ,定义在<sys/startup.h>struct startup_header { unsigned long signature; /* 头标志0x00FF7EEB */ unsigned short version; /* mkifs版本号 */ unsigned char flags1; /*IS Misc flags, see below*/ unsigned char flags2; /* No flags defined yet*/ unsigned short header_size; /* sizeof(struct startup_header) */ unsigned short machine; /* 机器型号 sys/elf.h*/ unsigned long startup_vaddr; /* 在IPL执行完后的跳转地址,也就是startup开始执行的地址*/ unsigned long paddr_bias; /*S Value to add to physical address*/ /* to get a value to put into a*/ /* pointer and indirected through*/ unsigned long image_paddr; /* image的物理地址*/ unsigned long ram_paddr; /* 将image复制到RAM中的物理地址*/ unsigned long ram_size; /* image占用RAM空间大小*/ unsigned long startup_size; /* startup大小*/ unsigned long stored_size; /* 整个QNF-IFS大小,包括iamge 和headr*/ unsigned long imagefs_paddr; /* 将IPL设置为映像文件系统的物理地址*/ unsigned long imagefs_size; /* 未压缩映像文件系统的大小*/ unsigned short preboot_size; /*I Size of loaded before header*/ unsigned short zero0; /* Zeros */ unsigned long zero[3]; /* Zeros */ unsigned long info[48]; /*IS Array of startup_info* structures*/};可以很清楚看到各参数的作用,总体来说就IPL就需要这几个步骤
checksum (image_paddr, startup_size)checksum (image_paddr + startup_size, stored_size - startup_size)copy (image_paddr, ram_paddr, startup_size)jump (startup_vaddr)
上面三个关键函数,就是完成这几个步骤的:
关键函数①:
unsigned long image_scan_2 (unsigned long start, unsigned long end, int docksum) {struct startup_header *hdr;/* * image starts on word boundary * We need this scan because it could have 8 raw bytes in front of imagefs * depending on how the IFS is programmed */for (; start < end; start += 4) {hdr = (struct startup_header *)(start);/* No endian issues here since stored "naturally" */if (hdr->signature == STARTUP_HDR_SIGNATURE) //搜寻头标志位,这个一个startup_header开始的标志位 break;}if (start >= end)return (-1L);copy ((unsigned long)(&startup_hdr), start, sizeof(startup_hdr)); // startup_hdr是一个由startup_header定义的全局变量/* now we got the image signature */if (docksum) {#ifdef __ARM__ //检测 startupif (checksum_2(start, startup_hdr.startup_size) != 0) {#elseif (checksum(start, startup_hdr.startup_size) != 0) {#endifser_putstr("startup checksum error\n");return (-1L);}#ifdef __ARM__ //检测 imageif (checksum_2(start + startup_hdr.startup_size, startup_hdr.stored_size - startup_hdr.startup_size) != 0) {#elseif (checksum(start + startup_hdr.startup_size, startup_hdr.stored_size - startup_hdr.startup_size) != 0) {#endifser_putstr("imagefs checksum error\n");return (-1L);}}return (start);}
关键函数②
int image_setup (unsigned long addr) {unsigned longram_addr;//// Copy the data from the address into our structure in memory //copy ((unsigned long)(&startup_hdr), addr, sizeof(startup_hdr));//// get ram_addr and patch startup with the images physical// location. Startup will handle the rest ...//ram_addr = startup_hdr.ram_paddr + startup_hdr.paddr_bias;startup_hdr.imagefs_paddr = addr + startup_hdr.startup_size - startup_hdr.paddr_bias; //// Copy startup to ram_addr.//copy(ram_addr,(unsigned long)(&startup_hdr),sizeof(startup_hdr)); //拷贝startup_header结构体信息copy ((ram_addr+sizeof(startup_hdr)),(addr+sizeof(startup_hdr)), (startup_hdr.startup_size - sizeof(startup_hdr)));//拷贝startup本身//// All set now for image_start //return(0);}关键函数③
int image_start (unsigned long addr) {copy ((unsigned long)(&startup_hdr), addr, sizeof(startup_hdr));//// Options here include custom jump functions,// cast as a function call? use the longjmp call//jump (startup_hdr.startup_vaddr); //跳转到startup开始执行return(-1);}总结: IPL这段精简的代码主要流程如下
①初始化硬件 (汇编代码_start.S)
②将image下载到RAM (sdmmc_load_file())
③定位 OS image (image_scan_2())
④拷贝startup程序 (image_setup())
⑤跳转到加载好的image执行 (image_start())
