1 总述


2 Android启动过程


Android Recovery 解析_第1张图片

图1 android启动过程

系统上电之后,首先是完成一系列的初始化过程,如cpu、串口、中断、timer、DDR等等硬件设备,然后接着加载boot default environmet,为后面内核的加载作好准备。在一些系统启动必要的初始完成之后,将判断是否要进入recovery模式,从图1中可以看出,进入recovery模式有两种情况。一种是检测到有组合按键按下时;另一种是检测到cache/recovery目录下有command这个文件,这个文件有内容有它特定的格式,将在后面讲到。

3 Uboot启动


void start_armboot (void){       .       .       .       for (init_fnc_ptr = init_sequence; *init_fnc_ptr; ++init_fnc_ptr) {              if ((*init_fnc_ptr)() != 0) {                     hang ();              }#ifdef CONFIG_ANDROID_RECOVERY       check_recovery_mode();#endif       /* main_loop() can return to retry autoboot, if so just run it again. */       for (;;) {              main_loop ();       }}


init_fnc_t *init_sequence[] = {#if defined(CONFIG_ARCH_CPU_INIT)       arch_cpu_init,            /* basic arch cpu dependent setup */#endif       board_init,           /* basic board dependent setup */#if defined(CONFIG_USE_IRQ)       interrupt_init,             /* set up exceptions */#endif       timer_init,           /* initialize timer */       env_init,              /* initialize environment */       init_baudrate,            /* initialze baudrate settings */       serial_init,           /* serial communications setup */       console_init_f,           /* stage 1 init of console */       display_banner,          /* say that we are here */#if defined(CONFIG_DISPLAY_CPUINFO)       print_cpuinfo,             /* display cpu info (and speed) */#endif#if defined(CONFIG_DISPLAY_BOARDINFO)       checkboard,         /* display board info */#endif#if defined(CONFIG_HARD_I2C) || defined(CONFIG_SOFT_I2C)       init_func_i2c,#endif       dram_init,            /* configure available RAM banks */#if defined(CONFIG_CMD_PCI) || defined (CONFIG_PCI)       arm_pci_init,#endif       display_dram_config,       NULL,};


int env_init(void){       /* use default */       gd->env_addr = (ulong)&default_environment[0];       gd->env_valid = 1;#ifdef CONFIG_DYNAMIC_MMC_DEVNO       extern int get_mmc_env_devno(void);       mmc_env_devno = get_mmc_env_devno();#else       mmc_env_devno = CONFIG_SYS_MMC_ENV_DEV;#endif       return 0;}


uchar default_environment[] = {       .       .       .#ifdef  CONFIG_EXTRA_ENV_SETTINGS       CONFIG_EXTRA_ENV_SETTINGS#endif       "\0"};


#define  CONFIG_EXTRA_ENV_SETTINGS                                 \              "netdev=eth0\0"                                    \              "ethprime=FEC0\0"                                \              "bootfile=uImage\0"  \              "loadaddr=0x70800000\0"                            \              "rd_loadaddr=0x70D00000\0"        \              "bootargs=console=ttymxc0 init=/init " \                     "androidboot.console=ttymxc0 video=mxcdi1fb:RGB666,XGA " \                     "ldb=di1 di1_primary pmem=32M,64M fbmem=5M gpu_memory=64M\0" \              "bootcmd_SD=mmc read 0 ${loadaddr} 0x800 0x2000;" \                     "mmc read 0 ${rd_loadaddr} 0x3000 0x300\0" \              "bootcmd=run bootcmd_SD; bootm ${loadaddr} ${rd_loadaddr}\0" \


/* export to lib_arm/board.c */void check_recovery_mode(void){       if (check_key_pressing())              setup_recovery_env();       else if (check_recovery_cmd_file()) {              puts("Recovery command file founded!\n");              setup_recovery_env();       }}



int check_recovery_cmd_file(void){       .       .       .       switch (get_boot_device()) {       case MMC_BOOT:       case SD_BOOT:              {                     for (i = 0; i < 2; i++) {                            block_dev_desc_t *dev_desc = NULL;                            struct mmc *mmc = find_mmc_device(i);                            dev_desc = get_dev("mmc", i);                            if (NULL == dev_desc) {                                   printf("** Block device MMC %d not supported\n", i);                                   continue;                            }                            mmc_init(mmc);                            if (get_partition_info(dev_desc, CONFIG_ANDROID_CACHE_PARTITION_MMC,                                                 &info)) {                                   printf("** Bad partition %d **\n",CONFIG_ANDROID_CACHE_PARTITION_MMC);                                   continue;                            }                            part_length = ext2fs_set_blk_dev(dev_desc, CONFIG_ANDROID_CACHE_PARTITION_MMC);                            if (part_length == 0) {                                   printf("** Bad partition - mmc %d:%d **\n", i, CONFIG_ANDROID_CACHE_PARTITION_MMC);                                   ext2fs_close();                                   continue;                            }                            if (!ext2fs_mount(part_length)) {                                   printf("** Bad ext2 partition or "                                          "disk - mmc %d:%d **\n",                                          i, CONFIG_ANDROID_CACHE_PARTITION_MMC);                                   ext2fs_close();                                   continue;                            }                            filelen = ext2fs_open(CONFIG_ANDROID_RECOVERY_CMD_FILE);                            ext2fs_close();                            break;                     }              }              break;       .       .       .}

主要来看看下面这个ext2fs_open所打开的内容,CONFIG_ANDROID_RECOVERY_CMD_FILE,这个正是上面所提到的rocovery cmd file的宏定义,内容如下:

#define CONFIG_ANDROID_RECOVERY_CMD_FILE  "/recovery/command"


void setup_recovery_env(void){       char *env, *boot_args, *boot_cmd;       int bootdev = get_boot_device();       boot_cmd = supported_reco_envs[bootdev].cmd;       boot_args = supported_reco_envs[bootdev].args;       if (boot_cmd == NULL) {              printf("Unsupported bootup device for recovery\n");              return;       }       printf("setup env for recovery..\n");       env = getenv("bootargs_android_recovery");       /* Set env to recovery mode */       /* Only set recovery env when these env not exist, give user a        * chance to change their recovery env */       if (!env)              setenv("bootargs_android_recovery", boot_args);       env = getenv("bootcmd_android_recovery");       if (!env)              setenv("bootcmd_android_recovery", boot_cmd);       setenv("bootcmd", "run bootcmd_android_recovery");}

在这里主要是将bootcmd_android_recovery这个环境变量加到uboot启动的environment中,这样当系统启动加载完root fs之后将不会进入到android的system中,而是进入到了recovery这个轻量级的小UI系统中。

下面我们来看看为什么在uboot的启动环境变量中加入bootcmd_android_recovery这些启动参数的时候,系统就会进入到recovery模式下而不是android system,先看看bootcmd_android_recovery相应的参数:

#define CONFIG_ANDROID_RECOVERY_BOOTARGS_MMC \       "setenv bootargs ${bootargs} init=/init root=/dev/mmcblk1p4"     \       "rootfs=ext4 video=mxcdi1fb:RGB666,XGA ldb=di1 di1_primary"#define CONFIG_ANDROID_RECOVERY_BOOTCMD_MMC  \       "run bootargs_android_recovery;"  \       "mmc read 0 ${loadaddr} 0x800 0x2000;bootm"


sudo mkfs.vfat -F 32 ${NODE}${PART}1 -n sdcardssudo mkfs.ext4 ${NODE}${PART}2 -O ^extent -L systemsudo mkfs.ext4 ${NODE}${PART}4 -O ^extent -L recoverysudo mkfs.ext4 ${NODE}${PART}5 -O ^extent -L datasudo mkfs.ext4 ${NODE}${PART}6 -O ^extent -L cache

这里NODE = /dev/mmcblk1为挂载点,PART = p或者为空,作为分区的检测。可以看出上面在给recovery分区的时候,用的是/dev/mmcblk1p4这个分区,所以当设置了recovery启动模式的时候,root根目录就被挂载到/dev/mmcblk1p4这个recovery分区中来,从而进入recovery模式。

4 recovery



Int main(int argc, char **argv) {       .       .       .    ui_init();    ui_set_background(BACKGROUND_ICON_INSTALLING);    load_volume_table();       .       .       .    while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) {        switch (arg) {        case 'p': previous_runs = atoi(optarg); break;        case 's': send_intent = optarg; break;        case 'u': update_package = optarg; break;        case 'w': wipe_data = wipe_cache = 1; break;        case 'c': wipe_cache = 1; break;        case 'e': encrypted_fs_mode = optarg; toggle_secure_fs = 1; break;        case 't': ui_show_text(1); break;        case '?':            LOGE("Invalid command argument\n");            continue;        }    }    device_recovery_start();       .       .       .    if (update_package)       {        // For backwards compatibility on the cache partition only, if        // we're given an old 'root' path "CACHE:foo", change it to        // "/cache/foo".        if (strncmp(update_package, "CACHE:", 6) == 0)              {            int len = strlen(update_package) + 10;            char* modified_path = malloc(len);            strlcpy(modified_path, "/cache/", len);            strlcat(modified_path, update_package+6, len);            printf("(replacing path \"%s\" with \"%s\")\n",                   update_package, modified_path);            update_package = modified_path;        }              //for update from "/mnt/sdcard/update.zip",but at recovery system is "/sdcard" so change it to "/sdcard"              //ui_print("before:[%s]\n",update_package);        if (strncmp(update_package, "/mnt", 4) == 0)        {        //jump the "/mnt"                     update_package +=4;              }              ui_print("install package from[%s]\n",update_package);     }    printf("\n");    property_list(print_property, NULL);    printf("\n");    int status = INSTALL_SUCCESS;       .       .       .// Recovery strategy: if the data partition is damaged, disable encrypted file systems.        // This preventsthe device recycling endlessly in recovery mode.       .       .       .    if (update_package != NULL)    {        status = install_package(update_package);        if (status != INSTALL_SUCCESS)                     ui_print("Installation aborted.\n");              else              {                     erase_volume("/data");                     erase_volume("/cache");              }    } else if (wipe_data) {        if (device_wipe_data()) status = INSTALL_ERROR;        if (erase_volume("/data")) status = INSTALL_ERROR;        if (wipe_cache && erase_volume("/cache")) status = INSTALL_ERROR;        if (status != INSTALL_SUCCESS) ui_print("Data wipe failed.\n");    } else if (wipe_cache) {        if (wipe_cache && erase_volume("/cache")) status = INSTALL_ERROR;        if (status != INSTALL_SUCCESS) ui_print("Cache wipe failed.\n");    } else {        status = INSTALL_ERROR;  // No command specified    }    if (status != INSTALL_SUCCESS) ui_set_background(BACKGROUND_ICON_ERROR);       //Xandy modify for view the install infomation    //if (status != INSTALL_SUCCESS || ui_text_visible())    if(status != INSTALL_SUCCESS)       {        prompt_and_wait();    }    // Otherwise, get ready to boot the main system...    finish_recovery(send_intent);    ui_print("Rebooting...\n");    sync();    reboot(RB_AUTOBOOT);    return EXIT_SUCCESS;}


//for update from "/mnt/sdcard/update.zip",but at recovery system is "/sdcard" so change it to "/sdcard"              //ui_print("before:[%s]\n",update_package);        if (strncmp(update_package, "/mnt", 4) == 0)        {        //jump the "/mnt"                     update_package +=4;              }



5 恢复出厂设置和固件升级



*      --send_intent=anystring ―― write the text out to recovery.intent*      --update_package=root:path —— verify install an OTA package file*      --wipe_data —— erase user data (and cache), then reboot*      --wipe_cache —— wipe cache (but not user data), then reboot

5.1 恢复出厂设置



public class MasterClearReceiver extends BroadcastReceiver {    private static final String TAG = "MasterClear";    @Override    public void onReceive(final Context context, final Intent intent) {        if (intent.getAction().equals(Intent.ACTION_REMOTE_INTENT)) {            if (!"google.com".equals(intent.getStringExtra("from"))) {                Slog.w(TAG, "Ignoring master clear request -- not from trusted server.");                return;            }        }        Slog.w(TAG, "!!! FACTORY RESET !!!");        // The reboot call is blocking, so we need to do it on another thread.        Thread thr = new Thread("Reboot") {            @Override            public void run() {                try {                    if (intent.hasExtra("enableEFS")) {                        RecoverySystem.rebootToggleEFS(context, intent.getBooleanExtra("enableEFS", false));                    } else {                        RecoverySystem.rebootWipeUserData(context);                    }                    Log.wtf(TAG, "Still running after master clear?!");                } catch (IOException e) {                    Slog.e(TAG, "Can't perform master clear/factory reset", e);                }            }        };        thr.start();    }}


public static void rebootWipeUserData(Context context) throws IOException {        final ConditionVariable condition = new ConditionVariable();        Intent intent = new Intent("android.intent.action.MASTER_CLEAR_NOTIFICATION");        context.sendOrderedBroadcast(intent, android.Manifest.permission.MASTER_CLEAR,                new BroadcastReceiver() {                    @Override                    public void onReceive(Context context, Intent intent) {                        condition.open();                    }                }, null, 0, null, null);        // Block until the ordered broadcast has completed.        condition.block();        bootCommand(context, "--wipe_data");    }



private static void bootCommand(Context context, String arg) throws IOException {        RECOVERY_DIR.mkdirs();  // In case we need it        COMMAND_FILE.delete();  // In case it's not writable        LOG_FILE.delete();        FileWriter command = new FileWriter(COMMAND_FILE);        try {            command.write(arg);            command.write("\n");        } finally {            command.close();        }        // Having written the command file, go ahead and reboot        PowerManager pm = (PowerManager) context.getSystemService(Context.POWER_SERVICE);        pm.reboot("recovery");        throw new IOException("Reboot failed (no permissions?)");    }


/** Used to communicate with recovery.  See bootable/recovery/recovery.c. */private static File RECOVERY_DIR = new File("/cache/recovery");private static File COMMAND_FILE = new File(RECOVERY_DIR, "command");

至此恢复出厂设置的命令就写入了recovery cmd file中去了,通过pm.reboot(“recovery”);重启系统,系统就自动进入到recovery模式自动清除用户数据后再重启系统。

5.2 固件升级


public static void installPackage(Context context, File packageFile)      throws IOException {      String filename = packageFile.getCanonicalPath();      Log.w(TAG, "!!! REBOOTING TO INSTALL " + filename + " !!!");      String arg = "--update_package=" + filename;      bootCommand(context, arg);  }


File packageFile = new File("/sdcard/update.zip");RecoverySystem.installPackage(context, packageFile);



6 ROM的制作


Android Recovery 解析_第2张图片

图3 ROM包中的内容



# Mount system for check figurepoint etc.# mount("ext4", "EMMC","/dev/block/mmcblk0p2", "/system");# Make sure Check system image figurepoint first.# uncomment below lines to check# assert(file_getprop("/system/build.prop", "ro.build.fingerprint") == "freescale/imx53_evk/imx53_evk/imx53_evk:2.2/FRF85B/eng.b33651.20100914.145340:eng/test-keys");# assert(getprop("ro.build.platform) == "imx5x");# unmount("/system");show_progress(0.1, 5);package_extract_dir("updates", "/tmp");#Format system/data/cache partitionui_print("Format disk...");format("ext4","EMMC","/system");format("ext4","EMMC","/data");format("ext4","EMMC","/cache");show_progress(0.2, 10);# Write u-boot to 1K position.# u-boot binary should be a no padding uboot!# For eMMC(iNand) device, needs to unlock boot partition.ui_print("writting u-boot...");sysfs_file_write(" /sys/class/mmc_host/mmc0/mmc0:0001/boot_config", "1");package_extract_file("files/u-boot.bin", "/tmp/u-boot.bin");#ui_print("Clean U-Boot environment...");show_progress(0.2, 5);#simple_dd("/dev/zero","/dev/block/mmcblk0",2048);simple_dd("/tmp/u-boot.bin", "/dev/block/mmcblk0", 2048);#access user partition,and enable boot partion1 to bootsysfs_file_write("/sys/class/mmc_host/mmc0/mmc0:0001/boot_config", "8");
#Set boot width is 8bitssysfs_file_write("/sys/class/mmc_host/mmc0/mmc0:0001/boot_bus_config", "2");show_progress(0.2, 5);
ui_print("extract kernel image...");package_extract_file("files/uImage", "/tmp/uImage");# Write uImage to 1M position.ui_print("writting kernel image");simple_dd("/tmp/uImage", "/dev/block/mmcblk0", 1048576);ui_print("extract uramdisk image...");package_extract_file("files/uramdisk.img", "/tmp/uramdisk.img");# Write uImage to 1M position.ui_print("writting uramdisk image");simple_dd("/tmp/uramdisk", "/dev/block/mmcblk0", 6291456);show_progress(0.2, 50); # You can use two way to update your system which using ext4 system.# dd hole system.img to your mmcblk0p2 partition.package_extract_file("files/system.img", "/tmp/system.img");ui_print("upgrading system partition...");simple_dd("/tmp/system.img", "/dev/block/mmcblk0p2", 0);show_progress(0.1, 5);



// Where in the package we expect to find the edify script to execute.// (Note it's "updateR-script", not the older "update-script".)#define SCRIPT_NAME "META-INF/com/google/android/updater-script"




*      Xandy@ubuntu:~$ mkdir recovery*      Xandy@ubuntu:~$ cd recovery 然后将上面提到的bootable/recovery/etc下的所有内容拷贝到当前目录下并删掉init.rc这个文件*      编译./META-INF/com/google/android/updater-script这个文件使达到我们想要的烧写控制,如果是烧写system.img这样的镜像文件,可以直接用我上面提到的updater-script这个脚本代码。*      拷贝相应的需要制作成ROM的android文件到updates目录或者system目录下,这个得根据系统的需要决定。*      Xandy@ubuntu:~/recovery$ mkdir res*      Xandy@ubuntu:~/recovery$ ~/myandroid/out/host/linux-x86/framework/dumpkey.jar ~/myandroid/build/target/product/security/testkey.x509.pem > res/keys 这里创建一个目录用于存储系统的key值*      zip /tmp/recovery.zip -r ./META-INF ./updates ./res 将所有文件打包*      java -jar ./tools/signapk.jar -w ./tools/testkey.x509.pem ./tools/testkey.pk8 /tmp/recovery.zip update.zip 我在recovery目录下创建了一个tools目录,里面放置了sygnapk.jar、testkey.pk8、testkey.x509.pem这几个文件用于java签名时用

经过上面这几步之后就会在recovery目录生成一个update.zip的文件,这个就是我们自己制作的ROM文件,将它拷到sdcard的根目录下,在系统设置里操作进入到“固件升级状态”,等到系统重启时,就会看到已经开始自行格式化data和cache分区,稍后就开始出现进度条向相应分区里烧写uboot、kernel、android system的文件了!


  1. 浅谈Android系统进程间通信(IPC)机制Binder中的Server和Client获得
  2. Android录音文件在IOS上播放不出来的问题
  3. Android实现TextView中文字链接的4种方式介绍及代码
  4. Android的属性Property系统
  5. Android 事件拦截/分发机制 (图解+代码)
  6. 几行代码看程序员的水平——Android文件命名规范
  7. Android — 创建文件及文件夹
  8. Android文件选择器的实例分享
  9. Android的程序解码与XML文件解码


  1. 基于rk3288平台android5.1系统的wifi流程
  2. [Android]使用Spring for Android改善数
  3. 安卓学习日记(一):了解安卓架构(linux内核层
  4. android 2.3 频率管理
  5. Android Studio 集成git上传项目至GitHub
  6. Android(安卓)Gradle 插件(二)
  7. Android基础-------Android通知Notificat
  8. 大佬就是强!意外收获字节跳动内部资料——
  9. 构建自己的Android代码托管服务器
  10. 官方 Kotlin 课程 | 学习使用 Kotlin 进