Below Android OS – Essentials for new Devices Mark Gross ... Android OS - Essentials...

Click here to load reader

  • date post

    28-Mar-2018
  • Category

    Documents

  • view

    216
  • download

    1

Embed Size (px)

Transcript of Below Android OS – Essentials for new Devices Mark Gross ... Android OS - Essentials...

  • 1

    Below Android OS Essentials for new Devices

    Mark Gross (Intel/UMG)

    Android Open 2011

    rev-1010

  • INTEL CONFIDENTIAL2

    About me

    I've been working on Android at Intel off and on Since early 2008

    I lead the UMG build up of development processes and the implementation for Eclair, Froyo and Gingerbread for the Moorestown hardware. Note: Windriver helped a lot with the initial Eclair port in 2009.

    I've helped with GB on Medfield.

    Lately, I'm more focused on Linux kernel issues and enabling for the next SOC platform but, I still work on Android platform things as well.

    This talk is based on the factory enabling and device management experience I've had while helping with MRST and MFLD.

    Interrupt me to ask questions!

  • INTEL CONFIDENTIAL3

    Introduction and outline

    Overview of Pre OS requirements

    Introduction to device startup

    Manufacturing

    Device management and Provisioning

    Code that exists in AOSP that helps with these:

    Fastboot

    Recovery Image

    Edify Script (recovery-script)

    Build support for OTA updates

  • INTEL CONFIDENTIAL4

    But First, How does it boot?

    A quick overview

  • INTEL CONFIDENTIAL5

    Device boot up

    FW loads some code to test trust and init HW

    FW checks calibration data is still trusted or, there.

    FW decides which OS to boot.

    FW checks that the kernel + RAM disk are trusted

    FW loads kernel + RAM disk into RAM

    FW puts (trusted?) boot parameters into memory.

    FW Jumps to kernel entry point

    Kernel starts init program in ram disk

    Init mounts block devices

    Init starts zygote and rest of android.

  • INTEL CONFIDENTIAL6

    Aside: Trust

    What if device doesn't have it?

    Access to protected content may be at risk

    Access to networks could be at risk

    Battery charging could suffer

    Where is it installed?

    At the factory Trusted fw OS images calibration data

    hard to get trust back if it's lost. Some devices can do this others cannot.

  • INTEL CONFIDENTIAL7

    Boot up

    Key points

    data

    code

    Multiple branch points

    trust

  • INTEL CONFIDENTIAL8

    Manufacturing & Test

    PCB assembly

    Electrical test

    Load FW, recovery OS, and test OS

    Test

    Calibration

    Trusted Storage:

    calibration data

    Certificates and ID's

    Beat rate

    factory automation

  • INTEL CONFIDENTIAL9

    Manufacturing & Test 2

    Final OS is programmed

    Final end user OS check.

    Final wipe

    Put in box.

  • INTEL CONFIDENTIAL10

    Post ship updates

    Over The Air (OTA)

    Service Center fastboot

  • INTEL CONFIDENTIAL11

    Other possible Pre-OS requirements

    Charging OS

    Care mode OS

    Field Trial OS

    FW update environment

    Needs to be hard to brick

  • INTEL CONFIDENTIAL12

    Summary and transition

    There are pre-OS requirements before you get to ship an Android (consumer) device.

    Any questions before we move on to talking about what exists in AOSP to help with all this?

  • INTEL CONFIDENTIAL13

    AOSP support of pre-OS

    Fastboot

    ADB, logger, tombstones, apanic

    Recovery Image

    Edify Scripting

    OTA specific build targets

    Snooze alert: The rest of the talk will drill down on the details of the AOSP build, Fastboot, Recovery image, Edify script, and OTA packaging.

    Its ok to stretch your legs at this point.

  • INTEL CONFIDENTIAL14

    Fastboot 1

    Simple USB bulk interface and protocol defined by google.

    64 byte bulk pipe command/response interface

    Messages : Host: 64byte command or DATA Target: INFO,OKAY,FAIL, DATA

    Fastboot client (master/system/core/fastboot)

    AOSP issue with bit rot and usbdev use messing up serial numbers for parallel flashing: Line 137 usb_linux.c (hack: wIndex = 0x0409) for serial number

    string to work.

  • INTEL CONFIDENTIAL15

    Fastboot 2

    Mostly implemented by FW but can be implemented in a recovery OS or other OS as well.

    Reference implementations and documentation:

    Bootable/bootloader/legacy/fastboot_protocol.txt

    git://android.git.kernel.org/kernel/lk.git

    Kboot based not hard to do.Hack adb gadget driverImplement fastboot daemon on top of gadget

  • INTEL CONFIDENTIAL16

    Recovery 1

    recoveryimage build target:

    Creates ramdisk with kernel image stripped down without dalvic and with file some system tools that can execute scripts.

    Includes adbd and recovery programs See out/target/product/.../recovery/root/* for whats in the image. Ramdisk-recovery.img is compressed cpio of recovery/root/

    Handy root FS for any embedded project not needing lots of UI.

  • INTEL CONFIDENTIAL17

    Recovery 2

    Make recoveryzip : outputs zip file with META-INF/.../updater-* to self install new recovery image

    AOSP example (passion):

    Make recoveryimage (600KB uncompressed ramdisk) Init.rc runs recovery and adbd (see init.rc file)

    Cyanogen example (smb_a1002):

    Make recoveryimage (2MB uncompressed ramdisk) Includes busybox, file system and partitioning tools

  • INTEL CONFIDENTIAL18

    Recovery 3

    recovery unpacks the package file,

    runs command file if present /cache/recovery/command:--update_package=--wipe_data, --wipe_cache--set_encrypted_filesystem --send_intent=anystring

    runs update-binary from the zip package bootable/recovery/recovery.c + device/*/ extensions.

    Updater-script: Packaged with update-binary from zip package

  • INTEL CONFIDENTIAL19

    Edify Script

    scripting language used by recovery program.

    See bootable/recovery/edify/README for some syntax documentation.

    update-script gets executed update-binary both packaged into the zip

    script is placed in a file called update-script under META-INF within a zip file.

    Example (aosp make otapackage): Update-script from full_passion-ota-eng.*.zip

  • INTEL CONFIDENTIAL20

    assert(!less_than_int(1316806556, getprop("ro.build.date.utc")));assert(getprop("ro.product.device") == "passion" || getprop("ro.build.product") == "passion");assert(getprop("ro.bootloader") == "0.35.2017" || getprop("ro.bootloader") == "0.35.0017");

    show_progress(0.500000, 0);Format("yaffs2", "MTD", "system");mount("yaffs2", "MTD", "system", "/system");package_extract_dir("recovery", "/system");package_extract_dir("system", "/system");

    symlink("mksh", "/system/bin/sh");symlink("toolbox", "/system/bin/cat", "/system/bin/chmod", "/system/bin/chown", "/system/bin/cmp", "/system/bin/date", ... "/system/bin/uptime", "/system/bin/vmstat", "/system/bin/watchprops", "/system/bin/wipe");set_perm_recursive(0, 0, 0755, 0644, "/system");

  • INTEL CONFIDENTIAL21

    set_perm_recursive(0, 2000, 0755, 0755, "/system/bin");set_perm(0, 3003, 02750, "/system/bin/netcfg");...set_perm(0, 0, 06755, "/system/xbin/su");

    show_progress(0.200000, 0);show_progress(0.200000, 10);

    assert(package_extract_file("boot.img", "/tmp/boot.img"), write_raw_image("/tmp/boot.img", "boot"), delete("/tmp/boot.img"));

    show_progress(0.100000, 0);

    unmount("/system");

  • INTEL CONFIDENTIAL22

    Edify script build and syntax

    Find edify related bits in AOSP:

    Path: bootable/recovery

    Build/tools/releasetools/edify_generator.py and ota_from_target_files

    Syntax :

    Bootable/recovery/edify/README

    Builtins:

    Bootable/recovery/edify/expr.c (RegisterBuiltins)

    Add-on functions:

    Bootable/recovery/updater/install.c (RegisterInstallFunctions)

    Device/*/*/recovery/ (extensions)

  • INTEL CONFIDENTIAL23

    OTA build targets

    Make otapackage

    Builds OTA zip package from build target files

    updatepackage

    Builds img files from target files for fastboot flashing.

  • INTEL CONFIDENTIAL24

    OTA zip contents

    ./system/*

    ./recovery/*

    ./META-INF/MANIFEST.MF

    ./META-INF/CERT.RSA

    ./META-INF/CERT.SF

    ./META-INF/com/android/metadata

    ./META-INF/com/google/android/update-binary

    ./META-INF/com/google/android/updater-script

  • INTEL CONFIDENTIAL25

    OTA example

    AOSP example:

    Make otapackage Generates large zip package Update-binary runs the update-script to effect an update. Make updater builds the bootable/update/updater target that

    gets copied by the edify_generator.py script to update-binary

    /cache/recovery/command

    /cache/recovery/recovery.log

    /cache/recovery/recovery.intent Written by recovery as part of the processing. Intent gets run

    by main android after rebooting recovery image. Looking for the code that fires this intent.

  • INTEL CONFIDENTIAL26

    Conclusion slide

    There is a LOT of OS work beyond the Android UI

    AOSP has existing code that makes this work easier.

    Fastboot, recovery, edify script, and ota tools

    Don't under estimate the factory automation, testing or, device management development for your devices.

    Don't reinvent the wheel.

    Questions?

  • Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27