1

Below Android OS Essentials for new Devices

Mark Gross (Intel/UMG)

Android Open 2011

rev-1010

INTEL CONFIDENTIAL2

About me

I've been working on Android at Intel off and on Since early 2008

I lead the UMG build up of development processes and the implementation for Eclair, Froyo and Gingerbread for the Moorestown hardware. Note: Windriver helped a lot with the initial Eclair port in 2009.

I've helped with GB on Medfield.

Lately, I'm more focused on Linux kernel issues and enabling for the next SOC platform but, I still work on Android platform things as well.

This talk is based on the factory enabling and device management experience I've had while helping with MRST and MFLD.

Interrupt me to ask questions!

INTEL CONFIDENTIAL3

Introduction and outline

Overview of Pre OS requirements

Introduction to device startup

Manufacturing

Device management and Provisioning

Code that exists in AOSP that helps with these:

Fastboot

Recovery Image

Edify Script (recovery-script)

Build support for OTA updates

INTEL CONFIDENTIAL4

But First, How does it boot?

A quick overview

INTEL CONFIDENTIAL5

Device boot up

FW loads some code to test trust and init HW

FW checks calibration data is still trusted or, there.

FW decides which OS to boot.

FW checks that the kernel + RAM disk are trusted

FW loads kernel + RAM disk into RAM

FW puts (trusted?) boot parameters into memory.

FW Jumps to kernel entry point

Kernel starts init program in ram disk

Init mounts block devices

Init starts zygote and rest of android.

INTEL CONFIDENTIAL6

Aside: Trust

What if device doesn't have it?

Access to protected content may be at risk

Access to networks could be at risk

Battery charging could suffer

Where is it installed?

At the factory Trusted fw OS images calibration data

hard to get trust back if it's lost. Some devices can do this others cannot.

INTEL CONFIDENTIAL7

Boot up

Key points

data

code

Multiple branch points

trust

INTEL CONFIDENTIAL8

Manufacturing & Test

PCB assembly

Electrical test

Load FW, recovery OS, and test OS

Test

Calibration

Trusted Storage:

calibration data

Certificates and ID's

Beat rate

factory automation

INTEL CONFIDENTIAL9

Manufacturing & Test 2

Final OS is programmed

Final end user OS check.

Final wipe

Put in box.

INTEL CONFIDENTIAL10

Post ship updates

Over The Air (OTA)

Service Center fastboot

INTEL CONFIDENTIAL11

Other possible Pre-OS requirements

Charging OS

Care mode OS

Field Trial OS

FW update environment

Needs to be hard to brick

INTEL CONFIDENTIAL12

Summary and transition

There are pre-OS requirements before you get to ship an Android (consumer) device.

Any questions before we move on to talking about what exists in AOSP to help with all this?

INTEL CONFIDENTIAL13

AOSP support of pre-OS

Fastboot

ADB, logger, tombstones, apanic

Recovery Image

Edify Scripting

OTA specific build targets

Snooze alert: The rest of the talk will drill down on the details of the AOSP build, Fastboot, Recovery image, Edify script, and OTA packaging.

Its ok to stretch your legs at this point.

INTEL CONFIDENTIAL14

Fastboot 1

Simple USB bulk interface and protocol defined by google.

64 byte bulk pipe command/response interface

Messages : Host: 64byte command or DATA Target: INFO,OKAY,FAIL, DATA

Fastboot client (master/system/core/fastboot)

AOSP issue with bit rot and usbdev use messing up serial numbers for parallel flashing: Line 137 usb_linux.c (hack: wIndex = 0x0409) for serial number

string to work.

INTEL CONFIDENTIAL15

Fastboot 2

Mostly implemented by FW but can be implemented in a recovery OS or other OS as well.

Reference implementations and documentation:

Bootable/bootloader/legacy/fastboot_protocol.txt

git://android.git.kernel.org/kernel/lk.git

Kboot based not hard to do.Hack adb gadget driverImplement fastboot daemon on top of gadget

INTEL CONFIDENTIAL16

Recovery 1

recoveryimage build target:

Creates ramdisk with kernel image stripped down without dalvic and with file some system tools that can execute scripts.

Includes adbd and recovery programs See out/target/product/.../recovery/root/* for whats in the image. Ramdisk-recovery.img is compressed cpio of recovery/root/

Handy root FS for any embedded project not needing lots of UI.

INTEL CONFIDENTIAL17

Recovery 2

Make recoveryzip : outputs zip file with META-INF/.../updater-* to self install new recovery image

AOSP example (passion):

Make recoveryimage (600KB uncompressed ramdisk) Init.rc runs recovery and adbd (see init.rc file)

Cyanogen example (smb_a1002):

Make recoveryimage (2MB uncompressed ramdisk) Includes busybox, file system and partitioning tools

INTEL CONFIDENTIAL18

Recovery 3

recovery unpacks the package file,

runs command file if present /cache/recovery/command:--update_package=--wipe_data, --wipe_cache--set_encrypted_filesystem --send_intent=anystring

runs update-binary from the zip package bootable/recovery/recovery.c + device/*/ extensions.

Updater-script: Packaged with update-binary from zip package

INTEL CONFIDENTIAL19

Edify Script

scripting language used by recovery program.

See bootable/recovery/edify/README for some syntax documentation.

update-script gets executed update-binary both packaged into the zip

script is placed in a file called update-script under META-INF within a zip file.

Example (aosp make otapackage): Update-script from full_passion-ota-eng.*.zip

INTEL CONFIDENTIAL20

assert(!less_than_int(1316806556, getprop("ro.build.date.utc")));assert(getprop("ro.product.device") == "passion" || getprop("ro.build.product") == "passion");assert(getprop("ro.bootloader") == "0.35.2017" || getprop("ro.bootloader") == "0.35.0017");

show_progress(0.500000, 0);Format("yaffs2", "MTD", "system");mount("yaffs2", "MTD", "system", "/system");package_extract_dir("recovery", "/system");package_extract_dir("system", "/system");

symlink("mksh", "/system/bin/sh");symlink("toolbox", "/system/bin/cat", "/system/bin/chmod", "/system/bin/chown", "/system/bin/cmp", "/system/bin/date", ... "/system/bin/uptime", "/system/bin/vmstat", "/system/bin/watchprops", "/system/bin/wipe");set_perm_recursive(0, 0, 0755, 0644, "/system");

INTEL CONFIDENTIAL21

set_perm_recursive(0, 2000, 0755, 0755, "/system/bin");set_perm(0, 3003, 02750, "/system/bin/netcfg");...set_perm(0, 0, 06755, "/system/xbin/su");

show_progress(0.200000, 0);show_progress(0.200000, 10);

assert(package_extract_file("boot.img", "/tmp/boot.img"), write_raw_image("/tmp/boot.img", "boot"), delete("/tmp/boot.img"));

show_progress(0.100000, 0);

unmount("/system");

INTEL CONFIDENTIAL22

Edify script build and syntax

Find edify related bits in AOSP:

Path: bootable/recovery

Build/tools/releasetools/edify_generator.py and ota_from_target_files

Syntax :

Bootable/recovery/edify/README

Builtins:

Bootable/recovery/edify/expr.c (RegisterBuiltins)

Add-on functions:

Bootable/recovery/updater/install.c (RegisterInstallFunctions)

Device/*/*/recovery/ (extensions)

INTEL CONFIDENTIAL23

OTA build targets

Make otapackage

Builds OTA zip package from build target files

updatepackage

Builds img files from target files for fastboot flashing.

INTEL CONFIDENTIAL24

OTA zip contents

./system/*

./recovery/*

./META-INF/MANIFEST.MF

./META-INF/CERT.RSA

./META-INF/CERT.SF

./META-INF/com/android/metadata

./META-INF/com/google/android/update-binary

./META-INF/com/google/android/updater-script

INTEL CONFIDENTIAL25

OTA example

AOSP example:

Make otapackage Generates large zip package Update-binary runs the update-script to effect an update. Make updater builds the bootable/update/updater target that

gets copied by the edify_generator.py script to update-binary

/cache/recovery/command

/cache/recovery/recovery.log

/cache/recovery/recovery.intent Written by recovery as part of the processing. Intent gets run

by main android after rebooting recovery image. Looking for the code that fires this intent.

INTEL CONFIDENTIAL26

Conclusion slide

There is a LOT of OS work beyond the Android UI

AOSP has existing code that makes this work easier.

Fastboot, recovery, edify script, and ota tools

Don't under estimate the factory automation, testing or, device management development for your devices.

Don't reinvent the wheel.

Questions?

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27