Below Android OS – Essentials for new Devices Mark Gross ...assets.en.oreilly.com/1/event/68/Below...

1

Below Android OS – Essentials for new Devices

Mark Gross (Intel/UMG)

Android Open 2011

rev-1010

INTEL CONFIDENTIAL2

About me

I've been working on Android at Intel off and on Since early 2008

I lead the UMG build up of development processes and the implementation for Eclair, Froyo and Gingerbread for the Moorestown hardware.– Note: Windriver helped a lot with the initial Eclair port in 2009.

I've helped with GB on Medfield.

Lately, I'm more focused on Linux kernel issues and enabling for the next SOC platform but, I still work on Android platform things as well.

This talk is based on the factory enabling and device management experience I've had while helping with MRST and MFLD.

Interrupt me to ask questions!

INTEL CONFIDENTIAL3

Introduction and outline

Overview of Pre OS requirements

• Introduction to device startup

• Manufacturing

• Device management and Provisioning

Code that exists in AOSP that helps with these:

• Fastboot

• Recovery Image

• Edify Script (recovery-script)

• Build support for OTA updates

INTEL CONFIDENTIAL4

But First, How does it boot?

A quick overview

INTEL CONFIDENTIAL5

Device boot up

FW loads some code to test trust and init HW

FW checks calibration data is still trusted or, there.

FW decides which OS to boot.

FW checks that the kernel + RAM disk are trusted

FW loads kernel + RAM disk into RAM

FW puts (trusted?) boot parameters into memory.

FW Jumps to kernel entry point

Kernel starts init program in ram disk

Init mounts block devices

Init starts zygote and rest of android.

INTEL CONFIDENTIAL6

Aside: Trust

What if device doesn't have it?

• Access to protected content may be at risk

• Access to networks could be at risk

• Battery charging could suffer

Where is it installed?

• At the factory– Trusted fw– OS images– calibration data

• hard to get trust back if it's lost.– Some devices can do this others cannot.

INTEL CONFIDENTIAL7

Boot up

Key points

• data

• code

• Multiple branch points

• trust

INTEL CONFIDENTIAL8

Manufacturing & Test

PCB assembly

Electrical test

Load FW, recovery OS, and test OS

Test

Calibration

Trusted Storage:

• calibration data

• Certificates and ID's

Beat rate

factory automation

INTEL CONFIDENTIAL9

Manufacturing & Test 2

Final OS is programmed

Final end user OS check.

Final wipe

Put in box.

INTEL CONFIDENTIAL10

Post ship updates

Over The Air (OTA)

Service Center – fastboot


Other possible Pre-OS requirements

Charging OS

Care mode OS

Field Trial OS

FW update environment

• Needs to be hard to brick


Summary and transition

There are pre-OS requirements before you get to ship an Android (consumer) device.

Any questions before we move on to talking about what exists in AOSP to help with all this?


AOSP support of pre-OS

Fastboot

• ADB, logger, tombstones, apanic

Recovery Image

Edify Scripting

OTA specific build targets

Snooze alert: The rest of the talk will drill down on the details of the AOSP build, Fastboot, Recovery image, Edify script, and OTA packaging.

Its ok to “stretch your legs” at this point.


Fastboot 1

Simple USB bulk interface and protocol defined by google.

64 byte bulk pipe command/response interface

• Messages : – Host: “64byte command” or “DATA”– Target: “INFO”,”OKAY”,”FAIL”, “DATA”

Fastboot client (master/system/core/fastboot)

• AOSP issue with bit rot and usbdev use messing up serial numbers for parallel flashing:– Line 137 usb_linux.c (hack: wIndex = 0x0409) for serial number

string to work.


Fastboot 2

Mostly implemented by FW but can be implemented in a recovery OS or other OS as well.

Reference implementations and documentation:

• Bootable/bootloader/legacy/fastboot_protocol.txt

• git://android.git.kernel.org/kernel/lk.git

• Kboot based not hard to do.–Hack adb gadget driver–Implement fastboot daemon on top of gadget


Recovery 1

recoveryimage build target:

• Creates ramdisk with kernel image stripped down without dalvic and with file some system tools that can execute scripts.

• Includes adbd and recovery programs– See out/target/product/.../recovery/root/* for whats in the image.– Ramdisk-recovery.img is compressed cpio of recovery/root/

Handy root FS for any embedded project not needing lots of UI.


Recovery 2

Make recoveryzip : outputs zip file with META-INF/.../updater-* to self install new recovery image

AOSP example (passion):

• Make recoveryimage (600KB uncompressed ramdisk)– Init.rc runs recovery and adbd (see init.rc file)

Cyanogen example (smb_a1002):

• Make recoveryimage (2MB uncompressed ramdisk)– Includes busybox, file system and partitioning tools


Recovery 3

recovery unpacks the package file,

• runs command file if present– /cache/recovery/command:–--update_package=<path>–--wipe_data, --wipe_cache–--set_encrypted_filesystem –--send_intent=”anystring”

• runs update-binary from the zip package– bootable/recovery/recovery.c + device/*/ extensions.

• Updater-script:– Packaged with update-binary from zip package


Edify Script

scripting language used by recovery program.

• See bootable/recovery/edify/README for some syntax documentation.

• update-script gets executed update-binary– both packaged into the zip

script is placed in a file called update-script under META-INF within a zip file.

• Example (aosp “make otapackage”):– Update-script from full_passion-ota-eng.*.zip


assert(!less_than_int(1316806556, getprop("ro.build.date.utc")));assert(getprop("ro.product.device") == "passion" || getprop("ro.build.product") == "passion");assert(getprop("ro.bootloader") == "0.35.2017" || getprop("ro.bootloader") == "0.35.0017");

show_progress(0.500000, 0);Format("yaffs2", "MTD", "system");mount("yaffs2", "MTD", "system", "/system");package_extract_dir("recovery", "/system");package_extract_dir("system", "/system");

symlink("mksh", "/system/bin/sh");symlink("toolbox", "/system/bin/cat", "/system/bin/chmod", "/system/bin/chown", "/system/bin/cmp", "/system/bin/date", ... "/system/bin/uptime", "/system/bin/vmstat", "/system/bin/watchprops", "/system/bin/wipe");set_perm_recursive(0, 0, 0755, 0644, "/system");


set_perm_recursive(0, 2000, 0755, 0755, "/system/bin");set_perm(0, 3003, 02750, "/system/bin/netcfg");...set_perm(0, 0, 06755, "/system/xbin/su");

show_progress(0.200000, 0);show_progress(0.200000, 10);

assert(package_extract_file("boot.img", "/tmp/boot.img"), write_raw_image("/tmp/boot.img", "boot"), delete("/tmp/boot.img"));

show_progress(0.100000, 0);

unmount("/system");


Edify script build and syntax

Find edify related bits in AOSP:

• Path: bootable/recovery

• Build/tools/releasetools/edify_generator.py and ota_from_target_files

Syntax :

• Bootable/recovery/edify/README

Builtins:

• Bootable/recovery/edify/expr.c (RegisterBuiltins)

Add-on functions:

• Bootable/recovery/updater/install.c (RegisterInstallFunctions)

• Device/*/*/recovery/ (extensions)


OTA build targets

Make otapackage

• Builds OTA zip package from build target files

updatepackage

• Builds img files from target files for fastboot flashing.


OTA zip contents

./system/*

./recovery/*

./META-INF/MANIFEST.MF

./META-INF/CERT.RSA

./META-INF/CERT.SF

./META-INF/com/android/metadata

./META-INF/com/google/android/update-binary

./META-INF/com/google/android/updater-script


OTA example

AOSP example:

• Make otapackage– Generates large zip package– Update-binary runs the update-script to effect an update.– Make updater builds the bootable/update/updater target that

gets copied by the edify_generator.py script to update-binary

• /cache/recovery/command

• /cache/recovery/recovery.log

• /cache/recovery/recovery.intent – Written by recovery as part of the processing. Intent gets run

by main android after rebooting recovery image.– Looking for the code that fires this intent.


Conclusion slide

There is a LOT of OS work beyond the Android UI

AOSP has existing code that makes this work easier.

• Fastboot, recovery, edify script, and ota tools

Don't under estimate the factory automation, testing or, device management development for your devices.

Don't reinvent the wheel.

Questions?

Below Android OS – Essentials for new Devices Mark Gross ...assets.en.oreilly.com/1/event/68/Below...

Documents

Transcript of Below Android OS – Essentials for new Devices Mark Gross ...assets.en.oreilly.com/1/event/68/Below...