A bootloader is a vendor-proprietary image responsible for bringing up the
kernel on a device. It guards the device state and is responsible for
initializing the Trusted Execution Environment and
binding its root of trust. The bootloader also verifies the integrity of the
recovery partitions before moving execution to the kernel, and
displays boot state warnings.
To start boot, the bootloader may directly flash a new image into an appropriate
partition or use
recovery to start the reflashing process used for an
over-the-air (OTA) update. Some device manufacturers create multipart
bootloaders and then combine them into a single
bootloader.img file; at flash
time, the bootloader extracts and flashes all individual bootloaders.
Example bootloader flow:
The bootloader loads first and initializes memory.
If A/B updates are used, the bootloader determines the current slot to boot.
The bootloader determines if recovery mode should be booted (see Supporting updates).
The bootloader loads the boot image, which contains the kernel and ramdisk images.
The bootloader loads the kernel into memory as a self-executable compressed binary. The kernel then decompresses itself and starts executing into memory.
The bootloader loads
init, either from the
ramdiskpartition (on older devices) or from the system partition (on newer devices).
From the system partition,
initlaunches and mounts all other partitions (such as
odm), and then starts executing code to start the device.
Kernel command line
Concatenate the kernel command line from the following locations:
Bootloader command line: set of static and dynamic parameters determined by the bootloader
Device Tree: from the chosen/bootargs node
boot.img: from cmdline (for offsets and sized, refer to
A canonical reboot or shutdown reason compliant with the Android Compatibility Definition Document as determined from the power management integrated circuit (PMIC), other hardware resources, and reboot magic arguments (
LINUX_REBOOT_CMD_RESTART2) messaging. Syntax is:
Support for device trees and device tree overlays
The bootloader can support different configurations by identifying the device hardware/product revision then loading the correct set of device tree overlays.
Support for kernel address space layout randomization
To support randomizing the virtual address at which the kernel image is loaded
(enabled by the
RANDOMIZE_BASE kernel config), the bootloader must provide
entropy by passing a random u64 value in the
/chosen/kaslr-seed device tree
Support for verified boot
For details on using the bootloader to implement verified boot, see Verifying Boot.