[Question]Convert/Link binary to vmlinux/bZimage image

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
dstyl
Posts: 6
Joined: Thu Jan 29, 2015 2:10 pm

[Question]Convert/Link binary to vmlinux/bZimage image

Post by dstyl »

I’m trying to write a chain-loader for clover2 that will start it on an x86 device that only has an android boot-loader available.
The boot image contains an file called zImage, and also an second.bin file that seems to extract the zImage.Passing it through the file command its revealed that its an generic pc(bios) x86 kernel in bzImage format.

Code: Select all

zImage: Linux kernel x86 boot executable bzImage, version 3.10.72BORETS-x86_64_moor (borets@borets) #8 SMP PREEMPT Thu Ja, RO-rootFS, swap_dev 0x8, Normal VGA
As i understand the boot process it s something like this.

1.IPL initializes hw and loads SPL.
2.SPL loads aboot.
3.aboot loads boot.img into ram.
4.aboot sets sp to second.bin
5.second.bin extracts bzImage of kernel
6.second.bin jumps to kernel entry point.
7.Android starts.

Ive already replaced the second.bin file with my own binary written in asm to try to write to the screen at address 0:0xb8000.
The device just does nothing for 10 seconds and then loads the recovery menu.
Does someone know how to link a generic c programm into an vmlinux/bzImage file so i could try to get more information from this state?
Thanks a lot in advance.
Top
Octocontrabass
Member
Member
Posts: 5586
Joined: Mon Mar 25, 2013 7:01 pm

Re: [Question]Convert/Link binary to vmlinux/bZimage image

Post by Octocontrabass »

dstyl wrote:an x86 device
Which x86 device?
dstyl wrote:android
Is the bootloader locked? You won't be able to run unsigned code with a locked bootloader.
dstyl wrote:The boot image contains an file called zImage, and also an second.bin file that seems to extract the zImage.
How did you figure out that's what second.bin does?
Top
dstyl
Posts: 6
Joined: Thu Jan 29, 2015 2:10 pm

Re: [Question]Convert/Link binary to vmlinux/bZimage image

Post by dstyl »

Its an asus zenfone 2, its just an generic x86 phablet with blinkboot instead of a full bios/uefi.

https://marketplace.windriver.com/index ... =76&cat=18
i found it on the device at the mmcblk0boot0 partition.
the bootloader is unlocked so android custom kernels work.
I disassembled the second.bin file and it contains a function that jumps to the kernel entry point including strings for verbose booting.

Code: Select all

aBootstubVersio db 'Bootstub Version: 1.4 ...',0Ah,0
                        db 'capfreq=',0
                        db 'Using bzImage to boot',0Ah,0
aJumpToKernel32 db 'Jump to kernel 32bit entry',0Ah,0
                 align 4
aFatalErrorTocS db 'FATAL ERROR: TOC size is too large for IMR',0Ah,0
aFatalErrorVxeF db 'FATAL ERROR: VXE FW image size is too large for IMR',0Ah,0
                        align 4
aFatalErrorSpsI db 'FATAL ERROR: SPS image size is too large for IMR',0Ah,0
                        align 4
aFatalErrorXenI db 'FATAL ERROR: Xen image size is too large for IMR',0Ah,0
                        align 4
aRelocatingInit db 'Relocating initramfs to high memory ...',0Ah,0
                        align 4
aWonTRelocateIn db 'Won',27h,'t relocate initramfs, are you in SLE?',0Ah,0
                        align 2
 aUsingMultiboot db 'Using multiboot image to boot',0Ah,0
                        align 2
 aBootstubSfi_ad db 'Bootstub: sfi_add_e820_entry failed',0Ah,0
                        align 4
 aBootstubSfi_se db 'Bootstub: sfi_setup_mmap failed',0Ah,0
                        align 4
 aBootstubSfiMma db 'Bootstub: SFI MMAP table not found',0Ah,0
 aBootstubMapSfi db 'Bootstub: map SFI MMAP to e820 table',0Ah,0
                        align 4
I just need to know how to link a generic c/asm binary to a vmlinux bzImage to get the device in a mode where the vmem is already set up which is what the second.bin file seems to do.
Top
Octocontrabass
Member
Member
Posts: 5586
Joined: Mon Mar 25, 2013 7:01 pm

Re: [Question]Convert/Link binary to vmlinux/bZimage image

Post by Octocontrabass »

dstyl wrote:I disassembled the second.bin file and it contains a function that jumps to the kernel entry point including strings for verbose booting.
Those strings come from here. You don't need a whole bzimage, just something close enough to make that code happy.

Or, since you have the source code now, you might be able to just replace it.
dstyl wrote:I just need to know how to link a generic c/asm binary to a vmlinux bzImage to get the device in a mode where the vmem is already set up which is what the second.bin file seems to do.
Easiest would probably be to build a flat binary with the expected bzimage header. You can read about it here.
Top
dstyl
Posts: 6
Joined: Thu Jan 29, 2015 2:10 pm

Re: [Question]Convert/Link binary to vmlinux/bZimage image

Post by dstyl »

Thanks a lot for your help.
This is really helpful information.
I will try to get it working.
Top
Post Reply

Return to “OS Development”