#ASOP内核编译
查看手机信息
| 信息类型 | 命令 | 示例输出 |
|---|---|---|
| 设备型号 | adb shell getprop ro.product.model | Pixel 3 |
| 设备品牌 | adb shell getprop ro.product.brand | |
| 设备制造商 | adb shell getprop ro.product.manufacturer | |
| 操作系统版本 | adb shell getprop ro.build.version.release | 12 |
| 硬件信息 | adb shell getprop ro.hardware | blueline |
| 产品名称 | adb shell getprop ro.product.name | raven |
| Build ID | adb shell getprop ro.build.id | SP1A.210812.016.C2 |
| 构建版本号 | adb shell getprop ro.build.version.incremental | 8618562 |
| 构建描述 | adb shell getprop ro.build.description | blueline-user 12 SP1A.210812.016.C2 8618562 release-keys |
| 构建日期 | adb shell getprop ro.build.date | Thu May 19 23:02:57 UTC 2022 |
| 内核版本 | uname -a | Linux localhost 4.9.270-g862f51bac900-ab7613625 #0 SMP PREEMPT Thu Aug 5 07:04:42 UTC 2021 aarch64 |
根据build id 获取pixel系列手机对应的aosp分支
https://source.android.com/docs/setup/about/build-numbers?hl=zh-cn
| Build Id | 标记 | 版本 | 支持的设备 | 安全补丁级别 |
|---|---|---|---|---|
| SP1A.210812.016.C2 | android-12.0.0_r34 | Android12 | Pixel 3、Pixel 3 XL | 2021-10-05 |
搜索build id获取驱动 https://developers.google.cn/android/drivers?hl=zh-cn
搜索 pixel3 + android 12 获取对应的刷机镜像 https://developers.google.cn/android/images?hl=zh-cn
检索Piexl3对应的内核版本代号 https://source.android.com/docs/setup/build/building-pixel-kernels?hl=zh-cnhttps://source.android.com/docs/setup/build/building-pixel-kernels?hl=zh-cn#legacy-kernel-branches
| 设备 | AOSP 树中的二进制文件路径 | 仓库分支 |
|---|---|---|
| Pixel 3 (blueline) Pixel 3 XL (crosshatch) | device/google/crosshatch-kernel | android-msm-crosshatch-4.9-android12 |
编译软件
sh
sudo apt-get install git-core gnupg flex bison build-essential zip curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 libncurses5 lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z1-dev libgl1-mesa-dev libxml2-utils xsltproc unzip fontconfig
##/home/kpa/pixel3_kernel/private/msm-google/scripts/extract-cert.c:21:10: fatal error: 'openssl/bio.h' file not found
#include <openssl/bio.h>
#安装ssl可解决
sudo apt-get install libssl-dev下载内核源码
sh
#下载源码切换到对应分支
mkdir pixel3_kernel && cd pixel3_kernel
repo init -u git://mirrors.ustc.edu.cn/aosp/kernel/manifest -b android-msm-crosshatch-4.9-android12
repo sync添加编译工具
sh
cd ~/pixel3_kernel/prebuilts
git clone https://android.googlesource.com/kernel/prebuilts/build-tools
mv build-tools kernel-build-tools
export PATH=~/pixel3_kernel/prebuilts/kernel-build-tools/linux-x86/bin:$PATH同步到和手机一样的commit
4.9.270-g862f51bac900-ab7613625 g后面的数字862f51bac900就是commit
sh
cd ~/pixel3_kernel/private/msm-google
git checkout 862f51bac900解包Boot Img
无ASOP源码编译,需要合并原厂的驱动进来
下载刷机镜像解包
这个工具要在windows上用 Android-Image-Kitchen 我用了下不能解包pixel3
这里参阅了下KernelSu的文档使用了magiskboot_build https://github.com/osm0sis/Android-Image-Kitchenhttps://kernelsu.org/zh_CN/guide/installation.htmlhttps://github.com/ookiineko/magiskboot_build/releases/tag/last-ci
sh
pixel3\blueline-sp1a.210812.016.c2\magiskboot
.\magiskboot.exe unpack .\boot.img
Parsing boot image: [.\boot.img]
HEADER_VER [2]
KERNEL_SZ [19835242]
RAMDISK_SZ [14206167]
SECOND_SZ [0]
RECOV_DTBO_SZ [0]
DTB_SZ [863100]
OS_VERSION [12.0.0]
OS_PATCH_LEVEL [2021-10]
PAGESIZE [4096]
NAME []
CMDLINE [console=ttyMSM0,115200n8 androidboot.console=ttyMSM0 printk.devkmsg=on msm_rtb.filter=0x237 ehci-hcd.park=3 service_locator.enable=1 cgroup.memory=nokmem lpm_levels.sleep_disabled=1 usbcore.autosuspend=7 loop.max_part=7 androidboot.boot_devices=soc/1d84000.ufshc androidboot.super_partition=system buildvariant=user]
CHECKSUM [3cf8dcecd74daab132c9561129cdd59b5ab4e972000000000000000000000000]
KERNEL_FMT [lz4]
RAMDISK_FMT [gzip]
unexpected ASN.1 DER tag: expected SEQUENCE, got APPLICATION [1] (primitive)
VBMETA解压后得到一个 ramdisk.cpio 复制到 ~/pixel3_kernel目录下
使用官方解压工具解压
sh
kpa@ubuntu:~/pixel3_kernel/tools/mkbootimg$ ./unpack_bootimg.py --boot_img boot.img --out vendor_boot_out
boot magic: ANDROID!
kernel_size: 19835242
kernel load address: 0x00008000
ramdisk size: 14206167
ramdisk load address: 0x01000000
second bootloader size: 0
second bootloader load address: 0x00000000
kernel tags load address: 0x00000100
page size: 4096
os version: 12.0.0
os patch level: 2021-10
boot image header version: 2
product name:
command line args: console=ttyMSM0,115200n8 androidboot.console=ttyMSM0 printk.devkmsg=on msm_rtb.filter=0x237 ehci-hcd.park=3 service_locator.enable=1 cgroup.memory=nokmem lpm_levels.sleep_disabled=1 usbcore.autosuspend=7 loop.max_part=7 androidboot.boot_devices=soc/1d84000.ufshc androidboot.super_partition=system buildvariant=user
additional command line args:
recovery dtbo size: 0
recovery dtbo offset: 0x0000000000000000
boot header size: 1660
dtb size: 863100
dtb address: 0x0000000001f00000解压后得到一个 ramdisk 复制到 ~/pixel3_kernel目录下
添加mkbooting文件
sh
#build/build.sh 需要这个脚本,源码里没有
if [ -z "${MKBOOTIMG_PATH}" ]; then
MKBOOTIMG_PATH="tools/mkbootimg/mkbootimg.py"
fi
if [ ! -f "$MKBOOTIMG_PATH" ]; then
echo "mkbootimg.py script not found. MKBOOTIMG_PATH = $MKBOOTIMG_PATH"
exit 1
fish
cd ~/pixel3_kernel
mkdir tools &&cd tools
git clone https://android.googlesource.com/platform/system/tools/mkbootimg修改build/build.sh
找到 ~/pixel_kernel/build/build.sh
sh
if [ -z "${SKIP_CP_KERNEL_HDR}" ] ; then
echo "========================================================"
KERNEL_HEADERS_TAR=${DIST_DIR}/kernel-headers.tar.gz
echo " Copying kernel headers to ${KERNEL_HEADERS_TAR}"
pushd $ROOT_DIR/$KERNEL_DIR
find arch include $OUT_DIR -name *.h -print0 \
| tar -czf $KERNEL_HEADERS_TAR \
--absolute-names \
--dereference \
--transform "s,.*$OUT_DIR,," \
--transform "s,^,kernel-headers/," \
--null -T -
popd
fi
#++修改部分 添加以下内容
if [ -f "${VENDOR_RAMDISK_BINARY}" ]; then
cp ${VENDOR_RAMDISK_BINARY} ${DIST_DIR}
fi
#++修改部分
echo "========================================================"
echo " Files copied to ${DIST_DIR}"配置编译变量
~/pixel_kernel/build_bluecross.sh 软连接到真实的文件是 ~/pixel_kernel/private/msm-google/build_bluecross.sh
修改 ~/pixel_kernel/build_bluecross.sh 如下配置
需要根据解包的内容修改
MKBOOTIMG_PATH 对应刚才下载的工具 BASE_ADDRESS 对应解包kernel load address: 0x00008000
sh
BUILD_CONFIG=private/msm-google/build.config.bluecross_no-cfi \
BUILD_BOOT_IMG=1 \
MKBOOTIMG_PATH="tools/mkbootimg/mkbootimg.py" \
VENDOR_RAMDISK_BINARY=ramdisk \
KERNEL_BINARY=Image.lz4 \
BOOT_IMAGE_HEADER_VERSION=2 \
KERNEL_CMDLINE="console=ttyMSM0,115200n8 androidboot.console=ttyMSM0 printk.devkmsg=on msm_rtb.filter=0x237 ehci-hcd.park=3 service_locator.enable=1 cgroup.memory=nokmem lpm_levels.sleep_disabled=1 usbcore.autosuspend=7 loop.max_part=7 androidboot.boot_devices=soc/1d84000.ufshc androidboot.super_partition=system buildvariant=user" \
BASE_ADDRESS=0x00008000 \
PAGE_SIZE=4096 \
build/build.sh "$@"尝试编译
sh
#尝试编译下
./build_bluecross.sh卡在 LTO vmlinux.o CPU不转了
再次执行 ./build_bluecross.sh V=1 输出详细的日志 然后查资料看了半天,又继续编译下去了 编译很慢,耐心等待吧
碰见了python错误,检查了下当前用的是python 2.7 升级下python到3+版本
log
+ python tools/mkbootimg/mkbootimg.py --kernel /home/kpa/pixel3_kernel/out/android-msm-pixel-4.9/dist/Image.lz4 --header_version 2 --base 0x00008000 --pagesize 4096 --cmdline 'console=ttyMSM0,115200n8 androidboot.console=ttyMSM0 printk.devkmsg=on msm_rtb.filter=0x237 ehci-hcd.park=3 service_locator.enable=1 cgroup.memory=nokmem lpm_levels.sleep_disabled=1 usbcore.autosuspend=7 loop.max_part=7 androidboot.boot_devices=soc/1d84000.ufshc androidboot.super_partition=system buildvariant=user' --dtb /home/kpa/pixel3_kernel/out/android-msm-pixel-4.9/dist/dtb.img --ramdisk /home/kpa/pixel3_kernel/out/android-msm-pixel-4.9/dist/ramdisk.gz -o /home/kpa/pixel3_kernel/out/android-msm-pixel-4.9/dist/boot.img
File "tools/mkbootimg/mkbootimg.py", line 120
args.output.write(pack(f'{BOOT_MAGIC_SIZE}s', BOOT_MAGIC.encode()))
^
SyntaxError: invalid syntax修改~/pixel_kernel/build/build.sh 中 python 换成python3
sh
set -x
python3 "$MKBOOTIMG_PATH" --kernel "${DIST_DIR}/${KERNEL_BINARY}" \
--header_version "${BOOT_IMAGE_HEADER_VERSION}" \
"${MKBOOTIMG_ARGS[@]}" -o "${DIST_DIR}/boot.img"
set +x编译后输出,表示成功了 boot image created at /home/kpa/pixel3_kernel/out/android-msm-pixel-4.9/dist/boot.img
sh
adb reboot bootloader
fastboot devices
#写入手机
#这个是临时的,重启就恢复,建议测试下没问题
fastboot boot boot.img
#这个是永久的 慎用,确认编译无误后,在进行烧写
fastboot flash boot boot.img
#确认版本,写入成功
> adb shell
blueline:/ $ cat /proc/version
Linux version 4.9.270-dirty (kpa@ubuntu) (Android (7284624, based on r416183b) clang version 12.0.5 (https://android.googlesource.com/toolchain/llvm-project c935d99d7cf2016289302412d708641d52d2f7ee)) #1 repo:android-msm-crosshatch-4.9-android12 SMP PREEMPT Fri Jun开启内核选项
查看源码目录下build.config DEFCONFIG=b1c1_defconfig 这里对应的 bluecross的配置文件路径在 ~/pixel_kernel/private/msm-google/arch/arm64/configs/b1c1_defconfig
奇怪这个文件竟然不叫blueline 别人的都是和代号一样的
sh
cd private/msm-google
#生成deconfig
make ARCH=arm64 b1c1_defconfig
#打开配置UI
make ARCH=arm64 menuconfig
#按键 / 可以搜索
#保存配置文件 会在private/msm-google目录下面生成一个deconfig 复制到下面的厂商目录中去
make ARCH=arm64 savedefconfig
#覆盖配置
cd ~/pixel_kernel/private/msm-google/arch/arm64/configs/
#编译错了话,进入msm-google 目录 make mrproper清理下,因为有配置文件残留建议开启以下选项
sh
来源
https://evilpan.com/2022/01/03/kernel-tracing/
为了能够支持 KPROBES、UPROBES、TRACEPOINTS 等功能,需要在内核的配置中添加以下选项:
禁用内核的安全特性,开启调试支持:
-e CONFIG_KPROBES \
-e CONFIG_BLK_DEV_IO_TRACE \
-e CONFIG_PROBE_EVENTS \
-e CONFIG_KPROBE_EVENT \
-d CONFIG_LTO \
-d CONFIG_LTO_CLANG \
-d CONFIG_CFI_CLANG \
-d CFI_PERMISSIVE \
-d CFI_CLANG \
-e CONFIG_IRQSOFF_TRACER \
-e CONFIG_PREEMPT_TRACER \
-e CONFIG_DEBUG_FS \
-e CONFIG_CHECKPOINT_RESTORE \
-d CONFIG_RANDOMIZE_BASE \
开启 eBPF 支持:
-e CONFIG_BPF \
-e CONFIG_BPF_SYSCALL \
-e CONFIG_BPF_JIT \
-e CONFIG_HAVE_EBPF_JIT \
-e CONFIG_IKHEADERS \
开启 kretprobe 支持:
-e CONFIG_KRETPROBES \
-e CONFIG_HAVE_KRETPROBES \
-d CONFIG_SHADOW_CALL_STACK \
-e CONFIG_ROP_PROTECTION_NONE \
开启 ftrace 支持:
-e CONFIG_FTRACE_SYSCALLS \
-e CONFIG_FUNCTION_TRACER \
-e CONFIG_HAVE_DYNAMIC_FTRACE \
-e CONFIG_DYNAMIC_FTRACE \
开启 uprobes 支持:
-e CONFIG_UPROBES \
-e CONFIG_UPROBE_EVENT \
-e CONFIG_BPF_EVENTS \
BCC 建议设置的选项:
-e CONFIG_DEBUG_PREEMPT \
-e CONFIG_PREEMPTIRQ_EVENTS \
-d CONFIG_PROVE_LOCKING \
-d CONFIG_LOCKDEP选项太多了,懒得一个一个改
查看./build_bluecross.sh中对应的BUILD_CONFIG=private/msm-google/build.config.bluecross_no-cfi 直接修改build.config.bluecross_no-cfi 最好备份下
sh
DEFCONFIG=b1c1_defconfig
KERNEL_DIR=private/msm-google
. ${ROOT_DIR}/${KERNEL_DIR}/build.config.common.clang
POST_DEFCONFIG_CMDS="check_defconfig && update_nocfi_config"
function update_nocfi_config() {
# Disable clang-specific options
${KERNEL_DIR}/scripts/config --file ${OUT_DIR}/.config \
-d LTO \
-d LTO_CLANG \
-d CFI \
-d CFI_PERMISSIVE \
-d CFI_CLANG \
-d CONFIG_LTO \
-d CONFIG_LTO_CLANG \
-d CONFIG_CFI_CLANG \
-d CFI_PERMISSIVE \
-d CFI_CLANG \
-e CONFIG_IRQSOFF_TRACER \
-e CONFIG_PREEMPT_TRACER \
-e CONFIG_DEBUG_FS \
-e CONFIG_CHECKPOINT_RESTORE \
-d CONFIG_RANDOMIZE_BASE \
-e CONFIG_BPF \
-e CONFIG_BPF_SYSCALL \
-e CONFIG_BPF_JIT \
-e CONFIG_HAVE_EBPF_JIT \
-e CONFIG_IKHEADERS \
-e CONFIG_KRETPROBES \
-e CONFIG_HAVE_KRETPROBES \
-d CONFIG_SHADOW_CALL_STACK \
-e CONFIG_ROP_PROTECTION_NONE \
-e CONFIG_FTRACE_SYSCALLS \
-e CONFIG_FUNCTION_TRACER \
-e CONFIG_HAVE_DYNAMIC_FTRACE \
-e CONFIG_DYNAMIC_FTRACE \
-e CONFIG_UPROBES \
-e CONFIG_UPROBE_EVENT \
-e CONFIG_BPF_EVENTS \
-e CONFIG_DEBUG_PREEMPT \
-e CONFIG_PREEMPTIRQ_EVENTS \
-d CONFIG_PROVE_LOCKING \
-d CONFIG_LOCKDEP
(cd ${OUT_DIR} && \
make ${CC_LD_ARG} O=${OUT_DIR} olddefconfig)
}再次编译下看看选项开启了没
sh
adb shell zcat /proc/config.gz | grep CONFIG_PERF_EVENTS凉凉
https://github.com/tiann/KernelSU/discussions/956
开启 CONFIG_KPROBE_EVENT 选项开机就死机 4.9内核好像不支持 看了相关文章4.9是早于UPROBES之前的版本,需要反向添加已支持手机
这里暂告一段落,只能作为别的机型配置参考
参考
https://bbs.kanxue.com/thread-274790.htmhttps://blog.seeflower.dev/archives/17/https://blog.arstercz.com/introduction_to_linux_dynamic_tracing/https://evilpan.com/2022/01/03/kernel-tracing/