一、boot分析，编译完成后生成以下文件

amss.bin来源于amss.mbn，就是modem通讯协议模块。

qcsbl.bin来源于qcsbl.mbn -->qcsbl boot  --》qcsbl.S、qcsbl——mc.c和qcsbl.scl

qcsbl主要工作是：1、继续对硬件进行设置；2、从nand中，查找出激活的多镜像块；3、加载oemsbl镜像的头信息块

4、鉴定oemsbl镜像的合法性；5、运行加载好的oemsbl镜像模块；6、加载amss镜像的头信息块；7、加载amss镜像；

7、鉴定amss镜像合法性，若需要的话。8、把控制权交给amss代码。

总结如下：

根据硬件特性，进一步对硬件和外围设备进行初始化，比如usb、mmu、bus、mpu等模块；下载过程的实现：oemsbl部

分来配合烧写的；加载arm11的emmc_appsboot,唤起arm11.

代码分析：

qcsbl.s

;============================================================================                                                                                 
;
;                             MODULE EXPORTS
;
;============================================================================

    ; Export the external symbols that are referenced in this module.
    EXPORT qcsbl_loop_here

    ; Export the symbols __main and _main to prevent the linker from
    ; including the standard runtime library and startup routine.
    EXPORT   __main
    EXPORT   _main


;============================================================================
;
;                             MODULE DATA AREA
;
;============================================================================

    ;--------------------------------------------------------------------------
    ; Data area is in IRAM and location must be defined in scatter load
    ; file.  Data area starts at the top of IRAM.
    ;--------------------------------------------------------------------------
    PRESERVE8
    AREA    QCSBL_VECTOR_TABLE, DATA, READWRITE

    ;--------------------------------------------------------------------------
    ; Exception vectors table located at the top of IRAM.  This is initialized
    ; to the QCSBL exception handlers.  This region will be copied into IRAM 
    ; to replace the vectors which were used by the PBL.
    ;--------------------------------------------------------------------------

unused_reset_vector
    DCD     0x00000000
undefined_instruction_vector  
    DCD     qcsbl_undefined_instruction_nested_handler
swi_vector
    DCD     qcsbl_swi_c_handler
prefetch_abort_vector
    DCD     qcsbl_prefetch_abort_nested_handler
data_abort_vector
    DCD     qcsbl_data_abort_nested_handler
reserved_vector
    DCD     qcsbl_reserved_c_handler
irq_vector
    DCD     qcsbl_irq_c_handler
fiq_vector
    DCD     qcsbl_fiq_c_handler

oemsbl.s

    AREA    OEMSBL_VECTOR_TABLE, DATA, READWRITE                                                                                                              
unused_reset_vector
    DCD     0x00000000
undefined_instruction_vector  
    DCD oemsbl_undefined_instruction_nested_handler
swi_vector
    DCD oemsbl_swi_c_handler
prefetch_abort_vector
    DCD oemsbl_prefetch_abort_nested_handler
data_abort_vector
    DCD oemsbl_data_abort_nested_handler
reserved_vector
    DCD oemsbl_reserved_c_handler
irq_vector
    DCD oemsbl_irq_c_handler
fiq_vector
    DCD oemsbl_fiq_c_handler

qcsbl.scl

oemsbl.scl

oemsbl_mc.c

oemsbl_aarm_boot.c

oemsbl.bin 作用：加载oemsbl镜像 ，来源于oemsbl.S、oemsbl_mc.c、oemsbl_aarm_boot.c和oemsbl.scl 位于/modem/modem_proc/core/boot/secboot/oemsbl/下

oemsblhd.bin作用：加载oemsbl镜像的头信息块，（mibib格式）

emmc_appsboot.bin 来源于emmc_appsboot.mbn，这个就是bootloader，就是android端的启动代码。

boot.img不是bootloader.而是kernel和ram disk

system.img.etx4 是android的root fs。

启动过程如下：

    AREA    QCSBL_ENTRY, CODE, READONLY
    CODE32
    ENTRY

__main
_main
...
...

   ldr    r1, =qcsbl_main_ctl       blx    r1

二、amss修改

三、android启动