Boot process

The 1st thing to be loaded is the bootrom code which resides in ROM; if the “Recovery Key” is hold then it loads DFU mode for firmware flashing; if the “Recovery Key”is not pressed, it loads from the very 1st part of the eMMC the “miniloader ” contained inside the loader image (you cannot dump it but you can get prebuild ones here);

The miniloader then loads the uboot.img partition; this partition seems to contain 2 copies of the loader - code ends at 0x0FFFFF, the rest is filled with FF.

uboot loads the kernel.img which loads boot.img partition; rockchip's boot image is different from standard Android boot image: it does not contain a real kernel image but it's a gizped cpio ramdisk image that takes over the booting process from the kernel (you need to remove the 1st 8 byte of the partition header in boot.img to uncompress it using gzip; it must start with 1F8B “magic” value).

Finally the OS partitions are launched: → system (EXT4) → cache (EXT4) → metadata (EXT4) → userdata (EXT4) → user (FAT32)

During boot process the file /system/bin/bootanimation is executed; it search for the following files:

/system/media/bootanimation.zip
/system/media/audio/boot.ogg
(optional)

if they are found the bootanimation.zip will be launched (and the optional sound will be played - there seems to be problems with this audio file: it is not always played or it is not played in the correct way); if not found the elf embedded boot animation is executed (atgames “flashing” logo):



then boot:init.rc is launched and at the very end of the boot procedure /system/bin/atgames_stopsrv.sh is called and the original launcher is executed from system/app/com.atgames.menu.sega_??.apk - where ?? are referred to specific console region: until now we found eu , de and au .

A full dmesg log of the boot process can be found here.



A LITTLE TIP: Holding down the Menu button for at least 5 seconds will shut the console down :)