How does "fastboot boot <kernel>" works internally?

jckuester picture jckuester · Jan 8, 2016 · Viewed 8.5k times · Source

Fastboot has the following handy feature (if booting the custom image fails, the device just magically boots the default image next time, and all's gonna be alright):

To boot with a host-side kernel image

This command allows you to download a kernel image (and optional root filesystem image) and boot the phone with those, instead of using the kernel and rootfs in the boot flash partition. It is very useful while developing a kernel or modifying the rootfs.

fastboot boot < kernel > [ < ramdisk > ]

Does anyone know how it internally works? Is the kernel copied to a special boot partition before rebooting the device? (UPDATE: As the answer points out, there is no reboot, as fastboot is a step in the boot process, which basically makes my question meaningless.) I was looking into the source code of fastboot, but it seems it contains only what happens on the host side, and not on the device.

I mean, how the flashing feature works is pretty easy, I can imitate it by just copying a boot image with a custom kernel to the boot partition, e.g., via:

dd if='<my_boot.img>' of='/dev/block/platform/msm_sdcc.1/by-name/boot'

Btw: I am asking the question because of an app I am developing; I'd like to "risk free" boot a custom kernel directly from the device, where it is stored e.g. on the SD-card.

Answer

sawdust picture sawdust · Jan 8, 2016

Is the kernel copied to a special boot partition before rebooting the device?

No, there would be no modification to any partition.
Booting a kernel means loading (i.e. reading into memory) the kernel image from a storage device. This fastboot is similar to a netboot, e.g. the kernel image is loaded from a server/host over an Ethernet link using TFTP. If the sole intent is to boot the system using the kernel image, then there is simply no reason to also write the kernel image to a partition, especially when one has not been explicitly specified.

The optional root filesystem of this operation is clearly specified as a ramdisk image, which would also not require writing to or storage in a partition.

Does anyone know how it internally works?

The fastboot program is an alternate bootloader that executes after you reboot the device.
The kernel in loaded from the host over USB into memory. The optional rootfs (a ramdisk or maybe an initramfs image) can also be loaded from the host over USB into memory. Once loaded, an ordinary kernel boot can commence.

Btw: I am asking the question because of an app I am developing; I'd like to "risk free" boot a custom kernel directly from the device, where it is stored e.g. on the SD-card

You'll probably have to use some other bootloader/method than this fastboot.