Baremetal development on the Nexus 7

Post date: Mar 21, 2013 8:55:9 PM

The Asus Nexus 7 is one of the most modification-friendly Android tablets on the market, as it is a part of Google's Nexus line of open Android devices. One can freely load code one second after bootup. I was curious and decide to try to write a program that would boot directly from the bootloader.

On a normal Android device, the initial bootloader is responsible for loading the kernel (normally a Linux kernel). The bootloader initializes hardware, sets up the graphical framebuffer, loads the kernel, copies it into memory, and jumps to it to start execution.

The area of memory that the framebuffer is mapped to can be seen in the Linux boot log:

<6>[    0.000000] Found tegra_fbmem: 007d0c80@abe01000

That means that code executing from the bootloader can display graphics simply by writing into that area of memory. Armed with this knowledge, I tried to write a "hello world" program that would set some pixels on the screen .

I based my attempt on dwelch67's Raspberry Pi baremetal bootloader, as the Raspberry Pi uses a similar processor architecture (an Armv6; the Nexus 7 contains a Armv7 in the Tegra 3 system-on-a-chip).

I took the bootloader, removed all excess code, and wrote a short bit of code to display the current executing address in binary on the screen. Then, I compiled it, and sent the kernel.img resulted from it via Fastboot, the Android USB bootloading protocol.

My attempt is here on GitHub.

And voila, it worked!

The white and grey bars on top of the bootloader screen was drawn by my code.

I will write up a tutorial if you would also like to try booting your own code on a Nexus 7 or any Tegra based device with an unlocked bootloader.