Once the Android Bootloader (ABL, LK, or U-Boot) has copied the Linux kernel into main memory, it jumps execution to the kernel's entry address. From this exact millisecond forward, the hardware bootloader is dead, and Linux is in absolute control.
The kernel initialization is a massive, highly complex process. Here is a simplified overview of how the kernel wakes up and prepares the system for Android.
Decompression and Self-Relocation
The kernel image stored inside the boot.img is heavily compressed (usually using LZ4 or GZIP) to save space.
The very first code that executes is a tiny C/Assembly stub program attached directly to the front of the kernel. This stub:
- Allocates a large chunk of empty RAM.
- Decompresses the actual Linux kernel binary into that empty space.
- Jumps execution to the newly decompressed kernel.
# You can extract and decompress the kernel manually using standard Linux tools
unpack_bootimg --boot_img boot.img
# If it's a zImage, you can often extract the LZ4 payload
lz4 -d kernel kernel_decompressed
The start_kernel() Function
Execution enters the absolute heart of the Linux kernel: the start_kernel() function (written in C, located in init/main.c). This function orchestrates the initialization of every major software subsystem.
- Interrupts and Memory: It configures the CPU interrupt controllers and initializes the complex virtual memory page tables.
- Scheduler: It starts the Linux task scheduler, allowing the kernel to multitask and run multiple threads concurrently.
- Device Tree Parsing: The kernel parses the Device Tree Blob (DTB) passed to it by the bootloader. The DTB tells the kernel exactly what physical hardware exists on the motherboard (e.g., "There is a touchscreen controller located at I2C address 0x38").
Driver Probing
With the hardware map (DTB) loaded into memory, the kernel begins initializing the drivers. If the DTB says a specific Wi-Fi chip exists, the kernel searches its compiled code for a matching driver. If found, it "probes" the hardware to wake it up, test it, and register it with the operating system.
# Once booted, you can view the kernel's initialization log (the ring buffer)
dmesg | grep -i "probe"
Mounting the Root File System (Ramdisk)
A Linux kernel cannot run useful user-space programs without a file system. However, the physical flash partitions (like /system) are not mounted yet because the drivers might not be fully loaded.
To solve this, the kernel extracts the initial ramdisk (initramfs) that the bootloader placed into memory alongside the kernel. It mounts this temporary, memory-based file system as the root directory (/).
Finally, the kernel searches this ramdisk for an executable file named /init. It executes this file as Process ID 1 (PID 1), officially handing control over to the Android user-space.