In this article, I will tell you about partition tables for MTK and QCOM devices.
Unlike the OS on computers, smartphones don’t have dynamic partition table.
How to view partitions
To view the main partitions, you just need to perform one of two methods:
To view all partitions, you need a superuser rights or TWRP recovery.
- Install Device Info HW and view partitions
- Reboot to TWRP, open terminal and enter
Bootloader is a low-level program which manages boot modes and then calls kernel to load the OS or recovery kernel to load recovery ramdisk.
As we know, Android has several alternative boot modes. You will learn more about them in my next article.
ABOOT (UBOOT on MTK) is the first bootloader. This partition contains the low-level software for power and volume buttons. Each key combination corresponds to a different boot mode.
SBL is a secondary bootloader. Its code is executed after first bootloader, and depending on the boot mode, either the kernel is loaded — boot.img, or boot for recovery, or fastboot.
To begin with, it is worth noting that information about the main partitions of the partition tables on the Internet has been outdated: after Project Treble, a vendor partition was added, and later the arm64_ab architecture was released with a new partition table and mounting the system partition to the root (SAR, System As Root). And later, the manufacturers updated A-only — they added another partition and updated the recovery partition.
In this article I will cover all the main types of the partition table.
- BOOT is the core of Android
- VENDOR is a partition containing many binaries and drivers for everything and everyone. Previously, all these binaries were in the system partition, but with the Project Treble they were separated
- PRODUCT is a new partition (added in 2019) containing pre-installed applications and services
- SYSTEM is the main system partition. It contains frameworks, a lot of props, fstabs, overlays, RROs, software for working with binaries from vendor. Previously, applications were also stored in this partition (they are stored now, but only the most important ones).
- USERDATA — user data partition, contains three more partitions such as DATA (this partiton is everywhere, it stores application data), CACHE (system and application cache) and STORAGE (partition where you store your photos and files, access in the explorer).
Before Android 8.1 and Project Treble, the partition table looked like this:
Then Project Treble given us a new partition — vendor. Our diagram has become a little more complicated:
With the arrival of Treble, the world saw another architecture — arm64_ab and a new complicated partition table. Now the low-level recovery partition is right in boot. The cache partition was removed, and the main system partitions were duplicated. Such partition table clearly takes up more memory, and less space is left on storage.
But the main feature is that with this architecture, Android devices can update in the background! You download the update and continue to use your phone, and then just reboot into the new system, which is installed on duplicate partitions. And if update was unsuccessful, phone will boot into the first half of the partitions.
Old architecture arm64_a wasn’t abandoned. The manufacturers added a product partition and mounted system to the system_root:
SoC-specific partitions implement a SoC-specific low-level instructions independently of the OS.
- MODEM (RADIO on MTK) is a phone modem (baseband). This partition can control Wi-Fi, Bluetooth and GPS (on most newer devices they are handled by the kernel). Modem is a mini-OS for a cellular radio chip that has its own processor. The modem partition is special, because the phones have a separate processor for the modem code to work, so the modem is not included in the system image
- RIL (Radio Interface Layer) is a low-level partition between the OS kernel and baseband. RIL’s job is to translate all phone requests from the Android environment and map them to the modem’s AT command delivery. The AT command is used to communicate with the modem, there is a baseband processor (BP), which must have a processor on Android devices in addition to the normal processor, i.e. the application processor (AP)
- TZ (TrustZone) is a partition used on the ARM architecture for additional security features. It combines the user’s encryption key with a hardware key generated by the encryption processor to make it harder to compromise security
- RPM (Resource & Power Management), which triggers the execution of the Primary / Primitive BootLoader (PBL) in the BootROM — controls the power of the radio, modem, etc.
- DSP (Digital Signal Processor) is a partition on Qualcomm devices to help with things like smooth video playback (media processor and real-time sensors)
- HYP (HyperVisor) is a hypervisor. Required to support virtualization
- PERSIST is a partitio which stores the driver for Wi-Fi, Bluetooth, LTE / CDMA / GSM and Hotspot sensors
- RECOVERY is a partition with the recovery menu
- OEM is a partition that includes small adjustments of the original equipment manufacturer and mobile phone brand) during over-the-air updates
- FOTA is a partition where OTA updates are downloaded. In most cases, instead of fota, these updates are downloaded to the cache partition
- FSC partition contains modem file system cookies
- SSD (Secure Software Download) is a partition for storing some encrypted keys. These keys are checked when downloading OS updates
- FRP (Factory Reset Protection) is a special partition created to save information about the accounts of smartphone manufacturers (for example, Mi Account on Xiaomi). The trick is that when the settings are reset, FRP is not erased, so you will not be able to get rid of the login to your account on a stolen xiaomi.
- DEVCFG is used by TZ for updates
- LKSECAPP is for online checking and updating RPM components
- TZLIMITS is Qualcomm Limits Management Hardware driver. Stores metadata for the SBL
- SYSCFG is Qualcomm Core Power Reduction regulator to improve application processor performance and power saving through voltage control
- DIP, MDTP implement Qualcomm SafeSwitch technology to block and track stolen phones
- CMNLIB, KEYMASTER, SEC are used for hash load verification. If the OS hash doesn’t match the hash written in the keymaster, your phone won’t boot the OS. This is the main reason why you cannot flash custom firmware on a locked bootloader.
- OEMKEYSTORE refers to data Full Disc Encryption (FDE)
- MCFG (Modem Configuration) is used on dual SIM devices, downloads MBN files (modem binaries)
- SPLASH is a splash screen or boot logo that appears when the device boots up at the ABOOT stage. After it, you can see “Powered by Android” boot animation
- CHGLOGO is the same screen for charging a discharged phone
- MSADP, APDP, DPO are used for debug policy
- EFS is a partition containing information about IMEI, SN and IMEI SV
- RSADEVINFO contains a low-level information about the device, including:
You can view values by typing
fastboot oem device-info command in ADB shell. Before loading the OS, bootloader checks rsadvinfo’s data.