According to Documentation/arm64/booting.rst:
The decompressed kernel image contains a 64-byte header as follows:
u32 code0; /* Executable code */u32 code1; /* Executable code */u64 text_offset; /* Image load offset, little endian */u64 image_size; /* Effective Image size, little endian */u64 flags; /* kernel flags, little endian */u64 res2 = 0; /* reserved */u64 res3 = 0; /* reserved */u64 res4 = 0; /* reserved */u32 magic = 0x644d5241; /* Magic number, little endian, "ARM\x64" */u32 res5; /* reserved (used for PE COFF offset) */The Image must be placed text_offset bytes from a 2MB aligned baseaddress anywhere in usable system RAM and called there. The regionbetween the 2 MB aligned base address and the start of the image hasno special significance to the kernel, and may be used for otherpurposes. At least image_size bytes from the start of the image mustbe free for use by the kernel. NOTE: versions prior to v4.6 cannotmake use of memory below the physical offset of the Image so it isrecommended that the Image be placed as close as possible to the startof system RAM.
This is the address offset from the address where the kernel should be loaded. So if we're gonna put the kernel at 0x8000_0000, and text_offset is 0x80000, then the kernel will start at 0x8000_0000 + 0x80000
But how can I know where the kernel code starts. That is, how can I jump to the kernel entrypoint knowing only the kernel text_offset?