Lab1-Part A: Boot a PC (BIOS Run)

[Preface] A Hope That My Crude Remarks May Draw Forth By Abler People

[前言]拋磚引玉

Exercise01:

Just read inline assembly
Ref Link Linux assemblers: A comparison of GAS and NASM


Exercise2:
Just run GDB for remote debugging by the given script. See the GAS code if you can.

Boot ASM code explanation.

1. [f000:fff0] 0xffff0:    ljmp   $0xf000,$0xe05b  //For Real-Mode's ljmp
2. jmp 0xfc85e
3. %cr0 = %cr0  0x9ffffff  0 For  follows
   

   30	CD	Cache disable	Globally enables/disable the memory cache
   29	NW	Not-write through	Globally enables/disable write-back caching

4. cli
5. cld
6. set port 0x70 = 0x8f
•  to enable NMI- Non Maskable Interrupt
7. port 0x71 
• RTC是否為0 此例中為0 故續往下exec
8. set %ss =0  and %esp = 0x7000 
• to form SS:[ESP] stack segment (PS: Code Segment: CS:[EIP])
9. mov $0xf4b2c, %edx 
• //for  DMA controller setup section.
10. jmp 0xfc719 
11. enable 0x92 ; System devices A20 line. fast A20

12. 0xfc726: in     $0x71,%al
    0xfc728: in     $0x92,%al
    0xfc72a: or     $0x2,%al
    0xfc72c: out    %al,$0x92

    for (11.)

13. lidtw  %cs:-0x31cc    
• set IDT
14. lgdtw  %cs:-0x3188 
•  set GDT
15. enable %Cr0's 1st bit. 
• Enable Protected Mode
16. 0xfc744:    ljmpl  $0x8,$0xfc74c 
• //For Protected Mode's ljmp, 換code segment 並跳至其code segment 下的0xfc74c
17. set ds es ss fs gs 為0x10 from gdt
18. jmp to *%edx  (look item.9) 
19. out 0 to slave dma controller- port: 0xd
20. out 0 to master dma controller-port 0xda/0xd6/0xd4
21. jmp to 0x7c00
•  The address in ram to load the boot sector into.
22. #

After Lesson:

Question1: Why did not I find  /boot/boot.S, /boot/main.c by GDB: info sources ; Its symbol
                   readelf -a obj/boot/main.o
Ans: That belongs to the boot loader placed on the #1 sector at disk. and load it into 0x7C00 to execute.
#


Question2: Where is the Code's symbol?
Ans: Symbol is in obj/boot/boot.out.$file obj/boot/boot.out
#


Question3: How to Assume It? when ljmp called show the following msg.
                  "The target architecture is assumed to be i386"
Ans: Not Yet.
#


Question4: In BIOS ROM code, when to set %cs value, so as to use for (item13/14)
 Ans: %CS為0xf0000 因為是BIOS section.
#


Question5: How/What did MIT patch the QEMU?
Ans: Not Yet.
#

Question6: Why did BIOS need to switch to Protected Mode?
Ans: It wants to use the Protected Mode's functionality .
        Like ljmp mem48 :In Real Address Mode or Virtual 8086 mode, the long pointer provides 16 bits for the CS register and 16 or 32 bits for the EIP register
        Ref Link: bootloader - switching processor to protected mode By Stackoverflow
#

1. cr0

   Bit	Name	Full Name	Description
   31	PG	Paging	If 1, enable paging and use the CR3 register, else disable paging
   30	CD	Cache disable	Globally enables/disable the memory cache
   29	NW	Not-write through	Globally enables/disable write-back caching
   18	AM	Alignment mask	Alignment check enabled if AM set, AC flag (in EFLAGS register) set, and privilege level is 3
   16	WP	Write protect	Determines whether the CPU can write to pages marked read-only
   5	NE	Numeric error	Enable internal x87 floating point error reporting when set, else enables PC style x87 error detection
   4	ET	Extension type	On the 386, it allowed to specify whether the external math coprocessor was an 80287 or 80387
   3	TS	Task switched	Allows saving x87 task context only after x87 instruction used after task switch
   2	EM	Emulation	If set, no x87 floating point unit present, if clear, x87 FPU present
   1	MP	Monitor co-processor	Controls interaction of WAIT/FWAIT instructions with TS flag in CR0
   0	PE	Protected Mode Enable	If 1, system is in protected mode, else system is in real mode