2 # Copyright (c) 2006 TAKAHASHI Yoshihiro <nyan@FreeBSD.org>
3 # Copyright (c) 2001 John Baldwin <jhb@FreeBSD.org>
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions
9 # 1. Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
11 # 2. Redistributions in binary form must reproduce the above copyright
12 # notice, this list of conditions and the following disclaimer in the
13 # documentation and/or other materials provided with the distribution.
14 # 3. Neither the name of the author nor the names of any co-contributors
15 # may be used to endorse or promote products derived from this software
16 # without specific prior written permission.
18 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 # Basically, we first create a set of boot arguments to pass to the loaded
35 # binary. Then we attempt to load /boot/loader from the CD we were booted
42 .set STACK_OFF,0x6000 # Stack offset
43 .set LOAD_SEG,0x0700 # Load segment
44 .set LOAD_SIZE,2048 # Load size
45 .set DAUA,0x0584 # DA/UA
47 .set MEM_PAGE_SIZE,0x1000 # memory page size, 4k
48 .set MEM_ARG,0x900 # Arguments at start
49 .set MEM_ARG_BTX,0xa100 # Where we move them to so the
50 # BTX client can see them
51 .set MEM_ARG_SIZE,0x18 # Size of the arguments
52 .set MEM_BTX_ADDRESS,0x9000 # where BTX lives
53 .set MEM_BTX_ENTRY,0x9010 # where BTX starts to execute
54 .set MEM_BTX_OFFSET,MEM_PAGE_SIZE # offset of BTX in the loader
55 .set MEM_BTX_CLIENT,0xa000 # where BTX clients live
57 # PC98 machine type from sys/pc98/pc98/pc98_machdep.h
59 .set MEM_SYS, 0xa100 # System common area segment
60 .set PC98_MACHINE_TYPE, 0x0620 # PC98 machine type
61 .set EPSON_ID, 0x0624 # EPSON machine id
63 .set M_NEC_PC98, 0x0001
64 .set M_EPSON_PC98, 0x0002
65 .set M_NOT_H98, 0x0010
73 .set SIG1_OFF,0x1fe # Signature offset
74 .set SIG2_OFF,0x7fe # Signature offset
78 .set AOUT_TEXT,0x04 # text segment size
79 .set AOUT_DATA,0x08 # data segment size
80 .set AOUT_BSS,0x0c # zero'd BSS size
81 .set AOUT_SYMBOLS,0x10 # symbol table
82 .set AOUT_ENTRY,0x14 # entry point
83 .set AOUT_HEADER,MEM_PAGE_SIZE # size of the a.out header
85 # Flags for kargs->bootflags
87 .set KARGS_FLAGS_CD,0x1 # flag to indicate booting from
92 .set SEL_SDATA,0x8 # Supervisor data
93 .set SEL_RDATA,0x10 # Real mode data
94 .set SEL_SCODE,0x18 # PM-32 code
95 .set SEL_SCODE16,0x20 # PM-16 code
99 .set INT_SYS,0x30 # BTX syscall interrupt
101 # Constants for reading from the CD.
103 .set ERROR_TIMEOUT,0x90 # BIOS timeout on read
104 .set NUM_RETRIES,3 # Num times to retry
105 .set SECTOR_SIZE,0x800 # size of a sector
106 .set SECTOR_SHIFT,11 # number of place to shift
107 .set BUFFER_LEN,0x100 # number of sectors in buffer
108 .set MAX_READ,0xf800 # max we can read at a time
109 .set MAX_READ_SEC,MAX_READ >> SECTOR_SHIFT
110 .set MEM_READ_BUFFER,0x9000 # buffer to read from CD
111 .set MEM_VOLDESC,MEM_READ_BUFFER # volume descriptor
112 .set MEM_DIR,MEM_VOLDESC+SECTOR_SIZE # Lookup buffer
113 .set VOLDESC_LBA,0x10 # LBA of vol descriptor
114 .set VD_PRIMARY,1 # Primary VD
115 .set VD_END,255 # VD Terminator
116 .set VD_ROOTDIR,156 # Offset of Root Dir Record
117 .set DIR_LEN,0 # Offset of Dir Record length
118 .set DIR_EA_LEN,1 # Offset of EA length
119 .set DIR_EXTENT,2 # Offset of 64-bit LBA
120 .set DIR_SIZE,10 # Offset of 64-bit length
121 .set DIR_NAMELEN,32 # Offset of 8-bit name len
122 .set DIR_NAME,33 # Offset of dir name
137 /* Setup the stack */
144 /* Setup graphic screen */
145 mov $0x42,%ah # 640x400
148 mov $0x40,%ah # graph on
151 /* Setup text screen */
152 mov $0x0a00,%ax # 80x25
154 mov $0x0c,%ah # text on
156 mov $0x13,%ah # cursor home
159 mov $0x11,%ah # cursor on
166 /* Transfer PC-9801 system common area */
177 /* Transfer EPSON machine type */
182 mov %eax,%es:(EPSON_ID)
184 /* Set machine type to PC98_SYSTEM_PARAMETER */
190 mov $0x06,%ah /* Read data */
191 mov (DAUA),%al /* Read drive */
192 pop %ecx /* cylinder */
193 xor %dx,%dx /* head / sector */
194 mov $LOAD_SEG,%bx /* Load address */
197 mov $LOAD_SIZE,%bx /* Load size */
203 ljmp $LOAD_SEG,$cdboot
206 # Set machine type to PC98_SYSTEM_PARAMETER.
208 machine_check: xor %edx,%edx
214 vsync.1: inb $0x60,%al
217 vsync.2: inb $0x60,%al
227 /* Get 'A' font from CG window */
234 font.1: add (%bx),%eax
241 m_pc98: or $M_NEC_PC98,%edx
248 m_epson: or $M_EPSON_PC98,%edx
249 m_not_h98: or $M_NOT_H98,%edx
262 1: mov $PC98_MACHINE_TYPE,%bx
267 # Print out the error message at [SI], wait for a keypress, and then
268 # reboot the machine.
271 mov $msg_keypress,%si
273 xor %ax,%ax # Get keypress
275 xor %ax,%ax # CPU reset
281 # Display a null-terminated string at [SI].
283 # Trashes: AX, BX, CX, DX, SI, DI
292 mov $0x00e1,%bx # Attribute
301 mov %bl,%es:0x2000(%di)
305 putstr.cr: xor %dx,%dx
310 putstr.lf: add %cx,%di
311 putstr.move: mov %di,%dx
312 mov $0x13,%ah # Move cursor
315 putstr.done: mov %di,cursor
321 # Display a single char at [AL], but don't move a cursor.
329 mov $0xe1,%bl # Attribute
330 mov %bl,%es:0x2000(%di)
337 msg_readerr: .asciz "Read Error\r\n"
338 msg_keypress: .asciz "\r\nPress any key to reboot\r\n"
344 .word 0xaa55 # Magic number
353 mov %es:(DAUA),%al # Save BIOS boot device
355 mov %cx,cylinder # Save BIOS boot cylinder
357 mov $msg_welcome,%si # %ds:(%si) -> welcome message
358 call putstr # display the welcome message
360 # Setup the arguments that the loader is expecting from boot[12]
362 mov $msg_bootinfo,%si # %ds:(%si) -> boot args message
363 call putstr # display the message
364 mov $MEM_ARG,%bx # %ds:(%bx) -> boot args
365 mov %bx,%di # %es:(%di) -> boot args
366 xor %eax,%eax # zero %eax
367 mov $(MEM_ARG_SIZE/4),%cx # Size of arguments in 32-bit
369 rep # Clear the arguments
371 mov drive,%dl # Store BIOS boot device
372 mov %dl,%es:0x4(%bx) # in kargs->bootdev
373 or $KARGS_FLAGS_CD,%es:0x8(%bx) # kargs->bootflags |=
376 # Load Volume Descriptor
378 mov $VOLDESC_LBA,%eax # Set LBA of first VD
379 load_vd: push %eax # Save %eax
380 mov $1,%dh # One sector
381 mov $MEM_VOLDESC,%ebx # Destination
382 call read # Read it in
383 cmpb $VD_PRIMARY,%es:(%bx) # Primary VD?
385 pop %eax # Prepare to
387 cmpb $VD_END,%es:(%bx) # Last VD?
388 jne load_vd # No, read next
389 mov $msg_novd,%si # No VD
391 have_vd: # Have Primary VD
393 # Try to look up the loader binary using the paths in the loader_paths
396 mov $loader_paths,%si # Point to start of array
397 lookup_path: push %si # Save file name pointer
398 call lookup # Try to find file
399 pop %di # Restore file name pointer
400 jnc lookup_found # Found this file
404 xor %al,%al # Look for next
405 mov $0xffff,%cx # path name by
409 mov %di,%si # Point %si at next path
410 mov (%si),%al # Get first char of next path
411 or %al,%al # Is it double nul?
412 jnz lookup_path # No, try it.
413 mov $msg_failed,%si # Failed message
415 lookup_found: # Found a loader file
417 # Load the binary into the buffer. Due to real mode addressing limitations
418 # we have to read it in 64k chunks.
420 mov %es:DIR_SIZE(%bx),%eax # Read file length
421 add $SECTOR_SIZE-1,%eax # Convert length to sectors
422 shr $SECTOR_SHIFT,%eax
425 mov $msg_load2big,%si # Error message
427 load_sizeok: movzbw %al,%cx # Num sectors to read
428 mov %es:DIR_EXTENT(%bx),%eax # Load extent
430 mov %es:DIR_EA_LEN(%bx),%dl
431 add %edx,%eax # Skip extended
432 mov $MEM_READ_BUFFER,%ebx # Read into the buffer
433 load_loop: mov %cl,%dh
434 cmp $MAX_READ_SEC,%cl # Truncate to max read size
436 mov $MAX_READ_SEC,%dh
437 load_notrunc: sub %dh,%cl # Update count
439 call read # Read it in
441 add $MAX_READ_SEC,%eax # Update LBA
442 add $MAX_READ,%ebx # Update dest addr
443 jcxz load_done # Done?
444 jmp load_loop # Keep going
447 # Turn on the A20 address line
449 xor %ax,%ax # Turn A20 on
454 # Relocate the loader and BTX using a very lazy protected mode
456 mov $msg_relocate,%si # Display the
457 call putstr # relocation message
458 mov %es:(MEM_READ_BUFFER+AOUT_ENTRY),%edi # %edi is the destination
459 mov $(MEM_READ_BUFFER+AOUT_HEADER),%esi # %esi is
460 # the start of the text
462 mov %es:(MEM_READ_BUFFER+AOUT_TEXT),%ecx # %ecx = length of the text
464 push %edi # Save entry point for later
465 lgdt gdtdesc # setup our own gdt
466 cli # turn off interrupts
467 mov %cr0,%eax # Turn on
468 or $0x1,%al # protected
470 ljmp $SEL_SCODE,$pm_start # long jump to clear the
471 # instruction pre-fetch queue
473 pm_start: mov $SEL_SDATA,%ax # Initialize
474 mov %ax,%ds # %ds and
475 mov %ax,%es # %es to a flat selector
478 add $(MEM_PAGE_SIZE - 1),%edi # pad %edi out to a new page
479 and $~(MEM_PAGE_SIZE - 1),%edi # for the data segment
480 mov MEM_READ_BUFFER+AOUT_DATA,%ecx # size of the data segment
483 mov MEM_READ_BUFFER+AOUT_BSS,%ecx # size of the bss
484 xor %eax,%eax # zero %eax
485 add $3,%cl # round %ecx up to
486 shr $2,%ecx # a multiple of 4
489 mov MEM_READ_BUFFER+AOUT_ENTRY,%esi # %esi -> relocated loader
490 add $MEM_BTX_OFFSET,%esi # %esi -> BTX in the loader
491 mov $MEM_BTX_ADDRESS,%edi # %edi -> where BTX needs to go
492 movzwl 0xa(%esi),%ecx # %ecx -> length of BTX
495 ljmp $SEL_SCODE16,$pm_16 # Jump to 16-bit PM
497 pm_16: mov $SEL_RDATA,%ax # Initialize
498 mov %ax,%ds # %ds and
499 mov %ax,%es # %es to a real mode selector
500 mov %cr0,%eax # Turn off
501 and $~0x1,%al # protected
503 ljmp $LOAD_SEG,$pm_end # Long jump to clear the
504 # instruction pre-fetch queue
505 pm_end: sti # Turn interrupts back on now
507 # Copy the BTX client to MEM_BTX_CLIENT
513 mov $MEM_BTX_CLIENT,%di # Prepare to relocate
514 mov $btx_client,%si # the simple btx client
515 mov $(btx_client_end-btx_client),%cx # length of btx client
517 movsb # simple BTX client
519 # Copy the boot[12] args to where the BTX client can see them
523 mov $MEM_ARG,%si # where the args are at now
524 mov $MEM_ARG_BTX,%di # where the args are moving to
525 mov $(MEM_ARG_SIZE/4),%cx # size of the arguments in longs
529 # Save the entry point so the client can get to it later on
531 pop %eax # Restore saved entry point
532 stosl # and add it to the end of
535 # Now we just start up BTX and let it do the rest
537 mov $msg_jump,%si # Display the
538 call putstr # jump message
539 ljmp $0,$MEM_BTX_ENTRY # Jump to the BTX entry point
542 # Lookup the file in the path at [SI] from the root directory.
544 # Trashes: All but BX
545 # Returns: CF = 0 (success), BX = pointer to record
548 lookup: mov $VD_ROOTDIR+MEM_VOLDESC,%bx # Root directory record
551 mov $msg_lookup,%si # Display lookup message
560 lookup_dir: lodsb # Get first char of path
561 cmp $0,%al # Are we done?
563 cmp $'/',%al # Skip path separator.
565 dec %si # Undo lodsb side effect
566 call find_file # Lookup first path item
567 jnc lookup_dir # Try next component
568 mov $msg_lookupfail,%si # Not found message
574 lookup_done: mov $msg_lookupok,%si # Success message
582 # Lookup file at [SI] in directory whose record is at [BX].
584 # Trashes: All but returns
585 # Returns: CF = 0 (success), BX = pointer to record, SI = next path item
586 # CF = 1 (not found), SI = preserved
588 find_file: mov %es:DIR_EXTENT(%bx),%eax # Load extent
590 mov %es:DIR_EA_LEN(%bx),%dl
591 add %edx,%eax # Skip extended attributes
592 mov %eax,rec_lba # Save LBA
593 mov %es:DIR_SIZE(%bx),%eax # Save size
595 xor %cl,%cl # Zero length
597 ff.namelen: inc %cl # Update length
601 cmp $'/',%al # Path separator?
602 jnz ff.namelen # No, keep going
603 ff.namedone: dec %cl # Adjust length and save
606 ff.load: mov rec_lba,%eax # Load LBA
607 mov $MEM_DIR,%ebx # Address buffer
608 mov $1,%dh # One sector
609 call read # Read directory block
610 incl rec_lba # Update LBA to next block
611 ff.scan: mov %ebx,%edx # Check for EOF
617 ff.scan.1: cmpb $0,%es:DIR_LEN(%bx) # Last record in block?
620 movzbw %es:DIR_NAMELEN(%bx),%si # Find end of string
621 ff.checkver: cmpb $'0',%es:DIR_NAME-1(%bx,%si) # Less than '0'?
623 cmpb $'9',%es:DIR_NAME-1(%bx,%si) # Greater than '9'?
627 jmp ff.checklen # All numbers in name, so
629 ff.checkver.1: movzbw %es:DIR_NAMELEN(%bx),%cx
630 cmp %cx,%si # Did we find any digits?
632 cmpb $';',%es:DIR_NAME-1(%bx,%si) # Check for semicolon
634 dec %si # Skip semicolon
636 mov %cl,%es:DIR_NAMELEN(%bx) # Adjust length
638 ff.checkver.2: mov %cx,%si # Restore %si to end of string
639 ff.checkdot: cmpb $'.',%es:DIR_NAME-1(%bx,%si) # Trailing dot?
641 decb %es:DIR_NAMELEN(%bx) # Adjust length
642 ff.checklen: pop %si # Restore
643 movzbw name_len,%cx # Load length of name
644 cmp %cl,%es:DIR_NAMELEN(%bx) # Does length match?
645 je ff.checkname # Yes, check name
646 ff.nextrec: add %es:DIR_LEN(%bx),%bl # Next record
649 ff.nextblock: subl $SECTOR_SIZE,rec_size # Adjust size
650 jnc ff.load # If subtract ok, keep going
651 ret # End of file, so not found
652 ff.checkname: lea DIR_NAME(%bx),%di # Address name in record
654 repe cmpsb # Compare name
655 je ff.match # We have a winner!
657 jmp ff.nextrec # Keep looking.
658 ff.match: add $2,%sp # Discard saved %si
663 # Load DH sectors starting at LBA EAX into [EBX].
667 read: push %es # Save
672 mov %bx,%bp # Set destination address
676 xor %bx,%bx # Set read bytes
678 shl $SECTOR_SHIFT,%bx # 2048 bytes/sec
679 mov %ax,%cx # Set LBA
682 read.retry: mov $0x06,%ah # BIOS device read
685 call twiddle # Entertain the user
686 int $0x1b # Call BIOS
687 jc read.fail # Worked?
694 read.fail: cmp $ERROR_TIMEOUT,%ah # Timeout?
695 je read.retry # Yes, Retry.
696 read.error: mov %ah,%al # Save error
697 mov $hex_error,%di # Format it
699 mov $msg_badread,%si # Display Read error message
703 # Output the "twiddle"
705 twiddle: push %ax # Save
707 mov twiddle_index,%al # Load index
708 mov $twiddle_chars,%bx # Address table
711 mov %al,twiddle_index # Save index for next call
713 call putc # Output it
719 # Convert AL to hex, saving the result to [EDI].
721 hex8: pushl %eax # Save
722 shrb $0x4,%al # Do upper
725 hex8.1: andb $0xf,%al # Get lower 4
726 cmpb $0xa,%al # Convert
727 sbbb $0x69,%al # to hex
729 orb $0x20,%al # To lower case
730 mov %al,(%di) # Save char
735 # BTX client to start btxldr
738 btx_client: mov $(MEM_ARG_BTX-MEM_BTX_CLIENT+MEM_ARG_SIZE-4), %esi
741 mov $(MEM_ARG_SIZE/4),%ecx # Number of words to push
743 push_arg: lodsl # Read argument
744 push %eax # Push it onto the stack
745 loop push_arg # Push all of the arguments
746 cld # In case anyone depends on this
747 pushl MEM_ARG_BTX-MEM_BTX_CLIENT+MEM_ARG_SIZE # Entry point of
749 push %eax # Emulate a near call
750 mov $0x1,%eax # 'exec' system call
751 int $INT_SYS # BTX system call
757 # Global descriptor table.
759 gdt: .word 0x0,0x0,0x0,0x0 # Null entry
760 .word 0xffff,0x0000,0x9200,0x00cf # SEL_SDATA
761 .word 0xffff,0x0000,0x9200,0x0000 # SEL_RDATA
762 .word 0xffff,LOAD_SEG<<4,0x9a00,0x00cf # SEL_SCODE (32-bit)
763 .word 0xffff,LOAD_SEG<<4,0x9a00,0x008f # SEL_SCODE16 (16-bit)
766 # Pseudo-descriptors.
768 gdtdesc: .word gdt.1-gdt-1 # Limit
769 .long LOAD_SEG<<4 + gdt # Base
778 # State for searching dir
780 rec_lba: .long 0x0 # LBA (adjusted for EA)
781 rec_size: .long 0x0 # File size
782 name_len: .byte 0x0 # Length of current name
785 twiddle_index: .byte 0x0
787 msg_welcome: .asciz "CD Loader 1.2\r\n\n"
788 msg_bootinfo: .asciz "Building the boot loader arguments\r\n"
789 msg_relocate: .asciz "Relocating the loader and the BTX\r\n"
790 msg_jump: .asciz "Starting the BTX loader\r\n"
791 msg_badread: .ascii "Read Error: 0x"
792 hex_error: .asciz "00\r\n"
793 msg_novd: .asciz "Could not find Primary Volume Descriptor\r\n"
794 msg_lookup: .asciz "Looking up "
795 msg_lookup2: .asciz "... "
796 msg_lookupok: .asciz "Found\r\n"
797 msg_lookupfail: .asciz "File not found\r\n"
798 msg_load2big: .asciz "File too big\r\n"
799 msg_failed: .asciz "Boot failed\r\n"
800 twiddle_chars: .ascii "|/-\\"
801 loader_paths: .asciz "/BOOT.PC98/LOADER"
802 .asciz "/boot.pc98/loader"
803 .asciz "/BOOT/LOADER"
804 .asciz "/boot/loader"
811 .word 0xaa55 # Magic number