2 # Copyright (c) 2001 John Baldwin <jhb@FreeBSD.org>
5 # Redistribution and use in source and binary forms, with or without
6 # modification, are permitted provided that the following conditions
8 # 1. Redistributions of source code must retain the above copyright
9 # notice, this list of conditions and the following disclaimer.
10 # 2. Redistributions in binary form must reproduce the above copyright
11 # notice, this list of conditions and the following disclaimer in the
12 # documentation and/or other materials provided with the distribution.
13 # 3. Neither the name of the author nor the names of any co-contributors
14 # may be used to endorse or promote products derived from this software
15 # without specific prior written permission.
17 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 # This program is a freestanding boot program to load an a.out binary
34 # from a CD-ROM booted with no emulation mode as described by the El
35 # Torito standard. Due to broken BIOSen that do not load the desired
36 # number of sectors, we try to fit this in as small a space as possible.
38 # Basically, we first create a set of boot arguments to pass to the loaded
39 # binary. Then we attempt to load /boot/loader from the CD we were booted
48 .set MEM_PAGE_SIZE,0x1000 # memory page size, 4k
49 .set MEM_ARG,0x900 # Arguments at start
50 .set MEM_ARG_BTX,0xa100 # Where we move them to so the
51 # BTX client can see them
52 .set MEM_ARG_SIZE,0x18 # Size of the arguments
53 .set MEM_BTX_ADDRESS,0x9000 # where BTX lives
54 .set MEM_BTX_ENTRY,0x9010 # where BTX starts to execute
55 .set MEM_BTX_OFFSET,MEM_PAGE_SIZE # offset of BTX in the loader
56 .set MEM_BTX_CLIENT,0xa000 # where BTX clients live
60 .set AOUT_TEXT,0x04 # text segment size
61 .set AOUT_DATA,0x08 # data segment size
62 .set AOUT_BSS,0x0c # zero'd BSS size
63 .set AOUT_SYMBOLS,0x10 # symbol table
64 .set AOUT_ENTRY,0x14 # entry point
65 .set AOUT_HEADER,MEM_PAGE_SIZE # size of the a.out header
69 .set SEL_SDATA,0x8 # Supervisor data
70 .set SEL_RDATA,0x10 # Real mode data
71 .set SEL_SCODE,0x18 # PM-32 code
72 .set SEL_SCODE16,0x20 # PM-16 code
76 .set INT_SYS,0x30 # BTX syscall interrupt
78 # Constants for reading from the CD.
80 .set ERROR_TIMEOUT,0x80 # BIOS timeout on read
81 .set NUM_RETRIES,3 # Num times to retry
82 .set SECTOR_SIZE,0x800 # size of a sector
83 .set SECTOR_SHIFT,11 # number of place to shift
84 .set BUFFER_LEN,0x100 # number of sectors in buffer
85 .set MAX_READ,0x10000 # max we can read at a time
86 .set MAX_READ_SEC,MAX_READ >> SECTOR_SHIFT
87 .set MEM_READ_BUFFER,0x9000 # buffer to read from CD
88 .set MEM_VOLDESC,MEM_READ_BUFFER # volume descriptor
89 .set MEM_DIR,MEM_VOLDESC+SECTOR_SIZE # Lookup buffer
90 .set VOLDESC_LBA,0x10 # LBA of vol descriptor
91 .set VD_PRIMARY,1 # Primary VD
92 .set VD_END,255 # VD Terminator
93 .set VD_ROOTDIR,156 # Offset of Root Dir Record
94 .set DIR_LEN,0 # Offset of Dir Record length
95 .set DIR_EA_LEN,1 # Offset of EA length
96 .set DIR_EXTENT,2 # Offset of 64-bit LBA
97 .set DIR_SIZE,10 # Offset of 64-bit length
98 .set DIR_NAMELEN,32 # Offset of 8-bit name len
99 .set DIR_NAME,33 # Offset of dir name
101 # We expect to be loaded by the BIOS at 0x7c00 (standard boot loader entry
110 start: cld # string ops inc
111 xor %ax,%ax # zero %ax
112 mov %ax,%ss # setup the
113 mov $start,%sp # stack
114 mov %ax,%ds # setup the
115 mov %ax,%es # data segments
116 mov %dl,drive # Save BIOS boot device
117 mov $msg_welcome,%si # %ds:(%si) -> welcome message
118 call putstr # display the welcome message
120 # Setup the arguments that the loader is expecting from boot[12]
122 mov $msg_bootinfo,%si # %ds:(%si) -> boot args message
123 call putstr # display the message
124 mov $MEM_ARG,%bx # %ds:(%bx) -> boot args
125 mov %bx,%di # %es:(%di) -> boot args
126 xor %eax,%eax # zero %eax
127 mov $(MEM_ARG_SIZE/4),%cx # Size of arguments in 32-bit
129 rep # Clear the arguments
131 mov drive,%dl # Store BIOS boot device
132 mov %dl,0x4(%bx) # in kargs->bootdev
133 or $KARGS_FLAGS_CD,0x8(%bx) # kargs->bootflags |=
136 # Load Volume Descriptor
138 mov $VOLDESC_LBA,%eax # Set LBA of first VD
139 load_vd: push %eax # Save %eax
140 mov $1,%dh # One sector
141 mov $MEM_VOLDESC,%ebx # Destination
142 call read # Read it in
143 cmpb $VD_PRIMARY,(%bx) # Primary VD?
145 pop %eax # Prepare to
147 cmpb $VD_END,(%bx) # Last VD?
148 jne load_vd # No, read next
149 mov $msg_novd,%si # No VD
151 have_vd: # Have Primary VD
153 # Try to look up the loader binary using the paths in the loader_paths
156 mov $loader_paths,%si # Point to start of array
157 lookup_path: push %si # Save file name pointer
158 call lookup # Try to find file
159 pop %di # Restore file name pointer
160 jnc lookup_found # Found this file
161 xor %al,%al # Look for next
162 mov $0xffff,%cx # path name by
165 mov %di,%si # Point %si at next path
166 mov (%si),%al # Get first char of next path
167 or %al,%al # Is it double nul?
168 jnz lookup_path # No, try it.
169 mov $msg_failed,%si # Failed message
171 lookup_found: # Found a loader file
173 # Load the binary into the buffer. Due to real mode addressing limitations
174 # we have to read it in 64k chunks.
176 mov DIR_SIZE(%bx),%eax # Read file length
177 add $SECTOR_SIZE-1,%eax # Convert length to sectors
178 shr $SECTOR_SHIFT,%eax
181 mov $msg_load2big,%si # Error message
183 load_sizeok: movzbw %al,%cx # Num sectors to read
184 mov DIR_EXTENT(%bx),%eax # Load extent
186 mov DIR_EA_LEN(%bx),%dl
187 add %edx,%eax # Skip extended
188 mov $MEM_READ_BUFFER,%ebx # Read into the buffer
189 load_loop: mov %cl,%dh
190 cmp $MAX_READ_SEC,%cl # Truncate to max read size
192 mov $MAX_READ_SEC,%dh
193 load_notrunc: sub %dh,%cl # Update count
195 call read # Read it in
197 add $MAX_READ_SEC,%eax # Update LBA
198 add $MAX_READ,%ebx # Update dest addr
199 jcxz load_done # Done?
200 jmp load_loop # Keep going
203 # Turn on the A20 address line
205 call seta20 # Turn A20 on
207 # Relocate the loader and BTX using a very lazy protected mode
209 mov $msg_relocate,%si # Display the
210 call putstr # relocation message
211 mov MEM_READ_BUFFER+AOUT_ENTRY,%edi # %edi is the destination
212 mov $(MEM_READ_BUFFER+AOUT_HEADER),%esi # %esi is
213 # the start of the text
215 mov MEM_READ_BUFFER+AOUT_TEXT,%ecx # %ecx = length of the text
217 push %edi # Save entry point for later
218 lgdt gdtdesc # setup our own gdt
219 cli # turn off interrupts
220 mov %cr0,%eax # Turn on
221 or $0x1,%al # protected
223 ljmp $SEL_SCODE,$pm_start # long jump to clear the
224 # instruction pre-fetch queue
226 pm_start: mov $SEL_SDATA,%ax # Initialize
227 mov %ax,%ds # %ds and
228 mov %ax,%es # %es to a flat selector
231 add $(MEM_PAGE_SIZE - 1),%edi # pad %edi out to a new page
232 and $~(MEM_PAGE_SIZE - 1),%edi # for the data segment
233 mov MEM_READ_BUFFER+AOUT_DATA,%ecx # size of the data segment
236 mov MEM_READ_BUFFER+AOUT_BSS,%ecx # size of the bss
237 xor %eax,%eax # zero %eax
238 add $3,%cl # round %ecx up to
239 shr $2,%ecx # a multiple of 4
242 mov MEM_READ_BUFFER+AOUT_ENTRY,%esi # %esi -> relocated loader
243 add $MEM_BTX_OFFSET,%esi # %esi -> BTX in the loader
244 mov $MEM_BTX_ADDRESS,%edi # %edi -> where BTX needs to go
245 movzwl 0xa(%esi),%ecx # %ecx -> length of BTX
248 ljmp $SEL_SCODE16,$pm_16 # Jump to 16-bit PM
250 pm_16: mov $SEL_RDATA,%ax # Initialize
251 mov %ax,%ds # %ds and
252 mov %ax,%es # %es to a real mode selector
253 mov %cr0,%eax # Turn off
254 and $~0x1,%al # protected
256 ljmp $0,$pm_end # Long jump to clear the
257 # instruction pre-fetch queue
258 pm_end: sti # Turn interrupts back on now
260 # Copy the BTX client to MEM_BTX_CLIENT
262 xor %ax,%ax # zero %ax and set
263 mov %ax,%ds # %ds and %es
264 mov %ax,%es # to segment 0
265 mov $MEM_BTX_CLIENT,%di # Prepare to relocate
266 mov $btx_client,%si # the simple btx client
267 mov $(btx_client_end-btx_client),%cx # length of btx client
269 movsb # simple BTX client
271 # Copy the boot[12] args to where the BTX client can see them
273 mov $MEM_ARG,%si # where the args are at now
274 mov $MEM_ARG_BTX,%di # where the args are moving to
275 mov $(MEM_ARG_SIZE/4),%cx # size of the arguments in longs
279 # Save the entry point so the client can get to it later on
281 pop %eax # Restore saved entry point
282 stosl # and add it to the end of
285 # Now we just start up BTX and let it do the rest
287 mov $msg_jump,%si # Display the
288 call putstr # jump message
289 ljmp $0,$MEM_BTX_ENTRY # Jump to the BTX entry point
292 # Lookup the file in the path at [SI] from the root directory.
294 # Trashes: All but BX
295 # Returns: CF = 0 (success), BX = pointer to record
298 lookup: mov $VD_ROOTDIR+MEM_VOLDESC,%bx # Root directory record
300 mov $msg_lookup,%si # Display lookup message
308 lookup_dir: lodsb # Get first char of path
309 cmp $0,%al # Are we done?
311 cmp $'/',%al # Skip path separator.
313 dec %si # Undo lodsb side effect
314 call find_file # Lookup first path item
315 jnc lookup_dir # Try next component
316 mov $msg_lookupfail,%si # Not found message
321 lookup_done: mov $msg_lookupok,%si # Success message
327 # Lookup file at [SI] in directory whose record is at [BX].
329 # Trashes: All but returns
330 # Returns: CF = 0 (success), BX = pointer to record, SI = next path item
331 # CF = 1 (not found), SI = preserved
333 find_file: mov DIR_EXTENT(%bx),%eax # Load extent
335 mov DIR_EA_LEN(%bx),%dl
336 add %edx,%eax # Skip extended attributes
337 mov %eax,rec_lba # Save LBA
338 mov DIR_SIZE(%bx),%eax # Save size
340 xor %cl,%cl # Zero length
342 ff.namelen: inc %cl # Update length
346 cmp $'/',%al # Path separator?
347 jnz ff.namelen # No, keep going
348 ff.namedone: dec %cl # Adjust length and save
351 ff.load: mov rec_lba,%eax # Load LBA
352 mov $MEM_DIR,%ebx # Address buffer
353 mov $1,%dh # One sector
354 call read # Read directory block
355 incl rec_lba # Update LBA to next block
356 ff.scan: mov %ebx,%edx # Check for EOF
362 ff.scan.1: cmpb $0,DIR_LEN(%bx) # Last record in block?
365 movzbw DIR_NAMELEN(%bx),%si # Find end of string
366 ff.checkver: cmpb $'0',DIR_NAME-1(%bx,%si) # Less than '0'?
368 cmpb $'9',DIR_NAME-1(%bx,%si) # Greater than '9'?
372 jmp ff.checklen # All numbers in name, so
374 ff.checkver.1: movzbw DIR_NAMELEN(%bx),%cx
375 cmp %cx,%si # Did we find any digits?
377 cmpb $';',DIR_NAME-1(%bx,%si) # Check for semicolon
379 dec %si # Skip semicolon
381 mov %cl,DIR_NAMELEN(%bx) # Adjust length
383 ff.checkver.2: mov %cx,%si # Restore %si to end of string
384 ff.checkdot: cmpb $'.',DIR_NAME-1(%bx,%si) # Trailing dot?
386 decb DIR_NAMELEN(%bx) # Adjust length
387 ff.checklen: pop %si # Restore
388 movzbw name_len,%cx # Load length of name
389 cmp %cl,DIR_NAMELEN(%bx) # Does length match?
390 je ff.checkname # Yes, check name
391 ff.nextrec: add DIR_LEN(%bx),%bl # Next record
394 ff.nextblock: subl $SECTOR_SIZE,rec_size # Adjust size
395 jnc ff.load # If subtract ok, keep going
396 ret # End of file, so not found
397 ff.checkname: lea DIR_NAME(%bx),%di # Address name in record
399 repe cmpsb # Compare name
400 je ff.match # We have a winner!
402 jmp ff.nextrec # Keep looking.
403 ff.match: add $2,%sp # Discard saved %si
408 # Load DH sectors starting at LBA EAX into [EBX].
412 read: push %si # Save
413 push %cx # Save since some BIOSs trash
414 mov %eax,edd_lba # LBA to read from
415 mov %ebx,%eax # Convert address
416 shr $4,%eax # to segment
417 mov %ax,edd_addr+0x2 # and store
418 read.retry: call twiddle # Entertain the user
420 mov $edd_packet,%si # Address Packet
421 mov %dh,edd_len # Set length
422 mov drive,%dl # BIOS Device
423 mov $0x42,%ah # BIOS: Extended Read
424 int $0x13 # Call BIOS
426 jc read.fail # Worked?
430 read.fail: cmp $ERROR_TIMEOUT,%ah # Timeout?
431 je read.retry # Yes, Retry.
432 read.error: mov %ah,%al # Save error
433 mov $hex_error,%di # Format it
435 mov $msg_badread,%si # Display Read error message
438 # Display error message at [SI] and halt.
440 error: call putstr # Display message
445 # Display a null-terminated string.
449 putstr: push %bx # Save
450 putstr.load: lodsb # load %al from %ds:(%si)
451 test %al,%al # stop at null
452 jnz putstr.putc # if the char != null, output it
454 ret # return when null is hit
455 putstr.putc: call putc # output char
456 jmp putstr.load # next char
459 # Display a single char.
461 putc: mov $0x7,%bx # attribute for output
462 mov $0xe,%ah # BIOS: put_char
463 int $0x10 # call BIOS, print char in %al
464 ret # Return to caller
467 # Output the "twiddle"
469 twiddle: push %ax # Save
471 mov twiddle_index,%al # Load index
472 mov $twiddle_chars,%bx # Address table
475 mov %al,twiddle_index # Save index for next call
477 call putc # Output it
478 mov $8,%al # Backspace
479 call putc # Output it
485 # Enable A20. Put an upper limit on the amount of time we wait for the
486 # keyboard controller to get ready (65K x ISA access time). If
487 # we wait more than that amount, the hardware is probably
488 # legacy-free and simply doesn't have a keyboard controller.
489 # Thus, the A20 line is already enabled.
491 seta20: cli # Disable interrupts
493 seta20.1: inc %cx # Increment, overflow?
495 in $0x64,%al # Get status
496 test $0x2,%al # Busy?
498 mov $0xd1,%al # Command: Write
499 out %al,$0x64 # output port
500 seta20.2: in $0x64,%al # Get status
501 test $0x2,%al # Busy?
503 mov $0xdf,%al # Enable
505 seta20.3: sti # Enable interrupts
509 # Convert AL to hex, saving the result to [EDI].
511 hex8: pushl %eax # Save
512 shrb $0x4,%al # Do upper
515 hex8.1: andb $0xf,%al # Get lower 4
516 cmpb $0xa,%al # Convert
517 sbbb $0x69,%al # to hex
519 orb $0x20,%al # To lower case
524 # BTX client to start btxldr
527 btx_client: mov $(MEM_ARG_BTX-MEM_BTX_CLIENT+MEM_ARG_SIZE-4), %esi
530 mov $(MEM_ARG_SIZE/4),%ecx # Number of words to push
532 push_arg: lodsl # Read argument
533 push %eax # Push it onto the stack
534 loop push_arg # Push all of the arguments
535 cld # In case anyone depends on this
536 pushl MEM_ARG_BTX-MEM_BTX_CLIENT+MEM_ARG_SIZE # Entry point of
538 push %eax # Emulate a near call
539 mov $0x1,%eax # 'exec' system call
540 int $INT_SYS # BTX system call
546 # Global descriptor table.
548 gdt: .word 0x0,0x0,0x0,0x0 # Null entry
549 .word 0xffff,0x0,0x9200,0xcf # SEL_SDATA
550 .word 0xffff,0x0,0x9200,0x0 # SEL_RDATA
551 .word 0xffff,0x0,0x9a00,0xcf # SEL_SCODE (32-bit)
552 .word 0xffff,0x0,0x9a00,0x8f # SEL_SCODE16 (16-bit)
555 # Pseudo-descriptors.
557 gdtdesc: .word gdt.1-gdt-1 # Limit
562 edd_packet: .byte 0x10 # Length
564 edd_len: .byte 0x0 # Num to read
566 edd_addr: .word 0x0,0x0 # Seg:Off
567 edd_lba: .quad 0x0 # LBA
572 # State for searching dir
574 rec_lba: .long 0x0 # LBA (adjusted for EA)
575 rec_size: .long 0x0 # File size
576 name_len: .byte 0x0 # Length of current name
578 twiddle_index: .byte 0x0
580 msg_welcome: .asciz "CD Loader 1.2\r\n\n"
581 msg_bootinfo: .asciz "Building the boot loader arguments\r\n"
582 msg_relocate: .asciz "Relocating the loader and the BTX\r\n"
583 msg_jump: .asciz "Starting the BTX loader\r\n"
584 msg_badread: .ascii "Read Error: 0x"
585 hex_error: .asciz "00\r\n"
586 msg_novd: .asciz "Could not find Primary Volume Descriptor\r\n"
587 msg_lookup: .asciz "Looking up "
588 msg_lookup2: .asciz "... "
589 msg_lookupok: .asciz "Found\r\n"
590 msg_lookupfail: .asciz "File not found\r\n"
591 msg_load2big: .asciz "File too big\r\n"
592 msg_failed: .asciz "Boot failed\r\n"
593 twiddle_chars: .ascii "|/-\\"
594 loader_paths: .asciz "/BOOT/LOADER"
595 .asciz "/boot/loader"
projects / FreeBSD / releng / 10.0.git / blob