2 # Copyright (c) 2006 TAKAHASHI Yoshihiro <nyan@FreeBSD.org>
3 # Copyright (c) 2001 John Baldwin <jhb@FreeBSD.org>
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions
9 # 1. Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
11 # 2. Redistributions in binary form must reproduce the above copyright
12 # notice, this list of conditions and the following disclaimer in the
13 # documentation and/or other materials provided with the distribution.
14 # 3. Neither the name of the author nor the names of any co-contributors
15 # may be used to endorse or promote products derived from this software
16 # without specific prior written permission.
18 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 # Basically, we first create a set of boot arguments to pass to the loaded
35 # binary. Then we attempt to load /boot/loader from the CD we were booted
44 .set STACK_OFF,0x6000 # Stack offset
45 .set LOAD_SEG,0x0700 # Load segment
46 .set LOAD_SIZE,2048 # Load size
47 .set DAUA,0x0584 # DA/UA
49 .set MEM_PAGE_SIZE,0x1000 # memory page size, 4k
50 .set MEM_ARG,0x900 # Arguments at start
51 .set MEM_ARG_BTX,0xa100 # Where we move them to so the
52 # BTX client can see them
53 .set MEM_ARG_SIZE,0x18 # Size of the arguments
54 .set MEM_BTX_ADDRESS,0x9000 # where BTX lives
55 .set MEM_BTX_ENTRY,0x9010 # where BTX starts to execute
56 .set MEM_BTX_OFFSET,MEM_PAGE_SIZE # offset of BTX in the loader
57 .set MEM_BTX_CLIENT,0xa000 # where BTX clients live
59 # PC98 machine type from sys/pc98/pc98/pc98_machdep.h
61 .set MEM_SYS, 0xa100 # System common area segment
62 .set PC98_MACHINE_TYPE, 0x0620 # PC98 machine type
63 .set EPSON_ID, 0x0624 # EPSON machine id
65 .set M_NEC_PC98, 0x0001
66 .set M_EPSON_PC98, 0x0002
67 .set M_NOT_H98, 0x0010
75 .set SIG1_OFF,0x1fe # Signature offset
76 .set SIG2_OFF,0x7fe # Signature offset
80 .set AOUT_TEXT,0x04 # text segment size
81 .set AOUT_DATA,0x08 # data segment size
82 .set AOUT_BSS,0x0c # zero'd BSS size
83 .set AOUT_SYMBOLS,0x10 # symbol table
84 .set AOUT_ENTRY,0x14 # entry point
85 .set AOUT_HEADER,MEM_PAGE_SIZE # size of the a.out header
89 .set SEL_SDATA,0x8 # Supervisor data
90 .set SEL_RDATA,0x10 # Real mode data
91 .set SEL_SCODE,0x18 # PM-32 code
92 .set SEL_SCODE16,0x20 # PM-16 code
96 .set INT_SYS,0x30 # BTX syscall interrupt
98 # Constants for reading from the CD.
100 .set ERROR_TIMEOUT,0x90 # BIOS timeout on read
101 .set NUM_RETRIES,3 # Num times to retry
102 .set SECTOR_SIZE,0x800 # size of a sector
103 .set SECTOR_SHIFT,11 # number of place to shift
104 .set BUFFER_LEN,0x100 # number of sectors in buffer
105 .set MAX_READ,0xf800 # max we can read at a time
106 .set MAX_READ_SEC,MAX_READ >> SECTOR_SHIFT
107 .set MEM_READ_BUFFER,0x9000 # buffer to read from CD
108 .set MEM_VOLDESC,MEM_READ_BUFFER # volume descriptor
109 .set MEM_DIR,MEM_VOLDESC+SECTOR_SIZE # Lookup buffer
110 .set VOLDESC_LBA,0x10 # LBA of vol descriptor
111 .set VD_PRIMARY,1 # Primary VD
112 .set VD_END,255 # VD Terminator
113 .set VD_ROOTDIR,156 # Offset of Root Dir Record
114 .set DIR_LEN,0 # Offset of Dir Record length
115 .set DIR_EA_LEN,1 # Offset of EA length
116 .set DIR_EXTENT,2 # Offset of 64-bit LBA
117 .set DIR_SIZE,10 # Offset of 64-bit length
118 .set DIR_NAMELEN,32 # Offset of 8-bit name len
119 .set DIR_NAME,33 # Offset of dir name
134 /* Setup the stack */
141 /* Setup graphic screen */
142 mov $0x42,%ah # 640x400
145 mov $0x40,%ah # graph on
148 /* Setup text screen */
149 mov $0x0a00,%ax # 80x25
151 mov $0x0c,%ah # text on
153 mov $0x13,%ah # cursor home
156 mov $0x11,%ah # cursor on
163 /* Transfer PC-9801 system common area */
174 /* Transfer EPSON machine type */
179 mov %eax,%es:(EPSON_ID)
181 /* Set machine type to PC98_SYSTEM_PARAMETER */
187 mov $0x06,%ah /* Read data */
188 mov (DAUA),%al /* Read drive */
189 pop %ecx /* cylinder */
190 xor %dx,%dx /* head / sector */
191 mov $LOAD_SEG,%bx /* Load address */
194 mov $LOAD_SIZE,%bx /* Load size */
200 ljmp $LOAD_SEG,$cdboot
203 # Set machine type to PC98_SYSTEM_PARAMETER.
205 machine_check: xor %edx,%edx
211 vsync.1: inb $0x60,%al
214 vsync.2: inb $0x60,%al
224 /* Get 'A' font from CG window */
231 font.1: add (%bx),%eax
238 m_pc98: or $M_NEC_PC98,%edx
245 m_epson: or $M_EPSON_PC98,%edx
246 m_not_h98: or $M_NOT_H98,%edx
259 1: mov $PC98_MACHINE_TYPE,%bx
264 # Print out the error message at [SI], wait for a keypress, and then
265 # reboot the machine.
268 mov $msg_keypress,%si
270 xor %ax,%ax # Get keypress
272 xor %ax,%ax # CPU reset
278 # Display a null-terminated string at [SI].
280 # Trashes: AX, BX, CX, DX, SI, DI
289 mov $0x00e1,%bx # Attribute
298 mov %bl,%es:0x2000(%di)
302 putstr.cr: xor %dx,%dx
307 putstr.lf: add %cx,%di
308 putstr.move: mov %di,%dx
309 mov $0x13,%ah # Move cursor
312 putstr.done: mov %di,cursor
318 # Display a single char at [AL], but don't move a cursor.
326 mov $0xe1,%bl # Attribute
327 mov %bl,%es:0x2000(%di)
334 msg_readerr: .asciz "Read Error\r\n"
335 msg_keypress: .asciz "\r\nPress any key to reboot\r\n"
341 .word 0xaa55 # Magic number
350 mov %es:(DAUA),%al # Save BIOS boot device
352 mov %cx,cylinder # Save BIOS boot cylinder
354 mov $msg_welcome,%si # %ds:(%si) -> welcome message
355 call putstr # display the welcome message
357 # Setup the arguments that the loader is expecting from boot[12]
359 mov $msg_bootinfo,%si # %ds:(%si) -> boot args message
360 call putstr # display the message
361 mov $MEM_ARG,%bx # %ds:(%bx) -> boot args
362 mov %bx,%di # %es:(%di) -> boot args
363 xor %eax,%eax # zero %eax
364 mov $(MEM_ARG_SIZE/4),%cx # Size of arguments in 32-bit
366 rep # Clear the arguments
368 mov drive,%dl # Store BIOS boot device
369 mov %dl,%es:0x4(%bx) # in kargs->bootdev
370 or $KARGS_FLAGS_CD,%es:0x8(%bx) # kargs->bootflags |=
373 # Load Volume Descriptor
375 mov $VOLDESC_LBA,%eax # Set LBA of first VD
376 load_vd: push %eax # Save %eax
377 mov $1,%dh # One sector
378 mov $MEM_VOLDESC,%ebx # Destination
379 call read # Read it in
380 cmpb $VD_PRIMARY,%es:(%bx) # Primary VD?
382 pop %eax # Prepare to
384 cmpb $VD_END,%es:(%bx) # Last VD?
385 jne load_vd # No, read next
386 mov $msg_novd,%si # No VD
388 have_vd: # Have Primary VD
390 # Try to look up the loader binary using the paths in the loader_paths
393 mov $loader_paths,%si # Point to start of array
394 lookup_path: push %si # Save file name pointer
395 call lookup # Try to find file
396 pop %di # Restore file name pointer
397 jnc lookup_found # Found this file
401 xor %al,%al # Look for next
402 mov $0xffff,%cx # path name by
406 mov %di,%si # Point %si at next path
407 mov (%si),%al # Get first char of next path
408 or %al,%al # Is it double nul?
409 jnz lookup_path # No, try it.
410 mov $msg_failed,%si # Failed message
412 lookup_found: # Found a loader file
414 # Load the binary into the buffer. Due to real mode addressing limitations
415 # we have to read it in 64k chunks.
417 mov %es:DIR_SIZE(%bx),%eax # Read file length
418 add $SECTOR_SIZE-1,%eax # Convert length to sectors
419 shr $SECTOR_SHIFT,%eax
422 mov $msg_load2big,%si # Error message
424 load_sizeok: movzbw %al,%cx # Num sectors to read
425 mov %es:DIR_EXTENT(%bx),%eax # Load extent
427 mov %es:DIR_EA_LEN(%bx),%dl
428 add %edx,%eax # Skip extended
429 mov $MEM_READ_BUFFER,%ebx # Read into the buffer
430 load_loop: mov %cl,%dh
431 cmp $MAX_READ_SEC,%cl # Truncate to max read size
433 mov $MAX_READ_SEC,%dh
434 load_notrunc: sub %dh,%cl # Update count
436 call read # Read it in
438 add $MAX_READ_SEC,%eax # Update LBA
439 add $MAX_READ,%ebx # Update dest addr
440 jcxz load_done # Done?
441 jmp load_loop # Keep going
444 # Turn on the A20 address line
446 xor %ax,%ax # Turn A20 on
451 # Relocate the loader and BTX using a very lazy protected mode
453 mov $msg_relocate,%si # Display the
454 call putstr # relocation message
455 mov %es:(MEM_READ_BUFFER+AOUT_ENTRY),%edi # %edi is the destination
456 mov $(MEM_READ_BUFFER+AOUT_HEADER),%esi # %esi is
457 # the start of the text
459 mov %es:(MEM_READ_BUFFER+AOUT_TEXT),%ecx # %ecx = length of the text
461 push %edi # Save entry point for later
462 lgdt gdtdesc # setup our own gdt
463 cli # turn off interrupts
464 mov %cr0,%eax # Turn on
465 or $0x1,%al # protected
467 ljmp $SEL_SCODE,$pm_start # long jump to clear the
468 # instruction pre-fetch queue
470 pm_start: mov $SEL_SDATA,%ax # Initialize
471 mov %ax,%ds # %ds and
472 mov %ax,%es # %es to a flat selector
475 add $(MEM_PAGE_SIZE - 1),%edi # pad %edi out to a new page
476 and $~(MEM_PAGE_SIZE - 1),%edi # for the data segment
477 mov MEM_READ_BUFFER+AOUT_DATA,%ecx # size of the data segment
480 mov MEM_READ_BUFFER+AOUT_BSS,%ecx # size of the bss
481 xor %eax,%eax # zero %eax
482 add $3,%cl # round %ecx up to
483 shr $2,%ecx # a multiple of 4
486 mov MEM_READ_BUFFER+AOUT_ENTRY,%esi # %esi -> relocated loader
487 add $MEM_BTX_OFFSET,%esi # %esi -> BTX in the loader
488 mov $MEM_BTX_ADDRESS,%edi # %edi -> where BTX needs to go
489 movzwl 0xa(%esi),%ecx # %ecx -> length of BTX
492 ljmp $SEL_SCODE16,$pm_16 # Jump to 16-bit PM
494 pm_16: mov $SEL_RDATA,%ax # Initialize
495 mov %ax,%ds # %ds and
496 mov %ax,%es # %es to a real mode selector
497 mov %cr0,%eax # Turn off
498 and $~0x1,%al # protected
500 ljmp $LOAD_SEG,$pm_end # Long jump to clear the
501 # instruction pre-fetch queue
502 pm_end: sti # Turn interrupts back on now
504 # Copy the BTX client to MEM_BTX_CLIENT
510 mov $MEM_BTX_CLIENT,%di # Prepare to relocate
511 mov $btx_client,%si # the simple btx client
512 mov $(btx_client_end-btx_client),%cx # length of btx client
514 movsb # simple BTX client
516 # Copy the boot[12] args to where the BTX client can see them
520 mov $MEM_ARG,%si # where the args are at now
521 mov $MEM_ARG_BTX,%di # where the args are moving to
522 mov $(MEM_ARG_SIZE/4),%cx # size of the arguments in longs
526 # Save the entry point so the client can get to it later on
528 pop %eax # Restore saved entry point
529 stosl # and add it to the end of
532 # Now we just start up BTX and let it do the rest
534 mov $msg_jump,%si # Display the
535 call putstr # jump message
536 ljmp $0,$MEM_BTX_ENTRY # Jump to the BTX entry point
539 # Lookup the file in the path at [SI] from the root directory.
541 # Trashes: All but BX
542 # Returns: CF = 0 (success), BX = pointer to record
545 lookup: mov $VD_ROOTDIR+MEM_VOLDESC,%bx # Root directory record
548 mov $msg_lookup,%si # Display lookup message
557 lookup_dir: lodsb # Get first char of path
558 cmp $0,%al # Are we done?
560 cmp $'/',%al # Skip path separator.
562 dec %si # Undo lodsb side effect
563 call find_file # Lookup first path item
564 jnc lookup_dir # Try next component
565 mov $msg_lookupfail,%si # Not found message
571 lookup_done: mov $msg_lookupok,%si # Success message
579 # Lookup file at [SI] in directory whose record is at [BX].
581 # Trashes: All but returns
582 # Returns: CF = 0 (success), BX = pointer to record, SI = next path item
583 # CF = 1 (not found), SI = preserved
585 find_file: mov %es:DIR_EXTENT(%bx),%eax # Load extent
587 mov %es:DIR_EA_LEN(%bx),%dl
588 add %edx,%eax # Skip extended attributes
589 mov %eax,rec_lba # Save LBA
590 mov %es:DIR_SIZE(%bx),%eax # Save size
592 xor %cl,%cl # Zero length
594 ff.namelen: inc %cl # Update length
598 cmp $'/',%al # Path separator?
599 jnz ff.namelen # No, keep going
600 ff.namedone: dec %cl # Adjust length and save
603 ff.load: mov rec_lba,%eax # Load LBA
604 mov $MEM_DIR,%ebx # Address buffer
605 mov $1,%dh # One sector
606 call read # Read directory block
607 incl rec_lba # Update LBA to next block
608 ff.scan: mov %ebx,%edx # Check for EOF
614 ff.scan.1: cmpb $0,%es:DIR_LEN(%bx) # Last record in block?
617 movzbw %es:DIR_NAMELEN(%bx),%si # Find end of string
618 ff.checkver: cmpb $'0',%es:DIR_NAME-1(%bx,%si) # Less than '0'?
620 cmpb $'9',%es:DIR_NAME-1(%bx,%si) # Greater than '9'?
624 jmp ff.checklen # All numbers in name, so
626 ff.checkver.1: movzbw %es:DIR_NAMELEN(%bx),%cx
627 cmp %cx,%si # Did we find any digits?
629 cmpb $';',%es:DIR_NAME-1(%bx,%si) # Check for semicolon
631 dec %si # Skip semicolon
633 mov %cl,%es:DIR_NAMELEN(%bx) # Adjust length
635 ff.checkver.2: mov %cx,%si # Restore %si to end of string
636 ff.checkdot: cmpb $'.',%es:DIR_NAME-1(%bx,%si) # Trailing dot?
638 decb %es:DIR_NAMELEN(%bx) # Adjust length
639 ff.checklen: pop %si # Restore
640 movzbw name_len,%cx # Load length of name
641 cmp %cl,%es:DIR_NAMELEN(%bx) # Does length match?
642 je ff.checkname # Yes, check name
643 ff.nextrec: add %es:DIR_LEN(%bx),%bl # Next record
646 ff.nextblock: subl $SECTOR_SIZE,rec_size # Adjust size
647 jnc ff.load # If subtract ok, keep going
648 ret # End of file, so not found
649 ff.checkname: lea DIR_NAME(%bx),%di # Address name in record
651 repe cmpsb # Compare name
652 je ff.match # We have a winner!
654 jmp ff.nextrec # Keep looking.
655 ff.match: add $2,%sp # Discard saved %si
660 # Load DH sectors starting at LBA EAX into [EBX].
664 read: push %es # Save
669 mov %bx,%bp # Set destination address
673 xor %bx,%bx # Set read bytes
675 shl $SECTOR_SHIFT,%bx # 2048 bytes/sec
676 mov %ax,%cx # Set LBA
679 read.retry: mov $0x06,%ah # BIOS device read
682 call twiddle # Entertain the user
683 int $0x1b # Call BIOS
684 jc read.fail # Worked?
691 read.fail: cmp $ERROR_TIMEOUT,%ah # Timeout?
692 je read.retry # Yes, Retry.
693 read.error: mov %ah,%al # Save error
694 mov $hex_error,%di # Format it
696 mov $msg_badread,%si # Display Read error message
700 # Output the "twiddle"
702 twiddle: push %ax # Save
704 mov twiddle_index,%al # Load index
705 mov $twiddle_chars,%bx # Address table
708 mov %al,twiddle_index # Save index for next call
710 call putc # Output it
716 # Convert AL to hex, saving the result to [EDI].
718 hex8: pushl %eax # Save
719 shrb $0x4,%al # Do upper
722 hex8.1: andb $0xf,%al # Get lower 4
723 cmpb $0xa,%al # Convert
724 sbbb $0x69,%al # to hex
726 orb $0x20,%al # To lower case
727 mov %al,(%di) # Save char
732 # BTX client to start btxldr
735 btx_client: mov $(MEM_ARG_BTX-MEM_BTX_CLIENT+MEM_ARG_SIZE-4), %esi
738 mov $(MEM_ARG_SIZE/4),%ecx # Number of words to push
740 push_arg: lodsl # Read argument
741 push %eax # Push it onto the stack
742 loop push_arg # Push all of the arguments
743 cld # In case anyone depends on this
744 pushl MEM_ARG_BTX-MEM_BTX_CLIENT+MEM_ARG_SIZE # Entry point of
746 push %eax # Emulate a near call
747 mov $0x1,%eax # 'exec' system call
748 int $INT_SYS # BTX system call
754 # Global descriptor table.
756 gdt: .word 0x0,0x0,0x0,0x0 # Null entry
757 .word 0xffff,0x0000,0x9200,0x00cf # SEL_SDATA
758 .word 0xffff,0x0000,0x9200,0x0000 # SEL_RDATA
759 .word 0xffff,LOAD_SEG<<4,0x9a00,0x00cf # SEL_SCODE (32-bit)
760 .word 0xffff,LOAD_SEG<<4,0x9a00,0x008f # SEL_SCODE16 (16-bit)
763 # Pseudo-descriptors.
765 gdtdesc: .word gdt.1-gdt-1 # Limit
766 .long LOAD_SEG<<4 + gdt # Base
775 # State for searching dir
777 rec_lba: .long 0x0 # LBA (adjusted for EA)
778 rec_size: .long 0x0 # File size
779 name_len: .byte 0x0 # Length of current name
782 twiddle_index: .byte 0x0
784 msg_welcome: .asciz "CD Loader 1.2\r\n\n"
785 msg_bootinfo: .asciz "Building the boot loader arguments\r\n"
786 msg_relocate: .asciz "Relocating the loader and the BTX\r\n"
787 msg_jump: .asciz "Starting the BTX loader\r\n"
788 msg_badread: .ascii "Read Error: 0x"
789 hex_error: .asciz "00\r\n"
790 msg_novd: .asciz "Could not find Primary Volume Descriptor\r\n"
791 msg_lookup: .asciz "Looking up "
792 msg_lookup2: .asciz "... "
793 msg_lookupok: .asciz "Found\r\n"
794 msg_lookupfail: .asciz "File not found\r\n"
795 msg_load2big: .asciz "File too big\r\n"
796 msg_failed: .asciz "Boot failed\r\n"
797 twiddle_chars: .ascii "|/-\\"
798 loader_paths: .asciz "/BOOT.PC98/LOADER"
799 .asciz "/boot.pc98/loader"
800 .asciz "/BOOT/LOADER"
801 .asciz "/boot/loader"
808 .word 0xaa55 # Magic number