1 ; -*- fundamental -*- (asm-mode sucks)
2 ; ****************************************************************************
6 ; A program to emulate an INT 13h disk BIOS from a "disk" in extended
9 ; Copyright 2001-2009 H. Peter Anvin - All Rights Reserved
10 ; Copyright 2009 Intel Corporation; author: H. Peter Anvin
11 ; Portions copyright 2009 Shao Miller [El Torito code, mBFT, safe hook]
13 ; This program is free software; you can redistribute it and/or modify
14 ; it under the terms of the GNU General Public License as published by
15 ; the Free Software Foundation, Inc., 53 Temple Place Ste 330,
16 ; Boston MA 02111-1307, USA; either version 2 of the License, or
17 ; (at your option) any later version; incorporated herein by reference.
19 ; ****************************************************************************
21 %include "../version.gen"
23 ; %define DEBUG_TRACERS ; Uncomment to get debugging tracers
31 %macro WRITEHEX2 0-1 al
41 %macro WRITEHEX4 0-1 ax
51 %macro WRITEHEX8 0-1 eax
73 %endif ; DEBUG_TRACERS
75 ; Flags we test our configuration against
76 %define CONFIG_READONLY 0x01
77 %define CONFIG_RAW 0x02
78 %define CONFIG_SAFEINT 0x04
79 %define CONFIG_BIGRAW 0x08 ; MUST be 8!
83 %define SECTORSIZE (1 << SECTORSIZE_LG2)
85 ; Parameter registers definition; this is the definition
87 %define P_DS word [bp+34]
88 %define P_ES word [bp+32]
89 %define P_EAX dword [bp+28]
90 %define P_HAX word [bp+30]
91 %define P_AX word [bp+28]
92 %define P_AL byte [bp+28]
93 %define P_AH byte [bp+29]
94 %define P_ECX dword [bp+24]
95 %define P_HCX word [bp+26]
96 %define P_CX word [bp+24]
97 %define P_CL byte [bp+24]
98 %define P_CH byte [bp+25]
99 %define P_EDX dword [bp+20]
100 %define P_HDX word [bp+22]
101 %define P_DX word [bp+20]
102 %define P_DL byte [bp+20]
103 %define P_DH byte [bp+21]
104 %define P_EBX dword [bp+16]
105 %define P_HBX word [bp+18]
106 %define P_HBXL byte [bp+18]
107 %define P_BX word [bp+16]
108 %define P_BL byte [bp+16]
109 %define P_BH byte [bp+17]
110 %define P_EBP dword [bp+8]
111 %define P_BP word [bp+8]
112 %define P_ESI dword [bp+4]
113 %define P_SI word [bp+4]
114 %define P_EDI dword [bp]
115 %define P_DI word [bp]
118 ; These pointers are used by the installer and
119 ; must be first in the binary
120 Pointers: dw Int13Start
126 IretPtr equ Int13Start.iret
128 jmp Int13Start.SafeHookEnd
129 db 0 ; Pad to three bytes
130 db '$INT13SF' ; Signature for "safe hook"
131 db 'MEMDISK ' ; Vendor ID
132 dd 0 ; SEG:OFF of previous INT 13h hook
133 ; Must be filled in by installer
134 dd 0 ; "Safe hook" flags
135 ; ---- "Safe hook" structure ends here ---
137 ; This next field should be guaranteed at this position after the
138 ; "safe hook" structure. This allows for a MEMDISK OS driver to
139 ; immediately find out the particular parameters using the mBFT
140 ; and MDI structures. This binary will have the offset to the mBFT
141 ; in this field to begin with, so the installer knows where the mBFT
142 ; is. This is akin to the "Pointers" section above. The installer
143 ; will refill this field with the physical address of the mBFT for
144 ; future consumers, such as OS drivers.
145 dd mBFT ; Offset from hook to the mBFT
148 cmp word [cs:Recursive],0
160 cmp word [cs:SavedAX],4a00h ; El Torito function?
161 jae our_drive ; We grab it
163 ; See if DL points to our class of device (FD, HD)
168 js .nomatch ; If SF=0, we have a class match here
169 ; 0x00 the sign bit for FD
170 ; 0x80 the sign bit for HD
171 jz our_drive ; If ZF=1, we have an exact match
173 jb .nomatch ; Drive < Our drive
174 cmp dl,[cs:DriveShiftLimit]
175 jae .nomatch ; Drive > The maximum drive
176 ; number that we will shift for.
177 ; This leaves any higher-up BIOS
178 ; drives alone, such as an optical
179 ; disc drive 0xA0 or 0xE0
180 dec dl ; Drive > Our drive, adjust drive #
187 inc word [cs:Recursive]
189 call far [cs:OldInt13]
191 dec word [cs:Recursive]
194 cmp byte [cs:SavedAX+1],08h ; Get drive params function?
195 je .norestoredl ; DL = number of drives
196 cmp byte [cs:SavedAX+1],15h ; Get disk type function?
198 test byte [bp+4],80h ; Hard disk?
199 jnz .norestoredl ; CX:DX = size of device
206 mov ax,[bp+2] ; Flags
208 mov [bx+4],al ; Arithmetic flags
219 jmp far [cs:OldInt13]
222 ; Set up standard entry frame
229 mov bp,sp ; Point BP to the entry stack frame
232 ; Note: AX == P_AX here
233 cmp ah,Int13FuncsCnt-1
236 mov al,[CD_PKT.type] ; Check if we are in
237 cmp al,0 ; El Torito no emulation mode
238 ja .emulation ; No. We support the function
239 cmp ah,3fh ; Yes. We must not support functions
240 jbe Invalid_jump ; 0 through 3Fh. Check and decide
243 xor al,al ; AL = 0 is standard entry condition
245 shr di,7 ; Convert AH to an offset in DI
248 Done: ; Standard routine for return
255 mov [es:bx],ah ; Save status
259 ; This sets the low byte (the arithmetic flags) of the
260 ; FLAGS on stack to either 00h (no flags) or 01h (CF)
261 ; depending on if AH was zero or not.
262 setnz [bx+4] ; Set CF iff error
270 ; Reset affects multiple drives, so we need to pass it on
272 xor ax,ax ; Bottom of memory
274 test dl,dl ; Always pass it on if we are
276 js .hard_disk ; Bit 7 set
277 ; Some BIOSes get very unhappy if we pass a reset floppy
278 ; command to them and don't actually have any floppies.
279 ; This is a bug, but we have to deal with it nontheless.
280 ; Therefore, if we are the *ONLY* floppy drive, and the
281 ; user didn't request HD reset, then just drop the command.
282 ; BIOS equipment byte, top two bits + 1 == total # of floppies
283 test byte [es:0x410],0C0h
285 jmp .pass_on ; ... otherwise pass it to the BIOS
287 ; ... same thing for hard disks, sigh ...
288 cmp byte [es:0x475],1 ; BIOS variable for number of hard
293 pop ax ; Drop return address
294 popad ; Restore all registers
297 lss esp,[cs:Stack] ; Restore the stack
298 and dl,80h ; Clear all but the type bit
303 pop dx ; Drop return address
306 mov ah,01h ; Unsupported function
310 test byte [DriveNo],80h
311 mov bl,02h ; Type 02h = floppy with changeline
313 ; Hard disks only! DO NOT set CX:DX for floppies...
314 ; it apparently causes Win98SE DOS to go into an loop
315 ; resetting the drive over and over. Sigh.
317 mov dx,[DiskSize] ; Return the disk size in sectors
322 mov P_AH,bl ; 02h floppy, 03h hard disk
323 pop ax ; Drop return address
324 xor ax,ax ; Success...
325 jmp DoneWeird ; But don't stick it into P_AX
331 mov ah,[bx] ; Copy last status
343 movzx ax,P_AL ; AH = 0, AL = transfer count
350 test byte [ConfigFlags],CONFIG_READONLY
353 xchg esi,edi ; Opposite direction of a Read!
355 .readonly: mov ah,03h ; Write protected medium
358 ; Verify integrity; just bounds-check
361 call setup_regs ; Returns error if appropriate
362 ; And fall through to success
364 CheckIfReady: ; These are always-successful noop functions
372 xor ax,ax ; Always successful
377 mov dl,[DriveCnt] ; Cached data
379 test byte [DriveNo],80h
387 dec ax ; We report the highest #, not the count
397 ; Is this MEMDISK installation check?
408 ; MEMDISK installation check...
414 mov P_DI,MemDisk_Info
420 ; EDD functions -- only if enabled
429 mov P_BX,0AA55h ; EDD signature
430 mov P_AX,03000h ; EDD 3.0
431 mov P_CX,0007h ; Bit 0 - Fixed disk access subset
432 ; Bit 1 - Locking and ejecting subset
434 pop ax ; Drop return address
436 jmp DoneWeird ; Success, but AH != 0, sigh...
452 xchg esi,edi ; Opposite direction of a Read!
459 call edd_setup_regs ; Just bounds checking
471 lodsw ; Length of our DPT
473 cmp cx,26 ; Minimum size
495 ; Set up registers as for a "Read", and compares against disk
497 ; WARNING: This fails immediately, even if we can transfer some
498 ; sectors. This isn't really the correct behaviour.
501 ; Convert a CHS address in P_CX/P_DH into an LBA in eax
503 ; CL[0:5] = sector (1-based) CL[7:6] = cyl[9:8]
506 movzx ebx,cl ; Sector number
508 dec ebx ; Sector number is 1-based
511 movzx edi,P_DH ; Head number
512 movzx eax,word [Heads]
516 xchg cl,ch ; Now (E)CX <- cylinder number
517 mul ecx ; eax <- Heads*cyl# (edx <- 0)
521 ; Now eax = LBA, edx = 0
524 ; setup_regs continues...
526 ; Note: edi[31:16] and ecx[31:16] = 0 already
527 mov di,P_BX ; Get linear address of target buffer
530 add edi,ecx ; EDI = address to fetch to
531 movzx ecx,P_AL ; Sector count
533 add eax,ecx ; LBA of final sector + 1
534 shl esi,SECTORSIZE_LG2 ; LBA -> byte offset
535 add esi,[DiskBuf] ; Get address in high memory
536 cmp eax,[DiskSize] ; Check the high mark against limit
538 shl ecx,SECTORSIZE_LG2-2 ; Convert count to dwords
541 .overrun: pop ax ; Drop setup_regs return address
542 mov ax,0200h ; Missing address mark
545 ; Set up registers as for an EDD Read, and compares against disk size.
549 mov si,P_SI ; DS:SI -> DAPA
556 cmp dword [es:si+4],-1
559 movzx ebx,word [es:si+4] ; Offset
560 movzx edi,word [es:si+6] ; Segment
566 cmp dx,24 ; Must be large enough to hold
570 cmp dword [es:si+20],0 ; > 4 GB addresses not supported
571 mov ax,0900h ; "Data boundary error" - bogus, but
572 ; no really better code available
578 cmp dword [es:si+12],0 ; LBA too large?
581 movzx ecx, word [es:si+2] ; Sectors to transfer
582 mov esi,[es:si+8] ; Starting sector
589 shl ecx,SECTORSIZE_LG2-2 ; Convert to dwords
590 shl esi,SECTORSIZE_LG2 ; Convert to an offset
597 mov ax,0100h ; Invalid command
599 pop ax ; Drop setup_regs return address
603 mov ax,0200h ; "Address mark not found" =
604 ; LBA beyond end of disk
606 and word [es:si+2],0 ; No sectors transferred
612 mov ax,0B200h ; Volume Not Removable
618 cmp al,1 ; We only support query, not terminate
619 jne ElToritoErr ; Fail
620 mov es,P_DS ; Caller's DS:SI pointed to packet
621 mov di,P_SI ; We'll use ES:DI
622 mov si,CD_PKT.size ; First byte is packet size
623 xor cx,0 ; Empty our count
624 ;mov cl,[ds:si] ; We'll copy that many bytes
626 rep movsb ; Copy until CX is zero
634 mov ax,100h ; Invalid parameter
640 ; INT 15h intercept routines
643 cmp edx,534D4150h ; "SMAP"
645 cmp ecx,20 ; Need 20 bytes
655 add bx,12 ; Advance to next
656 mov eax,[bx-4] ; Type
657 and eax,eax ; Null type?
658 jz .renew ; If so advance to next
660 mov eax,[bx-12] ; Start addr (low)
661 mov edx,[bx-8] ; Start addr (high)
664 mov eax,[bx] ; End addr (low)
665 mov edx,[bx+4] ; End addr (high)
666 sub eax,[bx-12] ; Derive the length
668 mov [es:di+8],eax ; Length (low)
669 mov [es:di+12],edx ; Length (high)
670 cmp dword [bx+8],-1 ; Type of next = end?
672 xor ebx,ebx ; Done with table
675 mov edx,eax ; Some systems expect eax = edx = SMAP
676 mov ecx,20 ; Bytes loaded
679 mov byte [bp+6], 02h ; Clear CF
684 mov byte [bp+6], 03h ; Set CF
701 jmp far [cs:OldInt15]
703 int15_e801: ; Get mem size for > 64 MB config
708 jmp short int15_success
710 int15_e881: ; Get mem size for > 64 MB config
716 jmp short int15_success
718 int15_88: ; Get extended mem size
719 mov ax,[cs:MemInt1588]
720 jmp short int15_success
723 ; Routine to copy in/out of high memory
724 ; esi = linear source address
725 ; edi = linear target address
726 ; ecx = 32-bit word count
728 ; Assumes cs = ds = es
736 mov bx, real_int15_stub
738 test byte [ConfigFlags], CONFIG_RAW|CONFIG_SAFEINT
739 jz .anymode ; Always do the real INT 15h
741 smsw ax ; Unprivileged!
743 jnz .protmode ; Protmode -> do real INT 15h
746 ; Raw or Safeint mode, and we're in real mode...
748 test byte [ConfigFlags], CONFIG_SAFEINT
753 ; We're in real mode, do it outselves
768 ; Test to see if A20 is enabled or not
785 push dx ; <D> Save A20 status
788 mov ax,2401h ; Enable A20
794 ; DX = 16 for BIGRAW, 8 for RAW
795 ; 8 is selector for a 64K flat segment,
796 ; 16 is selector for a 4GB flat segment.
803 mov bx,16 ; Large flat segment
809 ; DX has the appropriate value to put in
810 ; the registers on return
817 pop dx ; <D> A20 status
823 mov ax,2400h ; Disable A20
830 ; We're in real mode with CONFIG_SAFEINT, invoke the
831 ; original INT 15h vector. We used to test for the
832 ; INT 15h vector being unchanged here, but that is
833 ; *us*; however, the test was wrong for years (always
834 ; negative) so instead of fixing the test do what we
835 ; tested and don't bother probing.
836 mov bx, fake_int15_stub
850 push ecx ; Transfer size this cycle
854 mov [Mover_src1+2], al
859 mov [Mover_dst1+2], al
863 shl cx,1 ; Convert to 16-bit words
864 call bx ; INT 15h stub
865 pop eax ; Transfer size this cycle
885 cli ; Some BIOSes enable interrupts on INT 15h
944 Int13Funcs dw Reset ; 00h - RESET
945 dw GetStatus ; 01h - GET STATUS
947 dw Write ; 03h - WRITE
948 dw Verify ; 04h - VERIFY
949 dw Invalid ; 05h - FORMAT TRACK
950 dw Invalid ; 06h - FORMAT TRACK AND SET BAD FLAGS
951 dw Invalid ; 07h - FORMAT DRIVE AT TRACK
952 dw GetParms ; 08h - GET PARAMETERS
953 dw InitWithParms ; 09h - INITIALIZE CONTROLLER WITH
957 dw Seek ; 0Ch - SEEK TO CYLINDER
958 dw Reset ; 0Dh - RESET HARD DISKS
961 dw CheckIfReady ; 10h - CHECK IF READY
962 dw Recalibrate ; 11h - RECALIBRATE
966 dw GetDriveType ; 15h - GET DRIVE TYPE
967 dw DetectChange ; 16h - DETECT DRIVE CHANGE
979 dw ReadMult ; 21h - READ MULTIPLE
980 dw WriteMult ; 22h - WRITE MULTIPLE
981 dw SetMode ; 23h - SET CONTROLLER FEATURES
982 dw SetMode ; 24h - SET MULTIPLE MODE
983 dw Invalid ; 25h - IDENTIFY DRIVE
1011 dw EDDPresence ; 41h - EDD PRESENCE DETECT
1012 dw EDDRead ; 42h - EDD READ
1013 dw EDDWrite ; 43h - EDD WRITE
1014 dw EDDVerify ; 44h - EDD VERIFY
1015 dw EDDLock ; 45h - EDD LOCK/UNLOCK MEDIA
1016 dw EDDEject ; 46h - EDD EJECT
1017 dw EDDSeek ; 47h - EDD SEEK
1018 dw EDDGetParms ; 48h - EDD GET PARAMETERS
1019 dw EDDDetectChange ; 49h - EDD MEDIA CHANGE STATUS
1020 %if ELTORITO ; EDD El Torito Functions
1021 ; ELTORITO _must_ also have EDD
1022 dw ElToritoEmulate ; 4Ah - Initiate Disk Emulation
1023 dw ElToritoTerminate ; 4Bh - Terminate Disk Emulation
1024 dw ElToritoBoot ; 4Ch - Initiate Disk Emu. and Reboot
1025 dw ElToritoCatalog ; 4Dh - Return Boot Catalog
1030 Int13FuncsCnt equ (Int13FuncsEnd-Int13Funcs) >> 1
1034 Shaker dw ShakerEnd-$-1 ; Descriptor table limit
1035 dd 0 ; Pointer to self
1038 Shaker_RMDS: dd 0x0000ffff ; 64K data segment
1041 Shaker_DS: dd 0x0000ffff ; 4GB data segment
1048 Mover dd 0, 0, 0, 0 ; Must be zero
1049 dw 0ffffh ; 64 K segment size
1050 Mover_src1: db 0, 0, 0 ; Low 24 bits of source addy
1051 db 93h ; Access rights
1052 db 00h ; Extended access rights
1053 Mover_src2: db 0 ; High 8 bits of source addy
1054 dw 0ffffh ; 64 K segment size
1055 Mover_dst1: db 0, 0, 0 ; Low 24 bits of target addy
1056 db 93h ; Access rights
1057 db 00h ; Extended access rights
1058 Mover_dst2: db 0 ; High 8 bits of source addy
1059 Mover_dummy2: dd 0, 0, 0, 0 ; More space for the BIOS
1063 ; Fields common to all ACPI tables
1064 dd ' ' ; ACPI signature ("mBFT")
1065 ; This is filled-in by the installer
1066 ; to avoid an accidentally valid mBFT
1067 dd mBFT_Len ; ACPI table length
1068 db 1 ; ACPI revision
1069 db 0 ; ACPI table checksum
1070 db 'MEMDSK' ; ACPI OEM ID
1071 db 'Syslinux' ; ACPI OEM table ID
1072 dd 0 ; ACPI OEM revision
1073 dd 0 ; ACPI ASL compiler vendor ID
1074 dd 0 ; ACPI ASL compiler revision
1075 ; The next field is mBFT-specific and filled-in by the installer
1076 dd 0 ; "Safe hook" physical address
1078 ; Note that the above ends on a DWORD boundary.
1079 ; The MDI has always started at such a boundary.
1080 MemDisk_Info equ $ ; Pointed to by installation check
1081 MDI_Bytes dw MDI_Len ; Total bytes in MDI structure
1082 MDI_Version db VERSION_MINOR, VERSION_MAJOR ; MEMDISK version
1084 PatchArea equ $ ; This gets filled in by the installer
1086 DiskBuf dd 0 ; Linear address of high memory disk
1087 DiskSize dd 0 ; Size of disk in blocks
1088 CommandLine dw 0, 0 ; Far pointer to saved command line
1090 OldInt13 dd 0 ; INT 13h in chain
1091 OldInt15 dd 0 ; INT 15h in chain
1093 OldDosMem dw 0 ; Old position of DOS mem end
1094 BootLoaderID db 0 ; Boot loader ID from header
1097 DPT_ptr dw 0 ; If nonzero, pointer to DPT
1098 ; Original DPT pointer follows
1100 MDI_Len equ $-MemDisk_Info
1101 mBFT_Len equ $-mBFT ; mBFT includes the MDI
1103 ; ---- MDI structure ends here ---
1104 DriveShiftLimit db 0ffh ; Installer will probe for
1105 ; a range of contiguous drives.
1106 ; Any BIOS drives above this region
1107 ; shall not be impacted by our
1108 ; shifting behaviour
1109 db 0 ; pad to a DWORD
1110 dw 0 ; pad to a QWORD
1111 MemInt1588 dw 0 ; 1MB-65MB memory amount (1K)
1113 Cylinders dw 0 ; Cylinder count
1114 Heads dw 0 ; Head count
1115 Sectors dd 0 ; Sector count (zero-extended)
1117 Mem1MB dd 0 ; 1MB-16MB memory amount (1K)
1118 Mem16MB dd 0 ; 16MB-4G memory amount (64K)
1120 DriveNo db 0 ; Our drive number
1121 DriveType db 0 ; Our drive type (floppies)
1122 DriveCnt db 0 ; Drive count (from the BIOS)
1124 ConfigFlags db 0 ; Bit 0 - readonly
1126 MyStack dw 0 ; Offset of stack
1127 StatusPtr dw 0 ; Where to save status (zeroseg ptr)
1129 DPT times 16 db 0 ; BIOS parameter table pointer (floppies)
1130 OldInt1E dd 0 ; Previous INT 1E pointer (DPT)
1136 ; Bit 0 - DMA boundaries handled transparently
1137 ; Bit 3 - Device supports write verify
1138 ; Bit 5 - Media is lockable
1139 .cylinders dd 0 ; Filled in by installer
1140 .heads dd 0 ; Filled in by installer
1141 .sectors dd 0 ; Filled in by installer
1142 .totalsize dd 0, 0 ; Filled in by installer
1143 .bytespersec dw SECTORSIZE
1144 .eddtable dw -1, -1 ; Invalid DPTE pointer
1145 .dpikey dw 0BEDDh ; Device Path Info magic
1146 .dpilen db 2ch ; DPI len
1147 .res1 db 0 ; Reserved
1148 .res2 dw 0 ; Reserved
1149 .bustype dd 'MEM ' ; Host bus type (4 bytes, space padded)
1150 .inttype dd 'MEMORY ' ; Interface type (8 bytes, spc. padded)
1151 .intpath dd 0, 0 ; Interface path
1152 .devpath dd 0, 0, 0, 0 ; Device path
1153 .res3 db 0 ; Reserved
1154 .chksum db 0 ; DPI checksum
1157 ; El Torito CD Specification Packet - mostly filled in by installer
1159 .size db 13h ; Packet size (19 bytes)
1160 .type db 0 ; Boot media type (flags)
1161 .driveno db 0E0h ; INT 13h drive number
1162 .controller db 0 ; Controller index
1163 .start dd 0 ; Starting LBA of image
1164 .devno dw 0 ; Device number
1165 .user_buf dw 0 ; User buffer segment
1166 .load_seg dw 0 ; Load segment
1167 .sect_count dw 0 ; Emulated sectors to load
1168 .geom1 db 0 ; Cylinders bits 0 thru 7
1169 .geom2 db 0 ; Sects/track 0 thru 5, cyls 8, 9
1177 Stack dd 0 ; Saved SS:ESP on invocation
1179 SavedAX dw 0 ; AX saved on invocation
1180 Recursive dw 0 ; Recursion counter
1182 alignb 4, db 0 ; We *MUST* end on a dword boundary
1184 E820Table equ $ ; The installer loads the E820 table here
1185 TotalSize equ $ ; End pointer
projects / profile / ivi / syslinux.git / blob