1 ; -*- fundamental -*- (asm-mode sucks)
2 ; ****************************************************************************
6 ; A program to emulate an INT 13h disk BIOS from a "disk" in extended
9 ; Copyright 2001-2009 H. Peter Anvin - All Rights Reserved
10 ; Copyright 2009 Intel Corporation; author: H. Peter Anvin
11 ; Portions copyright 2009 Shao Miller [El Torito code]
13 ; This program is free software; you can redistribute it and/or modify
14 ; it under the terms of the GNU General Public License as published by
15 ; the Free Software Foundation, Inc., 53 Temple Place Ste 330,
16 ; Boston MA 02111-1307, USA; either version 2 of the License, or
17 ; (at your option) any later version; incorporated herein by reference.
19 ; ****************************************************************************
21 %include "../version.gen"
23 ; %define DEBUG_TRACERS ; Uncomment to get debugging tracers
31 %macro WRITEHEX2 0-1 al
41 %macro WRITEHEX4 0-1 ax
51 %macro WRITEHEX8 0-1 eax
73 %endif ; DEBUG_TRACERS
75 ; Flags we test our configuration against
76 %define CONFIG_READONLY 0x01
77 %define CONFIG_RAW 0x02
78 %define CONFIG_SAFEINT 0x04
79 %define CONFIG_BIGRAW 0x08 ; MUST be 8!
83 %define SECTORSIZE (1 << SECTORSIZE_LG2)
85 ; Parameter registers definition; this is the definition
87 %define P_DS word [bp+34]
88 %define P_ES word [bp+32]
89 %define P_EAX dword [bp+28]
90 %define P_HAX word [bp+30]
91 %define P_AX word [bp+28]
92 %define P_AL byte [bp+28]
93 %define P_AH byte [bp+29]
94 %define P_ECX dword [bp+24]
95 %define P_HCX word [bp+26]
96 %define P_CX word [bp+24]
97 %define P_CL byte [bp+24]
98 %define P_CH byte [bp+25]
99 %define P_EDX dword [bp+20]
100 %define P_HDX word [bp+22]
101 %define P_DX word [bp+20]
102 %define P_DL byte [bp+20]
103 %define P_DH byte [bp+21]
104 %define P_EBX dword [bp+16]
105 %define P_HBX word [bp+18]
106 %define P_HBXL byte [bp+18]
107 %define P_BX word [bp+16]
108 %define P_BL byte [bp+16]
109 %define P_BH byte [bp+17]
110 %define P_EBP dword [bp+8]
111 %define P_BP word [bp+8]
112 %define P_ESI dword [bp+4]
113 %define P_SI word [bp+4]
114 %define P_EDI dword [bp]
115 %define P_DI word [bp]
118 ; These pointers are used by the installer and
119 ; must be first in the binary
120 Pointers: dw Int13Start
126 IretPtr equ Int13Start.iret
128 cmp word [cs:Recursive],0
140 cmp word [cs:SavedAX],4a00h ; El Torito function?
141 jae our_drive ; We grab it
143 ; See if DL points to our class of device (FD, HD)
148 js .nomatch ; If SF=0, we have a class match here
149 ; 0x00 the sign bit for FD
150 ; 0x80 the sign bit for HD
151 jz our_drive ; If ZF=1, we have an exact match
153 jb .nomatch ; Drive < Our drive
154 cmp dl,[cs:DriveShiftLimit]
155 jae .nomatch ; Drive > The maximum drive
156 ; number that we will shift for.
157 ; This leaves any higher-up BIOS
158 ; drives alone, such as an optical
159 ; disc drive 0xA0 or 0xE0
160 dec dl ; Drive > Our drive, adjust drive #
167 inc word [cs:Recursive]
169 call far [cs:OldInt13]
171 dec word [cs:Recursive]
174 cmp byte [cs:SavedAX+1],08h ; Get drive params function?
175 je .norestoredl ; DL = number of drives
176 cmp byte [cs:SavedAX+1],15h ; Get disk type function?
178 test byte [bp+4],80h ; Hard disk?
179 jnz .norestoredl ; CX:DX = size of device
186 mov ax,[bp+2] ; Flags
188 mov [bx+4],al ; Arithmetic flags
199 jmp far [cs:OldInt13]
202 ; Set up standard entry frame
209 mov bp,sp ; Point BP to the entry stack frame
212 ; Note: AX == P_AX here
213 cmp ah,Int13FuncsCnt-1
216 mov al,[CD_PKT.type] ; Check if we are in
217 cmp al,0 ; El Torito no emulation mode
218 ja .emulation ; No. We support the function
219 cmp ah,3fh ; Yes. We must not support functions
220 jbe Invalid_jump ; 0 through 3Fh. Check and decide
223 xor al,al ; AL = 0 is standard entry condition
225 shr di,7 ; Convert AH to an offset in DI
228 Done: ; Standard routine for return
235 mov [es:bx],ah ; Save status
239 ; This sets the low byte (the arithmetic flags) of the
240 ; FLAGS on stack to either 00h (no flags) or 01h (CF)
241 ; depending on if AH was zero or not.
242 setnz [bx+4] ; Set CF iff error
250 ; Reset affects multiple drives, so we need to pass it on
252 xor ax,ax ; Bottom of memory
254 test dl,dl ; Always pass it on if we are
256 js .hard_disk ; Bit 7 set
257 ; Some BIOSes get very unhappy if we pass a reset floppy
258 ; command to them and don't actually have any floppies.
259 ; This is a bug, but we have to deal with it nontheless.
260 ; Therefore, if we are the *ONLY* floppy drive, and the
261 ; user didn't request HD reset, then just drop the command.
262 ; BIOS equipment byte, top two bits + 1 == total # of floppies
263 test byte [es:0x410],0C0h
265 jmp .pass_on ; ... otherwise pass it to the BIOS
267 ; ... same thing for hard disks, sigh ...
268 cmp byte [es:0x475],1 ; BIOS variable for number of hard
273 pop ax ; Drop return address
274 popad ; Restore all registers
277 lss esp,[cs:Stack] ; Restore the stack
278 and dl,80h ; Clear all but the type bit
283 pop dx ; Drop return address
286 mov ah,01h ; Unsupported function
290 test byte [DriveNo],80h
291 mov bl,02h ; Type 02h = floppy with changeline
293 ; Hard disks only! DO NOT set CX:DX for floppies...
294 ; it apparently causes Win98SE DOS to go into an loop
295 ; resetting the drive over and over. Sigh.
297 mov dx,[DiskSize] ; Return the disk size in sectors
302 mov P_AH,bl ; 02h floppy, 03h hard disk
303 pop ax ; Drop return address
304 xor ax,ax ; Success...
305 jmp DoneWeird ; But don't stick it into P_AX
311 mov ah,[bx] ; Copy last status
323 movzx ax,P_AL ; AH = 0, AL = transfer count
330 test byte [ConfigFlags],CONFIG_READONLY
333 xchg esi,edi ; Opposite direction of a Read!
335 .readonly: mov ah,03h ; Write protected medium
338 ; Verify integrity; just bounds-check
341 call setup_regs ; Returns error if appropriate
342 ; And fall through to success
344 CheckIfReady: ; These are always-successful noop functions
352 xor ax,ax ; Always successful
357 mov dl,[DriveCnt] ; Cached data
359 test byte [DriveNo],80h
367 dec ax ; We report the highest #, not the count
377 ; Is this MEMDISK installation check?
388 ; MEMDISK installation check...
394 mov P_DI,MemDisk_Info
400 ; EDD functions -- only if enabled
409 mov P_BX,0AA55h ; EDD signature
410 mov P_AX,03000h ; EDD 3.0
411 mov P_CX,0007h ; Bit 0 - Fixed disk access subset
412 ; Bit 1 - Locking and ejecting subset
414 pop ax ; Drop return address
416 jmp DoneWeird ; Success, but AH != 0, sigh...
432 xchg esi,edi ; Opposite direction of a Read!
439 call edd_setup_regs ; Just bounds checking
451 lodsw ; Length of our DPT
453 cmp cx,26 ; Minimum size
475 ; Set up registers as for a "Read", and compares against disk
477 ; WARNING: This fails immediately, even if we can transfer some
478 ; sectors. This isn't really the correct behaviour.
481 ; Convert a CHS address in P_CX/P_DH into an LBA in eax
483 ; CL[0:5] = sector (1-based) CL[7:6] = cyl[9:8]
486 movzx ebx,cl ; Sector number
488 dec ebx ; Sector number is 1-based
491 movzx edi,P_DH ; Head number
492 movzx eax,word [Heads]
496 xchg cl,ch ; Now (E)CX <- cylinder number
497 mul ecx ; eax <- Heads*cyl# (edx <- 0)
501 ; Now eax = LBA, edx = 0
504 ; setup_regs continues...
506 ; Note: edi[31:16] and ecx[31:16] = 0 already
507 mov di,P_BX ; Get linear address of target buffer
510 add edi,ecx ; EDI = address to fetch to
511 movzx ecx,P_AL ; Sector count
513 add eax,ecx ; LBA of final sector + 1
514 shl esi,SECTORSIZE_LG2 ; LBA -> byte offset
515 add esi,[DiskBuf] ; Get address in high memory
516 cmp eax,[DiskSize] ; Check the high mark against limit
518 shl ecx,SECTORSIZE_LG2-2 ; Convert count to dwords
521 .overrun: pop ax ; Drop setup_regs return address
522 mov ax,0200h ; Missing address mark
525 ; Set up registers as for an EDD Read, and compares against disk size.
529 mov si,P_SI ; DS:SI -> DAPA
536 cmp dword [es:si+4],-1
539 movzx ebx,word [es:si+4] ; Offset
540 movzx edi,word [es:si+6] ; Segment
546 cmp dx,24 ; Must be large enough to hold
550 cmp dword [es:si+20],0 ; > 4 GB addresses not supported
551 mov ax,0900h ; "Data boundary error" - bogus, but
552 ; no really better code available
558 cmp dword [es:si+12],0 ; LBA too large?
561 movzx ecx, word [es:si+2] ; Sectors to transfer
562 mov esi,[es:si+8] ; Starting sector
569 shl ecx,SECTORSIZE_LG2-2 ; Convert to dwords
570 shl esi,SECTORSIZE_LG2 ; Convert to an offset
577 mov ax,0100h ; Invalid command
579 pop ax ; Drop setup_regs return address
583 mov ax,0200h ; "Address mark not found" =
584 ; LBA beyond end of disk
586 and word [es:si+2],0 ; No sectors transferred
592 mov ax,0B200h ; Volume Not Removable
598 cmp al,1 ; We only support query, not terminate
599 jne ElToritoErr ; Fail
600 mov es,P_DS ; Caller's DS:SI pointed to packet
601 mov di,P_SI ; We'll use ES:DI
602 mov si,CD_PKT.size ; First byte is packet size
603 xor cx,0 ; Empty our count
604 ;mov cl,[ds:si] ; We'll copy that many bytes
606 rep movsb ; Copy until CX is zero
614 mov ax,100h ; Invalid parameter
620 ; INT 15h intercept routines
623 cmp edx,534D4150h ; "SMAP"
625 cmp ecx,20 ; Need 20 bytes
635 add bx,12 ; Advance to next
636 mov eax,[bx-4] ; Type
637 and eax,eax ; Null type?
638 jz .renew ; If so advance to next
640 mov eax,[bx-12] ; Start addr (low)
641 mov edx,[bx-8] ; Start addr (high)
644 mov eax,[bx] ; End addr (low)
645 mov edx,[bx+4] ; End addr (high)
646 sub eax,[bx-12] ; Derive the length
648 mov [es:di+8],eax ; Length (low)
649 mov [es:di+12],edx ; Length (high)
650 cmp dword [bx+8],-1 ; Type of next = end?
652 xor ebx,ebx ; Done with table
655 mov edx,eax ; Some systems expect eax = edx = SMAP
656 mov ecx,20 ; Bytes loaded
659 mov byte [bp+6], 02h ; Clear CF
664 mov byte [bp+6], 03h ; Set CF
681 jmp far [cs:OldInt15]
683 int15_e801: ; Get mem size for > 64 MB config
688 jmp short int15_success
690 int15_e881: ; Get mem size for > 64 MB config
696 jmp short int15_success
698 int15_88: ; Get extended mem size
699 mov ax,[cs:MemInt1588]
700 jmp short int15_success
703 ; Routine to copy in/out of high memory
704 ; esi = linear source address
705 ; edi = linear target address
706 ; ecx = 32-bit word count
708 ; Assumes cs = ds = es
716 mov bx, real_int15_stub
718 test byte [ConfigFlags], CONFIG_RAW|CONFIG_SAFEINT
719 jz .anymode ; Always do the real INT 15h
721 smsw ax ; Unprivileged!
723 jnz .protmode ; Protmode -> do real INT 15h
726 ; Raw or Safeint mode, and we're in real mode...
728 test byte [ConfigFlags], CONFIG_SAFEINT
733 ; We're in real mode, do it outselves
748 ; Test to see if A20 is enabled or not
765 push dx ; <D> Save A20 status
768 mov ax,2401h ; Enable A20
774 ; DX = 16 for BIGRAW, 8 for RAW
775 ; 8 is selector for a 64K flat segment,
776 ; 16 is selector for a 4GB flat segment.
783 mov bx,16 ; Large flat segment
789 ; DX has the appropriate value to put in
790 ; the registers on return
797 pop dx ; <D> A20 status
803 mov ax,2400h ; Disable A20
810 ; We're in real mode with CONFIG_SAFEINT, invoke the
811 ; original INT 15h vector. We used to test for the
812 ; INT 15h vector being unchanged here, but that is
813 ; *us*; however, the test was wrong for years (always
814 ; negative) so instead of fixing the test do what we
815 ; tested and don't bother probing.
816 mov bx, fake_int15_stub
830 push ecx ; Transfer size this cycle
834 mov [Mover_src1+2], al
839 mov [Mover_dst1+2], al
843 shl cx,1 ; Convert to 16-bit words
844 call bx ; INT 15h stub
845 pop eax ; Transfer size this cycle
865 cli ; Some BIOSes enable interrupts on INT 15h
924 Int13Funcs dw Reset ; 00h - RESET
925 dw GetStatus ; 01h - GET STATUS
927 dw Write ; 03h - WRITE
928 dw Verify ; 04h - VERIFY
929 dw Invalid ; 05h - FORMAT TRACK
930 dw Invalid ; 06h - FORMAT TRACK AND SET BAD FLAGS
931 dw Invalid ; 07h - FORMAT DRIVE AT TRACK
932 dw GetParms ; 08h - GET PARAMETERS
933 dw InitWithParms ; 09h - INITIALIZE CONTROLLER WITH
937 dw Seek ; 0Ch - SEEK TO CYLINDER
938 dw Reset ; 0Dh - RESET HARD DISKS
941 dw CheckIfReady ; 10h - CHECK IF READY
942 dw Recalibrate ; 11h - RECALIBRATE
946 dw GetDriveType ; 15h - GET DRIVE TYPE
947 dw DetectChange ; 16h - DETECT DRIVE CHANGE
959 dw ReadMult ; 21h - READ MULTIPLE
960 dw WriteMult ; 22h - WRITE MULTIPLE
961 dw SetMode ; 23h - SET CONTROLLER FEATURES
962 dw SetMode ; 24h - SET MULTIPLE MODE
963 dw Invalid ; 25h - IDENTIFY DRIVE
991 dw EDDPresence ; 41h - EDD PRESENCE DETECT
992 dw EDDRead ; 42h - EDD READ
993 dw EDDWrite ; 43h - EDD WRITE
994 dw EDDVerify ; 44h - EDD VERIFY
995 dw EDDLock ; 45h - EDD LOCK/UNLOCK MEDIA
996 dw EDDEject ; 46h - EDD EJECT
997 dw EDDSeek ; 47h - EDD SEEK
998 dw EDDGetParms ; 48h - EDD GET PARAMETERS
999 dw EDDDetectChange ; 49h - EDD MEDIA CHANGE STATUS
1000 %if ELTORITO ; EDD El Torito Functions
1001 ; ELTORITO _must_ also have EDD
1002 dw ElToritoEmulate ; 4Ah - Initiate Disk Emulation
1003 dw ElToritoTerminate ; 4Bh - Terminate Disk Emulation
1004 dw ElToritoBoot ; 4Ch - Initiate Disk Emu. and Reboot
1005 dw ElToritoCatalog ; 4Dh - Return Boot Catalog
1010 Int13FuncsCnt equ (Int13FuncsEnd-Int13Funcs) >> 1
1014 Shaker dw ShakerEnd-$-1 ; Descriptor table limit
1015 dd 0 ; Pointer to self
1018 Shaker_RMDS: dd 0x0000ffff ; 64K data segment
1021 Shaker_DS: dd 0x0000ffff ; 4GB data segment
1028 Mover dd 0, 0, 0, 0 ; Must be zero
1029 dw 0ffffh ; 64 K segment size
1030 Mover_src1: db 0, 0, 0 ; Low 24 bits of source addy
1031 db 93h ; Access rights
1032 db 00h ; Extended access rights
1033 Mover_src2: db 0 ; High 8 bits of source addy
1034 dw 0ffffh ; 64 K segment size
1035 Mover_dst1: db 0, 0, 0 ; Low 24 bits of target addy
1036 db 93h ; Access rights
1037 db 00h ; Extended access rights
1038 Mover_dst2: db 0 ; High 8 bits of source addy
1039 Mover_dummy2: dd 0, 0, 0, 0 ; More space for the BIOS
1042 MemDisk_Info equ $ ; Pointed to by installation check
1043 MDI_Bytes dw MDI_Len ; Total bytes in MDI structure
1044 MDI_Version db VERSION_MINOR, VERSION_MAJOR ; MEMDISK version
1046 PatchArea equ $ ; This gets filled in by the installer
1048 DiskBuf dd 0 ; Linear address of high memory disk
1049 DiskSize dd 0 ; Size of disk in blocks
1050 CommandLine dw 0, 0 ; Far pointer to saved command line
1052 OldInt13 dd 0 ; INT 13h in chain
1053 OldInt15 dd 0 ; INT 15h in chain
1055 OldDosMem dw 0 ; Old position of DOS mem end
1056 BootLoaderID db 0 ; Boot loader ID from header
1059 DPT_ptr dw 0 ; If nonzero, pointer to DPT
1060 ; Original DPT pointer follows
1062 MDI_Len equ $-MemDisk_Info
1064 ; ---- MDI structure ends here ---
1065 DriveShiftLimit db 0ffh ; Installer will [soon] probe for
1066 ; a range of contiguous drives.
1067 ; Any BIOS drives above this region
1068 ; shall not be impacted by our
1069 ; shifting behaviour
1070 db 0 ; pad to a DWORD
1071 dw 0 ; pad to a QWORD
1072 MemInt1588 dw 0 ; 1MB-65MB memory amount (1K)
1074 Cylinders dw 0 ; Cylinder count
1075 Heads dw 0 ; Head count
1076 Sectors dd 0 ; Sector count (zero-extended)
1078 Mem1MB dd 0 ; 1MB-16MB memory amount (1K)
1079 Mem16MB dd 0 ; 16MB-4G memory amount (64K)
1081 DriveNo db 0 ; Our drive number
1082 DriveType db 0 ; Our drive type (floppies)
1083 DriveCnt db 0 ; Drive count (from the BIOS)
1085 ConfigFlags db 0 ; Bit 0 - readonly
1087 MyStack dw 0 ; Offset of stack
1088 StatusPtr dw 0 ; Where to save status (zeroseg ptr)
1090 DPT times 16 db 0 ; BIOS parameter table pointer (floppies)
1091 OldInt1E dd 0 ; Previous INT 1E pointer (DPT)
1097 ; Bit 0 - DMA boundaries handled transparently
1098 ; Bit 3 - Device supports write verify
1099 ; Bit 5 - Media is lockable
1100 .cylinders dd 0 ; Filled in by installer
1101 .heads dd 0 ; Filled in by installer
1102 .sectors dd 0 ; Filled in by installer
1103 .totalsize dd 0, 0 ; Filled in by installer
1104 .bytespersec dw SECTORSIZE
1105 .eddtable dw -1, -1 ; Invalid DPTE pointer
1106 .dpikey dw 0BEDDh ; Device Path Info magic
1107 .dpilen db 2ch ; DPI len
1108 .res1 db 0 ; Reserved
1109 .res2 dw 0 ; Reserved
1110 .bustype dd 'MEM ' ; Host bus type (4 bytes, space padded)
1111 .inttype dd 'MEMORY ' ; Interface type (8 bytes, spc. padded)
1112 .intpath dd 0, 0 ; Interface path
1113 .devpath dd 0, 0, 0, 0 ; Device path
1114 .res3 db 0 ; Reserved
1115 .chksum db 0 ; DPI checksum
1118 ; El Torito CD Specification Packet - mostly filled in by installer
1120 .size db 13h ; Packet size (19 bytes)
1121 .type db 0 ; Boot media type (flags)
1122 .driveno db 0E0h ; INT 13h drive number
1123 .controller db 0 ; Controller index
1124 .start dd 0 ; Starting LBA of image
1125 .devno dw 0 ; Device number
1126 .user_buf dw 0 ; User buffer segment
1127 .load_seg dw 0 ; Load segment
1128 .sect_count dw 0 ; Emulated sectors to load
1129 .geom1 db 0 ; Cylinders bits 0 thru 7
1130 .geom2 db 0 ; Sects/track 0 thru 5, cyls 8, 9
1138 Stack dd 0 ; Saved SS:ESP on invocation
1140 SavedAX dw 0 ; AX saved on invocation
1141 Recursive dw 0 ; Recursion counter
1143 alignb 4, db 0 ; We *MUST* end on a dword boundary
1145 E820Table equ $ ; The installer loads the E820 table here
1146 TotalSize equ $ ; End pointer
projects / profile / ivi / syslinux.git / blob