1 ; -*- fundamental -*- (asm-mode sucks)
2 ; ****************************************************************************
6 ; A program to emulate an INT 13h disk BIOS from a "disk" in extended
9 ; Copyright 2001-2009 H. Peter Anvin - All Rights Reserved
10 ; Copyright 2009 Intel Corporation; author: H. Peter Anvin
11 ; Portions copyright 2009 Shao Miller [El Torito code]
13 ; This program is free software; you can redistribute it and/or modify
14 ; it under the terms of the GNU General Public License as published by
15 ; the Free Software Foundation, Inc., 53 Temple Place Ste 330,
16 ; Boston MA 02111-1307, USA; either version 2 of the License, or
17 ; (at your option) any later version; incorporated herein by reference.
19 ; ****************************************************************************
21 %include "../version.gen"
23 ; %define DEBUG_TRACERS ; Uncomment to get debugging tracers
31 %macro WRITEHEX2 0-1 al
41 %macro WRITEHEX4 0-1 ax
51 %macro WRITEHEX8 0-1 eax
73 %endif ; DEBUG_TRACERS
75 ; Flags we test our configuration against
76 %define CONFIG_READONLY 0x01
77 %define CONFIG_RAW 0x02
78 %define CONFIG_SAFEINT 0x04
79 %define CONFIG_BIGRAW 0x08 ; MUST be 8!
83 %define SECTORSIZE (1 << SECTORSIZE_LG2)
85 ; Parameter registers definition; this is the definition
87 %define P_DS word [bp+34]
88 %define P_ES word [bp+32]
89 %define P_EAX dword [bp+28]
90 %define P_HAX word [bp+30]
91 %define P_AX word [bp+28]
92 %define P_AL byte [bp+28]
93 %define P_AH byte [bp+29]
94 %define P_ECX dword [bp+24]
95 %define P_HCX word [bp+26]
96 %define P_CX word [bp+24]
97 %define P_CL byte [bp+24]
98 %define P_CH byte [bp+25]
99 %define P_EDX dword [bp+20]
100 %define P_HDX word [bp+22]
101 %define P_DX word [bp+20]
102 %define P_DL byte [bp+20]
103 %define P_DH byte [bp+21]
104 %define P_EBX dword [bp+16]
105 %define P_HBX word [bp+18]
106 %define P_HBXL byte [bp+18]
107 %define P_BX word [bp+16]
108 %define P_BL byte [bp+16]
109 %define P_BH byte [bp+17]
110 %define P_EBP dword [bp+8]
111 %define P_BP word [bp+8]
112 %define P_ESI dword [bp+4]
113 %define P_SI word [bp+4]
114 %define P_EDI dword [bp]
115 %define P_DI word [bp]
118 ; These pointers are used by the installer and
119 ; must be first in the binary
120 Pointers: dw Int13Start
126 IretPtr equ Int13Start.iret
128 cmp word [cs:Recursive],0
140 cmp word [cs:SavedAX],4a00h ; El Torito function?
141 jae our_drive ; We grab it
143 ; See if DL points to our class of device (FD, HD)
148 js .nomatch ; If SF=0, we have a class match here
149 ; 0x00 the sign bit for FD
150 ; 0x80 the sign bit for HD
151 jz our_drive ; If ZF=1, we have an exact match
153 jb .nomatch ; Drive < Our drive
154 cmp dl,[cs:DriveShiftLimit]
155 jae .nomatch ; Drive > The maximum drive
156 ; number that we will shift for.
157 ; This leaves any higher-up BIOS
158 ; drives alone, such as an optical
159 ; disc drive 0xA0 or 0xE0
160 dec dl ; Drive > Our drive, adjust drive #
167 inc word [cs:Recursive]
169 call far [cs:OldInt13]
171 dec word [cs:Recursive]
174 cmp byte [cs:SavedAX+1],08h ; Get drive params function?
175 je .norestoredl ; DL = number of drives
176 cmp byte [cs:SavedAX+1],15h ; Get disk type function?
177 je .norestoredl ; CX:DX = size of device
184 mov ax,[bp+2] ; Flags
186 mov [bx+4],al ; Arithmetic flags
197 jmp far [cs:OldInt13]
200 ; Set up standard entry frame
207 mov bp,sp ; Point BP to the entry stack frame
210 ; Note: AX == P_AX here
211 cmp ah,Int13FuncsCnt-1
214 mov al,[CD_PKT.type] ; Check if we are in
215 cmp al,0 ; El Torito no emulation mode
216 ja .emulation ; No. We support the function
217 cmp ah,3fh ; Yes. We must not support functions
218 jbe Invalid_jump ; 0 through 3Fh. Check and decide
221 xor al,al ; AL = 0 is standard entry condition
223 shr di,7 ; Convert AH to an offset in DI
226 Done: ; Standard routine for return
233 mov [es:bx],ah ; Save status
237 ; This sets the low byte (the arithmetic flags) of the
238 ; FLAGS on stack to either 00h (no flags) or 01h (CF)
239 ; depending on if AH was zero or not.
240 setnz [bx+4] ; Set CF iff error
248 ; Reset affects multiple drives, so we need to pass it on
250 xor ax,ax ; Bottom of memory
252 test dl,dl ; Always pass it on if we are
254 js .hard_disk ; Bit 7 set
255 ; Some BIOSes get very unhappy if we pass a reset floppy
256 ; command to them and don't actually have any floppies.
257 ; This is a bug, but we have to deal with it nontheless.
258 ; Therefore, if we are the *ONLY* floppy drive, and the
259 ; user didn't request HD reset, then just drop the command.
260 ; BIOS equipment byte, top two bits + 1 == total # of floppies
261 test byte [es:0x410],0C0h
263 jmp .pass_on ; ... otherwise pass it to the BIOS
265 ; ... same thing for hard disks, sigh ...
266 cmp byte [es:0x475],1 ; BIOS variable for number of hard
271 pop ax ; Drop return address
272 popad ; Restore all registers
275 lss esp,[cs:Stack] ; Restore the stack
276 and dl,80h ; Clear all but the type bit
281 pop dx ; Drop return address
284 mov ah,01h ; Unsupported function
288 test byte [DriveNo],80h
289 mov bl,02h ; Type 02h = floppy with changeline
291 ; Hard disks only! DO NOT set CX:DX for floppies...
292 ; it apparently causes Win98SE DOS to go into an loop
293 ; resetting the drive over and over. Sigh.
295 mov dx,[DiskSize] ; Return the disk size in sectors
300 mov P_AH,bl ; 02h floppy, 03h hard disk
301 pop ax ; Drop return address
302 xor ax,ax ; Success...
303 jmp DoneWeird ; But don't stick it into P_AX
309 mov ah,[bx] ; Copy last status
321 movzx ax,P_AL ; AH = 0, AL = transfer count
328 test byte [ConfigFlags],CONFIG_READONLY
331 xchg esi,edi ; Opposite direction of a Read!
333 .readonly: mov ah,03h ; Write protected medium
336 ; Verify integrity; just bounds-check
339 call setup_regs ; Returns error if appropriate
340 ; And fall through to success
342 CheckIfReady: ; These are always-successful noop functions
350 xor ax,ax ; Always successful
355 mov dl,[DriveCnt] ; Cached data
357 test byte [DriveNo],80h
365 dec ax ; We report the highest #, not the count
375 ; Is this MEMDISK installation check?
386 ; MEMDISK installation check...
392 mov P_DI,MemDisk_Info
398 ; EDD functions -- only if enabled
407 mov P_BX,0AA55h ; EDD signature
408 mov P_AX,03000h ; EDD 3.0
409 mov P_CX,0007h ; Bit 0 - Fixed disk access subset
410 ; Bit 1 - Locking and ejecting subset
412 pop ax ; Drop return address
414 jmp DoneWeird ; Success, but AH != 0, sigh...
430 xchg esi,edi ; Opposite direction of a Read!
437 call edd_setup_regs ; Just bounds checking
449 lodsw ; Length of our DPT
451 cmp cx,26 ; Minimum size
473 ; Set up registers as for a "Read", and compares against disk
475 ; WARNING: This fails immediately, even if we can transfer some
476 ; sectors. This isn't really the correct behaviour.
479 ; Convert a CHS address in P_CX/P_DH into an LBA in eax
481 ; CL[0:5] = sector (1-based) CL[7:6] = cyl[9:8]
484 movzx ebx,cl ; Sector number
486 dec ebx ; Sector number is 1-based
489 movzx edi,P_DH ; Head number
490 movzx eax,word [Heads]
494 xchg cl,ch ; Now (E)CX <- cylinder number
495 mul ecx ; eax <- Heads*cyl# (edx <- 0)
499 ; Now eax = LBA, edx = 0
502 ; setup_regs continues...
504 ; Note: edi[31:16] and ecx[31:16] = 0 already
505 mov di,P_BX ; Get linear address of target buffer
508 add edi,ecx ; EDI = address to fetch to
509 movzx ecx,P_AL ; Sector count
511 add eax,ecx ; LBA of final sector + 1
512 shl esi,SECTORSIZE_LG2 ; LBA -> byte offset
513 add esi,[DiskBuf] ; Get address in high memory
514 cmp eax,[DiskSize] ; Check the high mark against limit
516 shl ecx,SECTORSIZE_LG2-2 ; Convert count to dwords
519 .overrun: pop ax ; Drop setup_regs return address
520 mov ax,0200h ; Missing address mark
523 ; Set up registers as for an EDD Read, and compares against disk size.
527 mov si,P_SI ; DS:SI -> DAPA
534 cmp dword [es:si+4],-1
537 movzx ebx,word [es:si+4] ; Offset
538 movzx edi,word [es:si+6] ; Segment
544 cmp dx,24 ; Must be large enough to hold
548 cmp dword [es:si+20],0 ; > 4 GB addresses not supported
549 mov ax,0900h ; "Data boundary error" - bogus, but
550 ; no really better code available
556 cmp dword [es:si+12],0 ; LBA too large?
559 movzx ecx, word [es:si+2] ; Sectors to transfer
560 mov esi,[es:si+8] ; Starting sector
567 shl ecx,SECTORSIZE_LG2-2 ; Convert to dwords
568 shl esi,SECTORSIZE_LG2 ; Convert to an offset
575 mov ax,0100h ; Invalid command
577 pop ax ; Drop setup_regs return address
581 mov ax,0200h ; "Address mark not found" =
582 ; LBA beyond end of disk
584 and word [es:si+2],0 ; No sectors transferred
590 mov ax,0B200h ; Volume Not Removable
596 cmp al,1 ; We only support query, not terminate
597 jne ElToritoErr ; Fail
598 mov es,P_DS ; Caller's DS:SI pointed to packet
599 mov di,P_SI ; We'll use ES:DI
600 mov si,CD_PKT.size ; First byte is packet size
601 xor cx,0 ; Empty our count
602 ;mov cl,[ds:si] ; We'll copy that many bytes
604 rep movsb ; Copy until CX is zero
612 mov ax,100h ; Invalid parameter
618 ; INT 15h intercept routines
621 cmp edx,534D4150h ; "SMAP"
623 cmp ecx,20 ; Need 20 bytes
633 add bx,12 ; Advance to next
634 mov eax,[bx-4] ; Type
635 and eax,eax ; Null type?
636 jz .renew ; If so advance to next
638 mov eax,[bx-12] ; Start addr (low)
639 mov edx,[bx-8] ; Start addr (high)
642 mov eax,[bx] ; End addr (low)
643 mov edx,[bx+4] ; End addr (high)
644 sub eax,[bx-12] ; Derive the length
646 mov [es:di+8],eax ; Length (low)
647 mov [es:di+12],edx ; Length (high)
648 cmp dword [bx+8],-1 ; Type of next = end?
650 xor ebx,ebx ; Done with table
653 mov edx,eax ; Some systems expect eax = edx = SMAP
654 mov ecx,20 ; Bytes loaded
657 mov byte [bp+6], 02h ; Clear CF
662 mov byte [bp+6], 03h ; Set CF
679 jmp far [cs:OldInt15]
681 int15_e801: ; Get mem size for > 64 MB config
686 jmp short int15_success
688 int15_e881: ; Get mem size for > 64 MB config
694 jmp short int15_success
696 int15_88: ; Get extended mem size
697 mov ax,[cs:MemInt1588]
698 jmp short int15_success
701 ; Routine to copy in/out of high memory
702 ; esi = linear source address
703 ; edi = linear target address
704 ; ecx = 32-bit word count
706 ; Assumes cs = ds = es
714 mov bx, real_int15_stub
716 test byte [ConfigFlags], CONFIG_RAW|CONFIG_SAFEINT
717 jz .anymode ; Always do the real INT 15h
719 smsw ax ; Unprivileged!
721 jnz .protmode ; Protmode -> do real INT 15h
724 ; Raw or Safeint mode, and we're in real mode...
726 test byte [ConfigFlags], CONFIG_SAFEINT
731 ; We're in real mode, do it outselves
746 ; Test to see if A20 is enabled or not
763 push dx ; <D> Save A20 status
766 mov ax,2401h ; Enable A20
772 ; DX = 16 for BIGRAW, 8 for RAW
773 ; 8 is selector for a 64K flat segment,
774 ; 16 is selector for a 4GB flat segment.
781 mov bx,16 ; Large flat segment
787 ; DX has the appropriate value to put in
788 ; the registers on return
795 pop dx ; <D> A20 status
801 mov ax,2400h ; Disable A20
808 ; We're in real mode with CONFIG_SAFEINT, invoke the
809 ; original INT 15h vector. We used to test for the
810 ; INT 15h vector being unchanged here, but that is
811 ; *us*; however, the test was wrong for years (always
812 ; negative) so instead of fixing the test do what we
813 ; tested and don't bother probing.
814 mov bx, fake_int15_stub
828 push ecx ; Transfer size this cycle
832 mov [Mover_src1+2], al
837 mov [Mover_dst1+2], al
841 shl cx,1 ; Convert to 16-bit words
842 call bx ; INT 15h stub
843 pop eax ; Transfer size this cycle
863 cli ; Some BIOSes enable interrupts on INT 15h
922 Int13Funcs dw Reset ; 00h - RESET
923 dw GetStatus ; 01h - GET STATUS
925 dw Write ; 03h - WRITE
926 dw Verify ; 04h - VERIFY
927 dw Invalid ; 05h - FORMAT TRACK
928 dw Invalid ; 06h - FORMAT TRACK AND SET BAD FLAGS
929 dw Invalid ; 07h - FORMAT DRIVE AT TRACK
930 dw GetParms ; 08h - GET PARAMETERS
931 dw InitWithParms ; 09h - INITIALIZE CONTROLLER WITH
935 dw Seek ; 0Ch - SEEK TO CYLINDER
936 dw Reset ; 0Dh - RESET HARD DISKS
939 dw CheckIfReady ; 10h - CHECK IF READY
940 dw Recalibrate ; 11h - RECALIBRATE
944 dw GetDriveType ; 15h - GET DRIVE TYPE
945 dw DetectChange ; 16h - DETECT DRIVE CHANGE
957 dw ReadMult ; 21h - READ MULTIPLE
958 dw WriteMult ; 22h - WRITE MULTIPLE
959 dw SetMode ; 23h - SET CONTROLLER FEATURES
960 dw SetMode ; 24h - SET MULTIPLE MODE
961 dw Invalid ; 25h - IDENTIFY DRIVE
989 dw EDDPresence ; 41h - EDD PRESENCE DETECT
990 dw EDDRead ; 42h - EDD READ
991 dw EDDWrite ; 43h - EDD WRITE
992 dw EDDVerify ; 44h - EDD VERIFY
993 dw EDDLock ; 45h - EDD LOCK/UNLOCK MEDIA
994 dw EDDEject ; 46h - EDD EJECT
995 dw EDDSeek ; 47h - EDD SEEK
996 dw EDDGetParms ; 48h - EDD GET PARAMETERS
997 dw EDDDetectChange ; 49h - EDD MEDIA CHANGE STATUS
998 %if ELTORITO ; EDD El Torito Functions
999 ; ELTORITO _must_ also have EDD
1000 dw ElToritoEmulate ; 4Ah - Initiate Disk Emulation
1001 dw ElToritoTerminate ; 4Bh - Terminate Disk Emulation
1002 dw ElToritoBoot ; 4Ch - Initiate Disk Emu. and Reboot
1003 dw ElToritoCatalog ; 4Dh - Return Boot Catalog
1008 Int13FuncsCnt equ (Int13FuncsEnd-Int13Funcs) >> 1
1012 Shaker dw ShakerEnd-$-1 ; Descriptor table limit
1013 dd 0 ; Pointer to self
1016 Shaker_RMDS: dd 0x0000ffff ; 64K data segment
1019 Shaker_DS: dd 0x0000ffff ; 4GB data segment
1026 Mover dd 0, 0, 0, 0 ; Must be zero
1027 dw 0ffffh ; 64 K segment size
1028 Mover_src1: db 0, 0, 0 ; Low 24 bits of source addy
1029 db 93h ; Access rights
1030 db 00h ; Extended access rights
1031 Mover_src2: db 0 ; High 8 bits of source addy
1032 dw 0ffffh ; 64 K segment size
1033 Mover_dst1: db 0, 0, 0 ; Low 24 bits of target addy
1034 db 93h ; Access rights
1035 db 00h ; Extended access rights
1036 Mover_dst2: db 0 ; High 8 bits of source addy
1037 Mover_dummy2: dd 0, 0, 0, 0 ; More space for the BIOS
1040 MemDisk_Info equ $ ; Pointed to by installation check
1041 MDI_Bytes dw MDI_Len ; Total bytes in MDI structure
1042 MDI_Version db VERSION_MINOR, VERSION_MAJOR ; MEMDISK version
1044 PatchArea equ $ ; This gets filled in by the installer
1046 DiskBuf dd 0 ; Linear address of high memory disk
1047 DiskSize dd 0 ; Size of disk in blocks
1048 CommandLine dw 0, 0 ; Far pointer to saved command line
1050 OldInt13 dd 0 ; INT 13h in chain
1051 OldInt15 dd 0 ; INT 15h in chain
1053 OldDosMem dw 0 ; Old position of DOS mem end
1054 BootLoaderID db 0 ; Boot loader ID from header
1057 DPT_ptr dw 0 ; If nonzero, pointer to DPT
1058 ; Original DPT pointer follows
1060 MDI_Len equ $-MemDisk_Info
1062 ; ---- MDI structure ends here ---
1063 DriveShiftLimit db 0ffh ; Installer will [soon] probe for
1064 ; a range of contiguous drives.
1065 ; Any BIOS drives above this region
1066 ; shall not be impacted by our
1067 ; shifting behaviour
1068 db 0 ; pad to a DWORD
1069 dw 0 ; pad to a QWORD
1070 MemInt1588 dw 0 ; 1MB-65MB memory amount (1K)
1072 Cylinders dw 0 ; Cylinder count
1073 Heads dw 0 ; Head count
1074 Sectors dd 0 ; Sector count (zero-extended)
1076 Mem1MB dd 0 ; 1MB-16MB memory amount (1K)
1077 Mem16MB dd 0 ; 16MB-4G memory amount (64K)
1079 DriveNo db 0 ; Our drive number
1080 DriveType db 0 ; Our drive type (floppies)
1081 DriveCnt db 0 ; Drive count (from the BIOS)
1083 ConfigFlags db 0 ; Bit 0 - readonly
1085 MyStack dw 0 ; Offset of stack
1086 StatusPtr dw 0 ; Where to save status (zeroseg ptr)
1088 DPT times 16 db 0 ; BIOS parameter table pointer (floppies)
1089 OldInt1E dd 0 ; Previous INT 1E pointer (DPT)
1095 ; Bit 0 - DMA boundaries handled transparently
1096 ; Bit 3 - Device supports write verify
1097 ; Bit 5 - Media is lockable
1098 .cylinders dd 0 ; Filled in by installer
1099 .heads dd 0 ; Filled in by installer
1100 .sectors dd 0 ; Filled in by installer
1101 .totalsize dd 0, 0 ; Filled in by installer
1102 .bytespersec dw SECTORSIZE
1103 .eddtable dw -1, -1 ; Invalid DPTE pointer
1104 .dpikey dw 0BEDDh ; Device Path Info magic
1105 .dpilen db 2ch ; DPI len
1106 .res1 db 0 ; Reserved
1107 .res2 dw 0 ; Reserved
1108 .bustype dd 'MEM ' ; Host bus type (4 bytes, space padded)
1109 .inttype dd 'MEMORY ' ; Interface type (8 bytes, spc. padded)
1110 .intpath dd 0, 0 ; Interface path
1111 .devpath dd 0, 0, 0, 0 ; Device path
1112 .res3 db 0 ; Reserved
1113 .chksum db 0 ; DPI checksum
1116 ; El Torito CD Specification Packet - mostly filled in by installer
1118 .size db 13h ; Packet size (19 bytes)
1119 .type db 0 ; Boot media type (flags)
1120 .driveno db 0E0h ; INT 13h drive number
1121 .controller db 0 ; Controller index
1122 .start dd 0 ; Starting LBA of image
1123 .devno dw 0 ; Device number
1124 .user_buf dw 0 ; User buffer segment
1125 .load_seg dw 0 ; Load segment
1126 .sect_count dw 0 ; Emulated sectors to load
1127 .geom1 db 0 ; Cylinders bits 0 thru 7
1128 .geom2 db 0 ; Sects/track 0 thru 5, cyls 8, 9
1136 Stack dd 0 ; Saved SS:ESP on invocation
1138 SavedAX dw 0 ; AX saved on invocation
1139 Recursive dw 0 ; Recursion counter
1141 alignb 4, db 0 ; We *MUST* end on a dword boundary
1143 E820Table equ $ ; The installer loads the E820 table here
1144 TotalSize equ $ ; End pointer
projects / profile / ivi / syslinux.git / blob