<div dir="ltr">Hello Vin<span style="font-size:12.8px">cenzo,</span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">The part of the picture you see is a part of some document, which is of restricted nature. But not to disappoint you, I found the same representative (even better picture) on the Open Source/Open Net.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"><a href="https://www.researchgate.net/profile/Nikola_Zlatanov3/publication/295010710/figure/fig1/AS:330629993517059@1455839741322/Figure-2-Switching-Processor-Operating-Modes.png">https://www.researchgate.net/profile/Nikola_Zlatanov3/publication/295010710/figure/fig1/AS:330629993517059@1455839741322/Figure-2-Switching-Processor-Operating-Modes.png</a></span><br></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Unfortunately, this picture represents ONLY 32bit transitions, there are two more modes for 64 bit, not shown here. If I find the representative, I'll post it on the forum (@ list).</span></div><div><span style="font-size:12.8px"><img src="cid:ii_15e26d0d08979fff" alt="Inline image 1" style="margin-right: 0px;"><br></span></div><div><span style="font-size:12.8px">Please, do note that you could download (free of charge) the document called: INTEL 64 and IA32 Architecture SW Development Manual (Three Volumes, it is around 20MB of size, > 3000 pages): <a href="https://software.intel.com/en-us/articles/intel-sdm">https://software.intel.com/en-us/articles/intel-sdm</a></span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Here, I need to correct some remarks in my original text. CR0 is the register: </span><span style="font-size:12.8px"><a href="https://en.wikipedia.org/wiki/Control_register">https://en.wikipedia.org/wiki/Control_register</a></span></div><div><h3 style="color:rgb(0,0,0);background-image:none;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;margin:0.3em 0px 0px;overflow:hidden;padding-top:0.5em;padding-bottom:0px;border-bottom:0px;font-size:1.2em;line-height:1.6;font-family:sans-serif"><span class="gmail-mw-headline" id="gmail-CR0">CR0</span><span class="gmail-mw-editsection" style="font-size:small;font-weight:normal;margin-left:1em;vertical-align:baseline;line-height:1em;display:inline-block;white-space:nowrap;unicode-bidi:isolate"><span class="gmail-mw-editsection-bracket" style="margin-right:0.25em;color:rgb(84,89,93)">[</span><a href="https://en.wikipedia.org/w/index.php?title=Control_register&action=edit§ion=2" title="Edit section: CR0" style="text-decoration-line:none;color:rgb(11,0,128);background:none">edit</a><span class="gmail-mw-editsection-bracket" style="margin-left:0.25em;color:rgb(84,89,93)">]</span></span></h3><p style="margin:0.5em 0px;line-height:inherit;font-family:sans-serif;font-size:14px">The CR0 register is 32 bits long on the <a href="https://en.wikipedia.org/wiki/Intel_80386" title="Intel 80386" style="text-decoration-line:none;color:rgb(11,0,128);background:none">386</a> and higher processors. On <a href="https://en.wikipedia.org/wiki/X86-64" title="X86-64" style="text-decoration-line:none;color:rgb(11,0,128);background:none">x86-64</a> processors in <a href="https://en.wikipedia.org/wiki/Long_mode" title="Long mode" style="text-decoration-line:none;color:rgb(11,0,128);background:none">long mode</a>, it (and the other control registers) is 64 bits long. CR0 has various control flags that modify the basic operation of the processor.</p><table class="gmail-wikitable" style="font-size:14px;margin:1em 0px;background-color:rgb(248,249,250);border:1px solid rgb(162,169,177);border-collapse:collapse;color:rgb(0,0,0);font-family:sans-serif"><tbody><tr><th style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em;background-color:rgb(234,236,240);text-align:center">Bit</th><th style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em;background-color:rgb(234,236,240);text-align:center">Name</th><th style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em;background-color:rgb(234,236,240);text-align:center">Full Name</th><th style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em;background-color:rgb(234,236,240);text-align:center">Description</th></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">0</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">PE</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Protected Mode Enable</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">If 1, system is in <a href="https://en.wikipedia.org/wiki/Protected_mode" title="Protected mode" style="text-decoration-line:none;color:rgb(11,0,128);background:none">protected mode</a>, else system is in <a href="https://en.wikipedia.org/wiki/Real_mode" title="Real mode" style="text-decoration-line:none;color:rgb(11,0,128);background:none">real mode</a></td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">1</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">MP</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Monitor co-processor</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Controls interaction of WAIT/FWAIT instructions with TS flag in CR0</td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">2</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">EM</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Emulation</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">If set, no x87 <a href="https://en.wikipedia.org/wiki/Floating_point_unit" class="gmail-mw-redirect" title="Floating point unit" style="text-decoration-line:none;color:rgb(11,0,128);background:none">floating point unit</a> present, if clear, x87 FPU present</td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">3</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">TS</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Task switched</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Allows saving x87 task context upon a task switch only after x87 instruction used</td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">4</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">ET</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Extension type</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">On the 386, it allowed to specify whether the external math coprocessor was an <a href="https://en.wikipedia.org/wiki/80287" class="gmail-mw-redirect" title="80287" style="text-decoration-line:none;color:rgb(11,0,128);background:none">80287</a> or <a href="https://en.wikipedia.org/wiki/80387" class="gmail-mw-redirect" title="80387" style="text-decoration-line:none;color:rgb(11,0,128);background:none">80387</a></td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">5</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">NE</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Numeric error</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Enable internal <a href="https://en.wikipedia.org/wiki/X87" title="X87" style="text-decoration-line:none;color:rgb(11,0,128);background:none">x87</a> floating point error reporting when set, else enables PC style x87 error detection</td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">16</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">WP</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Write protect</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">When set, the CPU can't write to read-only pages when privilege level is 0</td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">18</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">AM</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Alignment mask</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Alignment check enabled if AM set, AC flag (in <a href="https://en.wikipedia.org/wiki/FLAGS_register_(computing)" class="gmail-mw-redirect" title="FLAGS register (computing)" style="text-decoration-line:none;color:rgb(11,0,128);background:none">EFLAGS</a> register) set, and privilege level is 3</td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">29</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">NW</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Not-write through</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Globally enables/disable write-through caching</td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">30</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">CD</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em"><a href="https://en.wikipedia.org/wiki/CPU_cache" title="CPU cache" style="text-decoration-line:none;color:rgb(11,0,128);background:none">Cache</a> disable</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Globally enables/disable the memory cache</td></tr><tr><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">31</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">PG</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">Paging</td><td style="border:1px solid rgb(162,169,177);padding:0.2em 0.4em">If 1, enable paging and use the CR3 register, else disable paging<br></td></tr></tbody></table>I'm a bit behind on this forum, since I completely (at this point in time) devoted my time to YOCTO and ARM i.MX6 (I have interesting projects with it, and YOCTO is the special beast of its own kind). ;-)</div><div><br></div><div>I hope this helps,</div><div>Zoran</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 28, 2017 at 12:13 AM, <a href="mailto:ingegneriaforense@alice.it">ingegneriaforense@alice.it</a> <span dir="ltr"><<a href="mailto:ingegneriaforense@alice.it" target="_blank">ingegneriaforense@alice.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear Zoran,<br><br>can you tell me please where you found the picture (attached) you have provided in this email that show how x86 operates ? Could be interesting for me take a look at the full image, probably more exaustive and usefull to better understand your excellent comment regarding the Real mode.<br>In particular i'm studying the coreboot code to better understand in which cases backward transitions are possible, as the picture shows.<br><br>Thanks in advance.<br><br>Best Regards.<br><br>vincenzo<br><br>Forensic Consultant<br>Tribunale di Lecce<br><br>Studio: Strada di Garibaldi - Contrada Paradisi<br>73010 Lequile (LE)<br><br>cell: <a href="tel:(339)%20796-8555" value="+13397968555" target="_blank">339.7968555</a><br>skype: vincenzo.di_salvo<br><br>
<br>
<blockquote>
----Messaggio originale----<br>
Da: <a href="mailto:zoran.stojsavljevic@gmail.com" target="_blank">zoran.stojsavljevic@gmail.com</a><br>
Data: 2-ago-2017 18.20<br>
A: "Philipp Stanner"<<a href="mailto:stanner@posteo.de" target="_blank">stanner@posteo.de</a>><br>
Cc: "coreboot"<<a href="mailto:coreboot@coreboot.org" target="_blank">coreboot@coreboot.<wbr>org</a>><br>
Ogg: Re: [coreboot] About Paging, Realmode and what is going on<br>
<br>
<div dir="ltr">Hello Philipp,<div><br></div><div>There are lot of confusion you have created with your naming convention... So we need here to "Divide and Concur", since this thread really remains me of Spaghetti Bologneze.</div><div><br></div><div>Here is the partial picture how x86 operates:</div><div><br></div><div><img alt="Inline image 1" width="245" height="206"><br></div><div><br></div><div>So you see here three modes, you are talking about. Every INTEL CPU starts in Real Mode, and then switches to the protected mode.</div><div><br></div><div>So, you have some legacy you MUST maintain for the backward HW compatibility.</div><div><br></div><div>As Patrick Georgi very correctly mentioned, let me recap what he said, with my additions, to be much clearer with the picture I have provided.</div><div><br></div><div>[1] Every x86 CPU starts in Real Mode, for the legacy reasons. the Lecacy mode must be maintained (Real Mode replicates with the VERY first PC XT far back to 1980, with some first 1MB memory mapping improvements). The BackWard HW compatibility was maintained for years, and it went too far that it can be changed over the nite. I am not going to explain why: too long it takes.</div><div><br></div><div>[2] CB operates in Protected Mode, WITHOUT Paging/Virtual Mode switched on, since this mode is ONLY used with MMU (which is HUGE HW extention to create Virtual use of the Memory), which is managed by true OS (like Linux, WIN, QNX, MAC OS, VMS, you name it). CoreBoot, U-Boot, BIOS boot-loaders: they all operate from the flat/Protected Mode, and Patrick explained this very well/excellent. In addition, I must say that this first 4GB MUST be assigned to the benefit of the underlying HW (PCIe, GFX, SMM mode, Flash region, ACPI tables, and so on). This assignment is done strictly Physically, with the CPU HW helping for some regions for remapping them (since CPU does see what CB does for it as Physical memory assignment, but MMU [when OS runs] sees it quite differently)!</div><div><br></div><div>[3] As for payloads (also working in Protected Mode), there are some which will make their own definitions of the memory, some/most which will work deeper (as SeaBIOS, for example) on the CB Physical memory definition. As well as these payloads (depending upon what the usage is) will add more drivers for the certain devices, CB did not add in the first place. For example, SeaBIOS adds IDE (maybe even AHCI, not sure) driver to this set. Some people can define their own payloads with the set of specific drivers, depending upon what the HW platform is intended for.</div><div><br></div><div>[4] Once the OS boot loader takes over (Like GRUB), it'll start OS, which will switch from the Protected to the Virtual Mode (using MMU), Then paging will take places, and each process will have its own set of tables, and its own initial value for CR3 (when process context switches). I warmly suggest to you to inspect (bit by bit) CR1 register, since this one is crucial/essential for introducing these modes.</div><div><br></div><div>I really hope this helps (I've tried to develop some systematic approach to the topic). The booting process will go to stages, and once CPU abandons Real Mode, it'll (generally) not return to it (only in some special cases such as SMM Mode). Once It abandons Protected Mode, it'll stay in Virtual Mode, and so on. But backward transitions are possible, as you see from the picture.</div><div><br></div><div>Zoran</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 31, 2017 at 10:52 AM, Philipp Stanner <span dir="ltr"><<a href="mailto:stanner@posteo.de" target="_blank">stanner@posteo.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Dear folks and techpriests,<br>
<br>
the more I want to contribute and learn about low-level-code the
less I understand, it seems.<br>
<br>
<ol>
<li>cb switches the CPU immediately to Protected Mode, yet
Payloads like seaBIOS work in Real Mode. Does coreboot switch
the CPU always back to RM before jumping to the payload? <br>
</li>
<li>When CB switches to PM - who generates and administrates the
Page Tables and where?</li>
<li><a href="http://duartes.org/gustavo/blog/post/how-computers-boot-up/" target="_blank">Gustavo
Duarte writes</a> that GRUB switches from protected mode to
real mode and vice versa all the time to address >1MiB of RAM
and also use the BIOS-calls. If this is true using GRUB as
payload would not work, as GRUB needs to call the non-existent
BIOS, right?</li>
<li>Once CB is in PM it can't access physical addresses anymore?
It doesn't need to, too?</li>
<li>PM means RAM-access is only possible through virtual addresses
which are translated by the MMU using the Page Tables. This
question is similar to [2.]: If coreboot generates the Page
Tables and the payload would start in PM as well (is this even
possible? At least the Linux-Kernel has entry points for RM and
PM) this would mean the payload needs to use the Page Tables
generated by CB. That wouldn't be a problem as they're linked in
the register CR3 anyways?<br>
</li>
</ol>
<p>And an unimportant bonus question:</p>
<ul>
<li>Why does every modern CPU still start in RM? I do get the
compatibility problem, but on the other hand: Do you need it for
anything beside booting MS-DOS on your Ryzen? Is it really
impossible for AMD and Intel to create a new CPU-generation with
the x86-instruction set without RM, 16-bit-registers and
20-bit-mode registers like CS, SS etc. No modern OS uses bios
calls. No CPU is ever switched to RM again after booting up.
They should get rid of this old stuff.<br>
</li>
</ul>
<p>Would be cool if someone could put this in its true light. <br>
</p>
<p>Thanks,</p>
<p>Philipp<br>
</p>
</div>
<br><span class="HOEnZb"><font color="#888888">--<br>
coreboot mailing list: <a href="mailto:coreboot@coreboot.org" target="_blank">coreboot@coreboot.org</a><br>
<a href="https://mail.coreboot.org/mailman/listinfo/coreboot" rel="noreferrer" target="_blank">https://mail.coreboot.org/mail<wbr>man/listinfo/coreboot</a><br></font></span></blockquote></div><span class="HOEnZb"><font color="#888888"><br></font></span></div><span class="HOEnZb"><font color="#888888">
<br>
</font></span></blockquote><br>
</blockquote></div><br></div>