Hi all,
I had this long in mind, now it works, coreboot can be run as Linux process and IO is done through a serialICE. This is handy for debugging and valgrinding, or maybe handy for zillions of other reasons.
How it works:
ruik@ruik:~/coreboot$ gdb ./build/cbfs/fallback/coreboot_ram.elf (gdb) run Starting program: /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf POST: 0x80 IO WRITE: [00000080] 00000080 size 1 SerialICE not ready yet (ignoring) POST: 0x39 IO WRITE: [00000080] 00000039 size 1 SerialICE not ready yet (ignoring) coreboot-4.0-2408-gad422c0-dirty Tue Jun 5 00:04:52 CEST 2012 booting... POST: 0x40 IO WRITE: [00000080] 00000040 size 1 SerialICE not ready yet (ignoring) Enumerating buses... Show all devs...Before device enumeration. Root Device: enabled 1 PCI_DOMAIN: 0000: enabled 1
....
Or when it crashes:
Root Device init APIC_CLUSTER: 0 init MSR WRITE: [0000001b] 00000000fee00900 MSR READ: [0000001b] 00000000fee00900 MEM READ: [fee00020] 00000000 size 4 ==13541== Invalid read of size 1 ==13541== at 0x106C0E: ??? (in /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf) ==13541== by 0x10991B: ??? (in /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf) ==13541== by 0x10AD0B: ??? (in /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf) ==13541== by 0x10BA3F: ??? (in /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf) ==13541== by 0x10C232: ??? (in /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf) ==13541== by 0x106F99: ??? (in /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf) ==13541== by 0x10003D: ??? (in /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf) ==13541== by 0x127347: ??? (in /home/ruik/coreboot/build/cbfs/fallback/coreboot_ram.elf) ==13541== Address 0xa000 is not stack'd, malloc'd or (recently) free'd ==13541== ==13541== ==13541== Process terminating with default action of signal 11 (SIGSEGV) ==13541== Access not within mapped region at address 0xA000
Please note that valgrind is confused with our debug symbols, but gdb works fine.
In general, the real coreboot jumps to hacked version of serial ICE and waits. The userspace program is run as any process and hacked version serialICE host from qemu talks normally to linux kernel (this is done via custom 0x80 calls)
no libc is used, even the memory layout is same. The only memory mapped is what ELF has and also highmem/lowmem bits (check ulinux_mmap calls).
It is still very experimental but works fine. I put together quickly some patches which may be found here:
emote: New Changes: remote: http://review.coreboot.org/1089 remote: http://review.coreboot.org/1090 remote: http://review.coreboot.org/1091 remote: http://review.coreboot.org/1092 remote: http://review.coreboot.org/1093 remote: http://review.coreboot.org/1094 remote: http://review.coreboot.org/1095 remote: http://review.coreboot.org/1096 remote: http://review.coreboot.org/1097
Thanks Rudolf