I am trying to understand how I can calculate the position of CBMEM in e.g. u-boot. Here are some facts about my device - it is Intel apollolake based and uses the following fmd file.
FLASH 16M { SI_DESC@0x0 0x1000 IFWI@0x1000 0x300000 FMAP@0x301000 0x800 COREBOOT(CBFS)@0x301800 0xB8D800 CONSOLE@0xE8F000 0x20000 RW_MRC_CACHE@0xEAF000 0x10000 BIOS_UNUSABLE@0xEBF000 0x40000 DEVICE_EXTENSION@0xeff000 0x100000 UNUSED_HOLE@0xfff000 0x1000 }
FMAP REGION: COREBOOT Name Offset Type Size Comp cbfs master header 0x0 cbfs header 32 none fallback/romstage 0x80 stage 39500 none cpu_microcode_blob.bin 0x9b40 microcode 46080 none fallback/ramstage 0x14fc0 stage 76490 none config 0x27b00 raw 272 none revision 0x27c80 raw 682 none fspm.bin 0x27f80 fsp 364544 none default_bootline 0x80fc0 raw 92 none filename_mcore 0x81080 raw 11 none filename_mos 0x81100 raw 9 none version_min 0x81180 raw 14 none (empty) 0x81200 null 1432 none fsps.bin 0x817c0 fsp 172032 none fallback/postcar 0xab800 stage 20508 none fallback/dsdt.aml 0xb0880 raw 5693 none fallback/payload 0xb1f40 simple elf 243523 none (empty) 0xed6c0 null 11108568 none bootblock 0xb857c0 bootblock 32768 none File build/coreboot.rom is 16777216 bytes Peculiar firmware descriptor, assuming Ibex Peak compatibility. Flash Region 0 (Flash Descriptor): 00000000 - 00000fff Flash Region 1 (BIOS): 00001000 - 00efefff Flash Region 2 (Intel ME): 07fff000 - 00000fff (unused) Flash Region 3 (GbE): 07fff000 - 00000fff (unused) Flash Region 4 (Platform Data): 07fff000 - 00000fff (unused) Flash Region 5 (Reserved): 00eff000 - 00ffefff Flash Region 6 (Reserved): 07fff000 - 00000fff (unused) Flash Region 7 (Reserved): 07fff000 - 00000fff (unused) Flash Region 8 (EC): 07fff000 - 00000fff (unused)
FMAP: area COREBOOT found @ 301800 (12113920 bytes) CBFS @ 301800 size b8d800 CBFS: 'IAFW Locator' located CBFS at [301800:e8f000) CBFS: Locating 'fallback/dsdt.aml' CBFS: Found @ offset b0880 size 163d
Lets have a look at this nice ascii art: https://review.coreboot.org/cgit/coreboot.git/tree/src/soc/intel/apollolake/...
Lets give it a naive try:
4GiB - 256KiB - bios_mapped_size (Flash Region 1 size == size returned by fast_spi_get_bios_region(..)): 0x100000000 - 0x40000 - 0xEFE000 --> 0xFF0C2000
=> md 0xFF0C2000 ff0c2000: ffffffff ffffffff ffffffff ffffffff ................ ff0c2010: ffffffff ffffffff ffffffff ffffffff ................ ff0c2020: ffffffff ffffffff ffffffff ffffffff ................ ff0c2030: ffffffff ffffffff ffffffff ffffffff ................ ff0c2040: ffffffff ffffffff ffffffff ffffffff ................ ff0c2050: ffffffff ffffffff ffffffff ffffffff ................ ff0c2060: ffffffff ffffffff ffffffff ffffffff ................ ff0c2070: ffffffff ffffffff ffffffff ffffffff ................ ff0c2080: ffffffff ffffffff ffffffff ffffffff ................ ff0c2090: ffffffff ffffffff ffffffff ffffffff ................ ff0c20a0: ffffffff ffffffff ffffffff ffffffff ................ ff0c20b0: ffffffff ffffffff ffffffff ffffffff ................ ff0c20c0: ffffffff ffffffff ffffffff ffffffff ................ ff0c20d0: ffffffff ffffffff ffffffff ffffffff ................ ff0c20e0: ffffffff ffffffff ffffffff ffffffff ................ ff0c20f0: ffffffff ffffffff ffffffff ffffffff ................
Looks wrong - but lets move on...
0xFF0C2000 + cbfs offset --> 0xFF0C2000 + 0x301800 --> 0xFF3C3800
=> md 0xFF3C3800 ff3c3800: ffffffff ffffffff ffffffff ffffffff ................ ff3c3810: ffffffff ffffffff ffffffff ffffffff ................ ff3c3820: ffffffff ffffffff ffffffff ffffffff ................ ff3c3830: ffffffff ffffffff ffffffff ffffffff ................ ff3c3840: ffffffff ffffffff ffffffff ffffffff ................ ff3c3850: ffffffff ffffffff ffffffff ffffffff ................ ff3c3860: ffffffff ffffffff ffffffff ffffffff ................ ff3c3870: ffffffff ffffffff ffffffff ffffffff ................ ff3c3880: ffffffff ffffffff ffffffff ffffffff ................ ff3c3890: ffffffff ffffffff ffffffff ffffffff ................ ff3c38a0: ffffffff ffffffff ffffffff ffffffff ................ ff3c38b0: ffffffff ffffffff ffffffff ffffffff ................ ff3c38c0: ffffffff ffffffff ffffffff ffffffff ................ ff3c38d0: ffffffff ffffffff ffffffff ffffffff ................ ff3c38e0: ffffffff ffffffff ffffffff ffffffff ................ ff3c38f0: ffffffff ffffffff ffffffff ffffffff ................
Nope
After some try and error I found the real start of the bios region: 0xFF102000
=> md 0xFF102000 ff102000: 000055aa 0001000d 00000000 00000000 .U.............. ff102010: 00010003 08e8003c 00000009 00000000 ....<........... ff102020: 00000000 0000000a 00000200 00000010 ................ ff102030: 00000005 00149000 000ff000 00000001 ................ ff102040: 000c3000 0000a000 0000000c 00000000 .0.............. ff102050: 00000000 0000000d 00000000 00000000 ................ ff102060: 00000011 00000210 00000108 00000004 ................ ff102070: 00001000 000be000 00000000 000bf000 ................ ff102080: 00004000 0000000e 000cd000 00010000 .@.............. ff102090: 00000002 000dd000 00061000 00000003 ................ ff1020a0: 0013e000 00009000 0000000b 00147000 .............p.. ff1020b0: 00002000 ffffffff ffffffff ffffffff . .............. ff1020c0: ffffffff ffffffff ffffffff ffffffff ................ ff1020d0: ffffffff ffffffff ffffffff ffffffff ................ ff1020e0: ffffffff ffffffff ffffffff ffffffff ................ ff1020f0: ffffffff ffffffff ffffffff ffffffff ................
0xFF102000 + 0x301800 = 0xFF403800
=> md 0xFF403800 ff403800: 448bc3ff 408b0424 244489f4 ffd1e904 ...D$..@..D$.... ff403810: 8353ffff 448b18ec 548d2824 5c8b0824 ..S....D$(.T$..\ ff403820: 44892024 448b0824 44892c24 438d0c24 $ .D$..D$,.D$..C ff403830: fec0e808 c289ffff 85ffc883 8b1d74d2 .............t.. ff403840: 0fc08503 508bc344 2474ff04 2474ff0c ....D..P..t$..t$ ff403850: 2474ff0c 52ff502c 10c48308 5b18c483 ..t$,P.R.......[ ff403860: 835356c3 448b14ec 748b2c24 5c8b2024 .VS....D$,.t$ .\ ff403870: 44892824 448d0c24 5c890824 8d500824 $(.D$..D$..$.P. ff403880: e850f846 fffffe42 c085595a 5e2b1874 F.P.B...ZY..t.+^ ff403890: 245c89f8 f4468b28 20244489 5b14c483 ..$(.F..D$ ...[ ff4038a0: ff6ce95e c483ffff ffc88314 53c35e5b ^.l.........[^.S ff4038b0: 8b18ec83 8d282444 8b082454 8920245c ....D$(.T$..$ . ff4038c0: 8b082444 892c2444 8d0c2444 23e80843 D$..D$,.D$..C..# ff4038d0: 89fffffe ffc883c2 2674d285 d285138b ..........t&.... ff4038e0: 8bd3440f 488b0442 ffc8830c 1274c985 .D..B..H......t. ff4038f0: 0c2474ff 0c2474ff 2c2474ff 83d1ff52 .t$..t$..t$,R...
Still looks wrong - If I subtract an other kb I get the CBFS master header.
=> md 0xFF402800 ff402800: 4352414c 45564948 20000000 02000000 LARCHIVE... .... ff402810: 00000000 38000000 73666263 73616d20 .......8cbfs mas ff402820: 20726574 64616568 00007265 00000000 ter header...... ff402830: 00000000 00000000 4342524f 32313131 ........ORBC1112 ff402840: 00f0e800 04000000 40000000 00183000 ...........@.0.. ff402850: ffffffff 00000000 ffffffff ffffffff ................ ff402860: ffffffff ffffffff ffffffff ffffffff ................ ff402870: ffffffff ffffffff ffffffff ffffffff ................ ff402880: 4352414c 45564948 4c9a0000 10000000 LARCHIVE...L.... ff402890: 00000000 38000000 6c6c6166 6b636162 .......8fallback ff4028a0: 6d6f722f 67617473 00000065 00000000 /romstage....... ff4028b0: 00000000 00000000 00000000 fef20000 ................ ff4028c0: 00000000 fef20000 00000000 00009a30 ............0... ff4028d0: 00009a30 0003ffe8 4800bc00 31fcfef0 0..........H...1 ff4028e0: 5900b9c0 50bffef0 29fef056 83abf3f9 ...Y...PV..).... ff4028f0: 84e8f0e4 eb00004f 909066fe 0030001f ....O....f....0.
I am not sure whats wrong here :( I hope that somebody can push me into the right direction. The end goal is to be able to use u-boot's cbfs to access some files stored there.
-- thanks -- Christian Gmeiner, MSc
-
Christian Gmeiner