On 09/16/2010 06:24 PM, Peter Stuge wrote:
After reset and until CS is reloaded, it looks a lot like the CPU is running in real mode from CS:IP f000:fff0. In practise, CS is set up (since 386) so that this actually fetches from fffffff0. Again, it goes away as soon as CS is reloaded, e.g. after a far jmp or call. (The details are similar to the flat real AKA unreal mode trick IIRC.)
The *only* place that the ROM chip is ever accessible is at top of 4GB. How much of the ROM that is actually set up to be decoded on reset is quite chipset specific.
Physical address 0xf00000 is RAM. It's true that most firmware copies at least parts of itself to top 64kb of 1MB (after RAM init of course) but this has absolutely nothing to do with the ROM chip.
So, the copy has to happen before the far jump, but after the DRAM controller has been initialized?
This contradicts http://download.intel.com/design/intarch/datashts/29055002.pdf:
3.1.3. BIOS MEMORY
The PIIX/PIIX3 supports 512 Kbytes of BIOS space. This includes the normal 128-Kbyte space plus an additional 384-Kbyte BIOS space (known as the extended BIOS area). The XBCS Register provides BIOS space access control. Access to the lower 64-Kbyte block of the 128-Kbyte space and the extended BIOS space can be individually enabled/disabled. In addition, write protection can be programmed for the entire BIOS space.
PCI Access to BIOS Memory
The 128-Kbyte BIOS memory space is located at 000E0000–000FFFFFh (top of 1 Mbyte) and is aliased at FFFE0000h (top of 4 Gbytes). This 128-Kbyte byte block is split into two 64-Kbyte blocks. Accesses to the top 64 Kbytes (000F0000–000FFFFFh) are forwarded to the ISA Bus and BIOSCS# is always generated. Accesses to the bottom 64 Kbytes (000E0000–000EFFFFh) are forwarded to the ISA Bus and BIOSCS# is only generated when this BIOS region is enabled. 1.If this BIOS region is enabled (bit 6=1 in the XBCS Register), accesses to the aliased region at the top of 4 Gbytes (FFFE0000h - FFFEFFFFh) are forwarded to ISA and BIOSCS# generated. If disabaled, these accesses are not forwarded to ISA and BIOSCS# is not generated. The additional 384-Kbyte region resides at FFF80000–FFFDFFFFh. If this BIOS region is enabled (bit 7=1 in the XBCS Register), these accesses (FFF80000h–FFFDFFFFh) are forwarded to ISA and BIOSCS# generated. If disabled, these accesses are not forwarded to ISA and BIOSCS# not generated. ISA Access to BIOS Memory The PIIX/PIIX3 confines all ISA-initiated BIOS accesses to the top 64 Kbytes of the 128-Kbyte region (F0000–FFFFFh) to the ISA Bus, even if BIOS is shadowed in main memory. Accesses to the bottom 64 Kbytes of the 128-Kbyte BIOS region (E0000–EFFFFh) are confined to the ISA Bus, when this region is enabled. When the BIOS region is disabled, accesses are forwarded to main memory. Accesses to the top 64-Kbyte BIOS region always generates BIOSCS#. Accesses to the bottom 64-Kbyte BIOS region generate BIOSCS#, when this region is enabled.
See also the documentation of the XBCS register.