Re: [SeaBIOS] How CPU executes bios code before copying bios to shadow ram? - SeaBIOS

26 Jul 2016


      On Tue, Jul 26, 2016 at 03:02:02PM +0800, Li Wang wrote:
...
  Hi all,
 I am reading seaBios code, and I have a question about the shadow memory
 copy part. In fw/shadow.c:make_bios_writable_intel() reads pam0 to see if
 shadow memory is already readable (if pam0's fourth bit is set), if pam0
 shows shadow memory is not readable running __make_bios_writable_intel from
 high-memory flash location (statements marked green below).
   But in my understanding the entry point of bios is 0xffff:fff0, then it
 jumps to 0xf000:e05b, which points to memory space in shadowing, but before
 __make_bios_writable_intel copying bios from high-memory flash to shadow
 memory, shadow memory is disabled, so these codes are forwarded to
 high-memory flash, including code to read pam0 before invoking
 __make_bios_writable_intel (statement marked red below). Why these codes
 are not relocate to high-memory flash, but only the invocation of
 __make_bios_writable_intel is need to be relocated?
 If shadow ram is present and readable, how cpu execute bios codes in
 0xf000:xxxx before copying them to shadow ram? 
This code only runs on QEMU and is very specific to the quirky way
that QEMU implements the pam registers.  When emulation starts, QEMU
places a read-only copy of the code in 0xe0000-0x100000.  When SeaBIOS
requests that 0xc0000-0x100000 be read/writable ram by writing to the
pam registers in __make_bios_writable_intel(), then qemu converts the
region to uninitialized memory.  This is why
__make_bios_writable_intel() needs to run from the copy of the code in
the "flash" location at the end of the first 4Gig of ram.  The
make_bios_writable_intel() code can run in 0xe0000-0x100000 because
prior to __make_bios_writable_intel() QEMU places a read-only copy of
the code there and after __make_bios_writable_intel() SeaBIOS has
restored the code by copying the code back to that ram.

-Kevin