On Mon, Oct 10, 2011 at 03:32:06PM +0700, Darmawan Salihun wrote:
Hi guys,
I'm currently debugging a generic PCI Option ROM (seen as legacy ROM since there is no PnP header). This is the setup:
a. The Option ROM "merged" to coreboot binary as CBFS component (./cbfstool <option-rom-path> genroms/option-rom.rom raw)
b. SeaBIOS would recognize the Option ROM and execute it. The execution seems to take place after most PnP option ROM.
c. Coreboot+Seabios is running inside qemu.
d. The entire process (qemu with coreboot as "BIOS") is debugged remotely using IDA Pro. The connection is through GDB remote debugging "plugin" in IDA Pro. Therefore, from Qemu persepective, its being debugged remotely by GDB.
Now, my question: In this particular option ROM, a call to POST Memory Manager (PMM) is made to allocate 64KB of memory. What "reaction" SeaBIOS would carry-out to such request?
Calls to PMM start at romlayout.S:entry_pmm which will transition the cpu to 32bit mode and call pmm.c:handle_pmm(). An allocation call should reserve the memory and return a pointer to it.
PMM debug info is on by default, so you should see SeaBIOS write debug info to the serial port.
I've trying to debug this call but nothing seems to happen as I see it from inside IDA Pro.
Any clues? or where should I peek in the source code?
I suggest getting serial debugging working, and post the full log.
-Kevin
TIA,
Darmawan
Hi,
My reply inline.
On 10/11/11, Kevin O'Connor kevin@koconnor.net wrote:
On Mon, Oct 10, 2011 at 03:32:06PM +0700, Darmawan Salihun wrote:
Hi guys,
I'm currently debugging a generic PCI Option ROM (seen as legacy ROM since there is no PnP header). This is the setup:
a. The Option ROM "merged" to coreboot binary as CBFS component (./cbfstool <option-rom-path> genroms/option-rom.rom raw)
b. SeaBIOS would recognize the Option ROM and execute it. The execution seems to take place after most PnP option ROM.
c. Coreboot+Seabios is running inside qemu.
d. The entire process (qemu with coreboot as "BIOS") is debugged remotely using IDA Pro. The connection is through GDB remote debugging "plugin" in IDA Pro. Therefore, from Qemu persepective, its being debugged remotely by GDB.
Now, my question: In this particular option ROM, a call to POST Memory Manager (PMM) is made to allocate 64KB of memory. What "reaction" SeaBIOS would carry-out to such request?
Calls to PMM start at romlayout.S:entry_pmm which will transition the cpu to 32bit mode and call pmm.c:handle_pmm(). An allocation call should reserve the memory and return a pointer to it.
PMM debug info is on by default, so you should see SeaBIOS write debug info to the serial port.
I observed the output in the redirected serial port output and I found that the PMM memory allocation for another PCI ROM (VID:DevID --> 8086:100e) is just fine.
I've trying to debug this call but nothing seems to happen as I see it from inside IDA Pro.
Any clues? or where should I peek in the source code?
I suggest getting serial debugging working, and post the full log.
The full log is in the attachment. Anyway, I observed that the PCI ROM that I'm working with always got it's 3rd byte set to zero prior to being executed. I've just found where it's being modified but have yet to find the corresponding code in the entire "debugging system"
In the meantime I'm doing further debugging.
Thanks,
Darmawan
-
Darmawan Salihun -
Kevin O'Connor