[coreboot] Code flow from reset vector

Viswesh S viswesh_vichu at yahoo.com
Wed Mar 26 12:27:11 CET 2008

Hi ,

Thanks for the answers, but still some questions.

I modified the makefile and copied the coreboot before the stripping to vis_1strip and then did an objdump.

[viswesh at arka image]$ objdump -D --start-address=0xfffffff0 --stop-address=0xffffffff vis_1strip
vis_1strip:     file format elf32-i386
Disassembly of section .ram:
Disassembly of section .rom:
Disassembly of section .reset:
fffffff0 <reset_vector>:
fff0:   e9 51 53 ff ff          jmp    ffff5346 <_start+0x2>
fff5:   00 00                   add    %al,(%eax)
fff7:   00 e9                   add    %ch,%cl
fff9:   9f                      lahf
fffa:   53                      push   %ebx
fffb:   ff                      (bad)
fffc:   ff 00                   incl   (%eax)
Disassembly of section .id:
[viswesh at arka image]$

So here I can actually see the flash location and the opcodes in that location.

But when I do the same, as you mentioned,  when I try to dump the last 0x20 bytes in coreboot.rom file, I should actually see similar instructions and basically there should be a jump in the last 16 bytes.

[viswesh at arka image]$ objdump -D coreboot.rom | grep -ni reset_vector
[viswesh at arka image]$ objdump -D coreboot.rom | grep -ni _start
[viswesh at arka image]

Here I have dumped both the beginning and the end of the coreboot,rom file.

[viswesh at arka image]$ objdump -D coreboot.rom | more
coreboot.rom:     file format elf32-i386
Disassembly of section .note:
00100000 <.note>:
  100000:       08 00                   or     %al,(%eax)
  100002:       00 00                   add    %al,(%eax)
  100004:       05 00 00 00 01          add    $0x1000000,%eax
  100009:       00 00                   add    %al,(%eax)
  10000b:       00 45 4c                add    %al,0x4c(%ebp)
  10000e:       46                      inc    %esi
  10000f:       42                      inc    %edx
  100010:       6f                      outsl  %ds:(%esi),(%dx)
  100011:       6f                      outsl  %ds:(%esi),(%dx)
  100012:       74 00                   je     0x100014
  100014:       46                      inc    %esi
  100015:       49                      dec    %ecx

[viswesh at arka image]$ objdump -D coreboot.rom | tail
  13cf96:       00 00                   add    %al,(%eax)
  13cf98:       00 00                   add    %al,(%eax)
  13cf9a:       00 00                   add    %al,(%eax)
  13cf9c:       d1 e5                   shl    %ebp
  13cf9e:       10 00                   adc    %al,(%eax)
  13cfa0:       08 00                   or     %al,(%eax)
  13cfa2:       00 00                   add    %al,(%eax)
  13cfa4:       27                      daa
  13cfa5:       e7 10                   out    %eax,$0x10
[viswesh at arka image]$

So here also we dont see any jump to a specific location.

So basically where should be the code which should be flashed into the location 0xfffffff0.

(or) how can I locate the code inside the coreboot.rom,if it is there inside the rom file.

Thanks in advance,


----- Original Message ----
From: a a <todthgie at hotmail.com>
To: coreboot at coreboot.org
Cc: viswesh_vichu at yahoo.com
Sent: Wednesday, March 26, 2008 1:04:13 PM
Subject: Re: [coreboot] Code flow from reset vector

Viswesh S wrote:
> Hi,
> I understand the procedure in which internally how the CS register ( 
> Segment selector and base address part) make sure that we point to the 
> address 0xFFFFFFF0.
> But my doubts are in this part.
> 1) We will be flashing the coreboot.rom into the BIOS flash, right ?
yes and the flash chip is mapped at 0x(1)00000000 - chipsize (0xFFFFFFFF
- chipsize +1 in the core iirc) so a 256Kbyte (0x40000 bytes) chip 
would be at 0xFFFC0000....0xFFFFFFFF....
> 2) If we objdump coreboot.rom, dump all the sections, we dont see the 
> reset vector part and also the address 0xFFFFFFF0.This could be because 
> these sections are stripped off.Is it because of that ?
no, it will be at chipsize -0x10 (0x3FFF0 for a 256Kbyte chip)
coreboot.rom should be EXACLY as long as you flash chip is ....
so 0x10 bytes from the end of the file
> 4) If they are stripped off, then when I flash the coreboot.rom, what do 
> I flash into the address 0xFFFFFFF0, as the coreboot.rom doesnt even 
> contain the data(opcodes ) to write in that location.
no they should not be stripped...
whats in the file @ 0x10 bytes from the end ends op @ 0xFFFFFFF0
> Am I missing anything.
> Regards,
> Viswesh
> ps:- I am trying to correlate my experience in embedded firmware exp, 
> where the files we were flashing had absolute addresses and we could 
> objdump the flash file to understand the code at each location.
a lot of embedded targets have the flash at 0x00000000 the x86 does not.
the adresses are static but have a offset of 4G-chipsize

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20080326/102ec585/attachment.html>

More information about the coreboot mailing list