[OpenBIOS] Apple's Open Firmware.
Jd Lyons
lyons_dj at yahoo.com
Fri Mar 30 10:14:48 CEST 2018
> On Mar 29, 2018, at 3:57 PM, Segher Boessenkool <segher at kernel.crashing.org> wrote:
>
> On Thu, Mar 29, 2018 at 06:44:15AM -0400, Jd Lyons wrote:
>>> On Mar 19, 2018, at 8:58 PM, Segher Boessenkool <segher at kernel.crashing.org> wrote:
>>> On Mon, Mar 19, 2018 at 08:11:25PM -0400, James Lyons wrote:
>>>> I tried:
>>>>
>>>> dev agp/@10
>>>> : open true ;
>>>> open-dev " agp/@10"
>>>>
>>>> ALLOC-MEM request too big!
>>>>
>>>> Did I do it correct?
>>>
>>> You destroyed (well, made inaccessible) any "open" method there was.
>>> That is certainly not going to help.
>>
>> Segher, how would I properly call open?
>
> You shouldn't do that : open ...
> If the node did not have an "open" method already, something else is
> wrong (which you cannot fix _this_ way).
>
>> Also, does anyone know if Apple’s OF supports fcode-verbose?
>
> It does afair.
>
>> What I am trying to do, load the Fcode Rom from a file may not be supported in Apple’s Open Firmware. Arti Irta never mentioned it could be done, so it’s maybe there was a reason for that.
>
> It can be done.
>
>
> Segher
>
Joe Van Tunen gave me a look at how Apple’s OF implements the load command:
The only information I could give is what you can get by disassembling the compiled fcode. The best result would probably come from a PowerMac G5 Quad Core (one of the last Macs to use Open Firmware and therefore has the latest Apple implementation of Open Firmware). Part of the disassembly looks like this:
FF8905B5: b(:) \ [0x0b7] 0x1cf0 boot|load
FF8905C8: 967E FFFC stwu r19,-4(r30)
FF8905CC: 7E68 02A6 mflr r19
FF8905D0: 4BFF F789 FF88FD58 bl _reboot-command
FF8905D4: 4BFB A4E5 FF84AAB8 bl pack
FF8905D8: 4BFB 8701 FF848CD8 bl drop
FF8905DC: 4BFD 29E5 FF862FC0 bl security-mode?
FF8905E0: 4BFB 6A49 FF847028 bl (b?branch)
FF8905E4: 4800 0020 FF890604 b $+32
FF8905E8: 4BFC 6251 FF856838 bl carret
FF8905EC: 4BFC C195 FF85C780 bl word
FF8905F0: 4BFB 86E9 FF848CD8 bl drop
FF8905F4: 4BFB 8B6D FF849160 bl 0
FF8905F8: 4BFB 8B69 FF849160 bl 0
FF8905FC: 4BFF F68D FF88FC88 bl (load)
FF890600: 4800 0014 FF890614 b $+20
FF890604: 4BFC 6235 FF856838 bl carret
FF890608: 4BFC C179 FF85C780 bl word
FF89060C: 4BFB 9BBD FF84A1C8 bl count
FF890610: 4BFF F679 FF88FC88 bl (load)
FF890614: 4BFB 8B6D FF849180 bl 1
FF890618: 4BFC A659 FF85AC70 bl oft
FF89061C: 4BFC 5FC5 FF8565E0 bl not
FF890620: 4BFB 6A09 FF847028 bl (b?branch)
FF890624: 4800 0020 FF890644 b $+32
FF890628: 4BFB 6969 FF846F90 bl b<">
FF89062C: 0A ... dc.b " load-size="
FF890638: 4BFC 2381 FF8529B8 bl type
FF89063C: 4BFF EAB5 FF88F0F0 bl load-size
FF890640: 4BFC 6C91 FF8572D0 bl u.
FF890644: 4BFB 8B3D FF849180 bl 1
FF890648: 4BFC A629 FF85AC70 bl oft
FF89064C: 4BFC 5F95 FF8565E0 bl not
FF890650: 4BFB 69D9 FF847028 bl (b?branch)
FF890654: 4800 002C FF890680 b $+44
FF890658: 4BFB 6939 FF846F90 bl b<">
FF89065C: 08 ... dc.b " adler32="
FF890668: 4BFC 2351 FF8529B8 bl type
FF89066C: 4BFB 8B15 FF849180 bl 1
FF890670: 4BFB 77A1 FF847E10 bl load_base
FF890674: 4BFF EA7D FF88F0F0 bl load-size
FF890678: 4BFC 60B1 FF856728 bl adler32
FF89067C: 4BFC 6C55 FF8572D0 bl u.
FF890680: 4BFB 8B01 FF849180 bl 1
FF890684: 4BFC A5ED FF85AC70 bl oft
FF890688: 4BFC 5F59 FF8565E0 bl not
FF89068C: 4BFB 699D FF847028 bl (b?branch)
FF890690: 4800 0008 FF890698 b $+8
FF890694: 4BFC 2305 FF852998 bl cr
FF890698: 4BFB 5E08 FF8464A0 b exit
FF8906CD: b(:) \ [0x0b7] 0x1cf2 load
FF8906D8: 967E FFFC stwu r19,-4(r30)
FF8906DC: 7E68 02A6 mflr r19
FF8906E0: 4BFB 68B1 FF846F90 bl b<">
FF8906E4: 05 ... dc.b " load "
FF8906EC: 4BFF FEDD FF8905C8 bl boot|load
FF8906F0: 4BFF FA19 FF890108 bl (init-program)
FF8906F4: 4BFB 5DAC FF8464A0 b exit
FF890865: b(:) \ [0x0b7] 0x1cf8 boot
FF890870: 967E FFFC stwu r19,-4(r30)
FF890874: 7E68 02A6 mflr r19
FF890878: 4BFB 6719 FF846F90 bl b<">
FF89087C: 05 ... dc.b " boot "
FF890884: 4BFF FD45 FF8905C8 bl boot|load
FF890888: 4BFF F881 FF890108 bl (init-program)
FF89088C: 4BFF FEA5 FF890730 bl go
FF890890: 4BFB 5C10 FF8464A0 b exit
It should be possible to decompile the compiled fcode in the same way that the Open Firmware "see" command does.
Earlier Mac's (Old World Macs) may have tokenized fcode in their ROM that you can more easily detokenize but some of the words may be unnamed (headerless). I guess the G5 (and other New World Macs) has tokenized fcode somewhere but I don't know where it is - maybe it's compressed? The following is detokenized output from a Beige G3's tokenized fcode:
: colon_definition_function_8b7 \ (8b7) [0b5 0b7]
buffer_8b4_8 \ (8b4 8) [8b4]
pack \ [083]
drop \ [046]
['] colon_definition_function_8b6 \ (8b6) [011 8b6]
to init-program \ [0c3 8b3]
carret \ [625]
word \ [589]
count \ [084]
colon_definition_function_8b2 \ (8b2) [8b2]
; \ [0c2]
: boot \ (8bc) [0ca 0b7]
" boot " \ [012]
colon_definition_function_8b7 \ (8b7) [8b7]
init-program \ [8b3]
go \ [8b8]
; \ [0c2]
: load \ (8b9) [0ca 0b7]
" load " \ [012]
colon_definition_function_8b7 \ (8b7) [8b7]
init-program \ [8b3]
; \ [0c2]
You'll need the full listing to be able to find the information you need. As you can see the G5 has many more named words than the Beige G3 (as well as more code). The B&W G3 (another New World Mac) is somewhere in between.
I don't see "fcode-verbose?" anywhere in the outputs of any Macs. The G5 seems to have some logger stuff but I don't know what that's all about. "oft" (seen above) is a flag in "logger-flags". Setting the flag adds some logging somehow. There are different flags to log different things.
Besides logging there are "debug", "resume", "tracing", "stepping" commands.
I still have some PowerMacs (8600, 9600, B&W G3, G5) but I haven't turned them on in a long while.
What jumps out at me, is both ‘load' and ‘boot’ one the G5 call ‘boatload’, would this be the reason that it is trying to execute the Option ROM when I try and ‘load’ it?
Do I need to try and fix that so I can load the entire file, without clipping the PCI Header?
Or is getting the current instance by calling " agp/@10" open-dev to my-self, enough that I don’t need the header?
I’m not real sure how to proceed, just not exactly sure what is going wrong, how this differers from SLOF and Openbios. What seems to differ is:
1. The load command tries to execute the file, rather than just loading it to the base address like OB/SLOF.
2. 1 byte-load returns ok, but doesn’t seem to do anything, tho it’s hard for me to tell without fcode-verbose.
> --
> OpenBIOS http://openbios.org/
> Mailinglist: http://lists.openbios.org/mailman/listinfo
> Free your System - May the Forth be with you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/openbios/attachments/20180330/04bb4b04/attachment-0001.html>
More information about the OpenBIOS
mailing list