Coreboot and PC technical details

Video in TIB AV-Portal: Coreboot and PC technical details

Formal Metadata

Coreboot and PC technical details
Title of Series
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
A modern PC is quite different from the 1980s original, and while the BIOS still lingers after 30 years it must now solve many tricky problems. When the original PC with it's pre-ISA expansion bus was powered on, it was almost immediately ready to run an application. Today's PC can have several multicore CPUs interconnected by HyperTransport, Front Side Bus or QuickPath, DDR3 RAM on each CPU, and a large number of buses and peripherals. Many components require increasingly complex initialization to be implemented in software. This talk describes the technical challenges encountered by coreboot developers and their solutions.
Dialect Befehlsprozessor Kernel (computing) Demo (music) Multiplication sign Quicksort Video game console Booting 2 (number) Physical system
Computer virus Group action Code Multiplication sign Source code Coroutine Mereology Wiki Programmer (hardware) Hooking Different (Kate Ryan album) Semiconductor memory DDR SDRAM Core dump File system Extension (kinesiology) Information security Physical system Injektivität Software developer Interior (topology) Measurement Sequence Befehlsprozessor Telecommunication Software testing Whiteboard Metric system Arithmetic progression Resultant Web page Laptop Slide rule Game controller Open source Computer file Link (knot theory) Observational study Flash memory Computer Hand fan Number Power (physics) Goodness of fit Root Whiteboard Computer hardware Operating system Gastropod shell Software testing Booting Firmware Mathematical optimization Operations research Key (cryptography) Information Projective plane Content (media) Code Core dump Software Motherboard Cube Network topology Window Computer worm
Laptop Point (geometry) Presentation of a group Run time (program lifecycle phase) Code Variety (linguistics) Multiplication sign Connectivity (graph theory) Real number Set (mathematics) Device driver Mereology Power (physics) Non-volatile memory Revision control Different (Kate Ryan album) Operating system Booting Firmware Computing platform Physical system Exception handling Task (computing) Time zone Standard deviation Netbook Touchscreen Information Software developer Moment (mathematics) Sound effect Bit Variable (mathematics) Type theory Personal digital assistant Motherboard Right angle Whiteboard Quicksort
Polar coordinate system Presentation of a group Multiplication sign Computer programming Non-volatile memory Data management Semiconductor memory Different (Kate Ryan album) Single-precision floating-point format Computer network Core dump Bus (computing) Extension (kinesiology) Physical system Block (periodic table) PCI Express Bit Thermal expansion Variable (mathematics) Connected space Type theory Radical (chemistry) Data management Befehlsprozessor Telecommunication Order (biology) Interrupt <Informatik> output Whiteboard Quicksort Reading (process) Spacetime Asynchronous Transfer Mode Slide rule Asynchronous Transfer Mode Game controller Mobile app Functional (mathematics) Real number Flash memory Control flow Microcontroller Process capability index 2 (number) Cache (computing) Operator (mathematics) Computer hardware Booting Address space Game controller Key (cryptography) Inheritance (object-oriented programming) Interface (computing) System call Cache (computing) Loop (music) Personal digital assistant Motherboard Thermal radiation Compact Cassette Routing
Context awareness Multiplication sign Source code Combinational logic Set (mathematics) Real-time operating system Mereology Disk read-and-write head Computer programming Non-volatile memory Usability Magnetic stripe card Virtual memory Different (Kate Ryan album) Semiconductor memory Synchronization Befehlsprozessor Single-precision floating-point format Vector space Core dump Bus (computing) Error message Physical system Identity management Mapping Keyboard shortcut Interior (topology) Bit Flow separation Sequence Type theory Befehlsprozessor Process (computing) Vector space Telecommunication Chain Interrupt <Informatik> Configuration space output MiniDisc Reading (process) Speicheradresse Firmware Point (geometry) Functional (mathematics) Implementation Game controller Computer file Connectivity (graph theory) Device driver Process capability index Sparse matrix Polarization (waves) Event horizon Theory Number Power (physics) Revision control Read-only memory Computer hardware Energy level Spacetime Configuration space Codierung <Programmierung> Data structure Firmware Traffic reporting Booting Macro (computer science) Game theory Address space Form (programming) Modem Graphics processing unit Dialect Standard deviation Information Demo (music) Interface (computing) Content (media) Plastikkarte Cartesian coordinate system System call Subject indexing Urinary bladder Kernel (computing) Software Personal digital assistant Window Address space
Game controller Functional (mathematics) Code Multiplication sign Decision theory System administrator Source code 1 (number) Virtual machine Process capability index Mereology Dimensional analysis Power (physics) Programmer (hardware) Peripheral Semiconductor memory Different (Kate Ryan album) Befehlsprozessor Computer hardware Bus (computing) Address space Physical system Exception handling Mapping Interior (topology) Bit Cartesian coordinate system Befehlsprozessor Bootstrap aggregating Vector space Interrupt <Informatik>
Group action Serial port Machine code System administrator Source code Tracing (software) Different (Kate Ryan album) Computer configuration Core dump Information security Physical system Exception handling Block (periodic table) Software developer Shared memory Bit Peg solitaire Data management Befehlsprozessor Process (computing) Ring (mathematics) Telecommunication Order (biology) Interrupt <Informatik> Quicksort Speicheradresse Geometry Web page Open source Flash memory Translation (relic) Microcontroller Rule of inference Number Operating system Energy level Data structure Firmware Booting Computing platform Address space Compilation album Form (programming) Information Assembly language Artificial neural network Line (geometry) Limit (category theory) System call Compiler Uniform resource locator Software Personal digital assistant Motherboard Video game Table (information) Chord (peer-to-peer) Code Multiplication sign Direction (geometry) 1 (number) Set (mathematics) Insertion loss Parameter (computer programming) Mereology Virtual memory Semiconductor memory Decision support system Programmable read-only memory Bus (computing) Endliche Modelltheorie Position operator Area Data storage device Physicalism Variable (mathematics) Flow separation Connected space Configuration space Right angle Whiteboard Freeware Resultant Asynchronous Transfer Mode Classical physics Functional (mathematics) Implementation Game controller Link (knot theory) Divisor Real number Virtual machine Revision control Root Gastropod shell EEPROM Tunis Module (mathematics) Dialect Forcing (mathematics) Variance Cache (computing) Pointer (computer programming) Local ring
this the second demo and please be quiet everyone some that we might fail to hear what's actually going on
no no wait to hear what's going on I'll just have to sort of narrate again the serial console this is a one of the deal dell exports an AMD cpu the embedded aim the embedded cpu with 256 megabytes of ram and let's see when i reset reset there we are for book-running and there it's already starting to the Linux kernel and that's the final prompt of the Linux system which is full up at that time so this this shows that if you disable all the debugging stuff and you have a really trimmed down colonel you can get a very nice very nice start up time yeah i'm talking about boot time
measurements i think it's important to to be careful with the numbers here or just be careful about what the numbers actually are saying because different people will use different metrics to for boots time measurements and of course everyone wants their numbers to to be the best so they're going to use what is best for them what is the this this time measurement actually saying is it saying from power supply connected to windows running with a full desktop whatever login user or linux or whatever you have or is it from after the mainboard power-up sequence which might make a difference it sounds silly but but it might actually make a big difference there are about 30 voltages in a pc system so and these only to start in a special sequence and that takes time of course or is it from the first instruction fetch which might be a lot later then after all the voltages are up who knows what's what's going on the system so the guy who has been developing see BIOS his name is Kevin O'Connor he did some optimizations for his particular board he has an an epi aboard of the epi scn with a c7 CPU and the CN 700 chipset he put coreboot MC BIOS in flash used C bars of the payload and he has he had robbed on a SATA SSD and this is this is the results he got he had to spend 350 milliseconds just waiting for what seemed to be power sequencing from he presses from from the time he presses the button to some software actually running is this almost half a second then he measured that it takes about 50 milliseconds to wait for communications with us on the main board to stabilize another 20 milliseconds to configure the memory controller 10 milliseconds running core boobs 200 milliseconds waiting for the vga BIOS to initialize the graphics and another 10 milliseconds in in grub and the Graham tofu is that it takes seven hundred 50 milliseconds from the time he presses the power button to when Linux is already starting
security slide i don't know i think i'm going to skip this well maybe just mention it quickly cold boot attack there was a attack made public I guess the year before last year so 2008 where even though you power down your computer the RAM might not still might not be completely empty and if someone can steal your laptop or well desktop for that matter they can check out the ram the dim and extract all the contents of the data and it's really easy to find cryptic keys and so on so coreboot can be used both in the attack and for defense here because Corps boot has Ram initialization it can start their memory controller and then have a special dump routine inside forward to read out all the contents without changing anything in RAM but you could also use it so that when you're shutting down there's a part of cord which which which runs and make sure to clear all the memory before it covers off code injection into the operating system there was a exploit published we're part of the virus was changed to always rewrite permissions on a particular file in the file in the root filesystem so whenever you rebooted this file became world executable with the plus s and everyone had a root shell on the system that's that's not something you want in your your firmware so it might be worthwhile to to look carefully at the firmware your running there's a lot of good stuff about poor boots you can get really fast startup times it's open source see how the GPL you can audit you can read it it's you don't have to study assembly assembly sources a day on end to go through the code we have one tree for all the boards so there's a fair chance of reusability and extensibility there there's there's some challenges we need more testing that would be great there's a testing infrastructure but it's it's kind of difficult to hook up boards to be tested to this infrastructure so even though we have really nice really nice way in this infrastructure to test each commits on actual hardware because it's the fact that it's too difficult to connect boards to this infrastructure means that there's little testing actually done everything is built on each commits and that's a good good good start of course but it would be very nice also to see boots boots testing because stuff can break even though it compiles it it might not run and it would be very nice to have all the boards really one hundred percent supported most of the boards are implemented by one single developer or a small group of developers and they were really happy when all the stuff they need is working but that might not be enough for everyone else so little things on the main board might still need some code to to work most boards are not really far away there's only very small very small stuff missing acpi we need to get better at acpi but we already have a lot of good progress there and thanks to load up was going to talk about it a bit later and and who would is great fun so come come into the project please thanks to Luke for organizing this dev room and some some links for ganna mailing list and we're on our sea and the wiki you can just add anything after the URL and you should get an informative page questions Kristen M what you use in your question what you use for flashing your flash chip if it is completely screwed sorry you can yeah sure that's one way you can have a flash flash programmer or flash writers down below that helps but you don't always have access to that one thing you can do is to have a use another mainboard it there and hot swap the flash chips flash cubes programmer good to have but the you can also use another main board yeah what's what that's fine I think her Daniel will talk more about that also in the flash room talk another question yeah what are the implications yeah sure so
is minimalistic a TI opponent is what the standard is that nothing more so we don't have much of the bike only very very routine is required by accreditation so in this in this case everything with the real wide variety system these is power there but there is no fancy stuff by the zone the three full-grown when and there are so that I guess I could add there that one implication would be that there needs to be a driver to handle some tasks that might otherwise be handled using a CPI on another operating system or sorry another firmware but again if linux has that driver then and you want to run linux then it's fine come work gap okay another question first instruction yes you have to yeah things like that yes yeah that's part of the build and there are also some variables that are set or some settings that you can change runtime well not run time that are read from ND romics so you if you boot up your operating system you use nvram tools to change the settings and the next time you reboot they will take effect for example as a new version I put version us track the exact Remy's so a new main board with higher clock ram or a different type of ram would be small to medium effort Rufus is also going to talk about porting coreboot to a new board and it would really be like adding a new main board if it's if it's say an upgrade from ddr2 to ddr3 not all of the work needs to be done as if it was a completely new main board but still some things have to be changed and so high I'm going to talk about that in the next presentation of RAM initialisation depends if you're are you staying for that as well then maybe okay all right well if you have then maybe we can come back to the question all right yes there's one laptop supported at the moment two if you count the OLPC so the laptop that is supported is is I mentioned that in the presentation it's the development was funded by the German BSI and it's a rugged rugged laptop but the components in it are a fairly standard so that code and that effort can be reused for supporting other laptops as well and i also have one board that i'm sort of working on a laptop they call it a netbook but I hit the 12 inch it has a 12 inch screen so i don't know if i think it's the metal but this is this is the board anyway this is all that it's really in the laptop except for the screen and the harddrive it's a VI bi platform it's with Samsung and see 20 so hopefully that will work at some point as well does that answer your question I please do but it it might be a lot of work and especially it depends a lot on the which components are in your laptop Rudolph we'll talk about that morals in his presentation it can be really difficult to find out all the information that is necessary right so no more question thank you very much for coming sorry i went over time a bit but yeah I hope you thought it was interesting
do we need a few minutes of a break between presentations before I start the next one or should I just go straight away all right i'll continue that okay yeah so poor boot and PC technical details is is the title of this presentation this
is what I hope to be able to talk about here yeah we were mine again I guess that's the same as before I look at the 30 years of PCs the pc has been wrong for a long time and it's changed quite a lot I were to have a look at the ice above the the first well actually the second extension bus in the PC but the it worked the same way as the first one so we're going to look at that in order to learn some things that are very important and still applied it to a lot of other buses and devices in modern PC some thing about Hardware registers various on various buses I sub pci and Emmas or i'm going to talk a bit about nvram i'm going to talk a bit about interrupts ram initialization caches ram is a trick that is used by many farmers today GCC and rom CC rumson see is something that came out of court route as well the different x86 execution notes real no protective mode to management mode may be embedded controllers at this time and the tanks this is the same as the last slide I've been doing coreboot for a while I started in Hamburg do stuff the pc in the 1980s it might have looked like this there was a cpu and there was a booth wrong and there was some ram connected and who's a cassette player and the key and an expansion port now that this was really connected to the same sort of same communications buses so we went from cassette to ddr3 and this is what a PC might look like today and there's a lot of stuff in here we can have four or however many 816 CPUs maybe every cpu who might have its own memory controller and the roundest connect is the memory controller and that's one bus and the different CPUs might be connected together in one special bus and then there's some connection to the Northbridge and some io io stuff there's a whole graphics block which is either in the North Bridge or might be on a pci express bus off somewhere there's another bus down here to something south ridge which has a slower the old pci bus there's some USB and i ee PST who may be there or might be over here in the super i/o LPC is a replacement bus for the old i sub us and it's i would say that it's really on every mainboard these days there's an LPC bus somewhere it can connect to was it rio it can also connect to look / or there could be an SPI bus which connects from the Southbridge to the loop / or there could be an spi in the super i oh so it goes be able to see over to the trial spi and then to the route flash and this is Rio has lots of lots of other suck also floppy and it could be ps2 as i mentioned say real caramel gpios watchdog terminal measuring lots of temperatures on the board and there might also be microcontroller so another cpu inside the i/o chip down here that's the medical folder that I hope to to rent a bit about also oh yeah and there's the sm bus i mentioned in the previous presentation that Kevin had some issues waiting for the sm bus to stabilize welcome back to that when we're talking about Ram initialization because it's connected to to the ram so this is a look at how it might be and it can of course be even more complex you can have this might not be a single core cpu but it might be a 4 core cpu so you have 4 cpu cores behind that one connected to one memory controller but connected also to all the other cpus and the app it can be pretty complicated so HT is hyper transport that's AMD's bus for interconnects or Amy's interconnect between CPUs and IO IO note in child develop their own it's both quick path interface i think the radiation the QPI does the same thing connection between many cpus in system has many CPUs so what about this I sub us the way I look back back when there is I oh and memory access in the x86 CPU there's an eight or 16 bits data communication path and depending on if you're doing io access or you're doing memory access the address space has a different size so for I oh there's it's always 16-bit so we have 64 K addresses these addresses they're usually called ports I'm not really sure why but it's that's if you see port somewhere it's about an i/o the CPU instructions used for for i/o is in be in w out be out w and the newer cpus you have the NL and i'll tell instructions also these also are available as function calls in in Linux you can do the wrecked io from from linux user space if you do some some preparations first I think my poor lamb who might talk about that also yeah and well that knows I am the lightning talk I guess for the port porting on the alto s room yes well anyway it's possible to do this direct this this i owe communication this io access is from linux and even if there's no I sub us in the system anymore it's still possible to do these operations and where are they going to end up well they will end up on LPC usually and there might be something listening they're typically the super i/o is what you want to talk to in that case if you are doing memory accesses then you have 20 bits of address and we'll have a look at how those 20 bit addresses are created in a bit an execution mode and the memory accesses their own use move instructions so it's just memory read and memory writes if you're programming in C you're reading from a variable types of memory memory read in the really early pieces that could that memory was external in the new pc the memory is actually connected to the CPU itself and of course has a lot longer address space than then 20 20 bits
there's a whole bunch of of registers in all the hardware components that we looked at and in every ad on component that you can connect to a pc and these register accesses they will be either io or the registers they will be either vio mapped or they will be memorable on isohunt where it was kind of common on the really old for example really old networking parts you had a whole bunch of jumpers how many people remember those yeah you had to choose the base io portage is the interrupt and then you had to make sure they were no context and never work they invented this plug and play stuff which was supposed to be clever but I don't know it in theory it was good but I think the implementations weren't really that that awesome pci is very different there are no jumpers there's no conflicts the firmware handles all the configuration so Corps boot covers all the long printouts that we saw from the the first demo is checking all the PCI devices connected to the system and making sure that they can co-exist and be accessible at the same time PCI devices they have what's called configuration space 256 bytes of registers they are always reachable I think the standard says that it's not necessarily always but in practice it really is always they are reachable on aisle two ports cf8 hexadecimal and CFC this is an index data combination so you first write the address of the registered you want to access to CF eight and then you do the actual value axis on CFC so say you want to access no I'm not going to give you an example because you have to encode the PCI address and the pci device address and that something was called a function number and the register number into this access to CF eight and I can do that in my head so well we'll have to skip that that example but anyway first specify where you want to where you want what you want to access and then do the actual access on a different IR port this is this typically always available if the system has pci then this this is going to be there this is called the type one configuration interface and maybe you've seen that in the linux kernel sources you can choose what type of configuration access method that's going to be used this is also what for would uses core would use to support another access method but it was never used so we threw that out configuration space can also be reached via memory mapped registers and that's called mm config not every system supports it but if they do it's it's more convenient because you just access what could be a memory address that looks just like any other address in memory but there's no memory there is that you're reading and writing well there is memory but the memory is small registers on some pci device and it's not the the dim the main ram in the system so that's that's handy and it's also faster these io accesses tend to be pretty slow because there are so so old and legacy compatibility stuff on the bus the 16 first lights out of these 256 are standardized by the pci pci standard so every single pci device is going to have the first 16 bytes exactly the same well not identical contents but identical structure and the first four bytes show the vendor and the device ID for example there's also information about which interrupts is going to be used for this device and a couple of other things interrupts bladder polarity detected errors on the communication on the PCI bus by this device if this device is a bus master and much a whole bunch of other settings as well and there are base address registers or bars of their call so maybe these 256 minus 16 bytes these 240 points maybe that's not enough for for being able to for for doing everything that this pci device can do maybe you need a lot more if it's a graphics card for example you want to access to the graphics memory and 240 bytes isn't really a lot of graphics memory today so you need some way to create a window into the graphics memory that is on the graphics card so then you will configure a bar or when the firmware will configure a bar a base address register saying to the pci device that when a pci when the pci bus sees an access to this particular address then that is meant for you so every every pci device looks at the traffic on the bus and only the one that has been configured to access accesses to this particular address is going to accept them and you kill them and process them so in case the firmware does a a half-assed job and sets up base address registers which conflict then you're going to have more than one device react to stuff going on on the pci bus and nothing is going to be working so in the example of a graphics card the base address register would set up a memory mapping because you want the graphics memory to be accessible as memory but base address registers can also be used for i/o mapping in that case you have some number of i/o ports that you want to end up on this particular pci device and then you you the firmware set a base address register in the same way which tells the pci device to decode axises io axis is to this particular report this is really common before for PCI devices to have one or both memory and i/o bars it could even be several I think in the 200 and sorry and the 16 by its 16 standard bias I think there's room for four base address registers I don't know now it was sorry it's in the full 256 it'sit's room for four or maybe even more base address registers so you can have one pci device that has several different memory regions or i/o regions that it's it's decoding there are also the amaz RS almost almost can see model-specific registers that's low level registers in the CPU itself in the North Bridge in the i/o controller stuff like that I'm going to come back to to some of those
nvram I mentioned that it's also called CMOS I don't know if it I probably doesn't use CMOS technology in more but the name has has has stuck it's in its simplest form with the basic form it's 128 bytes of the battery backed ram and it's stored in the real time clock chip and the real time clock chip in turn is usually part of another chip in a modern PC but in the original PC that was one motorola ship on its own now it's usually in the super I Oh or maybe in the chipset so these 100 100 0 bytes they survive power down you can have the system disconnected forever and or not forever but for a long time and the contents is still going to be the same also the clock keeps ticking of course when the system is shut down that happens there the standard way to access these registers is again one of these index index value io sequences you write the address you want to access to port 70 and then you read or write 471 hexadecimal to to read or write that value and this is where all the bios settings are stored typically and this is also what mb ram tool mrs. with so you give it the layout file of which bits are or which and it will do all the translation and make sure you don't overwrite any wrong bits and accesses the supports 70 and 71 and if it works out well there was 0 extended registers another 128 bytes and there can also be another 256 bytes in other places but that work just the same way ports 72 and 73 are really common if you want to have a look at the driver for this in Linux its rivals car and we rounded see and somewhere in arc x86 they're the couple of macros which translate to the out out be and in B which will do the actual actual port axises interrupts how many recognize this picture all right excellent about eight nine ten or so so this is a the legacy legacy picked programmable interrupt controller the way interrupts works in the beginning synchronous CPU systems I guess all the way back to 8088 the original PC there were 15 usable interrupt signals interrupt inputs to these two interrupt controllers that are connected together and the chain of events is as described here a device each well typically each device would one device will connect to each of these inputs 0 through 15 the device wants attention from the cpu because something has happened maybe there's a bite coming in from the modem or from the keyboard or maybe it's possible now to send a bite out to the modem or to the keyboard or wherever the network card for that matter so the device signals an interrupt pulls one of these this spring's the cliq notice is this the interrupt controller and it's well if it's one of these these hi wats it's going to trickle through to the master and the only the only interrupting although into the cpu is the actual in that one yeah so the one interrupt signal from the master pic is on that is going to the CPU only accept one single interrupt signal but what about all these devices how does that work out well so when there's an interrupt the CPU will acknowledge that it received this interrupt signal by pulling on the disks in a signal to the interrupt controller and then it's going to wiggle the interrupt acknowledge signal a little bit more which causes then the program has racked up over to write an address for the interrupt handler or the interrupts vector to the data bus so the CPU says okay I got the interrupt the CPU says okay what should I do now the
interrupt controller has been programmed hence programmable interrupt controller has been programmed to know that interrupt this and that should be handled by code running at this particular address in memory so this accuses okay what should I do now the programmable interrupt controller replies you should go to this address in memory where they interrupt handler lives so it writes that out to the data bus the CPU reads the address and jumps to the address and there's an interrupt handler running in this abuse so there was was this was with just one cpu then there's only one interrupt signal even though we can have many interrupt sources and yeah hopefully this explains all the interrupt problems that were with all these Accords little bit okay what about when there are multiple CPUs then it gets fun again there's always one bootstrap processor that's the the first processor that comes up running when the system is starting that is all arranged in hardware which which processor will be running when the power comes on then any any other cpus are going to be application processors so there's always only one running in the beginning and it has to well actually that's not true that depends on if it's aimed irritant and I think one of them everyone comes out running and they have to agree to stop if they're not the BSP but there has already been a decision made in hardware so that there's only one which is designated to be SP and it should check if it's the BSP and the other one should stop and the bees p will continue anyway inside of these cpus there's a local a pic so ap is I guess advanced programmable interrupt controller and the eight picks the local ethics there's one in each CPU and then they communicate with each other but this this for example hypertransport or it could be some front side bus tour for such system bus whatever they also connect with this I owe a pic which is the one dealing with them well this looks familiar this is the the same the legacy pic arrangement which is still there even if you have an a pic it might not be used it is it if you so then a pic situation it needs be configured before it's being used and if it's not configured then the system is still going to be using this legacy pick set up but if you configure the full on a fake situation then you get the local epics talking to each other and stop the IO epic and you can do really flexible mapping of all the interrupts coming into the IOA epic and all of the drugs that can be generated by the local ethics also because these by the time we have multiple cpus the cpus also have a lot of more functionality included that maybe the older ones did so for example we have dimension already machine check exceptions mces if if the cpu detects that it has broken it can trigger an a pic interrupt and that can call into an interrupt vector somewhere so the interrupt vectoring part is still the same the local epic will make sure that the cpu runs those often run some configured interrupt handler the difference is that the difference from the legacy big situation is that well first of all the IO IO stuff which is connected to all the peripherals and pci bus down here that's that's separated out and the local ethics they also they have support for I think 256 interrupt sources instead of the 15 so there's there's plenty of interrupt signals available they can come from interrupts can come from as i mentioned from within the epic itself from within the CPU itself they pick has also a timer which can generate interrupts and yes and of course the AP enabled there it has to be enabled as I mentioned well here's also the system management interrupt signal which goes into the CPU and not a pic in this wrong so a lot more complicated but basically still the same principle you have programmed the pic the interrupt controller too with all the drug vectors and when the interrupts happens it will send the CPU to run the code that it should but there are a lot of possibilities with many different interrupts here I think Rudolph will also come back to this for RAM
initialization how are we doing more time ok for RAM initialization what do we have to do there well the our goal in RAM initialization is to configure this this thick red connection over here it could be ddr2 it could be DD or it could be ddr3 in any case it's it's a lot of work we need to know we need to know exactly what kind of RAM is is connected here upon on this item the same for all of the CPUs and or memory controllers which have ram connected and well since this communication link isn't working what do we do we don't have to use this sm bus so from the cpu we're doing memory configuration we go through the North Korean southbridge out one to the SL bus and follow this ring line and talk to this this little green guy which is an e square prom on each dim it's a small serial eeprom it stores a couple of parameters what sizes of this memory but how fast is it is it registered is it not registered etc etc all the parameters that timings supported by this memory module of the stuff that is needed to configure the memory controller correctly and I'm not going to go into great detail with a memory controller configuration it's so complicated but I'm going to say that ddr2 at least it requires some brute force searching for finding the correct the tuning of the time in between the memory controller and the actual in so the farmer has to search through all possible settings or many possible settings for the tuning parameters in order to find the one that is working really well and worst case that that parameter could actually change with the temperature in the room depending on how the board is is laid out of the traces on the other the main work so it's a longer cassius ram is is used in coreboot this Ram initialization stuff so when the RAM initialization is running there is no Ram available right that means it's not possible to run seat code because C compilers they assume that there is random available and RAM is used for the stack which is used to call functions so we can't use cheat code when we're doing this Ram initialization and back when memory technology were was was simpler or the memory buses were simpler it was kind of okay to do i guess the memory initialization the RAM initialization in assembly we could do it in assembly language and it it wasn't all that bad it wasn't too long it it was ok but with this for example with this brute force search stuff that is in ddr2 and which I can only assume is even more complex in ddr3 it's really not something that we want to do in assembly anymore so one way around it is to use caches ram which means that part of the CPU cache is used as memory and in fact it is memory it's really fast memory but normally it isn't addressable but it's there's a way it's documented by Intel evil you just it doesn't exactly they doesn't they don't exactly describe why you would do it or I guess well they say how you do it but not exactly that the result is caches around and let you can run stuff without having RAM you have to read this one between the lines of it but the information is there you set up packing and then you make sure that you load all the code that you want to run into the cache and then you make sure that you don't run anything else and that you don't access any code outside that and if you do as it's possible to to have C code running without any ram acting so that's used parkour boots for many mainboards but not for all yet our ambition is to have to have this for every main board we have the caches ramp support for a lot of different CPUs and platforms for amd64 and Forgione LX and I think also for the vsc 7 but all the boards aren't really using it yet it can be tricky to do this in a general manner we want we want to catch this Ram support for for everything of course but different platforms different systems they have restrictions on how big areas you can use for caches ramp and where they need to live in which addresses you can use for this so it's it's not really easy to to do this casual surround setup always another option so that's that's GCC if you have caches around you can use GCC compiled code Jesus es usted there's memory but before we we started using caches Ram we we had another thing another solution rom CC was was created by one of the core boots developers it's a Z compiler custom custom made one big source file it's really not generates machine code which doesn't need any ram it cannot of course the x86 is is sort of limited when it comes to the number of registers it has so the c code cannot be infinitely complex because every every time you call a function this e compiler has to reserve one register so eventually you run out of registers and then the compiler River will complain and is not going to be able to compile the source code you have but if you have simple simple source code and if you if you write it in a in a certain way in lines for example can can help then roxas ii does does a fairly good job there has been a couple of marks in there which have been a bit difficult to track down but i think the wrong chassis code base is this is pretty good quite on question how can the grumps is you combine those in any there's going to be not that much he bathe in kennel so the question is how does rom CC know at compile time when it runs out of storage anything yes well it has a model of the CPU that is going to run on and it's at compile time its fills up that modeled it fills up the registers and eventually if it runs out of registers and it's it's impossible for the compiler to store the previous location then then it's going to fail then you can't do that function hall at at I guess level eight or nine the combined knows about this yes he probably doesn't know of is that what if I'm further the command surely knows about the CPU and the dance and we can think of it as we cannot know about some by creating artificial calls in artificial calls no dynamic falls I think function pointers are not support the African well it could be supported as long as there's a register free but then you have anything on your own well it would be it would it would require one extra register i guess for saving the return or saving the function pointers somewhere I think these are fine yep yeah okay sure well another explanation for this and every function hall is in life no CC so if there is partial which calls itself a rock CC will naturally so recursion or something like that faction wanders forget to count and do it in a fully lined assembly goat with no balls at all that's okay right now to unload Yeah right it unrolls the source code completely right I think it should be possible to implement function pointer stuff but it might not be in the variance okay all right still roam CC is is even though you're moving away from Rome CC coat it's I think it's still useful for example serialize I believe is that the rom shell for sale realize is compared with Roxy see and it's it's really an amazing effort that went into it execution modes in the x86 there's the the go down real mode the classic execution mode that every modern CPU still starts up in you have a bunch of 16-bit registers the ones up there I hope I don't throw up I didn't forget one the first four or segment registers and the rest are they have sort of intended purposes but you can mix and match almost breathing not quite but you can make some much of it and every every memory address as I said in real mode is 20 bits so two of these 16-bit registers need to be combined and I've always seen that being called segmented addressing and it's written in the form segment register colon offset register they're both 16 bits and the address ends up being the segment register shifted left by 4 or x 16 and then add on the offset register so for an example if d s equals f 000 hexadecimal and s i equals 6000 hexadecimal then the dss I segmented address would be a physical address of F 6000 so yeah that way you can reach a full megabyte of address space then and this was in 8086 8088 186 and 286 and then another 386 there was the protected mode actually there was one protected mode in the 286 as well but it was so so different that I'm not going to bother I don't remember even all the details but the protected mode as we know it and usually call it is the one that came in 386 it has a concept of privilege levels where you can specify that some some parts of boat is allowed to do something and and not some other things and this is also this is of course but every modern operating system relies on in order to do security properly otherwise you would be able to do anything even as a user in Linux for example books only the root user is is really allowed or the colonel is really allowed to do to do anything in the system when one of these privileges directions or when you're trying to do if you're trying to do something that they're not allowed to do then the 386 or protected mode CPU is despaired to is going to throw an exception and this can be handled by an interrupt handler and then all the big stuff comes comes into play and you end up running some other piece of software which can sort of detect what happened and then it goes all the way back and tells the user that oops you did something that you're not supposed to do instead of crashing or whatever also included in the protective mode is paging this is a reference table or a lookup table for addresses so you're using an address but it's not like up here if you say you want this address it might actually be a completely different address so there's there's a translation layer in between the address you're using the virtual address and the address that I actually seen on the bus the physical address the protected or the well protected mode not actually protected mode this is more than 386 the 386 added 32-bit registers so they're the versions of all the ones from ax out to HP that are 32-bit the lower 16-bit are the same and some of those can be divided into 83 this review and then the set segment registers they've changed into what is called selectors it's the same register name just has a different function in protecting out the selector will look a look up a data structure which has information about paging and privileged instructions and also base and limit so this is all part of the translation depending on what you put in in CS if you say put for example 0 then you're going to get the first entry in this lookup table of selectors or descriptors and that means if you address if you access address zero it's actually going to be somewhere somewhere completely different but if you then change CS to be eight in step and you move one step forward in this table the global descriptor table or the local descriptor table as they're called and then you mean if you're accessing zero it gets a completely different meaning the limit specifies how big memory block you can access starting from from the base address so system management mode I mentioned it's triggered by system management interrupt when the processor enters system management mode it's always running a real mode but it's free to switch to protect the milled if it wants to interrupts are almost disabled and the debug traps are always disabled so when you're running in in system management mode you're really you're really isolated it's the machine is all yours since the management mode can be entered by as I mentioned I all traps or even mmio traps so the memory maps register accesses machine checked exceptions when the cpu detects that it's broken and I pick anything in the HIPAA can also generate or result in systemic with node execution embedded controllers I'm out of time so unfortunately no rant about embedded controllers since 51 in the super I oh it can do a whole lot of stuff which jordan messes up the system because it's transparent and it might also be very difficult to to detect but ya know thanks to Luke and questions this is the first time yep our loss for all CC a storm rolled through variables and rye almost positive factors in registers so you kind of only a few yes yes yep good question so it depends on sometimes the 8051 there it can be a standalone chip and if it's a standalone ship it can have built-in firmware but it could also be sharing with the main share me the boot flash with the main firmer in the system so they say the first the first fifty fifty six kilobytes is the firmware for the for the microcontroller the embedded controller that's it's fairly common one good as its own budget yeah they can has it it can definitely has its own flash which is on yep sister management role it yes yes yes definitely yes definitely and someone also earlier asked the question if so the question was where the system management code that is running chord with where doesn't come from and the answer is it is also in core group we have two separates implementations of system management pro handlers and core boots one is from AMD that's the one for the geo dialects but they open source that and then there's the code that second behind our rope or the Intel Intel platforms and I think well maybe rule of you also wrote some small system management mode code for the env 64 yeah but it's all the included in the corporate source and there's full control and it does really very little because it wants to get out of the way all right okay thank you very much


  742 ms - page object


AV-Portal 3.21.3 (19e43a18c8aa08bcbdf3e35b975c18acb737c630)