Coreboot: x86 system boot and initialization
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Title of Series | ||
Number of Parts | 64 | |
Author | ||
License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/45918 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
|
FOSDEM 201131 / 64
3
7
10
11
17
19
21
28
33
34
35
37
40
44
48
49
52
55
57
59
62
63
64
00:00
Physical systemBootingOpen sourceNeuroinformatikProjective planeSoftwareBootingPhysical systemFreewareCore dumpComputer animationXMLLecture/Conference
00:23
Physical systemTable (information)BootingDynamic random-access memoryBefehlsprozessorComputer fontInformation securitySystem programmingOpen sourceWhiteboardBootingError messageNeuroinformatikProjective planeWhiteboardSlide ruleBootingSoftwarePoint (geometry)FreewareService (economics)Physical systemCore dumpFocus (optics)Information securityTable (information)Staff (military)BootingComputer fontKeyboard shortcutGene clusterComputer animationLecture/Conference
02:20
Normed vector spaceBefehlsprozessorAsynchronous Transfer ModeRead-only memoryExecution unitStack (abstract data type)CodeFunction (mathematics)Variable (mathematics)CompilerCache (computing)Video gameCodeAsynchronous Transfer ModePhysical systemSemiconductor memoryOrder (biology)BootingCore dumpVariable (mathematics)BefehlsprozessorStack (abstract data type)Projective planeLine (geometry)Cache (computing)CodeLocal ringCompilerNeuroinformatikBitComputer fileHypercubeMereologySlide ruleFlash memoryPower (physics)Hydraulic jumpLevel (video gaming)IBM PCVirtual machineMachine codePresentation of a groupPeripheralObject (grammar)Binary fileReading (process)WritingTable (information)Staff (military)Integrated development environmentMultiplicationCellular automatonBus (computing)Computer programmingDynamic random-access memoryGame controllerSpacetimeKernel (computing)Address spaceShape (magazine)BlogComputer animationLecture/Conference
08:42
CodeSerial portVideo game consoleBefehlsprozessorMessage passingFlash memoryLetterpress printingLine (geometry)Cellular automatonCache (computing)Integrated development environmentCodeBuildingMessage passingMotherboardLevel (video gaming)TouchscreenBus (computing)Computer fileCASE <Informatik>AreaFunctional (mathematics)Serial portComputer animationLecture/Conference
10:24
Module (mathematics)Game controllerComputer programBefehlsprozessorDensity of statesTask (computing)Line (geometry)IntelDDR SDRAMLine (geometry)Game theoryDDR SDRAMCodeGame controllerSemiconductor memoryBus (computing)Module (mathematics)BefehlsprozessorWhiteboardIntegrated development environmentMultiplication signCountingBridging (networking)Numbering schemeRight angleTask (computing)Square numberCache (computing)Message passingComputer animationLecture/Conference
12:51
Table (information)Link (knot theory)PCI ExpressProcess capability indexResource allocationCache (computing)Kernel (computing)Physical systemRead-only memoryLevel (video gaming)Bus (computing)Enumerated typeoutputLevel (video gaming)Power (physics)Link (knot theory)Operating systemPCI ExpressData managementTable (information)Operator (mathematics)Core dumpBootingComputer animationLecture/Conference
13:27
Read-only memoryTable (information)Data managementRule of inferenceOperations researchPhysical systemCore dumpLatent heatWhiteboardTable (information)BootingInformationLine (geometry)Computer animationLecture/Conference
13:59
Computer wormKernel (computing)Game theoryComputer configurationFormal languageBootingOperating systemCore dumpOperator (mathematics)Game theoryPhysical systemComputer animationLecture/Conference
14:37
Multiplication signFlash memoryMotherboardComputer animationLecture/Conference
15:16
XML
Transcript: English(auto-generated)
00:07
Hello, I hope you can hear me well. My talk will be about the system boot and the core boot, which is the project open source or free software project which is doing the booting of the computer instead of the
00:22
BIOS. So first an outline, so I will introduce briefly our projects, then we have a look how the PC looks like nowadays in the point of buses and so on. Then there is a little cache, we don't have any RAM at start, so I will show you how to
00:40
deal with this, and of course how to init the RAM of the computer, then we have plenty of buses to go through and stuff, so this will be the last slides and tables and of course the boot. So first who we are, core boot, free software project, coreboot.org, it very roughly says
01:03
it says that it's a replacement BIOS for 250 boards. It's quite fast, we can boot your system in 500 milliseconds or 1500, it depends on what you actually use tomorrow. I will speak more about it in the embedded death room.
01:24
The focus for the deployment of core boot is mostly the security stuff, embedded systems and so on, because you never know what the proprietary BIOS is doing, so the secret service also likes to know what's going on with their BIOSes.
01:43
So we are targeting the embedded systems and of course clusters, because this is how the project started in the year 99. There was a huge cluster of computers and if you tried to boot them they will complain
02:02
that there is no keyboard, so a guy must go around a thousand computers, plug the keyboard, press F1, go to another computer and so on and so on. So this was let's say the first where the project has been started. Okay, so here is Mr. PC, I think you should know it quite well, but maybe we can repeat
02:28
some details, I'm not sure if I have mouse so I can point. So this is the CPUs, now we have multiple of them, each CPU has now each memory controller,
02:41
here is the DRAM, this is the DIMMS you can replace on your board, here is the North Bridge and South Bridge and in between there is some kind of bus, which is FSB or hyper transport bus, or between North Bridge and South Bridge there is also some buses, it doesn't matter which right now, and of course the South Bridge which is having
03:04
all your peripheral devices like USB drives, serial port and such stuff. And of course there is a flash which has this program, either the BIOS or the core boot if you replace it already.
03:22
What is quite interesting on this slide is that the red parts must be done by the core boot while the system is booting. So it's a lot of stuff to do and we need to do it very quickly. So here is a little fairy tale about how to start a computer.
03:45
So if you push the button then at the beginning there is kind of power sequencing, so when the computer is starting there are many many voltage regulators so you must wait until all voltages are at the right levels and then the CPU gets started.
04:03
And CPU will fetch the first instruction which is this instruction, E9, and this is the damp of the flash chip, so if you take out the flash chip or the BIOS chip let's say out of the computer, so this is the last 16 bytes of it, and here is the first instruction.
04:25
So if you decode this instruction, in fact it's a jump to another address, and because I'm not expecting that you can read the machine code by looking at it, so then you can go to the core boot and oh look, here is the bootblog.elf and you can run object dump on it and you
04:44
can immediately see what's going on. So my presentation will be somehow intermixed with what is going on in the machine and then where you can find it in the core boot code base so you can follow the steps. Okay, so at the beginning of our fairytale the computer starts in something which is called
05:08
a real mode. This mode is 30 years old, it's like the first IBM PC since 1980 were started in this mode, so the CPU is still compatible 30 years still because of this
05:25
binary compatibility stuff and so on, so it really starts in this real mode which is kind of derived from 8-bit computers, so we can address in one place only 64 bytes of RAM and totally one megabyte of RAM, which is not very nice because the core boot
05:45
is written in C and we want to use GCC to compile the stuff and GCC on x86 is mostly producing the 32-bit code. So what we need to do is that we need to switch to protected mode in order to be able
06:04
to execute 32-bit code. How is it done is written here, it's basically only a few instructions we need to load some descriptor table, then we toggle some bits and that's it. So it was quite fast.
06:20
OK, so in fact we have kind of very little assembly stuff in our project because most of it is written in C, so this is kind of early beginning like in the Linux kernel, when it starts there is also kind of glue assembly, so it setups the environment, so
06:42
it's kind of same, but here is our first problem. So maybe we want to set up also the stack and you know, when you start the computer you have no memory, so we need first somehow to cope with the fact that we want to run the C and we don't have any
07:03
stack. Without the stack you cannot use the local variables, you cannot use the read-write global variables because you are executing code from ROM memory where you cannot write it there, so you cannot do the instructions like push, pop, return, you cannot do anything
07:23
of this. So basically how we solve it, there are two possibilities, one is to use a special compiler which is called ROMCC, this was written like 10 years ago by Eric Biederman, it's a C compiler written in one C file, it's very ugly, very big, quite bloated,
07:44
but it has a very special thing, it uses only CPU registers instead of the RAM, so the local variables in C codes are just stored in the registers, so of course it means you have
08:00
only 128 bytes of available space, but you need to live with that. Okay, or the second possibility which is used on the modern CPUs is the cache SRAM. It's a neat trick, you can load the cache which will become valid with the garbage
08:22
data from memory, and you can use it because if you don't evict any cache lines then it is a RAM, so it's like write back cache which never reaches a RAM, so that's basically a trick how to do that. So let's see, we are now in C and happy. So first C code is executed in a file which
08:47
is called romstage.c, this file is kind of main function which gets started in the C environment. In this file there is an early initialization of the chipset, and I will
09:06
show you what's done there. I think you already read that, so we need to have access to the serial line because we want to read some debug messages and so on, so we need to set up the serial line so it works and we can do print case to our screen.
09:23
Of course we need to do the stuff to reach the serial line, so we need to set up the LPC bus and the hyper-transport bus and so on in the meanwhile. I am not expecting that you can see this because this hole is quite big, but it's an invitation to
09:41
read the code yourself. Basically here is the start, is the cache SRAM, you can see here we need the LPC bus, here we need the serial line olook, and here we can print something on screen. So we can have a look more until when I'm done with
10:01
this lecture then Carl Daniel will speak about the flash ROM, this will be about how to flash the flash chips on the motherboards, and then you can come to our stand at AW building and we can have a look there and we can talk more about this.
10:25
In this environment we still run without any RAM, so even if I put out all RAM from the board outside it will still boot and show those messages, because we are using
10:45
RAM so we don't continue anywhere. In fact it would be possible to implement some game and so on, 64 kilobytes is plenty of RAM, so you are invited to do so if you feel you can do it. So RAM in it, how does it work? First we need to get
11:05
some data from the DIMM modules. To get this data there is another bus which is called I2C, it is reachable from something which is called SMBusController, and this was the green lines around the big scheme. You need to program the chipset, it means
11:27
the north bridge or CPU if the memory controller is in the CPU, you need to send some JTAG commands to the RAM and basically you are done. So it looks quite easy, but it is not
11:41
so in fact it's a very complex task, especially for DDR, DDR2 or DDR3 RAMs. I use the slot count to just count only the code without any command lines, so for the AMD in DDR it's like 2,000 lines, DDR2 4,000, DDR3 8,000 lines, so it's a non-trivial
12:06
problem and for the DDR2 there is another problem which is called dequeous timing. You need to find a strobe signal which will assure that the right data is read from the memory and this timing is quite crucial. Also it depends on the temperature, so at
12:29
the beginning you just need to find the right place where it starts to work and the place where it doesn't work again, and then you take the half of it, so it's quite
12:40
complex and complicated. Of course it's also depending on the PCB layout and temperature and such stuff. So excuse me, no time in 50 minutes for this. So then the RAM stage is executed. So in RAM stage we copied the core boot to the second stage we ran from RAM. In this stage we have to train the PCI express link
13:03
and do all the resource enumeration on the PCI bus, like set up the IO ports and such stuff, and of course prepare also some kind of tables which are required for the operating system, and of course the ACPI and power management and so on.
13:22
So basically a lot of stuff still needs to be done after the RAM is running. OK, here is some information about the tables. So it's mostly IRQ routing tables. That means that it's depending on the board layout, you need to know which devices,
13:41
which IRQ line, and plus of course the ACPI, which is a very big specification and it contains, as I have written here, everything. So it's very general, a lot of stuff is hidden there, and of course we support it in the core boot.
14:00
And the last thing is to load something. It can be operating system, it can be some game, it can be very old legacy ROM, like ROM Basic, which I have brought here, so you can program something in very ancient language. We use CBIOS, this is a compatibility layer between core boot and operating system.
14:22
You know this from the QEMU, because when QEMU loads, you can see it. So QEMU is the layer in between which is used to load the operating system, like legacy BIOS, let's say. So that's it, many thanks,
14:41
and please visit us at our booth. I would be glad to see you there, and I can explain more stuff in detail. Tomorrow I will have some timing talk at the Embedded F Room, and now the next one is Carl Daniel, which will be speaking about how to flash the flash chips on the motherboard.
15:01
So thank you again, that's it. Oh, many thanks. Perfect timing.