Hello
I am wondering how BIOSes in general work.
Here is what I can think of along with some respective questions after some searching:
Each BIOS is custom for that motherboard. Thus, it knows all of the ports, busses etc... very well.
My question is, how does the BIOS communicate with the motherboard devices? For example, in Real Mode, the BIOS is accessed via INT 10H for instance. I assume that when the CPU receives this command, it looks up the vector in the IVT and jumps to that command. Would these commands then use IN & OUT commands to communicate with each device using specific addresses for that individual motherboard?
Also, when the computer loads, is the BIOS coppied into the first MiB of RAM?
Thank you very much for your help,
Richard Hughes
Inner workings of a BIOS
- thepowersgang
- Member
- Posts: 734
- Joined: Tue Dec 25, 2007 6:03 am
- Libera.chat IRC: thePowersGang
- Location: Perth, Western Australia
- Contact:
Re: Inner workings of a BIOS
The BIOS (more generally, firmware) does IO with the hardware via the IO bus (in/out instructions) and memory-mapped hardware, much like more complex OSes do.
On older machines, the BIOS was mapped to the lower memory (the pins were wired that way), on newer ones (meaning anything with >16MiB of RAM) the BIOS is actually around 0xFFFF0000 and is copied to <1MiB so it can run in properly (and then some MTRR magic is done to prevent that area being written)
On older machines, the BIOS was mapped to the lower memory (the pins were wired that way), on newer ones (meaning anything with >16MiB of RAM) the BIOS is actually around 0xFFFF0000 and is copied to <1MiB so it can run in properly (and then some MTRR magic is done to prevent that area being written)
Kernel Development, It's the brain surgery of programming.
Acess2 OS (c) | Tifflin OS (rust) | mrustc - Rust compiler
Currently Working on: mrustc
Acess2 OS (c) | Tifflin OS (rust) | mrustc - Rust compiler
Currently Working on: mrustc
Re: Inner workings of a BIOS
The CPU communicates with peripheral devices either through memory mapped registers, such as the APIC's at 0FEC00000h or i/o ports, such as those of the 8259 at 20h and 21h.
"Also, when the computer loads, is the BIOS coppied into the first MiB of RAM"
The BIOS is copied into the 64kb block of memory beginning at 0F000:0000h.
"Also, when the computer loads, is the BIOS coppied into the first MiB of RAM"
The BIOS is copied into the 64kb block of memory beginning at 0F000:0000h.
Re: Inner workings of a BIOS
Firmware (BIOS or UEFI) do an incredibly complex job nowdays (I was first exposed to this in 1982... ).
Imagine that even RAM is NOT accessible during the first phases: the processor works in a special mode where only L3 cache is accessible.
Once the memory controllers are programmed then RAM can be accessed.
Even finding where the Flash is is not straight forward: QPI configuration allows for that to happen ("Weaving for high performance multiprocessor fabric" at Intel Press).
To answer you question and complement other replies, some devices are accessible through PCI configuration space.
You can look at "Beyond BIOS" at Intel Press.
PS: nit picking comments:
I don't know what would be the best name for "memory mapping" in the case of "devices" like Local APIC or IO/APIC. What comes to my mind is memory "intercept"/"capture" (an native english speaker may elaborate here).
In the Local APIC case, Local APIC intercepts memory transactions destined to a range whose base is programmed by MSR. By default the Local APIC responds to physical 0xFEE00000 but it may be "placed' at say "0xE0000000". Defining a mapping from linear (32 bits protected no paging) or virtual address space to such physical address is required to access the region from a program.
In the IO/APIC case, QPI agent in the system intercepts memory transactions destined to a certain programmable range and forward (I should say route) this to the relevant chipsets.
In fact this is the role of the firmware to setup this type of routing: it defines System Address Decoding rules so that an "address" is forwarded to the appropriate QPI agent (memory controller, Lapic, chipset, PCIexpress controllers with onboard memory). They have to be consistent and non overlapping between all QPI agents.
As an example, lets assume a two node Nehalem CPU with 12GB total memory, each CPU channel is populated with 2GB DIMMS.
- Addresses from 0GB to 3GB-1 and from 4GB to 7GB-1 are mapped to node 0 (in a nut shell there is a 1GB hole between 3GB and 4GB): total 6GB
- Adresses from 7GB to 13GB are targetted to node 1: total 6GB
There are additional rules (Target Address Decoding) that further tweak the "System Address" on each node so that holes are "hidden" and the 6GB are fully addressable.
So memory controller does not respond at all for the default Local APIC address range, there are no "loss" of memory because Lapic responds to addresses within the "hole". Processor PCI configuration also intercepts 256MB or so wihtin this hole.
Imagine that even RAM is NOT accessible during the first phases: the processor works in a special mode where only L3 cache is accessible.
Once the memory controllers are programmed then RAM can be accessed.
Even finding where the Flash is is not straight forward: QPI configuration allows for that to happen ("Weaving for high performance multiprocessor fabric" at Intel Press).
To answer you question and complement other replies, some devices are accessible through PCI configuration space.
You can look at "Beyond BIOS" at Intel Press.
PS: nit picking comments:
I don't know what would be the best name for "memory mapping" in the case of "devices" like Local APIC or IO/APIC. What comes to my mind is memory "intercept"/"capture" (an native english speaker may elaborate here).
In the Local APIC case, Local APIC intercepts memory transactions destined to a range whose base is programmed by MSR. By default the Local APIC responds to physical 0xFEE00000 but it may be "placed' at say "0xE0000000". Defining a mapping from linear (32 bits protected no paging) or virtual address space to such physical address is required to access the region from a program.
In the IO/APIC case, QPI agent in the system intercepts memory transactions destined to a certain programmable range and forward (I should say route) this to the relevant chipsets.
In fact this is the role of the firmware to setup this type of routing: it defines System Address Decoding rules so that an "address" is forwarded to the appropriate QPI agent (memory controller, Lapic, chipset, PCIexpress controllers with onboard memory). They have to be consistent and non overlapping between all QPI agents.
As an example, lets assume a two node Nehalem CPU with 12GB total memory, each CPU channel is populated with 2GB DIMMS.
- Addresses from 0GB to 3GB-1 and from 4GB to 7GB-1 are mapped to node 0 (in a nut shell there is a 1GB hole between 3GB and 4GB): total 6GB
- Adresses from 7GB to 13GB are targetted to node 1: total 6GB
There are additional rules (Target Address Decoding) that further tweak the "System Address" on each node so that holes are "hidden" and the 6GB are fully addressable.
So memory controller does not respond at all for the default Local APIC address range, there are no "loss" of memory because Lapic responds to addresses within the "hole". Processor PCI configuration also intercepts 256MB or so wihtin this hole.