Plug into BIOS to do some pre OS tasks
Plug into BIOS to do some pre OS tasks
Hi, does anyone have suggestions on how and whether it is possible to plug into an existing BIOS OR get the BIOS to launch some custom code ( that does /modifies bus enumerations , memory range etc)? This has to be done prior to the OS booting...
-
Griwes
- Member
- Posts: 374
- Joined: Sat Jul 30, 2011 10:07 am
- Libera.chat IRC: Griwes
- Location: Wrocław/Racibórz, Poland
- Contact:
Re: Plug into BIOS to do some pre OS tasks
Reaver Project :: Repository :: Ohloh project page
<klange> This is a horror story about what happens when you need a hammer and all you have is the skulls of the damned.
<drake1> as long as the lock is read and modified by atomic operations
<klange> This is a horror story about what happens when you need a hammer and all you have is the skulls of the damned.
<drake1> as long as the lock is read and modified by atomic operations
Re: Plug into BIOS to do some pre OS tasks
Bios hijacking (AKA running code before BIOS):
The Intel ICHx series South Bridge (since ICH2) supports a
“Top-Block Swap” mode that has the ICHx swap the top block in
the Firmware Hub (the Boot Block) with another location, which
allows for safe update of the Boot Block even when a power
failure occurs. When the “TOP_SWAP” Enable bit (BUC.TS) is set,
the ICHx will invert the 16th bit of address line A16 for
cycles targeting Firmware Hub space, in this way processor
accesses to 0xFFFF0000~0xFFFFFFFF will be directed to
0xFFFE0000~0xFFFEFFFF in the Firmware Hub, and vice versa, and
this bit can only be cleared by a RTCRST# (Real Time Clock
Reset Signal). Moreover ICHx also provides a BIOS Interface
Lock-Down bit (GCS.BILD) to prevent “TOP_SWAP” bit from being
altered, and a Top Swap Status bit (BIOS_CNTL.TSS) as well to
view the current status of Top Swap bit.
So,
1. Software copies the top block to the block immediately below the top.
2. Software checks that the copied block is correct. This could be done by
performing a checksum calculation.
3. Software sets the TOP_SWAP bit, enable the A16 address bit inversion.
4. Software erases the top block.
5. Software writes the new top block.
6. Software checks the new top block.
7. Software clears the TOP_SWAP bit.
8. Software sets the Top_Swap Lock-Down bit.
The Intel ICHx series South Bridge (since ICH2) supports a
“Top-Block Swap” mode that has the ICHx swap the top block in
the Firmware Hub (the Boot Block) with another location, which
allows for safe update of the Boot Block even when a power
failure occurs. When the “TOP_SWAP” Enable bit (BUC.TS) is set,
the ICHx will invert the 16th bit of address line A16 for
cycles targeting Firmware Hub space, in this way processor
accesses to 0xFFFF0000~0xFFFFFFFF will be directed to
0xFFFE0000~0xFFFEFFFF in the Firmware Hub, and vice versa, and
this bit can only be cleared by a RTCRST# (Real Time Clock
Reset Signal). Moreover ICHx also provides a BIOS Interface
Lock-Down bit (GCS.BILD) to prevent “TOP_SWAP” bit from being
altered, and a Top Swap Status bit (BIOS_CNTL.TSS) as well to
view the current status of Top Swap bit.
So,
1. Software copies the top block to the block immediately below the top.
2. Software checks that the copied block is correct. This could be done by
performing a checksum calculation.
3. Software sets the TOP_SWAP bit, enable the A16 address bit inversion.
4. Software erases the top block.
5. Software writes the new top block.
6. Software checks the new top block.
7. Software clears the TOP_SWAP bit.
8. Software sets the Top_Swap Lock-Down bit.