OSDev.org

Hi all. I would like to know if there are some manuals for BIOSes (generaly) or some open source BIOSes to study. I used google and I didn't find anything usable (for example I found FreeBIOS -> turned to linuxBIOS -> turned to CoreBoot and coreboot does not offer me what I look for). My questions are related to:

• Setting up floppy, HDD and so on
• Managing VGA video modes
• Setting up environment for OS (for example interrupt vector table)
• Loading and running bootloader

Does anybody know about some manual or code which describes these things?

If you just want to look at a BIOS, the coreboot.org project uses SeaBIOS. It's also used by qemu and some other projects, so you can run SeaBIOS in a VM and tinker with it.

Happy hacking!

Hi,

HugeCode wrote:I would like to know if there are some manuals for BIOSes (generaly) or some open source BIOSes to study.

When IBM first created the BIOS they also created a reference guide for it (which is extremely hard to find now and is mostly obsolete). Since then there's been a large number of extensions that are documented separately. This means there isn't a single authoritative reference - just a collection of many different pieces scattered everywhere.

There are (at least) 2 open source BIOSs - SeaBIOS and Bochs BIOS. These aren't true BIOSs though - they're designed for emulators and use this fact to cut corners (e.g. they don't do memory controller configuration or chipset configuration properly because the emulator does it itself, they assume various things about CMOS values because it's "safe" to do that for emulators, etc).

HugeCode wrote:My questions are related to:

• Setting up floppy, HDD and so on

Just use Ralph Brown's Interrupt list for this.

HugeCode wrote:

• Managing VGA video modes

This is the VGA ROM and not the firmware/BIOS. In any case, use Ralph Brown's Interrupt list for VGA and the VBE specification for non-VGA.

HugeCode wrote:

• Setting up environment for OS (for example interrupt vector table)

The BIOS has nothing to do with anything that happens after you've taken control of the hardware. Best to see Intel's manuals for things like IDT, etc.

HugeCode wrote:

• Loading and running bootloader

You should be able to find plenty of examples, tutorials, etc for this.


Cheers,

Brendan

Thank you, Brendan. Last two points were related to BIOS, so how does BIOS set up the IVT with all the interrupts and how does it handle exceptions. And the last thing was thought as "how does BIOS set up the bootloader environment".

SeaBIOS is exactly the thing I was looking for, thank you all.

Yep. the original IBM PC was supplied with a manual that contained a complete assembler listing of the BIOS. How things have changed.

iansjack wrote:Yep. the original IBM PC was supplied with a manual that contained a complete assembler listing of the BIOS. How things have changed.

You probably wouldn't want to know the nasty hacks hardware manufacturers are using these days.

Hi,

HugeCode wrote:Thank you, Brendan. Last two points were related to BIOS, so how does BIOS set up the IVT with all the interrupts and how does it handle exceptions.

To setup the IVT, BIOS would typically create a default IVT (e.g. by copying it from somewhere in ROM into RAM at 0x00000000), where certain interrupts that aren't handled by the BIOS (e.g. "int 0x10") are just sent to a dummy interrupt handler (e.g. something that only sets the carry flag and returns without doing anything). After this BIOS starts device ROMs, which may overwrite whatever IVT entries they like (e.g. video card's ROM overwrites the BIOS' "int 0x10" with its own, SCSI controller overwrites the BIOS' "int 0x13" with its own, etc).

For exceptions, most BIOSs simply assume they never happen. For example, if your code generates a general protection fault (int 0x0D) most BIOSs will just assume it's an "IRQ 5" and send an EOI to the PIC chip and return; which creates an endless loop (the BIOS returns to the instruction that caused the exception, which causes the same exception again). Note: Some people make the mistake of thinking that exceptions can't happen in real mode. They're wrong. For a simple example, "mov word [0xFFFF],0x1234" will cause a general protection fault (due to 64 KiB segment limit exceeded). In the same way, "mov word [esi+eax*2],0x1234 (with a 32-bit address override prefix) is perfectly legal in real mode but may or may not cause a general protection fault.[/i]

HugeCode wrote:And the last thing was thought as "how does BIOS set up the bootloader environment".

One CPU running in real mode and the rest waiting to be started, the physical address space setup like this, some devices configured in their legacy modes (PIC, PIT, hard disk controller, etc), some devices ignored (e.g. sound cards) or set to a disabled state (e.g. IO APICs), some devices configured to emulate legacy hardware (HPET, USB, etc).


Cheers,

Brendan

Thank you for the explanation, it's now clear for me.
BTW I have one more question. I'm using VMWare player and GDB for debugging and I tried to find out how does BIOS initialization work.
BIOS code starts at 0xFFFFFFF0 (=EIP, CS=0xF000 - ignored in calculation?). There's near jump (jmp rel16) which jumps to 0xE6F9, and resulting position is 0xFFFFE6F9 (CS ignored again?). Code continues in 0xFFFFxxxx until (0xFFFFE715) ljmp is executed, which jumps to 0xFE71F (instruction directly after jump, but without 0xFFFF).
Why in one moment there is 0xFFFF on the start, and then it's not. I disassembled instructions on addresses with 0xFFFF and without => they're same.
What is it? BIOS mapped to two locations? And why is one jumping to another?

HugeCode wrote:BTW I have one more question. I'm using VMWare player and GDB for debugging and I tried to find out how does BIOS initialization work.
BIOS code starts at 0xFFFFFFF0 (=EIP, CS=0xF000 - ignored in calculation?). There's near jump (jmp rel16) which jumps to 0xE6F9, and resulting position is 0xFFFFE6F9 (CS ignored again?). Code continues in 0xFFFFxxxx until (0xFFFFE715) ljmp is executed, which jumps to 0xFE71F (instruction directly after jump, but without 0xFFFF).
Why in one moment there is 0xFFFF on the start, and then it's not. I disassembled instructions on addresses with 0xFFFF and without => they're same.
What is it? BIOS mapped to two locations? And why is one jumping to another?

On real hardware BIOS would start at 0x000FFFF0 and jump to a lower address within the motherboard BIOS ROM area.
On your emulator 'VMWare player' it starts at the 0xFFFFFFF0. It is impossible for real hardware to do this because it is outside the first megabyte, therefore not accessible in real mode. However emulators don't have to play by the rules and is probably performing some kind of early startup (maybe emulator-specific) tasks away from the memory area your operating system is going to use.
After that it must run from the motherboard BIOS ROM area so it seems like real hardware.

Since the IVT only supports 20-bit addresses, only the lower copy at 0x000F0000 would be utilized when running an operating system.

HugeCode wrote:BIOS code starts at 0xFFFFFFF0 (=EIP, CS=0xF000 - ignored in calculation?). There's near jump (jmp rel16) which jumps to 0xE6F9, and resulting position is 0xFFFFE6F9 (CS ignored again?).

The values in the segment registers are never used except when loading and saving them. The base address used in calculations is loaded simultaneously with loading the corresponding segment register. A near jump does not change CS and therefore does not change the base address for the code segment, so it is still 0xFFFF0000.

Why in one moment there is 0xFFFF on the start, and then it's not. I disassembled instructions on addresses with 0xFFFF and without => they're same.
What is it? BIOS mapped to two locations? And why is one jumping to another?

The BIOS is copied or mapped to 0xF0000 to make it accessible with the real mode segment 0xF000. In this case, it is just copied directly from 0xFFFF0000, but it doesn't have to be. A BIOS often consists of multiple compressed parts, where one of them is decompressed to 0xF0000 and others might contains the menu, etc.

ProChamber wrote:On real hardware BIOS would start at 0x000FFFF0 and jump to a lower address within the motherboard BIOS ROM area.
On your emulator 'VMWare player' it starts at the 0xFFFFFFF0. It is impossible for real hardware to do this because it is outside the first megabyte, therefore not accessible in real mode. However emulators don't have to play by the rules and is probably performing some kind of early startup (maybe emulator-specific) tasks away from the memory area your operating system is going to use.

What? Where do you get all this from? Please read the manual again carefully. VMWare Player is functioning just like it should.

Gigasoft wrote:

Prochamber wrote:On real hardware BIOS would start at 0x000FFFF0 and jump to a lower address within the motherboard BIOS ROM area.
On your emulator 'VMWare player' it starts at the 0xFFFFFFF0. It is impossible for real hardware to do this because it is outside the first megabyte, therefore not accessible in real mode. However emulators don't have to play by the rules and is probably performing some kind of early startup (maybe emulator-specific) tasks away from the memory area your operating system is going to use.

What? Where do you get all this from? Please read the manual again carefully. VMWare Player is functioning just like it should.

I meant that it would be important to note that this wouldn't happen on real hardware, since the OP is studying BIOS.

I know what you meant, I am just saying that you made it up and that it doesn't correspond to fact.

I have been writing a PC emulator in JavaScript and HTML5 for the sake of understanding every single concept of an 8086 PC as a minimum (e.g., every single functionality to implement VGA text and graphics modes, truly emulating them with accuracy), and exactly how the algorithms for the CPU and FPU instructions work, as well as how to perform the same actions a PIT, PIC, PS/2 controller/keyboard/mouse, DMA, floppy, hard disk and BIOS.

For the BIOS, I bought 3 books from Amazon. These books don't talk only about the INT services of the BIOS, but about every single step to perform the different actions of a BIOS:

System BIOS for IBM PCs, Compatibles, and EISA Computers (2nd Edition)

ABIOS for IBM(R) PS/2(R) Computers and Compatibles: The Complete Guide to ROM-Based System Software for OS/2(R)

CBIOS for IBM(R) PS/2(R) Computers and Compatibles: The Complete Guide to ROM-based System Software for DOS

I also bought the book about FreeDOS, to have some reliable code and concepts to work as I progressed with implementing the CPU instructions, and the BIOS, as per the concern of this thread:

FreeDOS Kernel: An MS-DOS Emulator for Platform Independence & Embedded System Development

Then, the Ralf Brown's interrupt reference.

I also have looked for BIOS source code (use a search engine to dig around).

Finally, a reference with the original instructions and some BIOS and general motherboard information about the 8086/8088 will be nice. The one I used is IBM PC-XT Technical Reference Manual.

Then it is just about keep digging here and there (looking up for "BIOS" and related keywords), and understand things over time. I don't know how much you want to learn about the BIOS, but at least for me, in the need to understand 100% standard machines, the easiest way to do that is slowly implementing a PC emulator, which includes the BIOS and the video BIOS of course.

So I will use all of the above, I will try to implement functionality over time, and if I can understand it, I will use the references others have given (SeaBIOS, Bochs BIOS, CoreBoot, FreeBIOS).

And don't forget to search until you find BIOS source code, be it for AT or whatever. Something like this:

http://www.intel-assembler.it/portale/5/ibm-at-286-souce-code/ibm-at-286-souce-code.asp

If you can, look for more material somewhere.


__________________________________________

Prochamber wrote:

Gigasoft wrote:

Prochamber wrote:On real hardware BIOS would start at 0x000FFFF0 and jump to a lower address within the motherboard BIOS ROM area.
On your emulator 'VMWare player' it starts at the 0xFFFFFFF0. It is impossible for real hardware to do this because it is outside the first megabyte, therefore not accessible in real mode. However emulators don't have to play by the rules and is probably performing some kind of early startup (maybe emulator-specific) tasks away from the memory area your operating system is going to use.

What? Where do you get all this from? Please read the manual again carefully. VMWare Player is functioning just like it should.

I meant that it would be important to note that this wouldn't happen on real hardware, since the OP is studying BIOS.

I have read about that first jump in manuals for 386 CPUs and above (that there are some 15 bytes to perform that jump to the BIOS code entry point; so if you think about how to do that in an emulator, some circuitry would need to place a correct jump instruction at that address). Once you jump to a lower memory area, you cannot set EIP to a value greater than 0xFFFF unless you enter Protected Mode. Isn't that so? Of course, that is only of interest to very early startup code from the motherboard. An OS developer would never be concerned with that. By the time an OS is booting, things like the above would already be irrelevant.

To study about how the PC starts and some of the BIOS, but specially for an emulator, understanding that has some importance, since it has to do with the right way to emulate the startup of a CPU core.

Prochamber wrote:

iansjack wrote:Yep. the original IBM PC was supplied with a manual that contained a complete assembler listing of the BIOS. How things have changed.

You probably wouldn't want to know the nasty hacks hardware manufacturers are using these days.

I would, and would also like to see PCs made standard again, because they are no longer a standarized platform in practice, due to too many different peripherals/drivers for the same tasks.

HugeCode wrote:Hi all. I would like to know if there are some manuals for BIOSes (generaly) or some open source BIOSes to study. I used google and I didn't find anything usable (for example I found FreeBIOS -> turned to linuxBIOS -> turned to CoreBoot and coreboot does not offer me what I look for). My questions are related to:

• Setting up floppy, HDD and so on
• Managing VGA video modes
• Setting up environment for OS (for example interrupt vector table)
• Loading and running bootloader

Does anybody know about some manual or code which describes these things?

boot?just put your boot code into the DEVICE first sector .And about how to write the code is to learn the "ASSEMBLY LANGUAGE"