qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] PC BIOS Flash emulation


From: Dmitry Zamaruev
Subject: [Qemu-devel] PC BIOS Flash emulation
Date: Wed, 7 Mar 2012 15:59:09 +0200

Hi,

I'm trying to emulate BIOS Flash chip (something Intel FWH compatible)
on PC target (i386-softmmu) and to verify possibility of such
emulation I first tried to use pflash_cfi02 example from PPC platform.

Trying to use if following way:
in hw/pc.c in pc_memory_init() after bios.bin is loaded and mapped to ISA space:

    cpu_register_physical_memory(0x100000 - isa_bios_size,
                                 isa_bios_size,
                                 (bios_offset + bios_size -
isa_bios_size) | IO_MEM_ROM);

    option_rom_offset = qemu_ram_alloc(NULL, "pc.rom", PC_ROM_SIZE);
    cpu_register_physical_memory(PC_ROM_MIN_VGA, PC_ROM_SIZE,
option_rom_offset);

    /* map all the bios at the top of memory */
//    cpu_register_physical_memory((uint32_t)(-bios_size),
//                                 bios_size, bios_offset | IO_MEM_ROM);

Instead of mapping all the bios at the top of memory I'm using
following piece of code to init pflash device and load bios into it:

    dinfo = drive_get(IF_PFLASH, 0, 0);
    if (dinfo) {
        bios_size = bdrv_getlength(dinfo->bdrv);
        bios_offset = qemu_ram_alloc(NULL, "fwh.bios", bios_size);
        fl_sectors = (bios_size + 65535) >> 16;
        printf("Register parallel flash %d size %lx"
               " at offset %08lx addr %lx '%s' %d\n",
               0, bios_size, bios_offset, -bios_size,
               bdrv_get_device_name(dinfo->bdrv), fl_sectors);
        pflash_cfi02_register((uint32_t)(-bios_size), bios_offset,
                              dinfo->bdrv, 65536, fl_sectors, 1,
                              2, 0x0020, 0x002E, 0x0000, 0x0000, 0x555, 0x2AA,
                              0);
    }

On QEMU command line I'm passing -pflash flash.bin, where flash.bin is
2Mb in size with last 128Kb corresponding to bios.bin - thus
replicating original bios top memory mapping.

The problem is, that with pflash code, mapping to ISA space is lost!
So when execution starts at address 0xFFFFFFF0 it correctly jumps to
"ISA space" and there are only zeros. Here is example from qemu.log:
0xfffffff0:  ljmp   $0xf000,$0xe05b
0x000fe05b:  add    %al,(%bx,%si)    <--- This essentially decoded zero
0x000fe05d:  add    %al,(%bx,%si)
0x000fe05f:  add    %al,(%bx,%si)

Without pflash code, there is data in "ISA space" and in top of
memory. Output from monitor (started with -nographic -S):
QEMU 0.14.50 monitor - type 'help' for more information
(qemu) x /16h 0xF0000
000f0000: 0x8b09 0x0119 0x01c3 0x8313 0x04c1 0xf981 0x4128 0x000e
000f0010: 0xef72 0xd689 0xdef7 0x28b9 0x0e41 0xeb00 0x8b09 0x0119
(qemu) x /16h 0xFFFF0000
ffff0000: 0x8b09 0x0119 0x01c3 0x8313 0x04c1 0xf981 0x4128 0x000e
ffff0010: 0xef72 0xd689 0xdef7 0x28b9 0x0e41 0xeb00 0x8b09 0x0119
(qemu) QEMU: Terminated

But if I add pflash initialization (started with -nographic -S -pflash
flash.bin), ISA space contains only zeros, while top of memory still
valid:
QEMU 0.14.50 monitor - type 'help' for more information
(qemu) x /16h 0xF0000
000f0000: 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000
000f0010: 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000
(qemu) x /16h 0xFFFF0000
ffff0000: 0x8b09 0x0119 0x01c3 0x8313 0x04c1 0xf981 0x4128 0x000e
ffff0010: 0xef72 0xd689 0xdef7 0x28b9 0x0e41 0xeb00 0x8b09 0x0119
(qemu) QEMU: Terminated


May be some one already experimented with BIOS flash emulation, or
could show me what I'm doing wrong?


wbr,
Dmitry.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]