2 * setup.S Copyright (C) 1991, 1992 Linus Torvalds
4 * setup.s is responsible for getting the system data from the BIOS,
5 * and putting them into the appropriate places in system memory.
6 * both setup.s and system has been loaded by the bootblock.
8 * This code asks the bios for memory/disk/other parameters, and
9 * puts them in a "safe" place: 0x90000-0x901FF, ie where the
10 * boot-block used to be. It is then up to the protected mode
11 * system to read them from there before the area is overwritten
14 * Move PS/2 aux init code to psaux.c
15 * (troyer@saifr00.cfsat.Honeywell.COM) 03Oct92
17 * some changes and additional features by Christoph Niemann,
18 * March 1993/June 1994 (Christoph.Niemann@linux.org)
20 * add APM BIOS checking by Stephen Rothwell, May 1994
21 * (sfr@canb.auug.org.au)
23 * High load stuff, initrd support and position independency
24 * by Hans Lermen & Werner Almesberger, February 1996
25 * <lermen@elserv.ffm.fgan.de>, <almesber@lrc.epfl.ch>
27 * Video handling moved to video.S by Martin Mares, March 1996
28 * <mj@k332.feld.cvut.cz>
30 * Extended memory detection scheme retwiddled by orc@pell.chi.il.us (david
31 * parsons) to avoid loadlin confusion, July 1997
33 * Transcribed from Intel (as86) -> AT&T (gas) by Chris Noe, May 1999.
34 * <stiker@northlink.com>
36 * Fix to work around buggy BIOSes which dont use carry bit correctly
37 * and/or report extended memory in CX/DX for e801h memory size detection
38 * call. As a result the kernel got wrong figures. The int15/e801h docs
39 * from Ralf Brown interrupt list seem to indicate AX/BX should be used
40 * anyway. So to avoid breaking many machines (presumably there was a reason
41 * to orginally use CX/DX instead of AX/BX), we do a kludge to see
42 * if CX/DX have been changed in the e801 call and if so use AX/BX .
43 * Michael Miller, April 2001 <michaelm@mjmm.org>
45 * Added long mode checking and SSE force. March 2003, Andi Kleen.
48 #include <linux/config.h>
49 #include <asm/segment.h>
50 #include <linux/version.h>
51 #include <linux/compile.h>
56 /* Signature words to ensure LILO loaded us right */
60 INITSEG = DEF_INITSEG # 0x9000, we move boot here, out of the way
61 SYSSEG = DEF_SYSSEG # 0x1000, system loaded at 0x10000 (65536).
62 SETUPSEG = DEF_SETUPSEG # 0x9020, this is the current segment
63 # ... and the former contents of CS
65 DELTA_INITSEG = SETUPSEG - INITSEG # 0x0020
68 .globl begtext, begdata, begbss, endtext, enddata, endbss
81 # This is the setup header, and it must start at %cs:2 (old 0x9020:2)
83 .ascii "HdrS" # header signature
84 .word 0x0203 # header version number (>= 0x0105)
85 # or else old loadlin-1.5 will fail)
86 realmode_swtch: .word 0, 0 # default_switch, SETUPSEG
87 start_sys_seg: .word SYSSEG
88 .word kernel_version # pointing to kernel version string
89 # above section of header is compatible
90 # with loadlin-1.5 (header v1.5). Don't
93 type_of_loader: .byte 0 # = 0, old one (LILO, Loadlin,
94 # Bootlin, SYSLX, bootsect...)
95 # See Documentation/i386/boot.txt for
98 # flags, unused bits must be zero (RFU) bit within loadflags
100 LOADED_HIGH = 1 # If set, the kernel is loaded high
101 CAN_USE_HEAP = 0x80 # If set, the loader also has set
102 # heap_end_ptr to tell how much
103 # space behind setup.S can be used for
105 # Only the loader knows what is free
106 #ifndef __BIG_KERNEL__
112 setup_move_size: .word 0x8000 # size to move, when setup is not
113 # loaded at 0x90000. We will move setup
114 # to 0x90000 then just before jumping
115 # into the kernel. However, only the
116 # loader knows how much data behind
117 # us also needs to be loaded.
119 code32_start: # here loaders can put a different
120 # start address for 32-bit code.
121 #ifndef __BIG_KERNEL__
122 .long 0x1000 # 0x1000 = default for zImage
124 .long 0x100000 # 0x100000 = default for big kernel
127 ramdisk_image: .long 0 # address of loaded ramdisk image
128 # Here the loader puts the 32-bit
129 # address where it loaded the image.
130 # This only will be read by the kernel.
132 ramdisk_size: .long 0 # its size in bytes
137 heap_end_ptr: .word modelist+1024 # (Header version 0x0201 or later)
138 # space from here (exclusive) down to
139 # end of setup code can be used by setup
140 # for local heap purposes.
143 cmd_line_ptr: .long 0 # (Header version 0x0202 or later)
144 # If nonzero, a 32-bit pointer
145 # to the kernel command line.
146 # The command line should be
147 # located between the start of
148 # setup and the end of low
149 # memory (0xa0000), or it may
150 # get overwritten before it
151 # gets read. If this field is
152 # used, there is no longer
153 # anything magical about the
154 # 0x90000 segment; the setup
155 # can be located anywhere in
156 # low memory 0x10000 or higher.
158 ramdisk_max: .long 0xffffffff
160 trampoline: call start_of_setup
162 # End of setup header #####################################################
165 # Bootlin depends on this being done early
170 #ifdef SAFE_RESET_DISK_CONTROLLER
171 # Reset the disk controller.
177 # Set %ds = %cs, we know that SETUPSEG = %cs at this point
178 movw %cs, %ax # aka SETUPSEG
180 # Check signature at end of setup
181 cmpw $SIG1, setup_sig1
184 cmpw $SIG2, setup_sig2
189 # Routine to print asciiz string at ds:si
201 prtsp2: call prtspc # Print double space
202 prtspc: movb $0x20, %al # Print single space (note: fall-thru)
215 beep: movb $0x07, %al
218 no_sig_mess: .string "No setup signature found ..."
223 # We now have to find the rest of the setup code/data
225 movw %cs, %ax # SETUPSEG
226 subw $DELTA_INITSEG, %ax # INITSEG
229 movb (497), %bl # get setup sect from bootsect
230 subw $4, %bx # LILO loads 4 sectors of setup
231 shlw $8, %bx # convert to words (1sect=2^8 words)
233 shrw $3, %bx # convert to segment
235 movw %bx, %cs:start_sys_seg
236 # Move rest of setup code/data to here
237 movw $2048, %di # four sectors loaded by LILO
239 movw %cs, %ax # aka SETUPSEG
245 movw %cs, %ax # aka SETUPSEG
247 cmpw $SIG1, setup_sig1
250 cmpw $SIG2, setup_sig2
263 movw %cs, %ax # aka SETUPSEG
264 subw $DELTA_INITSEG, %ax # aka INITSEG
266 # Check if an old loader tries to load a big-kernel
267 testb $LOADED_HIGH, %cs:loadflags # Do we have a big kernel?
268 jz loader_ok # No, no danger for old loaders.
270 cmpb $0, %cs:type_of_loader # Do we have a loader that
272 jnz loader_ok # Yes, continue.
274 pushw %cs # No, we have an old loader,
276 lea loader_panic_mess, %si
281 loader_panic_mess: .string "Wrong loader, giving up..."
284 /* check for long mode. */
285 /* we have to do this before the VESA setup, otherwise the user
286 can't see the error message. */
292 /* minimum CPUID flags for x86-64 */
293 /* see http://www.x86-64.org/lists/discuss/msg02971.html */
294 #define SSE_MASK ((1<<25)|(1<<26))
295 #define REQUIRED_MASK1 ((1<<0)|(1<<3)|(1<<4)|(1<<5)|(1<<6)|(1<<8)|\
296 (1<<13)|(1<<15)|(1<<24))
297 #define REQUIRED_MASK2 (1<<29)
299 pushfl /* standard way to check for cpuid */
308 jz no_longmode /* cpu has no cpuid */
312 jb no_longmode /* no cpuid 1 */
314 cmpl $0x68747541,%ebx /* AuthenticAMD */
316 cmpl $0x69746e65,%edx
318 cmpl $0x444d4163,%ecx
320 mov $1,%di /* cpu is from AMD */
324 andl $REQUIRED_MASK1,%edx
325 xorl $REQUIRED_MASK1,%edx
327 movl $0x80000000,%eax
329 cmpl $0x80000001,%eax
330 jb no_longmode /* no extended cpuid */
331 movl $0x80000001,%eax
333 andl $REQUIRED_MASK2,%edx
334 xorl $REQUIRED_MASK2,%edx
343 jz no_longmode /* only try to force SSE on AMD */
344 movl $0xc0010015,%ecx /* HWCR */
346 btr $15,%eax /* enable SSE */
348 xor %di,%di /* don't loop */
349 jmp sse_test /* try again */
352 lea long_mode_panic,%si
357 .string "Your CPU does not support long mode. Use a 32bit distribution."
363 # tell BIOS we want to go to long mode
364 movl $0xec00,%eax # declare target operating mode
365 movl $2,%ebx # long mode
368 # Get memory size (extended mem, kB)
372 #ifndef STANDARD_MEMORY_BIOS_CALL
374 # Try three different memory detection schemes. First, try
375 # e820h, which lets us assemble a memory map, then try e801h,
376 # which returns a 32-bit memory size, and finally 88h, which
380 # the memory map from hell. e820h returns memory classified into
381 # a whole bunch of different types, and allows memory holes and
382 # everything. We scan through this memory map and build a list
383 # of the first 32 memory areas, which we return at [E820MAP].
384 # This is documented at http://www.teleport.com/~acpi/acpihtml/topic245.htm
386 #define SMAP 0x534d4150
389 xorl %ebx, %ebx # continuation counter
390 movw $E820MAP, %di # point into the whitelist
391 # so we can have the bios
392 # directly write into it.
395 movl $0x0000e820, %eax # e820, upper word zeroed
396 movl $SMAP, %edx # ascii 'SMAP'
397 movl $20, %ecx # size of the e820rec
398 pushw %ds # data record.
400 int $0x15 # make the call
401 jc bail820 # fall to e801 if it fails
403 cmpl $SMAP, %eax # check the return is `SMAP'
404 jne bail820 # fall to e801 if it fails
406 # cmpl $1, 16(%di) # is this usable memory?
409 # If this is usable memory, we save it by simply advancing %di by
413 movb (E820NR), %al # up to 32 entries
422 cmpl $0, %ebx # check to see if
423 jne jmpe820 # %ebx is set to EOF
428 # memory size is in 1k chunksizes, to avoid confusing loadlin.
429 # we store the 0xe801 memory size in a completely different place,
430 # because it will most likely be longer than 16 bits.
431 # (use 1e0 because that's what Larry Augustine uses in his
432 # alternative new memory detection scheme, and it's sensible
433 # to write everything into the same place.)
436 stc # fix to work around buggy
437 xorw %cx,%cx # BIOSes which dont clear/set
438 xorw %dx,%dx # carry on pass/error of
439 # e801h memory size call
440 # or merely pass cx,dx though
441 # without changing them.
446 cmpw $0x0, %cx # Kludge to handle BIOSes
447 jne e801usecxdx # which report their extended
448 cmpw $0x0, %dx # memory in AX/BX rather than
449 jne e801usecxdx # CX/DX. The spec I have read
450 movw %ax, %cx # seems to indicate AX/BX
451 movw %bx, %dx # are more reasonable anyway...
454 andl $0xffff, %edx # clear sign extend
455 shll $6, %edx # and go from 64k to 1k chunks
456 movl %edx, (0x1e0) # store extended memory size
457 andl $0xffff, %ecx # clear sign extend
458 addl %ecx, (0x1e0) # and add lower memory into
461 # Ye Olde Traditional Methode. Returns the memory size (up to 16mb or
462 # 64mb, depending on the bios) in ax.
470 # Set the keyboard repeat rate to the max
475 # Check for video adapter and its parameters and allow the
476 # user to browse video modes.
477 call video # NOTE: we need %ds pointing
484 movw %cs, %ax # aka SETUPSEG
485 subw $DELTA_INITSEG, %ax # aka INITSEG
503 # Check that there IS a hd1 :-)
513 movw %cs, %ax # aka SETUPSEG
514 subw $DELTA_INITSEG, %ax # aka INITSEG
524 # Check for PS/2 pointing device
525 movw %cs, %ax # aka SETUPSEG
526 subw $DELTA_INITSEG, %ax # aka INITSEG
528 movw $0, (0x1ff) # default is no pointing device
529 int $0x11 # int 0x11: equipment list
530 testb $0x04, %al # check if mouse installed
533 movw $0xAA, (0x1ff) # device present
536 #include "../../i386/boot/edd.S"
538 # Now we want to move to protected mode ...
539 cmpw $0, %cs:realmode_swtch
542 lcall *%cs:realmode_swtch
551 # we get the code32 start address and modify the below 'jmpi'
552 # (loader may have changed it)
553 movl %cs:code32_start, %eax
554 movl %eax, %cs:code32
556 # Now we move the system to its rightful place ... but we check if we have a
557 # big-kernel. In that case we *must* not move it ...
558 testb $LOADED_HIGH, %cs:loadflags
559 jz do_move0 # .. then we have a normal low
561 # .. or else we have a high
563 jmp end_move # ... and we skip moving
566 movw $0x100, %ax # start of destination segment
567 movw %cs, %bp # aka SETUPSEG
568 subw $DELTA_INITSEG, %bp # aka INITSEG
569 movw %cs:start_sys_seg, %bx # start of source segment
572 movw %ax, %es # destination segment
573 incb %ah # instead of add ax,#0x100
574 movw %bx, %ds # source segment
581 cmpw %bp, %bx # assume start_sys_seg > 0x200,
582 # so we will perhaps read one
583 # page more than needed, but
584 # never overwrite INITSEG
585 # because destination is a
586 # minimum one page below source
590 # then we load the segment descriptors
591 movw %cs, %ax # aka SETUPSEG
594 # Check whether we need to be downward compatible with version <=201
595 cmpl $0, cmd_line_ptr
596 jne end_move_self # loader uses version >=202 features
597 cmpb $0x20, type_of_loader
598 je end_move_self # bootsect loader, we know of it
600 # Boot loader doesnt support boot protocol version 2.02.
601 # If we have our code not at 0x90000, we need to move it there now.
602 # We also then need to move the params behind it (commandline)
603 # Because we would overwrite the code on the current IP, we move
604 # it in two steps, jumping high after the first one.
609 cli # make sure we really have
610 # interrupts disabled !
611 # because after this the stack
613 subw $DELTA_INITSEG, %ax # aka INITSEG
619 subw %ax, %dx # this will go into %ss after
623 movw $INITSEG, %ax # real INITSEG
625 movw %cs:setup_move_size, %cx
626 std # we have to move up, so we use
627 # direction down because the
632 subw $move_self_here+0x200, %cx
635 ljmp $SETUPSEG, $move_self_here
638 movw $move_self_here+0x200, %cx
644 end_move_self: # now we are at the right place
645 lidt idt_48 # load idt with 0,0
646 xorl %eax, %eax # Compute gdt_base
647 movw %ds, %ax # (Convert %ds:gdt to a linear ptr)
650 movl %eax, (gdt_48+2)
651 lgdt gdt_48 # load gdt with whatever is
654 # that was painless, now we enable a20
657 movb $0xD1, %al # command write
661 movb $0xDF, %al # A20 on
666 # You must preserve the other bits here. Otherwise embarrasing things
667 # like laptops powering off on boot happen. Corrected version by Kira
668 # Brown from Linux 2.2
671 orb $02, %al # "fast A20" version
672 outb %al, $0x92 # some chips have only this
674 # wait until a20 really *is* enabled; it can take a fair amount of
675 # time on certain systems; Toshiba Tecras are known to have this
676 # problem. The memory location used here (0x200) is the int 0x80
677 # vector, which should be safe to use.
679 xorw %ax, %ax # segment 0x0000
681 decw %ax # segment 0xffff (HMA)
684 incw %ax # unused memory location <0xfff0
685 movw %ax, %fs:(0x200) # we use the "int 0x80" vector
686 cmpw %gs:(0x210), %ax # and its corresponding HMA addr
687 je a20_wait # loop until no longer aliased
689 # make sure any possible coprocessor is properly reset..
697 # well, that went ok, I hope. Now we mask all interrupts - the rest
698 # is done in init_IRQ().
699 movb $0xFF, %al # mask all interrupts for now
703 movb $0xFB, %al # mask all irq's but irq2 which
704 outb %al, $0x21 # is cascaded
706 # Well, that certainly wasn't fun :-(. Hopefully it works, and we don't
707 # need no steenking BIOS anyway (except for the initial loading :-).
708 # The BIOS-routine wants lots of unnecessary data, and it's less
709 # "interesting" anyway. This is how REAL programmers do it.
711 # Well, now's the time to actually move into protected mode. To make
712 # things as simple as possible, we do no register set-up or anything,
713 # we let the gnu-compiled 32-bit programs do that. We just jump to
714 # absolute address 0x1000 (or the loader supplied one),
715 # in 32-bit protected mode.
717 # Note that the short jump isn't strictly needed, although there are
718 # reasons why it might be a good idea. It won't hurt in any case.
719 movw $1, %ax # protected mode (PE) bit
720 lmsw %ax # This is it!
724 xorw %bx, %bx # Flag to indicate a boot
725 xorl %esi, %esi # Pointer to real-mode code
727 subw $DELTA_INITSEG, %si
728 shll $4, %esi # Convert to 32-bit pointer
729 # NOTE: For high loaded big kernels we need a
730 # jmpi 0x100000,__KERNEL_CS
732 # but we yet haven't reloaded the CS register, so the default size
733 # of the target offset still is 16 bit.
734 # However, using an operant prefix (0x66), the CPU will properly
735 # take our 48 bit far pointer. (INTeL 80386 Programmer's Reference
736 # Manual, Mixing 16-bit and 32-bit code, page 16-6)
738 .byte 0x66, 0xea # prefix + jmpi-opcode
739 code32: .long 0x1000 # will be set to 0x100000
743 # Here's a bunch of information about your current kernel..
744 kernel_version: .ascii UTS_RELEASE
746 .ascii LINUX_COMPILE_BY
748 .ascii LINUX_COMPILE_HOST
753 # This is the default real mode switch routine.
754 # to be called just before protected mode transition
756 cli # no interrupts allowed !
757 movb $0x80, %al # disable NMI for bootup
763 # This routine checks that the keyboard command queue is empty
764 # (after emptying the output buffers)
766 # Some machines have delusions that the keyboard buffer is always full
767 # with no keyboard attached...
769 # If there is no keyboard controller, we will usually get 0xff
770 # to all the reads. With each IO taking a microsecond and
771 # a timeout of 100,000 iterations, this can take about half a
772 # second ("delay" == outb to port 0x80). That should be ok,
773 # and should also be plenty of time for a real keyboard controller
783 jz empty_8042_end_loop
787 inb $0x64, %al # 8042 status port
788 testb $1, %al # output buffer?
792 inb $0x60, %al # read it
796 testb $2, %al # is input buffer full?
797 jnz empty_8042_loop # yes - loop
802 # Read the cmos clock. Return the seconds in al
807 movb %dh, %al # %dh contains the seconds
816 # Delay is needed after doing I/O
823 .word 0, 0, 0, 0 # dummy
825 .word 0, 0, 0, 0 # unused
827 .word 0xFFFF # 4Gb - (0x100000*0x1000 = 4Gb)
828 .word 0 # base address = 0
829 .word 0x9A00 # code read/exec
830 .word 0x00CF # granularity = 4096, 386
831 # (+5th nibble of limit)
833 .word 0xFFFF # 4Gb - (0x100000*0x1000 = 4Gb)
834 .word 0 # base address = 0
835 .word 0x9200 # data read/write
836 .word 0x00CF # granularity = 4096, 386
837 # (+5th nibble of limit)
839 .word 0 # idt limit = 0
840 .word 0, 0 # idt base = 0L
842 .word 0x8000 # gdt limit=2048,
845 .word 0, 0 # gdt base (filled in later)
847 # Include video setup & detection code
851 # Setup signature -- must be last
852 setup_sig1: .word SIG1
853 setup_sig2: .word SIG2
855 # After this point, there is some free space which is used by the video mode
856 # handling code to store the temporary mode table (not used by the kernel).
git://git.onelab.eu / linux-2.6.git / blob