2 * setup.S Copyright (C) 1991, 1992 Linus Torvalds
4 * setup.s is responsible for getting the system data from the BIOS,
5 * and putting them into the appropriate places in system memory.
6 * both setup.s and system has been loaded by the bootblock.
8 * This code asks the bios for memory/disk/other parameters, and
9 * puts them in a "safe" place: 0x90000-0x901FF, ie where the
10 * boot-block used to be. It is then up to the protected mode
11 * system to read them from there before the area is overwritten
14 * Move PS/2 aux init code to psaux.c
15 * (troyer@saifr00.cfsat.Honeywell.COM) 03Oct92
17 * some changes and additional features by Christoph Niemann,
18 * March 1993/June 1994 (Christoph.Niemann@linux.org)
20 * add APM BIOS checking by Stephen Rothwell, May 1994
21 * (sfr@canb.auug.org.au)
23 * High load stuff, initrd support and position independency
24 * by Hans Lermen & Werner Almesberger, February 1996
25 * <lermen@elserv.ffm.fgan.de>, <almesber@lrc.epfl.ch>
27 * Video handling moved to video.S by Martin Mares, March 1996
28 * <mj@k332.feld.cvut.cz>
30 * Extended memory detection scheme retwiddled by orc@pell.chi.il.us (david
31 * parsons) to avoid loadlin confusion, July 1997
33 * Transcribed from Intel (as86) -> AT&T (gas) by Chris Noe, May 1999.
34 * <stiker@northlink.com>
36 * Fix to work around buggy BIOSes which dont use carry bit correctly
37 * and/or report extended memory in CX/DX for e801h memory size detection
38 * call. As a result the kernel got wrong figures. The int15/e801h docs
39 * from Ralf Brown interrupt list seem to indicate AX/BX should be used
40 * anyway. So to avoid breaking many machines (presumably there was a reason
41 * to orginally use CX/DX instead of AX/BX), we do a kludge to see
42 * if CX/DX have been changed in the e801 call and if so use AX/BX .
43 * Michael Miller, April 2001 <michaelm@mjmm.org>
45 * Added long mode checking and SSE force. March 2003, Andi Kleen.
48 #include <linux/config.h>
49 #include <asm/segment.h>
50 #include <linux/version.h>
51 #include <linux/compile.h>
55 /* Signature words to ensure LILO loaded us right */
59 INITSEG = DEF_INITSEG # 0x9000, we move boot here, out of the way
60 SYSSEG = DEF_SYSSEG # 0x1000, system loaded at 0x10000 (65536).
61 SETUPSEG = DEF_SETUPSEG # 0x9020, this is the current segment
62 # ... and the former contents of CS
64 DELTA_INITSEG = SETUPSEG - INITSEG # 0x0020
67 .globl begtext, begdata, begbss, endtext, enddata, endbss
80 # This is the setup header, and it must start at %cs:2 (old 0x9020:2)
82 .ascii "HdrS" # header signature
83 .word 0x0202 # header version number (>= 0x0105)
84 # or else old loadlin-1.5 will fail)
85 realmode_swtch: .word 0, 0 # default_switch, SETUPSEG
86 start_sys_seg: .word SYSSEG
87 .word kernel_version # pointing to kernel version string
88 # above section of header is compatible
89 # with loadlin-1.5 (header v1.5). Don't
92 type_of_loader: .byte 0 # = 0, old one (LILO, Loadlin,
93 # Bootlin, SYSLX, bootsect...)
94 # See Documentation/i386/boot.txt for
97 # flags, unused bits must be zero (RFU) bit within loadflags
99 LOADED_HIGH = 1 # If set, the kernel is loaded high
100 CAN_USE_HEAP = 0x80 # If set, the loader also has set
101 # heap_end_ptr to tell how much
102 # space behind setup.S can be used for
104 # Only the loader knows what is free
105 #ifndef __BIG_KERNEL__
111 setup_move_size: .word 0x8000 # size to move, when setup is not
112 # loaded at 0x90000. We will move setup
113 # to 0x90000 then just before jumping
114 # into the kernel. However, only the
115 # loader knows how much data behind
116 # us also needs to be loaded.
118 code32_start: # here loaders can put a different
119 # start address for 32-bit code.
120 #ifndef __BIG_KERNEL__
121 .long 0x1000 # 0x1000 = default for zImage
123 .long 0x100000 # 0x100000 = default for big kernel
126 ramdisk_image: .long 0 # address of loaded ramdisk image
127 # Here the loader puts the 32-bit
128 # address where it loaded the image.
129 # This only will be read by the kernel.
131 ramdisk_size: .long 0 # its size in bytes
134 .word bootsect_helper, SETUPSEG
136 heap_end_ptr: .word modelist+1024 # (Header version 0x0201 or later)
137 # space from here (exclusive) down to
138 # end of setup code can be used by setup
139 # for local heap purposes.
142 cmd_line_ptr: .long 0 # (Header version 0x0202 or later)
143 # If nonzero, a 32-bit pointer
144 # to the kernel command line.
145 # The command line should be
146 # located between the start of
147 # setup and the end of low
148 # memory (0xa0000), or it may
149 # get overwritten before it
150 # gets read. If this field is
151 # used, there is no longer
152 # anything magical about the
153 # 0x90000 segment; the setup
154 # can be located anywhere in
155 # low memory 0x10000 or higher.
157 trampoline: call start_of_setup
159 # End of setup header #####################################################
162 # Bootlin depends on this being done early
167 #ifdef SAFE_RESET_DISK_CONTROLLER
168 # Reset the disk controller.
174 # Set %ds = %cs, we know that SETUPSEG = %cs at this point
175 movw %cs, %ax # aka SETUPSEG
177 # Check signature at end of setup
178 cmpw $SIG1, setup_sig1
181 cmpw $SIG2, setup_sig2
186 # Routine to print asciiz string at ds:si
198 prtsp2: call prtspc # Print double space
199 prtspc: movb $0x20, %al # Print single space (note: fall-thru)
212 beep: movb $0x07, %al
215 no_sig_mess: .string "No setup signature found ..."
220 # We now have to find the rest of the setup code/data
222 movw %cs, %ax # SETUPSEG
223 subw $DELTA_INITSEG, %ax # INITSEG
226 movb (497), %bl # get setup sect from bootsect
227 subw $4, %bx # LILO loads 4 sectors of setup
228 shlw $8, %bx # convert to words (1sect=2^8 words)
230 shrw $3, %bx # convert to segment
232 movw %bx, %cs:start_sys_seg
233 # Move rest of setup code/data to here
234 movw $2048, %di # four sectors loaded by LILO
236 movw %cs, %ax # aka SETUPSEG
242 movw %cs, %ax # aka SETUPSEG
244 cmpw $SIG1, setup_sig1
247 cmpw $SIG2, setup_sig2
260 movw %cs, %ax # aka SETUPSEG
261 subw $DELTA_INITSEG, %ax # aka INITSEG
263 # Check if an old loader tries to load a big-kernel
264 testb $LOADED_HIGH, %cs:loadflags # Do we have a big kernel?
265 jz loader_ok # No, no danger for old loaders.
267 cmpb $0, %cs:type_of_loader # Do we have a loader that
269 jnz loader_ok # Yes, continue.
271 pushw %cs # No, we have an old loader,
273 lea loader_panic_mess, %si
278 loader_panic_mess: .string "Wrong loader, giving up..."
281 /* check for long mode. */
282 /* we have to do this before the VESA setup, otherwise the user
283 can't see the error message. */
289 /* minimum CPUID flags for x86-64 */
290 /* see http://www.x86-64.org/lists/discuss/msg02971.html */
291 #define SSE_MASK ((1<<25)|(1<<26))
292 #define REQUIRED_MASK1 ((1<<0)|(1<<3)|(1<<4)|(1<<5)|(1<<6)|(1<<8)|\
293 (1<<13)|(1<<15)|(1<<24))
294 #define REQUIRED_MASK2 (1<<29)
296 pushfl /* standard way to check for cpuid */
305 jz no_longmode /* cpu has no cpuid */
309 jb no_longmode /* no cpuid 1 */
311 cmpl $0x68747541,%ebx /* AuthenticAMD */
313 cmpl $0x69746e65,%edx
315 cmpl $0x444d4163,%ecx
317 mov $1,%di /* cpu is from AMD */
321 andl $REQUIRED_MASK1,%edx
322 xorl $REQUIRED_MASK1,%edx
324 movl $0x80000000,%eax
326 cmpl $0x80000001,%eax
327 jb no_longmode /* no extended cpuid */
328 movl $0x80000001,%eax
330 andl $REQUIRED_MASK2,%edx
331 xorl $REQUIRED_MASK2,%edx
340 jz no_longmode /* only try to force SSE on AMD */
341 movl $0xc0010015,%ecx /* HWCR */
343 btr $15,%eax /* enable SSE */
345 xor %di,%di /* don't loop */
346 jmp sse_test /* try again */
349 lea long_mode_panic,%si
354 .string "Your CPU does not support long mode. Use a 32bit distribution."
360 # tell BIOS we want to go to long mode
361 movl $0xec00,%eax # declare target operating mode
362 movl $2,%ebx # long mode
365 # Get memory size (extended mem, kB)
369 #ifndef STANDARD_MEMORY_BIOS_CALL
371 # Try three different memory detection schemes. First, try
372 # e820h, which lets us assemble a memory map, then try e801h,
373 # which returns a 32-bit memory size, and finally 88h, which
377 # the memory map from hell. e820h returns memory classified into
378 # a whole bunch of different types, and allows memory holes and
379 # everything. We scan through this memory map and build a list
380 # of the first 32 memory areas, which we return at [E820MAP].
381 # This is documented at http://www.teleport.com/~acpi/acpihtml/topic245.htm
383 #define SMAP 0x534d4150
386 xorl %ebx, %ebx # continuation counter
387 movw $E820MAP, %di # point into the whitelist
388 # so we can have the bios
389 # directly write into it.
392 movl $0x0000e820, %eax # e820, upper word zeroed
393 movl $SMAP, %edx # ascii 'SMAP'
394 movl $20, %ecx # size of the e820rec
395 pushw %ds # data record.
397 int $0x15 # make the call
398 jc bail820 # fall to e801 if it fails
400 cmpl $SMAP, %eax # check the return is `SMAP'
401 jne bail820 # fall to e801 if it fails
403 # cmpl $1, 16(%di) # is this usable memory?
406 # If this is usable memory, we save it by simply advancing %di by
410 movb (E820NR), %al # up to 32 entries
419 cmpl $0, %ebx # check to see if
420 jne jmpe820 # %ebx is set to EOF
425 # memory size is in 1k chunksizes, to avoid confusing loadlin.
426 # we store the 0xe801 memory size in a completely different place,
427 # because it will most likely be longer than 16 bits.
428 # (use 1e0 because that's what Larry Augustine uses in his
429 # alternative new memory detection scheme, and it's sensible
430 # to write everything into the same place.)
433 stc # fix to work around buggy
434 xorw %cx,%cx # BIOSes which dont clear/set
435 xorw %dx,%dx # carry on pass/error of
436 # e801h memory size call
437 # or merely pass cx,dx though
438 # without changing them.
443 cmpw $0x0, %cx # Kludge to handle BIOSes
444 jne e801usecxdx # which report their extended
445 cmpw $0x0, %dx # memory in AX/BX rather than
446 jne e801usecxdx # CX/DX. The spec I have read
447 movw %ax, %cx # seems to indicate AX/BX
448 movw %bx, %dx # are more reasonable anyway...
451 andl $0xffff, %edx # clear sign extend
452 shll $6, %edx # and go from 64k to 1k chunks
453 movl %edx, (0x1e0) # store extended memory size
454 andl $0xffff, %ecx # clear sign extend
455 addl %ecx, (0x1e0) # and add lower memory into
458 # Ye Olde Traditional Methode. Returns the memory size (up to 16mb or
459 # 64mb, depending on the bios) in ax.
467 # Set the keyboard repeat rate to the max
472 # Check for video adapter and its parameters and allow the
473 # user to browse video modes.
474 call video # NOTE: we need %ds pointing
481 movw %cs, %ax # aka SETUPSEG
482 subw $DELTA_INITSEG, %ax # aka INITSEG
500 # Check that there IS a hd1 :-)
510 movw %cs, %ax # aka SETUPSEG
511 subw $DELTA_INITSEG, %ax # aka INITSEG
521 # Check for PS/2 pointing device
522 movw %cs, %ax # aka SETUPSEG
523 subw $DELTA_INITSEG, %ax # aka INITSEG
525 movw $0, (0x1ff) # default is no pointing device
526 int $0x11 # int 0x11: equipment list
527 testb $0x04, %al # check if mouse installed
530 movw $0xAA, (0x1ff) # device present
533 # Now we want to move to protected mode ...
534 cmpw $0, %cs:realmode_swtch
537 lcall *%cs:realmode_swtch
546 # we get the code32 start address and modify the below 'jmpi'
547 # (loader may have changed it)
548 movl %cs:code32_start, %eax
549 movl %eax, %cs:code32
551 # Now we move the system to its rightful place ... but we check if we have a
552 # big-kernel. In that case we *must* not move it ...
553 testb $LOADED_HIGH, %cs:loadflags
554 jz do_move0 # .. then we have a normal low
556 # .. or else we have a high
558 jmp end_move # ... and we skip moving
561 movw $0x100, %ax # start of destination segment
562 movw %cs, %bp # aka SETUPSEG
563 subw $DELTA_INITSEG, %bp # aka INITSEG
564 movw %cs:start_sys_seg, %bx # start of source segment
567 movw %ax, %es # destination segment
568 incb %ah # instead of add ax,#0x100
569 movw %bx, %ds # source segment
576 cmpw %bp, %bx # assume start_sys_seg > 0x200,
577 # so we will perhaps read one
578 # page more than needed, but
579 # never overwrite INITSEG
580 # because destination is a
581 # minimum one page below source
585 # then we load the segment descriptors
586 movw %cs, %ax # aka SETUPSEG
589 # Check whether we need to be downward compatible with version <=201
590 cmpl $0, cmd_line_ptr
591 jne end_move_self # loader uses version >=202 features
592 cmpb $0x20, type_of_loader
593 je end_move_self # bootsect loader, we know of it
595 # Boot loader doesnt support boot protocol version 2.02.
596 # If we have our code not at 0x90000, we need to move it there now.
597 # We also then need to move the params behind it (commandline)
598 # Because we would overwrite the code on the current IP, we move
599 # it in two steps, jumping high after the first one.
604 cli # make sure we really have
605 # interrupts disabled !
606 # because after this the stack
608 subw $DELTA_INITSEG, %ax # aka INITSEG
614 subw %ax, %dx # this will go into %ss after
618 movw $INITSEG, %ax # real INITSEG
620 movw %cs:setup_move_size, %cx
621 std # we have to move up, so we use
622 # direction down because the
627 subw $move_self_here+0x200, %cx
630 ljmp $SETUPSEG, $move_self_here
633 movw $move_self_here+0x200, %cx
639 end_move_self: # now we are at the right place
640 lidt idt_48 # load idt with 0,0
641 xorl %eax, %eax # Compute gdt_base
642 movw %ds, %ax # (Convert %ds:gdt to a linear ptr)
645 movl %eax, (gdt_48+2)
646 lgdt gdt_48 # load gdt with whatever is
649 # that was painless, now we enable a20
652 movb $0xD1, %al # command write
656 movb $0xDF, %al # A20 on
661 # You must preserve the other bits here. Otherwise embarrasing things
662 # like laptops powering off on boot happen. Corrected version by Kira
663 # Brown from Linux 2.2
666 orb $02, %al # "fast A20" version
667 outb %al, $0x92 # some chips have only this
669 # wait until a20 really *is* enabled; it can take a fair amount of
670 # time on certain systems; Toshiba Tecras are known to have this
671 # problem. The memory location used here (0x200) is the int 0x80
672 # vector, which should be safe to use.
674 xorw %ax, %ax # segment 0x0000
676 decw %ax # segment 0xffff (HMA)
679 incw %ax # unused memory location <0xfff0
680 movw %ax, %fs:(0x200) # we use the "int 0x80" vector
681 cmpw %gs:(0x210), %ax # and its corresponding HMA addr
682 je a20_wait # loop until no longer aliased
684 # make sure any possible coprocessor is properly reset..
692 # well, that went ok, I hope. Now we mask all interrupts - the rest
693 # is done in init_IRQ().
694 movb $0xFF, %al # mask all interrupts for now
698 movb $0xFB, %al # mask all irq's but irq2 which
699 outb %al, $0x21 # is cascaded
701 # Well, that certainly wasn't fun :-(. Hopefully it works, and we don't
702 # need no steenking BIOS anyway (except for the initial loading :-).
703 # The BIOS-routine wants lots of unnecessary data, and it's less
704 # "interesting" anyway. This is how REAL programmers do it.
706 # Well, now's the time to actually move into protected mode. To make
707 # things as simple as possible, we do no register set-up or anything,
708 # we let the gnu-compiled 32-bit programs do that. We just jump to
709 # absolute address 0x1000 (or the loader supplied one),
710 # in 32-bit protected mode.
712 # Note that the short jump isn't strictly needed, although there are
713 # reasons why it might be a good idea. It won't hurt in any case.
714 movw $1, %ax # protected mode (PE) bit
715 lmsw %ax # This is it!
719 xorw %bx, %bx # Flag to indicate a boot
720 xorl %esi, %esi # Pointer to real-mode code
722 subw $DELTA_INITSEG, %si
723 shll $4, %esi # Convert to 32-bit pointer
724 # NOTE: For high loaded big kernels we need a
725 # jmpi 0x100000,__KERNEL_CS
727 # but we yet haven't reloaded the CS register, so the default size
728 # of the target offset still is 16 bit.
729 # However, using an operand prefix (0x66), the CPU will properly
730 # take our 48 bit far pointer. (INTeL 80386 Programmer's Reference
731 # Manual, Mixing 16-bit and 32-bit code, page 16-6)
733 .byte 0x66, 0xea # prefix + jmpi-opcode
734 code32: .long 0x1000 # will be set to 0x100000
738 # Here's a bunch of information about your current kernel..
739 kernel_version: .ascii UTS_RELEASE
741 .ascii LINUX_COMPILE_BY
743 .ascii LINUX_COMPILE_HOST
748 # This is the default real mode switch routine.
749 # to be called just before protected mode transition
751 cli # no interrupts allowed !
752 movb $0x80, %al # disable NMI for bootup
757 # This routine only gets called, if we get loaded by the simple
758 # bootsect loader _and_ have a bzImage to load.
759 # Because there is no place left in the 512 bytes of the boot sector,
760 # we must emigrate to code space here.
762 cmpw $0, %cs:bootsect_es
765 movb $0x20, %cs:type_of_loader
768 movb %ah, %cs:bootsect_src_base+2
770 movw %ax, %cs:bootsect_es
772 lret # nothing else to do for now
778 testw %bx, %bx # 64K full?
781 movw $0x8000, %cx # full 64K, INT15 moves words
784 movw $bootsect_gdt, %si
787 jc bootsect_panic # this, if INT15 fails
789 movw %cs:bootsect_es, %es # we reset %es to always point
790 incb %cs:bootsect_dst_base+2 # to 0x10000
792 movb %cs:bootsect_dst_base+2, %ah
793 shlb $4, %ah # we now have the number of
794 # moved frames in %ax
809 .byte 0x00, 0x00, 0x01 # base = 0x010000
811 .word 0 # limit16,base24 =0
817 .byte 0x00, 0x00, 0x10 # base = 0x100000
819 .word 0 # limit16,base24 =0
820 .word 0, 0, 0, 0 # BIOS CS
821 .word 0, 0, 0, 0 # BIOS DS
830 leaw bootsect_panic_mess, %si
834 jmp bootsect_panic_loop
837 .string "INT15 refuses to access high mem, giving up."
839 # This routine checks that the keyboard command queue is empty
840 # (after emptying the output buffers)
842 # Some machines have delusions that the keyboard buffer is always full
843 # with no keyboard attached...
845 # If there is no keyboard controller, we will usually get 0xff
846 # to all the reads. With each IO taking a microsecond and
847 # a timeout of 100,000 iterations, this can take about half a
848 # second ("delay" == outb to port 0x80). That should be ok,
849 # and should also be plenty of time for a real keyboard controller
859 jz empty_8042_end_loop
863 inb $0x64, %al # 8042 status port
864 testb $1, %al # output buffer?
868 inb $0x60, %al # read it
872 testb $2, %al # is input buffer full?
873 jnz empty_8042_loop # yes - loop
878 # Read the cmos clock. Return the seconds in al
883 movb %dh, %al # %dh contains the seconds
892 # Delay is needed after doing I/O
899 .word 0, 0, 0, 0 # dummy
901 .word 0, 0, 0, 0 # unused
903 .word 0xFFFF # 4Gb - (0x100000*0x1000 = 4Gb)
904 .word 0 # base address = 0
905 .word 0x9A00 # code read/exec
906 .word 0x00CF # granularity = 4096, 386
907 # (+5th nibble of limit)
909 .word 0xFFFF # 4Gb - (0x100000*0x1000 = 4Gb)
910 .word 0 # base address = 0
911 .word 0x9200 # data read/write
912 .word 0x00CF # granularity = 4096, 386
913 # (+5th nibble of limit)
914 # this is 64bit descriptor for code
917 .word 0x9A00 # code read/exec
918 .word 0x00AF # as above, but it is long mode and with D=0
919 # it does not seem to do the trick.
922 .word 0 # idt limit = 0
923 .word 0, 0 # idt base = 0L
925 .word 0x8000 # gdt limit=2048,
928 .word 0, 0 # gdt base (filled in later)
930 # Include video setup & detection code
934 # Setup signature -- must be last
935 setup_sig1: .word SIG1
936 setup_sig2: .word SIG2
938 # After this point, there is some free space which is used by the video mode
939 # handling code to store the temporary mode table (not used by the kernel).