以上内容参考自wiki中的《coreboot Overview》章节以及coreboot源代码。
在wiki中执行流程是按照intel平台来的,但是中间有部分并不是很清楚。
这里根据代码有增加部分内容,但是并不是一定按照intel平台来的。
coreboot执行流程大致分为四个阶段:
bootblock->romstage->ramstage->payload
1. At 0xFFFFFFF0, start execution at reset_vector from src/cpu/x86/16bit/reset16.inc,which simply jumps to _start.
对应代码:
.section ".reset", "ax", %progbits
.code16
.globl _start
_start:
.byte 0xe9
.int _start16bit - ( . + 2 )
/* Note: The above jump is hand coded to work around bugs in binutils.
* 5 byte are used for a 3 byte instruction. This works because x86
* is little endian and allows us to use supported 32bit relocations
* instead of the weird 16 bit relocations that binutils does not
* handle consistenly between versions because they are used so rarely.
*/
.previous
如果不关注具体的细节,这里的代码就是一个跳转语句,跳转到_start16bit的位置。
2. _start from src/cpu/x86/16bit/entry16.inc, invalidates the TLBs, sets up a GDT for selector 0x08 (code) and 0x10 (data), switches to protected mode, and jumps to__protected_start (setting the CS to the new selector 0x08). The selectors provide full flat access to the entire physical memory map.
entry16.inc中有_start16bit,它就是第一步的跳转位置。在entry16.inc中的主要操作就是进入保护模式,然后跳转的32位的代码中:
/* Now that we are in protected mode jump to a 32 bit code segment. */
ljmpl $ROM_CODE_SEG, $__protected_start
3. __protected_start fromsrc/cpu/x86/32bit/entry32.inc, sets all other segment registers to the 0x10 selector.
__protected_start:
/* Save the BIST value */
movl %eax, %ebp
#if !IS_ENABLED(CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES)
post_code(POST_ENTER_PROTECTED_MODE)
#endif
movw $ROM_DATA_SEG, %ax
movw %ax, %ds
movw %ax, %es
movw %ax, %ss
movw %ax, %fs
movw %ax, %gs
/* Restore the BIST value to %eax */
movl %ebp, %eax
ROM_DATA_SEG的值就是0x10。
以上涉及的到的文件都包含在bootblock_romcc.S或者bootblock_crt0.S文件中,这属于coreboot的第一个阶段,称为bootblock阶段。
bootblock_romcc.S或者bootblock_crt0.S对应着两种不同的bootblock,参看说明:
bootblock_romcc.S对应的是:
/*
* This is the original bootblock used by coreboot on x86 systems. It contains
* a monolithic code flow, assembled from the following stages:
* - reset16.inc: the reset vector
* - entry16.inc: protected mode setup
* - entry32.inc: segment descriptor setup
* - CONFIG_CHIPSET_BOOTBLOCK_INCLUDE: chipset-specific initialization
* - generated/bootblock.inc: ROMCC part of the bootblock
*
* This is used on platforms which do not select C_ENVIRONMENT_BOOTBLOCK, and it
* tries to do the absolute minimum before walking CBFS and jumping to romstage.
*
* This file assembles the bootblock program by the order of the includes. Thus,
* it's extremely important that one pays very careful attention to the order
* of the includes.
*/
bootblock_romcc.S的代码:
#include
#include
#include
#include
#ifdef CONFIG_CHIPSET_BOOTBLOCK_INCLUDE
#include CONFIG_CHIPSET_BOOTBLOCK_INCLUDE
#endif
#if IS_ENABLED(CONFIG_SSE)
#include
#endif
/*
* This bootblock.inc file is generated by ROMCC. The above program flow
* falls through to this point. ROMCC assumes the last function it parsed
* is the main function and it places its instructions at the beginning of
* the generated file. Moreover, any library/common code needed in bootblock
* needs to come after bootblock.inc.
*/
#include
这里有个问题就是bootblock.inc并不是现成的代码,而是ROMCC生成的文件,而ROMCC是coreboot的一个工具,具体作用还不明。
bootblock_crt0.S对应的是:
/*
* This is the modern bootblock. It is used by platforms which select
* C_ENVIRONMENT_BOOTBLOCK, and it prepares the system for C environment runtime
* setup. The actual setup is done by hardware-specific code.
*
* It provides a bootflow similar to other architectures, and thus is considered
* to be the modern approach.
*/
对应的代码:
#include
/*
* Include the old code for reset vector and protected mode entry. That code has
* withstood the test of time.
*/
#include
#include
#include
#include
#if IS_ENABLED(CONFIG_BOOTBLOCK_DEBUG_SPINLOOP)
/* Wait for a JTAG debugger to break in and set EBX non-zero */
xor %ebx, %ebx
debug_spinloop:
cmp $0, %ebx
jz debug_spinloop
#endif
bootblock_protected_mode_entry:
/* BIST result in eax */
movl %eax, %ebx
/* Get an early timestamp */
rdtsc
#if IS_ENABLED(CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP)
lea 1f, %ebp
/* eax: Low 32-bits of timestamp
* ebx: BIST result
* ebp: return address
* edx: High 32-bits of timestamp
*/
jmp bootblock_save_bist_and_timestamp
1:
#else
movd %ebx, %mm0
movd %eax, %mm1
movd %edx, %mm2
#endif
#if IS_ENABLED(CONFIG_SSE)
enable_sse:
mov %cr4, %eax
or $CR4_OSFXSR, %ax
mov %eax, %cr4
#endif /* IS_ENABLED(CONFIG_SSE) */
/* We're done. Now it's up to platform-specific code */
jmp bootblock_pre_c_entry
两种类型的bootblock前面的resetvector和进入保护模式的方式都是一样的,之后modern bootblock跳转到了bootblock_pre_c_entry:
/*
* C code entry point for the boot block.
*/
void asmlinkage bootblock_c_entry(uint64_t base_timestamp);
bootblock_c_entry()最终会调用:
/*
* This is a the same as the bootblock main(), with the difference that it does
* not collect a timestamp. Instead it accepts the first timestamp as an
* argument. This can be used in cases where an earlier stamp is available
* Note that this function is designed to be entered from C code.
* This function assumes that the timer has already been initialized, so it
* does not call init_timer().
*/
void asmlinkage bootblock_main_with_timestamp(uint64_t base_timestamp);
这个函数是bootblock阶段的c语言入口。
它的一个代码实现:
void asmlinkage bootblock_main_with_timestamp(uint64_t base_timestamp)
{
/* Initialize timestamps if we have TIMESTAMP region in memlayout.ld. */
if (IS_ENABLED(CONFIG_COLLECT_TIMESTAMPS) && _timestamp_size > 0)
timestamp_init(base_timestamp);
bootblock_soc_early_init();
bootblock_mainboard_early_init();
if (IS_ENABLED(CONFIG_BOOTBLOCK_CONSOLE)) {
console_init();
exception_init();
}
bootblock_soc_init();
bootblock_mainboard_init();
run_romstage();
}
最终它跳转到了romstage阶段,这是coreboot的第二个阶段。
4. Execution continues with various mainboard init fragments:
a) __fpu_start fromcpu/x86/fpu_enable.inc.
b) (unlabeled) fromcpu/x86/sse_enable.inc
c) Some CPUs enable their on-chipcache to be used temporarily as a scratch RAM (stack), e.g.cpu/amd/model_lx/cache_as_ram.inc.
相关的代码都能够找到,但是并不是在所有平台上都会使用,即使使用,也会有不同的实现,所以会对应不同的代码。
这一部分仍属于bootblock阶段,并且根据不同的平台代码分布位置可能不同。
5. The final mainboard init fragment is mainboard-specific, in C, called romstage.c. For non-cache-as-RAM targets, it is compiled with romcc. It includes and uses other C-code fragments for:
a) Initializing MSRs, MTRRs, APIC.
b) Setting up the southbridge minimally ("early setup").
c) Setting up Super I/O serial.
d) Initializing the console.
e) Initializing RAM controller and RAM itself.
这一部分属于romstage阶段。
void run_romstage(void)
{
struct prog romstage =
PROG_INIT(PROG_ROMSTAGE, CONFIG_CBFS_PREFIX "/romstage");
if (prog_locate(&romstage))
goto fail;
timestamp_add_now(TS_START_COPYROM);
if (cbfs_prog_stage_load(&romstage))
goto fail;
timestamp_add_now(TS_END_COPYROM);
prog_run(&romstage);
fail:
if (IS_ENABLED(CONFIG_BOOTBLOCK_CONSOLE))
die("Couldn't load romstage.\n");
halt();
}
从代码上看,应该是获取到二进制的romstage文件并执行。
romstage文件通过romstage.c文件编译得到,它有很多个,因为要对应不同的平台。
6. Execution continues at __main from src/arch/x86/init/crt0_romcc_epilogue.inc, where the non-romcc C coreboot code is copied (possibly decompressed) to RAM, then the RAM entry point is jumped to.
romstage阶段最后的步骤就是初始化内存并拷贝相关代码到内存中,而后再跳转到内存中去执行剩余的代码。
下面就进入ramstage阶段:
7. The RAM entry point is _startin src/arch/x86/lib/c_start.S, where new descriptor tables are set up, the stack and BSS are cleared, the IDT is initialized, and hardwaremain() is called(operation is now full 32-bit protected mode C program with stack).
c_start.S中有如下的代码:
/*
* Now we are finished. Memory is up, data is copied and
* bss is cleared. Now we call the main routine and
* let it do the rest.
*/
post_code(POST_PRE_HARDWAREMAIN) /* post fe */
#if CONFIG_GDB_WAIT
call gdb_hw_init
call gdb_stub_breakpoint
#endif
call main
/* NOTREACHED */
这里的main就是hardwaremain.c中的main()函数。
8. hardwaremain() is from src/boot/hardwaremain.c, the console is initialized, devices are enumerated and initialized, configured and enabled.
在hardwaremain.c中,会按照如下的过程执行:
static struct boot_state boot_states[] = {
BS_INIT_ENTRY(BS_PRE_DEVICE, bs_pre_device),
BS_INIT_ENTRY(BS_DEV_INIT_CHIPS, bs_dev_init_chips),
BS_INIT_ENTRY(BS_DEV_ENUMERATE, bs_dev_enumerate),
BS_INIT_ENTRY(BS_DEV_RESOURCES, bs_dev_resources),
BS_INIT_ENTRY(BS_DEV_ENABLE, bs_dev_enable),
BS_INIT_ENTRY(BS_DEV_INIT, bs_dev_init),
BS_INIT_ENTRY(BS_POST_DEVICE, bs_post_device),
BS_INIT_ENTRY(BS_OS_RESUME_CHECK, bs_os_resume_check),
BS_INIT_ENTRY(BS_OS_RESUME, bs_os_resume),
BS_INIT_ENTRY(BS_WRITE_TABLES, bs_write_tables),
BS_INIT_ENTRY(BS_PAYLOAD_LOAD, bs_payload_load),
BS_INIT_ENTRY(BS_PAYLOAD_BOOT, bs_payload_boot),
};
最终到达加载payload那一步:
9. The payload is called, either via elfboot() from boot/elfboot.c, or filo() from boot/filo.c
PS:以上属于根据wiki和coreboot得到的个人理解,不保证100%正确,如有错误请见谅。