coreboot基础——基础流程

coreboot执行流程

以上内容参考自wiki中的《coreboot Overview》章节以及coreboot源代码。

在wiki中执行流程是按照intel平台来的,但是中间有部分并不是很清楚。

这里根据代码有增加部分内容,但是并不是一定按照intel平台来的。

 

coreboot执行流程大致分为四个阶段:

bootblock->romstage->ramstage->payload

 

1.    At 0xFFFFFFF0, start execution at reset_vector from src/cpu/x86/16bit/reset16.inc,which simply jumps to _start.

对应代码:

	.section ".reset", "ax", %progbits
	.code16
.globl	_start
_start:
	.byte  0xe9
	.int   _start16bit - ( . + 2 )
	/* Note: The above jump is hand coded to work around bugs in binutils.
	 * 5 byte are used for a 3 byte instruction.  This works because x86
	 * is little endian and allows us to use supported 32bit relocations
	 * instead of the weird 16 bit relocations that binutils does not
	 * handle consistenly between versions because they are used so rarely.
	 */
	.previous

如果不关注具体的细节,这里的代码就是一个跳转语句,跳转到_start16bit的位置。

 

2.    _start from src/cpu/x86/16bit/entry16.inc, invalidates the TLBs, sets up a GDT for selector 0x08 (code) and 0x10 (data), switches to protected mode, and jumps to__protected_start (setting the CS to the new selector 0x08). The selectors provide full flat access to the entire physical memory map.

entry16.inc中有_start16bit,它就是第一步的跳转位置。在entry16.inc中的主要操作就是进入保护模式,然后跳转的32位的代码中:

	/* Now that we are in protected mode jump to a 32 bit code segment. */
	ljmpl	$ROM_CODE_SEG, $__protected_start

 

3.    __protected_start fromsrc/cpu/x86/32bit/entry32.inc, sets all other segment registers to the 0x10 selector.

__protected_start:
	/* Save the BIST value */
	movl	%eax, %ebp

#if !IS_ENABLED(CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES)
	post_code(POST_ENTER_PROTECTED_MODE)
#endif

	movw	$ROM_DATA_SEG, %ax
	movw	%ax, %ds
	movw	%ax, %es
	movw	%ax, %ss
	movw	%ax, %fs
	movw	%ax, %gs

	/* Restore the BIST value to %eax */
	movl	%ebp, %eax

ROM_DATA_SEG的值就是0x10。

 

以上涉及的到的文件都包含在bootblock_romcc.S或者bootblock_crt0.S文件中,这属于coreboot的第一个阶段,称为bootblock阶段

bootblock_romcc.S或者bootblock_crt0.S对应着两种不同的bootblock,参看说明:

bootblock_romcc.S对应的是:

/*
 * This is the original bootblock used by coreboot on x86 systems. It contains
 * a monolithic code flow, assembled from the following stages:
 *     - reset16.inc: the reset vector
 *     - entry16.inc: protected mode setup
 *     - entry32.inc: segment descriptor setup
 *     - CONFIG_CHIPSET_BOOTBLOCK_INCLUDE: chipset-specific initialization
 *     - generated/bootblock.inc: ROMCC part of the bootblock
 *
 * This is used on platforms which do not select C_ENVIRONMENT_BOOTBLOCK, and it
 * tries to do the absolute minimum before walking CBFS and jumping to romstage.
 *
 * This file assembles the bootblock program by the order of the includes. Thus,
 * it's extremely important that one pays very careful attention to the order
 * of the includes.
*/

bootblock_romcc.S的代码:

#include 
#include 
#include 
#include 

#ifdef CONFIG_CHIPSET_BOOTBLOCK_INCLUDE
#include CONFIG_CHIPSET_BOOTBLOCK_INCLUDE
#endif

#if IS_ENABLED(CONFIG_SSE)
#include 
#endif

/*
 * This bootblock.inc file is generated by ROMCC. The above program flow
 * falls through to this point. ROMCC assumes the last function it parsed
 * is the main function and it places its instructions at the beginning of
 * the generated file. Moreover, any library/common code needed in bootblock
 * needs to come after bootblock.inc.
 */
#include 

这里有个问题就是bootblock.inc并不是现成的代码,而是ROMCC生成的文件,而ROMCC是coreboot的一个工具,具体作用还不明。

 

bootblock_crt0.S对应的是:

/*
 * This is the modern bootblock. It is used by platforms which select
 * C_ENVIRONMENT_BOOTBLOCK, and it prepares the system for C environment runtime
 * setup. The actual setup is done by hardware-specific code.
 *
 * It provides a bootflow similar to other architectures, and thus is considered
 * to be the modern approach.
*/

对应的代码:

#include 

/*
 * Include the old code for reset vector and protected mode entry. That code has
 * withstood the test of time.
 */
#include 
#include 
#include 
#include 

#if IS_ENABLED(CONFIG_BOOTBLOCK_DEBUG_SPINLOOP)

	/* Wait for a JTAG debugger to break in and set EBX non-zero */
	xor	%ebx, %ebx

debug_spinloop:
	cmp	$0, %ebx
	jz	debug_spinloop
#endif

bootblock_protected_mode_entry:

	/* BIST result in eax */
	movl	%eax, %ebx

	/* Get an early timestamp */
	rdtsc

#if IS_ENABLED(CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP)
	lea	1f, %ebp

	/* eax: Low 32-bits of timestamp
	 * ebx: BIST result
	 * ebp: return address
	 * edx: High 32-bits of timestamp
	 */
	jmp	bootblock_save_bist_and_timestamp
1:
#else
	movd	%ebx, %mm0
	movd	%eax, %mm1
	movd	%edx, %mm2
#endif

#if IS_ENABLED(CONFIG_SSE)
enable_sse:
	mov	%cr4, %eax
	or	$CR4_OSFXSR, %ax
	mov	%eax, %cr4
#endif /* IS_ENABLED(CONFIG_SSE) */

	/* We're done. Now it's up to platform-specific code */
	jmp	bootblock_pre_c_entry

两种类型的bootblock前面的resetvector和进入保护模式的方式都是一样的,之后modern bootblock跳转到了bootblock_pre_c_entry:

/*
 * C code entry point for the boot block.
 */
void asmlinkage bootblock_c_entry(uint64_t base_timestamp);

bootblock_c_entry()最终会调用:

/*
 * This is a the same as the bootblock main(), with the difference that it does
 * not collect a timestamp. Instead it accepts the first timestamp as an
 * argument. This can be used in cases where an earlier stamp is available
 * Note that this function is designed to be entered from C code.
 * This function assumes that the timer has already been initialized, so it
 * does not call init_timer().
 */
void asmlinkage bootblock_main_with_timestamp(uint64_t base_timestamp);

这个函数是bootblock阶段的c语言入口。

它的一个代码实现:

void asmlinkage bootblock_main_with_timestamp(uint64_t base_timestamp)
{
	/* Initialize timestamps if we have TIMESTAMP region in memlayout.ld. */
	if (IS_ENABLED(CONFIG_COLLECT_TIMESTAMPS) && _timestamp_size > 0)
		timestamp_init(base_timestamp);

	bootblock_soc_early_init();
	bootblock_mainboard_early_init();

	if (IS_ENABLED(CONFIG_BOOTBLOCK_CONSOLE)) {
		console_init();
		exception_init();
	}

	bootblock_soc_init();
	bootblock_mainboard_init();

	run_romstage();
}

最终它跳转到了romstage阶段,这是coreboot的第二个阶段。

 

4.    Execution continues with various mainboard init fragments:

a)     __fpu_start fromcpu/x86/fpu_enable.inc.

b)     (unlabeled) fromcpu/x86/sse_enable.inc

c)     Some CPUs enable their on-chipcache to be used temporarily as a scratch RAM (stack), e.g.cpu/amd/model_lx/cache_as_ram.inc.

相关的代码都能够找到,但是并不是在所有平台上都会使用,即使使用,也会有不同的实现,所以会对应不同的代码。

这一部分仍属于bootblock阶段,并且根据不同的平台代码分布位置可能不同。

 

5.    The final mainboard init fragment is mainboard-specific, in C, called romstage.c. For non-cache-as-RAM targets, it is compiled with romcc. It includes and uses other C-code fragments for:

a)     Initializing MSRs, MTRRs, APIC.

b)     Setting up the southbridge minimally ("early setup").

c)     Setting up Super I/O serial.

d)     Initializing the console.

e)     Initializing RAM controller and RAM itself.

这一部分属于romstage阶段。

void run_romstage(void)
{
	struct prog romstage =
		PROG_INIT(PROG_ROMSTAGE, CONFIG_CBFS_PREFIX "/romstage");

	if (prog_locate(&romstage))
		goto fail;

	timestamp_add_now(TS_START_COPYROM);

	if (cbfs_prog_stage_load(&romstage))
		goto fail;

	timestamp_add_now(TS_END_COPYROM);

	prog_run(&romstage);

fail:
	if (IS_ENABLED(CONFIG_BOOTBLOCK_CONSOLE))
		die("Couldn't load romstage.\n");
	halt();
}

从代码上看,应该是获取到二进制的romstage文件并执行。

romstage文件通过romstage.c文件编译得到,它有很多个,因为要对应不同的平台。

 

6.    Execution continues at __main from src/arch/x86/init/crt0_romcc_epilogue.inc, where the non-romcc C coreboot code is copied (possibly decompressed) to RAM, then the RAM entry point is jumped to.

romstage阶段最后的步骤就是初始化内存并拷贝相关代码到内存中,而后再跳转到内存中去执行剩余的代码。

 

下面就进入ramstage阶段:

7.    The RAM entry point is _startin src/arch/x86/lib/c_start.S, where new descriptor tables are set up, the stack and BSS are cleared, the IDT is initialized, and hardwaremain() is called(operation is now full 32-bit protected mode C program with stack).

c_start.S中有如下的代码:

	/*
	 *	Now we are finished. Memory is up, data is copied and
	 *	bss is cleared.   Now we call the main routine and
	 *	let it do the rest.
	 */
	post_code(POST_PRE_HARDWAREMAIN)	/* post fe */

#if CONFIG_GDB_WAIT
	call gdb_hw_init
	call gdb_stub_breakpoint
#endif
	call main
	/* NOTREACHED */

这里的main就是hardwaremain.c中的main()函数。

 

8.    hardwaremain() is from src/boot/hardwaremain.c, the console is initialized, devices are enumerated and initialized, configured and enabled.

在hardwaremain.c中,会按照如下的过程执行:

static struct boot_state boot_states[] = {
	BS_INIT_ENTRY(BS_PRE_DEVICE, bs_pre_device),
	BS_INIT_ENTRY(BS_DEV_INIT_CHIPS, bs_dev_init_chips),
	BS_INIT_ENTRY(BS_DEV_ENUMERATE, bs_dev_enumerate),
	BS_INIT_ENTRY(BS_DEV_RESOURCES, bs_dev_resources),
	BS_INIT_ENTRY(BS_DEV_ENABLE, bs_dev_enable),
	BS_INIT_ENTRY(BS_DEV_INIT, bs_dev_init),
	BS_INIT_ENTRY(BS_POST_DEVICE, bs_post_device),
	BS_INIT_ENTRY(BS_OS_RESUME_CHECK, bs_os_resume_check),
	BS_INIT_ENTRY(BS_OS_RESUME, bs_os_resume),
	BS_INIT_ENTRY(BS_WRITE_TABLES, bs_write_tables),
	BS_INIT_ENTRY(BS_PAYLOAD_LOAD, bs_payload_load),
	BS_INIT_ENTRY(BS_PAYLOAD_BOOT, bs_payload_boot),
};

 

最终到达加载payload那一步:

9.    The payload is called, either via elfboot() from boot/elfboot.c, or filo() from boot/filo.c

 

PS:以上属于根据wiki和coreboot得到的个人理解,不保证100%正确,如有错误请见谅。

 

你可能感兴趣的:(UEFI开发基础)