Loading boot image retrieved from CD-ROM

Loading boot image retrieved from CD-ROM

[Alex Roman]

Hello,

As you may recall, I'm working on the Google Summer of Code project to
enable GRUB2 to boot off CDs.

I can now read boot images from CDs using int 13h BIOS calls :) And
I've confirmed I'm actually reading the ISOLINUX image because I can
perform some manual disassembly and it matches what I see in the
ISOLINUX source code :)

The problem is now booting them. From what I've gathered from the
specs, I'm supposed to load the bootable image at address 0x7c00,
clear the segments (-code segment) and perform a long jump (to set the
code segment) at address 0x7c00 using segment 0x7c0 and offset 0x0.

Now, I can't read the bootable image directly at 0x7c00, so what I do
is I read it in GRUB_MEMORY_MACHINE_SCRATCH_ADDR + a small offset I
use for some structures. Then I have a function in startup.S which
will copy from that address, into 0x7c00 and then start executing the
image.

The problem is that QEMU freezes when I call the asm function. Was
wondering if anyone could take a quick look at the function to see if
I'm doing anything wrong, or if someone could suggest how to best
debug this issue...

Thanks in advance!

Here is the function:

--start--
/*
 *  void grub_eltorito_boot (int drive, void *buf, int size)
 *
 *  This starts an eltorito boot image from 0:7c00h
 */

FUNCTION(grub_eltorito_boot)
	pushl	%eax
    pushl   %edx
    pushl   %ecx

	call	EXT_C(grub_dl_unload_all)

	/* set up to pass boot drive */
	popl	%edx

    /* address in %ebx */
    popl    %ebx

    /* count in %ecx */
    popl    %ecx

    /* must move image to 0x07c0:0 */
    movw    $0x07c0,  %ax
    movw    %ax, %es
    xorw    %ax, %ax
    movw    %ax, %di

    pushl   %ebx

    /* offset to move from in  %si */
    andw    $0xf, %bx
    movw    %bx, %si

    /* segment to move from in %ds */
    popl    %ebx
    shrl    $4, %ebx
    movw    %bx, %ds

    /* move image */
    rep
    movsb


	/* Turn off Gate A20 */
	xorl	%eax, %eax
	call	EXT_C(grub_gate_a20)
	
	call	prot_to_real
	.code16
    xorw    %ax, %ax
    movw    %ax, %ds
    movw    %ax, %es
    movw    %ax, %fs
    movw    %ax, %gs
    movw    %ax, %ss
    ljmp    $0x07c0,$0
	.code32
--end--


-- 
Alex Roman <alex.roman@gmail.com>

Re: Loading boot image retrieved from CD-ROM

[Bean]

On Sun, Jun 24, 2007 at 12:31:14AM -0400, Alex Roman wrote:
> Hello,
> 
> As you may recall, I'm working on the Google Summer of Code project to
> enable GRUB2 to boot off CDs.
> 
> I can now read boot images from CDs using int 13h BIOS calls :) And
> I've confirmed I'm actually reading the ISOLINUX image because I can
> perform some manual disassembly and it matches what I see in the
> ISOLINUX source code :)
> 
> The problem is now booting them. From what I've gathered from the
> specs, I'm supposed to load the bootable image at address 0x7c00,
> clear the segments (-code segment) and perform a long jump (to set the
> code segment) at address 0x7c00 using segment 0x7c0 and offset 0x0.
> 
> Now, I can't read the bootable image directly at 0x7c00, so what I do
> is I read it in GRUB_MEMORY_MACHINE_SCRATCH_ADDR + a small offset I
> use for some structures. Then I have a function in startup.S which
> will copy from that address, into 0x7c00 and then start executing the
> image.
> 
> The problem is that QEMU freezes when I call the asm function. Was
> wondering if anyone could take a quick look at the function to see if
> I'm doing anything wrong, or if someone could suggest how to best
> debug this issue...
> 
> Thanks in advance!
> 
> Here is the function:
> 
> --start--
> /*
> *  void grub_eltorito_boot (int drive, void *buf, int size)
> *
> *  This starts an eltorito boot image from 0:7c00h
> */
> 
> FUNCTION(grub_eltorito_boot)
> 	pushl	%eax
>    pushl   %edx
>    pushl   %ecx
> 
> 	call	EXT_C(grub_dl_unload_all)
> 
> 	/* set up to pass boot drive */
> 	popl	%edx
> 
>    /* address in %ebx */
>    popl    %ebx
> 
>    /* count in %ecx */
>    popl    %ecx
> 
>    /* must move image to 0x07c0:0 */
>    movw    $0x07c0,  %ax
>    movw    %ax, %es
>    xorw    %ax, %ax
>    movw    %ax, %di
> 
>    pushl   %ebx
> 
>    /* offset to move from in  %si */
>    andw    $0xf, %bx
>    movw    %bx, %si
> 
>    /* segment to move from in %ds */
>    popl    %ebx
>    shrl    $4, %ebx
>    movw    %bx, %ds
> 
>    /* move image */
>    rep
>    movsb
> 
> 
> 	/* Turn off Gate A20 */
> 	xorl	%eax, %eax
> 	call	EXT_C(grub_gate_a20)
> 	
> 	call	prot_to_real
> 	.code16
>    xorw    %ax, %ax
>    movw    %ax, %ds
>    movw    %ax, %es
>    movw    %ax, %fs
>    movw    %ax, %gs
>    movw    %ax, %ss
>    ljmp    $0x07c0,$0
> 	.code32
> --end--

Maybe the image overwrites code in statrt.S after it's copied to 0x7c00. To
verify, you can print the address of function like grub_eltorito_boot,
grub_gate_a20 and prot_to_real, see if they're within range of 0x7c00 to
0x7c00 + image length.

-- 
Bean <bean123@126.com>

Re: Loading boot image retrieved from CD-ROM

[Alex Roman]

On 24/06/07, Alex Roman <alex.roman@gmail.com> wrote:
> FUNCTION(grub_eltorito_boot)
>         /* set up to pass boot drive */
>         popl    %edx
>
>     /* address in %ebx */
>     popl    %ebx
>
>     /* count in %ecx */
>     popl    %ecx

Oops.. these got a bit inverted, should pop in the order ecx, edx,
ebx... Still didn't solve my problem though...

-- 
Alex Roman <alex.roman@gmail.com>

Re: Loading boot image retrieved from CD-ROM

[Alex Roman]

On 24/06/07, Bean <bean123@126.com> wrote:
> Maybe the image overwrites code in statrt.S after it's copied to 0x7c00. To
> verify, you can print the address of function like grub_eltorito_boot,
> grub_gate_a20 and prot_to_real, see if they're within range of 0x7c00 to
> 0x7c00 + image length.

I don't have access from C code to grub_gate_a20 or prot_to_real
(unless I don't include the right header files)... However
grub_eltorito_boot ends up being at address 0x872c

I happen to copy 4 sectors, 2048 bytes each, so it would definitely
overwrite the code for grub_eltorito_boot.

So, what do I do in this case? The eltorito specs say the code should
reside at segment 7c0h...

-- 
Alex Roman <alex.roman@gmail.com>

Re: Loading boot image retrieved from CD-ROM

[Bean]

On Sun, Jun 24, 2007 at 01:00:13AM -0400, Alex Roman wrote:
> On 24/06/07, Bean <bean123@126.com> wrote:
> >Maybe the image overwrites code in statrt.S after it's copied to 0x7c00. To
> >verify, you can print the address of function like grub_eltorito_boot,
> >grub_gate_a20 and prot_to_real, see if they're within range of 0x7c00 to
> >0x7c00 + image length.
> 
> I don't have access from C code to grub_gate_a20 or prot_to_real
> (unless I don't include the right header files)... However
> grub_eltorito_boot ends up being at address 0x872c
> 
> I happen to copy 4 sectors, 2048 bytes each, so it would definitely
> overwrite the code for grub_eltorito_boot.
> 
> So, what do I do in this case? The eltorito specs say the code should
> reside at segment 7c0h...

Here is a possible solution. First, copy the image to 0x7c00 + N, when N is
large enough so that the image wouldn't overwrite any necessary function in
startup.S. After transition to real mode with prot_to_real, copy a trunk
funtion to somewhere below 0x7C00, and jump to that function. Then, copy
image from 0x7c00+N back to 0x7c00, and finally jump to 0x7c00.

-- 
Bean <bean123@126.com>

Re: Loading boot image retrieved from CD-ROM

[Vesa Jääskeläinen]

Alex Roman wrote:
> Hello,
> 
> As you may recall, I'm working on the Google Summer of Code project to
> enable GRUB2 to boot off CDs.
> 
> I can now read boot images from CDs using int 13h BIOS calls :) And
> I've confirmed I'm actually reading the ISOLINUX image because I can
> perform some manual disassembly and it matches what I see in the
> ISOLINUX source code :)

> 
> The problem is that QEMU freezes when I call the asm function. Was
> wondering if anyone could take a quick look at the function to see if
> I'm doing anything wrong, or if someone could suggest how to best
> debug this issue...

Sorry not having the time to test out PXE boot in vmware. Actually I
didn't event discover way to do PXE boot without setting up required
server software.... Anyway please provide floppy disk image next time ;)

Back to your issue. What BIOS call did you use? I am asking this because
if you did end up using packet calls then it might not work for ISOLINUX
as it most likely uses emulated reads. And might need drive remapping. I
have faint memory that some register needs to contain drive number being
booted. And now you have zeroed almost everything. Anyway. Best to make
custom image so that you know that you have booted it and not to quess
that perhaps something is happening :) You could easily make 512 bytes
image that does something like printing something to screen or so.

Here is a wiki link about memory map:
http://grub.enbug.org/MemoryMap