SYSSIZE=0x8000 ; ; boot.s ; ; boot.s is loaded at 0x7c00 by the bios-startup routines, and moves itself ; out of the way to address 0x90000, and jumps there. ; ; It then loads the system at 0x10000, using BIOS interrupts. Thereafter ; it disables all interrupts, moves the system down to 0x0000, changes ; to protected mode, and calls the start of system. System then must ; RE-initialize the protected mode in it's own tables, and enable ; interrupts as needed. ; ; NOTE! currently system is at most 8*65536 bytes long. This should be no ; problem, even in the future. I want to keep it simple. This 512 kB ; kernel size should be enough - in fact more would mean we'd have to move ; not just these start-up routines, but also do something about the cache- ; memory (block IO devices). The area left over in the lower 640 kB is meant ; for these. No other memory is assumed to be "physical", ie all memory ; over 1Mb is demand-paging. All addresses under 1Mb are guaranteed to match ; their physical addresses. ; ; NOTE1 abouve is no longer valid in it's entirety. cache-memory is allocated ; above the 1Mb mark as well as below. Otherwise it is mainly correct. ; ; NOTE 2! The boot disk type must be set at compile-time, by setting ; the following equ. Having the boot-up procedure hunt for the right ; disk type is severe brain-damage. ; The loader has been made as simple as possible (had to, to get it ; in 512 bytes with the code to move to protected mode), and continuos ; read errors will result in a unbreakable loop. Reboot by hand. It ; loads pretty fast by getting whole sectors at a time whenever possible. ; 1.44Mb disks: sectors = 18 ; 1.2Mb disks: ; sectors = 15 ; 720kB disks: ; sectors = 9 .globl begtext, begdata, begbss, endtext, enddata, endbss .text begtext: .data begdata: .bss begbss: .text BOOTSEG = 0x07c0 INITSEG = 0x9000 SYSSEG = 0x1000 ; system loaded at 0x10000 (65536). ENDSEG = SYSSEG + SYSSIZE entry start start: mov ax,#BOOTSEG mov ds,ax mov ax,#INITSEG mov es,ax mov cx,#256 sub si,si sub di,di rep movw jmpi go,INITSEG go: mov ax,cs mov ds,ax mov es,ax mov ss,ax mov sp,#0x400 ; arbitrary value >>512 mov ah,#0x03 ; read cursor pos xor bh,bh int 0x10 mov cx,#24 mov bx,#0x0007 ; page 0, attribute 7 (normal) mov bp,#msg1 mov ax,#0x1301 ; write string, move cursor int 0x10 ; ok, we've written the message, now ; we want to load the system (at 0x10000) mov ax,#SYSSEG mov es,ax ; segment of 0x010000 call read_it ; call kill_motor ; if the read went well we get current cursor position ans save it for ; posterity. mov ah,#0x03 ; read cursor pos xor bh,bh int 0x10 ; save it in known place, con_init fetches mov [510],dx ; it from 0x90510. ; now we want to move to protected mode ... cli ; no interrupts allowed ! ; first we move the system to it's rightful place mov ax,#0x0000 cld ; 'direction'=0, movs moves forward do_move: mov es,ax ; destination segment add ax,#0x1000 cmp ax,#0x9000 jz end_move mov ds,ax ; source segment sub di,di sub si,si mov cx,#0x8000 rep movsw j do_move ; then we load the segment descriptors end_move: mov ax,cs ; right, forgot this at first. didn't work :-) mov ds,ax lidt idt_48 ; load idt with 0,0 lgdt gdt_48 ; load gdt with whatever appropriate ; that was painless, now we enable A20 ;;; call empty_8042 ;;; mov al,#0xD1 ; command write ;;; out #0x64,al ;;; call empty_8042 ;;; mov al,#0xDF ; A20 on ;;; out #0x60,al ;;; call empty_8042 ; well, that went ok, I hope. Now we have to reprogram the interrupts :-( ; we put them right after the intel-reserved hardware interrupts, at ; int 0x20-0x2F. There they won't mess up anything. Sadly IBM really ; messed this up with the original PC, and they haven't been able to ; rectify it afterwards. Thus the bios puts interrupts at 0x08-0x0f, ; which is used for the internal hardware interrupts as well. We just ; have to reprogram the 8259's, and it isn't fun. mov al,#0x11 ; initialization sequence out #0x20,al ; send it to 8259A-1 .word 0x00eb,0x00eb ; jmp $+2, jmp $+2 out #0xA0,al ; and to 8259A-2 .word 0x00eb,0x00eb mov al,#0x20 ; start of hardware int's (0x20) out #0x21,al .word 0x00eb,0x00eb mov al,#0x28 ; start of hardware int's 2 (0x28) out #0xA1,al .word 0x00eb,0x00eb mov al,#0x04 ; 8259-1 is master out #0x21,al .word 0x00eb,0x00eb mov al,#0x02 ; 8259-2 is slave out #0xA1,al .word 0x00eb,0x00eb mov al,#0x01 ; 8086 mode for both out #0x21,al .word 0x00eb,0x00eb out #0xA1,al .word 0x00eb,0x00eb mov al,#0xFF ; mask off all interrupts for now out #0x21,al .word 0x00eb,0x00eb out #0xA1,al ; well, that certainly wasn't fun :-(. Hopefully it works, and we don't ; need no steenking BIOS anyway (except for the initial loading :-). ; The BIOS-routine wants lots of unnecessary data, and it's less ; "interesting" anyway. This is how REAL programmers do it. ; ; Well, now's the time to actually move into protected mode. To make ; things as simple as possible, we do no register set-up or anything, ; we let the gnu-compiled 32-bit programs do that. We just jump to ; absolute address 0x00000, in 32-bit protected mode. mov ax,#0x0001 ; protected mode (PE) bit ; lmsw ax ; This is it! mov cr0, eax jmpi 0,8 ; jmp offset 0 of segment 8 (cs) ; This routine checks that the keyboard command queue is empty ; No timeout is used - if this hangs there is something wrong with ; the machine, and we probably couldn't proceed anyway. empty_8042: .word 0x00eb,0x00eb in al,#0x64 ; 8042 status port test al,#2 ; is input buffer full? jnz empty_8042 ; yes - loop ret ; This routine loads the system at address 0x10000, making sure ; no 64kB boundaries are crossed. We try to load it as fast as ; possible, loading whole tracks whenever we can. ; ; in: es - starting address segment (normally 0x1000) ; ; This routine has to be recompiled to fit another drive type, ; just change the "sectors" variable at the start of the file ; (originally 18, for a 1.44Mb drive) ; sread: .word 1 ; sectors read of current track head: .word 0 ; current head track: .word 0 ; current track read_it: mov ax,es test ax,#0x0fff die: jne die ; es must be at 64kB boundary xor bx,bx ; bx is starting address within segment rp_read: mov ax,es cmp ax,#ENDSEG ; have we loaded all yet? jb ok1_read ret ok1_read: mov ax,#sectors sub ax,sread mov cx,ax shl cx,#9 add cx,bx jnc ok2_read je ok2_read xor ax,ax sub ax,bx shr ax,#9 ok2_read: call read_track mov cx,ax add ax,sread cmp ax,#sectors jne ok3_read mov ax,#1 sub ax,head jne ok4_read inc track ok4_read: mov head,ax xor ax,ax ok3_read: mov sread,ax shl cx,#9 add bx,cx jnc rp_read mov ax,es add ax,#0x1000 mov es,ax xor bx,bx jmp rp_read read_track: push ax push bx push cx push dx mov dx,track mov cx,sread inc cx mov ch,dl mov dx,head mov dh,dl mov dl,#0 and dx,#0x0100 mov ah,#2 int 0x13 jc bad_rt pop dx pop cx pop bx pop ax ret bad_rt: mov ax,#0 mov dx,#0 int 0x13 pop dx pop cx pop bx pop ax jmp read_track /* * This procedure turns off the floppy drive motor, so * that we enter the kernel in a known state, and * don't have to worry about it later. */ kill_motor: push dx mov dx,#0x3f2 mov al,#0 outb pop dx ret gdt: .word 0,0,0,0 ; dummy .word 0x07FF ; 8Mb - limit=2047 (2048*4096=8Mb) .word 0x0000 ; base address=0 .word 0x9A00 ; code read/exec .word 0x00C0 ; granularity=4096, 386 .word 0x07FF ; 8Mb - limit=2047 (2048*4096=8Mb) .word 0x0000 ; base address=0 .word 0x9200 ; data read/write .word 0x00C0 ; granularity=4096, 386 idt_48: .word 0 ; idt limit=0 .word 0,0 ; idt base=0L gdt_48: .word 0x800 ; gdt limit=2048, 256 GDT entries .word gdt,0x9 ; gdt base = 0X9xxxx msg1: .byte 13,10 .ascii "Loading system ..." .byte 13,10,13,10 .text endtext: .data enddata: .bss endbss: