Re: [Qemu-devel] BIOS checksums?

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] BIOS checksums?

From:	Piotr Krysik
Subject:	Re: [Qemu-devel] BIOS checksums?
Date:	Mon, 21 Jun 2004 15:10:05 -0700 (PDT)

Hi,

A few words about the architecture.

As I mentioned, I'm trying to use QEMU to monitor
interactions between guest OS and real hardware.

To avoid interactions between guest and host OS, I
decided to run QEMU _without_ OS. It's started by boot
loader. The QEMU log is send to another machine. The
other machine can also be used to run remote gdb.

1. IO

QEMU uses serial port to communicate with the other
machine. There are also some other ports that should
be protected from access by code executed in the
emulator, as they may interact with QEMU (e.g. CPU
reset, DRAM Controller reprogramming). All the other
emulated IO ports are hooked to real machine.

I'm emulating some of the protected IO ports.

2. Memory

I have to reserve some memory for QEMU. I'm allocating
some MB of top of RAM. The rest is visible to guest OS
with it's real address (addresses used by emulated CPU
is identical to addresses used by hardware), so it
should be possible to use DMA without translating
addresses. Also I don't have to treat memory mapped
hardware in any special way.

The QEMU area is not visible to emulated CPU, so it's
protected from direct access by guest OS. It could be
accessed by DMA (e.g. broken drivers). If such
(unlikely) case is discovered, it can be handled by
intercepting and modifying IO or memory access used to
setup that DMA.

To run BIOS, I had to intercept some IO that tried to
reprogram RAM Controller.

3. CPU

QEMU runs in real mode with 32-bit addressing. All the
interrupts are redirected from host hardware to QEMU
by IRQ handler calling cpu_interrupt. Guest OS uses
emulated CPU provided by QEMU:-)

I'm protecting real CPU from switching A20 and reset,
and redirect them to emulated CPU.

To run BIOS, I had to disable SMM (System Management
Mode) by reprogramming ACPI, emulate self-test of
Keyboard Controller and intercept IO access to ACPI
and an unknown device at 0x03fX.

After QEMU is started it's possible to:
  * reset some hardware and restart BIOS or
  * reload boot sector and start guest OS.

It's not possible to build generic emulator capable of
restating BIOS. My prototype runs 440BX-based PC with
Award-based BIOS. The BIOS successfully reprograms
emulated DRAM Controller, test interrupts, initializes
PCI, etc. It's stating to test RAM and then goes into
BIOS setup (I didn't discover the reason yet, but
suspect timing). Emulating BIOS restart can be used to
monitor interactions between BIOS and hardware during
system start-up. And the mechanism is not limited to
PC.

Reloading boot sector and starting guest OS without
restarting BIOS should remove most of chipset and BIOS
dependencies. My prototype is capable to run Linux up
to the point of login prompt, but keyboard is not
functioning (my interrupt handler is not 100%
correct). This mode was tested only with QEMU emulated
hardware -- I run Linux inside my prototype inside
QEMU inside Linux.

BTW. What is "PMC config space"? Did you mean DIMM
Serial Presence Detect?

Regards,

Piotrek

--- Gianni Tedesco <address@hidden> wrote:
> On Mon, 2004-06-21 at 07:29 -0700, Piotr Krysik
> wrote:
> > Are you talking about using proprietary
> closed-source BIOS-es of real
> > PC? They are usually very hardware-depended.
> >  
> > In fact I started a project to use QEMU to monitor
> interactions
> > between guest OS and real hardware (similar to
> "PCI Host/Proxy" by
> > Gianni Tedesco, but not limited to PCI hardware).
> At this point I have
> > prof of concept prototype that successfully boots
> proprietary BIOS of
> > my PC up to the point of testing the RAM.
> 
> Sounds very interesting, are you doing this just
> generically by just
> hooking up virtual i/o ports to real ones? I guess
> to get a BIOS running
> it takes more than that?
> 
> Doesn't the BIOS use the PMC config space to query
> DRAM bank layout? If
> so that shouldn't be too difficult to modify
> hw/pci.c to do the right
> thing(tm)....
> 
> -- 
> // Gianni Tedesco (gianni at scaramanga dot co dot
> uk)
> lynx --source www.scaramanga.co.uk/scaramanga.asc |
> gpg --import
> 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669
> 8646 BE7D
> 

> ATTACHMENT part 1.2 application/pgp-signature
name=signature.asc
> _______________________________________________
> Qemu-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/qemu-devel
> 

__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] BIOS checksums?, Hetz Ben Hamo, 2004/06/21
- Re: [Qemu-devel] BIOS checksums?, Piotr Krysik, 2004/06/21
  - Re: [Qemu-devel] BIOS checksums?, Gianni Tedesco, 2004/06/21
    - Re: [Qemu-devel] BIOS checksums?, Piotr Krysik <=
    - Re: [Qemu-devel] BIOS checksums?, Gianni Tedesco, 2004/06/22
    - Re: [Qemu-devel] BIOS checksums?, Piotr Krysik, 2004/06/22

Prev by Date: Re: [Qemu-devel] Win2k-SP3
Next by Date: [Qemu-devel] Some news
Previous by thread: Re: [Qemu-devel] BIOS checksums?
Next by thread: Re: [Qemu-devel] BIOS checksums?
Index(es):
- Date
- Thread