diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 02:56:35 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 02:56:35 +0000 |
commit | eba0cfa6b0bef4f2e73c8630a7efa3944df8b0f8 (patch) | |
tree | 74c37eede1f0634cc5de1c63c934edaa1630c6bc /doc | |
parent | Initial commit. (diff) | |
download | kexec-tools-eba0cfa6b0bef4f2e73c8630a7efa3944df8b0f8.tar.xz kexec-tools-eba0cfa6b0bef4f2e73c8630a7efa3944df8b0f8.zip |
Adding upstream version 1:2.0.27.upstream/1%2.0.27upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/Makefile | 5 | ||||
-rw-r--r-- | doc/linux-i386-boot.txt | 438 | ||||
-rw-r--r-- | doc/linux-i386-zero-page.txt | 78 | ||||
-rw-r--r-- | doc/multiboot.html | 664 | ||||
-rw-r--r-- | doc/nbi-spec.txt | 660 |
5 files changed, 1845 insertions, 0 deletions
diff --git a/doc/Makefile b/doc/Makefile new file mode 100644 index 0000000..3442e09 --- /dev/null +++ b/doc/Makefile @@ -0,0 +1,5 @@ +dist += doc/Makefile \ + doc/linux-i386-boot.txt \ + doc/linux-i386-zero-page.txt \ + doc/multiboot.html \ + doc/nbi-spec.txt diff --git a/doc/linux-i386-boot.txt b/doc/linux-i386-boot.txt new file mode 100644 index 0000000..afa6d12 --- /dev/null +++ b/doc/linux-i386-boot.txt @@ -0,0 +1,438 @@ + THE LINUX/I386 BOOT PROTOCOL + ---------------------------- + + H. Peter Anvin <hpa@zytor.com> + Last update 2002-01-01 + +On the i386 platform, the Linux kernel uses a rather complicated boot +convention. This has evolved partially due to historical aspects, as +well as the desire in the early days to have the kernel itself be a +bootable image, the complicated PC memory model and due to changed +expectations in the PC industry caused by the effective demise of +real-mode DOS as a mainstream operating system. + +Currently, four versions of the Linux/i386 boot protocol exist. + +Old kernels: zImage/Image support only. Some very early kernels + may not even support a command line. + +Protocol 2.00: (Kernel 1.3.73) Added bzImage and initrd support, as + well as a formalized way to communicate between the + boot loader and the kernel. setup.S made relocatable, + although the traditional setup area still assumed + writable. + +Protocol 2.01: (Kernel 1.3.76) Added a heap overrun warning. + +Protocol 2.02: (Kernel 2.4.0-test3-pre3) New command line protocol. + Lower the conventional memory ceiling. No overwrite + of the traditional setup area, thus making booting + safe for systems which use the EBDA from SMM or 32-bit + BIOS entry points. zImage deprecated but still + supported. + +Protocol 2.03: (Kernel 2.4.18-pre1) Explicitly makes the highest possible + initrd address available to the bootloader. + + +**** MEMORY LAYOUT + +The traditional memory map for the kernel loader, used for Image or +zImage kernels, typically looks like: + + | | +0A0000 +------------------------+ + | Reserved for BIOS | Do not use. Reserved for BIOS EBDA. +09A000 +------------------------+ + | Stack/heap/cmdline | For use by the kernel real-mode code. +098000 +------------------------+ + | Kernel setup | The kernel real-mode code. +090200 +------------------------+ + | Kernel boot sector | The kernel legacy boot sector. +090000 +------------------------+ + | Protected-mode kernel | The bulk of the kernel image. +010000 +------------------------+ + | Boot loader | <- Boot sector entry point 0000:7C00 +001000 +------------------------+ + | Reserved for MBR/BIOS | +000800 +------------------------+ + | Typically used by MBR | +000600 +------------------------+ + | BIOS use only | +000000 +------------------------+ + + +When using bzImage, the protected-mode kernel was relocated to +0x100000 ("high memory"), and the kernel real-mode block (boot sector, +setup, and stack/heap) was made relocatable to any address between +0x10000 and end of low memory. Unfortunately, in protocols 2.00 and +2.01 the command line is still required to live in the 0x9XXXX memory +range, and that memory range is still overwritten by the early kernel. +The 2.02 protocol resolves that problem. + +It is desirable to keep the "memory ceiling" -- the highest point in +low memory touched by the boot loader -- as low as possible, since +some newer BIOSes have begun to allocate some rather large amounts of +memory, called the Extended BIOS Data Area, near the top of low +memory. The boot loader should use the "INT 12h" BIOS call to verify +how much low memory is available. + +Unfortunately, if INT 12h reports that the amount of memory is too +low, there is usually nothing the boot loader can do but to report an +error to the user. The boot loader should therefore be designed to +take up as little space in low memory as it reasonably can. For +zImage or old bzImage kernels, which need data written into the +0x90000 segment, the boot loader should make sure not to use memory +above the 0x9A000 point; too many BIOSes will break above that point. + + +**** THE REAL-MODE KERNEL HEADER + +In the following text, and anywhere in the kernel boot sequence, "a +sector" refers to 512 bytes. It is independent of the actual sector +size of the underlying medium. + +The first step in loading a Linux kernel should be to load the +real-mode code (boot sector and setup code) and then examine the +following header at offset 0x01f1. The real-mode code can total up to +32K, although the boot loader may choose to load only the first two +sectors (1K) and then examine the bootup sector size. + +The header looks like: + +Offset Proto Name Meaning +/Size + +01F1/1 ALL setup_sects The size of the setup in sectors +01F2/2 ALL root_flags If set, the root is mounted readonly +01F4/2 ALL syssize DO NOT USE - for bootsect.S use only +01F6/2 ALL swap_dev DO NOT USE - obsolete +01F8/2 ALL ram_size DO NOT USE - for bootsect.S use only +01FA/2 ALL vid_mode Video mode control +01FC/2 ALL root_dev Default root device number +01FE/2 ALL boot_flag 0xAA55 magic number +0200/2 2.00+ jump Jump instruction +0202/4 2.00+ header Magic signature "HdrS" +0206/2 2.00+ version Boot protocol version supported +0208/4 2.00+ realmode_swtch Boot loader hook (see below) +020C/2 2.00+ start_sys The load-low segment (0x1000) (obsolete) +020E/2 2.00+ kernel_version Pointer to kernel version string +0210/1 2.00+ type_of_loader Boot loader identifier +0211/1 2.00+ loadflags Boot protocol option flags +0212/2 2.00+ setup_move_size Move to high memory size (used with hooks) +0214/4 2.00+ code32_start Boot loader hook (see below) +0218/4 2.00+ ramdisk_image initrd load address (set by boot loader) +021C/4 2.00+ ramdisk_size initrd size (set by boot loader) +0220/4 2.00+ bootsect_kludge DO NOT USE - for bootsect.S use only +0224/2 2.01+ heap_end_ptr Free memory after setup end +0226/2 N/A pad1 Unused +0228/4 2.02+ cmd_line_ptr 32-bit pointer to the kernel command line +022C/4 2.03+ initrd_addr_max Highest legal initrd address + +For backwards compatibility, if the setup_sects field contains 0, the +real value is 4. + +If the "HdrS" (0x53726448) magic number is not found at offset 0x202, +the boot protocol version is "old". Loading an old kernel, the +following parameters should be assumed: + + Image type = zImage + initrd not supported + Real-mode kernel must be located at 0x90000. + +Otherwise, the "version" field contains the protocol version, +e.g. protocol version 2.01 will contain 0x0201 in this field. When +setting fields in the header, you must make sure only to set fields +supported by the protocol version in use. + +The "kernel_version" field, if set to a nonzero value, contains a +pointer to a null-terminated human-readable kernel version number +string, less 0x200. This can be used to display the kernel version to +the user. This value should be less than (0x200*setup_sects). For +example, if this value is set to 0x1c00, the kernel version number +string can be found at offset 0x1e00 in the kernel file. This is a +valid value if and only if the "setup_sects" field contains the value +14 or higher. + +Most boot loaders will simply load the kernel at its target address +directly. Such boot loaders do not need to worry about filling in +most of the fields in the header. The following fields should be +filled out, however: + + vid_mode: + Please see the section on SPECIAL COMMAND LINE OPTIONS. + + type_of_loader: + If your boot loader has an assigned id (see table below), enter + 0xTV here, where T is an identifier for the boot loader and V is + a version number. Otherwise, enter 0xFF here. + + Assigned boot loader ids: + 0 LILO + 1 Loadlin + 2 bootsect-loader + 3 SYSLINUX + 4 EtherBoot + + Please contact <hpa@zytor.com> if you need a bootloader ID + value assigned. + + loadflags, heap_end_ptr: + If the protocol version is 2.01 or higher, enter the + offset limit of the setup heap into heap_end_ptr and set the + 0x80 bit (CAN_USE_HEAP) of loadflags. heap_end_ptr appears to + be relative to the start of setup (offset 0x0200). + + setup_move_size: + When using protocol 2.00 or 2.01, if the real mode + kernel is not loaded at 0x90000, it gets moved there later in + the loading sequence. Fill in this field if you want + additional data (such as the kernel command line) moved in + addition to the real-mode kernel itself. + + ramdisk_image, ramdisk_size: + If your boot loader has loaded an initial ramdisk (initrd), + set ramdisk_image to the 32-bit pointer to the ramdisk data + and the ramdisk_size to the size of the ramdisk data. + + The initrd should typically be located as high in memory as + possible, as it may otherwise get overwritten by the early + kernel initialization sequence. However, it must never be + located above the address specified in the initrd_addr_max + field. The initrd should be at least 4K page aligned. + + cmd_line_ptr: + If the protocol version is 2.02 or higher, this is a 32-bit + pointer to the kernel command line. The kernel command line + can be located anywhere between the end of setup and 0xA0000. + Fill in this field even if your boot loader does not support a + command line, in which case you can point this to an empty + string (or better yet, to the string "auto".) If this field + is left at zero, the kernel will assume that your boot loader + does not support the 2.02+ protocol. + + ramdisk_max: + The maximum address that may be occupied by the initrd + contents. For boot protocols 2.02 or earlier, this field is + not present, and the maximum address is 0x37FFFFFF. (This + address is defined as the address of the highest safe byte, so + if your ramdisk is exactly 131072 bytes long and this field is + 0x37FFFFFF, you can start your ramdisk at 0x37FE0000.) + + +**** THE KERNEL COMMAND LINE + +The kernel command line has become an important way for the boot +loader to communicate with the kernel. Some of its options are also +relevant to the boot loader itself, see "special command line options" +below. + +The kernel command line is a null-terminated string up to 255 +characters long, plus the final null. + +If the boot protocol version is 2.02 or later, the address of the +kernel command line is given by the header field cmd_line_ptr (see +above.) + +If the protocol version is *not* 2.02 or higher, the kernel +command line is entered using the following protocol: + + At offset 0x0020 (word), "cmd_line_magic", enter the magic + number 0xA33F. + + At offset 0x0022 (word), "cmd_line_offset", enter the offset + of the kernel command line (relative to the start of the + real-mode kernel). + + The kernel command line *must* be within the memory region + covered by setup_move_size, so you may need to adjust this + field. + + +**** SAMPLE BOOT CONFIGURATION + +As a sample configuration, assume the following layout of the real +mode segment: + + 0x0000-0x7FFF Real mode kernel + 0x8000-0x8FFF Stack and heap + 0x9000-0x90FF Kernel command line + +Such a boot loader should enter the following fields in the header: + + unsigned long base_ptr; /* base address for real-mode segment */ + + if ( setup_sects == 0 ) { + setup_sects = 4; + } + + if ( protocol >= 0x0200 ) { + type_of_loader = <type code>; + if ( loading_initrd ) { + ramdisk_image = <initrd_address>; + ramdisk_size = <initrd_size>; + } + if ( protocol >= 0x0201 ) { + heap_end_ptr = 0x9000 - 0x200; + loadflags |= 0x80; /* CAN_USE_HEAP */ + } + if ( protocol >= 0x0202 ) { + cmd_line_ptr = base_ptr + 0x9000; + } else { + cmd_line_magic = 0xA33F; + cmd_line_offset = 0x9000; + setup_move_size = 0x9100; + } + } else { + /* Very old kernel */ + + cmd_line_magic = 0xA33F; + cmd_line_offset = 0x9000; + + /* A very old kernel MUST have its real-mode code + loaded at 0x90000 */ + + if ( base_ptr != 0x90000 ) { + /* Copy the real-mode kernel */ + memcpy(0x90000, base_ptr, (setup_sects+1)*512); + /* Copy the command line */ + memcpy(0x99000, base_ptr+0x9000, 256); + + base_ptr = 0x90000; /* Relocated */ + } + + /* It is recommended to clear memory up to the 32K mark */ + memset(0x90000 + (setup_sects+1)*512, 0, + (64-(setup_sects+1))*512); + } + + +**** LOADING THE REST OF THE KERNEL + +The non-real-mode kernel starts at offset (setup_sects+1)*512 in the +kernel file (again, if setup_sects == 0 the real value is 4.) It +should be loaded at address 0x10000 for Image/zImage kernels and +0x100000 for bzImage kernels. + +The kernel is a bzImage kernel if the protocol >= 2.00 and the 0x01 +bit (LOAD_HIGH) in the loadflags field is set: + + is_bzImage = (protocol >= 0x0200) && (loadflags & 0x01); + load_address = is_bzImage ? 0x100000 : 0x10000; + +Note that Image/zImage kernels can be up to 512K in size, and thus use +the entire 0x10000-0x90000 range of memory. This means it is pretty +much a requirement for these kernels to load the real-mode part at +0x90000. bzImage kernels allow much more flexibility. + + +**** SPECIAL COMMAND LINE OPTIONS + +If the command line provided by the boot loader is entered by the +user, the user may expect the following command line options to work. +They should normally not be deleted from the kernel command line even +though not all of them are actually meaningful to the kernel. Boot +loader authors who need additional command line options for the boot +loader itself should get them registered in +Documentation/kernel-parameters.txt to make sure they will not +conflict with actual kernel options now or in the future. + + vga=<mode> + <mode> here is either an integer (in C notation, either + decimal, octal, or hexadecimal) or one of the strings + "normal" (meaning 0xFFFF), "ext" (meaning 0xFFFE) or "ask" + (meaning 0xFFFD). This value should be entered into the + vid_mode field, as it is used by the kernel before the command + line is parsed. + + mem=<size> + <size> is an integer in C notation optionally followed by K, M + or G (meaning << 10, << 20 or << 30). This specifies the end + of memory to the kernel. This affects the possible placement + of an initrd, since an initrd should be placed near end of + memory. Note that this is an option to *both* the kernel and + the bootloader! + + initrd=<file> + An initrd should be loaded. The meaning of <file> is + obviously bootloader-dependent, and some boot loaders + (e.g. LILO) do not have such a command. + +In addition, some boot loaders add the following options to the +user-specified command line: + + BOOT_IMAGE=<file> + The boot image which was loaded. Again, the meaning of <file> + is obviously bootloader-dependent. + + auto + The kernel was booted without explicit user intervention. + +If these options are added by the boot loader, it is highly +recommended that they are located *first*, before the user-specified +or configuration-specified command line. Otherwise, "init=/bin/sh" +gets confused by the "auto" option. + + +**** RUNNING THE KERNEL + +The kernel is started by jumping to the kernel entry point, which is +located at *segment* offset 0x20 from the start of the real mode +kernel. This means that if you loaded your real-mode kernel code at +0x90000, the kernel entry point is 9020:0000. + +At entry, ds = es = ss should point to the start of the real-mode +kernel code (0x9000 if the code is loaded at 0x90000), sp should be +set up properly, normally pointing to the top of the heap, and +interrupts should be disabled. Furthermore, to guard against bugs in +the kernel, it is recommended that the boot loader sets fs = gs = ds = +es = ss. + +In our example from above, we would do: + + /* Note: in the case of the "old" kernel protocol, base_ptr must + be == 0x90000 at this point; see the previous sample code */ + + seg = base_ptr >> 4; + + cli(); /* Enter with interrupts disabled! */ + + /* Set up the real-mode kernel stack */ + _SS = seg; + _SP = 0x9000; /* Load SP immediately after loading SS! */ + + _DS = _ES = _FS = _GS = seg; + jmp_far(seg+0x20, 0); /* Run the kernel */ + +If your boot sector accesses a floppy drive, it is recommended to +switch off the floppy motor before running the kernel, since the +kernel boot leaves interrupts off and thus the motor will not be +switched off, especially if the loaded kernel has the floppy driver as +a demand-loaded module! + + +**** ADVANCED BOOT TIME HOOKS + +If the boot loader runs in a particularly hostile environment (such as +LOADLIN, which runs under DOS) it may be impossible to follow the +standard memory location requirements. Such a boot loader may use the +following hooks that, if set, are invoked by the kernel at the +appropriate time. The use of these hooks should probably be +considered an absolutely last resort! + +IMPORTANT: All the hooks are required to preserve %esp, %ebp, %esi and +%edi across invocation. + + realmode_swtch: + A 16-bit real mode far subroutine invoked immediately before + entering protected mode. The default routine disables NMI, so + your routine should probably do so, too. + + code32_start: + A 32-bit flat-mode routine *jumped* to immediately after the + transition to protected mode, but before the kernel is + uncompressed. No segments, except CS, are set up; you should + set them up to KERNEL_DS (0x18) yourself. + + After completing your hook, you should jump to the address + that was in this field before your boot loader overwrote it. diff --git a/doc/linux-i386-zero-page.txt b/doc/linux-i386-zero-page.txt new file mode 100644 index 0000000..e2582a6 --- /dev/null +++ b/doc/linux-i386-zero-page.txt @@ -0,0 +1,78 @@ +Summary of boot_params layout (kernel point of view) + ( collected by Hans Lermen and Martin Mares ) + +The contents of boot_params are used to pass parameters from the +16-bit realmode code of the kernel to the 32-bit part. References/settings +to it mainly are in: + + arch/i386/boot/setup.S + arch/i386/boot/video.S + arch/i386/kernel/head.S + arch/i386/kernel/setup.c + + +Offset Type Description +------ ---- ----------- + 0 32 bytes struct screen_info, SCREEN_INFO + ATTENTION, overlaps the following !!! + 2 unsigned short EXT_MEM_K, extended memory size in Kb (from int 0x15) + 0x20 unsigned short CL_MAGIC, commandline magic number (=0xA33F) + 0x22 unsigned short CL_OFFSET, commandline offset + Address of commandline is calculated: + 0x90000 + contents of CL_OFFSET + (only taken, when CL_MAGIC = 0xA33F) + 0x40 20 bytes struct apm_bios_info, APM_BIOS_INFO + 0x60 16 bytes Intel SpeedStep (IST) BIOS support information + 0x80 16 bytes hd0-disk-parameter from intvector 0x41 + 0x90 16 bytes hd1-disk-parameter from intvector 0x46 + + 0xa0 16 bytes System description table truncated to 16 bytes. + ( struct sys_desc_table_struct ) + 0xb0 - 0x1c3 Free. Add more parameters here if you really need them. + +0x1c4 unsigned long EFI system table pointer +0x1c8 unsigned long EFI memory descriptor size +0x1cc unsigned long EFI memory descriptor version +0x1d0 unsigned long EFI memory descriptor map pointer +0x1d4 unsigned long EFI memory descriptor map size +0x1e0 unsigned long ALT_MEM_K, alternative mem check, in Kb +0x1e8 char number of entries in E820MAP (below) +0x1e9 unsigned char number of entries in EDDBUF (below) +0x1ea unsigned char number of entries in EDD_MBR_SIG_BUFFER (below) +0x1f1 char size of setup.S, number of sectors +0x1f2 unsigned short MOUNT_ROOT_RDONLY (if !=0) +0x1f4 unsigned short size of compressed kernel-part in the + (b)zImage-file (in 16 byte units, rounded up) +0x1f6 unsigned short swap_dev (unused AFAIK) +0x1f8 unsigned short RAMDISK_FLAGS +0x1fa unsigned short VGA-Mode (old one) +0x1fc unsigned short ORIG_ROOT_DEV (high=Major, low=minor) +0x1ff char AUX_DEVICE_INFO + +0x200 short jump to start of setup code aka "reserved" field. +0x202 4 bytes Signature for SETUP-header, ="HdrS" +0x206 unsigned short Version number of header format + Current version is 0x0201... +0x208 8 bytes (used by setup.S for communication with boot loaders, + look there) +0x210 char LOADER_TYPE, = 0, old one + else it is set by the loader: + 0xTV: T=0 for LILO + 1 for Loadlin + 2 for bootsect-loader + 3 for SYSLINUX + 4 for ETHERBOOT + V = version +0x211 char loadflags: + bit0 = 1: kernel is loaded high (bzImage) + bit7 = 1: Heap and pointer (see below) set by boot + loader. +0x212 unsigned short (setup.S) +0x214 unsigned long KERNEL_START, where the loader started the kernel +0x218 unsigned long INITRD_START, address of loaded ramdisk image +0x21c unsigned long INITRD_SIZE, size in bytes of ramdisk image +0x220 4 bytes (setup.S) +0x224 unsigned short setup.S heap end pointer +0x290 - 0x2cf EDD_MBR_SIG_BUFFER (edd.S) +0x2d0 - 0x600 E820MAP +0xd00 - 0xeec EDDBUF (edd.S) for edd data diff --git a/doc/multiboot.html b/doc/multiboot.html new file mode 100644 index 0000000..bd41444 --- /dev/null +++ b/doc/multiboot.html @@ -0,0 +1,664 @@ +<HTML> + +<HEAD> +<TITLE>Multiboot Standard</TITLE> +</HEAD> + +<BODY> + +<CENTER><H1>Multiboot Standard</H1></CENTER> +<CENTER><H3>Version 0.6</H3></CENTER> + +<HR> + +<H2>Contents</H2> + +<UL> +<LI> <A HREF="#motivation">Motivation</A> +<LI> <A HREF="#terminology">Terminology</A> +<LI> <A HREF="#scope">Scope and Requirements</A> +<LI> <A HREF="#details">Details</A> +<LI> <A HREF="#author">Authors</A> +<LI> <B>NOTE: The following items are not part of the standards document, +but are included for prospective OS and bootloader writers.</B> +<LI> <A HREF="#notes">Notes on PCs</A> +<LI> <A HREF="#example_os">Example OS Code</A> +<LI> <A HREF="#example_boot">Example Bootloader Code</A> +</UL> + +<HR> + +<H2><A NAME="motivation">Motivation</A></H2> + +Every OS ever created tends to have its own boot loader. Installing a new +OS on a machine generally involves installing a whole new set of boot +mechanisms, each with completely different install-time and boot-time user +interfaces. Getting multiple operating systems to coexist reliably on one +machine through typical "chaining" mechanisms can be a nightmare. There is +little or no choice of boot loaders for a particular operating system - if +the one that comes with the OS doesn't do exactly what you want, or doesn't +work on your machine, you're screwed.<P> + +While we may not be able to fix this problem in existing commercial +operating systems, it shouldn't be too difficult for a few people in the +free OS communities to put their heads together and solve this problem for +the popular free operating systems. That's what this standard aims for. +Basically, it specifies an interface between a boot loader and a operating +system, such that any complying boot loader should be able to load any +complying operating system. This standard does NOT specify how boot +loaders should work - only how they must interface with the OS being +loaded.<P> + +<HR> + +<H2><A NAME="terminology">Terminology</A></H2> + +Throughout this document, the term "boot loader" means whatever program or +set of programs loads the image of the final operating system to be run on +the machine. The boot loader may itself consist of several stages, but +that is an implementation detail not relevant to this standard. Only the +"final" stage of the boot loader - the stage that eventually transfers +control to the OS - needs to follow the rules specified in this document +in order to be "MultiBoot compliant"; earlier boot loader stages can be +designed in whatever way is most convenient.<P> + +The term "OS image" is used to refer to the initial binary image that the +boot loader loads into memory and transfers control to to start the OS. +The OS image is typically an executable containing the OS kernel.<P> + +The term "boot module" refers to other auxiliary files that the boot loader +loads into memory along with the OS image, but does not interpret in any +way other than passing their locations to the OS when it is invoked.<P> + +<HR> + +<H2><A NAME="scope">Scope and Requirements</A></H2> + +<H3>Architectures</H3> + +This standard is primarily targetted at PC's, since they are the most +common and have the largest variety of OS's and boot loaders. However, to +the extent that certain other architectures may need a boot standard and do +not have one already, a variation of this standard, stripped of the +x86-specific details, could be adopted for them as well.<P> + +<H3>Operating systems</H3> + +This standard is targetted toward free 32-bit operating systems that can be +fairly easily modified to support the standard without going through lots of +bureaucratic rigmarole. The particular free OS's that this standard is +being primarily designed for are Linux, FreeBSD, NetBSD, Mach, and VSTa. +It is hoped that other emerging free OS's will adopt it from the start, and +thus immediately be able to take advantage of existing boot loaders. It +would be nice if commercial operating system vendors eventually adopted +this standard as well, but that's probably a pipe dream.<P> + +<H3>Boot sources</H3> + +It should be possible to write compliant boot loaders that +load the OS image from a variety of sources, including floppy disk, hard +disk, and across a network.<P> + +Disk-based boot loaders may use a variety of techniques to find the +relevant OS image and boot module data on disk, such as by interpretation +of specific file systems (e.g. the BSD/Mach boot loader), using +precalculated "block lists" (e.g. LILO), loading from a special "boot +partition" (e.g. OS/2), or even loading from within another operating +system (e.g. the VSTa boot code, which loads from DOS). Similarly, +network-based boot loaders could use a variety of network hardware and +protocols.<P> + +It is hoped that boot loaders will be created that support multiple loading +mechanisms, increasing their portability, robustness, and +user-friendliness.<P> + +<H3>Boot-time configuration</H3> + +It is often necessary for one reason or another for the user to be able to +provide some configuration information to the OS dynamically at boot time. +While this standard should not dictate how this configuration information +is obtained by the boot loader, it should provide a standard means for the +boot loader to pass such information to the OS.<P> + +<H3>Convenience to the OS</H3> + +OS images should be easy to generate. Ideally, an OS image should simply +be an ordinary 32-bit executable file in whatever file format the OS +normally uses. It should be possible to 'nm' or disassemble OS images just +like normal executables. Specialized tools should not be needed to create +OS images in a "special" file format. If this means shifting some work +from the OS to the boot loader, that is probably appropriate, because all +the memory consumed by the boot loader will typically be made available +again after the boot process is created, whereas every bit of code in the +OS image typically has to remain in memory forever. The OS should not have +to worry about getting into 32-bit mode initially, because mode switching +code generally needs to be in the boot loader anyway in order to load OS +data above the 1MB boundary, and forcing the OS to do this makes creation +of OS images much more difficult.<P> + +Unfortunately, there is a horrendous variety of executable file formats +even among free Unix-like PC-based OS's - generally a different format for +each OS. Most of the relevant free OS's use some variant of a.out format, +but some are moving to ELF. It is highly desirable for boot loaders not to +have to be able to interpret all the different types of executable file +formats in existence in order to load the OS image - otherwise the boot +loader effectively becomes OS-specific again.<P> + +This standard adopts a compromise solution to this problem. +MultiBoot compliant boot images always either (a) are in ELF format, or (b) +contain a "magic MultiBoot header", described below, which allows the boot +loader to load the image without having to understand numerous a.out +variants or other executable formats. This magic header does not need +to be at the very beginning of the executable file, so kernel images can +still conform to the local a.out format variant in addition to being +MultiBoot compliant.<P> + +<H3>Boot modules</H3> + +Many modern operating system kernels, such as those of VSTa and Mach, do +not by themselves contain enough mechanism to get the system fully +operational: they require the presence of additional software modules at +boot time in order to access devices, mount file systems, etc. While these +additional modules could be embedded in the main OS image along with the +kernel itself, and the resulting image be split apart manually by the OS +when it receives control, it is often more flexible, more space-efficient, +and more convenient to the OS and user if the boot loader can load these +additional modules independently in the first place.<P> + +Thus, this standard should provide a standard method for a boot loader to +indicate to the OS what auxiliary boot modules were loaded, and where they +can be found. Boot loaders don't have to support multiple boot modules, +but they are strongly encouraged to, because some OS's will be unable to +boot without them.<P> + +<HR> + +<H2><A NAME="details">Details</H2> + +There are three main aspects of the boot-loader/OS image interface this +standard must specify:<P> + +<UL> +<LI>The format of the OS image as seen by the boot loader. +<LI>The state of the machine when the boot loader starts the OS. +<LI>The format of the information passed by the boot loader to the OS. +</UL> + +<H3>OS Image Format</H3> + +An OS image is generally just an ordinary 32-bit executable file in the +standard format for that particular OS, except that it may be linked at a +non-default load address to avoid loading on top of the PC's I/O region +or other reserved areas, and of course it can't use shared libraries or +other fancy features. Initially, only images in a.out format are +supported; ELF support will probably later be specified in the standard.<P> + +Unfortunately, the exact meaning of the text, data, bss, and entry fields +of a.out headers tends to vary widely between different executable flavors, +and it is sometimes very difficult to distinguish one flavor from another +(e.g. Linux ZMAGIC executables and Mach ZMAGIC executables). Furthermore, +there is no simple, reliable way of determining at what address in memory +the text segment is supposed to start. Therefore, this standard requires +that an additional header, known as a 'multiboot_header', appear somewhere +near the beginning of the executable file. In general it should come "as +early as possible", and is typically embedded in the beginning of the text +segment after the "real" executable header. It _must_ be contained +completely within the first 8192 bytes of the executable file, and must be +longword (32-bit) aligned. These rules allow the boot loader to find and +synchronize with the text segment in the a.out file without knowing +beforehand the details of the a.out variant. The layout of the header is +as follows:<P> + +<pre> + +-------------------+ +0 | magic: 0x1BADB002 | (required) +4 | flags | (required) +8 | checksum | (required) + +-------------------+ +8 | header_addr | (present if flags[16] is set) +12 | load_addr | (present if flags[16] is set) +16 | load_end_addr | (present if flags[16] is set) +20 | bss_end_addr | (present if flags[16] is set) +24 | entry_addr | (present if flags[16] is set) + +-------------------+ +</pre> + +All fields are in little-endian byte order, of course. The first field is +the magic number identifying the header, which must be the hex value +0x1BADB002.<P> + +The flags field specifies features that the OS image requests or requires +of the boot loader. Bits 0-15 indicate requirements; if the boot loader +sees any of these bits set but doesn't understand the flag or can't fulfill +the requirements it indicates for some reason, it must notify the user and +fail to load the OS image. Bits 16-31 indicate optional features; if any +bits in this range are set but the boot loader doesn't understand them, it +can simply ignore them and proceed as usual. Naturally, all +as-yet-undefined bits in the flags word must be set to zero in OS +images. This way, the flags fields serves for version control as well as +simple feature selection.<P> + +If bit 0 in the flags word is set, then all boot modules loaded along with +the OS must be aligned on page (4KB) boundaries. Some OS's expect to be +able to map the pages containing boot modules directly into a paged address +space during startup, and thus need the boot modules to be page-aligned.<P> + +If bit 1 in the flags word is set, then information on available memory +via at least the 'mem_*' fields of the multiboot_info structure defined +below must be included. If the bootloader is capable of passing a memory +map (the 'mmap_*' fields) and one exists, then it must be included as +well.<P> + +If bit 16 in the flags word is set, then the fields at offsets 8-24 in the +multiboot_header are valid, and the boot loader should use them instead of +the fields in the actual executable header to calculate where to load the +OS image. This information does not need to be provided if the kernel +image is in ELF format, but it should be provided if the images is in a.out +format or in some other format. Compliant boot loaders must be able to +load images that either are in ELF format or contain the load address +information embedded in the multiboot_header; they may also directly +support other executable formats, such as particular a.out variants, but +are not required to.<P> + +All of the address fields enabled by flag bit 16 are physical addresses. +The meaning of each is as follows:<P> + +<UL> +<LI><B>header_addr</B> -- Contains the address corresponding to the +beginning of the multiboot_header - the physical memory location at which +the magic value is supposed to be loaded. This field serves to "synchronize" +the mapping between OS image offsets and physical memory addresses. +<LI><B>load_addr</B> -- Contains the physical address of the beginning +of the text segment. The offset in the OS image file at which to start +loading is defined by the offset at which the header was found, minus +(header_addr - load_addr). load_addr must be less than or equal to +header_addr. +<LI><B>load_end_addr</B> -- Contains the physical address of the end of the +data segment. (load_end_addr - load_addr) specifies how much data to load. +This implies that the text and data segments must be consecutive in the +OS image; this is true for existing a.out executable formats. +<LI><B>bss_end_addr</B> -- Contains the physical address of the end of +the bss segment. The boot loader initializes this area to zero, and +reserves the memory it occupies to avoid placing boot modules and other +data relevant to the OS in that area. +<LI><B>entry</B> -- The physical address to which the boot loader should +jump in order to start running the OS. +</UL> + +The checksum is a 32-bit unsigned value which, when added to +the other required fields, must have a 32-bit unsigned sum of zero.<P> + +<H3>Machine State</H3> + +When the boot loader invokes the 32-bit operating system, +the machine must have the following state:<P> + +<UL> +<LI>CS must be a 32-bit read/execute code segment with an offset of 0 +and a limit of 0xffffffff. +<LI>DS, ES, FS, GS, and SS must be a 32-bit read/write data segment with +an offset of 0 and a limit of 0xffffffff. +<LI>The address 20 line must be usable for standard linear 32-bit +addressing of memory (in standard PC hardware, it is wired to +0 at bootup, forcing addresses in the 1-2 MB range to be mapped to the +0-1 MB range, 3-4 is mapped to 2-3, etc.). +<LI>Paging must be turned off. +<LI>The processor interrupt flag must be turned off. +<LI>EAX must contain the magic value 0x2BADB002; the presence of this value +indicates to the OS that it was loaded by a MultiBoot-compliant boot +loader (e.g. as opposed to another type of boot loader that the OS can +also be loaded from). +<LI>EBX must contain the 32-bit physical address of the multiboot_info +structure provided by the boot loader (see below). +</UL> + +All other processor registers and flag bits are undefined. This includes, +in particular:<P> + +<UL> +<LI>ESP: the 32-bit OS must create its own stack as soon as it needs one. +<LI>GDTR: Even though the segment registers are set up as described above, +the GDTR may be invalid, so the OS must not load any segment registers +(even just reloading the same values!) until it sets up its own GDT. +<LI>IDTR: The OS must leave interrupts disabled until it sets up its own IDT. +</UL> + +However, other machine state should be left by the boot loader in "normal +working order", i.e. as initialized by the BIOS (or DOS, if that's what +the boot loader runs from). In other words, the OS should be able to make +BIOS calls and such after being loaded, as long as it does not overwrite +the BIOS data structures before doing so. Also, the boot loader must leave +the PIC programmed with the normal BIOS/DOS values, even if it changed them +during the switch to 32-bit mode.<P> + +<H3>Boot Information Format</H3> + +Upon entry to the OS, the EBX register contains the physical address of +a 'multiboot_info' data structure, through which the boot loader +communicates vital information to the OS. The OS can use or ignore any +parts of the structure as it chooses; all information passed by the boot +loader is advisory only.<P> + +The multiboot_info structure and its related substructures may be placed +anywhere in memory by the boot loader (with the exception of the memory +reserved for the kernel and boot modules, of course). It is the OS's +responsibility to avoid overwriting this memory until it is done using it.<P> + +The format of the multiboot_info structure (as defined so far) follows:<P> + +<pre> + +-------------------+ +0 | flags | (required) + +-------------------+ +4 | mem_lower | (present if flags[0] is set) +8 | mem_upper | (present if flags[0] is set) + +-------------------+ +12 | boot_device | (present if flags[1] is set) + +-------------------+ +16 | cmdline | (present if flags[2] is set) + +-------------------+ +20 | mods_count | (present if flags[3] is set) +24 | mods_addr | (present if flags[3] is set) + +-------------------+ +28 - 40 | syms | (present if flags[4] or flags[5] is set) + +-------------------+ +44 | mmap_length | (present if flags[6] is set) +48 | mmap_addr | (present if flags[6] is set) + +-------------------+ +</pre> + +The first longword indicates the presence and validity of other fields in +the multiboot_info structure. All as-yet-undefined bits must be set to +zero by the boot loader. Any set bits that the OS does not understand +should be ignored. Thus, the flags field also functions as a version +indicator, allowing the multiboot_info structure to be expanded in the +future without breaking anything.<P> + +If bit 0 in the multiboot_info.flags word is set, then the 'mem_*' fields +are valid. 'mem_lower' and 'mem_upper' indicate the amount of lower and upper +memory, respectively, in kilobytes. Lower memory starts at address 0, and +upper memory starts at address 1 megabyte. The maximum possible +value for lower memory is 640 kilobytes. The value returned for upper +memory is maximally the address of the first upper memory hole minus +1 megabyte. It is not guaranteed to be this value.<P> + +If bit 1 in the multiboot_info.flags word is set, then the 'boot_device' +field is valid, and indicates which BIOS disk device the boot loader loaded +the OS from. If the OS was not loaded from a BIOS disk, then this field +must not be present (bit 3 must be clear). The OS may use this field as a +hint for determining its own "root" device, but is not required to. The +boot_device field is layed out in four one-byte subfields as follows:<P> + +<pre> + +-------+-------+-------+-------+ + | drive | part1 | part2 | part3 | + +-------+-------+-------+-------+ +</pre> + +The first byte contains the BIOS drive number as understood by the BIOS +INT 0x13 low-level disk interface: e.g. 0x00 for the first floppy disk or +0x80 for the first hard disk.<P> + +The three remaining bytes specify the boot partition. 'part1' specifies +the "top-level" partition number, 'part2' specifies a "sub-partition" in +the top-level partition, etc. Partition numbers always start from zero. +Unused partition bytes must be set to 0xFF. For example, if the disk is +partitioned using a simple one-level DOS partitioning scheme, then 'part1' +contains the DOS partition number, and 'part2' and 'part3' are both zero. +As another example, if a disk is partitioned first into DOS partitions, and +then one of those DOS partitions is subdivided into several BSD partitions +using BSD's "disklabel" strategy, then 'part1' contains the DOS partition +number, 'part2' contains the BSD sub-partition within that DOS partition, +and 'part3' is 0xFF.<P> + +DOS extended partitions are indicated as partition numbers starting from 4 +and increasing, rather than as nested sub-partitions, even though the +underlying disk layout of extended partitions is hierarchical in nature. +For example, if the boot loader boots from the second extended partition +on a disk partitioned in conventional DOS style, then 'part1' will be 5, +and 'part2' and 'part3' will both be 0xFF.<P> + +If bit 2 of the flags longword is set, the 'cmdline' field is valid, and +contains the physical address of the the command line to be passed to the +kernel. The command line is a normal C-style null-terminated string.<P> + +If bit 3 of the flags is set, then the 'mods' fields indicate to the kernel +what boot modules were loaded along with the kernel image, and where they +can be found. 'mods_count' contains the number of modules loaded; +'mods_addr' contains the physical address of the first module structure. +'mods_count' may be zero, indicating no boot modules were loaded, even if +bit 1 of 'flags' is set. Each module structure is formatted as follows:<P> + +<pre> + +-------------------+ +0 | mod_start | +4 | mod_end | + +-------------------+ +8 | string | + +-------------------+ +12 | reserved (0) | + +-------------------+ +</pre> + +The first two fields contain the start and end addresses of the boot module +itself. The 'string' field provides an arbitrary string to be associated +with that particular boot module; it is a null-terminated ASCII string, +just like the kernel command line. The 'string' field may be 0 if there is +no string associated with the module. Typically the string might be a +command line (e.g. if the OS treats boot modules as executable programs), +or a pathname (e.g. if the OS treats boot modules as files in a file +system), but its exact use is specific to the OS. The 'reserved' field +must be set to 0 by the boot loader and ignored by the OS.<P> + +NOTE: Bits 4 & 5 are mutually exclusive.<P> + +If bit 4 in the multiboot_info.flags word is set, then the following +fields in the multiboot_info structure starting at byte 28 are valid:<P> + +<pre> + +-------------------+ +28 | tabsize | +32 | strsize | +36 | addr | +40 | reserved (0) | + +-------------------+ +</pre> + +These indicate where the symbol table from an a.out kernel image can be +found. 'addr' is the physical address of the size (4-byte unsigned +long) of an array of a.out-format 'nlist' structures, followed immediately +by the array itself, then the size (4-byte unsigned long) of a set of +null-terminated ASCII strings (plus sizeof(unsigned long) in this case), +and finally the set of strings itself. 'tabsize' is equal to it's size +parameter (found at the beginning of the symbol section), and 'strsize' +is equal to it's size parameter (found at the beginning of the string section) +of the following string table to which the symbol table refers. Note that +'tabsize' may be 0, indicating no symbols, even if bit 4 in the flags +word is set.<P> + +If bit 5 in the multiboot_info.flags word is set, then the following +fields in the multiboot_info structure starting at byte 28 are valid:<P> + +<pre> + +-------------------+ +28 | num | +32 | size | +36 | addr | +40 | shndx | + +-------------------+ +</pre> + +These indicate where the section header table from an ELF kernel is, the +size of each entry, number of entries, and the string table used as the +index of names. They correspond to the 'shdr_*' entries ('shdr_num', etc.) +in the Executable and Linkable Format (ELF) specification in the program +header. All sections are loaded, and the physical address fields +of the elf section header then refer to where the sections are in memory +(refer to the i386 ELF documentation for details as to how to read the +section header(s)). Note that 'shdr_num' may be 0, indicating no symbols, +even if bit 5 in the flags word is set.<P> + +If bit 6 in the multiboot_info.flags word is set, then the 'mmap_*' fields +are valid, and indicate the address and length of a buffer containing a +memory map of the machine provided by the BIOS. 'mmap_addr' is the address, +and 'mmap_length' is the total size of the buffer. The buffer consists of +one or more of the following size/structure pairs ('size' is really used +for skipping to the next pair):<P> + +<pre> + +-------------------+ +-4 | size | + +-------------------+ +0 | BaseAddrLow | +4 | BaseAddrHigh | +8 | LengthLow | +12 | LengthHigh | +16 | Type | + +-------------------+ +</pre> + +where 'size' is the size of the associated structure in bytes, which can +be greater than the minimum of 20 bytes. 'BaseAddrLow' is the lower 32 +bits of the starting address, and 'BaseAddrHigh' is the upper 32 bits, +for a total of a 64-bit starting address. 'LengthLow' is the lower 32 bits +of the size of the memory region in bytes, and 'LengthHigh' is the upper 32 +bits, for a total of a 64-bit length. 'Type' is the variety of address +range represented, where a value of 1 indicates available RAM, and all +other values currently indicated a reserved area.<P> + +The map provided is guaranteed to list all standard RAM that should +be available for normal use.<P> + +<HR> + +<H2><A NAME="author">Authors</A></H2> + +<pre> +Bryan Ford +Computer Systems Laboratory +University of Utah +Salt Lake City, UT 84112 +(801) 581-4280 +baford@cs.utah.edu + +Erich Stefan Boleyn +924 S.W. 16th Ave, #202 +Portland, OR, USA 97205 +(503) 226-0741 +erich@uruk.org +</pre> + +We would also like to thank the many other people have provided comments, +ideas, information, and other forms of support for our work.<P> + +<H3>Revision History</H3> + +<pre> +Version 0.6 3/29/96 (a few wording changes, header checksum, and + clarification of machine state passed to the OS) +Version 0.5 2/23/96 (name change) +Version 0.4 2/1/96 (major changes plus HTMLification) +Version 0.3 12/23/95 +Version 0.2 10/22/95 +Version 0.1 6/26/95 +</pre> + +<HR> + +<H2><A NAME="notes">Notes on PCs</A></H2> + +In reference to bit 0 of the multiboot_info.flags parameter, +if the bootloader +in question uses older BIOS interfaces, or the newest ones are not +available (see description about bit 6), then a maximum of either +15 or 63 megabytes of memory may be reported. It is HIGHLY recommended +that bootloaders perform a thorough memory probe.<P> + +In reference to bit 1 of the multiboot_info.flags parameter, it is +recognized that determination of which BIOS drive maps to which +OS-level device-driver is non-trivial, at best. Many kludges have +been made to various OSes instead of solving this problem, most of +them breaking under many conditions. To encourage the use of +general-purpose solutions to this problem, here are 2 +<A HREF=bios_mapping.txt>BIOS Device Mapping Techniques</A>.<P> + +In reference to bit 6 of the multiboot_info.flags parameter, it is +important to note that the data structure used there +(starting with 'BaseAddrLow') is the data returned by the +<A HREF=mem64mb.html>INT 15h, AX=E820h +- Query System Address Map</A> call. More information +on reserved memory regions is defined on that web page. +The interface here is meant to allow a bootloader to +work unmodified with any reasonable extensions of the BIOS interface, +passing along any extra data to be interpreted by the OS as desired.<P> + +<HR> + +<H2><A NAME="example_os">Example OS Code</A> (from Bryan Ford)</H2> + +EDITOR'S NOTE: These examples are relevant to the Proposal version 0.5, +which is basically identical except for the multiboot OS header, which was +missing the checksum. A patch to bring Mach4 UK22 up to version 0.6 is +available in the GRUB FTP area mentioned in the +<A HREF="#example_boot">Example Bootloader Code</A> section below.<P> + +The Mach 4 distribution, available by anonymous FTP from +flux.cs.utah.edu:/flux, contains a C header file that defines the +MultiBoot data structures described above; anyone is welcome to rip it +out and use it for other boot loaders and OS's:<P> + +<pre> + mach4-i386/include/mach/machine/multiboot.h +</pre> + +This distribution also contains code implementing a "Linux boot adaptor", +which collects a MultiBoot-compliant OS image and an optional set of boot +modules, compresses them, and packages them into a single traditional Linux +boot image that can be loaded from LILO or other Linux boot loaders. There +is also a corresponding "BSD boot adaptor" which can be used to wrap a +MultiBoot kernel and set of modules and produce an image that can be loaded +from the FreeBSD and NetBSD boot loaders. All of this code can be used as-is +or as a basis for other boot loaders. These are the directories of primary +relevance:<P> + +<pre> + mach4-i386/boot + mach4-i386/boot/bsd + mach4-i386/boot/linux +</pre> + +The Mach kernel itself in this distribution contains code that demonstrates +how to create a compliant OS. The following files are of primary +relevance:<P> + +<pre> + mach4-i386/kernel/i386at/boothdr.S + mach4-i386/kernel/i386at/model_dep.c +</pre> + +Finally, I have created patches against the Linux 1.2.2 and FreeBSD 2.0 +kernels, in order to make them compliant with this proposed standard. +These patches are available in kahlua.cs.utah.edu:/private/boot.<P> + +<HR> + +<H2><A NAME"example_boot">Example Bootloader Code</A> (from Erich Boleyn)</H2> + +The <A HREF=http://www.uruk.org/grub/>GRUB</A> bootloader project +will be fully +Multiboot-compliant, supporting all required and optional +features present in this standard.<P> + +A final release has not been made, but both the GRUB beta release +(which is quite stable) and a patch for Multiboot version 0.6 for +Mach4 UK22 are available in the GRUB +<A HREF=ftp://ftp.uruk.org/public/grub/>public release</A> +area.<P> + +<HR> + +<A HREF=mailto:erich@uruk.org><I>erich@uruk.org</I></A><P> + +</BODY> +</HTML> + diff --git a/doc/nbi-spec.txt b/doc/nbi-spec.txt new file mode 100644 index 0000000..320f025 --- /dev/null +++ b/doc/nbi-spec.txt @@ -0,0 +1,660 @@ + Draft Net Boot Image Proposal 0.3 + Jamie Honan and Gero Kuhlmann, gero@minix.han.de + June 15, 1997 + + This is the specification of the "tagged image" format + ______________________________________________________________________ + + Table of Contents + + + 1. Note + + 2. Preamble - the why + + 3. The target + + 4. Net Boot Process Description. + + 5. Image Format with Initial Magic Number. + + 6. Boot prom entry points. + + 7. Example of a boot image. + + 8. Terms + + 9. References + + + + ______________________________________________________________________ + + 11.. NNoottee + + + In order to provide more functionality to the boot rom code I changed + Jamie's draft a little bit. All my changes are preceded and followed + by ((ggkk)). + + + + Gero Kuhlmann + + + 22.. PPrreeaammbbllee -- tthhee wwhhyy + + + Whilst researching what other boot proms do (at least those + implementing TCP/IP protocols) it is clear that each 'does their own + thing' in terms of what they expect in a boot image. + + + + If we could all agree on working toward an open standard, O/S + suppliers and boot rom suppliers can build their products to this + norm, and be confident that they will work with each other. + + + + This is a description of how I will implement the boot rom for Linux. + I believe it to be flexible enough for any OS that will be loaded + when a PC boots from a network in the TCP/IP environment. + + + + + It would be good if this could be turned into some form of standard. + + + + This is very much a first draft. I am inviting comment. + + + + The ideas presented here should be independant of any implementation. + In the end, where there is a conflict between the final of this draft, + and an implementation, this description should prevail. + + + + The terms I use are defined at the end. + + + + ((ggkk))IMPORTANT NOTE: The scope of this document starts at the point + where the net boot process gains control from the BIOS, to where the + booted image reaches a state from which there is no return to the net + boot program possible.((ggkk)) + + + 33.. TThhee ttaarrggeett + + + The target is to have a PC retrieve a boot image from a network in the + TCP/IP environment. + + + + ((ggkk))The boot may take place from a network adaptor rom, from a boot + floppy.((ggkk)) + + + 44.. NNeett BBoooott PPrroocceessss DDeessccrriippttiioonn.. + + + ((ggkk))The net boot process is started as a result of the PC boot + process. The net boot program can reside on a rom, e.g. on an adaptor + card, or in ram as a result of reading off disk.((ggkk)) + + + + The boot process may execute in any mode (e.g. 8086, 80386) it + desires. When it jumps to the start location in the boot image, it + must be in 8086 mode and be capable of going into any mode supported + by the underlying processor. + + + + The image cannot be loaded into address spaces below 10000h, or + between A0000h through FFFFFh, or between 98000h through 9FFFFh. + ((ggkk))Only when the image is not going to return to the boot process, + all the memory is available to it once it has been started, so it can + relocate parts of itself to these areas.((ggkk)) + + + + The boot process must be capable of loading the image into all other + memory locations. Specifically, where the machine supports this, this + means memory over 100000h. + + + + The net boot process must execute the bootp protocol, followed by the + tftp protocol, as defined in the relevant rfc's. + + + + The file name used in the tftp protocol must be that given by the + bootp record. + + + + If less than 512 bytes are loaded, the net boot process attempts to + display on the screen any ascii data at the start of the image. The + net boot process then exits in the normal manner. For a boot prom, + this will allow normal disk booting. ((ggkk))Reference to DOS deleted.((ggkk)) + + + + When the first 512 bytes have been loaded, the boot process checks for + an initial magic number, which is defined later. If this number is + present, the net process continues loading under the control of the + image format. The image, which is described later, tells the net boot + process where to put this record and all subsequent data. + + + + If no initial magic number is present the net boot process checks for + a second magic number at offset 510. If the magic number 510 = 55h, + 511 = AAh, then the net process continues. If this second magic number + is not present, then the net boot process terminates the tftp + protocol, displays an error message and exits in the normal manner. + + + + If no initial magic number is present and the second one is, the net + boot process relocates the 512 bytes to location 7c00h. The net boot + process continues to load any further image data to 10000h up. This + data can overwrite the first 512 boot bytes. If the image reaches + 98000h, then any further data is continued to be loaded above 100000h. + When all the data has been loaded, the net boot process jumps to + location 0:7c00. + + + + ((ggkk))When the net boot program calls the image, it places 2 far + pointers onto the stack, in standard intel order (e.g. segment:offset + representation). The first far pointer which immediately follows the + return address on the stack, points to the loaded boot image header. + The second far pointer which is placed above the first one, shows to + the memory area where the net boot process saved the bootp reply. + + + + If the boot image is flagged as being returnable to the boot process, + the boot program has to provide the boot image with interrupt vector + 78h. It's an interface to services provided by the net boot program + (see below for further description). + + + + If the boot image is not flagged as being returnable to the boot + process, before the boot image is called, the boot program has to set + the system into a state in which it was before the net boot process + has started.((ggkk)) + + + + 55.. IImmaaggee FFoorrmmaatt wwiitthh IInniittiiaall MMaaggiicc NNuummbbeerr.. + + + The first 512 bytes of the image file contain the image header, and + image loading information records. This contains all the information + needed by the net boot process as to where data is to be loaded. + + The magic number (in time-honoured tradition (well why not?)) is: + + + ______________________________________________________________________ + 0 = 36h + 1 = 13h + 2 = 03h + 3 = 1Bh + ______________________________________________________________________ + + + + Apart from the two magic numbers, all words and double words are in PC + native endian. + + + + Including the initial magic number the header record is: + + + ______________________________________________________________________ + +---------------------+ + | | + | Initial Magic No. | 4 bytes + +---------------------+ + | | + | Flags and length | double word + +---------------------+ + | | + | Location Address | double word in ds:bx format + +---------------------+ + | | + | Execute Address | double word in cs:ip format + +---------------------+ + ______________________________________________________________________ + + + + The Location address is where to place the 512 bytes. The net boot + process does this before loading the rest of the image. The location + address cannot be one of the reserved locations mentioned above, but + must be an address lower than 100000h. + + + + The rest of the image must not overwrite these initial 512 bytes, + placed at the required location. The writing of data by the net boot + process into these 512 bytes is deprecated. These 512 bytes must be + available for the image to interogate once it is loaded and running. + + + + The execute address is the location in cs:ip of the initial + instruction once the full image has been loaded. This must be lower + than 100000h, since the initial instructions will be executed in 8086 + mode. When the jump (actaully a far call) is made to the boot image, + the stack contains a far return address, with a far pointer parameter + above that, pointing to the location of this header. + + The flags and length field is broken up in the following way: + + + + Bits 0 to 3 (lowest 4 bits) define the length of the non vendor header + in double words. Currently the value is 4. + + + + Bits 4 to 7 define the length required by the vendor extra information + in double words. A value of zero indicates no extra vendor + information. + + + + ((ggkk))Bit 8 is set if the boot image can return to the net boot process + after execution. If this bit is not set the boot image does never + return to the net boot process, and the net boot program has to set + the system into a clean state before calling the boot image. + + + + Bits 9 to 31 are reserved for future use and must be set to zero.((ggkk)) + + + + After this header, and any vendor header, come the image loading + information records. These specify where data is to be loaded, how + long it is, and communicates to the loaded image what sort of data it + is. + + + + The format of each image loading information record is : + + + + ______________________________________________________________________ + +---------------------+ + | Flags, tags and | double word + | lengths | + +---------------------+ + | | + | Load Address | double word + +---------------------+ + | | + | Image Length | double word + +---------------------+ + | | + | Memory Length | double word + +---------------------+ + ______________________________________________________________________ + + + + Each image loading information record follows the previous, or the + header. + + + + The memory length, image length and load address fields are unsigned + 32 numbers. They do not have the segment:offset format used by the + 8086. + + + + The flags, tags and lengths field is broken up as follows: + + + + Bits 0 to 3 (lowest 4 bits) are the length of the non vendor part of + this header in double words. Currently this value is 4. + + + + Bits 4 to 7 indicate the length of any vendor information, in double + words. + + + + Bits 8 to 15 are for vendor's tags. The vendor tag is a private number + that the loaded image can use to determine what sort of image is at + this particular location. + + + + Bits 16 to 23 are for future expansion and should be set to zero. + + + + Bits 24 to 31 are for flags, which are defined later. + + + + Vendors may place further information after this information record, + and before the next. Each information record may have a different + vendor length. + + + + There are two restrictions on vendor information. + + + + One is that the header and all information records that the net boot + process is to use fall within the first 512 bytes. + + + + The second restriction is that the net boot process must ignore all + vendor additions. The net boot process may not overwrite vendor + supplied information, or other undefined data in the initial 512 + bytes. + + + + The flags are used to modify the load address field, and to indicate + that this is the last information record that the net boot process + should use. + + + + Bit 24 works in conjunction with bit 25 to specify the meaning of the + load address. + + + + + + + + + ______________________________________________________________________ + B24 B25 + + 0 0 load address is an absolute 32 number + + 1 0 add the load address to the location one past the last byte + of the memory area required by the last image loaded. + If the first image, then add to 512 plus the location + where the 512 bytes were placed + + 0 1 subtract the load address from the one past the + last writeable location in memory. Thus 1 would + be the last location one could write in memory. + + 1 1 load address is subtracted from the start of + the last image loaded. If the first image, then + subtract from the start of where the 512 bytes were + placed + ______________________________________________________________________ + + + + (For convenience bit 24 is byte 0 of the flag field) + + + + Bit 26 is the end marker for the net boot process. It is set when this + is the last information record the net boot process should look at. + More records may be present, but the net boot process will not look at + them. (Vendors can continue information records out past the 512 + boundary for private use in this manner). + + + + The image length tells the net boot process how many bytes are to be + loaded. Zero is a valid value. This can be used to mark memory areas + such as shared memory for interprocessor communication, flash eproms, + data in eproms. + + + + The image length can also be different from the memory length. This + allows decompression programs to fluff up the kernel image. It also + allows a file system to be larger then the loaded file system image. + + + + Bits 27 through 31 are not defined as yet and must be set to zero + until they are. + + + 66.. BBoooott pprroomm eennttrryy ppooiinnttss.. + + + ((ggkk))As mentioned above the net boot process has to provide interrupt + 78h as an entry point in case, the returnable flag (bit 9 of the flags + field in the image header) of the boot image has been set. When + calling this interface interrupt, the caller has to load the AH + register with a value indicating the type of operation requested: + + + + + + + + ______________________________________________________________________ + 00h - Installation check + Input: none + Output: AX - returns the value 474Bh + BX - flags indicating what further services are + provided by the net boot program: + Bit 0 - packet driver interface (see below) + Bits 1 to 15 are unused and have to be zero + + 01h - Cleanup and terminate the boot process services. This will + also remove the services provided by interrupt 87h. + Input: none + Output: none + ______________________________________________________________________ + + + + + + Further functions are not yet defined. These functions are only + available to boot images which have the first magic number at the + beginning of the image header, and have the returnable flag set in the + flags field. + + + + In order to provide compatibility with net boot programs written to + match an earlier version of this document, the loaded image should + check for the existence of interrupt 78h by looking at it's vector. If + that's 0:0, or if it does not return a proper magic ID after calling + the installation check function, the boot image has to assume that the + net boot program does not support this services interrupt. + + + + If the bit 0 of register BX of function 00h is set, the boot program + has to provide a packet driver <http://www.crynwr.com> interface at + interrupt 79h as described in the packet driver interface standard, + version 1.09, published by FTP Software, Inc., which is not repeated + here. It serves as an interface to the system's network card. It is + important to note that the net boot process has to provide a clean + packet driver interface without any handles being defined when the + boot image gets started. It is expected that the boot image sets up + it's own TCP/IP or other network's stack on top of this packet driver + interface. When the boot image returns to the net boot process, it + has to return a clean packet driver interface as well, without any + handles being defined.((ggkk)) + + + 77.. EExxaammppllee ooff aa bboooott iimmaaggee.. + + + Here is an example of how the boot image would look for Linux: + + + + + + + + + + + + + + ______________________________________________________________________ + 0x1B031336, /* magic number */ + 0x4, /* length of header is 16 bytes, no vendor info */ + 0x90000000, /* location in ds:bx format */ + 0x90000200, /* execute address in cs:ip format */ + + /* 2048 setup.S bytes */ + 0x4, /* flags, not end, absolute address, 16 bytes this + record, no vendor info */ + 0x90200, /* load address - note format */ + 0x800, /* 4 8 512 byte blocks for linux */ + 0x800, + + /* kernel image */ + 0x4, /* flags, not end, absolute address, 16 bytes this + record, no vendor info */ + 0x10000, /* load address - note format */ + 0x80000, /* 512K (this could be shorter */ + 0x80000, + + /* ramdisk for root file system */ + 0x04000004, /* flags = last, absolute address, 16 bytes this + record, no vendor info *// + 0x100000, /* load address - in extended memory */ + 0x80000, /* 512K for instance */ + 0x80000, + + /* Then follows linux specific information */ + ______________________________________________________________________ + + + + + 88.. TTeerrmmss + + + When I say 'the net boot process', I mean the act of loading the image + into memory, setting up any tables, up until the jump to the required + location in the image. + + + + The net booting program executes the net boot process. The net boot + program may be a rom, but not neccassarily. It is a set of + instructions and data residing on the booting machine. + + + + The image, or boot image, consists of the data loaded by the net boot + process. + + + + When I say 'the PC boot process', I mean the general PC rom bios boot + process, the setting up of hardware, the scanning for adaptor roms, + the execution of adaptor roms, the loading in of the initial boot + track. The PC boot process will include the net boot process, if one + is present. + + + + When I say client, I mean the PC booting up. + + + + + When I say 'image host', I mean the host where the boot image is + comming from. This may not have the same architecture as the client. + + + + The bootp protocol is defined in RFC951 and RFC1084. The tftp protocol + is defined in RFC783. These are available on many sites. See Comer + 1991 for details on how to obtain them. + + + + A bootp server is the machine that answers the bootp request. It is + not neccessarily the image host. + + + + "Can" and "may" means doesn't have to, but is allowed to and might. + "Must" means just that. "Cannot" means must not. + + + 99.. RReeffeerreenncceess + + + Comer, D.E. 1991, Internetworking with TCP/IP Vol I: Principles, + Protocols, and Architecture Second Edition, Prentice Hall, Englewood + Cliffs, N.J., 1991 + + + + Stevens, W.R 1990, Unix Network Programming, Prentice Hall, Englewood + Cliffs, N.J., 1990 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + |