Writing Boot Loader with GAS in ATT X

Writing Boot Loader with GAS in AT&T X 86 Assembly Dennis Chen

Outline ► Introduction § Conceptual Flow § Prerequisites ► Implementation ► Debugging ► Demo Techniques

Introduction ► Scope § Load file from floppy image of FAT 12 format § Execute in real mode ► No 32 -bit addressing ► No protected mode enabled ► Goal § § § Use minimal tools available on Linux Require no root privileges Modulize as possible as it can ► Kept in small footprint (of 512 bytes)

Introduction ► Development § § § Environment Ubuntu 10. 10 LTS Vim + xxd gmake + binutils ► as, § gdb ld, objcopy, objdump

Conceptual Flow 1. BIOS finds the bootable disk ► 2. BIOS loads boot loader: ► § from the first sector (512 bytes) of the disk § to logical address 0000: 7 c 00 h 3. Jump to the start of boot loader (0000: 7 c 00 h) ► 4. Boot loader loads FAT and root directory in memory ► 5. Boot loader finds specific name “kernel. bin” ► § by looking up root directory § for the first cluster# if it’s available ► 6. Boot loader loads first cluster of “kernel. bin” in memory § e. g. , 0050: 0000 h or 9000: 0100 h ► 7. Boot loader queries FAT entry § to get the next cluster# § Go to step 6 if it’s available; otherwise, go to step 8. ► 8. Jump to the start of “kernel. bin” in memory § e. g. , 0050: 0000 h or 9000: 0100 h

Prerequisites ► X 86 Assembly Language § AT&T Syntax: GAS § Intel Syntax: MASM, NASM ► Addressing in Real Mode § X 86 Memory Layout ► Locating Data in Floppy § LBA vs. CHS § FAT 12 Specification ► Tools § Binutils: as, ld, objdump, objcopy § Emulator: qemu or bochs § Debugger: gdb

X 86 Assembly Language ► Examples: § AT&T Syntax ► mov %ax, %bx ► mov $0 x 1234, %ax ► movw (%bx), %ax § Intel Syntax ► mov bx, ax ► mov ax, 1234 h ► mov ax, word ptr [bx]

Addressing in Real Mode ► Logical Address § Syntax: <segment>: <offset> § Range: 1 Mi. B (220) § e. g. , 0000: 7 c 00 h = 07 c 0: 0000 h ► Linear Address § Translation from Logical Address ► <segment> * 16 + <offset> § e. g. , 9000: 0100 h = 90100 h

X 86 Memory Layout ► Low Memory Area (<=1 Mi. B) Start End Size Type Description 0 x 000003 FF 1 Ki. B RAM (SYS) Real Mode IVT (Interrupt Vector Table) 0 x 00000400 0 x 000004 FF 256 Bytes RAM (BIOS) BDA (BIOS Data Area) 0 x 00000500 0 x 00007 BFF ~30 Ki. B RAM Conventional Memory 0 x 00007 C 00 0 x 00007 DFF 512 Bytes RAM (SYS) OS Boot Sector 0 x 00007 E 00 0 x 0007 FFFF 480. 5 Ki. B RAM Conventional Memory 0 x 00080000 0 x 0009 FBFF ~120 Ki. B RAM Conventional Memory (if it exists) 0 x 0009 FC 00 0 x 0009 FFFF 1 Ki. B RAM (BIOS) EBDA (Extended BIOS Data Area) 0 x 000 A 0000 0 x 000 AFFFF 64 Ki. B RAM (VIDEO) Video RAM for VGA Graphics Mode 0 x 000 B 0000 0 x 000 B 7 FFF 32 Ki. B RAM (VIDEO) Video RAM for Monochrome Text Mode 0 x 000 B 8000 0 x 000 BFFFF 32 Ki. B RAM (VIDEO) Video RAM for Color Text Mode 0 x 000 C 0000 0 x 000 C 7 FFF 32 Ki. B ROM (VIDEO) Standard Video ROM 0 x 000 C 8000 0 x 000 EFFFF 160 Ki. B ROM (HW) Mapped Hardware 0 x 000 F 0000 0 x 000 FFFFD ~64 Ki. B ROM (BIOS) BIOS 0 x 000 FFFFE 0 x 000 FFFFF 2 Bytes ROM System Identification (Model/Submodel)

Units for Locating Disk Data ► LBA § Logical Block Addressing ► CHS § Cylinder-Head-Sector ► Track § Track #0 is located at outer most circle ► Cylinder § Same track# spanning platters ► Head § 2 Heads for 3. 5” 1. 44 Floppy ► Sector § § § ► #1 to #63 (26 - 1) Off-by-one defect in BIOS 512 bytes per sector as regularly used Cluster § A set of sectors

FAT 12 Specification ► Boot Sector Format ► Root Directory ► FAT 12 Entry Boot Sector FAT #1 FAT #2 Root Directory Data

Boot Sector Format jmp start (0 x 003 d) start: (0 x 0040 – 3) BPB (BIOS Parameter Block) Boot Code End of Boot Sector (0 xaa 55)

Boot Sector Format ► Byte 0 x 000~0 x 002 § jmp start ► eb xx 90 § Short jump with small offset (-128 ~127) § Padded with NOP (0 x 90) ► e 9 xx xx § Short jump with offset (-32768 ~ 32767) ► Byte 0 x 003~0 x 03 d § BPB (BIOS Parameter Block)

Boot Sector Format ► BPB (BIOS Parameter Block) for FAT 12 Offset Size Name Default Value 0 3 jmp start (nop) e 9 <offset_16> eb <offset_8> 90 3 8 BS_OEMName "MSWIN 4. 1" OEM name (use MSWIN 4. 1 for compatibility) 11 2 BPB_Byts. Per. Sec 512 Bytes per sector (possible values are 512, 1024, 2048, and 4096) 13 1 BPB_Sec. Per. Clus 1 Sectors per cluster (n^2: 1, 2, 4, 8, 16, 32, 64, and 128) 14 2 BPB_Rsvd. Sec. Cnt 1 Reserved sector count (1 for FAT 12/FAT 16, 32 for FAT 32) 16 1 BPB_Num. FATs 2 Number of FATs 17 2 BPB_Root. Ent. Cnt 224 Root entry count (512 for FAT 16, 0 for FAT 32) 19 2 BPB_Tot. Sec 16 2880 Total sectors. 21 1 BPB_Media 0 xf 0 for removal media, 0 xf 8 for fixed media (available values: 0 xf 0 - 0 xff) 22 2 BPB_FATSz 16 9 Sectors per FAT (16 -bit) for FAT 12/FAT 16. 0 for FAT 32. 24 2 BPB_Sec. Per. Trk 18 Sectors per track 26 2 BPB_Num. Heads 2 Number of heads (2 for 1. 44 MB 3. 5 -inch floppy) 28 4 BPB_Hidd. Sec 0 Hidden sectors (0 for non-partitioned media) 32 4 BPB_Tot. Sec 32 0 Total sector (32 -bit) (BPB_Tot. Sec 32 >= 0 x 10000 when BPB_Tot. Sec 16 == 0) 36 1 BS_Drv. Num 0 Drive number (0 x 00 for FDD, 0 x 80 for HDD) 37 1 BS_Reserved 1 0 Reserved (used by Windows. NT) (= 0) 38 1 BS_Boot. Sig 0 x 29 Boot signature (= 0 x 29) indicating the following 3 fields are present. 39 4 BS_Vol. ID Any integer number Volume serial number. (It is usually assigned with timestamp. ) 43 11 BS_Vol. Lab “NO NAME Volume label (11 bytes = 8 + 3). It's likely to use "NO NAME 54 8 BS_File. Sys. Type “FAT 12 “ “ Description File system type: "FAT 12 ", "FAT 16 ", or "FAT " " by default.

Boot Sector Format ► Byte 0 x 03 e~0 x 1 fd § Boot code § Maximum size: 448 bytes ► Byte 0 x 1 fe~0 x 1 ff § Signature for end of boot code § 0 x 55, 0 xaa (= 0 xaa 55)

Root Directory ► 32 bytes per entry ► Short file name entry ► Long file name entry Entry for long file name 0002600: 416 b 0065 0072 006 e 0065 000 f 00 da 6 c 00 0002610: 2 e 00 6200 6900 6 e 00 0000 ffff Ak. e. r. n. e. . l. . . b. i. n. . 0002620: 4 b 45 524 e 454 c 2020 4249 4 e 20 1800 b 355 0002630: 253 f 0000 b 355 253 f 0200 8504 0000 KERNEL BIN. . . U %? %? . . . U%? . . . Entry for short file name

Root Directory Offset Size Description 0 11 8. 3 file name 11 1 Attributes of the file. R (0 x 01), H (0 X 02), S (0 x 04), VOL (0 x 08), D (0 x 10), A (0 x 20) Never be 0 x 0 F, which indicates the long file name entries 12 1 Reserved for use by Windows NT 13 1 Creation time in tenths of a second 14 2 Creation time (Hour: 5 bits, Minute: 6 bits, Second: 5 bits) 16 2 Creation date (Year: 7 bits, Month: 4 bits, Day: 5 bits) 18 2 Last accessed date, referred to the format of creation date 20 2 High 16 -bit of the first cluster# of this entry (always 0 for FAT 12) 22 2 Last modification time, referred to the format of creation time 24 2 Last modification date, referred to the format of creation date 26 2 Low 16 -bit of the first cluster# of this entry

► Every FAT 12 Entry FAT entry § occupies 12 bits of a word (2 bytes) Byte 0 Byte 1 Byte 2 0 1 2 3 4 5 6 7 8 9 A B FAT Entry (even) FAT Entry (odd) § can be indexed by current cluster# § contains the next cluster# or EOC § byte offset# = (cluster# - 2) * 3 / 2 § even_or_odd = (cluster# - 2) * 3 % 2 ►FAT Entry (even) = [Byte 0 -1] & 0 x 0 fff ►FAT Entry (odd) = [Byte 1 -2] >> 4

FAT 12 Entry ► Value of FAT entry Value Description 0 x 000 Free cluster 0 x 001 Reserved 0 x 002 ~ 0 x. FEF Used cluster, pointing to next cluster 0 x. FF 0 ~ 0 x. FF 5 Reserved 0 x. FF 6 Reserved 0 x. FF 7 Bad sector in cluster or reserved cluster 0 x. FF 8 ~ 0 x. FFF Last cluster in file (EOC)

Implementation ► Boot code § bpb. s ►BPB § boot. s header and trailing signature ►Main boot code § console. s ►Utility of Console printing using INT 10 h ►Utility of disk accessing using INT 13 h ►Mock kernel for loading § disk. s § kernel. s

► Script Implementation § boot. ld SECTIONS {. = 0 x 7 c 00; . text : {. begin =. ; bpb. o (. text); boot. o (. text); * (. text); . =. begin + 510; bpb. o (. signature); } } § kernel. ld SECTIONS {. = 0 x 0000; . text : { kernel. o (. text) * (. text) } }

Implementation ► Generated § boot. img Targets ► Bootable § boot. bin disk image ► Bare boot code ► Boot code with ELF header and debug information ► Bare kernel binary § boot. elf § kernel. bin § kernel. elf ► Kernel binary with ELF header and debug information

Debugging Techniques ► INT 10 h BIOS call § Print asciiz string § Print character § It requires further impl. to output numbers ► Remote debugging with gdb § Turn on debug symbol with -g option for as and ld § Edit. gdbinit file: ►target remote | exec qemu -gdb stdio -fda boot. img ►symbol-file boot. elf kernel. elf § Enter “gdb” at command line

Debugging Techniques ► Launch QEMU directly § Enter “qemu -fda boot. img” at command line ► Launch Bochs directly § Edit bochsrc. txt file: ►boot: floppy ►floppya: type=1_44, 1_44=“boot. img”, inserted § Enter “bochs” at command line

Reference Orange’s一個作業系統的實現 (ISBN 978 -986 -7309 -52 -2) ► 使用开源软件自己动手写操作系统 ► § http: //code. google. com/p/writeos/downloads/list ► X 86 Memory Map § http: //wiki. osdev. org/Memory_Map_(x 86) ► Disk Manipulation § § § ► http: //en. wikipedia. org/wiki/INT_13 H http: //zh. wikipedia. org/wiki/LBA http: //en. wikipedia. org/wiki/Cylinder-head-sector Boot Sector & FAT § § http: //wiki. osdev. org/MBR http: //wiki. osdev. org/FAT http: //en. wikipedia. org/wiki/File_Allocation_Table http: //www. microsoft. com/whdc/system/platform/firmware/fatgen. mspx