12 replies to this topic

[dmdimon]

So, goal:
1. make "snapshot" of BIOS booted iMac's BIOS'ed twin brother (first meg, core state,etc., save as file)
2. using EFI tools restore snapshot on targeted iMac
3. jump-start to snapshot point of execution.

P.1 Is easy doable thru debug/remote debug/VMware, etc. and will contain all of the already shadowed BIOS'es and system areas initialised.
P.2 Is doable - there are routine in Tianocore that just loads chunk of data at specifyed physical address(originated from IBM code, not in legacy part - so it exists in Apple implementation almost for sure)
P.3 Possibly, use of EFI_LEGACY_BIOS_FARCALL86. Routine Description: Thunk to 16-bit real mode and call Segment:Offset. Regs will contain the 16-bit register context on entry and exit

This all based on some assumptions.
a ) We can build iMac's BIOS'ed twin brother.
b ) Hardware, initialised by EFI, is in the same state, as initialised by BIOS.

So, I have some questions:

Q.1 - how close to iMac (from hardware point) we can get? I mean same chipset (with BIOS) and video(with VGA BIOS) and so on. What's the closest config?
Q.2 - Are there anybody here with knowledge of POST and EFI initialised hardware state? EFI most wanted as POST I can (hardly) recall
Q.3 - Are there somewhere an image or something with ORIGINAL iMac EFI?

P.S. I personally think that we should wait for next Vista beta, as there are real progress on it. Just can't resist. This (as assumptions come true) WOULD work. Anyway, IF this thread is of interest for you - feel free to post in.

[munky]

hi... i have just built a machine which should be reasonably close to an iMac Core Duo:

- Intel D945GTP Desktop board (i945G Express chipset and ICH7 Southbridge)

- Pentium D 920 Dual-Core processor with EMT64 and Virtualisation stuff

- Radeon X1800XL PCI-E 256Mb

OS is Tiger 10.4.3 (with some 10.4.4 kexts and frameworks for CI/QE/OpenGL), booting off a BIOS.

i dont have much knowledge, but I will happily provide any help I can - testing stuff out, imaging the BIOS etc.

[dmdimon]

munky, on Feb 7 2006, 07:45 PM, said:

hi... i have just built a machine which should be reasonably close to an iMac Core Duo

Hi. As I get out of assembler stuff when Pentium came in, for now I'm not sure that this is "close enough" to targeted iMac. In our case it'll be better to be as close, as possible. After thinking a bit, I'd say that original EFI from iMac are most wanted for preliminary analysis. Are there needed parts inside? And some knowlege on EFI hardware after-init state.
Anyway, thanks.

[munky]

well... its a dual core intel chip on a 945... how different can it be?

i'd say it'll get you most of the way there, but there might be some issues to iron out.  lets try it!

[dmdimon]

munky, on Feb 7 2006, 08:37 PM, said:

lets try it!

Ok. Do you have DOS bootable diskette? With (m$)debug on it? Do you have DOS-visible partition on HD? If so, boot from diskette, run debug, press ? to refresh memories. We'll use debug to save DOS memory (with debug itself up and running) to file. I'm now refreshing my memory - how I saved/recalled processor state (with debug again, AFAICR) years ago

[Blackice]

I can give you stuff from a Sony FE11S:

- 945 Chipset
- Intel Core Duo T2400
- 1024MB DDR2(533mhz) RAM
- NVIDIA GeForce Go 7400

The GPU is different, but other than that I reckon it's pretty much the same. I'll have it in my hands from next week, if you need anything from it.

[crazymonkeypants]

dmdimon, on Feb 7 2006, 04:20 PM, said:

So, goal:
1. make "snapshot" of BIOS booted iMac's BIOS'ed twin brother (first meg, core state,etc., save as file)
2. using EFI tools restore snapshot on targeted iMac
3. jump-start to snapshot point of execution.

P.1 Is easy doable thru debug/remote debug/VMware, etc. and will contain all of the already shadowed BIOS'es and system areas initialised.
P.2 Is doable - there are routine in Tianocore that just loads chunk of data at specifyed physical address(originated from IBM code, not in legacy part - so it exists in Apple implementation almost for sure)
P.3 Possibly, use of EFI_LEGACY_BIOS_FARCALL86. Routine Description: Thunk to 16-bit real mode and call Segment:Offset. Regs will contain the 16-bit register context on entry and exit

The iMac EFI implementation does not appear to implement the LegacyBoot protocol.  Mind you, thunking yourself is pretty trivial.

Quote

This all based on some assumptions.
b ) Hardware, initialised by EFI, is in the same state, as initialised by BIOS.

This is where you will probably fall down.

[dmdimon]

crazymonkeypants, on Feb 8 2006, 01:03 AM, said:

The iMac EFI implementation does not appear to implement the LegacyBoot protocol.  Mind you, thunking yourself is pretty trivial.

So, I wrote "possibly" I know that you know that "Thunk to 16-bit real mode and call Segment:Offset. Regs will contain the 16-bit register context on entry" already implemented ten million times in ten million x86 operating systems, so, it's really not a problem.

hardware...

crazymonkeypants, on Feb 8 2006, 01:03 AM, said:

This is where you will probably fall down.

Yea, I'm afraid of this also. But there are nothing I can do. From other side, why it should be different? I think that EFI on-board firmware most probably is old BIOS with interface layer modifyed. Becoase it's cheap solution. So, as silicon is the same(is it?), and I/O of card is in silicon(mean, not microprogrammed - is it?) - than initialized card will behave the same. Again, I'm asking third time about "some knowlege on EFI hardware after-init state"

@blackice
Sorry, there will be shadowed ROM from nvidia and it will fail on ATI. Only if we'll combine memory dumps from 2 (or more) PC's it can be useful.


Ok, I thought a bit more. And get to this:
BEFORE making any snapshots we should know that targeted system is able to install Win from  CD on external drive. And even more - external HD should be unplugged on boot and plugged in and mounted UNDER DOS or during wininstall itself - or we'll end linked to exact model&size of HD for install. I'd look at that.

Hey, are there interested or I'm just wasting my time?

[munky]

ok... i dont have a floppy drive, but im presuming i could burn a CD-R with the floppy imaged to the El Torito boot image instead?

i also dont have any external hard disks...

[dmdimon]

munky, on Feb 8 2006, 02:03 PM, said:

im presuming i could burn a CD-R with the floppy imaged to the El Torito boot image

No need if you have one of "all-in-one Reanimator" (DOS)bootable CD with wxp install and some strange tools on it
But there are need for external drive (at least for check that combination will work). We have to install XP on external MBR'ed HD on iMac.

O-ops! Actually, we have no need to install, it's enough to run preinstalled Win... It may be a bit better...

Ok, I just checked - first stage works. I mean when you boot from CD into DOS shell, then attach external HD, then run WinXP installer, it can see attached drive. So, you don't need external drive.

[dmdimon]

Just to show that trick already was done:
http://vx.netlux.org/lib/afc02.html

from "Second Best PC Bootstrap Protection" and below

[dmdimon]

So-o... Zero interest.
As I just can't do it without some help(have no time and hardware), I'll end on this. Just to let you know:

This is FILO, a bootloader which loads boot images from local filesystem, without help from legacy BIOS services.
http://felixx.tsn.or.jp/~ts1/filo/
... Only i386 PC architecture is currently supported.
    x86-64 (AMD 64) machines in 32-bit mode should also work...

"Reboot-by-BIOS-jump-patch"
http://www.ussg.iu.e...610.2/0284.html
...The following code and data reboots the machine by switching to real mode and jumping to the BIOS reset entry point, as if the CPU has really been reset...

[johnniecarcinogen]

dmdimon, on Feb 12 2006, 02:01 PM, said:

So-o... Zero interest.
As I just can't do it without some help(have no time and hardware), I'll end on this. Just to let you know:

This is FILO, a bootloader which loads boot images from local filesystem, without help from legacy BIOS services.
http://felixx.tsn.or.jp/~ts1/filo/
... Only i386 PC architecture is currently supported.
    x86-64 (AMD 64) machines in 32-bit mode should also work...

"Reboot-by-BIOS-jump-patch"
http://www.ussg.iu.e...610.2/0284.html
...The following code and data reboots the machine by switching to real mode and jumping to the BIOS reset entry point, as if the CPU has really been reset...

dmdimon,
you should post this on http://www.win2osx.net/forum/. in case you aren't aware of it, it is more technically oriented.