!
! setup.s (C) 1991 Linus Torvalds
!
! setup.s is responsible for getting the system data from the BIOS,
! and putting them into the appropriate places in system memory.
! both setup.s and system has been loaded by the bootblock.
!
! This code asks the bios for memory/disk/other parameters, and
! puts them in a "safe" place: 0x90000-0x901FF, ie where the
! boot-block used to be. It is then up to the protected mode
! system to read them from there before the area is overwritten
! for buffer-blocks.
!
/*
setup.s 主要是利用bios的中断获取系统参数,并且把数据保存在0x90000开始的位置(覆盖原bootsect.s占用的内存),参数被内核使用。
bootsect 已经把system加载到0x10000位置了。
setup将system从0x10000-0x8fff(当时认为内核的最大值)整块移动到内存的绝对地址0x00000处,接下来加载中断描述符表寄存器idtr和全局描述符表gdtr,
开启a20地址线,重新设置两个中断控制芯片,将硬件终端号重新设置,最后设置cpu的控制寄存器cr0,从而进入32位的保护模式,
并且跳转到system模块最前面的head.s程序处继续执行。
为了能让head.s在32位的保护模式下运行,本程序设置了中断描述符表idt和全局描述符表gdt,并且在gdt中设置了当前内核
代码段的描述符和数据段的描述符。
在后面的head.s程序中会根据内核的需要重新设置这些描述符表。
**/
! NOTE! These had better be the same as in bootsect.s!
INITSEG = 0x9000 ! we move boot here - out of the way
SYSSEG = 0x1000 ! system loaded at 0x10000 (65536).
SETUPSEG = 0x9020 ! this is the current segment
.globl begtext, begdata, begbss, endtext, enddata, endbss
.text
begtext:
.data
begdata:
.bss
begbss:
.text
entry start
start:
! ok, the read went well so we get current cursor position and save it for
! posterity.
mov ax,#INITSEG ! this is done in bootsect already, but...
mov ds,ax
mov ah,#0x03 ! read cursor pos
xor bh,bh
int 0x10 ! save it in known place, con_init fetches
mov [0],dx ! it from 0x90000 /*把光标位置保存在0x90000处*/
! Get memory size (extended mem, kB)
mov ah,#0x88
int 0x15 /*获取扩展内存大小 AX = number of contiguous KB starting at absolute address 100000h*/
mov [2],ax/*AX=扩展内存字节数(以K为单位) 存到0x9000:2*/
! Get video-card data:
/*
功能0FH
功能描述:读取显示器模式
入口参数:AH=0FH
出口参数:
AH=屏幕字符的列数
AL=显示模式(参见功能00H中的说明)
BH=页码
*/
mov ah,#0x0f
int 0x10
mov [4],bx ! bh = display page
mov [6],ax ! al = video mode, ah = window width
! check for EGA/VGA and some config parameters
/* 读取显示器的配置信息
BH = video state:
00h color mode in effect (I/O port 3Dxh)
01h mono mode in effect (I/O port 3Bxh)
BL = installed memory (00h = 64K, 01h = 128K, 02h = 192K, 03h = 256K)
CH = feature connector bits (see #00022)
CL = switch settings (see #00023,#00024)
AH destroyed (at least by Tseng ET4000 BIOS v8.00n)
*/
mov ah,#0x12
mov bl,#0x10
int 0x10
mov [8],ax
mov [10],bx
mov [12],cx
/*bios检测检测出来的硬盘参数数据存放在0x0000:4*0x41*/
! Get hd0 data
mov ax,#0x0000
mov ds,ax /*改ds为0x0000*/
lds si,[4*0x41] /*lds, 就是offset [4*0x41] 相对于ds的偏移量存放到si中, 高16位送入ds,低16位送入si*/
mov ax,#INITSEG !ax 0x9000
mov es,ax
mov di,#0x0080 !es:di=0x9000:0x0080
mov cx,#0x10 /*传送字节数*/
rep
movsb /*把ds:si传送16个字节到es:si*/
! Get hd1 data
mov ax,#0x0000
mov ds,ax
lds si,[4*0x46]
mov ax,#INITSEG
mov es,ax
mov di,#0x0090 !es:di=0x9000:0x0090
mov cx,#0x10
rep
movsb /*把ds:si传送16个字节到es:si*/
! Check that there IS a hd1 :-)
!WRITE SECTOR BUFFER
/*检查是否存在第二个硬盘,如果不存在,第二个硬盘表清0.利用bios的int 0x13来实现。*/
mov ax,#0x01500
mov dl,#0x81 !80h = first, 81h = second hard disk
int 0x13
jc no_disk1
cmp ah,#3
je is_disk1
no_disk1:
mov ax,#INITSEG
mov es,ax
mov di,#0x0090
mov cx,#0x10
mov ax,#0x00
rep /*rep的作用是根据cx的值,重复执行后面覆盖指令*/
stosb /*用ax覆盖es:di指向的地址中的数据,cx是指定股改多少字节*/
is_disk1:
! now we want to move to protected mode ...
cli ! no interrupts allowed ! /*禁止中断*/
! first we move the system to it's rightful place
/*首先把system移动到正确的位置
就是把0x1000:0到0x9000:0之间的512k移动到0x0000:0到0x8000:0之间,就是整体向前推移
*/
mov ax,#0x0000
cld ! 'direction'=0, movs moves forward /*设置传输方向,增长方式*/
do_move:
mov es,ax ! destination segment ax是传递过来的变量
add ax,#0x1000 ! 第一次ax是0x0000 ax = ax+0x1000 后 ax=0x1000
cmp ax,#0x9000
jz end_move ! 如果等于0x9000跳转,否则向下执行
mov ds,ax ! source segment
sub di,di
sub si,si ! 目的地es:di==0x0000:0 源ds:si=0x1000:0
mov cx,#0x8000 ! 移动多少次 32768次,每次移动2字节,总共移动64k大小
rep
movsw ! 每次移动一个字 2字节
jmp do_move ! 无条件跳转
! then we load the segment descriptors
end_move:
mov ax,#SETUPSEG ! right, forgot this at first. didn't work :-)好了,忽略了这条命令,不能工作噢
mov ds,ax ! ds 0x9020
lidt idt_48 ! load idt with 0,0 用idt_48标签所指向的内存地址初始化idtr寄存器,刚开始为0
lgdt gdt_48 ! load gdt with whatever appropriate 用gdt_48标签所指向的内存地址初始化gdtr寄存器
! that was painless, now we enable A20
call empty_8042
mov al,#0xD1 ! command write
out #0x64,al ! out 写入0xD1到0x64端口
call empty_8042
mov al,#0xDF ! A20 on
out #0x60,al
call empty_8042
! well, that went ok, I hope. Now we have to reprogram the interrupts :-(
! we put them right after the intel-reserved hardware interrupts, at
! int 0x20-0x2F. There they won't mess up anything. Sadly IBM really
! messed this up with the original PC, and they haven't been able to
! rectify it afterwards. Thus the bios puts interrupts at 0x08-0x0f,
! which is used for the internal hardware interrupts as well. We just
! have to reprogram the 8259's, and it isn't fun.
mov al,#0x11 ! initialization sequence
out #0x20,al ! send it to 8259A-1
.word 0x00eb,0x00eb ! jmp $+2, jmp $+2
out #0xA0,al ! and to 8259A-2
.word 0x00eb,0x00eb
mov al,#0x20 ! start of hardware int's (0x20)
out #0x21,al
.word 0x00eb,0x00eb
mov al,#0x28 ! start of hardware int's 2 (0x28)
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0x04 ! 8259-1 is master
out #0x21,al
.word 0x00eb,0x00eb
mov al,#0x02 ! 8259-2 is slave
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0x01 ! 8086 mode for both
out #0x21,al
.word 0x00eb,0x00eb
out #0xA1,al
.word 0x00eb,0x00eb
mov al,#0xFF ! mask off all interrupts for now
out #0x21,al
.word 0x00eb,0x00eb
out #0xA1,al
! well, that certainly wasn't fun :-(. Hopefully it works, and we don't
! need no steenking BIOS anyway (except for the initial loading :-).
! The BIOS-routine wants lots of unnecessary data, and it's less
! "interesting" anyway. This is how REAL programmers do it.
!
! Well, now's the time to actually move into protected mode. To make
! things as simple as possible, we do no register set-up or anything,
! we let the gnu-compiled 32-bit programs do that. We just jump to
! absolute address 0x00000, in 32-bit protected mode.
mov ax,#0x0001 ! protected mode (PE) bit
lmsw ax ! This is it!
/* lmsw指令把ax寄存器数据加载到cr0控制寄存器,将cpu状态字中的PE位设置为1启动保护模式*/
jmpi 0,8 ! jmp offset 0 of segment 8 (cs)
/*
前面已经将system代码移动到0x00000处了。所以偏移ip=0
jmpi 0, 8 即 cs=8 , ip=0
进入保护模式之后,段就不再是数据段了,就变成段选择子了,用于选择描述符表gdt和描述符表项以及所要求的特权级。
段选择子长2字节,16位,例如cs段选择子.
段选择子:
0-1位 表示特权级别
0 系统级
3 用户级
2位 选择全局描述符表gdt==0,还是局部描述符表lgdt=1
3-15位 表示描述符表项(gdt/lgdt)的索引,支出选择那一项描述符
所以这里cs=8(0x0000,0000,0000,1000) 表示 请求系统级0,使用全局描述符表(gdt)中的第1项,
第一项中指定了代码的起始位置,限长,偏移量,读写权限。
*/
! This routine checks that the keyboard command queue is empty
! No timeout is used - if this hangs there is something wrong with
! the machine, and we probably couldn't proceed anyway.
empty_8042: /*测试等待输入缓冲器是否为空*/
.word 0x00eb,0x00eb
in al,#0x64 ! 8042 status port
test al,#2 ! is input buffer full?
jnz empty_8042 ! yes - loop
ret
gdt:
.word 0,0,0,0 ! dummy /*第一个不可用,从第二个开始*/
/*第二个表项是系统代码段描述符*/
.word 0x07FF ! 8Mb - limit=2047 (2048*4096=8Mb) 限长
.word 0x0000 ! base address=0 基址
.word 0x9A00 ! code read/exec 权限
.word 0x00C0 ! granularity=4096, 386
/*第三个表项是系统数据段描述符*/
.word 0x07FF ! 8Mb - limit=2047 (2048*4096=8Mb)
.word 0x0000 ! base address=0
.word 0x9200 ! data read/write
.word 0x00C0 ! granularity=4096, 386
idt_48:
.word 0 ! idt limit=0 限长 前2字节表示idt表的限长
.word 0,0 ! idt base=0L 基址 后4字节表示idt表所处的基地址
gdt_48:
.word 0x800 ! gdt limit=2048, 256 GDT entries gdt表大小2048字节,即限长2k
.word 512+gdt,0x9 ! gdt base = 0X9xxxx 因为每8个字节组成一个表项,所以总共256项条目
.text
endtext:
.data
enddata:
.bss
endbss: