direct-io.hg

changeset 13103:e2fcb70bec59

[HVM] Add expansion-ROM boot support to the ROMBIOS
This is rudimentary support for parts of the BIOS Boot Specification,
just enough to use Etherboot ROM images.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
author Tim Deegan <Tim.Deegan@xensource.com>
date Wed Dec 20 11:57:53 2006 +0000 (2006-12-20)
parents caa1987679bd
children b258c7587d8d
files tools/firmware/rombios/rombios.c tools/ioemu/hw/pc.c tools/ioemu/vl.c
line diff
     1.1 --- a/tools/firmware/rombios/rombios.c	Wed Dec 20 11:54:57 2006 +0000
     1.2 +++ b/tools/firmware/rombios/rombios.c	Wed Dec 20 11:57:53 2006 +0000
     1.3 @@ -278,7 +278,6 @@ typedef unsigned short Bit16u;
     1.4  typedef unsigned short bx_bool;
     1.5  typedef unsigned long  Bit32u;
     1.6  
     1.7 -#if BX_USE_ATADRV
     1.8  
     1.9    void memsetb(seg,offset,value,count);
    1.10    void memcpyb(dseg,doffset,sseg,soffset,count);
    1.11 @@ -418,7 +417,6 @@ typedef unsigned long  Bit32u;
    1.12    ASM_END
    1.13    }
    1.14  #endif
    1.15 -#endif //BX_USE_ATADRV
    1.16  
    1.17    // read_dword and write_dword functions
    1.18    static Bit32u         read_dword();
    1.19 @@ -885,7 +883,7 @@ static void           int14_function();
    1.20  static void           int15_function();
    1.21  static void           int16_function();
    1.22  static void           int17_function();
    1.23 -static Bit32u         int19_function();
    1.24 +static void           int19_function();
    1.25  static void           int1a_function();
    1.26  static void           int70_function();
    1.27  static void           int74_function();
    1.28 @@ -1847,28 +1845,99 @@ print_bios_banner()
    1.29    printf("\n");
    1.30  }
    1.31  
    1.32 +
    1.33 +//--------------------------------------------------------------------------
    1.34 +// BIOS Boot Specification 1.0.1 compatibility
    1.35 +//
    1.36 +// Very basic support for the BIOS Boot Specification, which allows expansion 
    1.37 +// ROMs to register themselves as boot devices, instead of just stealing the 
    1.38 +// INT 19h boot vector.
    1.39 +// 
    1.40 +// This is a hack: to do it properly requires a proper PnP BIOS and we aren't
    1.41 +// one; we just lie to the option ROMs to make them behave correctly. 
    1.42 +// We also don't support letting option ROMs register as bootable disk 
    1.43 +// drives (BCVs), only as bootable devices (BEVs). 
    1.44 +//
    1.45 +// http://www.phoenix.com/en/Customer+Services/White+Papers-Specs/pc+industry+specifications.htm
    1.46 +//--------------------------------------------------------------------------
    1.47 +
    1.48 +/* 256 bytes at 0x0600 -- 0x06ff is used for the IPL boot table.  This
    1.49 + * ought really to be in NVRAM somewhere where a failed boot attempt can't 
    1.50 + * corrupt it. */
    1.51 +#define IPL_SEG           0x0060
    1.52 +#define IPL_TABLE_OFFSET  0x0000
    1.53 +#define IPL_TABLE_ENTRIES 8
    1.54 +#define IPL_COUNT_OFFSET  0x0080
    1.55 +
    1.56 +struct ipl_entry {
    1.57 +  Bit16u type;
    1.58 +  Bit16u flags;
    1.59 +  Bit32u vector;
    1.60 +  Bit32u description;
    1.61 +  Bit32u reserved;
    1.62 +};
    1.63 +
    1.64 +static void 
    1.65 +init_boot_vectors() 
    1.66 +{
    1.67 +  struct ipl_entry e; 
    1.68 +  Bit16u count = 0;
    1.69 +  Bit16u ss = get_SS();
    1.70 +
    1.71 +  /* Clear out the IPL table. */
    1.72 +  memsetb(IPL_SEG, IPL_TABLE_OFFSET, 0, 0xff);
    1.73 +
    1.74 +  /* Floppy drive */
    1.75 +  e.type = 1; e.flags = 0; e.vector = 0; e.description = 0; e.reserved = 0;
    1.76 +  memcpyb(IPL_SEG, IPL_TABLE_OFFSET + count * sizeof (e), ss, &e, sizeof (e));
    1.77 +  count++;
    1.78 +
    1.79 +  /* First HDD */
    1.80 +  e.type = 2; e.flags = 0; e.vector = 0; e.description = 0; e.reserved = 0;
    1.81 +  memcpyb(IPL_SEG, IPL_TABLE_OFFSET + count * sizeof (e), ss, &e, sizeof (e));
    1.82 +  count++;
    1.83 +
    1.84 +#if BX_ELTORITO_BOOT
    1.85 +  /* CDROM */
    1.86 +  e.type = 3; e.flags = 0; e.vector = 0; e.description = 0; e.reserved = 0;
    1.87 +  memcpyb(IPL_SEG, IPL_TABLE_OFFSET + count * sizeof (e), ss, &e, sizeof (e));
    1.88 +  count++;
    1.89 +#endif  
    1.90 +
    1.91 +  /* Remember how many devices we have */
    1.92 +  write_word(IPL_SEG, IPL_COUNT_OFFSET, count);
    1.93 +}
    1.94 +
    1.95 +static Bit8u
    1.96 +get_boot_vector(i, e)
    1.97 +Bit16u i; struct ipl_entry *e; 
    1.98 +{
    1.99 +  Bit16u count;
   1.100 +  Bit16u ss = get_SS();
   1.101 +  /* Get the count of boot devices, and refuse to overrun the array */
   1.102 +  count = read_word(IPL_SEG, IPL_COUNT_OFFSET);
   1.103 +  if (i >= count) return 0;
   1.104 +  /* OK to read this device */
   1.105 +  memcpyb(ss, e, IPL_SEG, IPL_TABLE_OFFSET + i * sizeof (*e), sizeof (*e));
   1.106 +  return 1;
   1.107 +}
   1.108 +
   1.109 +
   1.110  //--------------------------------------------------------------------------
   1.111  // print_boot_device
   1.112  //   displays the boot device
   1.113  //--------------------------------------------------------------------------
   1.114  
   1.115 -static char drivetypes[][10]={"Floppy","Hard Disk","CD-Rom"};
   1.116 +static char drivetypes[][10]={"", "Floppy","Hard Disk","CD-Rom", "Network"};
   1.117  
   1.118  void
   1.119 -print_boot_device(cdboot, drive)
   1.120 -  Bit8u cdboot; Bit16u drive;
   1.121 +print_boot_device(type)
   1.122 +  Bit16u type;
   1.123  {
   1.124 -  Bit8u i;
   1.125 -
   1.126 -  // cdboot contains 0 if floppy/harddisk, 1 otherwise
   1.127 -  // drive contains real/emulated boot drive
   1.128 -
   1.129 -  if(cdboot)i=2;                    // CD-Rom
   1.130 -  else if((drive&0x0080)==0x00)i=0; // Floppy
   1.131 -  else if((drive&0x0080)==0x80)i=1; // Hard drive
   1.132 -  else return;
   1.133 -  
   1.134 -  printf("Booting from %s...\n",drivetypes[i]);
   1.135 +  /* NIC appears as type 0x80 */ 
   1.136 +  if (type == 0x80 ) type = 0x4;
   1.137 +  if (type == 0 || type > 0x4) BX_PANIC("Bad drive type\n"); 
   1.138 +  printf("Booting from %s...\n", drivetypes[type]);
   1.139  }
   1.140  
   1.141  //--------------------------------------------------------------------------
   1.142 @@ -1876,29 +1945,20 @@ print_boot_device(cdboot, drive)
   1.143  //   displays the reason why boot failed
   1.144  //--------------------------------------------------------------------------
   1.145    void
   1.146 -print_boot_failure(cdboot, drive, reason, lastdrive)
   1.147 -  Bit8u cdboot; Bit8u drive; Bit8u lastdrive;
   1.148 +print_boot_failure(type, reason)
   1.149 +  Bit16u type; Bit8u reason;
   1.150  {
   1.151 -  Bit16u drivenum = drive&0x7f;
   1.152 -
   1.153 -  // cdboot: 1 if boot from cd, 0 otherwise
   1.154 -  // drive : drive number
   1.155 -  // reason: 0 signature check failed, 1 read error
   1.156 -  // lastdrive: 1 boot drive is the last one in boot sequence
   1.157 - 
   1.158 -  if (cdboot)
   1.159 -    bios_printf(BIOS_PRINTF_INFO | BIOS_PRINTF_SCREEN, "Boot from %s failed\n",drivetypes[2]);
   1.160 -  else if (drive & 0x80)
   1.161 -    bios_printf(BIOS_PRINTF_INFO | BIOS_PRINTF_SCREEN, "Boot from %s %d failed\n", drivetypes[1],drivenum);
   1.162 +  if (type == 0 || type > 0x3) BX_PANIC("Bad drive type\n"); 
   1.163 +
   1.164 +  printf("Boot from %s failed", drivetypes[type]);
   1.165 +  if (type < 4) {
   1.166 +    /* Report the reason too */
   1.167 +  if (reason==0) 
   1.168 +    printf(": not a bootable disk");
   1.169    else
   1.170 -    bios_printf(BIOS_PRINTF_INFO | BIOS_PRINTF_SCREEN, "Boot from %s %d failed\n", drivetypes[0],drivenum);
   1.171 -
   1.172 -  if (lastdrive==1) {
   1.173 -    if (reason==0)
   1.174 -      BX_PANIC("Not a bootable disk\n");
   1.175 -    else
   1.176 -      BX_PANIC("Could not read the boot disk\n");
   1.177 +    printf(": could not read the boot disk");
   1.178    }
   1.179 +  printf("\n");
   1.180  }
   1.181  
   1.182  //--------------------------------------------------------------------------
   1.183 @@ -7546,19 +7606,19 @@ int17_function(regs, ds, iret_addr)
   1.184    }
   1.185  }
   1.186  
   1.187 -// returns bootsegment in ax, drive in bl
   1.188 -  Bit32u 
   1.189 -int19_function(bseqnr)
   1.190 -Bit8u bseqnr;
   1.191 +void
   1.192 +int19_function(seq_nr)
   1.193 +Bit16u seq_nr;
   1.194  {
   1.195    Bit16u ebda_seg=read_word(0x0040,0x000E);
   1.196 -  Bit16u bootseq;
   1.197 +  Bit16u bootdev;
   1.198    Bit8u  bootdrv;
   1.199 -  Bit8u  bootcd;
   1.200    Bit8u  bootchk;
   1.201    Bit16u bootseg;
   1.202 +  Bit16u bootip;
   1.203    Bit16u status;
   1.204 -  Bit8u  lastdrive=0;
   1.205 +
   1.206 +  struct ipl_entry e;
   1.207  
   1.208    // if BX_ELTORITO_BOOT is not defined, old behavior
   1.209    //   check bit 5 in CMOS reg 0x2d.  load either 0x00 or 0x80 into DL
   1.210 @@ -7575,54 +7635,43 @@ Bit8u bseqnr;
   1.211    //     0x01 : first floppy 
   1.212    //     0x02 : first harddrive
   1.213    //     0x03 : first cdrom
   1.214 +  //     0x04 - 0x10 : PnP expansion ROMs (e.g. Etherboot)
   1.215    //     else : boot failure
   1.216  
   1.217    // Get the boot sequence
   1.218  #if BX_ELTORITO_BOOT
   1.219 -  bootseq=inb_cmos(0x3d);
   1.220 -  bootseq|=((inb_cmos(0x38) & 0xf0) << 4);
   1.221 -
   1.222 -  if (bseqnr==2) bootseq >>= 4;
   1.223 -  if (bseqnr==3) bootseq >>= 8;
   1.224 -  if (bootseq<0x10) lastdrive = 1;
   1.225 -  bootdrv=0x00; bootcd=0;
   1.226 -  switch(bootseq & 0x0f) {
   1.227 -    case 0x01: bootdrv=0x00; bootcd=0; break;
   1.228 -    case 0x02: bootdrv=0x80; bootcd=0; break;
   1.229 -    case 0x03: bootdrv=0x00; bootcd=1; break;
   1.230 -    default:   return 0x00000000;
   1.231 -    }
   1.232 -#else
   1.233 -  bootseq=inb_cmos(0x2d);
   1.234 -
   1.235 -  if (bseqnr==2) {
   1.236 -    bootseq ^= 0x20;
   1.237 -    lastdrive = 1;
   1.238 +  bootdev = inb_cmos(0x3d);
   1.239 +  bootdev |= ((inb_cmos(0x38) & 0xf0) << 4);
   1.240 +  bootdev >>= 4 * seq_nr;
   1.241 +  bootdev &= 0xf;
   1.242 +  if (bootdev == 0) BX_PANIC("No bootable device.\n");
   1.243 +  
   1.244 +  /* Translate from CMOS runes to an IPL table offset by subtracting 1 */
   1.245 +  bootdev -= 1;
   1.246 +#else  
   1.247 +  if (seq_nr ==2) BX_PANIC("No more boot devices.");
   1.248 +  if (!!(inb_cmos(0x2d) & 0x20) ^ (seq_nr == 1)) 
   1.249 +      /* Floppy first if the bit is set or it's the second boot */
   1.250 +    bootdev = 0x00;
   1.251 +  else 
   1.252 +    bootdev = 0x01;
   1.253 +#endif
   1.254 +
   1.255 +  /* Read the boot device from the IPL table */
   1.256 +  if (get_boot_vector(bootdev, &e) == 0) {
   1.257 +    BX_INFO("Invalid boot device (0x%x)\n", bootdev);
   1.258 +    return;
   1.259    }
   1.260 -  bootdrv=0x00; bootcd=0;
   1.261 -  if((bootseq&0x20)==0) bootdrv=0x80;
   1.262 -#endif // BX_ELTORITO_BOOT
   1.263 -
   1.264 -#if BX_ELTORITO_BOOT
   1.265 -  // We have to boot from cd
   1.266 -  if (bootcd != 0) {
   1.267 -    status = cdrom_boot();
   1.268 -
   1.269 -    // If failure
   1.270 -    if ( (status & 0x00ff) !=0 ) {
   1.271 -      print_cdromboot_failure(status);
   1.272 -      print_boot_failure(bootcd, bootdrv, 1, lastdrive);
   1.273 -      return 0x00000000;
   1.274 -      }
   1.275 -
   1.276 -    bootseg = read_word(ebda_seg,&EbdaData->cdemu.load_segment);
   1.277 -    bootdrv = (Bit8u)(status>>8);
   1.278 -    }
   1.279 -
   1.280 -#endif // BX_ELTORITO_BOOT
   1.281 -
   1.282 -  // We have to boot from harddisk or floppy
   1.283 -  if (bootcd == 0) {
   1.284 +
   1.285 +  /* Do the loading, and set up vector as a far pointer to the boot
   1.286 +   * address, and bootdrv as the boot drive */
   1.287 +  print_boot_device(e.type);
   1.288 +
   1.289 +  switch(e.type) {
   1.290 +  case 0x01: /* FDD */
   1.291 +  case 0x02: /* HDD */
   1.292 +
   1.293 +    bootdrv = (e.type == 0x02) ? 0x80 : 0x00;
   1.294      bootseg=0x07c0;
   1.295  
   1.296  ASM_START
   1.297 @@ -7650,39 +7699,71 @@ int19_load_done:
   1.298  ASM_END
   1.299      
   1.300      if (status != 0) {
   1.301 -      print_boot_failure(bootcd, bootdrv, 1, lastdrive);
   1.302 -      return 0x00000000;
   1.303 +      print_boot_failure(e.type, 1);
   1.304 +      return;
   1.305 +    }
   1.306 +
   1.307 +    // check signature if instructed by cmos reg 0x38, only for floppy
   1.308 +    if (e.type == 0x00 && (inb_cmos(0x38) & 0x01)) {
   1.309 +      if (read_word(bootseg,0x1fe) != 0xaa55) {
   1.310 +        print_boot_failure(e.type, 0);
   1.311 +        return;
   1.312        }
   1.313      }
   1.314  
   1.315 -  // check signature if instructed by cmos reg 0x38, only for floppy
   1.316 -  // bootchk = 1 : signature check disabled
   1.317 -  // bootchk = 0 : signature check enabled
   1.318 -  if (bootdrv != 0) bootchk = 0;
   1.319 -  else bootchk = inb_cmos(0x38) & 0x01;
   1.320 +    /* Canonicalize bootseg:bootip */
   1.321 +    bootip = (bootseg & 0x0fff) << 4;
   1.322 +    bootseg &= 0xf000;
   1.323 +  break;
   1.324  
   1.325  #if BX_ELTORITO_BOOT
   1.326 -  // if boot from cd, no signature check
   1.327 -  if (bootcd != 0)
   1.328 -    bootchk = 1;
   1.329 -#endif // BX_ELTORITO_BOOT
   1.330 -
   1.331 -  if (bootchk == 0) {
   1.332 -    if (read_word(bootseg,0x1fe) != 0xaa55) {
   1.333 -      print_boot_failure(bootcd, bootdrv, 0, lastdrive);
   1.334 -      return 0x00000000;
   1.335 -      }
   1.336 +  case 0x03: /* CD-ROM */
   1.337 +    status = cdrom_boot();
   1.338 +
   1.339 +    // If failure
   1.340 +    if ( (status & 0x00ff) !=0 ) {
   1.341 +      print_cdromboot_failure(status);
   1.342 +      print_boot_failure(e.type, 1);
   1.343 +      return;
   1.344      }
   1.345 +
   1.346 +    bootdrv = (Bit8u)(status>>8);
   1.347 +    bootseg = read_word(ebda_seg,&EbdaData->cdemu.load_segment);
   1.348 +    /* Canonicalize bootseg:bootip */
   1.349 +    bootip = (bootseg & 0x0fff) << 4;
   1.350 +    bootseg &= 0xf000;
   1.351 +    break;
   1.352 +#endif
   1.353 +
   1.354 +  case 0x80: /* Expansion ROM with a Bootstrap Entry Vector (a far pointer) */
   1.355 +    bootseg = e.vector >> 16;
   1.356 +    bootip = e.vector & 0xffff;
   1.357 +    break;
   1.358 +
   1.359 +  default: return;
   1.360 +  }
   1.361    
   1.362 -#if BX_ELTORITO_BOOT
   1.363 -  // Print out the boot string
   1.364 -  print_boot_device(bootcd, bootdrv);
   1.365 -#else // BX_ELTORITO_BOOT
   1.366 -  print_boot_device(0, bootdrv);
   1.367 -#endif // BX_ELTORITO_BOOT
   1.368 -
   1.369 -  // return the boot segment
   1.370 -  return (((Bit32u)bootdrv) << 16) + bootseg;
   1.371 +  /* Jump to the boot vector */
   1.372 +ASM_START
   1.373 +    mov  bp, sp
   1.374 +    ;; Build an iret stack frame that will take us to the boot vector.
   1.375 +    ;; iret pops ip, then cs, then flags, so push them in the opposite order.
   1.376 +    pushf
   1.377 +    mov  ax, _int19_function.bootseg + 0[bp] 
   1.378 +    push ax
   1.379 +    mov  ax, _int19_function.bootip + 0[bp] 
   1.380 +    push ax
   1.381 +    ;; Set the magic number in ax and the boot drive in dl.
   1.382 +    mov  ax, #0xaa55
   1.383 +    mov  dl, _int19_function.bootdrv + 0[bp]
   1.384 +    ;; Zero some of the other registers.
   1.385 +    xor  bx, bx
   1.386 +    mov  ds, bx
   1.387 +    mov  es, bx
   1.388 +    mov  bp, bx
   1.389 +    ;; Go!
   1.390 +    iret
   1.391 +ASM_END
   1.392  }
   1.393  
   1.394    void
   1.395 @@ -8139,14 +8220,26 @@ int13_out:
   1.396    popa
   1.397    iret 
   1.398  
   1.399 -
   1.400  ;----------
   1.401  ;- INT18h -
   1.402  ;----------
   1.403 -int18_handler: ;; Boot Failure routing
   1.404 -  call _int18_panic_msg
   1.405 -  hlt
   1.406 -  iret
   1.407 +int18_handler: ;; Boot Failure recovery: try the next device.
   1.408 +
   1.409 +  ;; Reset DS, SS and SP
   1.410 +  xor  ax, ax
   1.411 +  mov  ds, ax
   1.412 +  mov  ss, ax
   1.413 +  mov  ax, #0xfffe
   1.414 +  mov  sp, ax
   1.415 +
   1.416 +  ;; Get the boot sequence number off the top of the stack
   1.417 +  sub  sp, #2
   1.418 +  pop  ax
   1.419 +  ;; Increment the boot sequence number, and carry on in the INT 19h handler
   1.420 +  inc  ax
   1.421 +  push ax
   1.422 +
   1.423 +  jmp  int19_next_boot
   1.424  
   1.425  ;----------
   1.426  ;- INT19h -
   1.427 @@ -8160,56 +8253,25 @@ int19_relocated: ;; Boot function, reloc
   1.428  
   1.429    push bp
   1.430    mov  bp, sp
   1.431 -
   1.432 -  ;; drop ds
   1.433 +  
   1.434 +  ;; Reset DS, SS and SP
   1.435    xor  ax, ax
   1.436    mov  ds, ax
   1.437 -
   1.438 -  ;; 1st boot device
   1.439 -  mov  ax, #0x0001
   1.440 +  mov  ss, ax
   1.441 +  mov  ax, #0xfffe
   1.442 +  mov  sp, ax
   1.443 +
   1.444 +  ;; Start from the first boot device.
   1.445 +  mov  ax, #0000
   1.446    push ax
   1.447 -  call _int19_function
   1.448 -  inc  sp
   1.449 -  inc  sp
   1.450 -  ;; bl contains the boot drive
   1.451 -  ;; ax contains the boot segment or 0 if failure
   1.452 -
   1.453 -  test       ax, ax  ;; if ax is 0 try next boot device
   1.454 -  jnz        boot_setup
   1.455 -
   1.456 -  ;; 2nd boot device
   1.457 -  mov  ax, #0x0002
   1.458 -  push ax
   1.459 +
   1.460 +int19_next_boot:
   1.461 +
   1.462 +  ;; Call the C code for the next boot device
   1.463    call _int19_function
   1.464 -  inc  sp
   1.465 -  inc  sp
   1.466 -  test       ax, ax  ;; if ax is 0 try next boot device
   1.467 -  jnz        boot_setup
   1.468 -
   1.469 -  ;; 3rd boot device
   1.470 -  mov  ax, #0x0003
   1.471 -  push ax
   1.472 -  call _int19_function
   1.473 -  inc  sp
   1.474 -  inc  sp
   1.475 -  test       ax, ax  ;; if ax is 0 call int18
   1.476 -  jz         int18_handler
   1.477 -
   1.478 -boot_setup:
   1.479 -  mov dl,    bl      ;; set drive so guest os find it
   1.480 -  shl eax,   #0x04   ;; convert seg to ip
   1.481 -  mov 2[bp], ax      ;; set ip
   1.482 -
   1.483 -  shr eax,   #0x04   ;; get cs back
   1.484 -  and ax,    #0xF000 ;; remove what went in ip
   1.485 -  mov 4[bp], ax      ;; set cs
   1.486 -  xor ax,    ax
   1.487 -  mov es,    ax      ;; set es to zero fixes [ 549815 ]
   1.488 -  mov [bp],  ax      ;; set bp to zero
   1.489 -  mov ax,    #0xaa55 ;; set ok flag
   1.490 -
   1.491 -  pop bp
   1.492 -  iret               ;; Beam me up Scotty
   1.493 +
   1.494 +  ;; Boot failed: invoke the boot recovery function
   1.495 +  int  #0x18
   1.496  
   1.497  ;----------
   1.498  ;- INT1Ch -
   1.499 @@ -9387,6 +9449,15 @@ checksum_loop:
   1.500    pop  ax
   1.501    ret
   1.502  
   1.503 +
   1.504 +;; We need a copy of this string, but we are not actually a PnP BIOS, 
   1.505 +;; so make sure it is *not* aligned, so OSes will not see it if they scan.
   1.506 +.align 16
   1.507 +  db 0
   1.508 +pnp_string:
   1.509 +  .ascii "$PnP"
   1.510 +
   1.511 +
   1.512  rom_scan:
   1.513    ;; Scan for existence of valid expansion ROMS.
   1.514    ;;   Video ROM:   from 0xC0000..0xC7FFF in 2k increments
   1.515 @@ -9421,9 +9492,17 @@ block_count_rounded:
   1.516    xor  bx, bx   ;; Restore DS back to 0000:
   1.517    mov  ds, bx
   1.518    push ax       ;; Save AX
   1.519 +  push di       ;; Save DI
   1.520    ;; Push addr of ROM entry point
   1.521    push cx       ;; Push seg
   1.522    push #0x0003  ;; Push offset
   1.523 +
   1.524 +  ;; Point ES:DI at "$PnP", which tells the ROM that we are a PnP BIOS.  
   1.525 +  ;; That should stop it grabbing INT 19h; we will use its BEV instead.
   1.526 +  mov  ax, #0xf000
   1.527 +  mov  es, ax
   1.528 +  lea  di, pnp_string 
   1.529 +
   1.530    mov  bp, sp   ;; Call ROM init routine using seg:off on stack
   1.531    db   0xff     ;; call_far ss:[bp+0]
   1.532    db   0x5e
   1.533 @@ -9431,6 +9510,38 @@ block_count_rounded:
   1.534    cli           ;; In case expansion ROM BIOS turns IF on
   1.535    add  sp, #2   ;; Pop offset value
   1.536    pop  cx       ;; Pop seg value (restore CX)
   1.537 +
   1.538 +  ;; Look at the ROM's PnP Expansion header.  Properly, we're supposed 
   1.539 +  ;; to init all the ROMs and then go back and build an IPL table of 
   1.540 +  ;; all the bootable devices, but we can get away with one pass.
   1.541 +  mov  ds, cx       ;; ROM base
   1.542 +  mov  bx, 0x001a   ;; 0x1A is the offset into ROM header that contains...
   1.543 +  mov  ax, [bx]     ;; the offset of PnP expansion header, where...
   1.544 +  cmp  ax, #0x5024  ;; we look for signature "$PnP"
   1.545 +  jne  no_bev
   1.546 +  mov  ax, 2[bx]
   1.547 +  cmp  ax, #0x506e 
   1.548 +  jne  no_bev
   1.549 +  mov  ax, 0x1a[bx] ;; 0x1A is also the offset into the expansion header of...
   1.550 +  cmp  ax, #0x0000  ;; the Bootstrap Entry Vector, or zero if there is none.
   1.551 +  je   no_bev
   1.552 +
   1.553 +  ;; Found a device that thinks it can boot the system.  Record its BEV.
   1.554 +  mov  bx, #IPL_SEG            ;; Go to the segment where the IPL table lives 
   1.555 +  mov  ds, bx
   1.556 +  mov  bx, IPL_COUNT_OFFSET    ;; Read the number of entries so far
   1.557 +  cmp  bx, #IPL_TABLE_ENTRIES
   1.558 +  je   no_bev                  ;; Get out if the table is full
   1.559 +  shl  bx, #0x4                ;; Turn count into offset (entries are 16 bytes)
   1.560 +  mov  0[bx], #0x80            ;; This entry is a BEV device
   1.561 +  mov  6[bx], cx               ;; Build a far pointer from the segment...
   1.562 +  mov  4[bx], ax               ;; and the offset
   1.563 +  shr  bx, #0x4                ;; Turn the offset back into a count
   1.564 +  inc  bx                      ;; We have one more entry now
   1.565 +  mov  IPL_COUNT_OFFSET, bx    ;; Remember that.
   1.566 +
   1.567 +no_bev:
   1.568 +  pop  di       ;; Restore DI
   1.569    pop  ax       ;; Restore AX
   1.570  rom_scan_increment:
   1.571    shl  ax, #5   ;; convert 512-bytes blocks to 16-byte increments
   1.572 @@ -9764,6 +9875,8 @@ post_default_ints:
   1.573    call smbios_init
   1.574  #endif
   1.575  
   1.576 +  call _init_boot_vectors
   1.577 +
   1.578    call rom_scan
   1.579  
   1.580    call _print_bios_banner 
     2.1 --- a/tools/ioemu/hw/pc.c	Wed Dec 20 11:54:57 2006 +0000
     2.2 +++ b/tools/ioemu/hw/pc.c	Wed Dec 20 11:57:53 2006 +0000
     2.3 @@ -168,6 +168,8 @@ static int get_bios_disk(char *boot_devi
     2.4              return 0x02;            /* hard drive */
     2.5          case 'd':
     2.6              return 0x03;            /* cdrom */
     2.7 +        case 'n':
     2.8 +            return 0x04;            /* network */
     2.9          }
    2.10      }
    2.11      return 0x00;                /* no device */
     3.1 --- a/tools/ioemu/vl.c	Wed Dec 20 11:54:57 2006 +0000
     3.2 +++ b/tools/ioemu/vl.c	Wed Dec 20 11:57:53 2006 +0000
     3.3 @@ -6153,7 +6153,7 @@ int main(int argc, char **argv)
     3.4              case QEMU_OPTION_boot:
     3.5                  boot_device = strdup(optarg);
     3.6                  if (strspn(boot_device, "acd"
     3.7 -#ifdef TARGET_SPARC
     3.8 +#if defined(TARGET_SPARC) || defined(TARGET_I386)
     3.9                             "n"
    3.10  #endif
    3.11                          ) != strlen(boot_device)) {