The BIOS Blog

Welcome to the dark corner of BIOS reverse engineering, code injection and various modification techniques only deemed by those immensely curious about BIOS

Thursday, August 8, 2013

UEFI replacement for BIOS Int 15h AX=E820h Interface

Those who play with low level code are familiar with the BIOS Int 15h AX=E820h interface to query memory map of the system (x86/x64). In fact, it's probably the safest way to do that.

In EFI/UEFI, the interface is replaced by a new function call interface. The function name is GetMemoryMap() and it's part of EFI/UEFI boot services. The definition of this function as follows: 
typedef
EFI_STATUS
GetMemoryMap (
    IN OUT UINTN *MemoryMapSize,
    IN OUT EFI_MEMORY_DESCRIPTOR *MemoryMap,
    OUT UINTN *MapKey,
    OUT UINTN *DescriptorSize,
    OUT UINT32 *DescriptorVersion
);
The meaning of the parameters as follows:
  • MemoryMapSize; A pointer to the size, in bytes, of the MemoryMap buffer. On input, this is the size of the buffer allocated by the caller. On output, it is the size of the buffer returned by the firmware if the buffer was large enough, or the size of the buffer needed to contain the map if the buffer was too small.
  • MemoryMap; A pointer to the buffer in which firmware places the current memory map. The map is an array of EFI_MEMORY_DESCRIPTORs.
  • MapKey; A pointer to the location in which firmware returns the key for the current memory map.
  • DescriptorSize; A pointer to the location in which firmware returns the size, in bytes, of an individual EFI_MEMORY_DESCRIPTOR.
  • DescriptorVersion; A pointer to the location in which firmware returns the version number associated with the EFI_MEMORY_DESCRIPTOR. See “Related Definitions.”
The definition of the EFI_MEMORY_DESCRIPTOR structure as follows: 
//*******************************************************
//EFI_MEMORY_DESCRIPTOR
//*******************************************************
typedef struct {
    UINT32 Type;
    EFI_PHYSICAL_ADDRESS PhysicalStart;
    EFI_VIRTUAL_ADDRESS VirtualStart;
    UINT64 NumberOfPages;
    UINT64 Attribute;
} EFI_MEMORY_DESCRIPTOR
The description above is based on UEFI Spec. v2.3.1 Errata C.
Posted by Darmawan Salihun at 11:39 AM
Reactions: 
0 comments Links to this post
Labels: ,

Wednesday, July 17, 2013

AMI Mega RAC XMS

Long time no posting here :-(.

We've got new stuff to look over now: AMI Mega RAC XMS.
This thing is an out-of-band communication "suite" by AMI. Here's the feature article:
http://www.datacenter-insider.de/themenbereiche/management-planung/system-management/articles/409996/
continued at: http://www.datacenter-insider.de/themenbereiche/management-planung/system-management/articles/409996/index2.html


Posted by Darmawan Salihun at 11:51 PM
Reactions: 
1 comments Links to this post
Labels:

Monday, May 20, 2013

BIOS "Chronomancy" Paper

This paper is very interesting: http://www.nosuchcon.com/talks/D2_01_Butterworth_BIOS_Chronomancy.pdf
It researched what to do if you don't trust the BIOS/UEFI ROM contents even in the presence of TPM.
Posted by Darmawan Salihun at 11:04 AM
Reactions: 
3 comments Links to this post
Labels:

Monday, April 22, 2013

x86/x64 CMOV Instruction vs ARM Conditional Instruction Execution

If you've been programming in x86/x64 assembler for a while now, you'll know the CMOV (Conditional Move) instruction. This instruction was introduced in P6 (Pentium Pro) for compiler optimization.

It seems that the conditional instruction execution in ARM (32-bit only?) predates the P6 CMOV instruction debut. Conditional instruction execution of course speeds up comparison statements in many occasions in our code. 

Now, did Intel "copied" the technique from the RISC world and applied it to x86 back then? 
IIRC, P6 (Pentium Pro) was the first Out-Of-Order CPU core from Intel. I recall that this architecture was more RISC-like on the inside.
Posted by Darmawan Salihun at 9:00 AM
Reactions: 
1 comments Links to this post
Labels:
Subscribe to: Posts (Atom)