The BIOS Blog

Welcome to the dark corner of BIOS reverse engineering, code injection and various modification techniques only deemed by those immensely curious about BIOS

Sunday, July 12, 2015

The State of My Firmware Research

Well, I decided to post this because I've been over-promising and under-delivering for several years now.

Straight to the matter, I've been leaving my firmware research work in a state of hibernation for almost a year now due to a (some?)  product development work I'm still working on as of now (which I cannot elaborate further). It's not that I feel firmware is not interesting anymore. On the contrary, I feel it's far more interesting now than it used to be due to the raise of connected embedded systems (now re-badged as Internet of Things a.k.a "rather intelligent" data collection systems). The main problem for me is finding time to work on this research again as it's unfortunately not my day job.

As for my work on the continuation of my BIOS Disassembly book project. I will try to find time for that, but I don't want to over-promise on it. Hopefully this clears things up. 

Monday, March 2, 2015

Remote Access in Legacy BIOS

In this post I'm going to talk about Remote Access in Legacy BIOS via serial console. I aware some (or most) of you are aware that BIOS has provided management console via serial port for a long time. I have the opportunity to modify a customer custom Geode board BIOS to add support for Serial Console a few years ago. It's a quite nifty but rather buggy implementation though (I meant the serial console module). This one is from AMIBIOS Core8. This is the screen shot from minicom in Arch Linux.

As you can see, the terminal looks like how you would expect it when accessed via real keyboard. Unfortunately, some function keys are not working as expected. You can configure the serial port just like you'd expect on old BIOS with serial port support, i.e. the BAUD rate, flow control, bit-ness (8-bit), etc.. The Remote Access menu in the picture is where one would configure the serial port setting for the remote access (serial console).

I'm "dusting-off" this old board from storage because it's quite a nice board to tinker with. I almost forgot that it has remote BIOS access feature back then. Basically, it works like Linux serial terminal in most embedded Linux boards out there. But, this one is limited. I think many enterprise-class motherboard has this feature back in the day and also today because it's a very crucial feature for remote manageability especially if you have thousands of machine to work with. Keep watching this one guys ;-). It's gonna be interesting..

Saturday, July 12, 2014

How Boot Firmware Development and Driver Development Differs--PCI Bus Implementation Case Study

This post is not BIOS/UEFI specific per-se. However, it has a very close relation to it because it delves deep into Windows device driver architecture.

Most of BIOS/UEFI modules are aware of the CPU architecture, motherboard chipset and all supporting logic in which it runs. However, the same assumption cannot be made for an OS, such as Windows. Therefore, BIOS/UEFI modules mostly can take for granted the CPU and bus architecture in which it will run. The same is not true for a device driver. For example, a PCI or PCIe explansion card can be used in the same operating system but runs on entirely different CPU architecture. This means device driver creator couldn't and shouldn't assume the CPU architecture and bus architecture in which it will eventually run.

This series of posts by Windows PnP subsystem developer is very enlightening in this respect:

This hopefully shed some light in system software developments :)

Sunday, May 11, 2014

(Cross) Compiling My Sample PCI Expansion ROM Code

My sample PCI Expansion ROM code over at Low Cost Embedded x86 Teaching Tool is no longer compile-able on recent x64 Linux distributions. This is due to the fact that the default GCC toolchain in those Linux distros doesn't support output in the form of the particular ELF32 i386 required by the source code. Other possible problem is the GCC toolchain doesn't support 16-bit code output anymore, as required by the linker script.

For trouble free source code compilation, you're advised to download and build Coreboot cross compiler, see: Just invoke:

make crossgcc

in the directory where you download Coreboot (Coreboot root directory) to build the cross compiler. You'll also need to alter the Makefile of the PCI Expansion ROM code to use the newly built cross compiler. The toolchain components that you need to change in the Makefile is pretty much everyone of them, i.e: CC, LD, AS and OBJCOPY. The cross compiler should be located in the /util/crossgcc/xgcc/bin directory, once you have completed building the cross compiler. If you are still unsure about the path of the cross compiler toolchain, open the .xcompile file in Coreboot root directory.