Laptop enable: Difference between revisions
(added structure; added more text and formatting) |
m (whitespace formatting) |
||
Line 27: | Line 27: | ||
* ZFLPF is found at 0x40 | * ZFLPF is found at 0x40 | ||
* len(ZFLPH) = 5 | * len(ZFLPH) = 5 | ||
The location of the entrypoint is stored at 0x51: | The location of the entrypoint is stored at 0x51: | ||
Line 39: | Line 40: | ||
Note that the above two formulas can be wrong. | Note that the above two formulas can be wrong. | ||
Let's take a look at position 0x51: | Let's take a look at position 0x51: |
Revision as of 21:23, 22 October 2011
Intro
- http://flashrom.org/Board_Enable
- http://flashrom.org/Laptops
- http://www.coreboot.org/Embedded_controller
- http://www.coreboot.org/Laptop#Embedded_controllers
Most (all?) laptop designs use an EC (embedded controller) to control the backlight, watch the battery status, etcetera.
To access the flash chip, the EC needs to be suspended/stopped. The code to stop the EC typically is found at the end of a BIOS binary. This page is about that trailing part of a binary.
Using a laptop BIOS (Phoenix TrustedCore) file that is one megabyte large, the TRAILER starts at 0x100001 (1024^2 + 1).
Example of a disassembly
The disassembler that is used is IDAPro, the freeware version.
Example of how the disassembly of the trailer looks:
TRAILER:0010 09 00 00 00 00 00 00 00 00 00 00 43 6F 6D 70 61 ..........Compa
TRAILER:0020 6C 20 57 69 6E 50 68 6C 61 73 68 20 2D 20 46 6C l WinPhlash - Fl
TRAILER:0030 61 73 68 69 6E 74 2E 61 73 6D 20 76 30 2E 30 33 ashint.asm v0.03
TRAILER:0040 5A 46 4C 50 46 25 00 00 00 00 00 00 00 59 02 00 ZFLPF%
Hints, facts and calculations
Facts:
- ZFLPF is found at 0x40
- len(ZFLPH) = 5
The location of the entrypoint is stored at 0x51:
0x51 =
position of ZFLPF + len(ZFLPF) + (((position where the string "Compal" starts) >> 1) - 1) =
0x40 + 5 + ((0x1b >> 1) - 1) =
0x40 + 5 + 0xc
Note that the above two formulas can be wrong.
Let's take a look at position 0x51:
TRAILER:0051 DE 02 dw 2DEh
Fact:
- 0x2de + 0x1b = 0x2f9
Preview of the begin of the board specific code
TRAILER:02F9 ; ---------------------------------------------------------------------------
TRAILER:02F9 9C pushf
TRAILER:02FA 60 pusha
TRAILER:02FB E8 C2 00 call determine_lpc_pci_id