OpenBSD引导的第二部PBR,也是活动分区的一个扇区的代码,由第一步的MBR加载到0x7C00处,manpage里详细的讲解了过程和大致实现 biosboot(8) (http://man.openbsd.org/OpenBSD-6.0/man8/i386/biosboot.8),代码在sys/arch/i386/stand/biosboot/目录下,主要就是其中的biosboot.S;和mbr.S一样,在代码的开头清晰的介绍了该代码要做的事情:
/* * Memory layout: * * 0x00000 -> 0x07BFF our stack (to 31k) * 0x07A00 -> 0x07BFF typical MBR loc (at 30k5) * 0x07C00 -> 0x07DFF our code (at 31k) * 0x07E00 -> ... /boot inode block (at 31k5) * 0x07E00 -> ... (indirect block if nec) * 0x40000 -> ... /boot (at 256k) * * The BIOS loads the MBR at physical address 0x07C00. It then relocates * itself to (typically) 0x07A00. * * The MBR then loads us at physical address 0x07C00. * * We use a long jmp to normalise our address to seg:offset 07C0:0000. * (In real mode on x86, segment registers contain a base address in * paragraphs (16 bytes). 0000:00010 is the same as 0001:0000.) * * We set the stack to start at 0000:7BFC (grows down on i386) * * We then read the inode for /boot into memory just above us at * 07E0:0000, and run through the direct block table (and the first * indirect block table, if necessary). * * We load /boot at seg:offset 4000:0000. * * Previous versions limited the size of /boot to 64k (loaded in a single * segment). This version does not have this limitation. */
注释内容包含了mbr.S开头的内容,还是讲解了大致引导过程:BIOS 读MBR到0x7C00处,然后MBR将自身重定位到0x7A00,MBR加载PBR也就是biosboot.S到0x7C00,然后jmp到0x7C00处的biosboot.S执行。
biosboot.S的特殊之处在于不像mbr.S里那样直接从磁盘扇区的第1扇区这种“物理”定位信息加载后续代码,也就是说biosboot需要能直接操作文件系统了,因为它后续加载的是/boot,要直接从根分区加载boot!对比其他的bootloader,比如GRUB,GRUB能直接读各种各样的文件系统,其代码复杂度可想而知,OpenBSD的biosboot实际上并不能读文件系统,因为它只有512字节啊,这点空间不可能能放下文件系统驱动!biosboot采取的方法是在最终的二进制内容里直接保存/boot所在的磁盘扇区位置信息,当然不可能直接写死在biosboot.S代码里,采取的办法是打二进制patch,也就是直接修改编译后的二进制文件里的,通过用户态程序/usr/sbin/installboot将/boot的物理位置信息写到编译后的biosboot中,然后将修改后的biosboot写到分区第一个扇区;这里涉及到ELF文件相关知识,在biosboot.S中有几个导出的符号,installboot将/boot物理位置信息写到这几个符号所指的位置处,代码的注释里清晰的讲解了这几个导出符号:
/* * The data passed by installboot is: * * inodeblk uint32 the filesystem block that holds /boot's inode * inodedbl uint32 the memory offset to the beginning of the * direct block list (di_db[]). (This is the * offset within the block + $INODEOFF, which is * where we load the block to.) * fs_bsize_p uint16 the filesystem block size _in paragraphs_ * (i.e. fs_bsize / 16) * fs_bsize_s uint16 the number of disk sectors in a filesystem * block (i.e. fs_bsize / d_secsize). Directly written * into the LBA command block, at lba_count. * XXX LIMITED TO 127 BY PHOENIX EDD SPEC. * fsbtodb uint8 shift count to convert filesystem blocks to * disk blocks (sectors). Note that this is NOT * log2 fs_bsize, since fragmentation allows * the trailing part of a file to use part of a * filesystem block. In other words, filesystem * block numbers can point into the middle of * filesystem blocks. * p_offset uint32 the starting disk block (sector) of the * filesystem * nblocks uint16 the number of filesystem blocks to read. * While this can be calculated as * howmany(di_size, fs_bsize) it takes us too * many code bytes to do it. * * All of these are patched directly into the code where they are used * (once only, each), to save space. * * One more symbol is exported, in anticipation of a "-c" flag in * installboot to force CHS reads: * * force_chs uint8 set to the value 1 to force biosboot to use CHS * reads (this will of course cause the boot sequence * to fail if /boot is above 8 GB). */
这几个值使biosboot能直接定位到磁盘上的boot。biosboot中和mbr一样也有CHS、LBA相关的代码,按住shift键强制使用CHS模式。加载boot到0x40000,也就是256KB处,然后jmp到其中继续执行/boot。
OK,终于看完这些实模式的鬼东西了……后面空了再继续写boot后面的东西吧。