Software initialization code at 0xFFFFFFF0H

Question

Intel says after reset the processor is placed in real mode and the software initialization code starts at 0xFFFFFFF0H. My questions:

• If processor is in real-mode how can it acess the memory > 1MB (0xFFFFFFF0H)

• How this happens or what happens when RAM in < 4GB ( say 2GB)

• If the BIOS is mapped at 0x000FFFFFH why processor starts executing at 0xFFFFFFF0H

Please help me with these questions. Thanks.

Answer 1

I finally found the answer in the Coreboot documentation:

Whenever an x86 CPU wakes up after reset, it does it in Real Mode. This mode is limited to 1MiB address space and 64k offsets and the reset vector of the original 8086/88 was located at 0xFFFF0.

As there was no change even if we run current processors like P3, these newer CPUs also feels like they where start at 0xF000:0xFFF0 after a reset. But they do not. The base of the code segment register is 0xFFFF0000 after reset, so the CPU generates a physical address of 0xFFFFFFF0 to the chipset. And the chipset is responsible to forward this area to the boot ROM. Its confusing: The CPU "thinks" it runs code at 0xF000:0xFFF0 but instead it uses code at 0xFFFFFFF0. The developers must have been tanked up when they realised this design into silicon.

So it seems the Intel documentation talks about the physical address as used "on the wire", i.e. when accessing the real bus. And this is independent of the CPU mode (the bus doesn't know or care about a CPU mode, it's the CPUs duty to translate these things).

Answer 2

To see your question in action you will need a hardware debugger. And the proper documentation is from Intel, to quote: http://download.intel.com/design/processor/manuals/253668.pdf, section 9.1.4:

The first instruction that is fetched and executed following a hardware reset is located at physical address FFFFFFF0H. This address is 16 bytes below the processor’s uppermost physical address. The EPROM containing the software initialization code must be located at this address.

This means BIOS ROM, FYI, not your normal RAM, ie, the content is hardwired. And remember, at this stage, RAM memory is not even setup, and VGA memory (which is different from RAM) is not even available and initialized.

The address FFFFFFF0H is beyond the 1-MByte addressable range of the processor while in real-address mode. The processor is initialized to this starting address as follows. The CS register has two parts: the visible segment selector part and the hidden base address part. In real-address mode, the base address is normally formed by shifting the 16-bit segment selector value 4 bits to the left to produce a 20-bit base address. However, during a hardware reset, the segment selector in the CS register is loaded with F000H and the base address is loaded with FFFF0000H. The starting address is thus formed by adding the base address to the value in the EIP register (that is, FFFF0000 + FFF0H = FFFFFFF0H). The first time the CS register is loaded with a new value after a hardware reset, the processor will follow the normal rule for address translation in real-address mode (that is, [CS base address = CS segment selector * 16]). To insure that the base address in the CS register remains unchanged until the EPROM based software initialization code is completed, the code must not contain a far jump or far call or allow an interrupt to occur (which would cause the CS selector value to be changed)

During this time, the BIOS essentially is initializing the hardware and the memory itself, while still executing in real mode. Then finally the VGA BIOS (which exists in your VGA card, addressable at 0xc700) is executed etc etc. But this is going beyond the current question. But the quoted remarks above essentially answered your question.