Forum RSS Feed Follow @ Twitter Follow On Facebook

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Latest Threads
Ami Bios/Uefi Notebook "Medion E15302" R...
Last Post: LiveSafe
Today 02:11 PM
» Replies: 0
» Views: 9
[REQUEST] Lenovo IdeaPad U330, U430 & U5...
Last Post: derdbk
Today 08:55 AM
» Replies: 414
» Views: 140886
Unlocked BIOS for Zephyrus M16 2023
Last Post: nir1213
Yesterday 08:56 PM
» Replies: 0
» Views: 81
[REQUEST] Acer Predator Helios 300 PH315...
Last Post: Dudu2002
Yesterday 02:33 PM
» Replies: 40
» Views: 13665
lenovo z570 Advanced Menu Unlocked
Last Post: Brunobox99
Yesterday 10:02 AM
» Replies: 9
» Views: 6125
[REQUEST] Lenovo IdeaPad U310 & U410 (65...
Last Post: djcostyro
Yesterday 06:48 AM
» Replies: 1783
» Views: 500931
Lenovo ThinkCentre M700 10GS - Kaby Lake...
Last Post: tommi22012
Yesterday 04:42 AM
» Replies: 11
» Views: 3836
[Request] Lenovo T550 Whitelist removal
Last Post: Dudu2002
Yesterday 04:37 AM
» Replies: 5
» Views: 1198
[REQUEST] Acer PT715-51 (Triton 700) ins...
Last Post: Dudu2002
11-27-2024 10:49 AM
» Replies: 24
» Views: 12432
[REQUEST] Acer Aspire 9300 BIOS Unlock
Last Post: Geortor
11-26-2024 04:01 PM
» Replies: 10
» Views: 2266
[Request] Asus H110M-R Mainboard - Xeon ...
Last Post: kusslegyen
11-26-2024 02:04 PM
» Replies: 14
» Views: 6806
LGA771 Bios Microcode for HP dc7800 sff
Last Post: Netuser232
11-26-2024 01:27 PM
» Replies: 136
» Views: 92186
Dell Vostro 3500 full unlocked
Last Post: kamilchno
11-26-2024 10:51 AM
» Replies: 0
» Views: 138
Bios logo
Last Post: Nkosenhle
11-26-2024 10:43 AM
» Replies: 0
» Views: 130
Gigabyte AORUS 5 (KB/SB/MB) BIOS Unlock
Last Post: Dudu2002
11-26-2024 10:41 AM
» Replies: 18
» Views: 4864
[REQUEST] Lenovo G580 (5ECNxxWW) Whiteli...
Last Post: Dudu2002
11-26-2024 09:09 AM
» Replies: 1730
» Views: 673632
[REQUEST] Lenovo Thinkpad X230(i) (G2ETx...
Last Post: willow25565
11-26-2024 02:06 AM
» Replies: 1090
» Views: 452145
[REQUEST] Lenovo Thinkpad Edge E430 & E5...
Last Post: RuryGame
11-25-2024 06:23 PM
» Replies: 494
» Views: 171843
2x CPU Dell Workstation BIOS modding
Last Post: William P
11-25-2024 03:30 PM
» Replies: 0
» Views: 160
[REQUEST] Lenovo T440(S) (GJETxxWW) Whit...
Last Post: Dudu2002
11-25-2024 01:28 PM
» Replies: 492
» Views: 186516

Option ROM loaded but no boot device
#1
As far as I read expresscard port is just one PCI express slot with removable capabilities.
So I take one 2x sata expresscard based on SIL3132, offcourse was just a simple card,just SIL3132 controller.
Search in my junkyard for a flash and found one of 256k solder it to PCB and program with SIL BIOS
Here I did a little mistake,SIL BIOS was 128K and my flash chip was 256K so that bios was not loaded by SIL3132 because signature at the end was not found.
After re-reading datasheet I see that and corrected.Now BIOS is loading that Option ROM but just ignore as boot device.

Option ROM is loaded by BIOS automatically,is loaded before trying to boot any devices and before entering main setup (in case I choose to enter setup).
I can enter into configuration menu of that option rom and configure drives etc.
But BIOS just does'nt enumerate this device as bootable.

Reading info from Pinczakko site and Plug and Play Bios specifications I'm asking if somehow I can do what BIOS is not doing right.

Code:
Boot Connection Vector (Real/Protected mode) - This location contains an offset from the start of the option ROM header to a routine that will cause the Option ROM to hook one or more of the primary input, primary display, or Initial Program Load (IPL) device vectors (INT 9h, INT 10h, or INT 13h), depending upon the parameters passed during the call.
When the system BIOS has determined that the device controlled by this Option ROM will be one of the boot devices (the Primary Input, Primary Display, or IPL device), the System ROM will execute a FAR CALL to the location pointed to by the Boot Connection Vector.

This is Expansion Header for Plug and Play (but there are three)
Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000000 24 50 6E 50 01 02 00 00 00 7D 95 10 32 31 00 00 $PnP.....}•.21..
00000010 00 00 01 00 00 44 01 00 00 00 00 00 00 00 00 00 .....D..........
00000020 24 50 6E 50 01 02 00 00 00 7D 95 10 32 31 00 00 $PnP.....}•.21..
00000030 00 00 01 00 00 44 01 00 00 00 00 00 00 00 00 00 .....D..........
00000040 24 50 6E 50 01 02 00 00 00 7D 95 10 32 31 00 00 $PnP.....}•.21..
00000050 00 00 01 00 00 44 01 00 00 00 00 00 00 00 00 00 .....D..........
00000060 24 50 6E 50 01 02 00 00 00 7D 95 10 32 31 00 00 $PnP.....}•.21..
00000070 00 00 01 00 00 44 01 00 00 00 00 00 00 00 00 00 .....D..........

Device is a storage SCSI,is a IPL device and ROM can be shadowed in RAM,there is no Bootstrap Entry Vector (that's ok) there is Boot Connection Vector.

Is there any possibility to boot from that device?
Ideal will be to do this using another Option rom which will replace network PXE ROM so choosing network boot that will force loading boot from that card.

Can this be done?
What is need to pass boot sequence to that device and start booting?


P.S. I forgot to mention that BIOS in case is Phoenix but is Dell one ,it can be extracted and decompressed modules but is not like others standard Phoenix.
find
quote
#2
I found this on lower RAM area in Option ROM shadowed in RAM
Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000000 24 50 6E 50 01 02 00 00 00 94 95 10 32 31 06 00 $PnP.....”•.21..
00000010 EA 15 01 01 80 E4 91 33 00 00 00 00 00 00 00 00 ê...€ä‘3........
00000020 24 50 6E 50 01 02 00 00 00 5C 95 10 32 31 00 00 $PnP.....\•.21..
00000030 00 00 01 01 80 E4 01 00 00 00 00 00 00 00 00 00 ....ۊ..........
00000040 24 50 6E 50 01 02 00 00 00 5C 95 10 32 31 00 00 $PnP.....\•.21..
00000050 00 00 01 01 80 E4 01 00 00 00 00 00 00 00 00 00 ....ۊ..........
00000060 24 50 6E 50 01 02 00 00 00 5C 95 10 32 31 00 00 $PnP.....\•.21..
00000070 00 00 01 01 80 E4 01 00 00 00 00 00 00 00 00 00 ....ۊ..........

First entry is different from initial one so I think that's the correct PnP header.

And this in F0000h-FFFFFh region

Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

000FE2D0 24 50 6E 50 10 21 01 00 BC B4 04 00 00 F1 E2 00 $PnP.!..¼´...ñâ.
000FE2E0 F0 F4 E2 00 00 0F 00 00 00 00 00 40 00 40 00 00 ðôâ........@.@..
000FE2F0 00 E9 EE D4 E9 F6 D4 FA E4 64 A8 04 74 14 B0 8F .éîÔéöÔúäd¨.t.°
000FE300 E8 B7 E2 3C 04 72 0B 3C 0B 74 07 3C 0C 77 03 E9 è·â<.r.<.t.<.w.é
000FE310 0E 83 BA 30 10 ED 83 E0 FE EF B0 02 E6 92 E6 84 .ƒº0.íƒàþï°.æ’æ„
000FE320 B0 03 E6 92 F4 EB °.æ’ôë

Area FED20h-FED2F0h is PnP installation check ?

Making a FAR CALL to location pointed by BCV will initialize boot sequence?
Is not clear for me what I need to put in ES : DI
find
quote
#3
This is by far the most interesting post of the month. I'd appreciate a BIOS link and any further updates you may have since yesterday.

Thanks for the great puzzle,
TheWiz
www find
quote
#4
No news at the moment.
Dell bios
9400.rar
in split are BIOS splited modules and in unpacked are unpacked modules from splited ones.
find
quote
#5
This is a part with real addresses

Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F


000CE000 55 AA 24 E9 42 7A 53 49 4C 49 43 4F 4E 20 49 4D Uª$éBzSILICON IM
000CE010 41 47 45 00 00 00 1C 00 40 00 6C 12 53 49 4D 47 AGE.....@.l.SIMG

000CF260 00 00 00 00 00 00 00 00 00 00 00 00 24 50 6E 50 ............$PnP
000CF270 01 02 00 00 00 94 95 10 32 31 06 00 EA 15 01 01 .....”•.21..ê...
000CF280 80 E4 91 33 00 00 00 00 00 00 00 00 24 50 6E 50 €ä‘3........$PnP
000CF290 01 02 00 00 00 5C 95 10 32 31 00 00 00 00 01 01 .....\•.21......
000CF2A0 80 E4 01 00 00 00 00 00 00 00 00 00 24 50 6E 50 ۊ..........$PnP
000CF2B0 01 02 00 00 00 5C 95 10 32 31 00 00 00 00 01 01 .....\•.21......
000CF2C0 80 E4 01 00 00 00 00 00 00 00 00 00 24 50 6E 50 ۊ..........$PnP
000CF2D0 01 02 00 00 00 5C 95 10 32 31 00 00 00 00 01 01 .....\•.21......
000CF2E0 80 E4 01 00 00 00 00 00 00 00 00 00 1A 00 01 00 ۊ..............

000D1380 82 33 B8 03 00 EB 0D B8 02 00 EB 08 B8 01 00 EB ‚3¸..ë.¸..ë.¸..ë
000D1390 03 B8 00 00 1E 9C 53 8B D8 B8 00 00 8E D8 67 80 .¸...œS‹Ø¸..ŽØg€
000D13A0 3D 75 04 00 00 00 75 05 90 90 E8 AA F9 2E 80 3E =u....u.èªù.€>

000FE2D0 24 50 6E 50 10 21 01 00 BC B4 04 00 00 F1 E2 00 $PnP.!..¼´...ñâ.
000FE2E0 F0 F4 E2 00 00 0F 00 00 00 00 00 40 00 40 00 00 ðôâ........@.@..

000FE2DO is System BIOS PnP Installation Check Structure
000CF282 is BCV
000D1391 is location pointed by BCV (or I wrong calc and is 000D1390?)

So I need to put
04 in AX
FFFF in BX
FFFF in DX
Now for ES : DI that is segment addressing as I read and is unknown for me
Could be like F000:E2D0?
Then make a FAR CALL to 000D1390

That in case calling BCV is for booting purpose and not for OROM initialization.

But since my programming skills are almost 0 I'm blocked now.
find
quote
#6
I'm going to keep looking at this, but I know someone who may be able to put this all together for you.

Give me a few days to let him take a look Smile

TheWiz
www find
quote
#7
One reason for no device listed in boot menu could be that somehow some memory area are RO at the moment of Option ROM in itialization.
I say that because OROM seems to initialize correctly but in BIOS data area at offset 475 where is number of disk detected number is not increased.
If boot from USB pen (only USB pen connected) offset 475 is 01 if I have old internal hdd connected and USB pen then ofssset is 02 but when Option ROM is loaded there is no change in any case.
BIOS could lock some area of memory or doesn't allow OROM to update IPL table?
find
quote
#8
Still trying to get my specialist on this, sorry for the wait.

TheWiz
www find
quote
#9
Thanks. I'll wait.
I'm not a programmer so I blindly look into RAM dumps or try to disassembly.
I have a similar card into one Intel D945GCL
On both card is in same PCIe port,under 8086:27D6
Comparing RAM dumps from both I see OROM is the same after loading (after initialization).


On both cases,Dell and Intel I have this (but in other range address on Intel 2ED0h-300Fh )
And using same HDD

This one is from Dell

Quote:Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00003AD0 5A 04 FF 3F 37 C8 10 00 00 00 00 00 3F 00 00 00 Z.ÿ?7È......?...
00003AE0 00 00 00 00 20 20 20 20 20 20 20 20 57 4E 38 30 .... WN80
00003AF0 36 54 32 31 45 35 53 45 03 00 00 40 00 00 32 2E 6T21E5SE...@..2.
00003B00 31 30 20 20 20 20 46 55 4A 49 54 53 55 20 4D 48 10 FUJITSU MH
00003B10 56 32 31 30 30 42 48 20 20 20 20 20 20 20 20 20 V2100BH
00003B20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 10 80 .€
00003B30 00 00 00 2F 00 40 00 02 00 02 07 00 30 1A A5 0B .../.@......0.¥.
00003B40 00 00 00 00 00 00 10 01 30 22 A5 0B 00 00 07 00 ........0"¥.....
00003B50 03 00 78 00 78 00 F0 00 78 00 00 00 00 00 00 00 ..x.x.ð.x.......
00003B60 00 00 00 00 00 00 1F 00 02 07 00 00 4C 00 40 00 ............L.@.
00003B70 F8 00 21 00 6B 34 09 7F 63 60 69 34 09 BE 63 60 ø.!.k4.c`i4.¾c`
00003B80 3F 20 32 00 00 00 80 40 FE FF 00 00 FE FE 00 00 ? 2...€@þÿ..þþ..
00003B90 00 00 00 00 00 00 00 00 30 22 A5 0B 00 00 00 00 ........0"¥.....
00003BA0 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 .....@..........
00003BB0 00 00 00 00 00 00 00 00 00 00 00 01 00 00 01 00 ................
00003BC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00003BD0 01 00 00 00 24 31 95 10 05 00 02 00 14 11 12 12 ....$1•.........
00003BE0 08 10 00 00 0A 00 00 FF 01 00 FF FF 00 00 00 00 .......ÿ..ÿÿ....
00003BF0 00 00 00 00 07 00 00 00 01 02 00 00 00 00 53 69 ..............Si
00003C00 49 20 43 6F 6E 63 61 74 65 6E 61 74 69 6F 41 73 I ConcatenatioAs

with a little difference on byte 3BF4h and 3C0Eh

Now using one soft eddinfo.exe on Intel board I can dump EDD

Quote:Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000000 1A 00 01 00 FF 3F 00 00 10 00 00 00 3F 00 00 00 ....ÿ?......?...
00000010 30 1A A5 0B 00 00 00 00 00 02 FF FF FF FF DD BE 0.¥.......ÿÿÿÿݾ
00000020 2C 00 00 00 50 43 49 20 52 41 49 44 20 20 20 20 ,...PCI RAID
00000030 00 00 00 FF 00 00 00 00 00 00 00 00 00 00 00 00 ...ÿ............
00000040 00 00 00 00 00 00 00 00 00 9E 30 22 A5 0B 00 00 .........ž0"¥...
00000050 00 00 A0 02 47 BD 10 FE 3F 3F 53 00 00 00 00 7F .. .G½.þ??S....
00000060 00 0A 10 05 04 97 08 00 00 11 AE 01 C1 00 10 01 .....—....®.Á...
00000070 04 45 01 01 81 00 00 00 00 00 00 20 00 55 AA 9F .E........ .UªŸ

This dump I can found it inside initialized option rom in both cases on Dell and on Intel and is identic.

At a first look all seems to be the same.
Same data (except two bytes) in first part and same resulted option rom but in Dell case number of detected disk in BDA (BIOS DATA AREA offset 0475h) is not increased.

Any help is welcome.
Thanks.
find
quote
#10
After more testing and comparing between two cases on Intel and Dell I see some differences somewhere after PCI data structure into initialized option ROM
In Intel case
Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000040 50 43 49 52 95 10 32 31 00 00 18 00 00 00 04 01 PCIR•.21........
00000050 6C 00 01 00 00 80 00 00 00 01 01 02 00 00 80 00 l....€........€.

And Dell case
Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000040 50 43 49 52 95 10 32 31 00 00 18 00 00 00 04 01 PCIR•.21........
00000050 6C 00 01 00 00 80 00 00 00 00 01 02 00 00 00 00 l....€..........

at offset 5E is sure HDD number because on Intel case with just one HDD there is 80 and value increase to 81 82 if I add one or two HDD to onboard SATA.

For the moment can't figure what offset 59 means.

Now who decide what is drive number?
Option ROM see numbers of HDD and decide what drive is?
Or BIOS depending on chosen boot order tell to option ROM number of their HDD?

Maybe Dell BIOS load option ROM but doesn't pass required data so option ROM doesn't get a number for their drive and as result neither number of HDD in bios data area is not increased by option rom?

Is there any way to check if bios make a right initialization of Option ROM?
find
quote


Forum Jump:


Users browsing this thread: 3 Guest(s)