Booting Windows using coreboot
This project was accepted for the Google Summer Of Code 2007 and its main goal is to figure out how to boot Windows Vista/XP/2003. There is not a chosen approach to achieve that. Having a dedicated coreboot loader is the most desired solution but since some success has been reported using ADLO, it has been chosen in this phase of understanding better the problem.
Instead of a real hardware, QEMU emulator will be used since it is easily available for anyone who wishes to contribute.
I intend to describe in detailed all the steps taken up to now and some of the problems faced. My first goal is to repeat the stages to boot windows 2000 described in the paper entitled Flexibility in ROM: A Stackable Open Source BIOS. After that, we will focus on windows XP and Vista that require a more complicated support.
The following software packages are needed:
plus a working development environment (make, gcc, etc.). gcc verions 4.0.x and 4.1.x work fine except for QEMU, which requires gcc 3.x.
In order to build QEMU from source gcc 3.x. is required. If you use a different version of gcc, take a look at the following section.
Building gcc 3.x
$ wget ftp://ftp.mirrorservice.org/sites/sources.redhat.com/pub/gcc/releases/gcc-3.4.6/gcc-3.4.6.tar.gz $ tar zxvf gcc-3.4.6.tar.gz $ cd gcc-3.4.6/ $ ./configure --prefix=/opt/gcc34 $ make bootstrap $ make install (as root)
Download QEMU source code (I used qemu-0.9.0.tar.gz) and extract it.
$ tar -xzvf qemu-0.9.0.tar.gz $ cd qemu-0.9.0/
Configure and make QEMU (use the --cc option if your default gcc is newer than version 3.4):
If you need some bios debug messages from qemu add --extra-cflags="-DDEBUG_BIOS" to the configuration line below. Since coreboot already outputs debug messages without this option, turning it on will mess Qemu output error messages. It is useful for some situations though.
Download these two patches and save them in the QEMU source directory:
Apply the patches and configure QEMU using the following:
$ patch -p1 < qemu-isa-bios-ram.patch $ patch -p1 < qemu-piix-ram-size.patch $ ./configure --cc=/opt/gcc34/bin/gcc --target-list=i386-softmmu && make $ make install
The QEMU binary is stored in the i386-softmmu directory.
Building ADLO payload (coreboot v2)
IMPORTANT: This step is necessary only if using coreboot v2. If using coreboot v2 go to section Building coreboot v3
First, download ADLO's source code.
APPLY PATCH SENT TO COREBOOT MAILING LIST!
Download and install as86:
$ tar xzvf as86-0.16.17.tar.gz $ cd as86-0.16.17/ $ make $ make install
Go to coreboot v2 directory:
$ cd coreboot-v2 $ patch -p1 < xpboot.diff $ cd util/ADLO $ make
After running make, a file named payload will be generated.
Building coreboot v2
Now it is time to build coreboot.
$ cd coreboot-v2/targets/emulation/qemu-i386
You should edit the Config.lb file, where it says payload put the path of the file generated by ADLO. It should look like this:
- payload path/to/adlo/payload
Return to targets directory and execute:
$ ./buildtarget emulation/qemu-i386
Go to targets/emulation/qemu-i386/qemu-i386 and execute:
This creates the coreboot image (qemu-bios.rom). Copy this file to a specific folder and rename it to bios.bin.
Building coreboot v3
Now it is time to build coreboot v3. You should first download it:
$ svn co svn://coreboot.org/repository/coreboot-v3 $ cd coreboot-v3/util $ svn co svn://coreboot.org/repos/trunk/coreboot-v2/util/ADLO $ Apply patch that puts ADLO into coreboot-v3 $ make menuconfig
There are few options that should be enabled:
Mainboard->Mainboard vendor->Emulated Systems Mainboard->Mainboard model->QEMU x86 Payload->An ADLO payload file
Exit and when asked to generate a config file say yes. After, execute:
This creates a coreboot image named /build/bios.bin. Copy this file to a specific folder. I will call this folder 'coreboot_bios/'
Creating an Appropriate Disk Image
There are few options to create an image, I chose to use the qemu-img tool. Create an image no smaller than 1.2GB to avoid any kind of problems during windows installation. The qcow format is very appropriate because will only take up as much space as is really needed. Since I wanted to install a small version of linux, I created an image of 2GB.
$ qemu-img create -f qcow /path/to/win.cow 2000M
Insert the installation CD, and install Windows 2000/XP in the QEMU image. During the installation process you can choose whether ACPI support is desired. This is done pressing F7 or F5 during the screen with the message "press F6 if you need to install a SCSI or RAID controller" on the bottom. F7 lets windows choose the most appropriate option. F5 shows all the available options so the user can choose. I have successfully tested a win2k and a winXP images with and without ACPI support on.
Windows seems to be very sensitive to BIOS changes. I got the following error when installing windows with QEMU default BIOS and later trying to run it using coreboot: *** STOP: 0x0000007B (0xF781B84C,0xC0000034,0x00000000,0x00000000) INACCESSIBLE_BOOT_DEVICE .
So, the BIOS used during windows installation should be the same as the one that will be used to run windows.
Before executing the next command, copy a file named vgabios-cirrus.bin to the same folder where the bios.bin file is, in my case, coreboot_bios/. This file can be found in the qemu directory at qemu-0.9.0/pc-bios. Then run:
$ qemu -L path/to/coreboot_bios/ -hda /path/to/win.cow -boot d -cdrom /dev/cdrom -m 384 -localtime
The -L option allows us to inform the path for BIOS, VGA BIOS. This step takes a lot longer than installing windows on a Hard Disk.
Just execute this:
$ qemu -L path/to/coreboot_bios/ -hda win.cow
I get the following errors due to interrupt calls:
int13_harddisk: function 41, unmapped device for ELDL=81 int13_harddisk: function 08, unmapped device for ELDL=81 *** int 15h function AX=00C0, BX=0000 not yet supported! *** int 15h function AX=5300, BX=0000 not yet supported!
int13 function 41 -> (with BX = 55AAh) is a check for the "Installation of the INT 13 BIOS Extensions" in Memory. int13 function 08 -> Get Drive Parameters
Even though some keyboard error messages are displayed, the keyboard works correctly with coreboot v3 (It has a wrong behavior with coreboot v2):
KBD: int09h_handler(): unknown scancode read: 0x72! KBD: int09h_handler(): unknown scancode read: 0x75! KBD: int09h_handler(): unknown scancode read: 0x74!
Just wait the boot process and ... enjoy it!!
Debugging using GDB
Recompile qemu with this patch in order to disable timer interrupts.
qemu-0.9.0$ patch -p0 <../qemu-20061108-debug-on-linux.patch qemu-0.9.0$ ./configure --cc=/opt/gcc34/bin/gcc --target-list=i386-softmmu && make qemu-0.9.0/i386-softmmu$ gdb qemu (gdb) set args -L path/to/coreboot_bios/ -hda path/to/win2k.cow (gdb) break main (gdb) run
Now that we are able to boot windows 2000 and XP, we will work hard on getting windows Vista soon.
|| This file is licensed under the Creative Commons Attribution ShareAlike 3.0 License.|
In short: you are free to share and make derivative works of the file under the conditions that you appropriately attribute it, and that you distribute it only under a license identical to this one.