Flat32SearchForBfvBase
该函数负责找到Boot Firmware Volume的起始地址。对于OVMF平台来说BFV就是SECFV
方法是:由高地址到低地址,每4K遍历。即从FFFF_F000开始第一个4K遍历(FFFF_F000 ~ FFFF_FFFF),每次用前16字节和FFS2(OVMF默认使用的是mEfiFirmwareFileSystem2Guid)的GUID对比。成功,则找到BFV。否则,再从下一个4K(FFFF_E000 ~ FFFF_EFFF)对比查找,直到找到为止。
;#define EFI_FIRMWARE_FILE_SYSTEM2_GUID \
; { 0x8c8ce578, 0x8a3d, 0x4f1c, { 0x99, 0x35, 0x89, 0x61, 0x85, 0xc3, 0x2d, 0xd3 } }
%define FFS2_GUID_DWORD0 0x8c8ce578
%define FFS2_GUID_DWORD1 0x4f1c8a3d
%define FFS2_GUID_DWORD2 0x61893599
%define FFS2_GUID_DWORD3 0xd32dc385
;#define EFI_FIRMWARE_FILE_SYSTEM3_GUID \
; { 0x8c8ce578, 0x3dcb, 0x4dca, { 0xbd, 0x6f, 0x1e, 0x96, 0x89, 0xe7, 0x34, 0x9a } }
%define FFS3_GUID_DWORD0 0x5473c07a
%define FFS3_GUID_DWORD1 0x4dca3dcb
%define FFS3_GUID_DWORD2 0x961e6fbd
%define FFS3_GUID_DWORD3 0x9a34e789
BITS 32
;
; Modified: EAX, EBX
; Preserved: EDI, ESP
;
; @param[out] EBP Address of Boot Firmware Volume (BFV)
;
Flat32SearchForBfvBase:
xor eax, eax
searchingForBfvHeaderLoop:
;
; We check for a firmware volume at every 4KB address in the top 16MB
; just below 4GB. (Addresses at 0xffHHH000 where H is any hex digit.)
;
sub eax, 0x1000
cmp eax, 0xff000000
jb searchedForBfvHeaderButNotFound
;
; Check FFS3 GUID
;
cmp dword [eax + 0x10], FFS3_GUID_DWORD0
jne searchingForFfs2Guid
cmp dword [eax + 0x14], FFS3_GUID_DWORD1
jne searchingForFfs2Guid
cmp dword [eax + 0x18], FFS3_GUID_DWORD2
jne searchingForFfs2Guid
cmp dword [eax + 0x1c], FFS3_GUID_DWORD3
jne searchingForFfs2Guid
jmp checkingFvLength
searchingForFfs2Guid:
;
; Check FFS2 GUID
;
cmp dword [eax + 0x10], FFS2_GUID_DWORD0
jne searchingForBfvHeaderLoop
cmp dword [eax + 0x14], FFS2_GUID_DWORD1
jne searchingForBfvHeaderLoop
cmp dword [eax + 0x18], FFS2_GUID_DWORD2
jne searchingForBfvHeaderLoop
cmp dword [eax + 0x1c], FFS2_GUID_DWORD3
jne searchingForBfvHeaderLoop
checkingFvLength:
;
; Check FV Length
;
cmp dword [eax + 0x24], 0
jne searchingForBfvHeaderLoop
mov ebx, eax
add ebx, dword [eax + 0x20]
jnz searchingForBfvHeaderLoop
jmp searchedForBfvHeaderAndItWasFound
searchedForBfvHeaderButNotFound:
;
; Hang if the SEC entry point was not found
;
debugShowPostCode POSTCODE_BFV_NOT_FOUND
;
; 0xbfbfbfbf in the EAX & EBP registers helps signal what failed
; for debugging purposes.
;
mov eax, 0xBFBFBFBF
mov ebp, eax
jmp $
searchedForBfvHeaderAndItWasFound:
mov ebp, eax
debugShowPostCode POSTCODE_BFV_FOUND
OneTimeCallRet Flat32SearchForBfvBase
xor eax, eax
将eax清零。xor为异或操作指令。用于清空寄存器的值。
sub eax, 0x1000
sub是减法指令,对两个操作数做减法运算。
eax是32位寄存器,第一次遍历的话,计算的结果就是eax = 0xFFFFF000
eax = eax - 0x1000
= 0x0 - 0x1000
= 0xFFFFF000
cmp eax, 0xff000000
cmp eax, 0xff000000
jb searchedForBfvHeaderButNotFound
cmp用于比较两个操作数大小
与0xff000000做比较,如果eax比0xff000000小,就直接直接跳转到searchedForBfvHeaderButNotFound,说明从FFFF_000遍历到FF00_0000一共16M都没有找到BFV。表明此函数最大也就支持遍历16M的Firmware。
Check FFS2 GUID
根据FV header结构寻找BFV的起始地址。
eax + 0x10之所以从offset 0x10的位置开始,是因为前面0x10是ZeroVector,[FV file](# 补充:FV file)会详细介绍FV header的格式。
searchingForFfs2Guid:
;
; Check FFS2 GUID
;
cmp dword [eax + 0x10], FFS2_GUID_DWORD0
jne searchingForBfvHeaderLoop
cmp dword [eax + 0x14], FFS2_GUID_DWORD1
jne searchingForBfvHeaderLoop
cmp dword [eax + 0x18], FFS2_GUID_DWORD2
jne searchingForBfvHeaderLoop
cmp dword [eax + 0x1c], FFS2_GUID_DWORD3
jne searchingForBfvHeaderLoop
Check FV Length
如果找到了FV,检查找到的FV是否合法。
cmp dword [eax + 0x24], 0
cmp dword [eax + 0x24], 0
jne searchingForBfvHeaderLoop
FV header的offset 0x24存放的是FV大小的高32位
确保FV的大小,小于4G,如果FvLength的高32不为0,意味着这不是FV。需要继续往下遍历。
add ebx, dword [eax + 0x20]
mov ebx, eax
add ebx, dword [eax + 0x20]
jnz searchingForBfvHeaderLoop
扫一扫
185
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
