Hello everybody.
I'm having problems trying to start up a new Pentium-based CPU. It has 8 MB of RAM (lowest addresses) and 8 MB of FLASH memory (highest addresses).
I can load programs with a PC via JTAG into the FLASH (4 chips of 1Mx16, arranged as 1 Mibi of 64-bit words), and I can control the CPU with a Microtek JTAG-ICE (with no trace memory).
I can start the programs, step by step or with a 'go forever' command, and all my real-mode programs work as expected. But when I try to load the GDT before switching to protected mode, the program seems to jump to a random address, where it sometimes stops (perhaps after executing a break instruction) and sometimes not (in which cause I can stop the ICE, and CS:EIP is pointing to a random address, anyway)
I tried to stop the program with a HLT instruction after the LGDT instruction, to no avail.
This is the reset vector, as disassembled by the ICE:
dasm cs:fff0 cs:fff1 // CS:FFF0 FA CLI // CS:FFF1 E90CF8 JMP F800
This is the code from the first jump target. Remeber, I can execute the code just up to (and excluding) CS:F810.
dasm cs:f800 // CS:F800 FA CLI // CS:F801 B001 MOV AL,01 // CS:F803 B200 MOV DL,00 // CS:F805 B602 MOV DH,02 // CS:F807 EE OUT DX,AL // CS:F808 67668D1D4BF8 LEA EBX,[FFFFF84B] // CS:F80E FFFF // CS:F810 67660F011588 LGDT [FFFFF888] // CS:F816 F8FFFF // CS:F819 F4 HLT // CS:F81A 90 NOP // CS:F81B 90 NOP
This the GDT length + linear address:
dump fffff888p // FFFFF888P 17 00 90 F8 FF FF
i.e., length = 0x17 +1 = 24 (3 entries), address = 0xFFFFF890
This is the GDT:
dump fffff890p fffff8a7p word // FFFFF890P 0000 0000 0000 0000 FFFF 0000 9A00 00CF // FFFFF8A0P FFFF 0000 9200 00CF
i.e.: selector 0 (0x00): null descriptor selector 1 (0x08): code, 32 GB, read-only selector 2 (0x10): data, 32 GB, read-write
These are the CPU registers before execution the LGDT instruction:
// EIP = 0x0000F810 // ESP = 0x00000000 // EBP = 0x00000000 // EAX = 0x00000001 // EBX = 0xFFFFF84B // ECX = 0x00000000 // EDX = 0x00000200 // ESI = 0x00000000 // EDI = 0x00000000 // EFLAGS = 0x00000002 // = ivfavrn0oditszapc // CS = 0xF000 // DS = 0x0000 // ES = 0x0000 // FS = 0x0000 // GS = 0x0000 // SS = 0x0000 // GDTBASE = 0x00000000 // GDTLIMIT = 0xFFFF // IDTBASE = 0x00000000 // IDTLIMIT = 0xFFFF // LDTR = 0x0000 // TR = 0x0000 // CR0 = 0x60000010 // CR2 = 0x00000000 // CR3 = 0x00000000 // CR4 = 0x00000008 // LDTBASE = 0x00000000 // LDTLIMIT = 0xFFFF // CSBASE = 0xFFFF0000 // DSBASE = 0x00000000 // ESBASE = 0x00000000 // FSBASE = 0x00000000 // GSBASE = 0x00000000 // SSBASE = 0x00000000 // CSLIMIT = 0x0000FFFF // DSLIMIT = 0x0000FFFF // ESLIMIT = 0x0000FFFF // FSLIMIT = 0x0000FFFF // GSLIMIT = 0x0000FFFF // SSLIMIT = 0x0000FFFF // CSAR = 0x00009300 // DSAR = 0x00009300 // ESAR = 0x00009300 // FSAR = 0x00009300 // GSAR = 0x00009300 // SSAR = 0x00009300 // GDTAR = 0x00008200 // IDTAR = 0x00008200 // LDTAR = 0x00008200 // TSSBASE = 0x00000000 // TSSLIMIT = 0x0000FFFF // TSSAR = 0x00008200
And these are the CPU register after the LGDT instruction + unknown instructions:
register // EIP = 0x00007D07 // ESP = 0x0000FFF3 // EBP = 0x00000000 // EAX = 0x00000001 // EBX = 0xFFFFA04B // ECX = 0x00005FBE // EDX = 0x000001FF // ESI = 0x00000000 // EDI = 0x00000000 // EFLAGS = 0x00000016 // = ivfavrn0oditszAPc // CS = 0x46BB // DS = 0x0000 // ES = 0x0000 // FS = 0x0000 // GS = 0x0000 // SS = 0x0000 // GDTBASE = 0x00000000 // GDTLIMIT = 0xFFFF // IDTBASE = 0x00000000 // IDTLIMIT = 0xFFFF // LDTR = 0x0000 // TR = 0x0000 // CR0 = 0x60000010 // CR2 = 0x00000000 // CR3 = 0x00000000 // CR4 = 0x00000008 // LDTBASE = 0x00000000 // LDTLIMIT = 0xFFFF // CSBASE = 0x00046BB0 // DSBASE = 0x00000000 // ESBASE = 0x00000000 // FSBASE = 0x00000000 // GSBASE = 0x00000000 // SSBASE = 0x00000000 // CSLIMIT = 0x0000FFFF // DSLIMIT = 0x0000FFFF // ESLIMIT = 0x0000FFFF // FSLIMIT = 0x0000FFFF // GSLIMIT = 0x0000FFFF // SSLIMIT = 0x0000FFFF // CSAR = 0x00009300 // DSAR = 0x00009300 // ESAR = 0x00009300 // FSAR = 0x00009300 // GSAR = 0x00009300 // SSAR = 0x00009300 // GDTAR = 0x00008200 // IDTAR = 0x00008200 // LDTAR = 0x00008200 // TSSBASE = 0x00000000 // TSSLIMIT = 0x0000FFFF // TSSAR = 0x00008200
Can anybody please throw some light ?
-- Ignacio G.T.