Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / SetupConfigUpdateDxeLightningRidgeEXECB1 / SetupConfigUpdateDxeLightningRidgeEXECB1.md
@Ajax Dong Ajax Dong 2 days ago 6 KB Init
Raw Blame History

SetupConfigUpdateDxeLightningRidgeEXECB1

Function Table

Address Name Description
ReadUnaligned64
CompareGuidUnaligned
GetEfiInvalidParameterStatus
UBADebugPrint
CheckBoardTypeAndLog
SetupConfigUpdateEntryPoint
x86 I/O Port Access Intrinsics
Global Variables (.data section, 0xB98 - 0xBC8)
Static Data (.data section, 0xB40 - 0xB97)
ASSERT if Buffer is NULL (BaseLib Unaligned.c:192)
if (Buffer == NULL) {
Original source: e:\hs\MdePkg\Library\BaseLib\Unaligned.c, line 192
UBADebugPrint (
x64 supports unaligned loads natively; the compiler emits
a simple MOV instruction for this dereference.
return (volatile UINT64 )Buffer;
Read first 8 bytes of each GUID
UINT64 GuidFirstHalf = ReadUnaligned64 (Guid1);
Read second 8 bytes of each GUID (offset +8 from base)
UINT64 GuidSecondHalf = ReadUnaligned64 ((CONST UINT8 *)Guid1 + 8);
Both halves must match
return (GuidFirstHalf == EntryFirstHalf) && (GuidSecondHalf == EntrySecondHalf);
Return cached pointer if already located
if (gUBASetupConfigProtocol != NULL) {
TPL safety probe: raise to 31 (above TPL_NOTIFY=16), then restore.
The returned old TPL tells us if we are at a safe calling level.
OriginalTpl = gBootServices->RaiseTPL (31);
Only call LocateProtocol if original TPL was <= 16 (TPL_APPLICATION
or TPL_CALLBACK). Skip if already at or above TPL_NOTIFY to avoid
potential re-entrancy issues.
if (OriginalTpl <= 16) {
Status = gBootServices->LocateProtocol (
No registration key
Check for error (EFI_ERROR macro: test bit 63)
if (Status >> 63) {
The debug print function is at offset +8 (function [1]) in the
UBA protocol interface. It takes 3 arguments after the This pointer.
On x64 (Microsoft calling convention):
RCX = Protocol (This pointer)
RDX = FileName
R8 = LineNumber
R9 = Expression
return (*(UINT64 (EFIAPI )(VOID , UINT64, UINT64, UINT64))((UINT8 )Protocol + 8))(**
Get the UBA protocol for potential debug output
Protocol = GetUBASetupConfigProtocol ();
Read CMOS register 0x4B (board index).
Port 0x70 = CMOS index register (bit 7 = NMI enable)
Port 0x71 = CMOS data register
Access CMOS/RTC indexed register 0x4B via x86 I/O ports:
Port 0x70 = CMOS index register (bit 7 = NMI mask, preserve it)
CmosIndex = IoRead8 (CMOS_INDEX_PORT); // Read current CMOS index (preserve NMI)
Select reg 0x4B
Read board index value
Cache the board type
gBoardType = BoardIndex;
Handle unprogrammed CMOS register (value 0 when register > 3):
Fall back to MMIO-based board detection.
if (BoardIndex > 3 && BoardIndex == 0) {
Read MMIO register at 0xFDAF0490 (platform-specific strapping/GPIO register)
Bit 1 selects board variant:
Bit 1 = 0: variant maps to EXECB1
Bit 1 = 1: variant maps to EXECB2/other
BoardIndex *= ((volatile UINT8 *)BOARD_DETECT_MMIO_ADDR & 2) 1;**
Set debug filter mask based on board type:
EXECB1 **(1): mask = 0x80000004 (bit 31 bit 2)**
Both masks have bit 31 set, which means DebugLevel values with
bit 31 set (like the 0x80000000 passed from _ModuleEntryPoint)
will always pass the filter.
if (BoardIndex == BOARD_TYPE_LR_EXECB1) {
If filter mask and debug level overlap, call protocol debug function
if ((FilterMask & DebugLevel) != 0) {
Call protocol function at offset +8 (debug print)
Return cached pointer if already found
if (gHobList != NULL) {
Initialize to NULL; set only on successful match
gHobList = NULL;
Read NumberOfTableEntries and ConfigurationTable from SystemTable
NumEntries = (UINTN )((UINT8 *)gSystemTable + 0x68);
Walk the ConfigurationTable array looking for gEfiHobListGuid
for (Index = 0; Index < NumEntries; Index++) {
Compare GUID at current entry against mHobListGuid
if (CompareGuidUnaligned (
Match found: the interface pointer is at entry offset +16
gHobList = *(VOID )&ConfigTable[Index * 24 + 16];**
GUID not found in ConfigurationTable: ASSERT path
If gHobList is still NULL after the search, log another assertion
if (gHobList == NULL) {
Step 1: Save ImageHandle and SystemTable to module globals
gImageHandle = ImageHandle;
Step 2: Cache BootServices from SystemTable (offset +0x60 = +96)
gBootServices = SystemTable->BootServices;
Step 3: Cache RuntimeServices from SystemTable (offset +0x58 = +88)
gRuntimeServices = SystemTable->RuntimeServices;
Step 4: Initialize HOB List (find gEfiHobListGuid in ConfigTable)
GetHobListFromConfigTable ();
Step 5: Log the platform identification string
This call also triggers the CMOS board type detection and caches
the board index in gBoardType.
Step 6: Locate the UBA SetupConfig protocol
Uses the second copy of UBA_SETUP_CONFIG_PROTOCOL_GUID at 0xB50.
This is the same GUID as the first copy at 0xB40 (used by
Step 7: Register platform configuration via protocol
If LocateProtocol succeeded (no error bit set), call the protocol's
RegisterConfig function at offset +16 (function index 2).
RegisterConfig signature:
EFI_STATUS ()(VOID This
EFI_GUID *ConfigGuid platform identifier GUID
VOID *ConfigData PSET configuration block
UINTN ConfigSize) 24 bytes = sizeof(PSET)
Note on GUID usage:
registration KEY/IDENTIFIER, NOT as a protocol GUID for LocateProtocol.
It tells the UBA framework which platform this configuration applies to.
if (!(Status >> 63)) {
Success path: call RegisterConfig at protocol +16
return (*(EFI_STATUS (EFIAPI )(VOID , CONST GUID , VOID , UINTN))(*
Error path: return the status from LocateProtocol
return Status;

Generated by HR650X BIOS Decompilation Project