AMI-Aptio-BIOS-Reversed/SetupConfigUpdateDxeNeonCityEPRP/ANALYSIS.txt at 044d619a3711096220a1d7168f6add97af67afa0

Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / SetupConfigUpdateDxeNeonCityEPRP / ANALYSIS.txt
Ajax Dong 2 days ago 5 KB Init
Raw Blame History
SetupConfigUpdateDxeNeonCityEPRP - Analysis Report
===================================================

Overview
--------
Module:  SetupConfigUpdateDxeNeonCityEPRP.efi
Index:   0346
Size:    0xCA0 (3,232 bytes)
Arch:    x64
PE File: 0346_SetupConfigUpdateDxeNeonCityEPRP_1ddfaad02ed6
MD5:     9c9ec2d053407160c5dbde0889a35f04
SHA256:  1ddfaad02ed63bd762e88880fda2275f1f5d589fc4bfc49a9ed94739a16f0ed9
Type:    UEFI DXE Driver

Summary
-------
This is a small UEFI DXE driver (~3.2 KB, 8 functions) that provides the
SetupConfig update registration mechanism for the NeonCity EPRP platform.
It is a platform-specific driver that hooks into the generic SetupConfig
protocol to receive notifications when setup configuration changes occur.

Function Map
------------
Address  Size  Original Name      Renamed Name         Description
0x390    250   _ModuleEntryPoint  ModuleEntryPoint     Main entry point
0x48C    11    sub_48C            EfiGetLastErrorCode  Returns EFI_ALREADY_STARTED
0x498    127   sub_498            GetDebugProtocol     Singleton debug protocol locator
0x518    136   sub_518            DebugPrint           CMOS-filtered debug output
0x5A0    62    sub_5A0            DebugAssert          Debug assertion handler
0x5E0    214   sub_5E0            GetHobList           HOB list discovery
0x6B8    110   sub_6B8            GuidCompare          16-byte GUID comparison
0x728    47    sub_728            ReadUnalignedQword   Unaligned memory read

Segments
--------
Segment   Start   End     Size    Perms
HEADER    0x000   0x2C0   0x2C0   ---
.text     0x2C0   0x760   0x4A0   rx
.rdata    0x760   0xB40   0x3E0   r
.data     0xB40   0xBE0   0xA0    rw
seg004    0xBE0   0xC40   0x60    r
.xdata    0xC40   0xC80   0x40    r
.reloc    0xC80   0xCA0   0x20    r
GAP       0xCA0   0x1000  0x360   rw

Global Data (renamed)
---------------------
Address  Name                        Size  Description
0xB40    gDebugProtocolGuid           16   GUID for the debug protocol
0xB50    gSetupConfigProtocolGuid     16   GUID for the SetupConfig protocol
0xB60    gTargetHobGuid_lo            16   Lower half of HOB GUID for matching
0xB68    gTargetHobGuid_hi            16   Upper half of HOB GUID for matching
0xB70    gSetupConfigNotifyGuid       16   GUID for SetupConfig notification
0xB80    gSetupConfigRegistration     24   Registration context (24 bytes)
0xBA0    BootServices                  8   Cached gBS pointer
0xBA8    ImageHandle                   8   Cached image handle
0xBB0    RuntimeServices               8   Cached gRT pointer
0xBB8    gDebugProtocolInterface       8   Cached debug protocol pointer
0xBC0    gHobList                      8   Cached HOB list pointer
0xBC8    gCmosDebugLevel               1   Cached CMOS debug level
0xB98    SystemTable                   8   Cached gST pointer

Key Strings
-----------
0x760  \nASSERT_EFI_ERROR (Status = %r)\n
0x788  !EFI_ERROR (Status)
0x7A0  UBA:SETUPConfigUpdate-TypeNeonCityEPRP\n
0x7C8  gImageHandle != ((void *) 0)
0x840  gST != ((void *) 0)
0x858  gBS != ((void *) 0)
0x870  gRT != ((void *) 0)
0x8E0  Buffer != ((void *) 0)
0x920  mHobList != ((void *) 0)
0x7F0  e:\hs\MdePkg\Library\UefiBootServicesTableLib\UefiBootServicesTableLib.c
0x890  e:\hs\MdePkg\Library\UefiRuntimeServicesTableLib\UefiRuntimeServicesTableLib.c
0x8F8  e:\hs\MdePkg\Library\DxeHobLib\HobLib.c
0x940  e:\hs\MdePkg\Library\BaseLib\Unaligned.c

Call Graph
----------
ModuleEntryPoint (0x390)
  +---> DebugAssert (0x5A0) --via--> GetDebugProtocol (0x498)
  +---> GetHobList (0x5E0)
  |       +---> GuidCompare (0x6B8)
  |       |       +---> ReadUnalignedQword (0x728)  (called 4x)
  |       |       +---> DebugAssert (0x5A0)
  |       +---> DebugPrint (0x518)
  |       |       +---> GetDebugProtocol (0x498)
  |       +---> DebugAssert (0x5A0)
  +---> DebugPrint (0x518)
          +---> GetDebugProtocol (0x498)

Analysis Notes
--------------
1. CMOS Debug Level Control: DebugPrint reads the CMOS diagnostic
   register (0x4B) via RTC ports 0x70/0x71 to determine the platform's
   configured debug verbosity level. Level 1 shows errors only; higher
   levels show progressively more debug output.

2. Hardware Strapping: When CMOS debug level is 0, the driver falls
   back to reading a hardware strap/pin configuration from memory-mapped
   I/O at 0xFDAF0490 (bit 1) to determine the debug level.

3. HOB GUID Matching: GetHobList iterates through the UEFI HOB
   (Hand-off Block) list looking for a specific HOB by GUID. The GUID
   is stored split across gTargetHobGuid_lo and gTargetHobGuid_hi
   for comparison purposes.

4. Protocol Registration: ModuleEntryPoint locates the SetupConfig
   protocol via gBS->LocateProtocol and then calls a registration
   function at offset +16 in the protocol interface to register for
   configuration update notifications. The registration includes a
   24-byte context block.

5. The driver name contains "NeonCityEPRP" which identifies it as a
   platform-specific DXE driver for the NeonCity platform's EPRP
   (Enhanced Platform Reliability Profile) configuration. The "UBA:"
   prefix on the debug string indicates usage of AMI's UBA (Universal
   BIOS Architecture) framework.