diff --git a/AmiModulePkg/GenericSio/SmmGenericSio/SmmGenericSio.md b/AmiModulePkg/GenericSio/SmmGenericSio/SmmGenericSio.md index a2b9d9c..00c7ff4 100644 --- a/AmiModulePkg/GenericSio/SmmGenericSio/SmmGenericSio.md +++ b/AmiModulePkg/GenericSio/SmmGenericSio/SmmGenericSio.md @@ -11,7 +11,7 @@ | Decomp Symbol | Recovered Name | |---------------|----------------| -| `sub_594` | `SmmGenericSioAutoGenConstructor` | +| `SmmGenericSioAutoGenConstructor` | `SmmGenericSioAutoGenConstructor` | | `sub_310` | `SmmGenericSioInitHook` | | `sub_1570` | `SmmGenericSioInitialize` | | `sub_18BC` | `SmmGenericSioAutoGenDestructor` | diff --git a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.c b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.c index 0dada19..f7a7f7c 100644 --- a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.c +++ b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.c @@ -39,7 +39,7 @@ VOID *gSmmCommunicateBuffer = NULL; // 0x1A00 // -// Raw decompiler symbol names kept as aliases to the recovered names. +// Raw decompiler symbol names kept as compatibility aliases for recovered names. // #define qword_1A08 gST #define qword_1A10 gBS @@ -70,26 +70,9 @@ // // Recovered function naming map: // _ModuleEntryPoint -- UEFI SMM entry point -// sub_44C -> LegacySmmSredirAutoGenInit -// sub_618 -> LegacySmmSredirDriverEntry -// sub_C58 -> LegacySmmSredirMainDispatch -// sub_9E8 -> LegacySmmSredirRegisterCommunicationServices -// sub_6CC -> LegacySmmSredirHandleCommunicate -// sub_93C -> LegacySmmSredirDisableCommunicateHandler -// sub_944 -> LegacySmmSredirRegisterProtocolNotification -// sub_9C0 -> LegacySmmSredirNotificationCallback -// sub_2A0 -> LegacySmmSredirSaveJumpContext -// sub_340 -> LegacySmmSredirRestoreJumpContext -// sub_D78 -> LegacySmmSredirValidateJumpContext -// sub_DC0 -> LegacySmmSredirLocateDebugLib -// sub_E10 -> LegacySmmSredirDebugPrint -// sub_E58 -> LegacySmmSredirDebugAssert -// sub_E98 -> LegacySmmSredirGetIoProtocol -// sub_F20 -> LegacySmmSredirGetDebugProtocol -// sub_1004 -> LegacySmmSredirFindRuntimeServices -// sub_1074 -> LegacySmmSredirComparePattern -// sub_10F0 -> LegacySmmSredirValidateBuffer -// sub_115C -> LegacySmmSredirDetectPlatform +// sub_44C -- compatibility alias for LegacySmmSredirAutoGenInit +// sub_618 -- compatibility alias for LegacySmmSredirDriverEntry +// sub_93C -- compatibility alias for LegacySmmSredirDisableCommunicateHandler // EFI_STATUS EFIAPI @@ -141,13 +124,30 @@ } VOID -sub_93C( - VOID +EFIAPI +LegacySmmSredirDisableCommunicateHandler( + IN EFI_HANDLE Protocol, + IN VOID *Context, + IN VOID *Registration ) { + (VOID)Protocol; + (VOID)Context; + (VOID)Registration; gCommunicateDisabled = 1; } +VOID +EFIAPI +sub_93C( + IN EFI_HANDLE Protocol, + IN VOID *Context, + IN VOID *Registration + ) +{ + LegacySmmSredirDisableCommunicateHandler(Protocol, Context, Registration); +} + EFI_STATUS EFIAPI _ModuleEntryPoint( @@ -155,8 +155,8 @@ EFI_SYSTEM_TABLE *SystemTable ) { - sub_44C(); - return sub_618(ImageHandle, SystemTable); + LegacySmmSredirAutoGenInit(); + return LegacySmmSredirDriverEntry(ImageHandle, SystemTable); } EFI_STATUS diff --git a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.h b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.h index f0b80fa..5deb34d 100644 --- a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.h +++ b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.h @@ -73,7 +73,7 @@ ); /// -/// sub_618 +/// LegacySmmSredirDriverEntry -- recovered driver entry routine /// EFI_STATUS EFIAPI @@ -192,6 +192,9 @@ VOID ); +/// +/// Decompiler compatibility aliases +/// EFI_STATUS EFIAPI sub_44C( VOID @@ -203,5 +206,12 @@ IN EFI_SYSTEM_TABLE *SystemTable ); +VOID EFIAPI +sub_93C( + IN EFI_HANDLE Protocol, + IN VOID *Context, + IN VOID *Registration +); + #endif /* __LEGACYSMMSREDIR_H__ */ diff --git a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.md b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.md index b6edec2..0d2f9e3 100644 --- a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.md +++ b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/LegacySmmSredir.md @@ -13,39 +13,39 @@ | Address | Name | Purpose | |---------|------|---------| | 0x420 | _ModuleEntryPoint / ModuleEntryPoint alias | Standard UEFI SMM driver entry; calls init then dispatch | -| 0x44C | LegacySmmSredirAutoGenInit (`sub_44C`) | AutoGen library init: saves ImageHandle, SystemTable, BootServices, RuntimeServices; locates SmmBase2 protocol and SMM buffer validation protocol | -| 0x618 | LegacySmmSredirDriverEntry (`sub_618`) | Driver main entry: checks if board supports legacy serial redirect (sub_2A0/setjmp), then dispatches to main logic (sub_C58) and cleans up | -| 0xC58 | LegacySmmSredirMainDispatch (`sub_C58`) | Primary dispatch: locates SmmBase2 protocol, opens SMM subsystem interface, initializes globals, calls sub_9E8 for registration | -| 0x9E8 | LegacySmmSredirRegisterCommunicationServices (`sub_9E8`) | Registration function: opens SMM Internal protocol, registers SMM communicate handler (sub_6CC) with EFI_SMM_COMMUNICATE_HEADER protocol, registers notification handlers and SW dispatch | -| 0x6CC | LegacySmmSredirHandleCommunicate (`sub_6CC`) | Core SMM communicate handler: receives structured commands (read/1, write/2, fill/3) targeting an I/O base; validates buffer via AmiBufferValidationLib; performs typed 8/16/32-bit indexed I/O access | -| 0x93C | LegacySmmSredirDisableCommunicateHandler (`sub_93C`) | Disable handler: sets byte_19F9 = 1 to globally disable the communicate handler | -| 0x944 | LegacySmmSredirRegisterProtocolNotification (`sub_944`) | Notification registration: registers sub_93C as a notification handler on two SMM protocol GUIDs | -| 0x9C0 | LegacySmmSredirNotificationCallback (`sub_9C0`) | Notification callback: captures the communicate buffer pointer and invokes SMM-appropriate completion callback | -| 0x2A0 | LegacySmmSredirSaveJumpContext (`sub_2A0`) | SetJump context save: saves all GPRs (rbx, rbp, rdi, rsi, r12-r15, return address), MXCSR, and XMM6-XMM15 into a 248-byte jump buffer | -| 0x340 | LegacySmmSredirRestoreJumpContext (`sub_340`) | LongJump context restore: restores MXCSR and jumps through saved return address | -| 0xD78 | LegacySmmSredirValidateJumpContext (`sub_D78`) | SetJump buffer validation: asserts non-null and 8-byte alignment | -| 0xDC0 | LegacySmmSredirLocateDebugLib (`sub_DC0`) | Locate DebugLib protocol lazily via gSmst | -| 0xE10 | LegacySmmSredirDebugPrint (`sub_E10`) | Debug print with level check: prints via DebugLib protocol if error level matches | -| 0xE58 | LegacySmmSredirDebugAssert (`sub_E58`) | Debug ASSERT message: ASSERT-style formatted output via DebugLib protocol | -| 0xE98 | LegacySmmSredirGetIoProtocol (`sub_E98`) | Locate SMM or DXE I/O protocol based on phase (byte_1A50) | -| 0xF20 | LegacySmmSredirGetDebugProtocol (`sub_F20`) | Locate DebugLib protocol for SMM or DXE phase based on byte_1A50 | -| 0x1004 | LegacySmmSredirFindRuntimeServices (`sub_1004`) | Find runtime services pointer: traverses SMM protocol database entries, filtering by sub_1074 match check | -| 0x1074 | LegacySmmSredirComparePattern (`sub_1074`) | Memory comparison against unk_19E0 pattern (memcmp variant with alignment handling) | -| 0x10F0 | LegacySmmSredirValidateBuffer (`sub_10F0`) | SMM buffer security validation wrapper: calls AmiBufferValidationLib to validate an address/size region | -| 0x115C | LegacySmmSredirDetectPlatform (`sub_115C`) | CMOS-based platform detection: reads CMOS offset 0x4C (RTC register 0x4C), checks for platform-specific serial redirection support; returns EFI_SUCCESS or EFI_UNSUPPORTED based on CMOS byte | +| 0x44C | LegacySmmSredirAutoGenInit | AutoGen library init: saves ImageHandle, SystemTable, BootServices, RuntimeServices; locates SmmBase2 protocol and SMM buffer validation protocol | +| 0x618 | LegacySmmSredirDriverEntry | Driver main entry: checks if board supports legacy serial redirect (LegacySmmSredirSaveJumpContext/setjmp), then dispatches to main logic (LegacySmmSredirMainDispatch) and cleans up | +| 0xC58 | LegacySmmSredirMainDispatch | Primary dispatch: locates SmmBase2 protocol, opens SMM subsystem interface, initializes globals, calls LegacySmmSredirRegisterCommunicationServices for registration | +| 0x9E8 | LegacySmmSredirRegisterCommunicationServices | Registration function: opens SMM Internal protocol, registers SMM communicate handler (LegacySmmSredirHandleCommunicate) with EFI_SMM_COMMUNICATE_HEADER protocol, registers notification handlers and SW dispatch | +| 0x6CC | LegacySmmSredirHandleCommunicate | Core SMM communicate handler: receives structured commands (read/1, write/2, fill/3) targeting an I/O base; validates buffer via AmiBufferValidationLib; performs typed 8/16/32-bit indexed I/O access | +| 0x93C | LegacySmmSredirDisableCommunicateHandler | Disable handler: sets byte_19F9 = 1 to globally disable the communicate handler | +| 0x944 | LegacySmmSredirRegisterProtocolNotification | Notification registration: registers LegacySmmSredirDisableCommunicateHandler as a notification handler on two SMM protocol GUIDs | +| 0x9C0 | LegacySmmSredirNotificationCallback | Notification callback: captures the communicate buffer pointer and invokes SMM-appropriate completion callback | +| 0x2A0 | LegacySmmSredirSaveJumpContext | SetJump context save: saves all GPRs (rbx, rbp, rdi, rsi, r12-r15, return address), MXCSR, and XMM6-XMM15 into a 248-byte jump buffer | +| 0x340 | LegacySmmSredirRestoreJumpContext | LongJump context restore: restores MXCSR and jumps through saved return address | +| 0xD78 | LegacySmmSredirValidateJumpContext | SetJump buffer validation: asserts non-null and 8-byte alignment | +| 0xDC0 | LegacySmmSredirLocateDebugLib | Locate DebugLib protocol lazily via gSmst | +| 0xE10 | LegacySmmSredirDebugPrint | Debug print with level check: prints via DebugLib protocol if error level matches | +| 0xE58 | LegacySmmSredirDebugAssert | Debug ASSERT message: ASSERT-style formatted output via DebugLib protocol | +| 0xE98 | LegacySmmSredirGetIoProtocol | Locate SMM or DXE I/O protocol based on phase (byte_1A50) | +| 0xF20 | LegacySmmSredirGetDebugProtocol | Locate DebugLib protocol for SMM or DXE phase based on byte_1A50 | +| 0x1004 | LegacySmmSredirFindRuntimeServices | Find runtime services pointer: traverses SMM protocol database entries, filtering by LegacySmmSredirComparePattern match check | +| 0x1074 | LegacySmmSredirComparePattern | Memory comparison against unk_19E0 pattern (memcmp variant with alignment handling) | +| 0x10F0 | LegacySmmSredirValidateBuffer | SMM buffer security validation wrapper: calls AmiBufferValidationLib to validate an address/size region | +| 0x115C | LegacySmmSredirDetectPlatform | CMOS-based platform detection: reads CMOS offset 0x4C (RTC register 0x4C), checks for platform-specific serial redirection support; returns EFI_SUCCESS or EFI_UNSUPPORTED based on CMOS byte | ## Entry Points (Public API) -- **0x420** `_ModuleEntryPoint`: The sole standard entry point called by the SMM driver framework. Calls sub_44C (library init) then sub_618 (driver entry). +- **0x420** `_ModuleEntryPoint`: The sole standard entry point called by the SMM driver framework. Calls LegacySmmSredirAutoGenInit (library init) then LegacySmmSredirDriverEntry (driver entry). ## Internal Call Flow 1. `_ModuleEntryPoint` (0x420) -2. `LegacySmmSredirAutoGenInit`/`sub_44C` (0x44C) -- saves UEFI handles, locates SmmBase2 and AmiBufferValidationLib protocols -3. `LegacySmmSredirDriverEntry`/`sub_618` (0x618) -- calls `LegacySmmSredirSaveJumpContext`/`sub_2A0` (setjmp) to check board support; dispatches to `LegacySmmSredirMainDispatch`/`sub_C58` -4. `LegacySmmSredirMainDispatch`/`sub_C58` (0xC58) -- locates SMM subsystem, initializes I/O protocol, calls `LegacySmmSredirRegisterCommunicationServices`/`sub_9E8` -5. `LegacySmmSredirRegisterCommunicationServices`/`sub_9E8` (0x9E8) -- registers `LegacySmmSredirHandleCommunicate`/`sub_6CC` as SMM communicate handler (65 = EFI_SMM_COMMUNICATE_HEADER) + notification callbacks -6. `LegacySmmSredirHandleCommunicate`/`sub_6CC` (0x6CC) -- the actual communicate handler servicing read/write/fill commands from the caller +2. `LegacySmmSredirAutoGenInit` (0x44C) -- saves UEFI handles, locates SmmBase2 and AmiBufferValidationLib protocols +3. `LegacySmmSredirDriverEntry` (0x618) -- calls `LegacySmmSredirSaveJumpContext` (setjmp) to check board support; dispatches to `LegacySmmSredirMainDispatch` +4. `LegacySmmSredirMainDispatch` (0xC58) -- locates SMM subsystem, initializes I/O protocol, calls `LegacySmmSredirRegisterCommunicationServices` +5. `LegacySmmSredirRegisterCommunicationServices` (0x9E8) -- registers `LegacySmmSredirHandleCommunicate` as SMM communicate handler (65 = EFI_SMM_COMMUNICATE_HEADER) + notification callbacks +6. `LegacySmmSredirHandleCommunicate` (0x6CC) -- the actual communicate handler servicing read/write/fill commands from the caller ## State Management @@ -76,14 +76,15 @@ | 0x1BA0 | qword_1BA0 | SmmCommunication protocol (resolved from gSmst) | | 0x19F0 | qword_19F0 | SMM Communicate protocol interface | | 0x19F8 | byte_19F8 | Data width field (1/2/4 bytes) | -| 0x19F9 | byte_19F9 | Disable flag (set by sub_93C) | -| 0x1A00 | qword_1A00 | Communicate buffer pointer (set by sub_9C0) | +| 0x19F9 | byte_19F9 | Disable flag (set by LegacySmmSredirDisableCommunicateHandler) | +| 0x1A00 | qword_1A00 | Communicate buffer pointer (set by LegacySmmSredirNotificationCallback) | ## Recovered Naming Notes - `qword_*`/`byte_*` entries in this table are documented with recovered semantic names in `LegacySmmSredir.c/.h`: `gST`, `gBS`, `gImageHandle`, `gRT`, `gSmst`, `gSmmMode`, `gSmmIoProtocol`, `gDataWidth`, `gCommunicateDisabled`, `gSmmCommunicateBuffer`, etc. +- Decompiler aliases are preserved for compatibility as linker symbols: `LegacySmmSredirAutoGenInit`/`sub_44C`, `LegacySmmSredirDriverEntry`/`sub_618`, and `LegacySmmSredirDisableCommunicateHandler`/`sub_93C`. ## Module/file split notes @@ -92,11 +93,11 @@ ## Data Structures -- **Jump Buffer** at struct pointed to by sub_2A0 (0x2A0): 248 bytes = 8 GPRs (0x00-0x3F), return addr (0x40-0x47), call-thunk ptr (0x48), MXCSR (0x50), 10 XMM regs (0x58-0xE8) +- **Jump Buffer** at struct pointed to by LegacySmmSredirSaveJumpContext (0x2A0): 248 bytes = 8 GPRs (0x00-0x3F), return addr (0x40-0x47), call-thunk ptr (0x48), MXCSR (0x50), 10 XMM regs (0x58-0xE8) - **SMM Communicate Buffer**: structured with command byte at +0 (1=read, 2=write, 3=fill), index at +2, data at +3, count at +4 (for fill), pointer at +5 (for fill source) - **CMOS Register 0x4C**: byte at CMOS I/O ports 0x70/0x71; bit 0 determines legacy serial redirect support -## Command Protocol (sub_6CC handler) +## Command Protocol (LegacySmmSredirHandleCommunicate handler) The communicate handler at 0x6CC decodes commands from the buffer: diff --git a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/README.md b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/README.md index f160383..ee89114 100644 --- a/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/README.md +++ b/AmiModulePkg/LegacySerialRedirection/LegacySmmSredir/README.md @@ -12,16 +12,17 @@ ## Key Functions - **_ModuleEntryPoint / ModuleEntryPoint** (0x420) -- Standard SMM entry; calls init then dispatch -- **LegacySmmSredirAutoGenInit** (`sub_44C`) (0x44C) -- AutoGen library init; locates SmmBase2 and AmiBufferValidationLib -- **LegacySmmSredirDriverEntry** (`sub_618`) (0x618) -- Main entry; checks board support via CMOS, dispatches to main logic -- **LegacySmmSredirMainDispatch** (`sub_C58`) (0xC58) -- Primary dispatch; opens SMM subsystem, initializes globals -- **LegacySmmSredirRegisterCommunicationServices** (`sub_9E8`) (0x9E8) -- Registers communicate handler, SW dispatch, and notification callbacks -- **LegacySmmSredirHandleCommunicate** (`sub_6CC`) (0x6CC) -- Core handler: decodes read(1)/write(2)/fill(3) commands with width support -- **LegacySmmSredirDetectPlatform** (`sub_115C`) (0x115C) -- CMOS 0x4C platform detection +- **LegacySmmSredirAutoGenInit** (0x44C) -- AutoGen library init; locates SmmBase2 and AmiBufferValidationLib +- **LegacySmmSredirDriverEntry** (0x618) -- Main entry; checks board support via CMOS, dispatches to main logic +- **LegacySmmSredirMainDispatch** (0xC58) -- Primary dispatch; opens SMM subsystem, initializes globals +- **LegacySmmSredirRegisterCommunicationServices** (0x9E8) -- Registers communicate handler, SW dispatch, and notification callbacks +- **LegacySmmSredirHandleCommunicate** (0x6CC) -- Core handler: decodes read(1)/write(2)/fill(3) commands with width support +- **LegacySmmSredirDetectPlatform** (0x115C) -- CMOS 0x4C platform detection ## Recovered Name Mapping (current) - `ModuleEntryPoint` is kept as a compatibility alias to `_ModuleEntryPoint`. +- Legacy decompiler aliases are kept for symbol compatibility: `LegacySmmSredirAutoGenInit` (`sub_44C`), `LegacySmmSredirDriverEntry` (`sub_618`), and `LegacySmmSredirDisableCommunicateHandler` (`sub_93C`). - `qword_*` and `byte_*` symbols in the decomp notes are now mapped to recovered names in `LegacySmmSredir.c/h` (`gST`, `gBS`, `gSmst`, `gSmmMode`, ...). ## Module/file split notes diff --git a/AmiModulePkg/RuntimeSmm/RuntimeSmm/README.md b/AmiModulePkg/RuntimeSmm/RuntimeSmm/README.md index d995d1a..6c61e55 100644 --- a/AmiModulePkg/RuntimeSmm/RuntimeSmm/README.md +++ b/AmiModulePkg/RuntimeSmm/RuntimeSmm/README.md @@ -15,12 +15,12 @@ ## Key Functions - **_ModuleEntryPoint** -- recovered module entry symbol (maps to SMM entry) - **ModuleEntryPoint** -- local compatibility wrapper preserved in source for symbol continuity -- **RuntimeSmmCacheSystemServices** (`sub_44C`) -- Initializes gImageHandle, gST, gBS, gRT, locates SmmBase2, retrieves gSmst -- **RuntimeSmmInitJumpState** (`sub_58C`) -- Main dispatch: SetJump error recovery, calls `RuntimeSmmInitialize` (`sub_768`) init, cleans up with LongJump -- **RuntimeSmmInitialize** (`sub_768`) -- Driver init: caches system tables, locates SMM Runtime Services Table protocol, calls its callback, installs protocol handlers -- **RuntimeSmmSetJump / RuntimeSmmLongJump** (`sub_300`/`sub_3A0`) -- SetJump/LongJump: saves/restores GP registers, XMM registers, MXCSR into 248-byte buffer -- **RuntimeSmmRegisterProtocolNotifyTable** (`sub_64C`) -- Allocates buffer with protocol GUID data, registers via SmmRegisterProtocolNotify -- **RuntimeSmmRegisterRuntimeServices / RuntimeSmmRegisterStatusCodeProtocol** (`sub_9F8`/`sub_A80`) -- Protocol registration for Runtime Services and Status Code in both SMM and boot modes +- **RuntimeSmmCacheSystemServices** (0x44C) -- Initializes gImageHandle, gST, gBS, gRT, locates SmmBase2, retrieves gSmst +- **RuntimeSmmInitJumpState** (0x58C) -- Main dispatch: SetJump error recovery, calls `RuntimeSmmInitialize` (0x768) init, cleans up with LongJump +- **RuntimeSmmInitialize** (0x768) -- Driver init: caches system tables, locates SMM Runtime Services Table protocol, calls its callback, installs protocol handlers +- **RuntimeSmmSetJump / RuntimeSmmLongJump** (0x300/0x3A0) -- SetJump/LongJump: saves/restores GP registers, XMM registers, MXCSR into 248-byte buffer +- **RuntimeSmmRegisterProtocolNotifyTable** (0x64C) -- Allocates buffer with protocol GUID data, registers via SmmRegisterProtocolNotify +- **RuntimeSmmRegisterRuntimeServices / RuntimeSmmRegisterStatusCodeProtocol** (0x9F8/0xA80) -- Protocol registration for Runtime Services and Status Code in both SMM and boot modes ## Protocols - SmmBase2 protocol (SMM_SERVICES_TABLE_GUID) diff --git a/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.md b/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.md index 4a58b76..95066d7 100644 --- a/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.md +++ b/AmiModulePkg/RuntimeSmm/RuntimeSmm/RuntimeSmm.md @@ -16,40 +16,40 @@ | Address | Name | Purpose | |---------|------|---------| -| 0x300 | RuntimeSmmSetJump (`sub_300`) | `SetJump()` implementation: captures callee-saved registers (GP + XMM) and MXCSR into a buffer, returns via computed goto | -| 0x3A0 | RuntimeSmmLongJump (`sub_3A0`) | `LongJump()` implementation: restores MXCSR from buffer, jumps to saved return address | +| 0x300 | RuntimeSmmSetJump | `SetJump()` implementation: captures callee-saved registers (GP + XMM) and MXCSR into a buffer, returns via computed goto | +| 0x3A0 | RuntimeSmmLongJump | `LongJump()` implementation: restores MXCSR from buffer, jumps to saved return address | | 0x420 | _ModuleEntryPoint | Module entry point, calls init then main dispatch | -| 0x44C | RuntimeSmmCacheSystemServices (`sub_44C`) | UEFI boot/runtime service table initialization: caches gImageHandle, gST, gBS, gRT, locates SmmBase2 protocol, retrieves gSmst | -| 0x58C | RuntimeSmmInitJumpState (`sub_58C`) | Main module dispatch: calls SetJump for error recovery, invokes `RuntimeSmmInitialize` (`sub_768`), cleans up with LongJump, reaches unreachable ASSERT | -| 0x640 | RuntimeSmmDefaultProtocolNotifyHandler (`sub_640`) | Stub function returning EFI_UNSUPPORTED (0x8000000000000003) | -| 0x64C | RuntimeSmmRegisterProtocolNotifyTable (`sub_64C`) | Allocates buffer, copies protocol GUID data, fills entries with `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`), calls SmmRegisterProtocolNotify to register protocol callback | -| 0x768 | RuntimeSmmInitialize (`sub_768`) | Driver init: caches SystemTable/BootServices/RuntimeServices, locates protocol `gSmmRuntimeServicesTableGuid`, calls its callback, optionally replaces RuntimeServices from SMM, invokes `RuntimeSmmRegisterRuntimeServices`/`RuntimeSmmRegisterStatusCodeProtocol` (`sub_9F8`/`sub_A80`) protocol registrations, calls `RuntimeSmmRegisterProtocolNotifyTable` (`sub_64C`) | -| 0x888 | RuntimeSmmLocateDebugProtocol (`sub_888`) | Gets DebugLib `ReportStatusCode` protocol via Smst->LocateProtocol (gEfiStatusCodeRuntimeProtocolGuid) | -| 0x8D8 | RuntimeSmmReportStatusCodeHandler (`sub_8D8`) | ASSERT handler: checks DebugLib protocol, checks severity mask via `RuntimeSmmReadRuntimeModeFromCmos` (`sub_960`), calls ReportStatusCode if mask matches | -| 0x920 | RuntimeSmmReportStatusCodeExHandler (`sub_920`) | ASSERT expression printer: obtains DebugLib protocol and calls its `ReportStatusCodeEx` with file/line/expression | -| 0x960 | RuntimeSmmReadRuntimeModeFromCmos (`sub_960`) | Reads CMOS index 0x4C via IO ports 0x70/0x71, interprets byte 0xFDAF0490 for runtime detection, returns EFI_STATUS code indicating boot mode | -| 0x9B0 | RuntimeSmmValidateJumpBuffer (`sub_9B0`) | SetJump validation: asserts JumpBuffer is non-null and 8-byte aligned | -| 0x9F8 | RuntimeSmmRegisterRuntimeServices (`sub_9F8`) | Protocol registration for Runtime Services: in SMM mode locates via Smst; in boot mode locates via gBS->LocateProtocol | -| 0xA80 | RuntimeSmmRegisterStatusCodeProtocol (`sub_A80`) | Protocol registration for status code protocol: in SMM mode uses Smst; in boot mode allocates pool and uses gBS->LocateProtocol | -| 0xB64 | RuntimeSmmFindCallbackProtocol (`sub_B64`) | Searches SMM system table entries for a matching protocol GUID (`gRuntimeSmmCallbackProtocolGuid`) and returns its associated handler pointer | -| 0xBD4 | RuntimeSmmCompareGuid (`sub_BD4`) | Memory comparison function: byte-level and 8-byte-aligned compare against reference buffer (`gRuntimeSmmCallbackProtocolGuid`), returns difference | +| 0x44C | RuntimeSmmCacheSystemServices | UEFI boot/runtime service table initialization: caches gImageHandle, gST, gBS, gRT, locates SmmBase2 protocol, retrieves gSmst | +| 0x58C | RuntimeSmmInitJumpState | Main module dispatch: calls SetJump for error recovery, invokes `RuntimeSmmInitialize`, cleans up with LongJump, reaches unreachable ASSERT | +| 0x640 | RuntimeSmmDefaultProtocolNotifyHandler | Stub function returning EFI_UNSUPPORTED (0x8000000000000003) | +| 0x64C | RuntimeSmmRegisterProtocolNotifyTable | Allocates buffer, copies protocol GUID data, fills entries with `RuntimeSmmDefaultProtocolNotifyHandler`, calls SmmRegisterProtocolNotify to register protocol callback | +| 0x768 | RuntimeSmmInitialize | Driver init: caches SystemTable/BootServices/RuntimeServices, locates protocol `gSmmRuntimeServicesTableGuid`, calls its callback, optionally replaces RuntimeServices from SMM, invokes `RuntimeSmmRegisterRuntimeServices`/`RuntimeSmmRegisterStatusCodeProtocol` protocol registrations, calls `RuntimeSmmRegisterProtocolNotifyTable` | +| 0x888 | RuntimeSmmLocateDebugProtocol | Gets DebugLib `ReportStatusCode` protocol via Smst->LocateProtocol (gEfiStatusCodeRuntimeProtocolGuid) | +| 0x8D8 | RuntimeSmmReportStatusCodeHandler | ASSERT handler: checks DebugLib protocol, checks severity mask via `RuntimeSmmReadRuntimeModeFromCmos`, calls ReportStatusCode if mask matches | +| 0x920 | RuntimeSmmReportStatusCodeExHandler | ASSERT expression printer: obtains DebugLib protocol and calls its `ReportStatusCodeEx` with file/line/expression | +| 0x960 | RuntimeSmmReadRuntimeModeFromCmos | Reads CMOS index 0x4C via IO ports 0x70/0x71, interprets byte 0xFDAF0490 for runtime detection, returns EFI_STATUS code indicating boot mode | +| 0x9B0 | RuntimeSmmValidateJumpBuffer | SetJump validation: asserts JumpBuffer is non-null and 8-byte aligned | +| 0x9F8 | RuntimeSmmRegisterRuntimeServices | Protocol registration for Runtime Services: in SMM mode locates via Smst; in boot mode locates via gBS->LocateProtocol | +| 0xA80 | RuntimeSmmRegisterStatusCodeProtocol | Protocol registration for status code protocol: in SMM mode uses Smst; in boot mode allocates pool and uses gBS->LocateProtocol | +| 0xB64 | RuntimeSmmFindCallbackProtocol | Searches SMM system table entries for a matching protocol GUID (`gRuntimeSmmCallbackProtocolGuid`) and returns its associated handler pointer | +| 0xBD4 | RuntimeSmmCompareGuid | Memory comparison function: byte-level and 8-byte-aligned compare against reference buffer (`gRuntimeSmmCallbackProtocolGuid`), returns difference | ## Entry Points (Public API) -- 0x420 `_ModuleEntryPoint`: Called by SMM core on driver load. Calls `RuntimeSmmCacheSystemServices` (`sub_44C`) to initialize service table globals, then `RuntimeSmmInitJumpState` (`sub_58C`) as the main dispatch routine. +- 0x420 `_ModuleEntryPoint`: Called by SMM core on driver load. Calls `RuntimeSmmCacheSystemServices` to initialize service table globals, then `RuntimeSmmInitJumpState` as the main dispatch routine. - Local compatibility alias: `ModuleEntryPoint(ImageHandle, SystemTable)` currently forwards to `_ModuleEntryPoint(...)` to preserve current source-level entry naming while keeping the recovered symbol as primary. ## Internal Helpers -- 0x300 `RuntimeSmmSetJump` (`sub_300`): `SetJump` -- saves full register context (15 GP regs, 10 XMM regs, MXCSR) into a 248-byte jump buffer (`gSetJumpBuffer`), returns via `return v21()`. -- 0x3A0 `RuntimeSmmLongJump` (`sub_3A0`): `LongJump` -- restores MXCSR from jump buffer and jumps to saved return address at buffer+72. -- 0x640 `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`): Stub returning `0x8000000000000003` (`EFI_UNSUPPORTED`). Used as a default protocol notify handler in the registration table. -- 0x888 `RuntimeSmmLocateDebugProtocol` (`sub_888`): Debug library support -- lazily locates `gEfiStatusCodeRuntimeProtocolGuid` via `gSmst->LocateProtocol`. -- 0x8D8 `RuntimeSmmReportStatusCodeHandler` (`sub_8D8`): ASSERT_EFI_ERROR handler -- checks DebugLib protocol and severity mask before calling `ReportStatusCode`. -- 0x920 `RuntimeSmmReportStatusCodeExHandler` (`sub_920`): Debug ASSERT -- calls `ReportStatusCodeEx` on the DebugLib protocol with file/line/expression. -- 0x960 `RuntimeSmmReadRuntimeModeFromCmos` (`sub_960`): CMOS-based runtime detection -- reads NVRAM byte at CMOS index 0x4C, checks boot mode (returns `0x80000004` for normal, `0x80000002` for S3 resume). -- 0x9B0 `RuntimeSmmValidateJumpBuffer` (`sub_9B0`): SetJump buffer validation -- asserts non-null and 8-byte aligned. -- 0xBD4 `RuntimeSmmCompareGuid` (`sub_BD4`): `CompareMem` against reference GUID `unk_12B0` (little-endian aligned compare with tail handling). +- 0x300 `RuntimeSmmSetJump`: `SetJump` -- saves full register context (15 GP regs, 10 XMM regs, MXCSR) into a 248-byte jump buffer (`gSetJumpBuffer`), returns via `return v21()`. +- 0x3A0 `RuntimeSmmLongJump`: `LongJump` -- restores MXCSR from jump buffer and jumps to saved return address at buffer+72. +- 0x640 `RuntimeSmmDefaultProtocolNotifyHandler`: Stub returning `0x8000000000000003` (`EFI_UNSUPPORTED`). Used as a default protocol notify handler in the registration table. +- 0x888 `RuntimeSmmLocateDebugProtocol`: Debug library support -- lazily locates `gEfiStatusCodeRuntimeProtocolGuid` via `gSmst->LocateProtocol`. +- 0x8D8 `RuntimeSmmReportStatusCodeHandler`: ASSERT_EFI_ERROR handler -- checks DebugLib protocol and severity mask before calling `ReportStatusCode`. +- 0x920 `RuntimeSmmReportStatusCodeExHandler`: Debug ASSERT -- calls `ReportStatusCodeEx` on the DebugLib protocol with file/line/expression. +- 0x960 `RuntimeSmmReadRuntimeModeFromCmos`: CMOS-based runtime detection -- reads NVRAM byte at CMOS index 0x4C, checks boot mode (returns `0x80000004` for normal, `0x80000002` for S3 resume). +- 0x9B0 `RuntimeSmmValidateJumpBuffer`: SetJump buffer validation -- asserts non-null and 8-byte aligned. +- 0xBD4 `RuntimeSmmCompareGuid`: `CompareMem` against reference GUID `gRuntimeSmmCallbackProtocolGuid` (little-endian aligned compare with tail handling). ## State Management @@ -60,40 +60,40 @@ | 0x1280 | gEfiSmmStatusCodeProtocolGuid | GUID | Protocol GUID for status code in SMM runtime | | 0x1290 | gEfiStatusCodeRuntimeProtocolGuid | GUID | Runtime protocol GUID (mirrors status-code runtime view) | | 0x12A0 | gEfiSmmBaseProtocolGuid | GUID | SmmBase2 protocol GUID (`SMM_SERVICES_TABLE_GUID`) | -| 0x12B0 | gRuntimeSmmCallbackProtocolGuid | GUID | Reference GUID for protocol comparison (sub_BD4/sub_64C) | -| 0x12C0 | gRuntimeServicesProtocolGuid | GUID | Boot-time protocol GUID for Runtime Services (sub_9F8) | -| 0x12D0 | gSmmRuntimeServicesProtocolGuid | GUID | SMM-mode protocol GUID for Runtime Services (sub_9F8) | -| 0x12E0 | gSmmRuntimeServicesTableGuid | GUID | Protocol GUID for SMM Runtime Services Table (`RuntimeSmmInitialize` / `sub_768`) locates via gBS->LocateProtocol | +| 0x12B0 | gRuntimeSmmCallbackProtocolGuid | GUID | Reference GUID for protocol comparison (`RuntimeSmmCompareGuid`/`RuntimeSmmRegisterProtocolNotifyTable`) | +| 0x12C0 | gRuntimeServicesProtocolGuid | GUID | Boot-time protocol GUID for Runtime Services (`RuntimeSmmRegisterRuntimeServices`) | +| 0x12D0 | gSmmRuntimeServicesProtocolGuid | GUID | SMM-mode protocol GUID for Runtime Services (`RuntimeSmmRegisterRuntimeServices`) | +| 0x12E0 | gSmmRuntimeServicesTableGuid | GUID | Protocol GUID for SMM Runtime Services Table (`RuntimeSmmInitialize`) locates via gBS->LocateProtocol | | 0x12F0 | gST | UINT64 | System Table pointer | | 0x1300 | gImageHandle | UINT64 | ImageHandle passed to module entry | | 0x1308 | gRT | UINT64 | Runtime Services pointer | | 0x1310 | gSmst | UINT64 | SMM Services Table pointer | -| 0x1318 | mDebugProtocol | UINT64 | DebugLib protocol pointer (cached lazily by `RuntimeSmmLocateDebugProtocol` / `sub_888`) | +| 0x1318 | mDebugProtocol | UINT64 | DebugLib protocol pointer (cached lazily by `RuntimeSmmLocateDebugProtocol`) | | 0x1320 | gBS | UINT64 | Boot Services pointer | | 0x1328 | RuntimeServices | UINT64 | Runtime Services cached pointer | | 0x1330 | gSmst | UINT64 | SMM System Table pointer (gSmst, set from SmmBase2) | | 0x1338 | mSmmMode | UINT8 | SmmMode flag (1 = running in SMM) | -| 0x1340 | mRuntimeServicesProtocolSmm | UINT64 | SMM Runtime Services protocol pointer (sub_9F8) | -| 0x1348 | mInSmmMode | UINT8 | InSmm flag (1 = in SMM, used by sub_9F8/sub_A80 protocol registration) | -| 0x1350 | mStatusCodeProtocolSmm | UINT64 | SMM Status Code protocol pointer (sub_A80) | -| 0x1358 | mRuntimeServicesProtocolBoot | UINT64 | Boot-time Runtime Services protocol pointer (sub_9F8) | -| 0x1360 | mSmmRuntimeServicesTable | UINT64 | SMM Runtime Services Table protocol pointer (`RuntimeSmmInitialize` / `sub_768`) | -| 0x1368 | mStatusCodeProtocolBoot | UINT64 | Boot-time Status Code protocol pointer (sub_A80) | -| 0x1378 | mCmosByte | UINT8 | CMOS byte read result (`RuntimeSmmReadRuntimeModeFromCmos` / `sub_960`) | +| 0x1340 | mRuntimeServicesProtocolSmm | UINT64 | SMM Runtime Services protocol pointer (`RuntimeSmmRegisterRuntimeServices`) | +| 0x1348 | mInSmmMode | UINT8 | InSmm flag (1 = in SMM, used by protocol registration logic) | +| 0x1350 | mStatusCodeProtocolSmm | UINT64 | SMM Status Code protocol pointer (`RuntimeSmmRegisterStatusCodeProtocol`) | +| 0x1358 | mRuntimeServicesProtocolBoot | UINT64 | Boot-time Runtime Services protocol pointer (`RuntimeSmmRegisterRuntimeServices`) | +| 0x1360 | mSmmRuntimeServicesTable | UINT64 | SMM Runtime Services Table protocol pointer (`RuntimeSmmInitialize`) | +| 0x1368 | mStatusCodeProtocolBoot | UINT64 | Boot-time Status Code protocol pointer (`RuntimeSmmRegisterStatusCodeProtocol`) | +| 0x1378 | mCmosByte | UINT8 | CMOS byte read result (`RuntimeSmmReadRuntimeModeFromCmos`) | | 0x1380 | gSetJumpBuffer | 248-byte buffer | SetJump/LongJump context save area | ### Initialization Flow 1. `_ModuleEntryPoint` (0x420) called by SMM core -2. `sub_44C` (0x44C) caches gImageHandle, gST, gBS, gRT, locates SmmBase2 protocol, gets gSmst -3. `RuntimeSmmInitJumpState` (`sub_58C`) saves SetJump context, calls `RuntimeSmmInitialize` (`sub_768`) [driver init], restores via LongJump -4. `RuntimeSmmInitialize` (`sub_768`) caches SystemTable/BootServices/RuntimeServices, locates SMM RST protocol, calls its callback, optionally swaps RuntimeServices with SMM version, registers protocol handlers via `RuntimeSmmRegisterRuntimeServices`/`RuntimeSmmRegisterStatusCodeProtocol` (`sub_9F8`/`sub_A80`), calls `RuntimeSmmRegisterProtocolNotifyTable` (`sub_64C`) for protocol notify registration -5. `RuntimeSmmRegisterProtocolNotifyTable` (`sub_64C`) allocates a 136-byte buffer, fills first 3 QWORDs from protocol GUID data and the remaining 14 with `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`) stub, registers via SmmRegisterProtocolNotify +2. `RuntimeSmmCacheSystemServices` (0x44C) caches gImageHandle, gST, gBS, gRT, locates SmmBase2 protocol, gets gSmst +3. `RuntimeSmmInitJumpState` saves SetJump context, calls `RuntimeSmmInitialize` [driver init], restores via LongJump +4. `RuntimeSmmInitialize` caches SystemTable/BootServices/RuntimeServices, locates SMM RST protocol, calls its callback, optionally swaps RuntimeServices with SMM version, registers protocol handlers via `RuntimeSmmRegisterRuntimeServices`/`RuntimeSmmRegisterStatusCodeProtocol`, calls `RuntimeSmmRegisterProtocolNotifyTable` for protocol notify registration +5. `RuntimeSmmRegisterProtocolNotifyTable` allocates a 136-byte buffer, fills first 3 QWORDs from protocol GUID data and the remaining 14 with `RuntimeSmmDefaultProtocolNotifyHandler` stub, registers via SmmRegisterProtocolNotify ## Data Structures -- **SetJump buffer** at `gSetJumpBuffer` (248 bytes): Offset layout is 15 saved GP registers (0-64), return address (72), MXCSR value (80), 10 XMM registers (88-248). Used by `RuntimeSmmSetJump`/`RuntimeSmmLongJump` (`sub_300`/`sub_3A0`) for error recovery wrapping around `RuntimeSmmInitialize` (`sub_768`). -- **Protocol notify buffer** in `RuntimeSmmRegisterProtocolNotifyTable` (`sub_64C`) (136 bytes = 17 QWORDs): First 3 QWORDs are protocol GUID, remaining 14 QWORDs initialized to `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`) function pointer, registered via `SmmRegisterProtocolNotify`. +- **SetJump buffer** at `gSetJumpBuffer` (248 bytes): Offset layout is 15 saved GP registers (0-64), return address (72), MXCSR value (80), 10 XMM registers (88-248). Used by `RuntimeSmmSetJump`/`RuntimeSmmLongJump` for error recovery wrapping around `RuntimeSmmInitialize`. +- **Protocol notify buffer** in `RuntimeSmmRegisterProtocolNotifyTable` (136 bytes = 17 QWORDs): First 3 QWORDs are protocol GUID, remaining 14 QWORDs initialized to `RuntimeSmmDefaultProtocolNotifyHandler` function pointer, registered via `SmmRegisterProtocolNotify`. ## Calling Patterns @@ -106,20 +106,20 @@ - **SMM Services (gSmst)**: `LocateProtocol` (offset +208), `SmmRegisterProtocolNotify` (offset +40), `SmmIoMemRead`/protocol entry iteration (offset +152/+160 in SMM system table struct) - **Boot Services (gBS)**: `LocateProtocol` (offset +320), `AllocatePool` (offset +24), `FreePool` (offset +32) -- **Hardware IO**: CMOS NVRAM ports 0x70/0x71 (`RuntimeSmmReadRuntimeModeFromCmos` / `sub_960`), fixed address 0xFDAF0490 (runtime detection byte) +- **Hardware IO**: CMOS NVRAM ports 0x70/0x71 (`RuntimeSmmReadRuntimeModeFromCmos`), fixed address 0xFDAF0490 (runtime detection byte) - **DebugLib protocol**: `ReportStatusCode` and `ReportStatusCodeEx` (via gSmst->LocateProtocol) ### Consumed By (other modules call this) - **SMM Core**: Calls `_ModuleEntryPoint` (exported entry point) -- **SMM Runtime Services Table protocol consumer**: The protocol notify handler registered via sub_64C is invoked by SMM core when the target protocol is installed +- **SMM Runtime Services Table protocol consumer**: The protocol notify handler registered via `RuntimeSmmRegisterProtocolNotifyTable` is invoked by SMM core when the target protocol is installed - **Callback from located protocol** at 0x807: The protocol at `mSmmRuntimeServicesTable` is called with an `Enable` flag pointer; its second function (+8) provides the SMM system table ## Notes - The module has NO imports -- all protocol interfaces are resolved internally via `LocateProtocol` through the system tables. - Strings reference build paths `e:\hs\Build\HR6N0XMLK\DEBUG_VS2015\X64\...` and `e:\hs\AmiModulePkg\RuntimeSmm\RuntimeSmm.c`, confirming this is a DEBUG VS2015 X64 build. -- `RuntimeSmmDefaultProtocolNotifyHandler` (`sub_640`) is a 2-instruction leaf returning `EFI_UNSUPPORTED` -- used as a placeholder default handler in the protocol notify registration table. -- `RuntimeSmmReadRuntimeModeFromCmos` (`sub_960`)'s CMOS check at index 0x4C and the byte at 0xFDAF0490 are platform-specific runtime detection heuristics for distinguishing normal boot from S3 resume. -- The double `RuntimeSmmReportStatusCodeExHandler` (`sub_920`) call after LongJump in `RuntimeSmmInitJumpState` (`sub_58C`) is unreachable code (standard EDK2 AutoGen tail after infinite loop). -- sub_BD4's alignment-sensitive comparison logic handles unaligned GUID comparison by byte-matching leading/trailing misaligned bytes. +- `RuntimeSmmDefaultProtocolNotifyHandler` is a 2-instruction leaf returning `EFI_UNSUPPORTED` -- used as a placeholder default handler in the protocol notify registration table. +- `RuntimeSmmReadRuntimeModeFromCmos`'s CMOS check at index 0x4C and the byte at 0xFDAF0490 are platform-specific runtime detection heuristics for distinguishing normal boot from S3 resume. +- The double `RuntimeSmmReportStatusCodeExHandler` call after LongJump in `RuntimeSmmInitJumpState` is unreachable code (standard EDK2 AutoGen tail after infinite loop). +- `RuntimeSmmCompareGuid`'s alignment-sensitive comparison logic handles unaligned GUID comparison by byte-matching leading/trailing misaligned bytes. diff --git a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/README.md b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/README.md index 7d03613..1a161ab 100644 --- a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/README.md +++ b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/README.md @@ -20,15 +20,15 @@ ## Key Functions - **ModuleEntryPoint**: UEFI entrypoint that launches initialization and command processing. -- **TcgStorageSecurityInit** (`sub_53C`): TCG storage protocol initialization and SMM dispatch setup. -- **TcgStorageSecurityProcessCommands** (`sub_A9C`): Core SMM storage security command processing pipeline. -- **TcgStorageSecurityHandleInitializeError** (`sub_9D8`): Error handling path for failed command pipeline initialization. +- **TcgStorageSecurityInit**: TCG storage protocol initialization and SMM dispatch setup. +- **TcgStorageSecurityProcessCommands**: Core SMM storage security command processing pipeline. +- **TcgStorageSecurityHandleInitializeError**: Error handling path for failed command pipeline initialization. ### Recovered Symbol Table -- `TcgStorageSecurityInit` ← `sub_53C` -- `TcgStorageSecurityProcessCommands` ← `sub_A9C` -- `TcgStorageSecurityHandleInitializeError` ← `sub_9D8` +- `TcgStorageSecurityInit` +- `TcgStorageSecurityProcessCommands` +- `TcgStorageSecurityHandleInitializeError` ## Dependencies diff --git a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.md b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.md index b626eae..f5b432f 100644 --- a/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.md +++ b/AmiModulePkg/TcgStorageSecurity/SmmTcgStorageSec/SmmTcgStorageSec.md @@ -5,9 +5,9 @@ | Address | Name | Description | |---------|------|-------------| | *(entry)* | **ModuleEntryPoint** | Calls `TcgStorageSecurityInit(ImageHandle, SystemTable)`, then executes `TcgStorageSecurityProcessCommands()`, and invokes `TcgStorageSecurityHandleInitializeError()` on failure. | -| `sub_53C` | **TcgStorageSecurityInit** | Initialization routine for SMM TCG storage security context and handler registration. | -| `sub_A9C` | **TcgStorageSecurityProcessCommands** | Primary command-processing routine executed after initialization. | -| `sub_9D8` | **TcgStorageSecurityHandleInitializeError** | Error recovery path used when command processing reports an EFI error. | +| `TcgStorageSecurityInit` | **TcgStorageSecurityInit** | Initialization routine for SMM TCG storage security context and handler registration. | +| `TcgStorageSecurityProcessCommands` | **TcgStorageSecurityProcessCommands** | Primary command-processing routine executed after initialization. | +| `TcgStorageSecurityHandleInitializeError` | **TcgStorageSecurityHandleInitializeError** | Error recovery path used when command processing reports an EFI error. | ### Recovered Call Chain @@ -23,9 +23,9 @@ ### Recovered Symbols -- `TcgStorageSecurityInit` (`sub_53C`) -- `TcgStorageSecurityProcessCommands` (`sub_A9C`) -- `TcgStorageSecurityHandleInitializeError` (`sub_9D8`) +- `TcgStorageSecurityInit` +- `TcgStorageSecurityProcessCommands` +- `TcgStorageSecurityHandleInitializeError` --- *Generated by HR650X BIOS Decompilation Project* diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.md index 4f1daff..03045fc 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain.md @@ -12,9 +12,9 @@ |---------|------|-------------| | 0x5F8 | `ModuleEntryPoint` | EDK2 SMM driver entrypoint | | 0x5F8 | `ModuleEntryPoint` | `AmiErrorHandlerAutoGenInit(); Status = AmiErrorHandlerInitialize(ImageHandle, SystemTable); if (Status < 0) AmiErrorHandlerInitFail(ImageHandle, SystemTable); return Status;` | -| 0x3E24 | `AmiErrorHandlerAutoGenInit` (aka `sub_3E24`) | AutoGen init sequence | -| 0x42EC | `AmiErrorHandlerInitialize` (aka `sub_42EC`) | Main SMM initialization and registration | -| 0x427C | `AmiErrorHandlerInitFail` (aka `sub_427C`) | Initialization failure cleanup/error path | +| 0x3E24 | `AmiErrorHandlerAutoGenInit` | AutoGen init sequence | +| 0x42EC | `AmiErrorHandlerInitialize` | Main SMM initialization and registration | +| 0x427C | `AmiErrorHandlerInitFail` | Initialization failure cleanup/error path | --- *Generated by HR650X BIOS Decompilation Project* diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain_analysis.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain_analysis.md index 1cce32f..0b401e4 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain_analysis.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/AmiErrorHandlerMain_analysis.md @@ -17,9 +17,9 @@ | Address | Name | Purpose | |---------|------|---------| | 0x5f8 | ModuleEntryPoint | Driver entry: init libraries, register SMI handler | -| 0x3e24 | AmiErrorHandlerAutoGenInit (`sub_3E24`) | AutoGen init: calls 18 sub-init functions in sequence | -| 0x42ec | AmiErrorHandlerInitialize (`sub_42EC`) | Main init: SMM protocol registration | -| 0x427c | AmiErrorHandlerInitFail (`sub_427C`) | Initialization failure cleanup/error path | +| 0x3e24 | AmiErrorHandlerAutoGenInit | AutoGen init: calls 18 sub-init functions in sequence | +| 0x42ec | AmiErrorHandlerInitialize | Main init: SMM protocol registration | +| 0x427c | AmiErrorHandlerInitFail | Initialization failure cleanup/error path | | 0x4680 | sub_4680 | SMM SwDispatch registration + SMI handler install | | 0x4364 | sub_4364 | SMI dispatch callback: demux by GUID | | 0x27e4 | sub_27E4 | Core error dispatch: switch(error_source) {1..9} | @@ -44,7 +44,7 @@ ## Entry Points (Public API) -- **0x5f8** `ModuleEntryPoint`: Standard UEFI driver entry. Calls `AmiErrorHandlerAutoGenInit` (aka `sub_3E24`), then `AmiErrorHandlerInitialize` (aka `sub_42EC`), and falls to `AmiErrorHandlerInitFail` (aka `sub_427C`) on error. +- **0x5f8** `ModuleEntryPoint`: Standard UEFI driver entry. Calls `AmiErrorHandlerAutoGenInit`, then `AmiErrorHandlerInitialize`, and falls to `AmiErrorHandlerInitFail` on error. - **0x4364** `sub_4364`: SMI dispatch callback registered via SmmSwDispatch2. Entry receives a context buffer. Reads error type from buffer offset+12, copies payload data, and dispatches to sub_27E4. Handles 3 protocol GUIDs (unk_5C80, unk_5C90, unk_5CA0). @@ -60,7 +60,7 @@ - `AmiErrorHandlerMain.h`: declarations for `ModuleEntryPoint`, recovered entrypoints, and legacy `sub_*` symbols. - `AmiErrorHandlerMain.md` / `README.md`: manually recovered control-flow and protocol notes for this translation unit. -### Init Sequence (called from `AmiErrorHandlerAutoGenInit` / `sub_3E24` in order): +### Init Sequence (called from `AmiErrorHandlerAutoGenInit` in order): 1. **0x6e8** - Init gImageHandle, gST, gBS globals 2. **0x784** - Init gRT (Runtime Services Table) 3. **0x7c0** - Init gSmst via SmmBase2Protocol (GUID F4CCBFB7-F6E0-47FD-9dd410a8-f150c191) @@ -225,7 +225,7 @@ ``` ModuleEntryPoint(0x5f8) | - +-> AmiErrorHandlerAutoGenInit (aka sub_3E24) + +-> AmiErrorHandlerAutoGenInit | +-> sub_6E8 -> gBS/gST init | +-> sub_784 -> gRT init | +-> sub_7C0 -> gSmst init (SmmBase2) @@ -240,7 +240,7 @@ | +-> sub_2520 -> [protocol] | +-> sub_263C -> [protocol] | - +-> AmiErrorHandlerInitialize (aka sub_42EC) + +-> AmiErrorHandlerInitialize +-> sub_300 -> debug check +-> sub_4680 -> SMM protocol registration +-> SmmSwDispatch2.Register() diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/README.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/README.md index 0f9705b..e76f525 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/README.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/AmiErrorHandlerMain/README.md @@ -5,14 +5,14 @@ SMM error handler from American Megatrends (AMI) that receives error notifications via SMM communication protocol, classifies them by error source type (1-9), and dispatches to platform-specific handlers. Manages CPU topology tracking (socket/core/thread) for error source correlation and reports Configuration Status Register (CSR) data to BMC via IPMI/SMM communicate. Handles MCA errors, PCIe AER errors, and generic bus/memory/I/O errors. ## Module split -- `AmiErrorHandlerMain.c` / `AmiErrorHandlerMain.h`: module entrypoint and split-boundary shims that bind recovered names to linked `sub_*` implementation symbols. -- Remaining implementation units (registration/dispatch/reporting/initialization primitives) are referenced through the preserved `sub_*` entrypoints documented in analysis notes. +- `AmiErrorHandlerMain.c` / `AmiErrorHandlerMain.h`: module entrypoint and split-boundary shims that bind recovered names to linked implementation symbols. +- Remaining implementation units (registration/dispatch/reporting/initialization primitives) are referenced through the implementation notes documented in analysis. ## Key Functions - **ModuleEntryPoint** -- Recovered entrypoint that calls `AmiErrorHandlerAutoGenInit`, `AmiErrorHandlerInitialize`, then `AmiErrorHandlerInitFail` on registration failure. -- **AmiErrorHandlerAutoGenInit** (`sub_3E24`) -- Performs AutoGen-generated init routine before main initialization. -- **AmiErrorHandlerInitialize** (`sub_42EC`) -- Main initialization; registers the SMM dispatch handlers. -- **AmiErrorHandlerInitFail** (`sub_427C`) -- Error path invoked when SMM initialization returns failure. +- **AmiErrorHandlerAutoGenInit** -- Performs AutoGen-generated init routine before main initialization. +- **AmiErrorHandlerInitialize** -- Main initialization; registers the SMM dispatch handlers. +- **AmiErrorHandlerInitFail** -- Error path invoked when SMM initialization returns failure. - **sub_27E4** -- Core error dispatch: switch(error_source=1..9) routes to domain-specific handlers - **sub_2724** -- MCA error severity classification (corrected/uncorrected/fatal/deferred) - **sub_2F2C** -- Report CSR info to BMC via SmmCommunication with formatted 12-byte record diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.md index 1fedff7..e841fa8 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler.md @@ -4,15 +4,15 @@ | Address | Name | Description | |---------|------|-------------| -| 0x5CC | **_ModuleEntryPoint** (`ModuleEntryPoint`, `sub_5CC`) | DXE/SMM entry point: constructor sequence (`sub_30D8` -> `PlatformErrorHandlerConstructors`), then main init (`sub_3550` -> `RegisterPlatformErrorHandler`), fallback (`sub_34E0` -> `PlatformErrorHandlerFallbackInit`) on failure | -| (rsi) | **PlatformErrorHandlerConstructors** (`sub_30D8`) | AutoGen constructor dispatcher / library initialization path | -| (rsi) | **RegisterPlatformErrorHandler** (`sub_3550`) | Main PlatformErrorHandler initialization | -| (rsi) | **PlatformErrorHandlerFallbackInit** (`sub_34E0`) | Fallback/cleanup initialization helper | -| (rsi) | **PlatformErrorHandlerSmmEntry** (`sub_594`) | Secondary SMM entry observed in local analysis | -| (rsi) | **RegisterErrorNotificationCallback** (`sub_36B8`) | Register priority-sorted notification callback for error delivery | -| (rsi) | **RegisterErrorSource** (`sub_35C8`) | Register per-source error context node | -| (rsi) | **DispatchNotification** (`sub_3810`) | Dispatch all callbacks for current context | -| (rsi) | **DispatchWithEarlyOut** (`sub_3844`) | Dispatch callbacks with early-stop support | +| 0x5CC | **_ModuleEntryPoint** (`ModuleEntryPoint`) | DXE/SMM entry point: constructor sequence (`PlatformErrorHandlerConstructors`), then main init (`RegisterPlatformErrorHandler`), fallback (`PlatformErrorHandlerFallbackInit`) on failure | +| (rsi) | **PlatformErrorHandlerConstructors** | AutoGen constructor dispatcher / library initialization path | +| (rsi) | **RegisterPlatformErrorHandler** | Main PlatformErrorHandler initialization | +| (rsi) | **PlatformErrorHandlerFallbackInit** | Fallback/cleanup initialization helper | +| (rsi) | **PlatformErrorHandlerSmmEntry** | Secondary SMM entry observed in local analysis | +| (rsi) | **RegisterErrorNotificationCallback** | Register priority-sorted notification callback for error delivery | +| (rsi) | **RegisterErrorSource** | Register per-source error context node | +| (rsi) | **DispatchNotification** | Dispatch all callbacks for current context | +| (rsi) | **DispatchWithEarlyOut** | Dispatch callbacks with early-stop support | ## Recovered Globals @@ -28,7 +28,7 @@ ## Module File Split -- `_ModuleEntryPoint`/`sub_594` are entry paths in `PlatformErrorHandler.c`. +- `_ModuleEntryPoint`/`PlatformErrorHandlerSmmEntry` are entry paths in `PlatformErrorHandler.c`. - `PlatformErrorHandlerConstructors`, `RegisterPlatformErrorHandler`, `PlatformErrorHandlerFallbackInit`, `RegisterErrorNotificationCallback`, `RegisterErrorSource`, `DispatchNotification`, and `DispatchWithEarlyOut` are in this module directory and are exposed for cross-file linking. diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler_analysis.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler_analysis.md index 6c284f4..5941df2 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler_analysis.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/PlatformErrorHandler_analysis.md @@ -60,13 +60,13 @@ ## Entry Points (Public API) -- 0x5CC `_ModuleEntryPoint`: Standard UEFI DXE driver entry. Calls sub_30D8 for library constructor chain, then sub_3550 for main initialization. If main init returns error (<0), calls sub_34E0 fallback. +- 0x5CC `_ModuleEntryPoint`: Standard UEFI DXE driver entry. Calls `PlatformErrorHandlerConstructors` for library constructor chain, then `RegisterPlatformErrorHandler` for main initialization. If main init returns error (<0), calls `PlatformErrorHandlerFallbackInit` fallback. -- 0x594 `sub_594`: SMM module entry path (registered via SMM SW dispatch or standalone entry). Calls sub_F0C (gSmst init) then sub_34E0. +- 0x594 `PlatformErrorHandlerSmmEntry`: SMM module entry path (registered via SMM SW dispatch or standalone entry). Calls `SmmServicesTableLib constructor` then `PlatformErrorHandlerFallbackInit`. ## Internal Helpers -### Library Constructors (called from sub_30D8 chain): +### Library Constructors (called from `PlatformErrorHandlerConstructors` chain): | Address | Name | Source | |---------|------|--------| @@ -75,7 +75,7 @@ | 0x794 | sub_794 | DxeHobLib constructor | | 0xC28 | sub_C28 | BaseLib constructor | | 0xEA8 | sub_EA8 | SmmMemoryAllocationLib constructor | -| 0xF0C | sub_F0C | Thunk to gSmst init | +| 0xF0C | SmmServicesTableLib constructor | Thunk to gSmst init | | 0x1094 | sub_1094 | BaseSynchronizationLib constructor | | 0x10FC | sub_10FC | IoLib constructor | | 0x13CC | sub_13CC | EmcaPlatformHooksLib constructor | @@ -109,15 +109,15 @@ | Address | Name | Purpose | |---------|------|---------| -| 0x36B8 | sub_36B8 | RegisterErrorNotificationCallback - Allocates a 24-byte callback node, inserts into priority-sorted linked list (head at qword_72F0, tail at qword_72F8). Sorted by priority byte at offset +16. Returns EFI_INVALID_PARAMETER if a1 is NULL. | -| 0x35C8 | sub_35C8 | RegisterErrorSource - Allocates a 16-byte node, inserts into source linked list (head at qword_72E0). Returns EFI_INVALID_PARAMETER if a1 is NULL. | +| 0x36B8 | RegisterErrorNotificationCallback | Allocates a 24-byte callback node, inserts into priority-sorted linked list (head at qword_72F0, tail at qword_72F8). Sorted by priority byte at offset +16. Returns EFI_INVALID_PARAMETER if a1 is NULL. | +| 0x35C8 | RegisterErrorSource | Allocates a 16-byte node, inserts into source linked list (head at qword_72E0). Returns EFI_INVALID_PARAMETER if a1 is NULL. | ### Callback Dispatch: | Address | Name | Purpose | |---------|------|---------| -| 0x3810 | sub_3810 | DispatchNotification - Iterates all registered notification callbacks (head at qword_72F0), calls each with the context pointer | -| 0x3844 | sub_3844 | DispatchWithEarlyOut - Same as above but with a "stop" flag (char at [rbp+0x10]), stops when flag set | +| 0x3810 | DispatchNotification | Iterates all registered notification callbacks (head at qword_72F0), calls each with the context pointer | +| 0x3844 | DispatchWithEarlyOut | Same as above but with a "stop" flag (char at [rbp+0x10]), stops when flag set | ### EMCA MC Bank Access (from emcaplatformhookslib.c): @@ -173,14 +173,14 @@ +0x08: uint64_t next_node_ptr (linked list) +0x10: uint8_t priority (lower = higher priority, inserted sorted) ``` -Allocated by sub_36B8, stored in priority-sorted linked list. Head: qword_72F0, Tail: qword_72F8. +Allocated by `RegisterErrorNotificationCallback`, stored in priority-sorted linked list. Head: qword_72F0, Tail: qword_72F8. ### Error Source Node (16 bytes): ``` +0x00: uint64_t source_data +0x08: uint64_t next_node_ptr ``` -Allocated by sub_35C8, stored in linked list. Head: qword_72E0. +Allocated by `RegisterErrorSource`, stored in linked list. Head: qword_72E0. ### FPGA Configuration HOB Structure (38 bytes): Used by sub_2AE0 for FPGA config. Various bitfields for error enable/disable. @@ -217,23 +217,23 @@ ## Calling Patterns ### Driver Initialization Flow: -1. `_ModuleEntryPoint` (0x5CC) -2. `sub_30D8` (0x30D8) - library constructor chain (12 constructors) -3. `sub_3550` (0x3550) - main init +1. `_ModuleEntryPoint` (`ModuleEntryPoint`) (0x5CC) +2. `PlatformErrorHandlerConstructors` (0x30D8) - library constructor chain (12 constructors) +3. `RegisterPlatformErrorHandler` (0x3550) - main init 4. `sub_3970` (0x3970) - core logic: a. Read RAS topology from HOB via `sub_4700` b. Read setup variables via `sub_3E0C` / `sub_3D4C` c. Apply error policy from setup via `sub_5354` d. Initialize OEM RAS via `sub_29A4` - e. Save back setup via `sub_F0C` / `sub_2998` + e. Save back setup via `SmmServicesTableLib constructor` / `sub_2998` f. Init EMCA platform hooks via `sub_3890` g. Register SMM SW dispatch handlers (sub_252C + sub_25A8) h. Register SMM communication protocol ### Error Notification Flow: 1. SMI received -> SMM SW Dispatch handler fires -2. Dispatches to `sub_3810` / `sub_3844` which iterate registered callbacks -3. Callbacks registered via `sub_36B8` (notification) or `sub_35C8` (source) +2. Dispatches to `DispatchNotification` / `DispatchWithEarlyOut` which iterate registered callbacks +3. Callbacks registered via `RegisterErrorNotificationCallback` (notification) or `RegisterErrorSource` (source) ### Setup Variable Read Flow: 1. `sub_2690` reads all platform variables @@ -256,7 +256,7 @@ ### Consumed By (other modules call this): - **UEFI DXE drivers**: Call `_ModuleEntryPoint` as standard DXE driver - **SMM modules**: Call via SMM SW Dispatch (SMI triggers) -- **RAS error handlers**: Register callbacks via `sub_36B8` (register notification callback) for error event delivery +- **RAS error handlers**: Register callbacks via `RegisterErrorNotificationCallback` for error event delivery - **Platform OEM libraries**: Via EMCA platform hooks protocol (OemRasLib.c sources) ## Notes diff --git a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/README.md b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/README.md index 5d56b8a..79d0803 100644 --- a/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/README.md +++ b/PurleyPlatPkg/Ras/Smm/ErrHandling/PlatformErrorHandler/README.md @@ -5,15 +5,15 @@ SMM platform error handler for the Intel Purley platform, responsible for RAS (Reliability, Availability, Serviceability) error management. Initializes EMCA (Enhanced Machine Check Architecture) platform hooks, populates RAS topology structures (SMBIOS Type 16/17), configures FPGA error handling policies from UEFI setup variables, registers SMM software dispatch callbacks for error notification, and manages per-socket error tracking via linked callbacks. ## Key Functions -- **ModuleEntryPoint** (`_ModuleEntryPoint`) -- DXE/SMM entry, calls constructor dispatcher then main init -- **PlatformErrorHandlerConstructors** (`sub_30D8`) -- recovered alias for library constructor path -- **RegisterPlatformErrorHandler** (`sub_3550`) -- recovered alias for main init (calls core logic at `sub_3970`) +- **ModuleEntryPoint** -- DXE/SMM entry, calls constructor dispatcher then main init +- **PlatformErrorHandlerConstructors** -- library constructor path +- **RegisterPlatformErrorHandler** -- main init (calls core logic at `sub_3970`) - **sub_3970** -- Core logic: reads RAS topology, applies error policy from setup, initializes EMCA platform hooks -- **PlatformErrorHandlerFallbackInit** (`sub_34E0`) -- recovered alias for error-path init helper -- **PlatformErrorHandlerSmmEntry** (`sub_594`) -- recovered alias for secondary SMM path -- **DispatchNotification** (`sub_3810`) / **DispatchWithEarlyOut** (`sub_3844`) -- callback dispatch helpers -- **RegisterErrorNotificationCallback** (`sub_36B8`) -- priority-sorted callback registration helper (24-byte node) -- **RegisterErrorSource** (`sub_35C8`) -- source-registration linked list insertion +- **PlatformErrorHandlerFallbackInit** -- error-path init helper +- **PlatformErrorHandlerSmmEntry** -- secondary SMM path +- **DispatchNotification** / **DispatchWithEarlyOut** -- callback dispatch helpers +- **RegisterErrorNotificationCallback** -- priority-sorted callback registration helper (24-byte node) +- **RegisterErrorSource** -- source-registration linked list insertion ## Recovered Module Variables - `PlatformErrorHandlerStatus` (`qword_72D8`) diff --git a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.md b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.md index 85af758..f8bf590 100644 --- a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.md +++ b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog.md @@ -5,23 +5,23 @@ | Address | Name | Description | |---------|------|-------------| | 0x588 | **_ModuleEntryPoint(ImageHandle, SystemTable)** | DXE driver entry / initialization entry | -| 0x3D94 | **LastBootErrorLogAutoGenInit** (`sub_3D94`) | Auto-generated driver initialization chain | -| 0x41C0 | **LastBootErrorLogMain** (`sub_41C0`) | Main DXE driver logic | -| 0x4150 | **LastBootErrorLogUnload** (`sub_4150`) | Unload/cleanup helper when main init fails | +| 0x3D94 | **LastBootErrorLogAutoGenInit** | Auto-generated driver initialization chain | +| 0x41C0 | **LastBootErrorLogMain** | Main DXE driver logic | +| 0x4150 | **LastBootErrorLogUnload** | Unload/cleanup helper when main init fails | **Entry flow:** `_ModuleEntryPoint(ImageHandle, SystemTable)` calls `LastBootErrorLogAutoGenInit();` then `LastBootErrorLogMain(ImageHandle, SystemTable);` and on error calls `LastBootErrorLogUnload(ImageHandle, SystemTable)` before returning status. ## Recovered Symbols -- `sub_192C` -> `LastBootErrorLogWheaHooksInit` -- `sub_23FC` -> `LastBootErrorLogProcessLastBootError` -- `sub_34BC` -> `LastBootErrorLogDecodeProcessorError` -- `sub_2EC4` -> `LastBootErrorLogFindAndDispatchWheaError` -- `sub_208C` -> `LastBootErrorLogProcessPlatformError` -- `sub_27D4` -> `LastBootErrorLogBuildErrorNotification` -- `sub_2A74` -> `CmcErrorHandler` -- `sub_2E08` -> `SmiErrorHandler` -- `sub_2E30` -> `UeErrorHandler` +- `LastBootErrorLogWheaHooksInit` +- `LastBootErrorLogProcessLastBootError` +- `LastBootErrorLogDecodeProcessorError` +- `LastBootErrorLogFindAndDispatchWheaError` +- `LastBootErrorLogProcessPlatformError` +- `LastBootErrorLogBuildErrorNotification` +- `CmcErrorHandler` +- `SmiErrorHandler` +- `UeErrorHandler` ### Recovered Global Variables diff --git a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog_analysis.md b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog_analysis.md index 5a59252..a0bb72a 100644 --- a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog_analysis.md +++ b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/LastBootErrorLog_analysis.md @@ -30,7 +30,7 @@ | Address | Name | Purpose | |---------|------|---------| -| 0x588 | `_ModuleEntryPoint` | DXE driver entry: calls `sub_3D94` (AutoGen init), `sub_41C0` (main init), or `sub_4150` (unload) | +| 0x588 | `_ModuleEntryPoint` | DXE driver entry: calls `LastBootErrorLogAutoGenInit` (AutoGen init), `LastBootErrorLogMain` (main init), or `LastBootErrorLogUnload` (unload) | ## Key Functions @@ -39,22 +39,22 @@ ``` _ModuleEntryPoint (0x588) | - +-- sub_3D94 (0x3D94) -- AutoGen-generated driver init: calls sub-functions in a long chain + +-- `LastBootErrorLogAutoGenInit` (0x3D94) -- AutoGen-generated driver init: calls sub-functions in a long chain | Calls: sub_678, sub_714, sub_750, sub_A44, sub_CC0, sub_D24, sub_E38, - | sub_EEC, sub_10FC, sub_1210, sub_192C + | sub_EEC, sub_10FC, sub_1210, `LastBootErrorLogWheaHooksInit` | Each call is wrapped with ASSERT_EFI_ERROR / DebugAssert checks | - +-- sub_41C0 (0x41C0) -- Main DXE driver logic + +-- `LastBootErrorLogMain` (0x41C0) -- Main DXE driver logic | | - | +-- sub_2A0 (0x2A0) - SetJump (saves CPU context for LongJump) + | +-- SetJump (0x2A0) - saves CPU context for LongJump | +-- sub_43FC (0x43FC) -- Core initialization | | +-- sub_4238 (0x4238) -- Protocol resolution & data structure init | | +-- sub_EA0 (0xEA0) -- HOB traversal to find error log HOB - | | +-- sub_23FC (0x23FC) -- Process last boot error from HOB (main logic) - | | +-- sub_208C (0x208C) -- Process platform-specific error data - | +-- sub_3D44 (0x3D44) -- Record driver status, LongJump + | | +-- `LastBootErrorLogProcessLastBootError` (0x23FC) -- Process last boot error from HOB (main logic) + | | +-- `LastBootErrorLogProcessPlatformError` (0x208C) -- Process platform-specific error data + | +-- LongJump (0x3D44) -- Record driver status, restore CPU context from SetJump buffer | - +-- sub_4150 (0x4150) -- Unload handler (called if sub_41C0 fails) + +-- `LastBootErrorLogUnload` (0x4150) -- Unload handler (called if `LastBootErrorLogMain` fails) ``` ### Library Initialization Helpers (AutoGen) @@ -71,31 +71,31 @@ | 0xEEC | `sub_EEC` | AcpiTimerLib | Calibrates ACPI timer via I/O ports | | 0x10FC | `sub_10FC` | SmmMmPciBaseLib | Gets PCI USRA protocol (gEfiMmPciBaseProtocolGuid) | | 0x1210 | `sub_1210` | mpsyncdatalib | Initializes sync data structures (spinlocks, CPU topology arrays) | -| 0x192C | `sub_192C` | WheaSiliconHooksLib | **Main WHEA setup**: resolves protocols, reads HOB for error data | +| 0x192C | `LastBootErrorLogWheaHooksInit` | WheaSiliconHooksLib | **Main WHEA setup**: resolves protocols, reads HOB for error data | ### WHEA / Last Boot Error Processing | Address | Function | Purpose | |---------|----------|---------| -| 0x192C | `sub_192C` | WHEA Silicon Hooks init: registers callback, resolves WHEA protocol, reads HOB | +| 0x192C | `LastBootErrorLogWheaHooksInit` | WHEA Silicon Hooks init: registers callback, resolves WHEA protocol, reads HOB | | 0x18F4 | `sub_18F4` | Notification callback: re-resolves WHEA boot protocol GUID | -| 0x23FC | `sub_23FC` | **Process last boot error record**: parses HOB data, dispatches based on error type | +| 0x23FC | `LastBootErrorLogProcessLastBootError` | **Process last boot error record**: parses HOB data, dispatches based on error type | | 0x1CD0 | `sub_1CD0` | Handle error type: MSR + 0x19 range (error groups 9-11) | | 0x1D88 | `sub_1D88` | Handle error type: MSR + 0x12 range (error groups 4-5, 12, 19) | | 0x1E40 | `sub_1E40` | Handle error type: MSR range (error groups 0-3) | -| 0x1EF8 | `sub_1EF8` | Handle error type: Corrected error via `sub_34BC` processor error decode | +| 0x1EF8 | `LastBootErrorLogDecodeProcessorError` | Handle error type: Corrected error via processor error decode | | 0x1F60 | `sub_1F60` | Handle error type: Clear error flags (type 2 - WHEA clear) | ### Processor Error Decode Pipeline | Address | Function | Purpose | |---------|----------|---------| -| 0x34BC | `sub_34BC` | **Main error decode**: reads MSR 0x179 (MCG_CAP), decodes error source address | +| 0x34BC | `LastBootErrorLogDecodeProcessorError` | **Main error decode**: reads MSR 0x179 (MCG_CAP), decodes error source address | | 0x33A8 | `sub_33A8` | Get CPU topology info (socket/core/thread) for the error address | | 0x32B8 | `sub_32B8` | Check if this is a recoverable error via smi_handler or cmc_handler | | 0x2CD8 | `sub_2CD8` | Read MC (Machine Check) MSRs to validate error address | | 0x2B64 | `sub_2B64` | Verify error address matches actual MSR state with CPU topology checks | -| 0x2EC4 | `sub_2EC4` | Search/find error in WHEA error bank, dispatch to handler callback | +| 0x2EC4 | `LastBootErrorLogFindAndDispatchWheaError` | Search/find error in WHEA error bank, dispatch to handler callback | | 0x3158 | `sub_3158` | Decode corrected machine check and update error status structure | | 0x2E48 | `sub_2E48` | Read CPU topology info from CPU_CSR protocol via SBIOS interface | @@ -103,9 +103,9 @@ | Address | Function | Purpose | |---------|----------|---------| -| 0x2A74 | `sub_2A74` | **cmc_handler** (Corrected Machine Check): stores error record in cache table | -| 0x2E08 | `sub_2E08` | **smi_handler** (SMI): calls `sub_2A74` if error type is 14 (SMI) | -| 0x2E30 | `sub_2E30` | **ue_handler** (Uncorrectable Error): stub, just validates pointer | +| 0x2A74 | `CmcErrorHandler` | **cmc_handler** (Corrected Machine Check): stores error record in cache table | +| 0x2E08 | `SmiErrorHandler` | **smi_handler** (SMI): calls `CmcErrorHandler` if error type is 14 (SMI) | +| 0x2E30 | `UeErrorHandler` | **ue_handler** (Uncorrectable Error): stub, just validates pointer | ### Error Record Cache Management @@ -113,8 +113,8 @@ |---------|----------|---------| | 0x2914 | `sub_2914` | Store error record fields into cache entry (socket, core, thread, severity) | | 0x2964 | `sub_2964` | Find matching error in cache table by address, update fields | -| 0x27D4 | `sub_27D4` | Build error notification structure for crash handler / WHEA event | -| 0x208C | `sub_208C` | Process platform-specific errors (4 sockets x 21 threads) via WHEA boot protocol | +| 0x27D4 | `LastBootErrorLogBuildErrorNotification` | Build error notification structure for crash handler / WHEA event | +| 0x208C | `LastBootErrorLogProcessPlatformError` | Process platform-specific errors (4 sockets x 21 threads) via WHEA boot protocol | | 0x202C | `sub_202C` | Clear platform-specific error via WHEA protocol | | 0x3918 | `sub_3918` | Init WHEA protocol table: resolves MM_IO protocol, registers callbacks | | 0x11B8 | `sub_11B8` | Build PCIe config space address from socket/core/thread/bus/function/register | @@ -129,7 +129,7 @@ | 0x3C18 | `sub_3C18` | ZeroMem wrapper | | 0x3B68 | `sub_3B68` | CopyMem wrapper | | 0x3D04 | `sub_3D04` | Initialize spinlock | -| 0x3D44 | `sub_3D44` | LongJump: restore CPU context from SetJump buffer | +| 0x3D44 | `LongJump` | restore CPU context from SetJump buffer | | 0x3B2C | `sub_3B2C` | I/O port read (inl) | | 0x3AE0 | `sub_3AE0` | I/O port write (outw) | @@ -169,11 +169,11 @@ | 0x56E0 | `unk_56E0` | struct | Error cache table (20 entries x 16 bytes each) | | 0x5820 | `byte_5820` | u8 | Flag: cache table wrapping (round-robin) | | 0x5824 | `dword_5824` | u32 | Cache table round-robin index | -| 0x5828 | `psub_2E30` | ptr | Function pointer: UE handler (registered for WHEA) | +| 0x5828 | `sub_5828` (`UeErrorHandler`) | ptr | Function pointer: UE handler (registered for WHEA) | | 0x5830 | `qword_5830` | ptr | MM_IO protocol interface | | 0x5838 | `qword_5838` | ptr | MM_IO protocol instance (resolved from gEfiMmIoTrapProtocolGuid) | -| 0x5840 | `psub_2E08` | ptr | Function pointer: SMI handler (registered for WHEA) | -| 0x5848 | `psub_2A74` | ptr | Function pointer: CMC handler (registered for WHEA) | +| 0x5840 | `sub_5840` (`SmiErrorHandler`) | ptr | Function pointer: SMI handler (registered for WHEA) | +| 0x5848 | `sub_5848` (`CmcErrorHandler`) | ptr | Function pointer: CMC handler (registered for WHEA) | | 0x5850 | `qword_5850` | ptr | SMI handler / CMC handler protocol (second instance) | | 0xA868 | `qword_A868` | u64 | Spinlock for CPU topology | | 0xA870 | `qword_A870` | u64 | Spinlock for error tracking | @@ -221,7 +221,7 @@ ## Error Record Processing Flow -### Step 1: HOB Discovery (sub_192C) +### Step 1: HOB Discovery (`LastBootErrorLogWheaHooksInit`) 1. Resolves gEfiWheaBootProtocolGuid via BootServices->LocateProtocol 2. Registers `sub_18F4` as notification callback 3. Resolves gEfiSmmCpuSyncProtocolGuid (protocol at 0x5140) to get SMM sync data @@ -230,14 +230,14 @@ 6. Calls `sub_EA0` to find HOB matching gEfiLastBootErrorHobGuid 7. Stores HOB pointer in qword_5698 (offset +24 from HOB header) -### Step 2: Error Record Parsing (sub_23FC) +### Step 2: Error Record Parsing (`LastBootErrorLogProcessLastBootError`) The HOB error record starts with a header: ``` +0x00: u16 structure_size (must be >= 2) +0x02: u8 type (1=error, 2=clear) +0x03: ... +0x08: u16 sub_type (error group identifier): - Groups: 4-5, 12, 19 -> sub_1EF8 (corrected errors via processor decode) + Groups: 4-5, 12, 19 -> `LastBootErrorLogDecodeProcessorError` (corrected errors via processor decode) 9-11, 7-8 -> sub_1CD0 0-3 -> sub_1E40 13-18 -> sub_1D88 @@ -248,13 +248,13 @@ - **type 1** (error event): Dispatches to type-specific handler based on sub_type - **type 2** (clear event): Calls `sub_1F60` to clear error flags, sets `byte_56CB = 1` -### Step 3: Alternative Path (sub_23FC - no HOB) +### Step 3: Alternative Path (`LastBootErrorLogProcessLastBootError` - no HOB) If qword_5698 is NULL but qword_56A0 (WHEA protocol alternate) is set: - Iterates 8 CPU slots - For each active slot, calls SMI handler via qword_5688+8 to check/clear the error - If the return code indicates a recoverable error, calls `sub_202C` to clear it -### Step 4: Platform Error Processing (sub_208C) +### Step 4: Platform Error Processing (`LastBootErrorLogProcessPlatformError`) For each of 4 sockets: 1. Checks if the socket has any active threads (from unk_5240 structure) 2. For each of 21 threads per socket: @@ -263,16 +263,16 @@ - Dispatches error data to WHEA boot protocol (qword_56A8+40, function index 5 = type 25) 3. Also checks 8 "special" error slots -### Step 5: Processor Error Decode (sub_34BC) +### Step 5: Processor Error Decode (`LastBootErrorLogDecodeProcessorError`) The main decode function: 1. Reads error type from input structure field at +6 2. Determines memory error type (Sparing/Lockstep/Any) based on type value 3. Reads MSR 0x179 (MCG_CAP - Machine Check Global Capability) 4. Determines error correction mode (6 modes: 0=Corrected, 2=Deferred, 3=Recoverable, 5=Uncorrected, etc.) 5. Routes to appropriate handler callback based on mode: - - Mode 2: cmc_handler (qword_5848 = sub_2A74) - - Mode 5: ue_handler (qword_5828 = sub_2E30) - - Other: smi_handler (qword_5840 = sub_2E08) + - Mode 2: cmc_handler (qword_5848 = `CmcErrorHandler`) + - Mode 5: ue_handler (qword_5828 = `UeErrorHandler`) + - Other: smi_handler (qword_5840 = `SmiErrorHandler`) 6. For mode 0 (corrected/deferred), decodes memory controller address to DIMM location ## Data Structures @@ -289,7 +289,7 @@ ``` ### WHEA Error Output Structure (64 bytes at stack) -Output from sub_34BC decode, consumed by handler callbacks: +Output from `LastBootErrorLogDecodeProcessorError` decode, consumed by handler callbacks: ``` +0x00: u16 length // Structure size +0x02: u64 status_flags // Status bits (0x3B = valid mask) @@ -326,18 +326,18 @@ ### Module Initialization ``` _ModuleEntryPoint(ImageHandle, SystemTable) - sub_3D94() -- AutoGen: initialize all library constructors - sub_41C0() -- Main: SetJump, init protocols, process HOB - if success: sub_3D44(LongJump) -- commit - if fail: sub_4150() -- unload libs + `LastBootErrorLogAutoGenInit`() -- AutoGen: initialize all library constructors + `LastBootErrorLogMain`() -- Main: SetJump, init protocols, process HOB + if success: LongJump -- commit + if fail: `LastBootErrorLogUnload`() -- unload libs ``` ### Error Record Processing ``` HOB available (qword_5698 != NULL): - sub_23FC() + `LastBootErrorLogProcessLastBootError`() |-- type==1 (error): - | |-- sub_type in {4,5,12,19}: sub_1EF8() -> sub_34BC(decode) -> dispatch callback + | |-- sub_type in {4,5,12,19}: `LastBootErrorLogDecodeProcessorError`() -> dispatch callback | |-- sub_type in {9,10,11,7,8}: sub_1CD0() -> WHEA boot (type=1) | |-- sub_type in {0,1,2,3}: sub_1E40() -> WHEA boot (type=1) | |-- sub_type in {13,14,15,16,17,18}: sub_1D88() -> WHEA boot (type=1) @@ -345,25 +345,25 @@ | sets byte_56CB = 1 HOB not available but qword_56A0 set: - sub_23FC() alternate path + `LastBootErrorLogProcessLastBootError`() alternate path for 8 CPU slots: if active: call smi_handler -> sub_202C() to clear ``` ### Error Decode + Handler Dispatch ``` -sub_34BC(input_hdr, output_block) +`LastBootErrorLogDecodeProcessorError`(input_hdr, output_block) |-- Read MCG_CAP MSR (0x179) |-- Determine correction mode (0-6) |-- If mode==0 (corrected): | sub_33A8() -> Get CPU topology for error address | sub_2CD8() -> Read MCi_STATUS MSRs, validate address match | sub_2B64() -> Verify with SMI handler protocol - | sub_2EC4() -> Find error in bank, dispatch to handler callback + | `LastBootErrorLogFindAndDispatchWheaError`() -> Find error in bank, dispatch to handler callback | |-- sub_2E48() -> Read CPU topology from CSR | |-- For found error: run callback (cmc/smi/handler) - | |-- For not found: sub_27D4(build notification) -> callback - |-- Return to sub_1EF8, route to WHEA boot protocol + | |-- For not found: `LastBootErrorLogBuildErrorNotification`(build notification) -> callback + |-- Return to `LastBootErrorLogDecodeProcessorError`, route to WHEA boot protocol ``` ## Dependencies @@ -397,7 +397,7 @@ 1. **DXE-only phase**: This driver operates in DXE, not SMM. It reads HOB data produced by PEI modules and translates it. -2. **SetJump/LongJump pattern**: `sub_2A0` saves context at sub_2A0-style JMP_BUF (248 bytes: 8 GP regs, 16 XMM regs, MXCSR, return address). `sub_3D44` restores via LongJump. This is used as a poor-man's try/catch around the error processing pipeline. +2. **SetJump/LongJump pattern**: `SetJump` saves context at a JMP_BUF (248 bytes: 8 GP regs, 16 XMM regs, MXCSR, return address). `LongJump` restores from that buffer. This is used as a poor-man's try/catch around the error processing pipeline. 3. **Round-robin cache**: The 20-entry error cache at 0x56E0 uses a round-robin replacement policy (`dword_5824` tracks the insertion index, `byte_5820` = wrapping flag). @@ -418,4 +418,4 @@ - +8: Unknown function - +32: Function index 4 (type 17) -- log/clear error - +40: Function index 5 (type 25) -- log platform error - - +56: Function index 7 (type 1) -- dispatch error record \ No newline at end of file + - +56: Function index 7 (type 1) -- dispatch error record diff --git a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/README.md b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/README.md index 376082b..3b328ae 100644 --- a/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/README.md +++ b/PurleyPlatPkg/Ras/Whea/LastBootErrorLog/LastBootErrorLog/DEBUG/LastBootErrorLog/README.md @@ -6,18 +6,18 @@ ## Key Functions - **_ModuleEntryPoint** -- DXE entry: `LastBootErrorLogAutoGenInit` (AutoGen init, 11 library constructors), `LastBootErrorLogMain` (main processing), and `LastBootErrorLogUnload` on failure -- **LastBootErrorLogAutoGenInit** (`sub_3D94`) -- Auto-generated driver init chain invoked by module entry +- **LastBootErrorLogAutoGenInit** -- Auto-generated driver init chain invoked by module entry - **LastBootErrorLogMain** -- Main DXE logic - **LastBootErrorLogUnload** -- Cleanup/unload path when main init fails -- **LastBootErrorLogWheaHooksInit** (`sub_192C`) -- WHEA Silicon Hooks init: resolves protocols, reads HOB for last boot error -- **LastBootErrorLogProcessLastBootError** (`sub_23FC`) -- Process last boot error: parses HOB, dispatches based on error type (1=error, 2=clear) -- **LastBootErrorLogDecodeProcessorError** (`sub_34BC`) -- Main processor error decode: reads MCG_CAP MSR, determines correction mode, routes to callbacks -- **LastBootErrorLogFindAndDispatchWheaError** (`sub_2EC4`) -- Search/find error in WHEA bank, dispatch to handler callback -- **LastBootErrorLogProcessPlatformError** (`sub_208C`) -- Platform-specific error processing: 4 sockets x 21 threads via PCIe config space -- **LastBootErrorLogBuildErrorNotification** (`sub_27D4`) -- Build error notification structure for crash handler / WHEA event -- **CmcErrorHandler** (`sub_2A74`) -- Corrected Machine Check handler: caches corrected machine check events -- **SmiErrorHandler** (`sub_2E08`) -- SMI error handler used for SMI-mode machine check paths -- **UeErrorHandler** (`sub_2E30`) -- Uncorrectable error handler stub; validates callback parameter +- **LastBootErrorLogWheaHooksInit** -- WHEA Silicon Hooks init: resolves protocols, reads HOB for last boot error +- **LastBootErrorLogProcessLastBootError** -- Process last boot error: parses HOB, dispatches based on error type (1=error, 2=clear) +- **LastBootErrorLogDecodeProcessorError** -- Main processor error decode: reads MCG_CAP MSR, determines correction mode, routes to callbacks +- **LastBootErrorLogFindAndDispatchWheaError** -- Search/find error in WHEA bank, dispatch to handler callback +- **LastBootErrorLogProcessPlatformError** -- Platform-specific error processing: 4 sockets x 21 threads via PCIe config space +- **LastBootErrorLogBuildErrorNotification** -- Build error notification structure for crash handler / WHEA event +- **CmcErrorHandler** -- Corrected Machine Check handler: caches corrected machine check events +- **SmiErrorHandler** -- SMI error handler used for SMI-mode machine check paths +- **UeErrorHandler** -- Uncorrectable error handler stub; validates callback parameter ## Module/File Split Notes - This directory only contains the recovered module-entry scaffold and symbol-recovery aliases; implementation bodies remain in reconstructed analysis-backed references in `LastBootErrorLog_analysis.md`.