# CrystalRidgeSMM ## Function Table | Address | Name | Description | |---------|------|-------------| | | **CrystalRidgeDebugAssert** | | | | **CrystalRidgeEfiError** | | | | **CrystalRidgeDebugEnabled** | | | | **CrystalRidgeZeroMem** | | | | **CrystalRidgeStatusToCategory** | | | | **CrystalRidgeSmmEntryPoint** | | | | **CrystalRidgeInitServiceTablePointers** | | | | **CrystalRidgeSmmDriverInit** | | | | **CrystalRidgeInitDimmDb** | | | | **CrystalRidgeConfigureSmi** | | | | **CrystalRidgeTranslateAddress** | | | | **CrystalRidgeMailboxCommand** | | | | **CrystalRidgeNfitBuild** | | | | **CrystalRidgeSetupProtocol** | | | | **CrystalRidgeFlushNearMemoryInit** | | | Globals | **(reconstructed from .data section at 0x29600-0xAE580)** | | | qword_29EB8 | **UINT8 gCrIsSmmOnly = 0; // byte_29CB0** | | | byte_29CD9 | **UINT64 gCrCacheLineSizeMul = 0; // qword_29EC0** | | | qword_29CA0 | **VOID *gCrNfit = NULL; // qword_29CA8** | | | qword_29CE0 | **VOID *gCrProtocol1 = NULL; // qword_29CD0** | | | unk_6F6E8 | **CR_DIMM_ENTRY gCrDimmDbFallback; // unk_AC2E8** | | | byte_AE149 | **UINT32 gCrXlateTable[6] = {0}; // dword_6F6E0** | | | dword_6F6E4 | **CR_CONTROL_REGION gCrControlRegions[CR_MAX_CONTROL_REGIONS]; // qword_AE028** | | | n8 | **in sub_67D4** | | | Library | **Helpers** | | | Wraps | **sub_20A58 to format and print assertion failure** | | | Calls | **sub_20AA8 for final output** | | | Thunk | **- conditionally evaluates EFI_ERROR** | | | return | **FALSE;** | | | Validates | **buffer bounds** | | | Thunks | **to internal rep movsb at sub_2D0** | | | Thunks | **to internal rep stosb at sub_320** | | | Complex | **switch tree mapping error codes 0..255 and** | | | EFI_STATUS | **values to category codes 0..11** | | | Module | **Entry Point (0x5A0)** | | | Initialize | **global UEFI service table pointers (sub_5DC at 0x5DC)** | | | Call | **main driver initialization (sub_A00 -> sub_798C)** | | | Status | **= CrystalRidgeSmmDriverInit(ImageHandle, SystemTable);** | | | If | **installation failed, trigger assert** | | | if | **(Status < 0) {** | | | Service | **Table Initialization (sub_5DC at 0x5DC)** | | | Locate | **SMM Base2 protocol to detect SMM context** | | | Status | **= gBS_CR->LocateProtocol(** | | | Setup | **PCD database pointer via DxePcdLib** | | | Main | **Driver Initialization (sub_798C at 0x798C)** | | | Step | **1: Determine execution context (SMM or DXE)** | | | SMM | **path: Get protocol interface pointers** | | | gCrProtocol1 | **= *(VOID **)gCrProtocol0;** | | | Step | **2: Locate mCrInfo protocol via protocol interface** | | | Status | **= ((PROTOCOL_INTERFACE *)gCrProtocol1)->LocateProtocol(** | | | Step | **3: Locate additional protocol for shared data** | | | Step | **4: Register SMI notification for command type 25037** | | | Status | **= ((PROTOCOL_INTERFACE *)gCrProtocol1)->Register(** | | | gCrIsSmmOnly | **= TRUE;** | | | Register | **SMI notification via Boot Services** | | | Status | **= gBS_CR->RegisterProtocolNotify(** | | | Step | **5: Read SocketProcessorCoreConfig UEFI variable** | | | VariableSize | **= 301;** | | | Parse | **config HOB if variable not available** | | | Step | **6: Initialize DIMM database from protocol data (sub_6DD0)** | | | Step | **7: Read cache line size via CPUID** | | | gCrCacheLineSizeMul | **= CrystalRidgeGetCacheLineSize() * 8;** | | | Step | **8: Configure SMI translation tables for NVDIMM (32) and ARS (4)** | | | NVDIMM | **command type** | | | DIMM | **Database Initialization (sub_6DD0 at 0x6DD0)** | | | Iterate | **4 sockets, 6 channels per socket, 2 DIMMs per channel** | | | for | **(Socket = 0; Socket < CR_MAX_SOCKETS; Socket++) {** | | | Check | **if DIMM is present via mCrInfo data** | | | if | **(CrystalRidgeIsDimmPresent(Socket, Channel, Dimm)) {** | | | Check | **if DIMM is already initialized** | | | if | **(!gCrDimmDb[gCrDimmCount].Ptr) {** | | | Populate | **new DIMM entry** | | | DIMM | **Lookup (sub_2794 at 0x2794)** | | | Linear | **search through DIMM database** | | | for | **(Index = 0; Index < gCrDimmCount; Index++) {** | | | Return | **fallback entry if Flag 2 set** | | | if | **(Flags & 2) {** | | | SMI | **Configuration (sub_67D4 at 0x67D4)** | | | Iterate | **all sockets, channels, DIMMs to configure translation** | | | For | **ConfigType=32 (NVDIMM): Set up control regions** | | | if | **(ConfigType == 32) {** | | | Initialize | **translation table on first invocation** | | | Determine | **topology and set control region** | | | SAD | **CrystalRidgeSetSadTopology(Socket, BaseAddr);** | | | SAD_BASE | **CrystalRidgeSetSadBaseTopology(Socket, BaseAddr);** | | | CR | **CrystalRidgeSetCrTopology(Socket, BaseAddr);** | | | For | **ConfigType=4 (ARS): Set up ARS regions** | | | else | **if (ConfigType == 4) {** | | | Similar | **topology-based setup for ARS** | | | Translation | **and Mailbox** | | | Determine | **if address is in HOB table or direct** | | | Look | **up in translation table** | | | byte_3E058 | **Channel = gCrPerDimmData[Index * 6 + 4]; // byte_3E05C** | | | byte_3E05D | **} else {** | | | Apply | **SAD/interleave translation** | | | Find | **the DIMM entry** | | | Dimm | **= CrystalRidgeFindDimm(SocketId, Channel, DimmSlot, 0);** | | | Send | **command via hardware mailbox interface** | | | if | **(IsLongOp) {** | | | Retry | **once if busy** | | | NFIT | **Construction (sub_1FDFC at 0x1FDFC)** | | | Build | **NFIT structure for given DIMM/region** | | | Update | **NFIT table header** | | | Protocol | **Setup (sub_7118 at 0x7118)** | | | Initialize | **protocol callback buffer** | | | Set | **default values and populate from mCrInfo data** | | | Iterate | **4 sockets, 24 channels to discover active DIMMs** | | | and | **set topology configuration bytes** | | | for | **(UINT8 Socket = 0; Socket < CR_MAX_SOCKETS; Socket++) {** | | | Configure | **flags and timeouts** | | | Flush | **Near Memory Cache (SmmCrystalRidgeFlushNearMemoryLib)** | | | Perform | **flush initialization** | | | Register | **reset notification callback** | | --- *Generated by HR650X BIOS Decompilation Project*