# StatusCodeSmm ## Function Table | Address | Name | Description | |---------|------|-------------| | | **ModuleEntryPoint** | | | | **SmmStatusCodeDriverInit** | | | | **SmmStatusCodeRegisterProtocols** | | | | **SmmStatusCodeRegisterCallback** | | | | **SmmStatusCodeUnregisterCallback** | | | | **SmmStatusCodeDispatchCallbacks** | | | | **SmmStatusCodeHandler** | | | | **SmmStatusCodeAssertHandler** | | | | **SmmStatusCodeProgress** | | | | **StatusCodeFormatString** | | | | **StatusCodeReportError** | | | | **StatusCodeWriteSerial** | | | | **StatusCodeReportToSerial** | | | | **StatusCodeWritePort80** | | | | **StatusCodeCheckAndEnable** | | | SMM | **Status Code Reporting Driver** | | | Decompiled | **and reconstructed from IDA Pro analysis of the** | | | Lenovo | **HR650X BIOS UEFI firmware image. All functions have been** | | | identified | **and renamed for clarity.** | | | This | **SMM driver provides status code reporting infrastructure** | | | within | **System Management Mode. It intercepts SMI events triggered** | | | by | **status code writes and routes them to configurable output** | | | channels | **(serial, port 80 POST codes) and registered callbacks.** | | | Global | **variable storage** | | | EFI_HANDLE | **gImageHandle;** | | | Static | **data tables (defined in .rdata)** | | | Error | **code lookup table.** | | | Each | **entry: {UINT32 StatusCode, UINT32 StringOffset}** | | | Terminated | **by {0, 0}.** | | | Correctable | **memory error** | | | CPU | **thermal error** | | | CPU | **low voltage** | | | CPU | **high voltage** | | | Correctable | **CPU ECC error** | | | terminator | **};** | | | Module | **Entry Point (_ModuleEntryPoint at 0x500)** | | | Standard | **UEFI driver entry. Initializes SMM environment, registers** | | | SMI | **handlers with error recovery via SetJump/LongJump.** | | | EFI_STATUS | **EFIAPI** | | | These | **ASSERTs fire only if LongJump fails (should never happen)** | | | SmmStatusCodeDriverInit | **(0x5B4)** | | | Initializes | **the SMM driver environment:** | | | VOID | **SmmStatusCodeDriverInit (** | | | Save | **global pointers** | | | Locate | **SMM Base2 protocol** | | | Locate | **SMM Access2 protocol to get SMRAM sizes** | | | Read | **PCI Express base address from PCD** | | | Locate | **HOB list** | | | Configure | **LPC serial port (if enabled)** | | | PCI | **config address 0xFA004 = LPC command register (B0/D31/F0/Reg4)** | | | PCI | **config address 0xFA000 = LPC vendor/device ID register** | | | Set | **I/O base to 0x500** | | | Enable | **memory space (bit 1 of command register)** | | | Wait | **for TCO timer to stabilize** | | | Port | **0x508 is the TCO I/O base register** | | | Restore | **interrupt state** | | | SmmStatusCodeRegisterProtocols | **(0xCD0)** | | | Registers | **three SMM handlers:** | | | EFI_STATUS | **SmmStatusCodeRegisterProtocols (** | | | Handler | **#1: Register SmmStatusCodeHandler via EFI_SMM_CPU_IO2_PROTOCOL** | | | This | **causes the handler to fire on CPU I/O operations that generate** | | | status | **code SMI events.** | | | via | **gSmmStatusCodeHandlerPtr** | | | Handler | **#2: Register callback management protocol** | | | Handler | **#3: Register progress/status code protocol** | | | SmmStatusCodeRegisterCallback | **(0x8F0)** | | | Registers | **a callback function pointer in the callback table.** | | | Callbacks | **are invoked when status code events occur.** | | | UINT64 | **SmmStatusCodeRegisterCallback (** | | | RETURN_INVALID_PARAMETER | **}** | | | Reuse | **empty slot** | | | SmmStatusCodeUnregisterCallback | **(0x8A8)** | | | Removes | **a callback function pointer from the callback table.** | | | UINT64 | **SmmStatusCodeUnregisterCallback (** | | | SmmStatusCodeDispatchCallbacks | **(0x988)** | | | Iterates | **all registered callback functions and invokes each with** | | | the | **status code parameters.** | | | Uses | **a reentrancy guard (gReentrancyGuard) to prevent recursive** | | | callback | **dispatch.** | | | is | **already in progress** | | | UINT64 | **SmmStatusCodeDispatchCallbacks (** | | | SmmStatusCodeHandler | **(0xB84)** | | | The | **main SMI status code handler. Called when a status code SMI** | | | dispatches | **registered callbacks, and outputs to serial.** | | | VOID | **SmmStatusCodeHandler (** | | | Invoke | **per-status-code callbacks** | | | SmmStatusCodeAssertHandler | **(0xC24)** | | | Invoked | **when an ASSERT condition fires in SMM. Formats the assert** | | | message | **with file/line info, dispatches assert-specific callbacks** | | | and | **outputs via serial.** | | | UINT64 | **SmmStatusCodeAssertHandler (** | | | Invoke | **assert-specific callbacks** | | | SmmStatusCodeProgress | **(0xA58)** | | | Handles | **status code progress (type 1) and error (type 2) events.** | | | Dispatches | **registered callbacks, runs enable/disable checks** | | | formats | **the status string, outputs to serial, and handles** | | | For | **EFI progress codes (type == 2), also queries a progress function** | | | table | **for matching dispatch.** | | | UINT64 | **SmmStatusCodeProgress (** | | | Run | **enable/disable filter check callbacks** | | | Run | **progress-specific callbacks** | | | For | **progress type 2, dispatch via progress function table** | | | StatusCodeFormatString | **(0xE1C)** | | | Examines | **the status code data GUID to determine its type and** | | | formats | **the output string accordingly:** | | | Extracts | **text from data payload, converts Unicode to ASCII** | | | Uses | **format string from offset +120 and args from offset +24** | | | Reads | **line number and file/description from payload.** | | | Requires | **type=2, class=0x90, subclass=7.** | | | Reads | **line number at offset +60 and file at offset +80.** | | | No | **GUID match + Type 2: delegates to StatusCodeReportError** | | | No | **GUID match + other types: returns 0 (no output)** | | | UINT64 | **StatusCodeFormatString (** | | | Skip | **header to get GUID** | | | Check | **#1: Plain string data GUID** | | | Copy | **string from payload** | | | Check | **#2: Standard string type GUID** | | | Check | **#3: AMI DataHub ASSERT GUID** | | | Check | **#4: AMI ASSERT GUID** | | | Fall | **through to FormatAssert** | | | StatusCodeReportError | **(0xD94)** | | | Looks | **up a status code in the known error code table (gErrorCodeTable).** | | | If | **the code is found, formats "ERROR: %a" with the error description** | | | string | **from the status code data payload.** | | | If | **the code is not found (or table empty), formats the raw status** | | | code | **as three hex fields: "ERROR: Class:%X; Subclass:%X; Operation: %X\n"** | | | UINT64 | **StatusCodeReportError (** | | | Found | **in table - format with string from data payload** | | | Not | **found - format raw hex values** | | | StatusCodeWriteSerial | **(0xFE8)** | | | Writes | **a string to the serial port with proper CR/LF handling.** | | | UINT64 | **StatusCodeWriteSerial (** | | | Bare | **"\n" - flush accumulated prefix and emit "\r\n"** | | | StatusCodeReportToSerial | **(0x105C)** | | | Dispatches | **to StatusCodeWriteSerial (primary) and any additional** | | | output | **handlers registered in the output callback table.** | | | UINT64 | **StatusCodeReportToSerial (** | | | Primary | **serial output** | | | StatusCodeWritePort80 | **(0x109C)** | | | Writes | **a byte to the hardware POST code display port (0x80).** | | | Used | **for debug POST cards or BMC POST code capture.** | | | UINT64 | **StatusCodeWritePort80 (** | | | StatusCodeCheckAndEnable | **(0x10A8)** | | | For | **type 1 (progress) and type 2 (error), looks up the status code** | | | value | **in the enable/disable table. If the code is enabled, invokes** | | | the | **port 80 write callbacks (including StatusCodeWritePort80).** | | | UINT64 | **StatusCodeCheckAndEnable (** | | | Walk | **the enable table for this type** | | | These | **are standard UEFI library implementations compiled into this** | | | module | **by the build system (MdePkg BaseLib, BasePrintLib, etc.).** | | | They | **are documented here for completeness.** | | | SetJump | **(0x2C0) / LongJump (0x360)** | | | SetJump | **saves: RBP, stack pointer, return address, XMM regs** | | | LongJump | **restores context and jumps to the saved return point.** | | | SetJumpValidate | **(0x1130)** | | | Validates | **the jump buffer alignment (must be 8-byte aligned).** | | | DebugAssert | **(0x132C)** | | | Formats | **an ASSERT message string using AsciiSPrint.** | | | DebugAssertWorker | **(0x1210)** | | | Callback | **to the standard error interface (via protocol at 0x3ED0).** | | | If | **the protocol is available, formats: file, line, message.** | | | GetStandardErrorInterface | **(0x1178)** | | | Locates | **the SMM standard error protocol (GUID at 0x3ED0) and caches** | | | it | **in qword_4F68.** | | | DebugPrint | **(0x11C8)** | | | Conditional | **debug print: checks error level against current setting** | | | invokes | **the standard error interface if enabled.** | | | GetDebugPrintErrorLevel | **(0x2AC8)** | | | Reads | **the debug print error level from CMOS offset 0x4C.** | | | If | **the CMOS value is out of range, checks a memory-mapped** | | | location | **(0xFDAF0490) for the BMC-preserved value.** | | | Returns | **0 (disabled), 0x80000004 (level 1), or 0x80000006 (level 2+).** | | | SerialPortWrite | **(0x2A18)** | | | Detects | **Super I/O type via SIO port 0x72/0x73:** | | | Writes | **bytes to serial port data register at (base + 0).** | | | Waits | **for THR empty (LSR bit 6). Bursts up to 16 bytes per** | | | AsciiSPrint | **(0x1404) - ~3573 bytes (0xDF5)** | | | Full | **UEFI AsciiSPrint implementation from BasePrintLib.** | | | Supports | **format specifiers:** | | | String | **length limited to 0xF4240 (1,000,000) characters.** | | | AsciiSPrintUnsafe | **(0x2984)** | | | Thin | **wrapper that va_start's and calls SPrint.** | | | SPrint | **(0x2544) - Unicode-aware printf** | | | Full | **SPrint implementation from PrintLibInternal.c supporting** | | | all | **standard format specifiers documented above.** | | | StatusToString | **(0x247C)** | | | Converts | **EFI_STATUS value to human-readable string:** | | | EFI_SUCCESS | **(0) -> "EFI_SUCCESS"** | | | Warning | **codes (0x2xxxxxxx) -> "EFI_WARN_..."** | | | Error | **codes (0x8xxxxxxx) -> various error strings** | | | Interrupt | **codes (0xAxxxxxxx) -> "EFI_INTERRUPT_PENDING_..."** | | | Unrecognized | **values -> NULL** | | | String | **table is embedded in .rdata at known offsets.** | | | ValueToString | **(0x2334)** | | | Converts | **integer value to ASCII string in given base (10 or 16).** | | | Supports | **negative values for base 10.** | | | AsciiStrDecimalToUintn | **(0x23A8)** | | | Parses | **a decimal string to UINTN. Skips leading whitespace** | | | handles | **+/- sign. Supports hex digits a-f/A-F (returns base-10).** | | | AsciiStrSetChar | **(0x1358)** | | | Fills | **a buffer with repeated character (1-byte ASCII or 2-byte Unicode).** | | | Uint64ToAsciiString | **(0x138C)** | | | Converts | **UINT64 to ASCII hex string using LookupTable "0123456789ABCDEF".** | | | CompareMem | **(0x29A4)** | | | Memory | **compare. Compares byte-by-byte with qword optimization for** | | | aligned | **sections.** | | | IsAddressInSmram | **(0x1250)** | | | Checks | **if an address falls within any known SMRAM descriptor range.** | | | SmmAllocatePool | **(0x1294)** | | | Allocates | **SMM pool memory via gSmst->SmmAllocatePool.** | | | SmmFreePool | **(0x12C4)** | | | Frees | **memory via gSmst->SmmFreePool if in SMRAM, or gBS->FreePool** | | | if | **not. Used during module unload or error cleanup.** | | | IsHobGuidType | **(0x2BF4)** | | | Checks | **if a HOB entry matches a known GUID type by comparing** | | | the | **Buffer_ and Buffer__0 GUIDs.** | | | GetHobList | **(0x225C)** | | | Walks | **the System Table firmware volume HOB entries to find the** | | | HOB | **matching known GUIDs. Caches result in qword_4F78.** | | | GetPcdProtocol | **(0x2CD4)** | | | Locates | **the EFI_PCD_PROTOCOL (GUID {11B34006-...})** | | | via | **gBS->LocateProtocol. Caches result in qword_4F90.** | | | PciExpressGetAddress | **(0x2220)** | | | Calculates | **the MMIO address for a PCI config space register:** | | | result | **= Address + gPciExpressBaseAddress** | | | Requires | **Address < 0x10000000.** | | | PciExpressWrite8 | **(0x21FC)** | | | Writes | **a byte to PCI config space via the PCIe MMIO address window.** | | | Standard | **UEFI BaseLib string utility functions.** | | | CpuPause | **(0x3E0), ReadTsc (0x3F0)** | | | EnableInterrupts | **(0x400), DisableInterrupts (0x410)** | | | GetCallerEflags | **(0x420)** | | | Intrinsic | **functions:** | | | CpuPause | **= _mm_pause()** | | | ReadTsc | **= __rdtsc()** | | | EnableInterrupts | **= _enable() (STI)** | | | DisableInterrupts | **= _disable() (CLI)** | | | GetCallerEflags | **= __getcallerseflags() (PUSHFQ)** | | | IoWrite16 | **(0x2C64) - Write 16-bit value to I/O port** | | | IoRead32 | **(0x2CA4) - Read 32-bit value from I/O port** | | | ReadUnaligned16 | **(0x2B18) - Read 16-bit from potentially unaligned addr** | | | ReadUnaligned64 | **(0x2B48) - Read 64-bit from potentially unaligned addr** | | | StrLen | **(0x2B78) - Unicode string length** | | | AsciiStrLen | **(0x2BD0) - ASCII string length** | | --- *Generated by HR650X BIOS Decompilation Project*