[U-Boot] coreboot uboot qemu x86

Simon Glass sjg at chromium.org
Wed Dec 31 19:52:08 CET 2014 

Hi Ajoy,

On 30 December 2014 at 22:28, Ajoy Das <dasajoy80 at gmail.com> wrote:
[snip]

>>> On Tue, Dec 30, 2014 at 4:17 AM, Simon Glass <sjg at chromium.org> wrote:
>>>>
>>>> Hi Ajoy,
>>>>
>>>> > On Mon, Dec 29, 2014 at 9:28 PM, Simon Glass <sjg at chromium.org> wrote:
>>>> >
>>>> >> Hi Ajoy,
>>>> >>
>>>> >>
>>>> >> > On Mon, Dec 29, 2014 at 7:36 PM, Simon Glass <sjg at chromium.org>
>>>> >> > wrote:
>>>> >> >>
>>>> >> >> Hi,
>>>> >> >>
>>>> >> >> On 28 December 2014 at 21:38, Ajoy Das <dasajoy80 at gmail.com>
>>>> >> >> wrote:
>>>> >> >> > Hi
>>>> >> >> >
>>>> >> >> > Need Help
>>>> >> >> >
>>>> >> >> > I want to run U-BOOT as coreboot payload on QEMU platform
>>>> >> >> >
>>>> >> >> > I am on uboot-x86 git
>>>> >> >> >
>>>> >> >> > Compiled U-BOOT with make coreboot-x86_defconfig and make all
>>>> >> >> >
>>>> >> >> > Running qemu with
>>>> >> >> > qemu-system-i386 -bios ../coreboot/build/coreboot.rom -hda
>>>> >> >> > disk.img
>>>> >> >> > -nographic -m 1g
>>>> >> >> >
>>>> >> >> > But The system crashes with the following message
>>>> >> >> >
>>>> >> >> > qemu: fatal: Trying to execute code outside RAM or ROM at
>>>> >> >> > 0x5e2a36c2
>>>> >> >> >
>>>> >> >> > Loading Segment: addr: 0x0000000001110000 memsz:
>>>> >> >> > 0x00000000000588e8
>>>> >> >> > filesz:
>>>> >> >> > 0x00000000000252eb
>>>> >> >> > lb: [0x0000000000100000, 0x000000000012b030)
>>>> >> >> > Post relocation: addr: 0x0000000001110000 memsz:
>>>> >> >> > 0x00000000000588e8
>>>> >> >> > filesz:
>>>> >> >> > 0x00000000000252eb
>>>> >> >> > using LZMA
>>>> >> >> > [ 0x01110000, 011688e8, 0x011688e8) <- fffd2770
>>>> >> >> > dest 01110000, end 011688e8, bouncebuffer 3ff77000
>>>> >> >> > Loaded segments
>>>> >> >> > Jumping to boot code at 01110015
>>>> >> >> > CPU0: stack: 00126000 - 00127000, lowest used address 00126b8c,
>>>> >> >> > stack
>>>> >> >> > used:
>>>> >> >> > 1140 bytes
>>>> >> >> > entry    = 0x01110015
>>>> >> >> > lb_start = 0x00100000
>>>> >> >> > lb_size  = 0x0002b030
>>>> >> >> > buffer   = 0x3ff77000
>>>> >> >> > qemu: fatal: Trying to execute code outside RAM or ROM at
>>>> >> >> > 0x5e2a36c2
>>>> >> >> >
>>>> >> >> > EAX=0000000a EBX=000186a0 ECX=01145d15 EDX=19203eb0
>>>> >> >> > ESI=00000000 EDI=00000000 EBP=01145f6c ESP=01145f54
>>>> >> >> > EIP=5e2a36c2 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
>>>> >> >> > ES =0018 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>>>> >> >> > CS =0010 00000000 ffffffff 00cf9b00 DPL=0 CS32 [-RA]
>>>> >> >> > SS =0018 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>>>> >> >> > DS =0018 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>>>> >> >> > FS =0020 19203f5c ffffffff 00cf9300 DPL=0 DS   [-WA]
>>>> >> >> > GS =0018 00000000 ffffffff 00cf9300 DPL=0 DS   [-WA]
>>>> >> >> > LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
>>>> >> >> > TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
>>>> >> >> > GDT=     19203e60 00000047
>>>> >> >> > IDT=     00000000 00000000
>>>> >> >> > CR0=60000033 CR2=00000000 CR3=00000000 CR4=00000000
>>>> >> >> > DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000
>>>> >> >> > DR6=ffff0ff0 DR7=00000400
>>>> >> >> > CCS=00000218 CCD=01145f50 CCO=ADDL
>>>> >> >> > EFER=0000000000000000
>>>> >> >> > FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
>>>> >> >> > FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
>>>> >> >> > FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
>>>> >> >> > FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
>>>> >> >> > FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
>>>> >> >> > XMM00=00000000000000000000000000000000
>>>> >> >> > XMM01=00000000000000000000000000000000
>>>> >> >> > XMM02=00000000000000000000000000000000
>>>> >> >> > XMM03=00000000000000000000000000000000
>>>> >> >> > XMM04=00000000000000000000000000000000
>>>> >> >> > XMM05=00000000000000000000000000000000
>>>> >> >> > XMM06=00000000000000000000000000000000
>>>> >> >> > XMM07=00000000000000000000000000000000
>>>> >> >> > Aborted (core dumped)
>>>> >> >> >
>>>> >> >> > qemu-system-i386 --version
>>>> >> >> > QEMU emulator version 1.0 (qemu-kvm-1.0), Copyright (c)
>>>> >> >> > 2003-2008
>>>> >> >> > Fabrice
>>>> >> >> > Bellard
>>>> >> >> >
>>>> >> >> > Is QEMU not supported for coreboot and u-boot
>>>> >> >>
>>>> >> >> I'm not sure it's been tried but there's no reason why it should
>>>> >> >> work.
>>>> >> >> It seems to be crashing in U-Boot before there is any serial
>>>> >> >> output.
>>>> >> >> Did you put u-boot-dtb.bin as the payload?
>>>>
>>>> >> On 29 December 2014 at 07:34, Ajoy Das <dasajoy80 at gmail.com> wrote:
>>>> >> > Hi Simon
>>>> >> >
>>>> >> > Thanks for your reply
>>>> >> >
>>>> >> > I have added u-boot ELF as the coreboot payload
>>>> >> >
>>>> >> > u-boot: ELF 32-bit LSB shared object, Intel 80386, version 1
>>>> >> > (SYSV),
>>>> >> > statically linked, not stripped.
>>>> >> >
>>>> >> > Got this link but its a year old.
>>>> >> > http://lists.denx.de/pipermail/u-boot/2013-July/159140.html
>>>> >> >
>>>> >> > Thanks
>>>> >> > Ajoy
>>>> >> >
>>>> >>
>>>> [snip]
>>>> >>
>>>> >> I suggest using cbfstool add-flat-binary -f u-boot-dtb.bin -n
>>>> >> fallback/payload -c lzma -l <text_base> -e <entry>
>>>> >>
>>>> >> For text_base use CONFIG_SYS_TEXT_BASE which is probably 1110000
>>>> >>
>>>> >> For entry use _start which is probably 1110015.
>>>> >>
>>>> >> Of course I'm not sure whether your problem is with Coreboot, U-Boot
>>>> >> or qemu, but we'll see.
>>>> >>
>>>> >> Also, please can you reply to the list with instructions when you get
>>>> >> it working, or send a patch to doc/README.x86.
>>>>
>>>> PLEASE add your reply below mine, not above. I have gone to the
>>>> trouble of rearranging the thread for this email.
>>>>
>>>> Also leave me on Cc otherwise I might not see your reply.
>>>>
>>>> On 29 December 2014 at 14:31, Ajoy Das <dasajoy80 at gmail.com> wrote:
>>>> > Hi Simon
>>>> >
>>>> > I executed the commands mentioned above. But getting LZMA decode error
>>>> > on
>>>> > coreboot
>>>> >
>>>> > coreboot.rom: 256 kB, bootblocksize 944, romsize 262144, offset 0x0
>>>> > alignment: 64 bytes, architecture: x86
>>>> >
>>>> > Name                           Offset     Type         Size
>>>> > cmos_layout.bin                0x0        cmos_layout  1160
>>>> > fallback/romstage              0x4c0      stage        17960
>>>> > fallback/ramstage              0x4b40     stage        56161
>>>> > config                         0x12700    raw          2986
>>>> > revision                       0x13300    raw          692
>>>> > (empty)                        0x13600    null         181720
>>>> >
>>>> >
>>>> >
>>>> > ./cbfstool ../../coreboot.rom add-flat-binary
>>>> > -v
>>>> > -f /home/ajoy/CISCO-2/uboot/u-boot/u-boot-dtb.bin
>>>> > -n fallback/payload
>>>> > -c lzma
>>>> > -l 01110000
>>>> > -e 1110015
>>>> >
>>>> > fallback/payload               0x13600    payload      173965
>>>> >     code  (LZMA compression, offset: 0x38, load: 0x49000, length:
>>>> > 173909/391062)
>>>> >     entry (0x10efff)
>>>> > (empty)                        0x3de00    null         7640
>>>> >
>>>> >
>>>> > Wrote coreboot table at: 3ffce000, 0x154 bytes, checksum 8ea6
>>>> > coreboot table: 364 bytes.
>>>> > CBMEM ROOT  0. 3ffff000 00001000
>>>> > CAR GLOBALS 1. 3fffe000 00001000
>>>> > ROMSTAGE    2. 3fffd000 00001000
>>>> > GDT         3. 3fffc000 00001000
>>>> > IRQ TABLE   4. 3fffb000 00001000
>>>> > ACPI        5. 3ffd7000 00024000
>>>> > SMBIOS      6. 3ffd6000 00001000
>>>> > COREBOOT    7. 3ffce000 00008000
>>>> > CBFS: located payload @ fffd3638, 173965 bytes.
>>>> > Loading segment from rom address 0xfffd3638
>>>> >   code (compression=1)
>>>> >   New segment dstaddr 0x49000 memsize 0x5f796 srcaddr 0xfffd3670
>>>> > filesize
>>>> > 0x2a755
>>>> >   (cleaned up) New segment addr 0x49000 size 0x5f796 offset 0xfffd3670
>>>> > filesize 0x2a755
>>>> > Loading segment from rom address 0xfffd3654
>>>> >   Entry Point 0x0010efff
>>>> > Payload being loaded below 1MiB without region being marked as RAM
>>>> > usable.
>>>> > Bounce Buffer at 3ff77000, 352352 bytes
>>>> > Loading Segment: addr: 0x0000000000049000 memsz: 0x000000000005f796
>>>> > filesz:
>>>> > 0x000000000002a755
>>>> > lb: [0x0000000000100000, 0x000000000012b030)
>>>> > Post relocation: addr: 0x0000000000049000 memsz: 0x000000000005f796
>>>> > filesz:
>>>> > 0x000000000002a755
>>>> > using LZMA
>>>> > lzma: Decoding error = 1
>>>> > Could not load payload
>>>>
>>>> Do you really have a 256KB ROM? That seems much too small to hold
>>>> Coreboot and U-Boot. It looks like U-Boot alone is 173KB.
>>>>
>>>> Regards,
>>>> Simon
>>
>>
>> Hi Simon
>>
>> I have build tested the same by increasing the ROM size to 2MB but with no
>> effect.
>> Can I stop (using GDB) at the U-BOOT startup code  after the control is
>> transferred from coreboot to u-boot
>>
>> Any other suggestion
>
> If you are seeing an LZMA decoding error then I doubt that U-Boot is
> actually running, since it failed to load. Have you managed to fix
> that error?
>
> Regards,
> Simon
>
>
> Hi simon
>
> No I have not fixed the LZMA error.
> But I was thinking of the payload as u-boot.elf.
> Is u-boot.elf is not the correct payload.
>
> Thanks
>
> Ajoy
>
> Hi Simon
>
> I figured out the reason for the crash (u-boot.elf as the coreboot payload)
> In uboot it is hitting this function and the panic statement is causing the
> crash
>
> u64 __attribute__((no_instrument_function)) get_ticks(void)
> {
>     u64 now_tick = rdtsc();
>
>     /* We assume that 0 means the base hasn't been set yet */
>     if (!gd->arch.tsc_base)
>         panic("No tick base available");
>     return now_tick - gd->arch.tsc_base;
> }
>
> Let me investigate it further.
> If you have any inputs pleas let me know

I think you need to define CONFIG_COLLECT_TIMESTAMPS in coreboot to
make this work. You could send a part to improve the error messages
perhaps.

As mentioned I don't use the ELF file as a payload - I use u-boot-dtb.bin.

Regards,
Simon

More information about the U-Boot mailing list