Identifying CPU: Difference between revisions
| No edit summary |  (Added CPU reset) | ||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| ==Introduction== | ==Introduction== | ||
| All x86 CPUs starting with the 80386 have a signature indicating their type, family, model and stepping.   | All x86 CPUs starting with the 80386 have a signature indicating their type, family, model and stepping. This signature is placed in EDX register when CPU starts. Starting with some late 486SX, a CPUID instruction has been added to retrieve easily this signature along with other CPU information. When the instruction is not supported, it is necessary to shutdown the CPU and get back control as soon as possible to store the value. | ||
| This signature is placed in EDX register when CPU starts. Starting with some late 486SX, a CPUID instruction has been added to retrieve easily this signature along with other CPU information. When the instruction is not supported, it is necessary to shutdown the CPU and get back control as soon as possible to store the value. | |||
| In AMC-OS, CPU identification is done during [[AMC-OS Loader]] execution. | In AMC-OS, CPU identification is done during [[AMC-OS Loader]] execution. | ||
| Line 11: | Line 9: | ||
| Identifying an Intel-compatible x86 CPU is done in several steps : | Identifying an Intel-compatible x86 CPU is done in several steps : | ||
| * Check that we have a 32-bits 80386 minimum CPU. | * Check that we have a 32-bits 80386 minimum CPU. | ||
| * Check the presence of the CPUID instruction. | * Check the presence of the [[#CPUID instruction|CPUID instruction]]. | ||
| ** If CPUID is supported, use the instruction to get CPU information and supported instructions. | ** If CPUID is supported, use the instruction to get CPU information and supported instructions. | ||
| ** If CPUID is not supported, reset the CPU to get its signature. | ** If CPUID is not supported, [[#Resetting the CPU to get its signature|reset the CPU to get its signature]]. | ||
| * Calculate the operating frequency of the CPU by timing the execution of a sequence of instructions. | * Calculate the operating frequency of the CPU by timing the execution of a sequence of instructions. | ||
| In AMC-OS, CPU identification is done during AMC-OS Loader execution. Code is found in <code>CORE\SRC\ | |||
| In AMC-OS, CPU identification is done during AMC-OS Loader execution. Code is found in <code>CORE\SRC\CODE16\CPUID16.ASM</code>. | |||
| Intel describes the complete process of CPU identification in [http://www.intel.com/content/dam/www/public/us/en/documents/application-notes/processor-identification-cpuid-instruction-note.pdf Application Note 485]. | Intel describes the complete process of CPU identification in [http://www.intel.com/content/dam/www/public/us/en/documents/application-notes/processor-identification-cpuid-instruction-note.pdf Application Note 485]. | ||
| Line 23: | Line 22: | ||
| Follow this procedure to determine if we have at least a 386 CPU : | Follow this procedure to determine if we have at least a 386 CPU : | ||
| * On a 8086/8088, bits 12-15 are always set to 1. | * On a 8086/8088, bits 12-15 of FLAGS register are always set to 1. Test setting them to 0. | ||
| * On a 80286, bits 12-14 of FLAGS register are always set to 0. Test setting them to 1. | |||
| * On a 80286, bits 12-14 are always set to 0. | |||
| You can also check the presence of a 486 by toggling bit 18 of EFLAGS register. It won't work on a 386. | You can also check the presence of a 486 by toggling bit 18 of EFLAGS register. It won't work on a 386. | ||
| Line 46: | Line 41: | ||
| * [http://support.amd.com/us/Embedded_TechDocs/25481.pdf AMD Specific CPUID specification]. | * [http://support.amd.com/us/Embedded_TechDocs/25481.pdf AMD Specific CPUID specification]. | ||
| * [http://www.sandpile.org/ Sandpile website] provides a complete list of expectable CPUID results with other manufacturers (Cyrix, IDT, NexGen...). | * [http://www.sandpile.org/ Sandpile website] provides a complete list of expectable CPUID results with other manufacturers (Cyrix, IDT, NexGen...). | ||
| ===Resetting the CPU to get its signature=== | |||
| When CPU starts, the CPU signature is placed in the EDX register. Our goal is to intercept execution the soonest possible, hoping that EDX value has not been trashed. | |||
| After a reset, the BIOS normally examines the ''shutdown byte'' in CMOS to know what happened and act accordingly. A shutdown value of 0A returns control to FAR location stored at the offset 0067 of BIOS data segment -- so basically JMP FAR [0040:0067]. In some cases, the control is not given back to the CMOS and an INT 06H (invalid instruction) is triggered. What we have to do is intercept control in both cases, storing EDX, and restore system normal condition : | |||
| * Disable all interrupts, and mask all of them in PIC | |||
| * Set return value in 0040:0067 and INT06 handler | |||
| * Disable NMI, save all registers and shutdown byte | |||
| * Set shutdown byte 0A and reset | |||
| * Save EDX | |||
| * Set shutdown byte 05 (same as before, but reinitializes hardware correctly) and reset | |||
| * Enable NMI, restore all registers, PIC unmasking and interrupts | |||
| In the EDX value saved, you can have the signature either : | |||
| * in DX where it should be | |||
| * in the upper part of EDX where BIOS saved it for us | |||
| * nowhere if it was trashed by BIOS | |||
Latest revision as of 12:58, 15 August 2012
Introduction
All x86 CPUs starting with the 80386 have a signature indicating their type, family, model and stepping. This signature is placed in EDX register when CPU starts. Starting with some late 486SX, a CPUID instruction has been added to retrieve easily this signature along with other CPU information. When the instruction is not supported, it is necessary to shutdown the CPU and get back control as soon as possible to store the value.
In AMC-OS, CPU identification is done during AMC-OS Loader execution.
Identification process
Identifying an Intel-compatible x86 CPU is done in several steps :
- Check that we have a 32-bits 80386 minimum CPU.
- Check the presence of the CPUID instruction.
- If CPUID is supported, use the instruction to get CPU information and supported instructions.
- If CPUID is not supported, reset the CPU to get its signature.
 
- Calculate the operating frequency of the CPU by timing the execution of a sequence of instructions.
In AMC-OS, CPU identification is done during AMC-OS Loader execution. Code is found in CORE\SRC\CODE16\CPUID16.ASM.
Intel describes the complete process of CPU identification in Application Note 485.
Checking 80386 CPU
Follow this procedure to determine if we have at least a 386 CPU :
- On a 8086/8088, bits 12-15 of FLAGS register are always set to 1. Test setting them to 0.
- On a 80286, bits 12-14 of FLAGS register are always set to 0. Test setting them to 1.
You can also check the presence of a 486 by toggling bit 18 of EFLAGS register. It won't work on a 386.
CPUID instruction
First check that CPUID instruction is supported by trying changing the value of bit 21 of EFLAGS register. If the bit can be toggled, the processor support the CPUID instruction.
The CPUID instruction can provide you :
- CPU signature (type, family, model, stepping)
- CPU name, manufacturer signature, brand ID
- Type and size of embedded code and data caches
- CPU support of new features
Analyze the results of CPUID instruction called with EAX=0. For detailed specifications of the CPUID instruction, refer to :
- Intel Application Note 485 on CPU identification
- AMD Specific CPUID specification.
- Sandpile website provides a complete list of expectable CPUID results with other manufacturers (Cyrix, IDT, NexGen...).
Resetting the CPU to get its signature
When CPU starts, the CPU signature is placed in the EDX register. Our goal is to intercept execution the soonest possible, hoping that EDX value has not been trashed.
After a reset, the BIOS normally examines the shutdown byte in CMOS to know what happened and act accordingly. A shutdown value of 0A returns control to FAR location stored at the offset 0067 of BIOS data segment -- so basically JMP FAR [0040:0067]. In some cases, the control is not given back to the CMOS and an INT 06H (invalid instruction) is triggered. What we have to do is intercept control in both cases, storing EDX, and restore system normal condition :
- Disable all interrupts, and mask all of them in PIC
- Set return value in 0040:0067 and INT06 handler
- Disable NMI, save all registers and shutdown byte
- Set shutdown byte 0A and reset
- Save EDX
- Set shutdown byte 05 (same as before, but reinitializes hardware correctly) and reset
- Enable NMI, restore all registers, PIC unmasking and interrupts
In the EDX value saved, you can have the signature either :
- in DX where it should be
- in the upper part of EDX where BIOS saved it for us
- nowhere if it was trashed by BIOS