source: trunk/packages/xen-common/xen-common/tools/firmware/README @ 34

Domain firmware support
-----------------------

One of the key advantages of full virtualization hardware support (such
as Intel's VT or AMD's SVM extensions) is the ability to run unmodified
guest operating systems.  However, since most OSes rely on BIOS support
during their early bringup, we need to provide a surrogate ROMBIOS and
VGABIOS firmware layer.

What's more, we need to support real-mode which is required by
the firmware and bootstrap loaders. Real-mode support is especially
challenging for Intel's VMX (VT) enabled CPUs where there is no real-mode
support for VMX guest partitions. In this case you either have to do full
emulation (full real-mode emulator; more complete but potentially slower)
or partial emulation (use the VM8086 extensions, emulate only those
instructions that are missing; faster, but potentially incomplete). The
vmxassist code in this subdirectory uses the later approach because it
is smaller and faster.

The approach is relatively straight forward. Vmxloader contains three
payloads (rombios, vgabios and vmxassist) and it is bootstrapped as any
other 32-bit OS. Vmxloader copies its payloads to the addresses below
and transfers control to vmxassist.

        vgabios         VGABIOS (standard and Cirrus).
                        Resides at C000:0000.

        vmxassist       VMXAssist VM86 realmode emulator for VMX.
                        Resides at D000:0000.

        rombios         ROMBIOS code. Derived from Bochs.
                        Resides at F000:0000

Vmxassist first sets up it own world (GDT, IDT, TR, etc), enables
VM8086 and then transfers control to F000:FFF0 and executes 16-bit
code. Unsupported instructions cause a general protection failure at
which point vmxassist kicks in and emulates the offending instruction.
Whever the emulated code transitions to 32-bit protected mode, vmxassist
will go away. Whenever 32-bit protected code transitions to real-mode,
Xen/VMX will detect this and transfer control to vmxassist.

Most of the vmxassist complexity comes from properly handling the
real to protected mode and protected to real mode transitions and
the proper emulation of the segment registers. Even though the Intel
manual clearly states that you should immediately perform a jmp far
after a mode transition, many operating systems execute additional
instructions and some even refer to segment selectors and pop data
from the stack. Vmxassist contains a number of work arounds for these
OSes.


Acknowledgements
----------------

The rombios was taken (largely unmodified) from Bochs, which was written
by Kevin Lawton. The VGABIOS was written by Christophe Bothamy. Arun Sharma,
Asit Mallick and Nitin Kamble (Intel) provided the E820 patches and lots
of useful feedback.


Contact
-------

Leendert van Doorn
IBM T.J. Watson Research Center
19 Skyline Drive
Hawthorne, NY 10532
leendert@watson.ibm.com


Tested Operating Systems
------------------------

Since vmxassist uses partial emulation, it may always miss opcodes
that are required by a particular OS. The table below lists the OSes
I have tried.  The Install column indicates a full CD/DVD install into
a VMX partition. The Disk column indicates booting from prefabricated
disk image.

Operating System                        Install         Disk
------------------------------------------------------------
RedHat Enterprise Linux (RHEL3_U5)      Yes             Yes
Fedora Code (FC3)                       (-)             Yes
FreeBSD 5.3                             (-)             Yes
MS-DOS 5.0                              (-)             Yes

(-) not tried yet