[mirror_edk2.git] / OvmfPkg / QemuVideoDxe / VbeShim.c

/** @file\r
  Install a fake VGABIOS service handler (real mode Int10h) for the buggy\r
  Windows 2008 R2 SP1 UEFI guest.\r
\r
  The handler is never meant to be directly executed by a VCPU; it's there for\r
  the internal real mode emulator of Windows 2008 R2 SP1.\r
\r
  The code is based on Ralf Brown's Interrupt List:\r
  <http://www.cs.cmu.edu/~ralf/files.html>\r
  <http://www.ctyme.com/rbrown.htm>\r
\r
  Copyright (C) 2014, Red Hat, Inc.\r
  Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
\r
  This program and the accompanying materials are licensed and made available\r
  under the terms and conditions of the BSD License which accompanies this\r
  distribution. The full text of the license may be found at\r
  http://opensource.org/licenses/bsd-license.php\r
\r
  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT\r
  WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
**/\r
\r
#include <IndustryStandard/LegacyVgaBios.h>\r
#include <Library/DebugLib.h>\r
#include <Library/PciLib.h>\r
#include <Library/PrintLib.h>\r
#include <OvmfPlatforms.h>\r
\r
#include "Qemu.h"\r
#include "VbeShim.h"\r
\r
#pragma pack (1)\r
typedef struct {\r
  UINT16 Offset;\r
  UINT16 Segment;\r
} IVT_ENTRY;\r
#pragma pack ()\r
\r
//\r
// This string is displayed by Windows 2008 R2 SP1 in the Screen Resolution,\r
// Advanced Settings dialog. It should be short.\r
//\r
STATIC CONST CHAR8 mProductRevision[] = "OVMF Int10h (fake)";\r
\r
/**\r
  Install the VBE Info and VBE Mode Info structures, and the VBE service\r
  handler routine in the C segment. Point the real-mode Int10h interrupt vector\r
  to the handler. The only advertised mode is 1024x768x32.\r
\r
  @param[in] CardName         Name of the video card to be exposed in the\r
                              Product Name field of the VBE Info structure. The\r
                              parameter must originate from a\r
                              QEMU_VIDEO_CARD.Name field.\r
  @param[in] FrameBufferBase  Guest-physical base address of the video card's\r
                              frame buffer.\r
**/\r
VOID\r
InstallVbeShim (\r
  IN CONST CHAR16         *CardName,\r
  IN EFI_PHYSICAL_ADDRESS FrameBufferBase\r
  )\r
{\r
  EFI_PHYSICAL_ADDRESS Segment0, SegmentC, SegmentF;\r
  UINTN                Segment0Pages;\r
  IVT_ENTRY            *Int0x10;\r
  EFI_STATUS           Segment0AllocationStatus;\r
  UINT16               HostBridgeDevId;\r
  UINTN                Pam1Address;\r
  UINT8                Pam1;\r
  UINTN                SegmentCPages;\r
  VBE_INFO             *VbeInfoFull;\r
  VBE_INFO_BASE        *VbeInfo;\r
  UINT8                *Ptr;\r
  UINTN                Printed;\r
  VBE_MODE_INFO        *VbeModeInfo;\r
\r
  if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT0|BIT7)) == BIT0) {\r
    DEBUG ((\r
      DEBUG_WARN,\r
      "%a: page 0 protected, not installing VBE shim\n",\r
      __FUNCTION__\r
      ));\r
    DEBUG ((\r
      DEBUG_WARN,\r
      "%a: page 0 protection prevents Windows 7 from booting anyway\n",\r
      __FUNCTION__\r
      ));\r
    return;\r
  }\r
\r
  Segment0 = 0x00000;\r
  SegmentC = 0xC0000;\r
  SegmentF = 0xF0000;\r
\r
  //\r
  // Attempt to cover the real mode IVT with an allocation. This is a UEFI\r
  // driver, hence the arch protocols have been installed previously. Among\r
  // those, the CPU arch protocol has configured the IDT, so we can overwrite\r
  // the IVT used in real mode.\r
  //\r
  // The allocation request may fail, eg. if LegacyBiosDxe has already run.\r
  //\r
  Segment0Pages = 1;\r
  Int0x10       = (IVT_ENTRY *)(UINTN)Segment0 + 0x10;\r
  Segment0AllocationStatus = gBS->AllocatePages (\r
                                    AllocateAddress,\r
                                    EfiBootServicesCode,\r
                                    Segment0Pages,\r
                                    &Segment0\r
                                    );\r
\r
  if (EFI_ERROR (Segment0AllocationStatus)) {\r
    EFI_PHYSICAL_ADDRESS Handler;\r
\r
    //\r
    // Check if a video BIOS handler has been installed previously -- we\r
    // shouldn't override a real video BIOS with our shim, nor our own shim if\r
    // it's already present.\r
    //\r
    Handler = (Int0x10->Segment << 4) + Int0x10->Offset;\r
    if (Handler >= SegmentC && Handler < SegmentF) {\r
      DEBUG ((EFI_D_INFO, "%a: Video BIOS handler found at %04x:%04x\n",\r
        __FUNCTION__, Int0x10->Segment, Int0x10->Offset));\r
      return;\r
    }\r
\r
    //\r
    // Otherwise we'll overwrite the Int10h vector, even though we may not own\r
    // the page at zero.\r
    //\r
    DEBUG ((\r
      DEBUG_INFO,\r
      "%a: failed to allocate page at zero: %r\n",\r
      __FUNCTION__,\r
      Segment0AllocationStatus\r
      ));\r
  } else {\r
    //\r
    // We managed to allocate the page at zero. SVN r14218 guarantees that it\r
    // is NUL-filled.\r
    //\r
    ASSERT (Int0x10->Segment == 0x0000);\r
    ASSERT (Int0x10->Offset  == 0x0000);\r
  }\r
\r
  //\r
  // Put the shim in place first.\r
  //\r
  // Start by determining the address of the PAM1 register.\r
  //\r
  HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);\r
  switch (HostBridgeDevId) {\r
  case INTEL_82441_DEVICE_ID:\r
    Pam1Address = PMC_REGISTER_PIIX4 (PIIX4_PAM1);\r
    break;\r
  case INTEL_Q35_MCH_DEVICE_ID:\r
    Pam1Address = DRAMC_REGISTER_Q35 (MCH_PAM1);\r
    break;\r
  default:\r
    DEBUG ((\r
      DEBUG_ERROR,\r
      "%a: unknown host bridge device ID: 0x%04x\n",\r
      __FUNCTION__,\r
      HostBridgeDevId\r
      ));\r
    ASSERT (FALSE);\r
\r
    if (!EFI_ERROR (Segment0AllocationStatus)) {\r
      gBS->FreePages (Segment0, Segment0Pages);\r
    }\r
    return;\r
  }\r
  //\r
  // low nibble covers 0xC0000 to 0xC3FFF\r
  // high nibble covers 0xC4000 to 0xC7FFF\r
  // bit1 in each nibble is Write Enable\r
  // bit0 in each nibble is Read Enable\r
  //\r
  Pam1 = PciRead8 (Pam1Address);\r
  PciWrite8 (Pam1Address, Pam1 | (BIT1 | BIT0));\r
\r
  //\r
  // We never added memory space during PEI or DXE for the C segment, so we\r
  // don't need to (and can't) allocate from there. Also, guest operating\r
  // systems will see a hole in the UEFI memory map there.\r
  //\r
  SegmentCPages = 4;\r
\r
  ASSERT (sizeof mVbeShim <= EFI_PAGES_TO_SIZE (SegmentCPages));\r
  CopyMem ((VOID *)(UINTN)SegmentC, mVbeShim, sizeof mVbeShim);\r
\r
  //\r
  // Fill in the VBE INFO structure.\r
  //\r
  VbeInfoFull = (VBE_INFO *)(UINTN)SegmentC;\r
  VbeInfo     = &VbeInfoFull->Base;\r
  Ptr         = VbeInfoFull->Buffer;\r
\r
  CopyMem (VbeInfo->Signature, "VESA", 4);\r
  VbeInfo->VesaVersion = 0x0300;\r
\r
  VbeInfo->OemNameAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;\r
  CopyMem (Ptr, "QEMU", 5);\r
  Ptr += 5;\r
\r
  VbeInfo->Capabilities = BIT0; // DAC can be switched into 8-bit mode\r
\r
  VbeInfo->ModeListAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;\r
  *(UINT16*)Ptr = 0x00f1; // mode number\r
  Ptr += 2;\r
  *(UINT16*)Ptr = 0xFFFF; // mode list terminator\r
  Ptr += 2;\r
\r
  VbeInfo->VideoMem64K = (UINT16)((1024 * 768 * 4 + 65535) / 65536);\r
  VbeInfo->OemSoftwareVersion = 0x0000;\r
\r
  VbeInfo->VendorNameAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;\r
  CopyMem (Ptr, "OVMF", 5);\r
  Ptr += 5;\r
\r
  VbeInfo->ProductNameAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;\r
  Printed = AsciiSPrint ((CHAR8 *)Ptr,\r
              sizeof VbeInfoFull->Buffer - (Ptr - VbeInfoFull->Buffer), "%s",\r
              CardName);\r
  Ptr += Printed + 1;\r
\r
  VbeInfo->ProductRevAddress = (UINT32)SegmentC << 12 | (UINT16)(UINTN)Ptr;\r
  CopyMem (Ptr, mProductRevision, sizeof mProductRevision);\r
  Ptr += sizeof mProductRevision;\r
\r
  ASSERT (sizeof VbeInfoFull->Buffer >= Ptr - VbeInfoFull->Buffer);\r
  ZeroMem (Ptr, sizeof VbeInfoFull->Buffer - (Ptr - VbeInfoFull->Buffer));\r
\r
  //\r
  // Fil in the VBE MODE INFO structure.\r
  //\r
  VbeModeInfo = (VBE_MODE_INFO *)(VbeInfoFull + 1);\r
\r
  //\r
  // bit0: mode supported by present hardware configuration\r
  // bit1: optional information available (must be =1 for VBE v1.2+)\r
  // bit3: set if color, clear if monochrome\r
  // bit4: set if graphics mode, clear if text mode\r
  // bit5: mode is not VGA-compatible\r
  // bit7: linear framebuffer mode supported\r
  //\r
  VbeModeInfo->ModeAttr = BIT7 | BIT5 | BIT4 | BIT3 | BIT1 | BIT0;\r
\r
  //\r
  // bit0: exists\r
  // bit1: bit1: readable\r
  // bit2: writeable\r
  //\r
  VbeModeInfo->WindowAAttr              = BIT2 | BIT1 | BIT0;\r
\r
  VbeModeInfo->WindowBAttr              = 0x00;\r
  VbeModeInfo->WindowGranularityKB      = 0x0040;\r
  VbeModeInfo->WindowSizeKB             = 0x0040;\r
  VbeModeInfo->WindowAStartSegment      = 0xA000;\r
  VbeModeInfo->WindowBStartSegment      = 0x0000;\r
  VbeModeInfo->WindowPositioningAddress = 0x0000;\r
  VbeModeInfo->BytesPerScanLine         = 1024 * 4;\r
\r
  VbeModeInfo->Width                = 1024;\r
  VbeModeInfo->Height               = 768;\r
  VbeModeInfo->CharCellWidth        = 8;\r
  VbeModeInfo->CharCellHeight       = 16;\r
  VbeModeInfo->NumPlanes            = 1;\r
  VbeModeInfo->BitsPerPixel         = 32;\r
  VbeModeInfo->NumBanks             = 1;\r
  VbeModeInfo->MemoryModel          = 6; // direct color\r
  VbeModeInfo->BankSizeKB           = 0;\r
  VbeModeInfo->NumImagePagesLessOne = 0;\r
  VbeModeInfo->Vbe3                 = 0x01;\r
\r
  VbeModeInfo->RedMaskSize      = 8;\r
  VbeModeInfo->RedMaskPos       = 16;\r
  VbeModeInfo->GreenMaskSize    = 8;\r
  VbeModeInfo->GreenMaskPos     = 8;\r
  VbeModeInfo->BlueMaskSize     = 8;\r
  VbeModeInfo->BlueMaskPos      = 0;\r
  VbeModeInfo->ReservedMaskSize = 8;\r
  VbeModeInfo->ReservedMaskPos  = 24;\r
\r
  //\r
  // bit1: Bytes in reserved field may be used by application\r
  //\r
  VbeModeInfo->DirectColorModeInfo = BIT1;\r
\r
  VbeModeInfo->LfbAddress       = (UINT32)FrameBufferBase;\r
  VbeModeInfo->OffScreenAddress = 0;\r
  VbeModeInfo->OffScreenSizeKB  = 0;\r
\r
  VbeModeInfo->BytesPerScanLineLinear = 1024 * 4;\r
  VbeModeInfo->NumImagesLessOneBanked = 0;\r
  VbeModeInfo->NumImagesLessOneLinear = 0;\r
  VbeModeInfo->RedMaskSizeLinear      = 8;\r
  VbeModeInfo->RedMaskPosLinear       = 16;\r
  VbeModeInfo->GreenMaskSizeLinear    = 8;\r
  VbeModeInfo->GreenMaskPosLinear     = 8;\r
  VbeModeInfo->BlueMaskSizeLinear     = 8;\r
  VbeModeInfo->BlueMaskPosLinear      = 0;\r
  VbeModeInfo->ReservedMaskSizeLinear = 8;\r
  VbeModeInfo->ReservedMaskPosLinear  = 24;\r
  VbeModeInfo->MaxPixelClockHz        = 0;\r
\r
  ZeroMem (VbeModeInfo->Reserved, sizeof VbeModeInfo->Reserved);\r
\r
  //\r
  // Clear Write Enable (bit1), keep Read Enable (bit0) set\r
  //\r
  PciWrite8 (Pam1Address, (Pam1 & ~BIT1) | BIT0);\r
\r
  //\r
  // Second, point the Int10h vector at the shim.\r
  //\r
  Int0x10->Segment = (UINT16) ((UINT32)SegmentC >> 4);\r
  Int0x10->Offset  = (UINT16) ((UINTN) (VbeModeInfo + 1) - SegmentC);\r
\r
  DEBUG ((EFI_D_INFO, "%a: VBE shim installed\n", __FUNCTION__));\r
}\r
Commit	Line	Data
90803342 LE	1	/** @file\r
	2	Install a fake VGABIOS service handler (real mode Int10h) for the buggy\r
	3	Windows 2008 R2 SP1 UEFI guest.\r
	4	\r
	5	The handler is never meant to be directly executed by a VCPU; it's there for\r
	6	the internal real mode emulator of Windows 2008 R2 SP1.\r
	7	\r
	8	The code is based on Ralf Brown's Interrupt List:\r
	9	<http://www.cs.cmu.edu/~ralf/files.html>\r
	10	<http://www.ctyme.com/rbrown.htm>\r
	11	\r
	12	Copyright (C) 2014, Red Hat, Inc.\r
	13	Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
	14	\r
	15	This program and the accompanying materials are licensed and made available\r
	16	under the terms and conditions of the BSD License which accompanies this\r
	17	distribution. The full text of the license may be found at\r
	18	http://opensource.org/licenses/bsd-license.php\r
	19	\r
	20	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT\r
	21	WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	22	**/\r
	23	\r
	24	#include <IndustryStandard/LegacyVgaBios.h>\r
	25	#include <Library/DebugLib.h>\r
	26	#include <Library/PciLib.h>\r
	27	#include <Library/PrintLib.h>\r
947f3737	28	#include <OvmfPlatforms.h>\r
90803342 LE	29	\r
	30	#include "Qemu.h"\r
	31	#include "VbeShim.h"\r
	32	\r
	33	#pragma pack (1)\r
	34	typedef struct {\r
	35	UINT16 Offset;\r
	36	UINT16 Segment;\r
	37	} IVT_ENTRY;\r
	38	#pragma pack ()\r
	39	\r
	40	//\r
	41	// This string is displayed by Windows 2008 R2 SP1 in the Screen Resolution,\r
	42	// Advanced Settings dialog. It should be short.\r
	43	//\r
	44	STATIC CONST CHAR8 mProductRevision[] = "OVMF Int10h (fake)";\r
	45	\r
	46	/**\r
	47	Install the VBE Info and VBE Mode Info structures, and the VBE service\r
	48	handler routine in the C segment. Point the real-mode Int10h interrupt vector\r
	49	to the handler. The only advertised mode is 1024x768x32.\r
	50	\r
	51	@param[in] CardName Name of the video card to be exposed in the\r
	52	Product Name field of the VBE Info structure. The\r
	53	parameter must originate from a\r
	54	QEMU_VIDEO_CARD.Name field.\r
	55	@param[in] FrameBufferBase Guest-physical base address of the video card's\r
	56	frame buffer.\r
	57	**/\r
	58	VOID\r
	59	InstallVbeShim (\r
	60	IN CONST CHAR16 *CardName,\r
	61	IN EFI_PHYSICAL_ADDRESS FrameBufferBase\r
	62	)\r
	63	{\r
	64	EFI_PHYSICAL_ADDRESS Segment0, SegmentC, SegmentF;\r
	65	UINTN Segment0Pages;\r
	66	IVT_ENTRY *Int0x10;\r
ce461ae2	67	EFI_STATUS Segment0AllocationStatus;\r
947f3737	68	UINT16 HostBridgeDevId;\r
90803342 LE	69	UINTN Pam1Address;\r
	70	UINT8 Pam1;\r
	71	UINTN SegmentCPages;\r
	72	VBE_INFO *VbeInfoFull;\r
	73	VBE_INFO_BASE *VbeInfo;\r
	74	UINT8 *Ptr;\r
	75	UINTN Printed;\r
	76	VBE_MODE_INFO *VbeModeInfo;\r
	77	\r
90f3922b JW	78	if ((PcdGet8 (PcdNullPointerDetectionPropertyMask) & (BIT0\|BIT7)) == BIT0) {\r
	79	DEBUG ((\r
	80	DEBUG_WARN,\r
	81	"%a: page 0 protected, not installing VBE shim\n",\r
	82	__FUNCTION__\r
	83	));\r
	84	DEBUG ((\r
	85	DEBUG_WARN,\r
	86	"%a: page 0 protection prevents Windows 7 from booting anyway\n",\r
	87	__FUNCTION__\r
	88	));\r
	89	return;\r
	90	}\r
	91	\r
90803342 LE	92	Segment0 = 0x00000;\r
	93	SegmentC = 0xC0000;\r
	94	SegmentF = 0xF0000;\r
	95	\r
	96	//\r
	97	// Attempt to cover the real mode IVT with an allocation. This is a UEFI\r
	98	// driver, hence the arch protocols have been installed previously. Among\r
	99	// those, the CPU arch protocol has configured the IDT, so we can overwrite\r
	100	// the IVT used in real mode.\r
	101	//\r
	102	// The allocation request may fail, eg. if LegacyBiosDxe has already run.\r
	103	//\r
	104	Segment0Pages = 1;\r
	105	Int0x10 = (IVT_ENTRY *)(UINTN)Segment0 + 0x10;\r
ce461ae2 LE	106	Segment0AllocationStatus = gBS->AllocatePages (\r
	107	AllocateAddress,\r
	108	EfiBootServicesCode,\r
	109	Segment0Pages,\r
	110	&Segment0\r
	111	);\r
	112	\r
	113	if (EFI_ERROR (Segment0AllocationStatus)) {\r
90803342 LE	114	EFI_PHYSICAL_ADDRESS Handler;\r
	115	\r
	116	//\r
	117	// Check if a video BIOS handler has been installed previously -- we\r
	118	// shouldn't override a real video BIOS with our shim, nor our own shim if\r
	119	// it's already present.\r
	120	//\r
	121	Handler = (Int0x10->Segment << 4) + Int0x10->Offset;\r
	122	if (Handler >= SegmentC && Handler < SegmentF) {\r
4dd8787a	123	DEBUG ((EFI_D_INFO, "%a: Video BIOS handler found at %04x:%04x\n",\r
90803342 LE	124	__FUNCTION__, Int0x10->Segment, Int0x10->Offset));\r
	125	return;\r
	126	}\r
	127	\r
	128	//\r
	129	// Otherwise we'll overwrite the Int10h vector, even though we may not own\r
	130	// the page at zero.\r
	131	//\r
ce461ae2 LE	132	DEBUG ((\r
	133	DEBUG_INFO,\r
	134	"%a: failed to allocate page at zero: %r\n",\r
	135	__FUNCTION__,\r
	136	Segment0AllocationStatus\r
	137	));\r
90803342 LE	138	} else {\r
	139	//\r
	140	// We managed to allocate the page at zero. SVN r14218 guarantees that it\r
	141	// is NUL-filled.\r
	142	//\r
	143	ASSERT (Int0x10->Segment == 0x0000);\r
	144	ASSERT (Int0x10->Offset == 0x0000);\r
	145	}\r
	146	\r
	147	//\r
	148	// Put the shim in place first.\r
	149	//\r
947f3737 LE	150	// Start by determining the address of the PAM1 register.\r
	151	//\r
	152	HostBridgeDevId = PcdGet16 (PcdOvmfHostBridgePciDevId);\r
	153	switch (HostBridgeDevId) {\r
	154	case INTEL_82441_DEVICE_ID:\r
	155	Pam1Address = PMC_REGISTER_PIIX4 (PIIX4_PAM1);\r
	156	break;\r
	157	case INTEL_Q35_MCH_DEVICE_ID:\r
	158	Pam1Address = DRAMC_REGISTER_Q35 (MCH_PAM1);\r
	159	break;\r
	160	default:\r
	161	DEBUG ((\r
	162	DEBUG_ERROR,\r
	163	"%a: unknown host bridge device ID: 0x%04x\n",\r
	164	__FUNCTION__,\r
	165	HostBridgeDevId\r
	166	));\r
	167	ASSERT (FALSE);\r
	168	\r
	169	if (!EFI_ERROR (Segment0AllocationStatus)) {\r
	170	gBS->FreePages (Segment0, Segment0Pages);\r
	171	}\r
	172	return;\r
	173	}\r
90803342 LE	174	//\r
	175	// low nibble covers 0xC0000 to 0xC3FFF\r
	176	// high nibble covers 0xC4000 to 0xC7FFF\r
	177	// bit1 in each nibble is Write Enable\r
	178	// bit0 in each nibble is Read Enable\r
	179	//\r
	180	Pam1 = PciRead8 (Pam1Address);\r
	181	PciWrite8 (Pam1Address, Pam1 \| (BIT1 \| BIT0));\r
	182	\r
	183	//\r
8c0b0b34	184	// We never added memory space during PEI or DXE for the C segment, so we\r
90803342 LE	185	// don't need to (and can't) allocate from there. Also, guest operating\r
	186	// systems will see a hole in the UEFI memory map there.\r
	187	//\r
	188	SegmentCPages = 4;\r
	189	\r
	190	ASSERT (sizeof mVbeShim <= EFI_PAGES_TO_SIZE (SegmentCPages));\r
	191	CopyMem ((VOID *)(UINTN)SegmentC, mVbeShim, sizeof mVbeShim);\r
	192	\r
	193	//\r
	194	// Fill in the VBE INFO structure.\r
	195	//\r
	196	VbeInfoFull = (VBE_INFO *)(UINTN)SegmentC;\r
	197	VbeInfo = &VbeInfoFull->Base;\r
	198	Ptr = VbeInfoFull->Buffer;\r
	199	\r
	200	CopyMem (VbeInfo->Signature, "VESA", 4);\r
	201	VbeInfo->VesaVersion = 0x0300;\r
	202	\r
75f8e3aa	203	VbeInfo->OemNameAddress = (UINT32)SegmentC << 12 \| (UINT16)(UINTN)Ptr;\r
90803342 LE	204	CopyMem (Ptr, "QEMU", 5);\r
	205	Ptr += 5;\r
	206	\r
	207	VbeInfo->Capabilities = BIT0; // DAC can be switched into 8-bit mode\r
	208	\r
75f8e3aa	209	VbeInfo->ModeListAddress = (UINT32)SegmentC << 12 \| (UINT16)(UINTN)Ptr;\r
90803342 LE	210	(UINT16)Ptr = 0x00f1; // mode number\r
	211	Ptr += 2;\r
	212	(UINT16)Ptr = 0xFFFF; // mode list terminator\r
	213	Ptr += 2;\r
	214	\r
	215	VbeInfo->VideoMem64K = (UINT16)((1024 * 768 * 4 + 65535) / 65536);\r
	216	VbeInfo->OemSoftwareVersion = 0x0000;\r
	217	\r
75f8e3aa	218	VbeInfo->VendorNameAddress = (UINT32)SegmentC << 12 \| (UINT16)(UINTN)Ptr;\r
90803342 LE	219	CopyMem (Ptr, "OVMF", 5);\r
	220	Ptr += 5;\r
	221	\r
75f8e3aa	222	VbeInfo->ProductNameAddress = (UINT32)SegmentC << 12 \| (UINT16)(UINTN)Ptr;\r
90803342 LE	223	Printed = AsciiSPrint ((CHAR8 *)Ptr,\r
	224	sizeof VbeInfoFull->Buffer - (Ptr - VbeInfoFull->Buffer), "%s",\r
	225	CardName);\r
	226	Ptr += Printed + 1;\r
	227	\r
75f8e3aa	228	VbeInfo->ProductRevAddress = (UINT32)SegmentC << 12 \| (UINT16)(UINTN)Ptr;\r
90803342 LE	229	CopyMem (Ptr, mProductRevision, sizeof mProductRevision);\r
	230	Ptr += sizeof mProductRevision;\r
	231	\r
	232	ASSERT (sizeof VbeInfoFull->Buffer >= Ptr - VbeInfoFull->Buffer);\r
	233	ZeroMem (Ptr, sizeof VbeInfoFull->Buffer - (Ptr - VbeInfoFull->Buffer));\r
	234	\r
	235	//\r
	236	// Fil in the VBE MODE INFO structure.\r
	237	//\r
	238	VbeModeInfo = (VBE_MODE_INFO *)(VbeInfoFull + 1);\r
	239	\r
	240	//\r
	241	// bit0: mode supported by present hardware configuration\r
	242	// bit1: optional information available (must be =1 for VBE v1.2+)\r
	243	// bit3: set if color, clear if monochrome\r
	244	// bit4: set if graphics mode, clear if text mode\r
	245	// bit5: mode is not VGA-compatible\r
	246	// bit7: linear framebuffer mode supported\r
	247	//\r
	248	VbeModeInfo->ModeAttr = BIT7 \| BIT5 \| BIT4 \| BIT3 \| BIT1 \| BIT0;\r
	249	\r
	250	//\r
	251	// bit0: exists\r
	252	// bit1: bit1: readable\r
	253	// bit2: writeable\r
	254	//\r
	255	VbeModeInfo->WindowAAttr = BIT2 \| BIT1 \| BIT0;\r
	256	\r
	257	VbeModeInfo->WindowBAttr = 0x00;\r
	258	VbeModeInfo->WindowGranularityKB = 0x0040;\r
	259	VbeModeInfo->WindowSizeKB = 0x0040;\r
	260	VbeModeInfo->WindowAStartSegment = 0xA000;\r
	261	VbeModeInfo->WindowBStartSegment = 0x0000;\r
	262	VbeModeInfo->WindowPositioningAddress = 0x0000;\r
	263	VbeModeInfo->BytesPerScanLine = 1024 * 4;\r
	264	\r
	265	VbeModeInfo->Width = 1024;\r
	266	VbeModeInfo->Height = 768;\r
	267	VbeModeInfo->CharCellWidth = 8;\r
	268	VbeModeInfo->CharCellHeight = 16;\r
	269	VbeModeInfo->NumPlanes = 1;\r
	270	VbeModeInfo->BitsPerPixel = 32;\r
	271	VbeModeInfo->NumBanks = 1;\r
	272	VbeModeInfo->MemoryModel = 6; // direct color\r
	273	VbeModeInfo->BankSizeKB = 0;\r
	274	VbeModeInfo->NumImagePagesLessOne = 0;\r
	275	VbeModeInfo->Vbe3 = 0x01;\r
	276	\r
	277	VbeModeInfo->RedMaskSize = 8;\r
	278	VbeModeInfo->RedMaskPos = 16;\r
	279	VbeModeInfo->GreenMaskSize = 8;\r
	280	VbeModeInfo->GreenMaskPos = 8;\r
	281	VbeModeInfo->BlueMaskSize = 8;\r
	282	VbeModeInfo->BlueMaskPos = 0;\r
	283	VbeModeInfo->ReservedMaskSize = 8;\r
	284	VbeModeInfo->ReservedMaskPos = 24;\r
	285	\r
	286	//\r
	287	// bit1: Bytes in reserved field may be used by application\r
	288	//\r
	289	VbeModeInfo->DirectColorModeInfo = BIT1;\r
	290	\r
	291	VbeModeInfo->LfbAddress = (UINT32)FrameBufferBase;\r
	292	VbeModeInfo->OffScreenAddress = 0;\r
293	VbeModeInfo->OffScreenSizeKB = 0;\r
294	\r
295	VbeModeInfo->BytesPerScanLineLinear = 1024 * 4;\r
296	VbeModeInfo->NumImagesLessOneBanked = 0;\r
297	VbeModeInfo->NumImagesLessOneLinear = 0;\r
298	VbeModeInfo->RedMaskSizeLinear = 8;\r
299	VbeModeInfo->RedMaskPosLinear = 16;\r
300	VbeModeInfo->GreenMaskSizeLinear = 8;\r
301	VbeModeInfo->GreenMaskPosLinear = 8;\r
302	VbeModeInfo->BlueMaskSizeLinear = 8;\r
303	VbeModeInfo->BlueMaskPosLinear = 0;\r
304	VbeModeInfo->ReservedMaskSizeLinear = 8;\r
305	VbeModeInfo->ReservedMaskPosLinear = 24;\r
306	VbeModeInfo->MaxPixelClockHz = 0;\r
307	\r
308	ZeroMem (VbeModeInfo->Reserved, sizeof VbeModeInfo->Reserved);\r
309	\r
310	//\r
311	// Clear Write Enable (bit1), keep Read Enable (bit0) set\r
312	//\r
313	PciWrite8 (Pam1Address, (Pam1 & ~BIT1) \| BIT0);\r
314	\r
315	//\r
316	// Second, point the Int10h vector at the shim.\r
317	//\r
75f8e3aa	318	Int0x10->Segment = (UINT16) ((UINT32)SegmentC >> 4);\r
ea5396f3	319	Int0x10->Offset = (UINT16) ((UINTN) (VbeModeInfo + 1) - SegmentC);\r
90803342 LE	320	\r
	321	DEBUG ((EFI_D_INFO, "%a: VBE shim installed\n", __FUNCTION__));\r
	322	}\r