Post

TinyEhci

Posted
By Alexovsky 1 min read

TinyEHCI

Tiny, less than 512 bytes, bare metal EHCI read step5_gh/bootsector.asm is its entry point

Explanation

Tricks to help reduce them:

  1. place GTD in BPB;
  2. place SCSI CBW in BPB;
  3. place StandardUsbRequest in BPB.
  4. replace call/ret by inline
  5. manual size optimization
  6. using data created by BIOS after loading bootsector
  7. watch every register

Full search process to find only a specific memory card in the USB2 slot. Pseoudocode:

1
2
3
4
5
6
7
8

enumerate pci to find usb/MSD {
	enumerate usb, to find EHCI {
		if ( read from usb, to detect flashstick ) {
			if ( read flashstick to find true signature )
				jump to first readed byte
		}
	}
}

Transcription:

  • Enter to bigUnrealMode
  • Iteration loop in PCI
  • Using BIOS USB data to preparing transports
  • Command to read descriptor and find Endp “id”
  • Read usbstick from “second sector”
  • Compare signature from usbstick
  • Diagnostic messages

Write bootsector in usbstick

If want to write bootsector in usbstick … TODO: HxD screens or gif …

Example

Example qemu output … TODO: replay asciinema …

Requirements

Hadrware with:

  • BIOS with “USB Legacy” boot switching capability
  • Compatible Intel x86 processor with 32-bit addressing support
  • USB2.0 connector “on” the PCI bus

a link to repo

asm
This post is licensed under CC BY 4.0 by the author.