3

I'd like to understand if the QSP-x86 project is simulating SMM at all. I didn't see anything in the available registers/memory from the GUI debugger that would suggest there was a way for me to see SMRAM / SMI handler code. Therefore I'm wondering if I could use it to debug some SMM code or not.

I found a page that says "The Simics Quick-Start Platform is an Intel-based platform that boots from a TianoCore-base...", so is the Simics QSP source code available somewhere? Or is it just a special build of EDK2/UDK? If so, which build and how to build it? (Because that'd make my life much easier if it was just a particular TianoCore build I could fiddle with.)

Jimmy Wu
  • 149
  • 7

1 Answers1

3

About the UEFI:

If you look at https://software.intel.com/content/www/us/en/develop/articles/simics-simulator.html there is a link to https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/SimicsOpenBoardPkg

You can also look at the Slim Boot Loader project for another QSP-compatible BIOS: https://slimbootloader.github.io/supported-hardware/qsp.html

SMM:

To stop when a target core enters SMM, use a hap breakpoint (no dedicated command is available at the moment). I.e., bp.hap.break

If you use this after running the qsp-client-core.simics script you should see:

simics> bp.hap.break X86_Enter_SMM
Breakpoint 1: Break on hap X86_Enter_SMM
simics> bp.list
┌──┬──────────────────────────┬───────┬───────┬────────────┬─────────┐
│ID│       Description        │Enabled│Oneshot│Ignore count│Hit count│
├──┼──────────────────────────┼───────┼───────┼────────────┼─────────┤
│ 1│Break on hap X86_Enter_SMM│  true │ false │           0│        0│
└──┴──────────────────────────┴───────┴───────┴────────────┴─────────┘
simics> r
[board.mb.sb.lpc.bank.cs_conf unimpl] Write to unimplemented field cs_conf.oic.aen (0x31ff) (value written = 0x01, contents = 0x00), will not warn again.
[board.mb.cpu0.core[1][0]] Breakpoint 1: board.mb.cpu0.core[1][0] X86_Enter_SMM 0
[board.mb.cpu0.core[1][0]] Breakpoint 1: board.mb.cpu0.core[1][0] X86_Enter_SMM 1
simics> pselect board.mb.cpu0.core[1][0]
Setting new inspection object: board.mb.cpu0.core[1][0]
simics> si
[board.mb.cpu0.core[1][0]] cs:0x0000000000008000 p:0x0000038000  mov ebp,dword ptr cs:[0x8010]
simics>

Simics stops when any processor core goes into SMM. Note you might have to select the processor where execution stops. Also note that precise output is likely to change with the version of Simics base and the model.

jakobengblom2
  • 5,531
  • 2
  • 25
  • 33
  • I had seen "https://github.com/tianocore/edk2-platforms/tree/master/Platform/Intel/SimicsOpenBoardPkg", but that's just one of many things in the Intel subfolder. I don't see any documentation about how one compiles that specifically, or what compile options were used for the Simics default (since if I compile it myself I'd like to first see that it matches what Simics uses by default.) – Jimmy Wu Sep 02 '21 at 16:24
  • You would build it as part of an overall UEFI build, but that is kind of obvious. Start from the top and then build this particular platform. Unfortunately, I am no expert in exactly how you do that. The config should be part of the source code. – jakobengblom2 Sep 03 '21 at 17:12
  • I'm marking this answered for the question of how to set an SMM breakpoint, and will split out the question of how to compile the Simics image since that's not answered. – Jimmy Wu Sep 07 '21 at 13:38