Trampoline Disection

[nanopico]

I'm going to drop some notes on my trampoline recreation here.  Some of it may be ramblings some not.

Firstly though I would share a couple interesting things I've found. Nothing earth shattering, but it amused me for some reason.

Keep in mind I'm using the last version of the trampoline released by Apple.

After open firmware loads the trampoline and jumps in, the main method starts at address 0x00204D54 in RAM.
Some stack frame setup is done.
Then a handle to the Open Firmware Client interface is stored in RAM.
Then a handle to /chosen is acquired.
The bootpath property of /chosen is loaded.
if bootpath doesn't exist in /chosen everything ends here.
From /chosen a handle to stdout is acquired.
Then a handle to memory is acquired from /chosen.
Doesn't look like the stdout handle has to succeed, but if the memory handle is not acquired then again booting ends here.
Next a handle to the root of the device tree is acquired.
If that fails again booting ends.
The AAPL,debug property is checked.
If this is found then it stored in memory.  If it is not found then it sets a default.
The cool thing here is that it's loaded from a default value in the data section of the trampoline elf image.  So it's possible to update the trampoline with a debug level value and then you never have to set AAPL,debug.
The other cool thing is that all those points where it fails now, they call a debugprint function.  It checks this value.  Since the first few failure points haven't loaded AAPL,debug and the default value shipped is 0 then those message would never get printed.
The next portion of code is to try to get the value in the property "copyright" of the root device.
This looks like a very rudimentary check to ensure that the system is running on a legit Apple machine if the copyright property is missing it ends with outputing a message
"Official Apple copyright message missing." 
That's as far as I am with disassembly of main.


That's it for interesting things.

[Mat]

A little bit off topic, and maybe not helpful at all with OF stuff, …
But do you have the Mac OS 7.1 sources that have been leaked more than a decade ago? I have no clue about coding, and about all this hardware near stuff, but perhaps it may be helpful to understand some of the early boot processes the did (and maybe still had to do in OS 8.6 with OF)?

[nanopico]

A little bit off topic, and maybe not helpful at all with OF stuff, …
But do you have the Mac OS 7.1 sources that have been leaked more than a decade ago? I have no clue about coding, and about all this hardware near stuff, but perhaps it may be helpful to understand some of the early boot processes the did (and maybe still had to do in OS 8.6 with OF)?

I have seen it, but for trampoline code I don't think it's of much use.
The trampoline has to load the toolbox ROM.  When it jumps to the startup code in the toolbox then it might be useful.   The thing is I don't recall open firmware being a thing in the OS 7.1 era.

On the flip side I have figure out all of the open firmware methods and have most of them translated to c at this point as well. They just really aren't that interesting as they are pretty generic. It is where these methods get used that i find interesting.

[nanopico]

More info now.
Just got to the section of the main function that starts handling the parcels (so setting up drivers that need to be present but aren't and some other stuff).

My assumption was that it would only calculate the checksums of each parcel as it  need each one so if one wasn't required for a specific machine/configuration then it wouldn't bother calculating the checksum.  Well I was wrong. First thing it does with the parcels is loop through all of them and calculate the checksums and verify them.  If one is invalid it bails and stops checking. Reports the error and stops booting. So if a parcel has an invalid checksum it halts the boot process even if it is not required.

Nothing ground shaking here but it's fun to make guesses at how it should/may work and then find your guess was wrong. I guess that is what learning is all about.

[zefrenchtoon]

The thing is I don't recall open firmware being a thing in the OS 7.1 era.

If I’m not wrong, the first PowerMacs (x100) use a very old version of OpenFirmware and they were shipped with 7.1.2.
The question now is, what was the exact version of SuperMario sources ?

[laulandn]

It was introduced with 7.5 with the x500 (and x200) PCI machines.  A bit minimal and buggy, implementing enough to load and start the toolbox from rom.

[nanopico]

Still fun to know a little history of OF in the power mac line.
The trampoline was really more a part used with the whole ROM in RAM thing.