[LMH]SIB, Config ROMs, Fonts, Diagnostic Engine Code

[Nyef]

Hello all.

I'm somewhat bored and killing time at work, and figured a few things out 
that may be interesting to some of you.

For some reason I felt like looking for the text font used by the Explorer
during startup. I figured that it had to be in ROM somewhere (since SSDN2
talks about displaying messages on the screen before accessing disk or
network devices). I also figured that it would be in the SIB config ROM, 
since that was the place that made the most sense.

I eventually found an 8x12 font in the SIB config ROM starting at about 
offset 0x19ac or so. But that's not the interesting bit.

While I was looking, I saw this in the ROM:

000004a0: 1a 88 02 82 90 e8 f0 f0 f0 f0 88 1a 88 03 82 90 ................
000004b0: e8 cc cc cc cc 88 1a 88 04 82 90 e8 aa aa aa aa ................
000004c0: 88 1a 88 05 82 90 e8 55 55 55 55 88 1a 88 06 82 .......UUUU.....
000004d0: 90 e8 33 33 33 33 88 1a 88 07 82 90 e8 0f 0f 0f ..3333..........
000004e0: 0f 88 1a 88 08 82 90 e8 00 ff 00 ff 88 1a 88 09 ................
000004f0: 82 90 c8 00 ff ff 88 1a 88 0a 82 90 88 00 88 1a ................

What caught my eye was the two strings 'UUUU' and '3333'. These correspond 
to the values 0x55555555 and 0x33333333, respectively. Nearby, you can see 
the values 0xf0f0f0f0, 0xcccccccc, and 0x0f0f0f0f.

This made me curious, so I started looking for patterns, and I found some:

    Each block of four bytes with a regular bit pattern is prefixed by a 
0xe8 byte.

    Each block is followed by 0x88, 0x1a, 0x88, <something>, 0x82, 0x90. 
The <something> has a low value, and appears in rising sequence.

I figured this for a block of Diagnostic Engine Code, since it "feels" 
like code, and there's only one kind of code I remmeber reading about 
appearing in the configuration ROMs.

What I figure so far is that it's a stack-based system using an 8-bit 
opcode. The opcodes I'm figuring on so far are:

    0x88: Push an 8-bit literal constant from the next byte in the 
instruction stream.

    0xa8: Push a 16-bit literal constant from the next two bytes in the 
instruction stream.

    0xc8: Push a 24-bit literal constant from the next three bytes in the 
instruction stream.

    0xe8: Push a 32-bit literal constant from the next four bytes in the 
instruction stream.

    0x90: Some sort of memory set operation? Pops an address at the top 
of the stack, and a data value immediately below it, and stores the data 
value at the address?

    0x82: Some sort of math / address computation operation? Pops an 
offset from the top of the stack and a base immediately below it, and 
pushes an address?

The similarity between the four literal push opcodes suggests that there 
may be a common length encoding for other instruction groups that take 
lengths. Or I could be reading too much into far too little data.

There also appears to be some sort of header at the start of a Diagnostic
Engine Code block. At offsets 0 and 0x1400 of the SIB configuration ROM
(which are indicated by the config area at the end as being the diagnostic
and driver entry points, respectively) is the sequence 0x01, 0x04. The 
network config ROM (the 'NEC' board) has a signature of 0xe1, 0x04 at 
offset 0. I'm not sure what to make of these yet.

The two NUPI ROM images are weirder. Each byte of the last 128 is doubled. 
And this is in both ROMs. I'm thinking that they might be high/low paired 
16-bit wide ROMs shared between the NuPI's 68k CPU and the Explorer NuBus 
requests. Certainly the low 128 bytes of each feels like a 68k interrupt 
vector table.

Anyway, that's my report from a day's forced idleness. I almost hope that 
tomorrow is just as boring. ^_^

---------------------------
All programming can be viewed as an exercise.
---------------------------
Alastair Bridgewater
e-mail: nyef@softhome.net