RAM Boot Using SDI in Windows XP Embedded with Service Pack 1

SDI Imaging

Preparing the SDI

Typical SDI Boot Sequence

OEM-Authored Boot Program

Code Sample

Additional Information

Microsoft Windows XP Embedded with Service Pack 1 run-times are loaded into RAM as SDI images. SDI is a portable file format for XP Embedded images. SDI imaging is a key technology delivered with the Windows Embedded Studio, the platform development tools in Windows XP Embedded with Service Pack 1. Several tools are provided for building, editing, and extracting images.

SDI images are stored as a single file with the following contents:

1. BOOT BLOB (boot program)

   The SDI header contains the BOOT CODE OFFSET and BOOT CODE LENGTH, which point to the BOOT BLOB within the SDI. The boot blob contains the boot program STARTROM.COM. It is a real mode executable file. To boot from the SDI, the boot blob is copied to the real mode address 0000:7C00h by the OEM-authored boot program. When passed control, STARTROM.COM expects EDX = 32-bit physical address of the page aligned SDI image bitwise ORed with 41h. Sample code is provided later in this white paper that demonstrates how this call is made.

2. LOAD BLOB (NTLDR)

   The LOAD BLOB contains NTLDR. STARTROM.COM launches NTLDR that boots the run-time image from the PART BLOB by mounting it as a RAMDisk volume.

3. PART BLOB (Windows XP Embedded with Service Pack 1 run-time)

   The PART BLOB contains the target run-time image. The run-time image is a post First Boot Agent (FBA) embedded run-time with the following requirements:

   • The run-time configuration must contain the "Windows RAM Disk Driver" component so it can be mounted as a RAMDisk volume.
   • The volume should have ntdetect.com and boot.ini in the root folder.
   • Boot.ini should have the following contents:

     Copy Code

     [boot loader]default=ramdisk(0)\WINDOWS[operating systems]ramdisk(0)\WINDOWS="Windows XPE From RAM" /fastdetect

   • The size of the run-time cannot exceed 500 MB.

SDI File Manager is a command line tool used to manipulate .sdi files. SDI Manager is installed in the utilities directory with the Windows Embedded Studio. It is used to prepare the SDI for boot. The following steps outline the SDI preparation process.

1. Create a new .sdi file.

   Copy Code

   C:\SDI>sdimgr /new image.sdiMicrosoft (R) Windows Script Host Version 5.6Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. SDI File Manager version 1.00.621Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved. SDI File            : C:\SDI\image.sdiMDB Type            : ---Boot Code Offset    : 0x00000000.00000000Boot Code Size      : 0x00000000.00000000Vendor ID           : 0x0000 (0)Device ID           : 0x0000 (0)Device Model        : {00000000-0000-0000-0000-000000000000}Device Role         : 0Runtime GUID        : {00000000-0000-0000-0000-000000000000}Runtime OEM Rev     : 0Page Alignment      : 1 (4096 bytes)

2. Import the target partition into the SDI. The target partition should typically be an SDI Disk partition mounted by SDI Loader and formatted with the Disk Management Console. The size of the partition must be less than 500 MB.

   Copy Code

   C:\SDI>sdimgr image.sdi /readpart:f:Microsoft (R) Windows Script Host Version 5.6Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. SDI File Manager version 1.00.621Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.*Reading from volume: "\\.\F:"...

3. Import the boot program STARTROM.COM into the SDI BOOT blob.

   Copy Code

   C:\SDI>sdimgr image.sdi /import:BOOT,0,startrom.com Microsoft (R) Windows Script Host Version 5.6Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.SDI File Manager version 1.00.621Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.Imported File To Blob : startrom.com, Blob Type :BOOT

4. Import NTLDR into the SDI LOAD blob.

   Copy Code

   C:\SDI>sdimgr image.sdi /import:LOAD,0,ntldr Microsoft (R) Windows Script Host Version 5.6Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.SDI File Manager version 1.00.621Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.Imported File To Blob : ntldr, Blob Type :LOAD

5. Pack the SDI to move the BOOT blob to the front, and align the blobs at a 4K boundary.

   Copy Code

   C:\SDI>sdimgr image.sdi /packMicrosoft (R) Windows Script Host Version 5.6Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. SDI File Manager version 1.00.621Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved. *Packing            : "C:\SDI\image.sdi"...New Page Alignment  : 1 (4096 bytes)

6. Verify that the SDI contains the BOOT, LOAD, and PART blob.

   Copy Code

   C:\SDI>sdimgr image.sdiMicrosoft (R) Windows Script Host Version 5.6Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.SDI File Manager version 1.00.621Copyright (C) 1999-2001 Microsoft Corp. All Rights Reserved.SDI File : C:\SDI\image.sdiMDB Type : ---Boot Code Offset : 0x00000000.00001000Boot Code Size : 0x00000000.00005FF0Vendor ID : 0x0000 (0)Device ID : 0x0000 (0)Device Model : {00000000-0000-0000-0000-000000000000}Device Role : 0Runtime GUID : {00000000-0000-0000-0000-000000000000}Runtime OEM Rev : 0Page Alignment : 1 (4096 bytes)Type Offset Size Base Address Attr---- ------------------- ------------------- ------------------- ----------BOOT 0x00000000.00001000 0x00000000.00005FF0 0x00000000.00000000 0x00000000LOAD 0x00000000.00007000 0x00000000.00034A00 0x00000000.00000000 0x00000000PART 0x00000000.0003C000 0x00000000.01780800 0x00000000.00000007 0x00000000

NTLDR and STARTROM.COM are provided with the Remote Boot Service Setup and installed in the \Program Files\Windows Embedded\Remote Boot Service\Downloads directory.

The following steps outline typical operations in an SDI boot sequence.

1. A custom protocol is used to acquire an OEM-authored boot program (boot code). This step is optional because the OEM's boot code may already reside on the device (in ROM, CD, etc.).
2. If necessary, the boot code relocates itself away from 0000:7C00 to make room for STARTROM.COM.
3. The boot code copies the SDI into RAM, page-aligned. The image acquisition and selection mechanisms are defined by the OEM.
4. The boot code obtains the BOOT CODE OFFSET and BOOT CODE SIZE from the SDI Header.
5. The boot code copies the BOOT BLOB to physical address 07C00h.
6. The boot code switches to real mode, sets EDX = physical address of SDI bitwise ORed with 041h.
7. The boot code performs a jump to 0:7C00h to execute STARTROM.COM.
8. STARTROM.COM launches NTLDR from the LOAD blob.
9. Windows boots.

The purpose of RAM boot is to allow OEMs to provide a boot solution that can integrate with custom technologies. Windows XP Embedded with Service Pack 1 provides one such solution with Remote Boot Service. To complete the custom RAM boot solution, OEMs must author a boot program that can acquire the SDI image and load it into memory. It is possible for OEMs to deliver this boot program by using the Pre-boot eXecution Environment (PXE, pronounced "pixie") and Trivial File Transfer Protocol (TFTP) support provided by Remote Boot Service (or on a CD, floppy, or in EPROM). The job of the boot program is to acquire the appropriate SDI and place it into RAM (4K aligned).

After loading the SDI into memory the boot program has to transfer control to the boot code located inside the SDI. If the OEM protocol downloads the boot program at the address 0000:7C00h, the OEM boot program must relocate itself to another address to make that space available for the boot code. The boot code must be extracted from the SDI and placed at the real mode address 0000:7C00h. The sample code that is provided in this paper illustrates how a custom boot program could complete the boot process.

The following code sample contains the BootSDI function, which performs steps 4 through 7 in the typical SDI boot sequence.

The function _BootSDI should be called from protected mode with basic flat model addressing. It needs the 32-bit physical address of the SDI as a parameter (on stack).

REAL_MODE_SEGMENT

is the real mode code segment address of the boot code. This is the segment where the OEM boot program will relocate itself.

CODE_16_SELECTOR

is a 16-bit code selector with a descriptor base address equal to the physical address of the OEM relocated boot program (REAL_MODE_SEGMENT << 4).

Copy Code

REAL_MODE_SEGMENT   equ <

Supplied by OEM

>      ; REAL MODE Segment addressCODE_16_SELECTOR   equ <

Supplied by OEM

>      ; 16bit selector of boot codeSDIHeader   struc   Signature      db   8 dup(?)   SDIReserved1      dd   ?   SDIReserved2      db   4 dup(?)   BootCodeOffsetLow   dd   ?   BootCodeOffsetHigh   dd   ?   BootCodeSizeLow   dd   ?   BootCodeSizeHigh   dd   ?SDIHeader   ends_TEXT32 segment para use32 public 'CODE' ASSUME CS:_TEXT32ALIGN 4public _BootSDI;++;; VOID; BootSDI(; VOID *pSDI; );;;; Description:; This routine executes the boot code from an SDI. It takes the ; physical address of; the SDI image (4K aligned), obtains the boot code offset and boot ; code ; length from the SDI Header. It copies the boot code to 0000:7C00, ; switches back to real mode, sets EDX = SDI Physical Address OR ; 0x41;; Then jumps to 0000:7C00 to perform the boot.; ; Environment:; Protected Mode ONLY, basic flat model addressing required for ; _BootSDI.;; Arguments:; Pointer to SDI image mapped into memory.;; Returns:; Does not return.;;--;;   16-bit call gate for _BootSDI16;_BootSDI   proc   near   push dword ptr CODE_16_SELECTOR      ; 16-bit code selector   push dword ptr (offset _BootSDI16)   retf                  ; Jump to 16-bit code_BootSDI endp_TEXT32 ends_TEXT segment para use16 public 'CODE' ASSUME CS:_TEXTALIGN 4_BootSDI16   proc   near   push   ebp               ; Save caller's stack frame & use EBP   mov   ebp, esp            ; to reference stack parameters.      cli   mov   edx, [ebp + 8]            ; SDI Address   mov   ebx, edx            ; EBX = SDI Header   mov   esi, ebxadd   esi, [ebx].BootCodeOffsetLow      ; ESI points to the BOOT BLOB ; (SDIHeader+BootCodeOffset)   mov   ecx, [ebx].BootCodeSizeLow      ; ECX has the boot code length   mov   edi, 07C00h            ; EDI = Destination realmode address; of boot code   cld       ; move forward   db   067h               ; 32-bit address size prefix    rep    movsb       ; move boot blob to 0:7C00   mov   eax,cr0               ;   and   eax, not 080000001h         ; Switch to real mode; turn off paging   mov   cr0,eax               ;   jmp   far ptr RealMode         ; flush the pipelineRealMode:   mov   eax,cr3   nop    nop    nop    nop   mov   cr3,eax               ; Flush TLB;; switch to real mode addressing;   db   0EAh       ; JMP FAR PTR   dw   OFFSET _TEXT:RealModeAddress      ; RealModeSegment:RealModeAddress   dw   REAL_MODE_SEGMENT         ; RealModeSegment value RealModeAddress:   lidt   fword ptr cs:[IDTRegisterZero]   sti                  ; re-enable interrupts   mov   ax,30               ;   mov   ss,ax               ; Setup stack for boot code   mov   esp,0100h            ;    or   dl,041h   push   0   push   07c00h   retf                  ; Jump to 0:7C00_BootSDI16   endpIDTRegisterZero dw 0ffffh dd 0_TEXT ends

For more information about the SDI manager, see SDI Manager in the production documentation.