UEFI on Simics
By Jakob Engblom
This week, at the Intel Development Forum in San Francisco, we are announcing the upcoming availability of UEFI support in the Simics source code debugger. It is thus a good time to talk a bit more about UEFI and UEFI debug.
UEFI is the modern BIOS standard that is finally starting to replace classic BIOS in PCs and related machines. It provides for much more powerful and modular BIOSes, as well as secure booting and other important modern firmware features. For quite a few years now, Intel reference BIOSes for new platforms (like Crystal Forest, Tunnel Creek, and Haswell) have been built using UEFI, and the Simics models for these platforms have been tested using these reference BIOSes.
The simulator has proven to be a very powerful tool for developing, testing, and debugging BIOS code within Intel. With Simics being used from the very early stages of model development, modern Simics models are capable of running unmodified standard UEFI BIOS images, including the PEI component and other early hardware initialization. This capability is unique in the field of commercially available Intel Architecture simulation solutions.
It should be noted that UEFI is just a new target type for the standard Simics debugger, with all its standard capabilities. The debugger has simply been extended to understand UEFI runtime structures and the PE debug format. The result is a very powerful simulation-based debugger, in particular with its support for reverse execution and checkpointing.
Let’s have a look at a few screenshots of the debugger in action (and make sure to look at the demos being provided at the IDF in case you are there).
Simics and the debugger start running from cycle 0, as can be seen in the screenshot that follows. The screenshot also shows the automatic dynamic detection of loaded UEFI modules (the list in the Symbol Browser view). The target system is 64-bit in the hardware as can seen in the registers view, but at this point only 16 bits are used since the processor is still in the 16-bit startup mode. As the execution of the BIOS progresses, it will move into 32-bit or 64-bit mode, depending on what the UEFI BIOS was built for.
The next screenshot shows the state some time into the boot. The UEFI system has now entered into the PEI phase, as can be seen in the debug view, being automatically detected by the debugger and annotated to the debug context. We have loaded the PeiCore.efi module twice at different offsets, as can be seen in the Symbol Browser view. We can also see some recent runs to breakpoints and step operations in the Stop Log view, including a few reverse steps as I was looking at the steps leading up to the second load of PeiCore (into RAM, while the original was running from ROM).
The debugger is also uniquely able to put breakpoints into code in modules which are yet to be loaded. By setting a breakpoint on a function name, for example, any function of that name that gets loaded will get a breakpoint planted at the time of load. In the below screenshot, such a breakpoint was planted on the function DxeMain during the PEI phase of the boot. Once that breakpoint hit, I then stepped over a few lines in the code to get to the point where the UEFI officially entered into the DXE phase (the line where it is currently stopped, note the annotation in the debug view).
Some interesting workflows are also unlocked by the Simics debugger with UEFI support. Since the Simics debugger integrated is based on Eclipse, it is possible to contain an entire edit-compile-run-debug in the same IDE. You can edit UEFI source code, call up compilation, start Simics to load the newly built UEFI image, and then debug the result from within the same Eclipse GUI. Furthermore, as the execution of your target system progresses from UEFI BIOS into bootloader, OS kernel, and user applications, you can stay within the same debugger. Simics is a true system-level debugger, delivering debug for all code and for all phases of the product lifecycle.
The Simics debugger with UEFI support supports a wide range of Intel target types. It has been tested on both 32-bit and 64-bit processors, from low-end single-core Atom processors to high-end Xeon multicore and multisocket server processors, and on UEFI images based on a variety of UEFI frameworks and versions.
Leading independent BIOS vendors have been using Simics to develop UEFI BIOS for the new Intel server platforms based on the Haswell architecture. Insyde reports booting UEFI on Simics before any silicon was available, and a reduction in time-to-market of three months.
To learn more about Simics, please go to www.windriver.com/simics, or find us live at the showfloor and sessions at the IDF in San Francisco.
For additional information from Wind River, visit us on Facebook.