What happens when a CPU starts (opens in new tab)

Yeah modern hardware is crazy hard to understand and a lot is proprietary/trademark stuff like you saw on the rpi. Arduino is a good start but it's just so low level that it doesn't get you much further to understanding how a modern system works.

One slightly weird but fascinating path I have been playing with is writing programs for old game consoles, particularly the Nintendo DS. You can get full and comprehensive hardware documentation for these consoles and there are easy ways to run your own code on them now as well as libraries/tooling around it. But they run no OS, your program runs directly on the hardware, so you get a good feel for low level programming while not being down to the level of atmel chips.

It can be a little hard to work out how to get started but it's really as simple as setting up `libnds` from devkitpro and then either hacking a dsi to run the twilight firmware, or buying a cheap flashcard from ebay to run your own programs. Read the example programs from the devkitpro github and some posts on the hardware and you'll get the hang of it.

As early as the mid-70s, minicomputers started including microcontrollers to manage the boot environment. I had a Sun machine once that included what they called Lights Out Management. A little microcontroller that had control over the system power and etc. Always available via its dedicated serial port, even when the machine was shut off. Everything is like that now. A smartphone will have multiple processors. Some doing IO interfacing. One to manage the battery. The radio hardware will have a general-purpose processor.

Most of these processors are fixed-in-ROM sort of machines, so the story for booting them individually is pretty simple. Much like a late 20th century PC, when switched on (either by the power supply or by another processor), start running BIOS code from the hardwired start address. Some need to have more software transferred to them after that.

Modern machines are really networks of computers in themselves. Networking and bringing all these parts together to support the main processors, at the low level, is not only poorly or completely undocumented, but it's probably impossible for one person to fit it all in their head these days.

If you want something you can almost fully understand, I'd go another step or two lower, to a microcontroller like an AVR or one of the old Motorola chips (68HC11 or something). These chips were actually designed by hand and expected to be programmed by hand, and their documentation reflects this. They also ave much less hidden microarchitectural state than a modern CPU.

Once you're familiar with that move to a more modern microcontroller like an Arm Cortex-M0, and after that maybe something with off-chip memory, a MMU, etc.

Look at the IBM PC/XT/AT if you want something more documented. IBM supplied schematics and even BIOS listings for those machines, the newest being a 286 (AT). Thanks to doing some BIOS RE work many years ago, the address F000:E05B still remains in my mind...

> For one, it's the GPU that actually does the initial boot process, and much of that is hard to find good info on. (https://raspberrypi.stackexchange.com/questions/14862/why-do...)

x86 is similar, since Intel ME (part of the PCH, whether in the chip or not) is needed to boot the CPU.

Yup, in bigger systems you also often need to initialize/train DRAM which means your first code essentially runs off L2/L3 cache

Here is a presentation about open firmware with a lot of stuff about boot process: https://www.youtube.com/watch?v=fTLsS_QZ8us

I think OpenPower has a fully open bootloader. But it's not exactly cheap to try.

Those systems startup into "Cache Contained" mode. Where the Boot ROM is copied to CPU Cache and there's no main memory yet. The code in the ROM has to initialized main memory before it can use it.

This is very common in embedded systems, and honestly I'm not surprised to see this, even with projects like Raspberry Pi... although, I do think it's a big shortcoming for a project like that.

In a "real project" you would be relying on your suppliers and other teams / colleagues for many of the "hard questions". Chances are you'd have a contact with the silica manufacturer, just as a major example.

There would be a boot team, or sometimes just one boot developer. If anything goes wrong, or you want to change anything, you would be pretty helpless without them. You can go to the various specs and code, but this can be quite in depth if you're starting from scratch.

Change project or micro? Chances are that all goes out the window, and you have to start from scratch.

Would you mind sharing some of your favorite youtube videos that you've come across?

Chiming in with everyone else - RPi is way too complex.

But another suggestion if you want a modern alternative to understand - RISC-V has an open boot ecosystem. You can just try it in QEmu and maybe buy a board if you get more advanced?

> Turns out the Raspberry Pi (and I'm guessing many other systems) are pretty confusing to understand at boot time.

That is because how ARM ecosystem functions. There is no standard way of integrating ARM CPU into a product as Arm, the company, just sells base IP and not the complete CPU. Every ARM licensee, from Qualcomm to Apple to Nvidia are free to design their own extensions and integrations into their SoC. There is no standard for this. This creates a lot of problems for writing a generic tutorial that you see in the x86 world.

Maybe a good place to start is an old video game console. Those have a lot of community info because of interest in retro gaming/emulation, plus they're simpler than modern hardware.

Might want to look at MicroPython. The ports have various init functions for various chips /system. It might not be a full OS, but it is pretty low level code you can compare to various other systems.

https://github.com/micropython/micropython/tree/master/ports

Check out the LibreRPi project, they are aiming to reverse engineer, document and replace the GPU firmware boot blob and other blobs.

https://github.com/librerpi/

Macs with a T2 chip first start execution there before pulling the Intel CPU out of reset.

This keynote about hardware vs operating systems knowledge of hardware was enlightening:

https://www.youtube.com/watch?v=36myc8wQhLo

You could start with a simple microcontroller like an AVR. Pick up an Arduino Uno or a Mega and an ICSP programmer, then write your own bootloader for it.

RPi's unfortunately have lousy documentation for the low level stuff.

Just about anything else (including dodgy Chinese substitutes) is better, sadly.

the "whole computer" is also thought to start on the memory, because you can have memory on a computer and a manual operator of it, but you can't have a computer with an operator of it and no memory.

Yeah better off just getting QEMU to boot. Target 286 or something.

Highly recommend Ben Eater's video, which in this embedded developer's eyes has been the clearest, best explanation of the fundamentals of a CPU as I've ever seen.

Similarly, I have come to appreciate rehsd's[0] efforts in building a 80286 computer.

0. https://www.youtube.com/@rehsd/videos

Go Ken!

CP/M systems used to do that too, where the ROM would copy its important bits to upper memory and then swap itself out.

Sort of. It's actually fairly common on larger cores (and particular, larger SoCs) for there to exist magic that happens before architectural reset vectors.

https://www.bunniestudios.com/blog/?p=5127

> By pre-boot code, I’m not talking about the little ROM blob that gets run after reset to set up your peripherals so you can pull your bootloader from SD card or SSD. That part was a no-brainer to share. I’m talking about the code that gets run before the architecturally guaranteed “reset vector”. A number of software developers (and alarmingly, some security experts) believe that the life of a CPU begins at the reset vector. In fact, there’s often a significant body of code that gets executed on a CPU to set things up to meet the architectural guarantees of a hard reset – bringing all the registers to their reset state, tuning clock generators, gating peripherals, and so forth. Critically, chip makers heavily rely upon this pre-boot code to also patch all kinds of embarrassing silicon bugs, and to enforce binning rules.

This is pretty old. There's quite a lot that happens before instructions start on modern CPUs.

Just one small example: CPUs have many small SRAM arrays for micro-architecture features like branch predictors. Some of these need to be initialized after reset by a state machine that takes many cycles.

I have even heard of a large chip that pushes initialization vectors through the scan chains so that all flops begin in an initial state, without requiring a reset network.

It's easy to overlook for those who program mostly on higher level systems. There was a recent HN thread that I think pointed to this article on what happens before main() in C programs:

https://embeddedartistry.com/blog/2019/04/08/a-general-overv...

On microcontrollers, there are often some preliminaries that are programmed into nonvolatile settings of the hardware, such as the type of clock oscillator. On a microprocessor like the Z80, your circuit was supposed to ensure that things like the clock oscillator and power supplies were stable before releasing the RESET pin.

As long as things like embedded coprocessors (IME, TXT, PSP, etc) are kept out of view.

That hasn't been true for a long time, unfortunately.

https://9esec.io/blog/hardware-assisted-root-of-trust-mechan...

If older CPUs have no magic, what is the 6502 doing here (https://youtu.be/yl8vPW5hydQ?t=706) that causes it to put eb60 → ffff → eb60 → 01f7 → 01f6 → 01f5 on the address bus, before it actually reads from memory?

I see this at the end:

  The following are the memory ranges you get with a 2-to-4 converter on an 8-bit address bus:

  00: 00h to 3Fh
  01: 40h to 7Fh
  10: 80h to BFh
  11: C0h to FFh

Looks like old 8-bit computers. I remember this from my days of Machine Code, and that was a long time ago.

Wonder when this was written? I would guess mid-1980s; maybe earlier.

Back then, we were all a lot closer to the hardware.

Even stranger: If you go to www.tripod.com, it redirects to https://www.tripod.lycos.com. Going to https://www.lycos.com, you can see that Lycos, one of several search engines that predated Google, is still around. Here's their about page: https://info.lycos.com/about/company-overview/

Mine's still around altho it looks like I turned it from a The Simpsons fan page in to one sentence https://bartzone.tripod.com/ . And with allowing all scripts, it's >1,000 requests, >10MB of data.

These ad networks on top of ad networks on the oldest IE-compliant code with it's `document.write` fighting it out for eyeballs since 1999. As Lycos' motto says: Battling it out to complete obsolescence and will never give an inch. Go iframe go!

It's the only reason I clicked on this.

Each type of memory has a somewhat different design, but generally, the address lines will control a pair of demultiplexers, one which activates a single row in a rectangular grid of memory cells, and one which reads a single column. (Old DRAM chips had separate RAS and CAS — row address select and column address select — phases.) Each memory cell in that row puts its value onto its column line, and the column portion of the address determines which column line is routed to the output pin and fed back to the data bus. Multiply everything by 16 for a 16-bit memory bus.

The memory cell itself might be a handful of transistors forming a bistable flipflop (for SRAM), or it might be a capacitor and transistor (for DRAM), or a floating gate and transistor (for EPROM), or just a wire and transistor (for mask-ROM).

There are several types of ROM available. The type you would find in most 8-bit computers from Atari, Apple, Commodore, Radio Shack, etc. would be chips pre-programmed (aka a Mask Read-Only Memory) at a factory with the contents, such that each bit is set high or low and cannot be changed at all.

Then there's PROM (Programmable Read-Only Memory), which is "empty" (either all 0, or all 1, I don't know the full details) but can be programmed once and that's it. Then there's EPROM (Erasable Programmable Read-Only Memory), which can be erased (by exposing the actual chip to UV light), then reprogrammed. Then there is EEPROM (Electrically Erasable Programmable Read-Only Memory) which can be electrically erased and reprogrammed. For each type of ROM, once programmed, it good for years, if not forever.

The programming of a PROM, EPROM or EEPROM usually consists of applying a higher than normal voltage to the chip on certain pins and is usually done in a separate device. How these chips works internally (how the gates are arranged, erased, programmed, etc.) is not something I know (being into software). This is just stuff I picked up over the years.

my understanding is that there is a thin trace (a fuse) at each cell. in order to program it, the address lines are manipulated to select the word, and a programming voltage is applied (for some reason I remember 18v, but it really could be anything), that draws a large current across the fused and blows it.

on a die, you wouldn't go through that trouble, you would just directly synthesize the zeros and ones.

but we don't really use ROMs that much anymore, they are usually persistent and programmable

Internally? Imagine a grid of wires where each address is one vertical wire and each bit of the output is one horizontal wire. The output wires have resistors pulling them up to 5V. To select an entry in the ROM you pull its corresponding vertical wire to ground.

Now here's the clever bit - there are diodes between the vertical and horizontal wires. When you pull a vertical wire to ground it pulls all the horizontal wires connected through diodes to ground, putting a 0 on those pins.

In a real "mask programmmed" ROM the grid is more square, so there are a lot of horizontal lines grouped in 8 bit bytes.

In an EPROM the diode is replaced by a little MOSFET. By applying a high voltage to its gate it'll stay charged basically forever, switching on and forming a "0" in the output.

A peer mentioned different types of memory and flip flops. I’d search for JK flip flop or D flip flop/latch for conceptual pointers. Those can be used to build up register files. The logic gates used to build flip flops/latches use things like NMOS/CMOS/PMOS - different kind of metal oxide seniconductor logic based on substrate. The differing behavior affects how you arrange circuits (voltage source, ground, etc) to provide desired logic from inputs (keywords: pull down/pull up network). Once you have logic and memory, you can build control units and things like arithmetic logic (look up von Neumann/Harvard architecture).

I’m not an expert in modern hardware, but these are the basic principles I recollect. Happy to be corrected if this answer is dated :)

I found this video a long time ago about this and it's a great way to understand it if you're a visual learner

https://www.youtube.com/watch?v=7J7X7aZvMXQ&t=5s

Ben eater to the rescue https://www.youtube.com/watch?v=FnxPIZR1ybs

All so called digital devices are really analog devices corralled into operating using binary logic. All it takes is a volt or two applied or removed unexpectedly on those discrete components and you have a bit-flip and possible ensuing mayhem.

I don't know how much it's really used these days, but when I've done asm stuff before if you have tight timing requirements in assembly, say you're bit banging an IO for some arcane serial protocol a la WS281X LED series, where it doesn't use a hardware supported serial protocol like SPI (where you can just DMA what you want to send to the controller) you then have to implement this protocol manually, in code, switching the IO pin on & off according to the timing requirements of said serial protocol/what data you want to send.

For the purposes of this, the nop instruction is useful as it's a great way to delay the processor for 1 instruction at a time and given you know the clock speed and therefore instructions per second you can: * Set the IO high * Use nops (or other instructions) to waste time * Set the IO low

This is very useful in situations where the timing needs to be too precise to use interrupts, which are somewhat unpredictable. Obviously this means an entire CPU is held up running this code.

Another timing usage is for generating a signal to display a picture on a CRT using a microcontroller. Plenty of others as well.

Personally, though, I would never bother. It's always better to get a dedicated chip/controller for something like driving those stupid LEDs (or just get an SPI LED) or to generate a TV signal.

Reading up on it further, apparently it is also used as a way to reserve space in code memory, I imagine for self-modifying code (ie fill with nops which can be replaced with actual instructions by your code, depending on code execution). But I've never actually done this myself.

Which is precisely what another of today's HN posts alludes to https://news.ycombinator.com/item?id=34329201

It does, in the sense that executing any (regular, macro) code involves executing microcode. But no, there's not a separate phase during which only microcode is executed, if that's what you mean.