Patchwork [RFC] Preliminary BeBox support

login
register
mail settings
Submitter François Revol
Date March 1, 2011, 12:15 a.m.
Message ID <1C0ABE1B-096A-4C5E-BFFB-34AF63C353D6@free.fr>
Download mbox | patch
Permalink /patch/84874/
State New
Headers show

Comments

François Revol - March 1, 2011, 12:15 a.m.
Since Natalia raised the subject I though I'd post my current patch for the BeBox support.
I think the loader stuff can probably be committed already with some cleanup.
The rest is mostly a copy of the prep file with tweaks and needs more work.
The boot nub images can be extracted with this script:
http://revolf.free.fr/beos/extract_bebox_images.sh
Running -M bebox -bios bootnub.image makes it try to probe the PCI bridge for now.
Comments ?

François.
Andreas Färber - March 2, 2011, 9:59 p.m.
Hello François,

Am 01.03.2011 um 01:15 schrieb François Revol:

> Since Natalia raised the subject I though I'd post my current patch  
> for the BeBox support.
> I think the loader stuff can probably be committed already with some  
> cleanup.
> The rest is mostly a copy of the prep file with tweaks and needs  
> more work.
> The boot nub images can be extracted with this script:
> http://revolf.free.fr/beos/extract_bebox_images.sh
> Running -M bebox -bios bootnub.image makes it try to probe the PCI  
> bridge for now.
> Comments ?

How does this relate to the BeBox emulation I started? I assume not at  
all?
I tried to do the PEF parsing and nub extraction inside QEMU.
http://repo.or.cz/w/qemu/afaerber.git/shortlog/refs/heads/bebox

I'd prefer the BeBox machine to go into ppc_prep.c and to benefit from  
the PReP cleanup that I started.
I'll have a closer look the weekend, please cc me on future patches.

Thanks,

Andreas
François Revol - March 3, 2011, 2:36 a.m.
Le 2 mars 2011 à 22:59, Andreas Färber a écrit :

> Hello François,
> 
> Am 01.03.2011 um 01:15 schrieb François Revol:
> 
>> Since Natalia raised the subject I though I'd post my current patch for the BeBox support.
>> I think the loader stuff can probably be committed already with some cleanup.
>> The rest is mostly a copy of the prep file with tweaks and needs more work.
>> The boot nub images can be extracted with this script:
>> http://revolf.free.fr/beos/extract_bebox_images.sh
>> Running -M bebox -bios bootnub.image makes it try to probe the PCI bridge for now.
>> Comments ?
> 
> How does this relate to the BeBox emulation I started? I assume not at all?
> I tried to do the PEF parsing and nub extraction inside QEMU.
> http://repo.or.cz/w/qemu/afaerber.git/shortlog/refs/heads/bebox

Eh, not at all, I didn't notice this one.
Hopefully I won't be dupping work anymore :p

> I'd prefer the BeBox machine to go into ppc_prep.c and to benefit from the PReP cleanup that I started.

Yeah it needs some.

> I'll have a closer look the weekend, please cc me on future patches.

Ok.

François.

Patch

diff --git a/Makefile.target b/Makefile.target
index 220589e..a41f792 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -227,6 +227,7 @@  obj-ppc-y += vga.o
 # PREP target
 obj-ppc-y += i8259.o mc146818rtc.o
 obj-ppc-y += ppc_prep.o
+obj-ppc-y += ppc_bebox.o
 # OldWorld PowerMac
 obj-ppc-y += ppc_oldworld.o
 # NewWorld PowerMac
diff --git a/hw/loader.c b/hw/loader.c
index 35d792e..7dc759a 100644
--- a/hw/loader.c
+++ b/hw/loader.c
@@ -515,6 +515,142 @@  out:
     return ret;
 }
 
+/* BeBox ROM image loader */
+
+struct bebox_image_header {
+	uint32_t entry;
+	uint32_t TOC;
+	uint32_t serial_num[2];
+	uint32_t checksum;
+	uint32_t addr;
+	uint32_t size;
+	uint32_t segtable;
+	char date[32];
+};
+
+struct bebox_image_section {
+	uint32_t size;
+	uint32_t offset;
+	uint32_t addr;
+	uint32_t zsize;
+};
+
+static void bswap_bebox_header(struct bebox_image_header *hdr)
+{
+#ifndef HOST_WORDS_BIGENDIAN
+    bswap32s(&hdr->entry);
+    bswap32s(&hdr->TOC);
+    bswap32s(&hdr->serial_num[0]);
+    bswap32s(&hdr->serial_num[1]);
+    bswap32s(&hdr->checksum);
+    bswap32s(&hdr->addr);
+    bswap32s(&hdr->size);
+    bswap32s(&hdr->segtable);
+#endif
+}
+
+static void bswap_bebox_section(struct bebox_image_section *sec)
+{
+#ifndef HOST_WORDS_BIGENDIAN
+    bswap32s(&sec->size);
+    bswap32s(&sec->addr);
+    bswap32s(&sec->offset);
+    bswap32s(&sec->zsize);
+#endif
+}
+
+/* Load a BeBox nub image. */
+int load_bebox(const char *filename, target_phys_addr_t *ep,
+               target_phys_addr_t *ds, target_phys_addr_t *loadaddr)
+{
+    int fd;
+    int size;
+	int i;
+    struct bebox_image_header h;
+    struct bebox_image_header *hdr = &h;
+    struct bebox_image_section s;
+    struct bebox_image_section *sec = &s;
+    uint8_t *data = NULL;
+    int ret = -1;
+fprintf(stderr, "%s(%s)\n", __FUNCTION__, filename);
+    fd = open(filename, O_RDONLY | O_BINARY);
+    if (fd < 0)
+        return -1;
+
+    size = read(fd, hdr, sizeof(uboot_image_header_t));
+    if (size < sizeof(uboot_image_header_t))
+        goto out;
+
+fprintf(stderr, "%s: %d read\n", __FUNCTION__, size);
+    bswap_bebox_header(hdr);
+
+fprintf(stderr, "%s: entry %08x addr %08x\n", __FUNCTION__, hdr->entry, hdr->addr);
+	/* XXX: all known images load there, but... */
+    if (hdr->entry != 0xfff00100)
+        goto out;
+    if (hdr->addr != 0xfff00000)
+        goto out;
+	/* date field seems be ASCII, ends with \n and \0 padded */
+	for (i = 0; i < 32; i++) {
+		if (!qemu_isprint(hdr->date[i]))
+			break;
+	}
+	if (i >= 32 || hdr->date[i] != '\n')
+		goto out;
+	i++;
+	for (; i < 32; i++) {
+		if (hdr->date[i] != '\0')
+			goto out;
+	}
+
+	/* TODO: check sum */
+
+fprintf(stderr, "%s: hdr ok\n", __FUNCTION__);
+    /* it seems the image is supposed to be loaded at hdr->addr,
+	 * then the primary boot nub relocates the sections itself, copying some in RAM.
+     * But we don't have the image for the primary boot nub, so we do it on our own. */
+
+    *ep = hdr->entry;
+    *ds = hdr->TOC;
+    data = qemu_malloc(hdr->size);
+
+	/* we also include the header when flashing */
+	lseek(fd, 0, SEEK_SET);
+
+    if (read(fd, data, hdr->size) != hdr->size) {
+        fprintf(stderr, "Error reading file\n");
+        goto out;
+    }
+
+    rom_add_blob_fixed(filename, data, hdr->size, hdr->addr);
+
+    if (loadaddr)
+        *loadaddr = hdr->addr;
+
+fprintf(stderr, "%s: loaded @ %08x\n", __FUNCTION__, *loadaddr);
+
+	/* relocate sections */
+	for (i = 0; ; i++) {
+		memcpy(sec, data + hdr->segtable + i * sizeof(*sec), sizeof(*sec));
+		bswap_bebox_section(sec);
+fprintf(stderr, "%s: section: offset %08x addr %08x size %d zsize %d \n", __FUNCTION__, sec->offset, sec->addr, sec->size, sec->zsize);
+		if (sec->size == 0 && sec->zsize == 0)
+			break;
+		/* already there */
+		if (sec->addr == -1 || sec->addr == (hdr->addr + sec->offset))
+			continue;
+		rom_add_blob_z(filename, data + sec->offset, sec->size, sec->addr, sec->zsize);
+	}
+
+    ret = hdr->size;
+
+out:
+    if (data)
+        qemu_free(data);
+    close(fd);
+    return ret;
+}
+
 /*
  * Functions for reboot-persistent memory regions.
  *  - used for vga bios and option roms.
@@ -640,6 +776,21 @@  int rom_add_blob(const char *name, const void *blob, size_t len,
     return 0;
 }
 
+int rom_add_blob_z(const char *name, const void *blob, size_t len,
+                   target_phys_addr_t addr, size_t zlen)
+{
+    Rom *rom;
+
+    rom = qemu_mallocz(sizeof(*rom));
+    rom->name    = qemu_strdup(name);
+    rom->addr    = addr;
+    rom->romsize = len + zlen;
+    rom->data    = qemu_mallocz(rom->romsize);
+    memcpy(rom->data, blob, len);
+    rom_insert(rom);
+    return 0;
+}
+
 int rom_add_vga(const char *file)
 {
     return rom_add_file(file, "vgaroms", 0, -1);
diff --git a/hw/loader.h b/hw/loader.h
index fc6bdff..58c31cb 100644
--- a/hw/loader.h
+++ b/hw/loader.h
@@ -13,6 +13,8 @@  int load_aout(const char *filename, target_phys_addr_t addr, int max_sz,
               int bswap_needed, target_phys_addr_t target_page_size);
 int load_uimage(const char *filename, target_phys_addr_t *ep,
                 target_phys_addr_t *loadaddr, int *is_linux);
+int load_bebox(const char *filename, target_phys_addr_t *ep,
+               target_phys_addr_t *ds, target_phys_addr_t *loadaddr);
 
 int read_targphys(const char *name,
                   int fd, target_phys_addr_t dst_addr, size_t nbytes);
@@ -25,6 +27,8 @@  int rom_add_file(const char *file, const char *fw_dir,
                  target_phys_addr_t addr, int32_t bootindex);
 int rom_add_blob(const char *name, const void *blob, size_t len,
                  target_phys_addr_t addr);
+int rom_add_blob_z(const char *name, const void *blob, size_t len,
+                   target_phys_addr_t addr, size_t zlen);
 int rom_load_all(void);
 void rom_set_fw(void *f);
 int rom_copy(uint8_t *dest, target_phys_addr_t addr, size_t size);
diff --git a/hw/ppc_bebox.c b/hw/ppc_bebox.c
new file mode 100644
index 0000000..e339cd7
--- /dev/null
+++ b/hw/ppc_bebox.c
@@ -0,0 +1,822 @@ 
+/*
+ * QEMU PPC BeBox hardware System Emulator
+ *
+ * Copyright (c) 2003-2007 Jocelyn Mayer
+ * Copyright (c) 2010 François Revol
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "hw.h"
+#include "nvram.h"
+#include "pc.h"
+#include "fdc.h"
+#include "net.h"
+#include "sysemu.h"
+#include "isa.h"
+#include "pci.h"
+#include "prep_pci.h"
+#include "usb-ohci.h"
+#include "ppc.h"
+#include "boards.h"
+#include "qemu-log.h"
+#include "ide.h"
+#include "loader.h"
+#include "mc146818rtc.h"
+#include "blockdev.h"
+
+#define HARD_DEBUG_PPC_IO
+#define DEBUG_PPC_IO
+
+/*
+ * References:
+ * http://www.netbsd.org/ports/bebox/hardware.html
+ * http://haiku-os.org/legacy-docs/benewsletter/Issue1-5.html
+ * http://mail-index.netbsd.org/port-bebox/2000/02/03/0000.html
+ * http://testou.free.fr/www.beatjapan.org/mirror/www.be.com/products/bebox/dual603spec.html
+ * http://plus.mobianlegends.com/emulators/advancemess-0.102.0.1/advancemess-0.102.0.1/mess/machine/bebox.c
+ */
+
+/* SMP is not enabled, for now */
+#define MAX_CPUS 1
+
+#define MAX_IDE_BUS 2
+
+//#define BIOS_ADDR 0xff000000
+//#define BIOS_SIZE (16*1024 * 1024)
+#define BIOS_ADDR 0xfff00000
+#define BIOS_SIZE (1024 * 1024)
+//#define BIOS_FILENAME "ppc_rom.bin"
+#define BIOS_FILENAME "bootnub.image"
+
+#define KERNEL_LOAD_ADDR 0x01000000
+#define INITRD_LOAD_ADDR 0x01800000
+
+#if defined (HARD_DEBUG_PPC_IO) && !defined (DEBUG_PPC_IO)
+#define DEBUG_PPC_IO
+#endif
+
+#if defined (HARD_DEBUG_PPC_IO)
+#define PPC_IO_DPRINTF(fmt, ...)                         \
+do {                                                     \
+    if (qemu_loglevel_mask(CPU_LOG_IOPORT)) {            \
+        qemu_log("%s: " fmt, __func__ , ## __VA_ARGS__); \
+    } else {                                             \
+        printf("%s : " fmt, __func__ , ## __VA_ARGS__);  \
+    }                                                    \
+} while (0)
+#elif defined (DEBUG_PPC_IO)
+#define PPC_IO_DPRINTF(fmt, ...) \
+qemu_log_mask(CPU_LOG_IOPORT, fmt, ## __VA_ARGS__)
+#else
+#define PPC_IO_DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+static target_phys_addr_t bios_entry = 0;
+
+/* Constants for devices init */
+static const int ide_iobase[2] = { 0x1f0, 0x170 };
+static const int ide_iobase2[2] = { 0x3f6, 0x376 };
+static const int ide_irq[2] = { 13, /*WTF:13*/14 };
+
+#define NE2000_NB_MAX 6
+
+static uint32_t ne2000_io[NE2000_NB_MAX] = { 0x300, 0x320, 0x340, 0x360, 0x280, 0x380 };
+static int ne2000_irq[NE2000_NB_MAX] = { 9, 10, 11, 3, 4, 5 };
+
+//static PITState *pit;
+
+/* ISA IO ports bridge */
+#define PPC_IO_BASE 0x80000000
+
+#if 0
+/* Speaker port 0x61 */
+static int speaker_data_on;
+static int dummy_refresh_clock;
+#endif
+
+static void speaker_ioport_write (void *opaque, uint32_t addr, uint32_t val)
+{
+fprintf(stderr, "%s(,%08x,%d %08x)\n", __FUNCTION__, addr, val, val);
+#if 0
+    speaker_data_on = (val >> 1) & 1;
+    pit_set_gate(pit, 2, val & 1);
+#endif
+}
+
+static uint32_t speaker_ioport_read (void *opaque, uint32_t addr)
+{
+fprintf(stderr, "%s(,%08x)\n", __FUNCTION__, addr);
+#if 0
+    int out;
+    out = pit_get_out(pit, 2, qemu_get_clock(vm_clock));
+    dummy_refresh_clock ^= 1;
+    return (speaker_data_on << 1) | pit_get_gate(pit, 2) | (out << 5) |
+        (dummy_refresh_clock << 4);
+#endif
+    return 0;
+}
+
+/* PCI intack register */
+/* Read-only register (?) */
+static void _PPC_intack_write (void *opaque,
+                               target_phys_addr_t addr, uint32_t value)
+{
+#if 1
+    printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
+           value);
+#endif
+}
+
+static inline uint32_t _PPC_intack_read(target_phys_addr_t addr)
+{
+    uint32_t retval = 0;
+
+    if ((addr & 0xf) == 0)
+        retval = pic_intack_read(isa_pic);
+#if 1
+    printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
+           retval);
+#endif
+
+    return retval;
+}
+
+static uint32_t PPC_intack_readb (void *opaque, target_phys_addr_t addr)
+{
+    return _PPC_intack_read(addr);
+}
+
+static uint32_t PPC_intack_readw (void *opaque, target_phys_addr_t addr)
+{
+    return _PPC_intack_read(addr);
+}
+
+static uint32_t PPC_intack_readl (void *opaque, target_phys_addr_t addr)
+{
+    return _PPC_intack_read(addr);
+}
+
+static CPUWriteMemoryFunc * const PPC_intack_write[] = {
+    &_PPC_intack_write,
+    &_PPC_intack_write,
+    &_PPC_intack_write,
+};
+
+static CPUReadMemoryFunc * const PPC_intack_read[] = {
+    &PPC_intack_readb,
+    &PPC_intack_readw,
+    &PPC_intack_readl,
+};
+
+/* PowerPC control and status registers */
+#if 0 // Not used
+static struct {
+    /* IDs */
+    uint32_t veni_devi;
+    uint32_t revi;
+    /* Control and status */
+    uint32_t gcsr;
+    uint32_t xcfr;
+    uint32_t ct32;
+    uint32_t mcsr;
+    /* General purpose registers */
+    uint32_t gprg[6];
+    /* Exceptions */
+    uint32_t feen;
+    uint32_t fest;
+    uint32_t fema;
+    uint32_t fecl;
+    uint32_t eeen;
+    uint32_t eest;
+    uint32_t eecl;
+    uint32_t eeint;
+    uint32_t eemck0;
+    uint32_t eemck1;
+    /* Error diagnostic */
+} XCSR;
+
+static void PPC_XCSR_writeb (void *opaque,
+                             target_phys_addr_t addr, uint32_t value)
+{
+    printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
+           value);
+}
+
+static void PPC_XCSR_writew (void *opaque,
+                             target_phys_addr_t addr, uint32_t value)
+{
+    printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
+           value);
+}
+
+static void PPC_XCSR_writel (void *opaque,
+                             target_phys_addr_t addr, uint32_t value)
+{
+    printf("%s: 0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", __func__, addr,
+           value);
+}
+
+static uint32_t PPC_XCSR_readb (void *opaque, target_phys_addr_t addr)
+{
+    uint32_t retval = 0;
+
+    printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
+           retval);
+
+    return retval;
+}
+
+static uint32_t PPC_XCSR_readw (void *opaque, target_phys_addr_t addr)
+{
+    uint32_t retval = 0;
+
+    printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
+           retval);
+
+    return retval;
+}
+
+static uint32_t PPC_XCSR_readl (void *opaque, target_phys_addr_t addr)
+{
+    uint32_t retval = 0;
+
+    printf("%s: 0x" TARGET_FMT_plx " <= %08" PRIx32 "\n", __func__, addr,
+           retval);
+
+    return retval;
+}
+
+static CPUWriteMemoryFunc * const PPC_XCSR_write[] = {
+    &PPC_XCSR_writeb,
+    &PPC_XCSR_writew,
+    &PPC_XCSR_writel,
+};
+
+static CPUReadMemoryFunc * const PPC_XCSR_read[] = {
+    &PPC_XCSR_readb,
+    &PPC_XCSR_readw,
+    &PPC_XCSR_readl,
+};
+#endif
+
+/* Fake super-io ports for BeBox platform (Intel 82378ZB) */
+typedef struct sysctrl_t {
+    qemu_irq reset_irq;
+    M48t59State *nvram;
+    uint8_t state;
+    uint8_t syscontrol;
+    uint8_t fake_io[2];
+    int contiguous_map;
+    int endian;
+} sysctrl_t;
+
+enum {
+    STATE_HARDFILE = 0x01,
+};
+
+static sysctrl_t *sysctrl;
+
+static void BeBox_io_write (void *opaque, uint32_t addr, uint32_t val)
+{
+    sysctrl_t *sysctrl = opaque;
+
+    PPC_IO_DPRINTF("0x%08" PRIx32 " => 0x%02" PRIx32 "\n", addr - PPC_IO_BASE,
+                   val);
+    sysctrl->fake_io[addr - 0x0398] = val;
+}
+
+static uint32_t BeBox_io_read (void *opaque, uint32_t addr)
+{
+    sysctrl_t *sysctrl = opaque;
+
+    PPC_IO_DPRINTF("0x%08" PRIx32 " <= 0x%02" PRIx32 "\n", addr - PPC_IO_BASE,
+                   sysctrl->fake_io[addr - 0x0398]);
+    return sysctrl->fake_io[addr - 0x0398];
+}
+
+static void BeBox_io_800_writeb (void *opaque, uint32_t addr, uint32_t val)
+{
+    sysctrl_t *sysctrl = opaque;
+
+    PPC_IO_DPRINTF("0x%08" PRIx32 " => 0x%02" PRIx32 "\n",
+                   addr - PPC_IO_BASE, val);
+    switch (addr) {
+    case 0x0092:
+        /* Special port 92 */
+        /* Check soft reset asked */
+        if (val & 0x01) {
+            qemu_irq_raise(sysctrl->reset_irq);
+        } else {
+            qemu_irq_lower(sysctrl->reset_irq);
+        }
+        /* Check LE mode */
+        if (val & 0x02) {
+            sysctrl->endian = 1;
+        } else {
+            sysctrl->endian = 0;
+        }
+        break;
+    case 0x0800:
+        /* Motorola CPU configuration register : read-only */
+        break;
+    case 0x0802:
+        /* Motorola base module feature register : read-only */
+        break;
+    case 0x0803:
+        /* Motorola base module status register : read-only */
+        break;
+    case 0x0808:
+        /* Hardfile light register */
+        if (val & 1)
+            sysctrl->state |= STATE_HARDFILE;
+        else
+            sysctrl->state &= ~STATE_HARDFILE;
+        break;
+    case 0x0810:
+        /* Password protect 1 register */
+        if (sysctrl->nvram != NULL)
+            m48t59_toggle_lock(sysctrl->nvram, 1);
+        break;
+    case 0x0812:
+        /* Password protect 2 register */
+        if (sysctrl->nvram != NULL)
+            m48t59_toggle_lock(sysctrl->nvram, 2);
+        break;
+    case 0x0814:
+        /* L2 invalidate register */
+        //        tlb_flush(first_cpu, 1);
+        break;
+    case 0x081C:
+        /* system control register */
+        sysctrl->syscontrol = val & 0x0F;
+        break;
+    case 0x0850:
+        /* I/O map type register */
+        sysctrl->contiguous_map = val & 0x01;
+        break;
+    default:
+        printf("ERROR: unaffected IO port write: %04" PRIx32
+               " => %02" PRIx32"\n", addr, val);
+        break;
+    }
+}
+
+static uint32_t BeBox_io_800_readb (void *opaque, uint32_t addr)
+{
+    sysctrl_t *sysctrl = opaque;
+    uint32_t retval = 0xFF;
+
+    switch (addr) {
+    case 0x0092:
+        /* Special port 92 */
+        retval = 0x00;
+        break;
+    case 0x0800:
+        /* Motorola CPU configuration register */
+        retval = 0xEF; /* MPC750 */
+        break;
+    case 0x0802:
+        /* Motorola Base module feature register */
+        retval = 0xAD; /* No ESCC, PMC slot neither ethernet */
+        break;
+    case 0x0803:
+        /* Motorola base module status register */
+        retval = 0xE0; /* Standard MPC750 */
+        break;
+    case 0x080C:
+        /* Equipment present register:
+         *  no L2 cache
+         *  no upgrade processor
+         *  no cards in PCI slots
+         *  SCSI fuse is bad
+         */
+        retval = 0x3C;
+        break;
+    case 0x0810:
+        /* Motorola base module extended feature register */
+        retval = 0x39; /* No USB, CF and PCI bridge. NVRAM present */
+        break;
+    case 0x0814:
+        /* L2 invalidate: don't care */
+        break;
+    case 0x0818:
+        /* Keylock */
+        retval = 0x00;
+        break;
+    case 0x081C:
+        /* system control register
+         * 7 - 6 / 1 - 0: L2 cache enable
+         */
+        retval = sysctrl->syscontrol;
+        break;
+    case 0x0823:
+        /* */
+        retval = 0x03; /* no L2 cache */
+        break;
+    case 0x0850:
+        /* I/O map type register */
+        retval = sysctrl->contiguous_map;
+        break;
+    default:
+        printf("ERROR: unaffected IO port: %04" PRIx32 " read\n", addr);
+        break;
+    }
+    PPC_IO_DPRINTF("0x%08" PRIx32 " <= 0x%02" PRIx32 "\n",
+                   addr - PPC_IO_BASE, retval);
+
+    return retval;
+}
+
+static inline target_phys_addr_t bebox_IO_address(sysctrl_t *sysctrl,
+                                                 target_phys_addr_t addr)
+{
+    if (sysctrl->contiguous_map == 0) {
+        /* 64 KB contiguous space for IOs */
+        addr &= 0xFFFF;
+    } else {
+        /* 8 MB non-contiguous space for IOs */
+        addr = (addr & 0x1F) | ((addr & 0x007FFF000) >> 7);
+    }
+
+    return addr;
+}
+
+static void PPC_bebox_io_writeb (void *opaque, target_phys_addr_t addr,
+                                uint32_t value)
+{
+    sysctrl_t *sysctrl = opaque;
+
+    addr = bebox_IO_address(sysctrl, addr);
+    cpu_outb(addr, value);
+}
+
+static uint32_t PPC_bebox_io_readb (void *opaque, target_phys_addr_t addr)
+{
+    sysctrl_t *sysctrl = opaque;
+    uint32_t ret;
+
+    addr = bebox_IO_address(sysctrl, addr);
+    ret = cpu_inb(addr);
+
+    return ret;
+}
+
+static void PPC_bebox_io_writew (void *opaque, target_phys_addr_t addr,
+                                uint32_t value)
+{
+    sysctrl_t *sysctrl = opaque;
+
+    addr = bebox_IO_address(sysctrl, addr);
+    PPC_IO_DPRINTF("0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", addr, value);
+    cpu_outw(addr, value);
+}
+
+static uint32_t PPC_bebox_io_readw (void *opaque, target_phys_addr_t addr)
+{
+    sysctrl_t *sysctrl = opaque;
+    uint32_t ret;
+
+    addr = bebox_IO_address(sysctrl, addr);
+    ret = cpu_inw(addr);
+    PPC_IO_DPRINTF("0x" TARGET_FMT_plx " <= 0x%08" PRIx32 "\n", addr, ret);
+
+    return ret;
+}
+
+static void PPC_bebox_io_writel (void *opaque, target_phys_addr_t addr,
+                                uint32_t value)
+{
+    sysctrl_t *sysctrl = opaque;
+
+    addr = bebox_IO_address(sysctrl, addr);
+    PPC_IO_DPRINTF("0x" TARGET_FMT_plx " => 0x%08" PRIx32 "\n", addr, value);
+    cpu_outl(addr, value);
+}
+
+static uint32_t PPC_bebox_io_readl (void *opaque, target_phys_addr_t addr)
+{
+    sysctrl_t *sysctrl = opaque;
+    uint32_t ret;
+
+    addr = bebox_IO_address(sysctrl, addr);
+    ret = cpu_inl(addr);
+    PPC_IO_DPRINTF("0x" TARGET_FMT_plx " <= 0x%08" PRIx32 "\n", addr, ret);
+
+    return ret;
+}
+
+static CPUWriteMemoryFunc * const PPC_bebox_io_write[] = {
+    &PPC_bebox_io_writeb,
+    &PPC_bebox_io_writew,
+    &PPC_bebox_io_writel,
+};
+
+static CPUReadMemoryFunc * const PPC_bebox_io_read[] = {
+    &PPC_bebox_io_readb,
+    &PPC_bebox_io_readw,
+    &PPC_bebox_io_readl,
+};
+
+#define NVRAM_SIZE        0x2000
+
+static void main_cpu_reset(void *opaque)
+{
+    CPUState *env = opaque;
+
+    cpu_reset(env);
+	if (bios_entry) {
+		env->nip = bios_entry;
+		//HACK
+		env->gpr[2] = env->gpr[13] = 0x600000;
+	}
+}
+
+
+static void cpu_request_exit(void *opaque, int irq, int level)
+{
+    CPUState *env = cpu_single_env;
+
+    if (env && level) {
+        cpu_exit(env);
+    }
+}
+
+/* PowerPC BeBox hardware initialisation */
+static void ppc_bebox_init (ram_addr_t ram_size,
+                           const char *boot_device,
+                           const char *kernel_filename,
+                           const char *kernel_cmdline,
+                           const char *initrd_filename,
+                           const char *cpu_model)
+{
+    CPUState *env = NULL;
+    char *filename;
+    nvram_t nvram;
+    M48t59State *m48t59;
+    int PPC_io_memory;
+    int linux_boot, i, nb_nics1, bios_size;
+    ram_addr_t ram_offset, bios_offset;
+    uint32_t kernel_base, initrd_base;
+    long kernel_size, initrd_size;
+    PCIBus *pci_bus;
+    qemu_irq *i8259;
+    qemu_irq *cpu_exit_irq;
+    int ppc_boot_device;
+    DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+    DriveInfo *fd[MAX_FD];
+
+    sysctrl = qemu_mallocz(sizeof(sysctrl_t));
+sysctrl->fake_io[0] = 0xff;
+
+    linux_boot = (kernel_filename != NULL);
+
+    /* init CPUs */
+    if (cpu_model == NULL)
+        cpu_model = "603e";
+    for (i = 0; i < smp_cpus; i++) {
+        env = cpu_init(cpu_model);
+        if (!env) {
+            fprintf(stderr, "Unable to find PowerPC CPU definition\n");
+            exit(1);
+        }
+        if (env->flags & POWERPC_FLAG_RTC_CLK) {
+            /* POWER / PowerPC 601 RTC clock frequency is 7.8125 MHz */
+            cpu_ppc_tb_init(env, 7812500UL);
+        } else {
+            /* Set time-base frequency to 100 Mhz */
+            cpu_ppc_tb_init(env, 100UL * 1000UL * 1000UL);
+        }
+        //qemu_register_reset((QEMUResetHandler*)&cpu_reset, env);
+        qemu_register_reset(main_cpu_reset, env);
+    }
+
+    /* allocate RAM */
+    ram_offset = qemu_ram_alloc(NULL, "ppc_bebox.ram", ram_size);
+    cpu_register_physical_memory(0, ram_size, ram_offset);
+
+    /* allocate and load BIOS */
+    bios_offset = qemu_ram_alloc(NULL, "ppc_bebox.bios", BIOS_SIZE);
+    if (bios_name == NULL)
+        bios_name = BIOS_FILENAME;
+    filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
+    if (filename) {
+        bios_size = get_image_size(filename);
+    } else {
+        bios_size = -1;
+    }
+    if (bios_size > 0 && bios_size <= BIOS_SIZE) {
+        target_phys_addr_t bios_addr = BIOS_ADDR;
+        target_phys_addr_t entry = 0;
+		target_phys_addr_t toc = 0;
+		bios_size = BIOS_SIZE;
+        //bios_size = (bios_size + 0xfff) & ~0xfff;
+        //bios_addr = (uint32_t)(-bios_size);
+fprintf(stderr, "bs %08x @ %08x\n", bios_size, bios_addr);
+        cpu_register_physical_memory(bios_addr, bios_size,
+                                     bios_offset | IO_MEM_ROM);
+        //bios_size = load_image_targphys(filename, bios_addr, bios_size);
+        bios_size = load_bebox(filename, &entry, &toc, &bios_addr);
+		if (entry > 0)
+			env->nip = bios_entry = entry;
+		if (toc > 0)
+			env->gpr[2] = env->gpr[13] = toc;
+        ppc_boot_device = 'm';
+    }
+    if (bios_size < 0 || bios_size > BIOS_SIZE) {
+        hw_error("qemu: could not load PPC BeBox bios '%s'\n", bios_name);
+    }
+    if (filename) {
+        qemu_free(filename);
+    }
+/*
+    if (env->nip < 0xFFF80000 && bios_size < 0x00100000) {
+        hw_error("PowerPC 601 / 620 / 970 need a 1MB BIOS\n");
+    }
+*/
+
+    if (linux_boot) {
+        kernel_base = KERNEL_LOAD_ADDR;
+        /* now we can load the kernel */
+        kernel_size = load_image_targphys(kernel_filename, kernel_base,
+                                          ram_size - kernel_base);
+        if (kernel_size < 0) {
+            hw_error("qemu: could not load kernel '%s'\n", kernel_filename);
+            exit(1);
+        }
+        /* load initrd */
+        if (initrd_filename) {
+            initrd_base = INITRD_LOAD_ADDR;
+            initrd_size = load_image_targphys(initrd_filename, initrd_base,
+                                              ram_size - initrd_base);
+            if (initrd_size < 0) {
+                hw_error("qemu: could not load initial ram disk '%s'\n",
+                          initrd_filename);
+            }
+        } else {
+            initrd_base = 0;
+            initrd_size = 0;
+        }
+        ppc_boot_device = 'm';
+    } else {
+        kernel_base = 0;
+        kernel_size = 0;
+        initrd_base = 0;
+        initrd_size = 0;
+        ppc_boot_device = '\0';
+        /* For now, OHW cannot boot from the network. */
+        for (i = 0; boot_device[i] != '\0'; i++) {
+            if (boot_device[i] >= 'a' && boot_device[i] <= 'f') {
+                ppc_boot_device = boot_device[i];
+                break;
+            }
+        }
+        if (ppc_boot_device == '\0') {
+            fprintf(stderr, "No valid boot device for Mac99 machine\n");
+            exit(1);
+        }
+    }
+
+    //isa_mem_base = 0xc0000000;
+    if (PPC_INPUT(env) != PPC_FLAGS_INPUT_6xx) {
+        hw_error("Only 6xx bus is supported on BeBox machine\n");
+    }
+    i8259 = i8259_init(first_cpu->irq_inputs[PPC6xx_INPUT_INT]);
+    pci_bus = pci_prep_init(i8259);
+    /* Hmm, bebox has no pci-isa bridge ??? */
+    isa_bus_new(NULL);
+    isa_bus_irqs(i8259);
+    //    pci_bus = i440fx_init();
+    /* Register 8 MB of ISA IO space (needed for non-contiguous map) */
+    PPC_io_memory = cpu_register_io_memory(PPC_bebox_io_read,
+                                           PPC_bebox_io_write, sysctrl,
+                                           DEVICE_LITTLE_ENDIAN);
+    cpu_register_physical_memory(0x80000000, 0x00800000, PPC_io_memory);
+
+    /* init basic PC hardware */
+    pci_vga_init(pci_bus);
+    //    openpic = openpic_init(0x00000000, 0xF0000000, 1);
+    //    pit = pit_init(0x40, i8259[0]);
+    rtc_init(2000, NULL);
+
+    if (serial_hds[0])
+        serial_isa_init(0, serial_hds[0]);
+    nb_nics1 = nb_nics;
+    if (nb_nics1 > NE2000_NB_MAX)
+        nb_nics1 = NE2000_NB_MAX;
+    for(i = 0; i < nb_nics1; i++) {
+        if (nd_table[i].model == NULL) {
+	    nd_table[i].model = qemu_strdup("ne2k_isa");
+        }
+        if (strcmp(nd_table[i].model, "ne2k_isa") == 0) {
+            isa_ne2000_init(ne2000_io[i], ne2000_irq[i], &nd_table[i]);
+        } else {
+            pci_nic_init_nofail(&nd_table[i], "ne2k_pci", NULL);
+        }
+    }
+
+    if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+        fprintf(stderr, "qemu: too many IDE bus\n");
+        exit(1);
+    }
+
+    for(i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
+        hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+    }
+
+    for(i = 0; i < MAX_IDE_BUS; i++) {
+        isa_ide_init(ide_iobase[i], ide_iobase2[i], ide_irq[i],
+                     hd[2 * i],
+		     hd[2 * i + 1]);
+    }
+    isa_create_simple("i8042");
+
+    cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
+    DMA_init(1, cpu_exit_irq);
+
+    //    SB16_init();
+
+    for(i = 0; i < MAX_FD; i++) {
+        fd[i] = drive_get(IF_FLOPPY, 0, i);
+    }
+    fdctrl_init_isa(fd);
+
+    /* Register speaker port */
+    register_ioport_read(0x61, 1, 1, speaker_ioport_read, NULL);
+    register_ioport_write(0x61, 1, 1, speaker_ioport_write, NULL);
+    /* Register fake IO ports for BeBox */
+    sysctrl->reset_irq = first_cpu->irq_inputs[PPC6xx_INPUT_HRESET];
+    register_ioport_read(0x398, 2, 1, &BeBox_io_read, sysctrl);
+    register_ioport_write(0x398, 2, 1, &BeBox_io_write, sysctrl);
+    /* System control ports */
+    register_ioport_read(0x0092, 0x01, 1, &BeBox_io_800_readb, sysctrl);
+    register_ioport_write(0x0092, 0x01, 1, &BeBox_io_800_writeb, sysctrl);
+    register_ioport_read(0x0800, 0x52, 1, &BeBox_io_800_readb, sysctrl);
+    register_ioport_write(0x0800, 0x52, 1, &BeBox_io_800_writeb, sysctrl);
+    /* PCI intack location */
+    PPC_io_memory = cpu_register_io_memory(PPC_intack_read,
+                                           PPC_intack_write, NULL,
+                                           DEVICE_LITTLE_ENDIAN);
+    cpu_register_physical_memory(0xBFFFFFF0, 0x4, PPC_io_memory);
+    /* PowerPC control and status register group */
+#if 0
+    PPC_io_memory = cpu_register_io_memory(PPC_XCSR_read, PPC_XCSR_write,
+                                           NULL, DEVICE_LITTLE_ENDIAN);
+    cpu_register_physical_memory(0xFEFF0000, 0x1000, PPC_io_memory);
+#endif
+
+    if (usb_enabled) {
+        usb_ohci_init_pci(pci_bus, -1);
+    }
+
+    m48t59 = m48t59_init(i8259[8], 0, 0x0074, NVRAM_SIZE, 59);
+    if (m48t59 == NULL)
+        return;
+    sysctrl->nvram = m48t59;
+
+    /* Initialise NVRAM */
+    nvram.opaque = m48t59;
+    nvram.read_fn = &m48t59_read;
+    nvram.write_fn = &m48t59_write;
+    PPC_NVRAM_set_params(&nvram, NVRAM_SIZE, "BeBox", ram_size, ppc_boot_device,
+                         kernel_base, kernel_size,
+                         kernel_cmdline,
+                         initrd_base, initrd_size,
+                         /* XXX: need an option to load a NVRAM image */
+                         0,
+                         graphic_width, graphic_height, graphic_depth);
+
+    /* Special port to get debug messages from Open-Firmware */
+    register_ioport_write(0x0F00, 4, 1, &PPC_debug_write, NULL);
+
+fprintf(stderr, "bebox init done\n");
+}
+
+static QEMUMachine bebox_machine = {
+    .name = "bebox",
+    .desc = "PowerPC BeBox",
+    .init = ppc_bebox_init,
+    .max_cpus = MAX_CPUS,
+};
+
+static void bebox_machine_init(void)
+{
+    qemu_register_machine(&bebox_machine);
+}
+
+machine_init(bebox_machine_init);