A History of the
PC's (Personal Computer's)
BIOS (Basic I/O System) Code
NOTE: This page is still under construction; if a topic doesn't make sense, you may contact us for more information.
TO DO: We're planning on providing examples of different BIOS features to show how incredibly complex the code has become since the first PC was designed; another page will highlight a number of the routines at the assembly level of the BOCHS BIOS and a guide to using various tools to see what's inside the compressed BIOS code of a fairly recent motherboards.
It would take a group of accomplished authors working full-time to produce a textbook on the complete history of the PC BIOS in a reasonable amount of time. It will take us much longer to even produce a brief summary of how PC BIOS code has changed over the years. Though we have provided many details on special topics (such as Checksum Bytes and even some assembly listings), we are limited in the research we can conduct and the access we have to different computer types. Nevertheless, we hope to provide some data on this subject you may not find anywhere else; we appreciate your feedback.
Though many of the details (and their order) have changed over the years, this is a list of the fundamental operations which the BIOS (Basic Input/Output System) code must complete before handing control over to an operating system. Due to the complexity of the modern BIOS, completing these items is now often referred to as the POST (Power On Self Test), since the BIOS will likely contain code for many other tasks and features:
As can be seen from the partial list above, a computer's BIOS is inextricably linked to its hardware. Therefore a history of the BIOS code must also include at least an historical summary of changes in PC hardware. Before computers with new processors, other internal devices (such as a real time clocks), different types of memory, etc. ever became available to the public, they invariably required changes in the BIOS code. It's important to note the major differences (such as, bus width and addressable memory) in the Intel® processor family (see table below) for any historical study of the PC's BIOS.
A Few Relevant Facts concerning some early Intel® Processors | |||||
Processor (  ) |
Bits per Bus |
Addressable Memory |
Initial Clock Speed |
Introduced |
|
Data |
Address |
||||
8 |
16 |
64 KiB |
2 MHz |
April 1974 |
|
16 |
20 |
1 MiB |
4.77 MHz |
June 1978 |
|
8 |
20 |
1 MiB |
4.77 MHz |
July 1979 |
|
16 |
20 |
1 MiB |
6 MHz |
JAN 1982 |
|
8 |
20 |
1 MiB |
6 MHz |
JAN 1982 |
|
16 |
24 |
16 MiB |
6 MHz |
FEB 1982 |
|
32 |
32 |
4 GiB |
16 MHz |
OCT 1985 |
|
Except for some early notebook CPUs (e.g., 386SX), all Intel processors from 80386 and later, such as the 80486 (late 1989), were capable of addressing 4
GiB of Memory. But the maximum amount of memory i486 through 6th-generation CPU based PCs (i.e., Pentium™
Pro/-II/-III and Celeron™) could actually use was often determined by the Memory Control chips available to
motherboard manufacturers. For example, a particular ASUS™ motherboard (CUSL-2C); circa 2000, designed
for Socket 370 Pentium™ III or Celeron™ processors, only supported up to 512 MiB[1]
(even though CPUs which could access at least 4 GiB had then existed for 15 years) due to the limitations of its MCH
(Memory Controller Hub).[2]
The advent of 64-bit processors meant computers might possibly access up to 16 EiB (16 Binary Exa Bytes) of memory at some point in the future. However, all 7th and 8th-generation 64-bit CPUs have been manufactured with far less than 64-bit address lines; 36-bit (for 64 GiB) and now 40-bit (for 1 TiB) are common. As noted above, a PC's chipset (such as its MCH) has often been the limiting factor regarding memory; and is still often true. For example, a GIGABYTE™ GA-G33M-DS2R from 2007, with an LGA775 socket for many different Intel 64-bit CPUs, only supported up to 8 GiB[3] of system memory due to the limitations of its 82G33 Graphics and Memory Controller Hub (GMCH).[4]
Of course, in order to generally make use of more than 4 GiB of RAM, a 64-bit OS is also needed. (Note: PCs with 32-bit OSs often show only about 3.2 to 3.3 GiB available when 4 GiB is installed, since addressable hardware; especially onboard video controllers, may use hundreds of MB for their own support.)
We will have more to say about how BIOS code was affected by changes in the amount of memory these processors could access.
Over the course of the PC's history, BIOS code has been stored in many different types of non-volatile
memory, the first of which was truly Read Only Memory ( ROM), because its programming had to be encoded in the
chip at the time it was fabricated. Thus, BIOS chips on early IBM Personal Computers often had lines printed on them which not only
indicated the manufacturer's IC type, but also an IBM part number for the code it contained. In the photo
below, the logo for AMD™ (Advanced Micro Devices, Inc.) probably caught your attention first, being on four of the
five ICs, but you'll also find the Motorola™ batwing logo (an 'M' inside a small circle) on U30. The first chip
on the left (U33), with the lines "1501476 / AM9264DPC / 34146 / 8407VPM," contains the BIOS code for an IBM Model
5150, and its part number (1501476) identifies it as the 3rd version (October 27, 1982) of the code. These are all
24-pin, 8K-word x 8-bit ROMs, the BIOS/POST code being only 8 KiB long; U29 (5000019), U30 (5000021),
U31 (5000022) and U32 (5000023) comprise the 32 KiB ROM BASIC code.
From a
2008 photo, courtesy of Rune Tapper, pc-museum.com. (This particular IBM
5150 had been "Made in Greenock, Scotland,"
some time after week 8 of 1984, since a number of chips soldered
to the board had that date code; note the '8408' on U30 and U32.)
For testing or even small production runs, PROMs (one time only, Programmable
ROM) or EPROMs (Erasable Programmable ROM) may have been used on some computers, since the manufacturer
could then test and use revised code and not be left any ROMs having either erroneous or obsolete data. Both PROMs and EPROMs
usually have part numbers beginning with 27, but an EPROM has a small quartz window on top (it could be covered by a
label), to erase its memory with a specific high intensity beam of ultra-violet light; allowing it be reused. Much later,
motherboard manufacturers designed circuitry and utility programs for various types of EEPROMs (Electrically Erasable
Programmable ROM; part numbers usually begin with a 28 or 29) that allowed users to reprogram their own
PC's BIOS. [This also meant users could corrupt the code if there were a power-loss during the process, turning
an expensive computer into a 'doorstop'; especially if the PC manufacturer soldered the BIOS chip to the board! If it were
socketed, one might at least be able to obtain a programmed replacement chip. Better quality PCs had motherboards
with a bootstrap routine that remained unaltered, allowing the user to recover from a failed BIOS upgrade. More recent
motherboards, may have a Dual BIOS system, so users can boot from either chip, making it possible to reprogram a
corrupted one.]
More to follow.
Today, a PC's BIOS may reside in a small 8-pin, Serial Flash (such as the
Macronix™ MX25L8005; 1024 MiB, with Boot Lock protection), its code being accessed by the motherboard's
South Bridge (such as Intel's ICH9; I/O Controller Hub 9) using an SPI bus.
Note: If you'd like to contribute to a listing of the different types of BIOS chips and methods used to access them, we'd appreciate hearing from you; perhaps including some digital photos of your motherboard (and/or a closeup of the BIOS chip, once we determine where it's located) You can email us here.
The best source of information, if it's available, would be from the engineers who designed your PC's
motherboard. ASUS™ and GIGABYTE™ both provide manuals online for most of their products; other motherboard
companies may as well. A number of chips on our GIGABYTE boards were identified in the manuals. Due to the cost of support,
most PC manufacturers do not supply you with such details.
There are, however, utility programs that will search a PC's
buses for ID bytes that reveal the identity of a number of its ICs. One which we've used for years on our Windows platforms
is called CPU-Z; either 32-bit or 64-bit versions, installable or portable, are available from here: 
CPU-Z. The Mainboard TAB will show the PC's major Chipset and the About
TAB has buttons for saving a report in Text or HTML. To see more detailed information about your PC, you can also download
PC-Wizard (from the same web site). The Hardware section provides information about the Mainboard, BIOS
and Chipset; among many other items. And the data provided by its remaining sections will overload your brain.
Once you have the Chipset data, you can search a chip manufacturer's site for details on how data in the chip might be accessed; that data can be used by independent authors of utilities to show the actual contents of a BIOS chip, as well as by motherboard manufacturers for use in a BIOS upgrade program.
Virtually every PC, since the very first IBM® Personal Computer produced in 1981, to the latest Intel® or AMD® based PC, has had exactly the same Memory address hard-wired into its CPU as a reference for its first instruction![5] This means every PC's CPU will always begin executing machine code instructions from essentially the same location inside its BIOS chip, or for PCs that must first move (or decompress) their BIOS code to Memory, from an equivalent location in Memory. That address is:
F000:FFF0 (in Segment:Offset notation) or: FFFF0h (in Linear notation). You may also find it represented by FFFF:0000 [See Figure 1 below; as listed in IBM's original Technical Reference manual; P/N 6025008], or as just FFFF:0 (in Normalized Segment:Offset notation). [Read Section 3 of our page on Segment:Offset Addressing to understand why FFFF:0 is equivalent to the Segment:Offset pair F000:FFF0.]
IBM® named this address the "Power On Reset Vector " and it always contains a far jump instruction to the beginning of the BIOS chip's Power-on RESET code. Here's a display of what you'd find in that location and the next 12 bytes of an original IBM® PC's BIOS chip:
Offset: 0 1 2 3 4 5 6 7 8 9 A B C D E F ASCII chars. ------ ----------------------------------------------- ---------------- 0FFFF0 EA 5B E0 00 F0 30 34 2F 32 34 2F 38 31 FF FF EB .[...04/24/81... |
The first five bytes (shown in green ) comprise the Power-On Reset Far Jump. These 5 bytes disassemble to:
JMP F000:E05B
As you can see, Segment F000: is embedded inside this instruction, thus the reason its location is often referenced as F000:FFF0. Although the location of this far jump instruction is essentially 'set in stone' for all PC BIOS, it's not a requirement that where it jumps to next always be the same; yet every PC BIOS we've ever examined always jumps to "F000:E05B".
The next eight bytes (shown in yellow ) were originally called the "RELEASE MARKER" by IBM; they always contain the release date of the BIOS code (which was 04/24/81 for those first PCs).
 |
| Portion of page A-80, Appendix A, "ROM BIOS Listing," in the
Technical Reference manual (IBM Part Number, 6025008), First Edition (August, 1981), of the IBM Personal Computer Hardware Reference Library. (Click on figure above for larger size.) Figure 1 |
[ In Figure 1, there's an error in the machine
code listing for the location of the Power On RESET code in the "JMP RESET" instruction. This is exactly how the
original "IBM Personal Computer Technical Reference Manual," was printed. This should have been listed as: EA5BE000F0 rather than "EA5B0000F0";
if you check the address shown on page A-5, it's obvious "RESET" begins at the address we've specified.]
Anyone running a Microsoft/IBM OS from DOS through Windows™ 7, should be able to enter the following DEBUG commands (Windows users must first click on start —> Programs —> Accessories —> Command prompt to open a 'Command Prompt' window. Windows 7 users may be required to select 'Run As Administrator' next to the Command Prompt icon in order to access DEBUG), and obtain results similar to the following (DEBUG.EXE should already be in your path):
C:\>debug |
ENTER the commands shown in green at the DEBUG prompt ("-"). You can see we have the same Jump instruction as the original Personal Computer on this one, but this BIOS code was released on April 14, 2003 ("04/14/03"). (For more on the use of DEBUG, see our Guide to MS-DEBUG).
Here's a Windows™ 7 Command Prompt using DEBUG to show its PC's BIOS release date of "06/18/09":
On early PCs, RAM was an expensive and limited resource that was used as wisely as possible for the the execution of user's programs. Since the original PC could be purchased with only 16 KiB (16 x 1024 bytes = 16,384 bytes) of memory, we know for a fact it would have been impossible to fit the 32 KiB of ROM BASIC code into memory. But using half the available memory for even the 8 KiB of initial bootstrap code made no sense, since it could be accessed from its own ROM chip just as fast as any code in the dynamic RAM chips; both having a 250 nano second access time[6]. Once RAM became much faster than ROM or EEPROM ICs and PCs commonly had many megabytes of memory, system engineers had motive enough to first copy bootstrap routines from the BIOS code into memory, then execute it there. This made it possible for BIOS programmers to explore a number of other advantages to having their code shadowed in RAM; which we'll point out in our next section. But first, we need to mention some methods for making copies of whatever BIOS code still remains in memory after a PC boots up:
As we mentioned above, for first generation PCs, BIOS code always had to be read directly from its chip(s).
Not only when the PC was booting-up, but every time a program used a system Interrupt or needed to access any other BIOS
code stored in its ROM (Read Only Memory) chip(s). In those days, the address lines corresponding to the last segment of
memory were hard-wired only to locations within the BIOS chip(s). Later on, PCs were made in which the BIOS code was
first copied into RAM and then used from there instead of directly from the BIOS chip(s). If you have access to a PC with
an Intel® 80286 (or possibly one with an i386) CPU, you might be able to use DEBUG to change various bytes of the BIOS
code in memory, since early computers lacked the ability to write-protect portions of memory.
Motherboard and BIOS chip designs are now much more advanced and vastly different in how they function before even starting
the POST than those early PCs, but it's still possible to examine some of the BIOS code that's copied to the last 64 KiB
and other Segments of a computer's first Binary Megabyte of Memory. Although early PCs often revealed an exact duplicate of
the code from their BIOS chip(s), what you'll find today, for example, under a Windows XP OS, will only be a small portion
of code that has been copied yet again into a Virtual Memory address space used by the NTVDM program to simulate the first
Megabyte and beyond of a computer's physical memory. Nevertheless, these bytes are similar to (possibly even the same as) a
small section of all the bytes archived in whatever hardware is actually used to store the PC's BIOS code.
To make a copy of this code on your own PC, simply download and run our BIOSDUMP Batch program
which includes a DEBUG script file that uses MS-DEBUG to read all the bytes from F0000h to FFFFFh in memory
and write them to the file BIOSDUMP.BIN. Being DEBUG purists, this script file was designed to make sure the first 256
bytes of DEBUG's memory space would not be altered. (Note: This download also includes VIDEODMP.BAT and a script file for
dumping the C000: segment; the standard location for VGA video BIOS code.) The scripts cause DEBUG to perform a
two-step process that first copies the code to a 65,280-byte file, followed by a 256-byte file. Then the two *.BIN files
are combined using the DOS "COPY /b" command; lastly, the intermediate *.BIN files are deleted.
Instructions for using BIOSDUMP.ZIP: Simply extract all 4 files to a Windows or DOS folder of your
choice, then double-click on one of the *.BAT files, or enter its name at a DOS prompt to run it. The Batch programs run
the associated *.DSF Debug Script so you don't have to type in the DEBUG commands. (If run from a bootable floppy diskette,
make sure a copy of DEBUG.EXE is in the same location or in the path.)
In order to quickly skim through the contents of any *.BIN file created by these programs, or to search for either a text string or hex byte pattern, we recommend using the free hex/disk editor, HxD.
The last location in an early PC's BIOS chip was called its CHECKSUM byte. It was used to help check
that none of the chip's bytes had become corrupted (changed values). For example, the Checksum Byte of the first IBM
Personal Computer is "EB". This value was computed by first adding together every
preceding byte of the PC's 8 KiB BIOS code, two bytes at a time, keeping only the last 8-bits (one byte) of the sum, and
finally subtracting that value from 100 hex. Thus, the Checksum Byte ensures that running an "8-bit Checksum
operation" on every byte in the BIOS chip will produce a result of zero (0). [ Note: An 8 KiB file full of only FF bytes would also have an 8-bit Checksum of
zero, but its 32-bit Checksum would be 1FE000; which is the sum of all 8,192 of its
bytes added together (2,088,960 decimal).] In summary, an 8-bit Checksum Byte can be computed as follows (we
also show in the table below all checksum data for the original IBM PC's three different BIOS chip versions):
1. When you have finished coding the BIOS, insert a Checksum Byte of 00 (or simply proceed without one).
2. Use a program or utility to compute the 8-bit Checksum of these bytes.
3. Subtract this checksum from 100 hexadecimal; for example, in the table below: 100h - 15h =
EB.
4. The result is the 8-bit Checksum Byte for the BIOS; ensuring its final 8-bit Checksum is zero.
BIOS Checksum Data for U33 of the 5150 IBM® Personal Computer | |||||
ROM Version P/N (Release Date) |
Original Checksum |
Checksum Byte |
Final Checksum |
||
8-Bit |
32-Bit |
8-Bit |
32-Bit |
||
5700051 (04/24/81) |
15 |
E8515 |
EB |
00 |
E8600 |
5700671 (10/19/81) |
65 |
E8565 |
9B |
00 |
E8600 |
1501476 (10/27/82) |
89 |
EAF89 |
77 |
00 |
EB000 |
If you wish to compute the 8-bit (or 16- or 32-bit) Checksum of a file, you can easily do so using HxD, as shown here:
Although you could boot-up your computer with a DOS boot diskette or a CD-ROM disc so there's no chance of its memory being altered by anything but 16-bit real DOS before dumping its contents, even then there's no assurance (without prior research) this will provide you with a copy of all the bytes actually contained in its "BIOS chip(s)". Why? Because the BIOS code may include features that are never retained in memory; for example, a PC company's splash screen that often appears on the display when a computer is first turned on. Or, for example, this familiar EPA ("Energy Star") Logo:
 | This bit-map file had to be converted from a special AWARD BIOS Bit-map file ("AWBM") after extracting it from an LHA compressed file named "AwardBmp.bmp" stored within a PC's actual 128 KiB BIOS chip. |
To see just how sophisticated modern BIOS code has become; using compression and possibly even encrypting its machine code, we've decided to delve into some of the methods used by BIOS manufacturers for our readers. We want you to see how much BIOS code has changed over the decades.
If you have a particular interest in this topic, feel free to write to us about your own PC's BIOS for help in obtaining a copy of what's actually stored in its BIOS chip(s) and/or a BIOS upgrade file.
NOTE: This page is still under construction
1[Return to Text] On page 8 of the ASUS® CUSL2-C, Intel® 815EP ATX Motherboard, USER'S MANUAL, Revision 1.04 E639, Copyright ©2000 by ASUSTeK Computer Inc., it states: "Equipped with three Dual Inline Memory Module (DIMM) sockets to support PC100/PC133-compliant SDRAMs (available in 64, 128, 256, 512MB densities) up to 512 MB." [Emphasis ours.] Note: The Black Pearl Edition (CUSL2-CBP) was no different; its User Manual has the same note on page 12.
2[Return to Text] On page 9 of the Intel® 815 Chipset Family:, 82815EP and 82815P, Memory Controller Hub
(MCH), March 2001, Document Reference Number: 290693-002, Copyright © 2000,2001 Intel Corporation, under
"Integrated SDRAM Controller" it lists: "32 MB to 512 MB using 16Mb/64Mb/128Mb/256Mb technology". And
on page 50, it quite clearly states: "The maximum supported main
memory capacity is 512 MB." [Emphasis ours.]
3[Return to Text] On page 12 of the
GA-G33M-DS2R/, GA-G33M-S2, LGA775 socket motherboard for Intel®
Core™ processor family/, Intel® Pentium® processor family/Intel® Celeron® processor family, User's
Manual, Rev. 1003, 12ME-G33MD2R-1003R, ©2007 by GIGABYTE™ you'll find: "4 x 1.8V DDR2 DIMM sockets supporting up to 8 GB of system memory."
[Emphasis ours.] The fact that GIGABYTE included four sockets on this board, means we'll only need to purchase DIMMs
of 2 GB each when moving from a 32 to 64-bit OS to take full advantage of that 8 GiB of memory. 4[Return to Text] On page 28 of the Intel® 3 Series Express Chipset, Family, Datasheet, - For the Intel®
82Q35, 82Q33, 82G33 Graphics and Memory Controller Hub (GMCH) and Intel® 82P35 Memory Controller Hub (MCH), August
2007, you'll find: "Using 1 Gb device technologies, the largest
memory capacity possible is 8 GB, assuming Dual Channel Mode with four x8 double sided un-buffered non-ECC DIMM memory
configuration.." [Emphasis ours.] And on page 17: "Supports 1-Gb, 512-Mb DDR2 or DDR3 technologies, for x8 and x16 devices, 8 GB maximum memory."
[Emphasis ours.] 5[Return to Text] Technically, this has not been exactly true for a long time. We're still looking for
an Intel 80286 CPU Manual, but can state for certain that for any PC running on an i386 or later CPU, the BIOS chip's first
instruction is actually accessed through address 0xFFFFFFF0. This is just 16 bytes below 4 GiB.
Something to think about: How does code at that high of a Memory location become the same as the 0xFFFF0
20-bit address under the first generation IBM PC processors?
After RESET, address lines A{31-20} are automatically asserted for instruction fetches. This fact,
together with the initial values of CS:IP, causes instruction execution to begin at physical address FFFFFFF0H. Near
(intrasegment) forms of control transfer instructions may be used to pass control to other addresses in the upper 64K
bytes of the address space. The first far (intersegment) JMP or CALL instruction causes A{31-20} to drop low, and the
80386 continues executing instructions in the lower one megabyte of physical memory. This automatic assertion of address
lines A{31-20} allows systems designers to use a ROM at the high end of the address space to initialize the system. We will have a lot more to say about this in the future, and hope to
provide a much clearer explanation using our own memory diagrams, so everyone can understand the process. 6[Return to Text] "The ROM is packaged in 24-pin modules and has an access time of 250 ns and a cycle time of
350 ns. .... All memory is parity-checked and consists of 16 K by 1 bit or ([sic]64 K by 1 bit) chips with an access time of 250
ns and a cycle time of 410 ns." Page 1-5, "Section 1: Hardware," IBM Personal Computer Technical Reference
manual, Revised Edition (April, 1983), of the IBM® Personal Computer Hardware Reference Library. Published: 15 December 2007 (15.12.2007), Revised: 27 September 2010 (27.09.2010). You can write to me using this: author's
email address. (It opens in a new window.)
For example, from the Intel 80386, Programmer's Reference Manual, 1986, on page 176 of 421, under Section 10.2.3
"First Instructions," we find:
Updated: 20 October 2010 (20.10.2010), 30 March 2011 (30.03.2011), 22 May 2011 (22.05.2011),
Last Update: 21 August 2011 (21.08.2011).
MBR and Boot Records
Index The Starman's Realm Index Page