SegaXtreme

Home	Forums	What's new	Resources

Notes on the Saturn BIOS

slinga - Feb 27, 2010

		slinga		Feb 27, 2010
			Hey all, I'm doing a little research in the Saturn BIOS in my free time. Anybody have any notes, doc, etc to get started? Some things I'm still murky on: 1) After power on, what's the first address executed? The BIOS is located at 0x00000000 - 0x00800000. Address 0 is not the starting address. According to Yabause source, execution starts at 0x06001088, but that doesn't make sense as that's located in the Work RAM, not the BIOS. Setting a breakpoint on SH2Exec() it looks like the first address is 0x20000200 which is the area immediately following the BIOS. 2) When attaching an action replay, the whole things get mapped to CSO (0x02000000 - 0x04000000) and not the Work RAM area correct? Thanks in advance, I appreciate any pointers in getting started.

ExCyber

Feb 27, 2010

		slinga said:
		Hey all, I'm doing a little research in the Saturn BIOS in my free time. Anybody have any notes, doc, etc to get started? Some things I'm still murky on: 1) After power on, what's the first address executed? The BIOS is located at 0x00000000 - 0x00800000. Address 0 is not the starting address. According to Yabause source, execution starts at 0x06001088, but that doesn't make sense as that's located in the Work RAM, not the BIOS. Setting a breakpoint on SH2Exec() it looks like the first address is 0x20000200 which is the area immediately following the BIOS.

Upon a hardware reset, the CPU fetches the word at 0x00000000 and uses that as the entry point. That is, 0x00000000 isn't the entry point itself, but it's a pointer to the entry point. Keep in mind that 0x20000200 is still the BIOS ROM, just with the cache bypassed (in other words, be careful not to confuse the first and second digits of the address, because they have very different practical meanings). 0x20000200 refers to the same physical address as 0x00000200.

	
	
		
		
			2) When attaching an action replay, the whole things get mapped to CSO (0x02000000 - 0x04000000) and not the Work RAM area correct?

Right, but the firmware does end up running from work RAM; the BIOS first copies the header/AIP to work RAM (IIRC, at 0x06002000, with the AIP entry point probably being 0x06002F00), and then the AIP code copies the AR firmware into work RAM and jumps to it.

		slinga		Mar 7, 2010
			Thanks for the pointers. It's beginning to make sense now. Any idea on how reads to 0x25818000 work? It seems like its some sort of hardware register memory mapped to the cd-rom drive. Basically I can see them repeatedly reading from that address, and returning different bytes from my ISO (yes I'm a 100% software guy).

ExCyber

Mar 7, 2010

		slinga said:
		Any idea on how reads to 0x25818000 work? It seems like its some sort of hardware register memory mapped to the cd-rom drive. Basically I can see them repeatedly reading from that address, and returning different bytes from my ISO (yes I'm a 100% software guy).

I'm not familiar with CD block programming, but it's definitely plausible for that address to be a memory mapped CD block data port. You might want to have a look at CWX's CDC library... and see if anything in there appears to be following a similar pattern.

Runik

Mar 8, 2010

		slinga said:
		Thanks for the pointers. It's beginning to make sense now. Any idea on how reads to 0x25818000 work? It seems like its some sort of hardware register memory mapped to the cd-rom drive. Basically I can see them repeatedly reading from that address, and returning different bytes from my ISO (yes I'm a 100% software guy).

TyRaNiD's made this comment about those registers :

	
	
		
		
			The data transfer registers position is not fixed. It changes depending on the current operation. I think it is based on the buffer partion number but dont hold me to that.

On the other hand, I'm using this address as the fetch data pointer in Saturnin, and the cdblock seems to work ... of course my cdblock isn't working at 100%, but so far it's enough

		slinga		Mar 8, 2010
			Some weird trivia, if the disk does not start with "SEGA SEGASATURN", the Sega Player (the OS) will then check for either "PPPPHHHHOOOOTTTTOOO____CCCCDDDD" (photo_cd) and then "VIDEO_CD" (at some fixed offset within the disk). If the string is there, it'll display the message "Disc requires system application". Definitely odd that these disk types are hard-coded into the BIOS. I'm assuming that they require hardware support which is why it's failing.

CyberWarriorX

May 14, 2010

		slinga said:
		Some weird trivia, if the disk does not start with "SEGA SEGASATURN", the Sega Player (the OS) will then check for either "PPPPHHHHOOOOTTTTOOO____CCCCDDDD" (photo_cd) and then "VIDEO_CD" (at some fixed offset within the disk). If the string is there, it'll display the message "Disc requires system application". Definitely odd that these disk types are hard-coded into the BIOS. I'm assuming that they require hardware support which is why it's failing.

They require the MPEG card. Basically the way it works is that the MPEG card has a built-in ROM containing SH2 code that the BIOS fetches and executes when a video or photo cd is inserted.