Chapter 28 Key Takeaways: Bare Metal Programming

  • The x86 CPU starts in 16-bit real mode at 0xFFFFFFF0. BIOS/UEFI firmware runs there, performs hardware initialization, and loads the bootloader. The BIOS hands control to the first 512-byte boot sector of the boot device by jumping to physical address 0x7C00.

  • The MBR is exactly 512 bytes. Bytes 510–511 must contain 0x55AA or the BIOS will not boot the device. Only 510 bytes are available for code and data combined. This tight constraint forces bootloaders to either load a larger stage-2 from disk or use the absolute minimum code to enter protected mode.

  • Real mode uses segment:offset addressing. Physical address = segment × 16 + offset. Maximum addressable memory is 1MB. BIOS services are available via software interrupts (INT 0x10 for video, INT 0x13 for disk). The A20 line must be enabled before accessing memory above 1MB.

  • The protected-mode transition requires a GDT. The GDT defines memory segments with base, limit, and access flags. Setting CR0.PE=1 enables protected mode, but a far jump must immediately follow to load CS with a valid GDT selector and flush the CPU pipeline.

  • Long mode requires page tables and paging enabled. The sequence is: enable PAE (CR4.PAE=1) → set up page tables → set CR3 → enable LME in EFER MSR → enable paging (CR0.PG=1) → far jump to 64-bit code segment. The minimal viable page tables identity-map the first 2MB using a single 2MB huge page.

  • The 64-bit GDT code segment requires L=1. This bit (bit 53 of the descriptor) tells the CPU to treat the segment as 64-bit code. Without L=1, even with LMA=1 in EFER, the CPU runs in 32-bit compatibility mode.

  • VGA text mode is mapped at physical 0xB8000. Each screen position uses 2 bytes: ASCII character byte + attribute byte. Writing directly to this region — with normal MOV instructions — displays text on screen. No driver needed, no IRQ required. This is the bare-metal programmer's first output mechanism.

  • QEMU with -s -S enables GDB remote debugging. The -s flag opens GDB server on port 1234; -S starts QEMU paused. GDB can then step through every instruction from the first bootloader instruction to kernel initialization. The set architecture i8086 GDB command handles real-mode disassembly correctly.

  • UEFI replaces BIOS with a modern, richer boot environment. The firmware hands control to a PE32+ executable running in 64-bit mode, with a comprehensive service table (EFI_SYSTEM_TABLE) providing file I/O, memory allocation, and device discovery. The key transition is ExitBootServices — after which the OS owns the hardware entirely.

  • The bootloader is the most constrained code you will write. No stack until you create one, no error messages until you implement print functions, no libc ever. Every byte decision is visible and consequential. Understanding it completely means understanding every assumption that the OS kernel is allowed to make about the environment it starts in.