Chapter 28 Quiz: Bare Metal Programming

Open Assembly Language Project

Chapter 28 Quiz: Bare Metal Programming

1. At power-on, what memory address does the x86 CPU begin executing code?

A) 0x00000000 (physical 0) B) 0x00007C00 (where BIOS loads the MBR) C) 0xFFFFFFF0 (top of 4GB, in ROM) D) 0x00100000 (1MB mark)

Answer: C — The CPU starts at 0xFFFFFFF0, which in real mode is CS:IP = 0xF000:0xFFF0 = physical 0xFFFF0. This is within the BIOS ROM. The actual x86_64 processor starts at 0xFFFFFFF0 in 16-bit mode via a legacy compatibility mechanism that maps to the BIOS at the top of the 32-bit address space.

2. How many bytes of code does the BIOS load from disk to address 0x7C00?

A) 4096 (one sector × 8) B) 512 (one sector) C) 1024 (two sectors) D) The entire boot partition

Answer: B — The BIOS loads exactly one sector (512 bytes) — the Master Boot Record (MBR) — to address 0x7C00. The 512-byte limit is why bootloaders often load a larger "stage 2" from disk.

3. What is the boot signature, and where must it appear?

A) 0xAA55 at bytes 0–1 of the boot sector B) 0x55AA at bytes 510–511 of the boot sector C) 0xEB90 at byte 0 (the first instruction) D) A GUID in the GPT header

Answer: B — The magic signature is 0x55, 0xAA (little-endian word 0xAA55) at bytes 510–511 of the 512-byte MBR. The BIOS checks this before deciding to boot from the device.

4. In x86 real mode, what is the maximum physical address that can be accessed?

A) 64KB (16-bit registers) B) 1MB (20-bit address bus) C) 4GB (32-bit) D) It depends on the CPU model

Answer: B — Real mode uses segment:offset addressing where physical = segment × 16 + offset. With 16-bit segment and 16-bit offset, the maximum is 0xFFFF × 16 + 0xFFFF = 0x10FFEF — slightly above 1MB. The A20 line gates the 20th address bit, limiting normal real-mode code to 1MB (the A20 "wrap-around" is handled differently).

5. Which control register bit, when set, transitions the CPU from real mode to protected mode?

A) CR0 bit 31 (PG — Paging Enable) B) CR0 bit 0 (PE — Protection Enable) C) CR4 bit 5 (PAE — Physical Address Extension) D) EFER bit 8 (LME — Long Mode Enable)

Answer: B — CR0 bit 0 (PE) enables protected mode. Setting this bit alone does not enable paging; that requires CR0 bit 31 (PG). Paging is not strictly required for protected mode but is required for long mode.

6. What must happen immediately after setting CR0.PE=1 to enable protected mode?

A) An interrupt must be triggered to flush the CPU pipeline B) A far jump must be executed to load a valid code segment selector C) The CPU must be halted and restarted D) The GDT must be reloaded with LGDT

Answer: B — The CPU's prefetch queue may contain real-mode instructions. A far jump (jmp selector:offset) flushes the prefetch queue and loads a new value into CS from the GDT, completing the transition. Without this, the CPU might try to execute queued instructions as protected-mode code.

7. What is the minimum number of entries required in the GDT for long-mode operation?

A) 1 (just the null descriptor) B) 2 (null + code segment) C) 3 (null + code + data segments) D) 8 (minimum for a real OS)

Answer: C — You need: a null descriptor (required by the CPU specification), a code segment (for CS — must have L=1 for 64-bit), and a data segment (for DS, ES, SS). In 64-bit mode, most segment limits are ignored, but the CS.L bit and present/DPL flags still matter.

8. In 64-bit long mode, which bit in the GDT code segment descriptor enables 64-bit operation?

A) The G bit (granularity) B) The D bit (default operation size) C) The L bit (long mode) D) The S bit (descriptor type)

Answer: C — The L bit (bit 53 of the 8-byte entry, or bit 5 of the "flags" byte) enables 64-bit mode for a code segment. When L=1 and the CPU is in IA-32e mode, the processor uses 64-bit instructions and registers. If L=0 in IA-32e mode, it's compatibility mode (32-bit code runs in 64-bit OS).

9. What does enabling the A20 line accomplish?

A) Enables 20-bit protected mode operations B) Allows access to physical memory above 1MB by un-gating address line 20 C) Activates the second CPU in a dual-processor system D) Switches from BIOS interrupt mode to direct hardware access

Answer: B — The IBM PC originally gated address line 20 (A20) to create the 1MB "wrap-around" behavior of the 8086. To access memory above 1MB (required for kernel loading), A20 must be enabled. The "fast A20" method (port 0x92, bit 1) is the most common modern approach.

10. What is the purpose of setting up page tables before entering long mode?

A) Long mode requires paging to be enabled as part of the mode switch B) The kernel needs virtual memory before it can run C) The BIOS memory map requires page-level access D) Page tables are needed to protect the boot sector

Answer: A — Long mode (64-bit) requires paging enabled (CR0.PG=1). The sequence is mandatory: enable PAE → set CR3 → enable LME → enable paging → far jump to 64-bit CS. You cannot enter long mode without paging.

11. The VGA text mode buffer is mapped at physical address:

A) 0x000A0000 B) 0x000B8000 C) 0x000C0000 D) 0x00100000

Answer: B — The VGA text mode buffer is at 0xB8000. Each of the 80×25 = 2000 character positions uses 2 bytes: one for the ASCII character and one for the attribute (colors). The total buffer size is 4000 bytes.

12. In the disk address packet (DAP) for BIOS INT 0x13/AH=0x42, what does the "starting LBA" field specify?

A) The head/cylinder/sector (CHS) address B) The logical block address (absolute sector number, 0-indexed) C) The byte offset from the beginning of the disk D) The MBR offset (1-indexed sector number)

Answer: B — The DAP uses LBA (Logical Block Addressing): sector 0 is the MBR, sector 1 is the second sector, etc. LBA is more reliable than CHS addressing for large disks and is supported by all modern BIOS/UEFI implementations via the extended INT 0x13 interface.

13. After the bootloader enters 64-bit long mode, it jumps to the kernel which was loaded at 0x8000. Why can the kernel code at 0x8000 execute without page faults?

A) The bootloader mapped 0x8000 explicitly with a 4KB page B) The kernel runs in real mode, bypassing page tables C) The first 2MB is identity-mapped with a 2MB huge page (physical 0 → virtual 0) D) The BIOS maps all memory as identity during POST

Answer: C — The bootloader's minimal page tables use a 2MB huge page in PD[0] that identity-maps physical addresses 0 to 0x1FFFFF to the same virtual addresses. Since 0x8000 is within this range, the kernel at virtual 0x8000 accesses physical 0x8000 transparently.

14. What QEMU flags enable GDB remote debugging?

A) -debug -gdb B) -s -S C) -remote-debug D) -monitor -pause

Answer: B — -s opens GDB server on TCP port 1234; -S starts QEMU paused (don't begin execution until GDB connects and sends "continue"). Connect with (gdb) target remote localhost:1234.

15. In UEFI booting, what executable format is the UEFI application?

A) ELF64 (same as Linux binaries) B) Flat binary (like the BIOS MBR) C) PE32+ (Windows Portable Executable, 64-bit) D) Mach-O (macOS format)

Answer: C — UEFI applications use the PE32+ format (same as Windows 64-bit executables). This is why UEFI bootloaders have a .efi extension and can be examined with tools like objdump -p that understand PE format. The UEFI firmware provides a rich API that the application calls through function pointers.