semthex
04-02-2007, 11:27 PM
Well because I get a shit lot of mails on how this works here is a short explaination on the kernel which enables the AppleTV to run OSX:
The common OSX bases uses a set of Processor instructions commonly refered as SSE3, which is commonly used for speedy float point calculation. The Pentium M processor as present in the AppleTV does not "know" these instructions. The instruction set is SSE2 only.
The kernel includes a emulator which hooks up on illegal instructions issued and repalces them with propper calculation, in case it detects a SSE3 instruction. With the emulation inside the kernel, it is 100% capable now of running anything you can run on a stock Apple machine as well. The code itself is high optimized and written in assembler and runs completly from a memory area designed for speedy access (commpage), to aid speed and performance of your ATV.
Also the kernel requires some modification to TSC. For one there is a CPUID check which needs to be disabled. The CPUID check, which is present in the stock source prevents the kernel from running on a none CD or C2D processor and will result in the kernerl panic'in.
A thing which was fixed even to Apple's stock ATV kernel is the TSC granularity. Sometimes the way Apple calculates the granularity on Pentium M may cause a devided by zero panic, due to some design error in the Pentium M class processor family. This has been fixed by setting the granularity not to be calcualted but to 0x0F (thanks to netkas for pointing this out).
The last modification required is to disable the NX bit feature from the kernel. The NX bit is a security feature in newer Processors for preventing buffer overflow attacks. Sadly this feature is not really working anyways as it can be circumvanced by exploit writers with ease. After all the NX code threwn out of start.s the kernel is ready to go.
I hope I could shed some ligth on what is going on here. If anyone gots a question, feel free to ask. The source for the kernel will be published later on as required by APSL*.
If anyone got a question on this, feel free to ask :)
Note: the emualtion is added to special "dropzones" after the kernel was compiled. It is not included in the sources.
The common OSX bases uses a set of Processor instructions commonly refered as SSE3, which is commonly used for speedy float point calculation. The Pentium M processor as present in the AppleTV does not "know" these instructions. The instruction set is SSE2 only.
The kernel includes a emulator which hooks up on illegal instructions issued and repalces them with propper calculation, in case it detects a SSE3 instruction. With the emulation inside the kernel, it is 100% capable now of running anything you can run on a stock Apple machine as well. The code itself is high optimized and written in assembler and runs completly from a memory area designed for speedy access (commpage), to aid speed and performance of your ATV.
Also the kernel requires some modification to TSC. For one there is a CPUID check which needs to be disabled. The CPUID check, which is present in the stock source prevents the kernel from running on a none CD or C2D processor and will result in the kernerl panic'in.
A thing which was fixed even to Apple's stock ATV kernel is the TSC granularity. Sometimes the way Apple calculates the granularity on Pentium M may cause a devided by zero panic, due to some design error in the Pentium M class processor family. This has been fixed by setting the granularity not to be calcualted but to 0x0F (thanks to netkas for pointing this out).
The last modification required is to disable the NX bit feature from the kernel. The NX bit is a security feature in newer Processors for preventing buffer overflow attacks. Sadly this feature is not really working anyways as it can be circumvanced by exploit writers with ease. After all the NX code threwn out of start.s the kernel is ready to go.
I hope I could shed some ligth on what is going on here. If anyone gots a question, feel free to ask. The source for the kernel will be published later on as required by APSL*.
If anyone got a question on this, feel free to ask :)
Note: the emualtion is added to special "dropzones" after the kernel was compiled. It is not included in the sources.