minuszerodegrees.net

IBM 5160 - RAM Sizing Flaw in BIOS

SCENARIO #1 - ALL RAM IS GOOD

In this scenario, all RAM is good.
The 'HOW-BIG' below is the routine in the POST that determines how much total RAM there is.

The HOW-BIG routine looks to see if there is a 64K block of RAM starting at 64K.
It does this by first writing AAh to address 10000h and 55h to address 10001h

0FFFE:
0FFFF:

10000: AA
10001: 55
10002:
10003:

It reads back AAh from 10000h and 55h from address 10001h and so assumes that there is 64K of RAM starting at the 64K mark.

The HOW-BIG routine goes on to check the next 64K block (128K to 192K).
It does this by first writing AAh to address 20000h and 55h to address 20001h

1FFFE:
1FFFF:

20000: AA
20001: 55
20002:
20003:

It reads back AAh from 20000h and 55h from address 20001h and so assumes that there is 64K of RAM starting at the 128K mark.

The HOW-BIG routine goes on to check the next 64K block (192K to 256K).

And so on, and so on.

SCENARIO #2 - BAD RAM CHIP IN 128K-192K

So let's look at the sitation where the bit 1 chip in the 128K-192K bank is faulty, and faulty in a way that results in it always returning 0 (i.e. all addresses in the chip affected).

The HOW-BIG routine will determine that there is RAM up to 128K.
It will go on to see if there is a 64K block of RAM starting at 128K (where our bad RAM is).
The HOW-BIG routine will write AAh to address 20000h and 55h to address 20001h.

1FFFE:
1FFFF:

20000: AA (bit7=1, bit6=0, bit5=1, bit4=0, bit3=1, bit2=0, bit 1=1, bit0=0)
20001: 55 (bit7=0, bit6=1, bit5=0, bit4=1, bit3=0, bit2=1, bit 1=0, bit0=1)
20002:
20003:

When the HOW-BIG routine reads back addresses 20000h/20001h, it will read back A8h/55h (expecting AAh/55h).
Consequently, the HOW-BIG routine then incorrectly assumes that there is no RAM past the 128K address.

SCENARIO #3 - BAD RAM CHIP IN 128K-192K

But in some circumstances, the HOW-BIG routine does get it right. It depends on the type of failure.

In this scenario, the bit 1 chip in the 128K-192K bank is faulty, but faulty only at its third address.

1FFFE:
1FFFF:

20000: AA (bit7=1, bit6=0, bit5=1, bit4=0, bit3=1, bit2=0, bit 1=1, bit0=0)
20001: 55 (bit7=0, bit6=1, bit5=0, bit4=1, bit3=0, bit2=1, bit 1=0, bit0=1)
20002: <--------- bit 1 bad at third address
20003:

The HOW-BIG routine will write AAh to address 20000h and 55h to address 20001h. It will read those same values back (those two addresses are good).
Consequently, it decides that there is RAM in the 64K block starting at the 128K mark, then goes on to look at the next 64K block.

Later, the RAM test [check every address and display a progress count on screen] will detect the faulty chip and produce a 201 error.