Identification of 32-bit x86 CPUs based on reset signature

All the brand names used here belong to their owners.

last update: 2000-09-11
Revision history:
2000-09-01 - update of BIOS reset signatures info
1996-05-20 - procedures described
1996-04-04 - initial version, not yet finished

This part of article describes recognition of 32-bit CPUs using reset signature.

Some background

Starting with 386, all the 32-bit CPUs in x86 family provide basic identification mechanism available to system firmware (like BIOS in PCs). Immediately after hardware reset EDX register contains chip id signature, containing info on CPU type and mask revision.

The real problem is how to get the signature long time after reset. There are two kinds of solutions.

Getting reset signature from BIOS

There are two BIOS functions for getting the CPU signature. Unfortunately it's very hard to find a PC with BIOS implementing any one of them, so the following description is for reference rather than for practical use.

Both BIOS functions supposed to return CPU information are called with INT 15h. They use different arguments in AX and return info in different format.

AX=0xC910
This function is present in IBM PS/2 BIOSes, verified to work at least on model 9556.
Returns with carry set if error/not supported, otherwise the reset signature is returned in CX.

AX=0xDA92
Returns with carry set if error/not supported, otherwise the reset signature is returned in BX:AX. (Not reliable???)

(The description of above functions was taken from Ralf Brown Interrrupt List, ver 61.)

Getting the reset signature using shutdown

The task is very difficult and not always possible. To be precise, there are three different methods of getting the signature. The method described below is the simplest one, least tricky and usually most succesful.

After hardware reset BIOS examines byte in CMOS RAM (caused shutdown byte) to get the cause of reset. There are several possibilities, because hardware reset was used for many purposes, like putting 286 or old 386s into real mode (from protected mode). There are two kinds of shutdowns (with associated values of SHDN byte) interesting for us:

Shutdown 0A returns control almost immediately after reset to memory location pointed to by contents of memory locations 67..6A in BIOS data segment: 0040:0067 = offset, 0040:0069 = segment.

Shutdown 05 behaves similarly, but it also re-initializes interrupt controllers properly. While reinitializing, it almost surely looses the signature.

The solution is to use shutdown 0A to get the signature, and then 05 to restore interrupts to their proper state. The proper sequence of actions is as follows

get int masks from both PICs, save them and set new masks disabling all ints
save the value of shutdown byte
set the return address in 0040:0067..006A
set shutdown byte to 0A
disable NMI (and all strange NMI sources)
save all regs (including SP and SS!)
shutdown the CPU (a good method is to use lidt with all-zero args)
(return from shutdown 0A): restore regs, save EDX (containing signature)
prepare for shutdown 05 as before
(return from shutdown 05) - restore registers
restore shutdown byte, NMI state and masks in PICs

At this point we can restore the saved the value of EDX. Now we have 3 possibilities (from best to worse)

Signature is in EDX where it belongs (precisely: in DX).
Signature is in EDX, bits 31..16, because the BIOS was clever enough to save it there for us before thrashing DX, but not clever enough to move it back to DX - this is the most frequent case.
Signature is nowhere, because the BIOS thrashed it.

Interpreting the signature

The real signature is only 16 bits long and it is contained in DX.

Intel and alikes

The following info applies to all Intel and AMD chips, NexGen chips after late'95 and to most Cyrix/TI/IBM/ST chips. See the next sections for info on earlier NexGen and some variations of Cyrix family chips.

The format of signature slightly differs between 386-class chips and others. In 386-alikes (including IBM 486 chips) signature has the form model(4b)-family(4b)-mask(8b). In 486+ chips format is type(4b)-family(4b)-model(4b)-mask(4b), and is similar (in most cases identical) to CPUID signature.

Interpreting the signature of 386-class chips (family = 3) and IBM 486 chips (family = 4)

Type/Model/family/mask

03xx - 386, 386DX, RapidCAD (32-bit bus)

030x - 386/386DX

0300 - A
0303 - B1..B10
0305 - Intel rev. D0; AMD rev. A
0308 - D1,D2,Ex,Fx; AMD-B

034x - RapidCAD

0340 - A
0341 - B

23xx - 386SX (16-bit data bus, 24-bit address bus)
33xx - Intel 80376
43xx - Intel 386SL
84xx - IBM 486 BL
A3xx - IBM 386SLC
A4xx - IBM 486SLC family

A41x - 486SLC
A42x - 486SLC2
A43x - 486SLC3

Interpreting the signature of 486+ chips (family > 3)

Meaning of type field:

0 - "normal"
1 - overdrive
2 - 2nd CPU in dual-processor system

If the CPU supports CPUID, its reset signature is identical to CPUID signature returned by CPUID #1. The table below lists only reset signatures of chips that don't support CPUID. CPUID signatures can be found on CPUID page.

Family / Model / Mask:

4 - 486, models:

0 - Intel 486 DX
1 - Intel 486DX 50 or any AMD 486DX
2 - Intel 486SX
3 - Intel/AMD 486DX2, AMD 486DX4NV8T

2 - AMD 486DX2/DX4 NV8T
4 -
5 - Intel 486DX2 with CPUID support
6 - impossible !

4 - Intel 486SL
5 - Intel 486SX2
7 - 486 DX2, write back cache

0 - Intel P24D (WT/WB mode can be determined using CPUID, reset signature is always 0470)
4 - AMD 486DX

5 - Pentium - all Pentiums support CPUID, so look into CPUID description for signature values
6 - PentiumPro - as above

Early NexGen (until late 1995)

These chips have very non-standard signatures.

(soon...)

Strange Cyrix/TI/ST/IBM signatures

Some series of Cyrix family chips, namely 486DX/DX2/DX4, 5x86 and 6x86 return the value of DIR0:DIR1 as their reset signature. This was a problem, and Cyrix corrected it in late 1995/ early 1996, so that newer chips return signatures resembling those of Intel CPUs. Note that earlier Cyrix chips (like 486DLC) return "normal" siganture.

The "strange" signature has the form DX[15..8] = DIR0, DX[7..0] = DIR1, so while interpreted in standard way it shows family = 3 for typical 6x86 (almost-Pentium-compatible).