The Amiga supports several ROM/Kickstart "banks"; The original A1000 bank is a 256k chunk starting at $FC0000, this was used right up until the first KS 1.4 (alpha) release, then there was a move to use 512k kickstarts starting at $F80000 (an extra 256k)
The CDTV was an exception as it uses $F00000 for its extended ROM, these are separate physical ROMs (also uses $200000 for the VCD/mpeg CD32 cart ROM - unsure about this as resources seem to contradict)
This was pretty much the same until the CD32 which has a 1Mb kickstart, or, more correctly an original 512k kickstart at $F80000 and an extended kickstart at $E00000.
The A500+/A600/A1200/CD32 are all (electrically) capable of addressing a further 1Mb of space at $A80000 without any hardware modifications.
256k Kickstart 0xFC0000 - 0xFFFFFF 256k chunk
512k Kickstart 0xF80000 - 0xFFFFFF 512k chunk, overlaps the 256k chunk, but starts earlier
1Mb Kickstart 0xF80000 - 0xFFFFFF 512k chunk 0xE00000 - 0xE7FFFF 512k chunk
2Mb Kickstart 0xF80000 - 0xFFFFFF 512k chunk 0xE00000 - 0xE7FFFF 512k chunk 0xA80000 - 0xB7FFFF 1Mb chunk Note, these banks are not contiguous.
There are also other areas used for loading additonal ROMs, "expansion" ROMs can appear at $E80000 (and maybe $E90000), but they get copied from there (there's also the ZorroIII address $FF000000, but I'll ignore 32bit addresses here for now).
Because of these various chunks and the way that the Amiga maps kickstart addresses on startup various ROMs may try and execute at different times, to keep this under control, it uses a ROMHEADER, the original 256k ROM starts at $FC0000
When you build a 1Mb ROM, you're not really building a 1Mb ROM, you're building a 512k ROM at $F80000 and a 512k ROM at $E00000, so you need to give the $E00000 ROM a ROMHEADER too.
When the 680x0 starts, it maps the rom to address 0x0000000 (this is called "overlay" or OVL), then starts executing at address 0x000002 (the first two bytes of the Kickstart identify the size of the first bank used) when execution starts at the proper ROM address it can turn overlay off which means the address 0x000000 then is mapped properly to the first bank of chip ram
Kickstart 1.3 (A500) 256k ROMHEADER 0x000000 1111 ChipID 256k 0x000002 4EF9 00FC 00D2 JMP $FC00D2
Kickstart 2.05 (A600) 512k ROMHEADER 0x000000 1114 ChipID 512k 0x000002 4EF9 00F8 00D2 JMP $F800D2
You may even see this in the form of a ROMHEADER half way through some 512k ROMs, colloqually known as "Kickity-Split", this was just a backward-compatible "hack" in case programmers assumed the reset code as at $FC0002.
Kickstart 2.05 (A600) 512k Kickety-Split 0x004000 1111 ChipID 256k 0x004002 4EF9 00F8 0002 JMP $F80002
The way that the Amiga knows what Kickstart banks are present is by using a "scantable". The scantable is stored in exec, it's a list of areas in the memory to search in pairs of long words, it's make up will vary depending on the version of exec/kickstart (and target machine).
Kickstart 1.2 exec - 1.3 is the same, just in a different place 0xFC04E4 00FC0000 01000000 0xFC0000 - 0x01000000 0xFC04EC 00FC0000 01000000 0xFC0000 - 0x01000000 0xFC04F4 00F00000 00F80000 0xF00000 - 0xF80000 "Extended ROM" e.g. CDTV 0xFC04FC FFFFFFFF End of scantable
Kickstart 2.05 exec (37.299) most of the 2.0 - 3.1 kickstarts are the same 0xF80346 00F80000 01000000 0xF80000 - 0x01000000 0xF8034E 00F00000 00F80000 00F00000 - 0xF80000 "Extended ROM" 0xF80356 FFFFFFFF End of scantable
Kickstart 3.1 exec (CD32 - 1Mb kickstart) 0xF8036A 00F80000 01000000 0xF80000 - 0x01000000 "Normal kickstart" 0xF80372 00E00000 00E80000 0xE00000 - 0xE80000 "Extended ROM" 0xF8037A 00A80000 00B80000 0xA80000 - 0xB80000 "FMV ROM" - Although, the ROM I have has a ROMBASE of $200000 0xF80382 00F00000 00F80000 0xF00000 - 0xF80000 "Extended/Flash ROM" 0xF8038A FFFFFFFF End of scantable
In 3.1.4/3.2 it also has an "exclude".
Kickstart 3.2 0xF80410 00F80000 00F840C0 0xF80000 - 0xF840C0 "Exclude from scan" - this is different in 3.1.4 as exec is different 0xF80418 00F80000 01000000 0xF80000 - 0x01000000 "Normal kickstart" 0xF80420 00F00000 00F80000 00F00000 - 0xF80000 "Extended ROM" 0xF80428 FFFFFFFF End of scantable
These are "standard" scantables - if you want to build a custom size ROM you may have to update these.
The whole point of the ROM is to hold the libraries and devices, these are stored using library header which has a ROMTAG magic word, this is basically an illegal 680000 opcode (RTC_MATCHWORD) followed by a ROM address which should match the address of the magic number
For example $4AFC00FC00B6, $4AFC is the magic word, and the next 4 bytes $00FC00B6 should be the address of the magic word (if it's valid)
The ROMTAG structure allows exec to find the devices and libraries in ROM (using the scantable ranges) and initialise/load them.
Markus Wandel dissassembled the 1.2 exec back in 1989, here's the exec ROMTAG structure from his page
FC00B6 4AFC RTC_MATCHWORD (start of ROMTAG marker) FC00B8 00FC00B6 RT_MATCHTAG (pointer RTC_MATCHWORD) FC00BC 00FC323A RT_ENDSKIP (pointer to end of code) FC00C0 00 RT_FLAGS (no flags) FC00C1 21 RT_VERSION (version number) FC00C2 09 RT_TYPE (NT_LIBRARY) FC00C3 78 RT_PRI (priority = 126) FC00C4 00FC00A8 RT_NAME (pointer to name) FC00C8 00FC0018 RT_IDSTRING (pointer to ID string) FC00CC 00FC00D2 RT_INIT (execution address)
The kickstart checksum is a very simple algorithm, to generate and store a new checksum;
CHECKSUM=0 Starting at the beginning of the rom, read in 4 byte chunks (treat each as an unsigned long word) Add the unsigned word to CHECKSUM If CHECKSUM overflows (wraps round past 0xFFFFFFFF) increment CHECKSUM by 1
While reading these long words don't add the current checksum in the ROM (24 bytes from the end of the ROM)
Subtract this CHECKSUM from 0xFFFFFFFF and store this 4 byte unsigned long word 24 bytes from the end of the ROM
Of course, if you just wanted to validate the checksum (and you didn't care what it is), you can run the algorithm (including the checksum position) and the result should be 0xFFFFFFFF
The size of the ROM is stored at 20 bytes from the end of the ROM and is the size in bytes (e.g. 0x.00080000 = 524288 = 512k)
The final 16 bytes are "hardware interrupt vectors", and don't vary much between the versions of the kickstart ROMs.