QEMU emulated hardware:
- i440fx northbridge
- National Semiconductor 16550a UART

```asm
[bits 16]
[org 0xff000]

times (0xff0 - ($ - $$)) db 0x00

  mov eax, 0xcafeface
  hlt

times (0x2000 - ($ - $$)) db 0xf4
```

```sh
qemu-system-x86_64 \
  -monitor stdio \
  -no-reboot \
  -m 512M \
  -drive if=pflash,file=reset.bin,format=raw
```

- The BIOS flash is mapped in its entirety to a board-specific address. Here it looks like the
  right edge is always 00000000ffffffff, and it expands to the left as the size of the flash
  increases.
- The last 4096 bytes of flash are mapped to ff000 as well.

```
x/4096xb 0x00000000fffff000
```

Left edge moves left as we add more to the ROM image.
Last 4096 bytes of the ROM image are also mapped to 0xff000.

```
info mtree
00000000ffffe000-00000000ffffffff (prio 0, romd): system.flash0
```