Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Battle brews over unlocking PC secrets
CNet News ^ | 5 April 2005 | John G. Spooner

Posted on 04/05/2005 9:06:32 AM PDT by ShadowAce

As computer makers move to embed security features deep within the viscera of PCs, a fight is erupting over the BIOS, a rarely noticed but crucial application that controls a machine before the operating system can take over.

If the operating system is the equivalent of a computer's brain, then the BIOS, or Basic Input Output System, might be compared to the medula oblongata, the place where the brain meets the spine. The most primitive reflexes are governed here, well below the level of conscious thought. Typically, the BIOS announces its presence on start-up by flashing lights and whirring drives as it prepares a machine to receive higher level instructions.

Despite its little-seen role, the BIOS is a vital part of a PC, and its construction and installation are closely guarded by a small number of PC makers, such as Dell, and speciality BIOS programming firms for hire.

What's new:
Details about the basic software that lets your operating system get started are closely guarded. Critics of BIOS secrecy want to force the door open so consumers take charge of their own computers.

Bottom line:
Makers of BIOS software get proprietary information from chipmakers and others. As critics call for free BIOS software, expect those who hold the secrets to try to tighten their grips.

More stories on BIOS

Now, some critics are for the first time seeking to force the industry to abandon its hallmark secrecy. As the BIOS becomes more powerful, these critics argue, consumers must be allowed to freely develop their own alternatives to ensure they keep control of their devices--and that means the industry must open up.

"We need a free BIOS, because if we don't control the BIOS we don't control our computers," said Richard Stallman, president of the Free Software Foundation, a Boston-based organization dedicated to promoting the use of, modification and redistribution of computer programs. "It puts me in an ethically compromised position to have a non-free program in my machine."

The free BIOS initiative comes at a time when the BIOS is undergoing the first major change in its history--a transition from machine code-based BIOS to a new framework dubbed the Extensible Firmware Interface, or EFI. At the same time, efforts to secure PCs through hardware-based defenses are leading critics like Stallman to warn of a pending loss of consumer control over their devices.

The FSF has spearheaded numerous campaigns lobbying for greater consumer control over software. The group now plans to mount a campaign to open up specifications required to write BIOSes. The free BIOS movement that Stallman advocates would let people install, modify and redistribute BIOS software--although not necessarily free of charge. Significantly, that would allow people to circumvent some pending security enhancements, including pending digital-rights management features aiming to prevent unauthorized use of confidential corporate documents and other copyright materials, if they chose to do so.

Given the closely held nature of the BIOS business, Stallman and the FSF are likely to face resistance from hardware and BIOS makers. Many already contend that creating free BIOS software just for the sake of it being free has limited value to computer users. Executives at BIOS makers and Intel argue instead that the tightly controlled BIOS model used today helps maintain PCs' security and stability, as well as foster competition by protecting companies' intellectual property.

"Neither you nor I, as a user of a computer, has any reason to change the BIOS...unless it's broken," said Jonathan Joseph, CEO of BIOS maker Insyde Software. "You're not going to type any faster in (Microsoft) Word because you have a new BIOS. The only thing you hide in BIOS is broken hardware."

Others cite guarding against hackers as a reason to keep BIOS closely held.

"The one thing we have to worry about first is security. What do you think would happen if there was a virus that started reflashing PCs" BIOS software, said Mike Goldgof, senior vice president of marketing at Phoenix Technologies. "If it ever happened on a large scale, I think a lot of PCs would start turning into bricks. What people take for granted...is the reliability of the (BIOS) firmware today."

Intel, for its part, has proposed a middle ground of sorts by open sourcing technology it calls Tiano. Tiano is its implementation of a framework for creating a BIOS replacement, with its own set of drivers to turn on elements of the PC such as the processor, based on EFI. Committing it to open source means others will be able to download it from a Web site called TianoCore.org and use it to make products under the Berkley Software Distribution, or BSD, license. The BSD will allow anyone who uses it to change it and create products out of it. But it does not require they provide the changes they made to others via open source, which provides the means to help companies protect intellectual property.

The effort by Intel creates a framework for a BIOS replacement, and thus could become the basis for free BIOSes. But it leaves the work of writing the code that initializes PC components to the downloader. One licensee likened it to having to build a race car. Intel, he said, provides race rules and the car's frame but leaves licensees to do their own engine, suspension, body work and other elements if they want to enter a race.

'Evil' companies?

Stallman argues instead that Intel is not doing enough and BIOS makers are not needed. Instead, he wants information.

"We're not wanting to do anything with the BIOSes from Phoenix or any of the others," he said. "We're not asking them to do anything, any more than we're asking Microsoft to do anything. These (companies) are evil. You can't expect them to do anything just because you ask them to. Our goal is to escape from them."

Thus, the free BIOS effort, as Stallman sees it happening, will essentially bypass traditional BIOS makers and instead focus on appealing to hardware manufacturers. The campaign will ask those companies, including PC makers and motherboard makers, to make available specifications on their products to allow free software writers to create BIOSes for them.

Stallman also dismisses rebuttals that free BIOS would compromise a PC's security, stability or reveal companies' proprietary chip, motherboard or other product information.

"Each one could be saying, 'If the others knew what we were doing, it would help them tremendously.' It might be true in a few cases, but it's impossible in all cases," Stallman said. "They can't all be sitting on secrets that are beyond the ken of their competitors. They can't all be the ones that know more than everybody else."

Moreover, detailed chip and motherboard information will not be required to create a free BIOS, he said. Instead, free BIOS makers would need access to closely held instructions, such as how a BIOS loads and how it initializes various devices inside a PC.

A free BIOS would also help circumvent, if necessary, digital-rights management, allowing people to run any software they choose on their PCs. In theory, the BIOS can be used to aid security technology, as it initializes hardware such as security chips.

Although BIOS makers and Intel say the BIOS' role is limited to helping get those elements of a system up and running along with the rest of it, a BIOS writer could write around them in order to shut them off, if needed, Stallman said.

"DRM is theft," he said. "The idea of the free software movement is you should be in control of your own computer. Treacherous competing (his term for so-called trusted computing) is a scheme to make sure you're not in control."

Ultimately, the free BIOS would emulate software such as the LinuxBIOS-- a free BIOS that's already in existence for Linux, but does not work with a large number of PCs--on a much broader scale.

"It's generally known that free software is very secure and very reliable," Stallman said. "If there's a bug in the BIOS, the only thing that will happen is some part of your machine won't work and that bug would be quite noticeable and it would be fixed, presuming that the information was available."

But that's the rub. Detailed specifications on cutting-edge PC hardware may be tough to come by. The information given to BIOS makers now is granted under nondisclosure and it's not clear whether companies such as Intel, PC makers like Dell, or motherboard makers would reveal even a little bit of information.

"You'd need to know the confidential information about the chips to write" a free BIOS, Insyde Software's Joseph said. Right now, "that info is only available on old hardware that nobody really cares about anymore."

That, however, won't stop Stallman from asking.


TOPICS: Business/Economy; Culture/Society; Technical
KEYWORDS: bios; computers; free
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-70 next last
To: general_re
The solution's pretty simple, though - if you find current mobos philosophically objectionable, go build your own, soup to nuts, and make your own BIOS to go with it.

Here's a much better solution - Get a Mac. It's 100% BIOS-free and uses Open Firmware instead. Unlike BIOS, it simply boots the machine without tracking or restricting the user.

21 posted on 04/05/2005 9:38:20 AM PDT by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 4 | View Replies]

To: E. Pluribus Unum

Well yeah, but it's not like Microsoft's Windows Updates.


22 posted on 04/05/2005 9:39:56 AM PDT by Lunatic Fringe (North Texas Solutions http://ntxsolutions.com)
[ Post Reply | Private Reply | To 12 | View Replies]

To: HAL9000
Uh--Open Firmware is a version of a BIOS.

Every computer uses a BIOS of some sort.

23 posted on 04/05/2005 9:40:48 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 21 | View Replies]

To: ShadowAce

These pee-pee-headed geeks seem to think they own the companies that make the hardware and software they use.


24 posted on 04/05/2005 9:48:28 AM PDT by Mr Ramsbotham (Laws against sodomy are honored in the breech.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MD_Willington_1976
What people take for granted...is the reliability of the (BIOS) firmware today

... which currently often can be flashed using software while the system is running. This is a non-argument.

25 posted on 04/05/2005 9:48:34 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 16 | View Replies]

To: antiRepublicrat
which currently often can must be flashed using software while the system is running.

Fixed it for ya. :)

26 posted on 04/05/2005 9:50:51 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 25 | View Replies]

To: ShadowAce

bump


27 posted on 04/05/2005 9:51:25 AM PDT by kimosabe31
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

Screw up the BIOS and there may be no way to fix it. A boot sector virus that require reformatting the hard drive is bad enough. A BIOS virus that screws up the BIOS might necessitate junking the whole motherboard.

I just did a couple of BIOS upgrades on two of my Dell computers, and it gives me a chill every time I do it. I cross myself, knock on wood, breathe a prayer, stick in the floppy, and reboot. If this process screws up, forget about it. No way to fix it. The last thing we need is a bunch of hackers out there messing with BIOS codes.


28 posted on 04/05/2005 9:54:17 AM PDT by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Uh--Open Firmware is a version of a BIOS.

In the generic sense, Open Firmware and PC BIOS serve similar functions. But the Mac environment, noone calls Open Firmware "BIOS".

The point is that Open Firmware works transparently. There are no backdoors to bypass the BIOS password, no embedded digital rights management, no serial numbers, etc.

29 posted on 04/05/2005 10:06:49 AM PDT by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 23 | View Replies]

To: ShadowAce
"DRM is theft," he said. "The idea of the free software movement is you should be in control of your own computer. Treacherous competing (his term for so-called trusted computing) is a scheme to make sure you're not in control."

Stallman is an idiot. It's that simple.
30 posted on 04/05/2005 10:14:37 AM PDT by Bush2000
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lunatic Fringe
Well yeah, but it's not like Microsoft's Windows Updates.

You say that like it's a bad thing. ;^P

31 posted on 04/05/2005 10:14:41 AM PDT by E. Pluribus Unum (Drug prohibition laws help fund terrorism.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: ShadowAce
Fixed it for ya. :)

I can still flash off a floppy. But the point is someone could right now make a virus to flash your BIOS into oblivion, so this guy's scare tactics don't work.

32 posted on 04/05/2005 10:27:58 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 26 | View Replies]

To: antiRepublicrat
...so this guy's scare tactics don't work.

I know. Just funnin' wit' ya a little. BTW--even flashing off a floppy means the system has to be running.

33 posted on 04/05/2005 10:30:43 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Cicero
Screw up the BIOS and there may be no way to fix it.

I play with my hardware. I play with my software. I even play with Regedit. I wouldn't think of playing with my BIOS.

34 posted on 04/05/2005 10:35:14 AM PDT by PAR35
[ Post Reply | Private Reply | To 28 | View Replies]

To: Cicero; Bush2000
The last thing we need is a bunch of hackers out there messing with BIOS codes

I still don't see any increased danger. So, the BIOS is closed. Reverse-engineer the flashing software and modify it. That's what people did with DVD drive firmware. In direct opposition to MPAA schemes, I can play all of my legally purchased Region 2 DVDs on my computer now that I've flashed my DVD drive with a reverse-engineered firmware updater that stops the reader from counting down to the time when it'll be stuck at only one region.

It is exactly this kind of consumer control and fair use that will be hindered when DRM is embedded into the hardware. That's why it's a bad thing and why Stallman is right in concept (stripped of all the extremist hippie talk).

35 posted on 04/05/2005 10:36:42 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 28 | View Replies]

To: ShadowAce
ven flashing off a floppy means the system has to be running.

I guess I should have written what I meant -- Operating System.

36 posted on 04/05/2005 10:37:18 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 33 | View Replies]

To: ShadowAce

Not on any of my mainboards...winflash is junk..


37 posted on 04/05/2005 10:39:23 AM PDT by MD_Willington_1976
[ Post Reply | Private Reply | To 26 | View Replies]

To: ShadowAce
Very interesting article. Thanks for posting!

Soon we will have 'The Microsoft BIOS' making the operation your BIOS easy and fun!

Be sure you run your Microsoft BIOS update software regularly to take advantage of easy updates, and also remember to run your Microsoft BIOS Easy Firewall and BIOS Antivirus.

/sarcasm
38 posted on 04/05/2005 10:39:36 AM PDT by KoRn (~Halliburton Told Me......)
[ Post Reply | Private Reply | To 2 | View Replies]

To: antiRepublicrat
But the point is someone could right now make a virus to flash your BIOS into oblivion

Actually, it's happened numerous times already. The problem with these viruses is that they tend to nuke the computer before they can spread very far, so their propogation is self-limited.

The biggest one I remember was in the early 90's, and it was a floppy transmitted self propogating trojan. IIRC, it sat on your computer spawning itself onto whatever unfortunate floppy you inserted until D-Day arrived. That morning, many thousands of people found bricks in their offices where their computers once sat.

Nobodies tried one recently because most virus writers are more interested in setting up dumb proxies, email relays, or DDOS zombies, not in doing actual damage to the computers. Still, there's no reason to think that someone couldn't attach the same kind of payload today to a more modern email Trojan and do serious damage.

One advantage we'd have, though, is that the virus has to specifically support the bios in the host machine. A bios virus written to attack a Dell bios won't do any real damage to a machine with a Phoenix bios, so the bios virus writers would have to specifically support all of the major bios types on the market. That tends to make the virus fairly large, and would slow its propogation.
39 posted on 04/05/2005 10:41:53 AM PDT by Arthalion
[ Post Reply | Private Reply | To 32 | View Replies]

To: antiRepublicrat
I guess I should have written what I meant

LOL! I know. I can get kinda anal at times. But it was to be in good fun.

40 posted on 04/05/2005 10:46:34 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 36 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-70 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson