Posted on 04/05/2005 9:06:32 AM PDT by ShadowAce
As computer makers move to embed security features deep within the viscera of PCs, a fight is erupting over the BIOS, a rarely noticed but crucial application that controls a machine before the operating system can take over.
If the operating system is the equivalent of a computer's brain, then the BIOS, or Basic Input Output System, might be compared to the medula oblongata, the place where the brain meets the spine. The most primitive reflexes are governed here, well below the level of conscious thought. Typically, the BIOS announces its presence on start-up by flashing lights and whirring drives as it prepares a machine to receive higher level instructions.
Despite its little-seen role, the BIOS is a vital part of a PC, and its construction and installation are closely guarded by a small number of PC makers, such as Dell, and speciality BIOS programming firms for hire.
What's new:
Details about the basic software that lets your operating system get started are closely guarded. Critics of BIOS secrecy want to force the door open so consumers take charge of their own computers.
Bottom line:
Makers of BIOS software get proprietary information from chipmakers and others. As critics call for free BIOS software, expect those who hold the secrets to try to tighten their grips.
Now, some critics are for the first time seeking to force the industry to abandon its hallmark secrecy. As the BIOS becomes more powerful, these critics argue, consumers must be allowed to freely develop their own alternatives to ensure they keep control of their devices--and that means the industry must open up.
"We need a free BIOS, because if we don't control the BIOS we don't control our computers," said Richard Stallman, president of the Free Software Foundation, a Boston-based organization dedicated to promoting the use of, modification and redistribution of computer programs. "It puts me in an ethically compromised position to have a non-free program in my machine."
The free BIOS initiative comes at a time when the BIOS is undergoing the first major change in its history--a transition from machine code-based BIOS to a new framework dubbed the Extensible Firmware Interface, or EFI. At the same time, efforts to secure PCs through hardware-based defenses are leading critics like Stallman to warn of a pending loss of consumer control over their devices.
The FSF has spearheaded numerous campaigns lobbying for greater consumer control over software. The group now plans to mount a campaign to open up specifications required to write BIOSes. The free BIOS movement that Stallman advocates would let people install, modify and redistribute BIOS software--although not necessarily free of charge. Significantly, that would allow people to circumvent some pending security enhancements, including pending digital-rights management features aiming to prevent unauthorized use of confidential corporate documents and other copyright materials, if they chose to do so.
Given the closely held nature of the BIOS business, Stallman and the FSF are likely to face resistance from hardware and BIOS makers. Many already contend that creating free BIOS software just for the sake of it being free has limited value to computer users. Executives at BIOS makers and Intel argue instead that the tightly controlled BIOS model used today helps maintain PCs' security and stability, as well as foster competition by protecting companies' intellectual property.
"Neither you nor I, as a user of a computer, has any reason to change the BIOS...unless it's broken," said Jonathan Joseph, CEO of BIOS maker Insyde Software. "You're not going to type any faster in (Microsoft) Word because you have a new BIOS. The only thing you hide in BIOS is broken hardware."
Others cite guarding against hackers as a reason to keep BIOS closely held.
"The one thing we have to worry about first is security. What do you think would happen if there was a virus that started reflashing PCs" BIOS software, said Mike Goldgof, senior vice president of marketing at Phoenix Technologies. "If it ever happened on a large scale, I think a lot of PCs would start turning into bricks. What people take for granted...is the reliability of the (BIOS) firmware today."
Intel, for its part, has proposed a middle ground of sorts by open sourcing technology it calls Tiano. Tiano is its implementation of a framework for creating a BIOS replacement, with its own set of drivers to turn on elements of the PC such as the processor, based on EFI. Committing it to open source means others will be able to download it from a Web site called TianoCore.org and use it to make products under the Berkley Software Distribution, or BSD, license. The BSD will allow anyone who uses it to change it and create products out of it. But it does not require they provide the changes they made to others via open source, which provides the means to help companies protect intellectual property.
The effort by Intel creates a framework for a BIOS replacement, and thus could become the basis for free BIOSes. But it leaves the work of writing the code that initializes PC components to the downloader. One licensee likened it to having to build a race car. Intel, he said, provides race rules and the car's frame but leaves licensees to do their own engine, suspension, body work and other elements if they want to enter a race.
'Evil' companies?
Stallman argues instead that Intel is not doing enough and BIOS makers are not needed. Instead, he wants information.
"We're not wanting to do anything with the BIOSes from Phoenix or any of the others," he said. "We're not asking them to do anything, any more than we're asking Microsoft to do anything. These (companies) are evil. You can't expect them to do anything just because you ask them to. Our goal is to escape from them."
Thus, the free BIOS effort, as Stallman sees it happening, will essentially bypass traditional BIOS makers and instead focus on appealing to hardware manufacturers. The campaign will ask those companies, including PC makers and motherboard makers, to make available specifications on their products to allow free software writers to create BIOSes for them.
Stallman also dismisses rebuttals that free BIOS would compromise a PC's security, stability or reveal companies' proprietary chip, motherboard or other product information.
"Each one could be saying, 'If the others knew what we were doing, it would help them tremendously.' It might be true in a few cases, but it's impossible in all cases," Stallman said. "They can't all be sitting on secrets that are beyond the ken of their competitors. They can't all be the ones that know more than everybody else."
Moreover, detailed chip and motherboard information will not be required to create a free BIOS, he said. Instead, free BIOS makers would need access to closely held instructions, such as how a BIOS loads and how it initializes various devices inside a PC.
A free BIOS would also help circumvent, if necessary, digital-rights management, allowing people to run any software they choose on their PCs. In theory, the BIOS can be used to aid security technology, as it initializes hardware such as security chips.
Although BIOS makers and Intel say the BIOS' role is limited to helping get those elements of a system up and running along with the rest of it, a BIOS writer could write around them in order to shut them off, if needed, Stallman said.
"DRM is theft," he said. "The idea of the free software movement is you should be in control of your own computer. Treacherous competing (his term for so-called trusted computing) is a scheme to make sure you're not in control."
Ultimately, the free BIOS would emulate software such as the LinuxBIOS-- a free BIOS that's already in existence for Linux, but does not work with a large number of PCs--on a much broader scale.
"It's generally known that free software is very secure and very reliable," Stallman said. "If there's a bug in the BIOS, the only thing that will happen is some part of your machine won't work and that bug would be quite noticeable and it would be fixed, presuming that the information was available."
But that's the rub. Detailed specifications on cutting-edge PC hardware may be tough to come by. The information given to BIOS makers now is granted under nondisclosure and it's not clear whether companies such as Intel, PC makers like Dell, or motherboard makers would reveal even a little bit of information.
"You'd need to know the confidential information about the chips to write" a free BIOS, Insyde Software's Joseph said. Right now, "that info is only available on old hardware that nobody really cares about anymore."
That, however, won't stop Stallman from asking.
Here's a much better solution - Get a Mac. It's 100% BIOS-free and uses Open Firmware instead. Unlike BIOS, it simply boots the machine without tracking or restricting the user.
Well yeah, but it's not like Microsoft's Windows Updates.
Every computer uses a BIOS of some sort.
These pee-pee-headed geeks seem to think they own the companies that make the hardware and software they use.
... which currently often can be flashed using software while the system is running. This is a non-argument.
Fixed it for ya. :)
bump
Screw up the BIOS and there may be no way to fix it. A boot sector virus that require reformatting the hard drive is bad enough. A BIOS virus that screws up the BIOS might necessitate junking the whole motherboard.
I just did a couple of BIOS upgrades on two of my Dell computers, and it gives me a chill every time I do it. I cross myself, knock on wood, breathe a prayer, stick in the floppy, and reboot. If this process screws up, forget about it. No way to fix it. The last thing we need is a bunch of hackers out there messing with BIOS codes.
In the generic sense, Open Firmware and PC BIOS serve similar functions. But the Mac environment, noone calls Open Firmware "BIOS".
The point is that Open Firmware works transparently. There are no backdoors to bypass the BIOS password, no embedded digital rights management, no serial numbers, etc.
You say that like it's a bad thing. ;^P
I can still flash off a floppy. But the point is someone could right now make a virus to flash your BIOS into oblivion, so this guy's scare tactics don't work.
I know. Just funnin' wit' ya a little. BTW--even flashing off a floppy means the system has to be running.
I play with my hardware. I play with my software. I even play with Regedit. I wouldn't think of playing with my BIOS.
I still don't see any increased danger. So, the BIOS is closed. Reverse-engineer the flashing software and modify it. That's what people did with DVD drive firmware. In direct opposition to MPAA schemes, I can play all of my legally purchased Region 2 DVDs on my computer now that I've flashed my DVD drive with a reverse-engineered firmware updater that stops the reader from counting down to the time when it'll be stuck at only one region.
It is exactly this kind of consumer control and fair use that will be hindered when DRM is embedded into the hardware. That's why it's a bad thing and why Stallman is right in concept (stripped of all the extremist hippie talk).
I guess I should have written what I meant -- Operating System.
Not on any of my mainboards...winflash is junk..
LOL! I know. I can get kinda anal at times. But it was to be in good fun.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.