Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Battle brews over unlocking PC secrets
CNet News ^ | 5 April 2005 | John G. Spooner

Posted on 04/05/2005 9:06:32 AM PDT by ShadowAce

As computer makers move to embed security features deep within the viscera of PCs, a fight is erupting over the BIOS, a rarely noticed but crucial application that controls a machine before the operating system can take over.

If the operating system is the equivalent of a computer's brain, then the BIOS, or Basic Input Output System, might be compared to the medula oblongata, the place where the brain meets the spine. The most primitive reflexes are governed here, well below the level of conscious thought. Typically, the BIOS announces its presence on start-up by flashing lights and whirring drives as it prepares a machine to receive higher level instructions.

Despite its little-seen role, the BIOS is a vital part of a PC, and its construction and installation are closely guarded by a small number of PC makers, such as Dell, and speciality BIOS programming firms for hire.

What's new:
Details about the basic software that lets your operating system get started are closely guarded. Critics of BIOS secrecy want to force the door open so consumers take charge of their own computers.

Bottom line:
Makers of BIOS software get proprietary information from chipmakers and others. As critics call for free BIOS software, expect those who hold the secrets to try to tighten their grips.

More stories on BIOS

Now, some critics are for the first time seeking to force the industry to abandon its hallmark secrecy. As the BIOS becomes more powerful, these critics argue, consumers must be allowed to freely develop their own alternatives to ensure they keep control of their devices--and that means the industry must open up.

"We need a free BIOS, because if we don't control the BIOS we don't control our computers," said Richard Stallman, president of the Free Software Foundation, a Boston-based organization dedicated to promoting the use of, modification and redistribution of computer programs. "It puts me in an ethically compromised position to have a non-free program in my machine."

The free BIOS initiative comes at a time when the BIOS is undergoing the first major change in its history--a transition from machine code-based BIOS to a new framework dubbed the Extensible Firmware Interface, or EFI. At the same time, efforts to secure PCs through hardware-based defenses are leading critics like Stallman to warn of a pending loss of consumer control over their devices.

The FSF has spearheaded numerous campaigns lobbying for greater consumer control over software. The group now plans to mount a campaign to open up specifications required to write BIOSes. The free BIOS movement that Stallman advocates would let people install, modify and redistribute BIOS software--although not necessarily free of charge. Significantly, that would allow people to circumvent some pending security enhancements, including pending digital-rights management features aiming to prevent unauthorized use of confidential corporate documents and other copyright materials, if they chose to do so.

Given the closely held nature of the BIOS business, Stallman and the FSF are likely to face resistance from hardware and BIOS makers. Many already contend that creating free BIOS software just for the sake of it being free has limited value to computer users. Executives at BIOS makers and Intel argue instead that the tightly controlled BIOS model used today helps maintain PCs' security and stability, as well as foster competition by protecting companies' intellectual property.

"Neither you nor I, as a user of a computer, has any reason to change the BIOS...unless it's broken," said Jonathan Joseph, CEO of BIOS maker Insyde Software. "You're not going to type any faster in (Microsoft) Word because you have a new BIOS. The only thing you hide in BIOS is broken hardware."

Others cite guarding against hackers as a reason to keep BIOS closely held.

"The one thing we have to worry about first is security. What do you think would happen if there was a virus that started reflashing PCs" BIOS software, said Mike Goldgof, senior vice president of marketing at Phoenix Technologies. "If it ever happened on a large scale, I think a lot of PCs would start turning into bricks. What people take for granted...is the reliability of the (BIOS) firmware today."

Intel, for its part, has proposed a middle ground of sorts by open sourcing technology it calls Tiano. Tiano is its implementation of a framework for creating a BIOS replacement, with its own set of drivers to turn on elements of the PC such as the processor, based on EFI. Committing it to open source means others will be able to download it from a Web site called TianoCore.org and use it to make products under the Berkley Software Distribution, or BSD, license. The BSD will allow anyone who uses it to change it and create products out of it. But it does not require they provide the changes they made to others via open source, which provides the means to help companies protect intellectual property.

The effort by Intel creates a framework for a BIOS replacement, and thus could become the basis for free BIOSes. But it leaves the work of writing the code that initializes PC components to the downloader. One licensee likened it to having to build a race car. Intel, he said, provides race rules and the car's frame but leaves licensees to do their own engine, suspension, body work and other elements if they want to enter a race.

'Evil' companies?

Stallman argues instead that Intel is not doing enough and BIOS makers are not needed. Instead, he wants information.

"We're not wanting to do anything with the BIOSes from Phoenix or any of the others," he said. "We're not asking them to do anything, any more than we're asking Microsoft to do anything. These (companies) are evil. You can't expect them to do anything just because you ask them to. Our goal is to escape from them."

Thus, the free BIOS effort, as Stallman sees it happening, will essentially bypass traditional BIOS makers and instead focus on appealing to hardware manufacturers. The campaign will ask those companies, including PC makers and motherboard makers, to make available specifications on their products to allow free software writers to create BIOSes for them.

Stallman also dismisses rebuttals that free BIOS would compromise a PC's security, stability or reveal companies' proprietary chip, motherboard or other product information.

"Each one could be saying, 'If the others knew what we were doing, it would help them tremendously.' It might be true in a few cases, but it's impossible in all cases," Stallman said. "They can't all be sitting on secrets that are beyond the ken of their competitors. They can't all be the ones that know more than everybody else."

Moreover, detailed chip and motherboard information will not be required to create a free BIOS, he said. Instead, free BIOS makers would need access to closely held instructions, such as how a BIOS loads and how it initializes various devices inside a PC.

A free BIOS would also help circumvent, if necessary, digital-rights management, allowing people to run any software they choose on their PCs. In theory, the BIOS can be used to aid security technology, as it initializes hardware such as security chips.

Although BIOS makers and Intel say the BIOS' role is limited to helping get those elements of a system up and running along with the rest of it, a BIOS writer could write around them in order to shut them off, if needed, Stallman said.

"DRM is theft," he said. "The idea of the free software movement is you should be in control of your own computer. Treacherous competing (his term for so-called trusted computing) is a scheme to make sure you're not in control."

Ultimately, the free BIOS would emulate software such as the LinuxBIOS-- a free BIOS that's already in existence for Linux, but does not work with a large number of PCs--on a much broader scale.

"It's generally known that free software is very secure and very reliable," Stallman said. "If there's a bug in the BIOS, the only thing that will happen is some part of your machine won't work and that bug would be quite noticeable and it would be fixed, presuming that the information was available."

But that's the rub. Detailed specifications on cutting-edge PC hardware may be tough to come by. The information given to BIOS makers now is granted under nondisclosure and it's not clear whether companies such as Intel, PC makers like Dell, or motherboard makers would reveal even a little bit of information.

"You'd need to know the confidential information about the chips to write" a free BIOS, Insyde Software's Joseph said. Right now, "that info is only available on old hardware that nobody really cares about anymore."

That, however, won't stop Stallman from asking.


TOPICS: Business/Economy; Culture/Society; Technical
KEYWORDS: bios; computers; free
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-70 next last
To: Cicero
. The last thing we need is a bunch of hackers out there messing with BIOS codes.

Oh, I should also mention that BIOS hacking is really nothing new. Back in the old days we used to hack our BIOSes regularly to change the timings on the memory and ISA bus to improve computer performance in DOOM and Quake. That type of hacking has largely died out because the motherboard manufacturers caught on and gave us access to those settings through the CMOS setup screens, but I wanted to point out that there's really nothing magical about hacking the BIOS. It's not done today simply because the manufacturers went to an open model that made hacking it unneeded. If they move back to a closed model, we'll likely see a resurgence in the old craft.
41 posted on 04/05/2005 10:48:59 AM PDT by Arthalion
[ Post Reply | Private Reply | To 28 | View Replies]

To: Arthalion
A bios virus written to attack a Dell bios won't do any real damage to a machine with a Phoenix bios, so the bios virus writers would have to specifically support all of the major bios types on the market.

I was thinking of that, but by supporting just Dell, AMI and Phoenix you could get a HUGE chunk of the PCs in use today.

42 posted on 04/05/2005 10:51:32 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 39 | View Replies]

To: Lunatic Fringe
RARELY is there a need to update the BIOS.

There may just be, in order to implement Microsoft's Trusted Computing/DRM schemes.

43 posted on 04/05/2005 11:06:01 AM PDT by kezekiel
[ Post Reply | Private Reply | To 9 | View Replies]

To: tfecw
What do you think would happen if there was a virus that started reflashing PCs" BIOS software

It's been done, sort of. Back around 1997, my office got hit with the Anti-CMOS C virus. It's a vicious bug that changes the hard disk settings in the BIOS, so whenever a file is written other sections of the drive get trashed because the heads are in the wrong spot. The symptoms appear gradually over time- a garbled file here, missing directory entries there- until the disk becomes completely unusable. There was no removal tool for it, the only solution was to delete the partitions, flash the BIOS, create the partitions, format the drive and install the OS. We lost three PCs to it.

44 posted on 04/05/2005 11:27:43 AM PDT by Squawk 8888 (End dependence on foreign oil- put a Slowpoke in your basement)
[ Post Reply | Private Reply | To 6 | View Replies]

To: antiRepublicrat
It is exactly this kind of consumer control and fair use that will be hindered when DRM is embedded into the hardware. That's why it's a bad thing and why Stallman is right in concept (stripped of all the extremist hippie talk).

Organizations have every right to design their products to include anti-piracy/anti-hacking technology. Don't like it? Too bad. Don't buy the products -- or design your own alternatives. You do not have an absolute right to dictate the hardware designs of computer manufacturers -- any more than you have input into the design of a microwave, car, or any other consumer device.
45 posted on 04/05/2005 11:36:11 AM PDT by Bush2000
[ Post Reply | Private Reply | To 35 | View Replies]

To: Bush2000
Organizations have every right to design their products to include anti-piracy/anti-hacking technology. Don't like it? Too bad. Don't buy the products

If I want to get a copy of The Incredibles for home viewing over and over, in high quality with extras and commentary, what is my option? DVD. They have a monopoly, and with that comes responsibility.

You do not have an absolute right to dictate the hardware designs of computer manufacturers

No but I do have fair use rights on their copyrighted works, and their technology sometimes interferes with those rights. Or how about a basic right: to view that which you have legally purchased? I bought a DVD player. I bought a DVD. I want to play it. Oops, our profit-driven market segregation doesn't allow that. Too effin' bad, I'll hack the hardware so I can watch my German DVDs as much as I want to. CSS is trying to keep me from taking fair use snippets and making backups? Too effin' bad, the tools I need to exercise my rights that were made illegal under the DMCA aren't illegal in other countries, and the WWW is far-reaching.

46 posted on 04/05/2005 12:10:14 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 45 | View Replies]

To: antiRepublicrat
If I want to get a copy of The Incredibles for home viewing over and over, in high quality with extras and commentary, what is my option? DVD. They have a monopoly, and with that comes responsibility.

The movie industry's actions in protecting their content are not illegal.

No but I do have fair use rights on their copyrighted works, and their technology sometimes interferes with those rights.

I would agree, in this narrow circumstance, that fair use is one exception to copyright restrictions; however, you cannot compel organizations to give you unencrypted content merely because it makes it more convenient for you to exercise your fair use rights. Similarly, people on FR have a strange definition of fair use. Many of them seem to think that file-trading of copyrighted content is a fair use. Which I completely disagree with.

Or how about a basic right: to view that which you have legally purchased? I bought a DVD player. I bought a DVD. I want to play it. Oops, our profit-driven market segregation doesn't allow that. Too effin' bad, I'll hack the hardware so I can watch my German DVDs as much as I want to. CSS is trying to keep me from taking fair use snippets and making backups? Too effin' bad, the tools I need to exercise my rights that were made illegal under the DMCA aren't illegal in other countries, and the WWW is far-reaching.

There are many examples of trade restrictions which show this isn't a novel argument. For example, you can buy automobiles overseas that simply can't be driven in the United States without modification to the hardware. Why not? Differing emissions/equipment/safety standards. You can go to Canada and buy pharmaceuticals over-the-counter which are illegal to possess without a prescription in the United States. You can't bring them back into this country without risk of prosecution.
47 posted on 04/05/2005 1:51:41 PM PDT by Bush2000
[ Post Reply | Private Reply | To 46 | View Replies]

To: Bush2000
The movie industry's actions in protecting their content are not illegal.

I agree, but methods to circumvent that in order to restore fair use rights should not be illegal.

For example, you can buy automobiles overseas that simply can't be driven in the United States without modification to the hardware.

Don't I know that one. I had to leave a nice sports car in Germany because it was impossible to make it street legal over here, and trying to convince a customs agent that it's only going be used on the track was just too full of "if"s for me to try.

It may have been remotely possible to modify it, but I gave up on the idea after reading that it took Bill Gates a few years and hundreds of thousands of dollars to get street-legal Porsche 959s here.

48 posted on 04/05/2005 2:02:37 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 47 | View Replies]

To: ShadowAce
I don't think giving free, unfettered access to the BIOS to all consumers is such a good idea.

A very large number of PC owners don't understand less dangerous stuff like how to remove unwanted items from starting up with Windows. And they want to give these people a higher level of access to The BIOS? Not good.

49 posted on 04/05/2005 2:08:27 PM PDT by Bloody Sam Roberts (Remember that great love and great achievements involve great risk)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cicero
I cross myself, knock on wood, breathe a prayer, stick in the floppy, and reboot. If this process screws up, forget about it.

I do too. But there is a way to fix it. When the last one I did got horked, I called up the company I bought the flash from and bitched until they agreed to send me a new chip with the BIOS on it. Plug and play. I was all happy happy after that. I may never flash another BIOS again. Just buy the chip.

50 posted on 04/05/2005 2:17:12 PM PDT by Bloody Sam Roberts (Remember that great love and great achievements involve great risk)
[ Post Reply | Private Reply | To 28 | View Replies]

To: antiRepublicrat
I agree, but methods to circumvent that in order to restore fair use rights should not be illegal.

I understand both sides of the argument and, in principle, I agree; however, you're not going to convince Congress.

It may have been remotely possible to modify it, but I gave up on the idea after reading that it took Bill Gates a few years and hundreds of thousands of dollars to get street-legal Porsche 959s here.

Gates has a street-legal 959?!? That was an amazing car for its time.
51 posted on 04/05/2005 4:50:24 PM PDT by Bush2000
[ Post Reply | Private Reply | To 48 | View Replies]

To: ShadowAce

bttt


52 posted on 04/05/2005 7:05:26 PM PDT by clyde asbury (Many miles away, there's a shadow on the door of a cottage on the shore of a dark Scottish lake.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bush2000
Gates has a street-legal 959?!? That was an amazing car for its time.

He and Ralf Lauren got it going. They had to lobby (pay) for a law, wait for regulations to be made according to it, and reengineer a lot of the engine, but they did it. Apparently it's now just shy of 600 bhp due to some modernizations, especially of the turbos.

Like I said, if it was that difficult for Gates, I didn't stand a chance.

53 posted on 04/05/2005 9:00:22 PM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 51 | View Replies]

To: ShadowAce
"The one thing we have to worry about first is security. What do you think would happen if there was a virus that started reflashing PCs" BIOS software, said Mike Goldgof, senior vice president of marketing at Phoenix Technologies. "If it ever happened on a large scale, I think a lot of PCs would start turning into bricks. What people take for granted...is the reliability of the (BIOS) firmware today."

Boy, talk about closing the barn door after the horses have escaped! Been there, done that, for years now!

And it's a straw argument as well... Having access to the BIOS code won't make it any easier to flash the bios, though it may allow for unintended things to happen. When a virus flashes your bios now, it just keeps your computer from booting. And depending on the motherboard, you may need to send it back to the manufacturer.

Mark

54 posted on 04/05/2005 9:11:32 PM PDT by MarkL (I didn't get to where I am today by worrying about what I'd feel like tomorrow!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dilbert56
Hardwire everything and make you replace chips to upgrade BIOS

Those were the good old days... When you needed an EEPROM burner to update the bios, pulling the old chip out, and installing the new chip.

Back then, I had a diagnostic board that came with a PROM that would allow you to boot a dead motherboard, directly from the diag board, to see what was wrong with it. 8 out of 10 times, if the motherboard was getting power, you could figure out what the problem was, and if it was fixable or not.

Mark

55 posted on 04/05/2005 9:15:46 PM PDT by MarkL (I didn't get to where I am today by worrying about what I'd feel like tomorrow!)
[ Post Reply | Private Reply | To 20 | View Replies]

To: HAL9000
Here's a much better solution - Get a Mac. It's 100% BIOS-free and uses Open Firmware instead. Unlike BIOS, it simply boots the machine without tracking or restricting the user.

Huh? The BIOS is where the bootstrap code is, and unless there's a bank of register switches hiding somewhere on the Mac for hand loading the bootstrap code (like I had to do on a DEC PDP-4 a long time ago), there's BIOS there somewhere.

And things must have changed tremendously over the years. Apple used to guard their BIOS code, as well as their architecture specifics very carefully, which is why there were only a very few licensed clones of Apple systems over the years. And I also remember when some of the Apple BIOS code was released on the Internet some years ago. Apple went APE!

Mark

56 posted on 04/05/2005 9:19:43 PM PDT by MarkL (I didn't get to where I am today by worrying about what I'd feel like tomorrow!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: ShadowAce
I know. Just funnin' wit' ya a little. BTW--even flashing off a floppy means the system has to be running.

As I posted earlier, I miss the good old days of removable BIOS chips, and an EEPROM burner!

I used to regularly burn updates to Phoenix BIOS, and I had the code, though I never would have thought about changing it, other than the banners. Just had to recompute the checksums.

Mark

57 posted on 04/05/2005 9:22:50 PM PDT by MarkL (I didn't get to where I am today by worrying about what I'd feel like tomorrow!)
[ Post Reply | Private Reply | To 33 | View Replies]

LinuxBIOS is quite nice. However, it isn't a general purpose BIOS. It really never was intended to be a replacement the BIOS that you get in your PC. LinuxBIOS is used on a very small set of motherboards that are used in large clusters. In this situation, the hardware in the nodes doesn't change over time - the system remains the same from delivery to death. LinuxBIOS is crafted for the particular cluster and in general is set up to only probe for the devices that are actually on the system before turning control over to Linux. This allows a system to boot in about 3-4 seconds. (It's very cool booting a 3000 processor cluster in only a couple of minutes - and only that long because there usually isn't enough power to boot everything at the same time). Also of benefit, if there are hairy low level issues, having a very very small BIOS codes makes it a bit easier to debug and fix. Often there are bugs in chipsets that need to be worked around to get the system to perform to it's maximum potential. With LinuxBIOS, it is quite easy to punch some values into chipset registers at boot and work around bugs.

Of interest - folks at Intel feel that there is more IP and more architectural knowledge of their chips tied into the BIOS then there is by studying the chips themselves. It is in the BIOS that various parts of the chip can be turned on and off, bugs worked around, etc. They are very concerned (as is our gov't) that unveiling all of the functionality in their BIOS (especially in IA64) would allow other countries (the ones we don't like) to develop (copy) microprocessor designs and quickly be able to field huge amounts of computing power that the US gov't no longer has any control over. The general belief is that this would/could constitute a tipping point in the balance of power in the world. Yes, all of this scenario wrapped up in just the BIOS. Therefore there is a great paranoia around this issue. I don't often agree with the non-open source forces, but on this issue I have to side with keeping BIOS codes out of the hands of other countries. It's a really interesting, and yet quite a serious issue.

-tb
58 posted on 04/05/2005 9:40:42 PM PDT by tahoeblue
[ Post Reply | Private Reply | To 56 | View Replies]

To: MarkL
The BIOS is where the bootstrap code is, and unless there's a bank of register switches hiding somewhere on the Mac for hand loading the bootstrap code (like I had to do on a DEC PDP-4 a long time ago), there's BIOS there somewher

The term "BIOS" is usually associated with x86 computers (and CP/M computers previously). In a generic sense, punch cards and microcode could be called a BIOS too.

And things must have changed tremendously over the years. Apple used to guard their BIOS code, as well as their architecture specifics very carefully, which is why there were only a very few licensed clones of Apple systems over the years.

Mac OS X is built on top of Darwin, an open source Unix.

And I also remember when some of the Apple BIOS code was released on the Internet some years ago. Apple went APE!

There were several instances involving firmware, not BIOS code. Some hackers disassembled the firmware and distributed annotated listings, and some system cloners like Franklin simply copied binary the firmware.

59 posted on 04/06/2005 2:19:37 AM PDT by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 56 | View Replies]

To: HAL9000
Err, BIOS is an acronym for "Basic Input/Output System"

I believe it has always referred to any on chip code that performs basic initialization and allows the machine to bootstrap itself. Apple's is known as "Open Firmware". It does the same stuff as a PC's BIOS. I think the main reason that it is not referred to as a BIOS is that unlike PCs people generally leave it along, although it is pretty easy to access with the right key combination.

In a generic sense, punch cards and microcode could be called a BIOS too.

Um, no, not really.

Mac OS X is built on top of Darwin, an open source Unix.

Factually correct, but this has nothing to do with the discussion at hand. You man remember (or maybe not?) booting Linux or NetBSD on older macs? Originally it was not possibly to boot directly into those operating systems... you first had to boot into MacOS and then bootstrap the machine from MacOS using a Control Panel.

-paridel
60 posted on 04/06/2005 5:38:11 PM PDT by Paridel
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-70 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson