Battle brews over unlocking PC secrets

CNet News ^ | 5 April 2005 | John G. Spooner

[Arthalion]

. The last thing we need is a bunch of hackers out there messing with BIOS codes.

Oh, I should also mention that BIOS hacking is really nothing new. Back in the old days we used to hack our BIOSes regularly to change the timings on the memory and ISA bus to improve computer performance in DOOM and Quake. That type of hacking has largely died out because the motherboard manufacturers caught on and gave us access to those settings through the CMOS setup screens, but I wanted to point out that there's really nothing magical about hacking the BIOS. It's not done today simply because the manufacturers went to an open model that made hacking it unneeded. If they move back to a closed model, we'll likely see a resurgence in the old craft.

[antiRepublicrat]

A bios virus written to attack a Dell bios won't do any real damage to a machine with a Phoenix bios, so the bios virus writers would have to specifically support all of the major bios types on the market.

I was thinking of that, but by supporting just Dell, AMI and Phoenix you could get a HUGE chunk of the PCs in use today.

[kezekiel]

RARELY is there a need to update the BIOS.

There may just be, in order to implement Microsoft's Trusted Computing/DRM schemes.

[Squawk 8888]

What do you think would happen if there was a virus that started reflashing PCs" BIOS software

It's been done, sort of. Back around 1997, my office got hit with the Anti-CMOS C virus. It's a vicious bug that changes the hard disk settings in the BIOS, so whenever a file is written other sections of the drive get trashed because the heads are in the wrong spot. The symptoms appear gradually over time- a garbled file here, missing directory entries there- until the disk becomes completely unusable. There was no removal tool for it, the only solution was to delete the partitions, flash the BIOS, create the partitions, format the drive and install the OS. We lost three PCs to it.

[Bush2000]

It is exactly this kind of consumer control and fair use that will be hindered when DRM is embedded into the hardware. That's why it's a bad thing and why Stallman is right in concept (stripped of all the extremist hippie talk).

Organizations have every right to design their products to include anti-piracy/anti-hacking technology. Don't like it? Too bad. Don't buy the products -- or design your own alternatives. You do not have an absolute right to dictate the hardware designs of computer manufacturers -- any more than you have input into the design of a microwave, car, or any other consumer device.

[antiRepublicrat]

Organizations have every right to design their products to include anti-piracy/anti-hacking technology. Don't like it? Too bad. Don't buy the products

If I want to get a copy of The Incredibles for home viewing over and over, in high quality with extras and commentary, what is my option? DVD. They have a monopoly, and with that comes responsibility.

You do not have an absolute right to dictate the hardware designs of computer manufacturers

No but I do have fair use rights on their copyrighted works, and their technology sometimes interferes with those rights. Or how about a basic right: to view that which you have legally purchased? I bought a DVD player. I bought a DVD. I want to play it. Oops, our profit-driven market segregation doesn't allow that. Too effin' bad, I'll hack the hardware so I can watch my German DVDs as much as I want to. CSS is trying to keep me from taking fair use snippets and making backups? Too effin' bad, the tools I need to exercise my rights that were made illegal under the DMCA aren't illegal in other countries, and the WWW is far-reaching.

[Bush2000]

If I want to get a copy of The Incredibles for home viewing over and over, in high quality with extras and commentary, what is my option? DVD. They have a monopoly, and with that comes responsibility.

The movie industry's actions in protecting their content are not illegal.

No but I do have fair use rights on their copyrighted works, and their technology sometimes interferes with those rights.

I would agree, in this narrow circumstance, that fair use is one exception to copyright restrictions; however, you cannot compel organizations to give you unencrypted content merely because it makes it more convenient for you to exercise your fair use rights. Similarly, people on FR have a strange definition of fair use. Many of them seem to think that file-trading of copyrighted content is a fair use. Which I completely disagree with.

Or how about a basic right: to view that which you have legally purchased? I bought a DVD player. I bought a DVD. I want to play it. Oops, our profit-driven market segregation doesn't allow that. Too effin' bad, I'll hack the hardware so I can watch my German DVDs as much as I want to. CSS is trying to keep me from taking fair use snippets and making backups? Too effin' bad, the tools I need to exercise my rights that were made illegal under the DMCA aren't illegal in other countries, and the WWW is far-reaching.

There are many examples of trade restrictions which show this isn't a novel argument. For example, you can buy automobiles overseas that simply can't be driven in the United States without modification to the hardware. Why not? Differing emissions/equipment/safety standards. You can go to Canada and buy pharmaceuticals over-the-counter which are illegal to possess without a prescription in the United States. You can't bring them back into this country without risk of prosecution.

[antiRepublicrat]

The movie industry's actions in protecting their content are not illegal.

I agree, but methods to circumvent that in order to restore fair use rights should not be illegal.

For example, you can buy automobiles overseas that simply can't be driven in the United States without modification to the hardware.

Don't I know that one. I had to leave a nice sports car in Germany because it was impossible to make it street legal over here, and trying to convince a customs agent that it's only going be used on the track was just too full of "if"s for me to try.

It may have been remotely possible to modify it, but I gave up on the idea after reading that it took Bill Gates a few years and hundreds of thousands of dollars to get street-legal Porsche 959s here.

[Bloody Sam Roberts]

I don't think giving free, unfettered access to the BIOS to all consumers is such a good idea.

A very large number of PC owners don't understand less dangerous stuff like how to remove unwanted items from starting up with Windows. And they want to give these people a higher level of access to The BIOS? Not good.

[Bloody Sam Roberts]

I cross myself, knock on wood, breathe a prayer, stick in the floppy, and reboot. If this process screws up, forget about it.

I do too. But there is a way to fix it. When the last one I did got horked, I called up the company I bought the flash from and bitched until they agreed to send me a new chip with the BIOS on it. Plug and play. I was all happy happy after that. I may never flash another BIOS again. Just buy the chip.

[Bush2000]

I agree, but methods to circumvent that in order to restore fair use rights should not be illegal.

I understand both sides of the argument and, in principle, I agree; however, you're not going to convince Congress.

It may have been remotely possible to modify it, but I gave up on the idea after reading that it took Bill Gates a few years and hundreds of thousands of dollars to get street-legal Porsche 959s here.

Gates has a street-legal 959?!? That was an amazing car for its time.

[clyde asbury]

bttt

[antiRepublicrat]

Gates has a street-legal 959?!? That was an amazing car for its time.

He and Ralf Lauren got it going. They had to lobby (pay) for a law, wait for regulations to be made according to it, and reengineer a lot of the engine, but they did it. Apparently it's now just shy of 600 bhp due to some modernizations, especially of the turbos.

Like I said, if it was that difficult for Gates, I didn't stand a chance.

[MarkL]

"The one thing we have to worry about first is security. What do you think would happen if there was a virus that started reflashing PCs" BIOS software, said Mike Goldgof, senior vice president of marketing at Phoenix Technologies. "If it ever happened on a large scale, I think a lot of PCs would start turning into bricks. What people take for granted...is the reliability of the (BIOS) firmware today."

Boy, talk about closing the barn door after the horses have escaped! Been there, done that, for years now!

And it's a straw argument as well... Having access to the BIOS code won't make it any easier to flash the bios, though it may allow for unintended things to happen. When a virus flashes your bios now, it just keeps your computer from booting. And depending on the motherboard, you may need to send it back to the manufacturer.

Mark

[MarkL]

Hardwire everything and make you replace chips to upgrade BIOS

Those were the good old days... When you needed an EEPROM burner to update the bios, pulling the old chip out, and installing the new chip.

Back then, I had a diagnostic board that came with a PROM that would allow you to boot a dead motherboard, directly from the diag board, to see what was wrong with it. 8 out of 10 times, if the motherboard was getting power, you could figure out what the problem was, and if it was fixable or not.

Mark

[MarkL]

Here's a much better solution - Get a Mac. It's 100% BIOS-free and uses Open Firmware instead. Unlike BIOS, it simply boots the machine without tracking or restricting the user.

Huh? The BIOS is where the bootstrap code is, and unless there's a bank of register switches hiding somewhere on the Mac for hand loading the bootstrap code (like I had to do on a DEC PDP-4 a long time ago), there's BIOS there somewhere.

And things must have changed tremendously over the years. Apple used to guard their BIOS code, as well as their architecture specifics very carefully, which is why there were only a very few licensed clones of Apple systems over the years. And I also remember when some of the Apple BIOS code was released on the Internet some years ago. Apple went APE!

Mark

[MarkL]

I know. Just funnin' wit' ya a little. BTW--even flashing off a floppy means the system has to be running.

As I posted earlier, I miss the good old days of removable BIOS chips, and an EEPROM burner!

I used to regularly burn updates to Phoenix BIOS, and I had the code, though I never would have thought about changing it, other than the banners. Just had to recompute the checksums.

Mark

[tahoeblue]

LinuxBIOS is quite nice. However, it isn't a general purpose BIOS. It really never was intended to be a replacement the BIOS that you get in your PC. LinuxBIOS is used on a very small set of motherboards that are used in large clusters. In this situation, the hardware in the nodes doesn't change over time - the system remains the same from delivery to death. LinuxBIOS is crafted for the particular cluster and in general is set up to only probe for the devices that are actually on the system before turning control over to Linux. This allows a system to boot in about 3-4 seconds. (It's very cool booting a 3000 processor cluster in only a couple of minutes - and only that long because there usually isn't enough power to boot everything at the same time). Also of benefit, if there are hairy low level issues, having a very very small BIOS codes makes it a bit easier to debug and fix. Often there are bugs in chipsets that need to be worked around to get the system to perform to it's maximum potential. With LinuxBIOS, it is quite easy to punch some values into chipset registers at boot and work around bugs.

Of interest - folks at Intel feel that there is more IP and more architectural knowledge of their chips tied into the BIOS then there is by studying the chips themselves. It is in the BIOS that various parts of the chip can be turned on and off, bugs worked around, etc. They are very concerned (as is our gov't) that unveiling all of the functionality in their BIOS (especially in IA64) would allow other countries (the ones we don't like) to develop (copy) microprocessor designs and quickly be able to field huge amounts of computing power that the US gov't no longer has any control over. The general belief is that this would/could constitute a tipping point in the balance of power in the world. Yes, all of this scenario wrapped up in just the BIOS. Therefore there is a great paranoia around this issue. I don't often agree with the non-open source forces, but on this issue I have to side with keeping BIOS codes out of the hands of other countries. It's a really interesting, and yet quite a serious issue.

-tb

[HAL9000]

The BIOS is where the bootstrap code is, and unless there's a bank of register switches hiding somewhere on the Mac for hand loading the bootstrap code (like I had to do on a DEC PDP-4 a long time ago), there's BIOS there somewher

The term "BIOS" is usually associated with x86 computers (and CP/M computers previously). In a generic sense, punch cards and microcode could be called a BIOS too.

And things must have changed tremendously over the years. Apple used to guard their BIOS code, as well as their architecture specifics very carefully, which is why there were only a very few licensed clones of Apple systems over the years.

Mac OS X is built on top of Darwin, an open source Unix.

And I also remember when some of the Apple BIOS code was released on the Internet some years ago. Apple went APE!

There were several instances involving firmware, not BIOS code. Some hackers disassembled the firmware and distributed annotated listings, and some system cloners like Franklin simply copied binary the firmware.

[Paridel]

Err, BIOS is an acronym for "Basic Input/Output System"

I believe it has always referred to any on chip code that performs basic initialization and allows the machine to bootstrap itself. Apple's is known as "Open Firmware". It does the same stuff as a PC's BIOS. I think the main reason that it is not referred to as a BIOS is that unlike PCs people generally leave it along, although it is pretty easy to access with the right key combination.

In a generic sense, punch cards and microcode could be called a BIOS too.

Um, no, not really.

Mac OS X is built on top of Darwin, an open source Unix.

Factually correct, but this has nothing to do with the discussion at hand. You man remember (or maybe not?) booting Linux or NetBSD on older macs? Originally it was not possibly to boot directly into those operating systems... you first had to boot into MacOS and then bootstrap the machine from MacOS using a Control Panel.

-paridel