More Power To The Firmware

An anonymous reader writes "In More Power To The Firmware Amit Singh talks about technical details of EFI, the next-gen BIOS replacement standard Intel, Microsoft and others are pushing. This is a very informative piece where he talks of issues with legacy BIOS, how it affects those who develop in the firmware environment and how EFI plans to solve these problems. EFI usage examples are included, including a programming example. He contrasts EFI with Open Firmware as well. IMO the second half of the article is even more interesting, where sample FORTH code is provided for displaying a window/mouse pointer GUI inside the Apple/Mac firmware! And of course, there's code for a new 'Towers of Hanoi' animation using the Mac firmware (remember Hanoimania?). Aspiring Mac Firmware Hackers could also check out the suggested projects ;-)"

I'm not a tech guru type...

...but can you imagine any sort of Windows-dependent BIOS? Is this in our future? Is it even possible? Or, worse yet, a Windows-based BIOS of some type where the OS actually IS the BIOS?

Re:I'm not a tech guru type...

"but can you imagine any sort of Windows-dependent BIOS?"

No. Luckily, the article didn't mention one.

Re:I'm not a tech guru type...

...but can you imagine [...] a Windows-based BIOS of some type where the OS actually IS the BIOS?

Well, given that there's LinuxBIOS [linuxbios.org] ...

Re:I'm not a tech guru type...

AFAIK all legacy Amiga computers (Up to the Amiga 4000) have half of the OS in ROM BIOS, allowing you to put just a bootblock and a program on a disk and still have the benefit of the basic GUI functionality. This is less goofy than it seems because AmigaDOS has a feature called "patchlists" that allows you to patch functions in an OS-supported fashion without any kludges. Well, without any kludges that aren't part of the OS anyway. This in turn is made reasonable by the utter lack of memory protection, which is not a feature in a modern operating system, it's a serious liability.

I don't know of any BIOS-based viruses but there certainly have been some viruses which will damage your BIOS on systems which keep it in flash/eeprom.

Rom Based OS != BIOS

While the OS may have been in ROM, Like the Atari ST's, that doesnt make it the actual BIOS.

By its very definition, the BIOS is a much lower level block of code. the true hardware abstraction layer, that the OS rides on top of..

Sure its also in a ROM of some sort, perhaps even the same chips.. but that still doesnt really make a ROM based OS a 'BIOS'..

Re:I'm not a tech guru type...

I have mentioned this plenty of times before. In order for Windows DRM to *really* work the OS has to require a BIOS that is tied directly to it.

The only way for this to happen is for MSFT to cut deals w/the BIOS manufactorers (which they have done already w/Phoenix).

*MOST* people are not going to care one way or the other (ie "free" hardware while paying for the software) as long as their computer runs without problems, they have no work lost because of viruses, etc.

It's actually pretty scary when you think about it. You want to buy a piece of hardware? You are going to be buying it w/a MSFT approved DRM BIOS and their OS. Nothing else will install w/that BIOS because that would allow for software that isn't approved to be running (OS included). Take the BIOS out or flash it? None of the rest of the hardware will work either.

Re:I'm not a tech guru type...

Then there will be a nice market for people to build non DRM machines, so that people can run their non Windows OS. I don't think it's time to panic just yet.

Re:I'm not a tech guru type...

I don't think it's time to panic just yet.

You do realize that once this is in place, the **AA will convince Congress that only pirates, criminals, and terrorists would possibly want a computer without a "trusted" BIOS, don't you? Non-trusted hardware will go the way of Macrovision-free VCRs and Broadcast-flag-free HDTV tuners. When all of the Linux users and OS hackers raise holy hell, the response will be:

Jack Valenti: "These people are just a fringe nitch. Why should we threaten our precious content just to cater to the whims of a few people?"

Bill Gates: "The 'Trusted Computing Consotium' has made available [closed, blackboxed, and encrypted] APIs to the 'trusted hardware' industry spec. Why can't Linux use them just like any other OS?"

Re:I'm not a tech guru type...

This is why it's good that IBM is in the Linux fold. If they want to keep selling Linux servers, they'll need to support a "trusted" BIOS. In order to abide by the GPL, they will have to release the source. This will allow support across the board, even on cheap consumer DRM-enabled devices.

Re:I'm not a tech guru type...

Not to mention that Intel is also a huge Linux-backer, and is basically paying Linus Torvolds' salary now days. You can be sure that any Intel-based inititive is not going to be hostile to Linux.

(After fighting with grub's perverse view of the universe for a week, the conclusion is that better firmware can only help Linux adoption...)

Re:I'm not a tech guru type...

Developers (that means you) will have to be able to sign their own software, or the system would be pointless. This would be an extra command in the makefile, no biggie.

You don't understand Trusted Computing. It's not about signing software. There's no need to sign at all. What happens is if you change the software at all - even a single instruction - that that software no longer works with and existing data and can no longer communicate with other programs on the internet.

The Trust chip generates a hash of the software. The hash is linked to an encryption key. If you change the software you lose the hash and can no longer get the the decryption key at all. Nothing works anymore. Very biggie.

-

Re:I'm not a tech guru type...

That's the heart of the problem. The term 'Trusted Computing' only makes sense when you look at it in an orwellian sense. It's not the owner or user that can trust the computer, it's MS and the *AA that trust it.

If it was really worthwhile (and the name truthful), the BIOS would demand MY signature on the OS that I trust. In turn, the OS would demand MY signature on the apps that I trust. It would be reasonable in either case that I could sign a vendor's public key if I trust anything the vendor signs as well.

Naturally, MS and the *AA don't want that, they want to hold the keys (and thus the power) over the machine even while other people pay for it.

I am fine with them protecting their Preciousssss (erm, IP) if they want. I would suggest that they encase it in concrete and bury it at the botton of the ocean. Nobody will copy it then. If they like, I could even toss it into a volcano for them. (I seem to remember something about that in a highly successful and unencrypted book somewhere).

Re:I'm not a tech guru type...

All that this will mean is that the Hardware Of The Future will be built in fabs all over Asia, Africa, the Pacific, etc for non-US customers, developing inovative and new software/hardware products. Meanwhile, the Gnomes of Redmond will insure that inovation in no way enters the American equation. First the third world gets a boost in communication by not needing to amortize any legacy geer, now, if such nonsense goes forward it will boost them on the hardware front. Is Senegal going to be the new Silicon Valley?

Para para para noia

The one thing people always forget is that, in truth, Microsoft/Adobe/Autodesk need people to have pirated versions of their software. Have you ever noticed how quickly major pieces of software are cracked after release? My guess is that they unofficially provide people with information to make this possible.

If everyone absolutely and without an option had to pay for their version of Office/Autocad/Photoshop, free software would become ten times more popular in no time at all. Right now, software companies can keep their prices artificially high for the businesses that have to pay for it, and keep the "installed user base" artifically high without having to provide tech support.

It's sort of the same thing with laws in the States. If every law was enforced every time, then people would be pissed and they would go away. Instead, laws that aren't enforced 100% of the time can be used against people the government doesn't like.

If DRM ever hits 100% of the market, prices will go down because people will refuse to pay.

Re:Para para para noia

Just because DRM is there doesn't mean software will be DRM-protected. And just because software vendors aren't DRMing their products doesn't mean TPTB won't impose DRM on all electronic components.

It's like Macrovision. About 90% of commercial VHS tapes are not Macrovisioned. But 100% of VCRs are Macrovision-compliant by law. Sure, you can purchase deMacrovision boxes for legal use, but most people aren't going to go through the trouble. The same thing will happen with computer hardware. All computer components manufactured for sale in the US will be "trusted." The enterprising and resourceful geek will get all of his components direct from Asia and either run Linux or a dusty old copy of XP/Longhorn, but for all practical purposes, DRM will be everywhere. It may not be taken advantage of by everyone, but it will be everywhere.

Re:I'm not a tech guru type...

I don't see how DRM can be solved at the BIOS level. Unless the media player and file system are completely controlled by hardware with no OS intervention, there will always be a piece of software asking "Is this file OK to play/copy?" As long as this query exists, there is an opportunity for a programmer to fake the response and play the file anyways.

Re:I'm not a tech guru type...

What if the response is signed with a private key?

eg

Re your request 1010 @ 12:34 5/6/2004 to do XYZ - ok. HASH DSFJ$K%GDFG%%E$

Sure, you'd possibly be able to hack it. But if your DVD player's BIOS has non-changable firmware and talks to the systme BIOS over an encrypted channel - what chance would you have?

This is about having secure communication between everything. DVD -> Soundcard -> Speakers. All requiring authentication before they'll do anything.

Re:I'm not a tech guru type...

The OS is the BIOS? Either you're trolling [but given your subject disclaimer, perhaps not], or you misunderstand the concept of abstraction layers, and their ordering. The BIOS cannot be dependent on Windows, it sits beneath the OS. The OS is dependent on it. Drivers, in effect, are mini-BIOSs in themselves. They abstract out the different hardware devices to a standard windows API. The BIOS that comes with your machine abstracts out the out-of-the-box components of your motherboard among other things. Sometimes windows drivers talk to the bios, but mostly they skip it altogether.

- Oisin

Stability?

I'm not in favor of increasing the complexity of the bios. They can barely get them stable after a few updates now, how will it be when they are doing alot more? Yeah I know that Sun Sparc's have a complicated bios, but they did it right. I don't trust Microsoft and Intel to do it right.

Re:Stability?

"I'm not in favor of increasing the complexity of the bios."

Tough, it's happening.

"They can barely get them stable after a few updates now, how will it be when they are doing alot more?"

Modern BIOS is a lot more capacious that the days of the XT and AT, and it's usually really low level stuff that goes on. Given the separation between the people that do the hardware and people that have to handle the low level drivers, it's no surprise that hardware leaves the warehouse with unfinished drivers; couple to that the dizzying array of hardware that can attach to a motherboard, and you are going to have some patching. EFI look a lot more flexible in what it can do.

"I don't trust Microsoft and Intel to do it right."

And they speak so highly of you. Despite crappy business practices, they actually have some talented people that produce some good solid work. If you want to be paranoid, why don't you look up EFI and cross reference with DRM?

Re:Stability?

"'I don't trust Microsoft and Intel to do it right.'

And they speak so highly of you. Despite crappy business practices, they actually have some talented people that produce some good solid work. If you want to be paranoid, why don't you look up EFI and cross reference with DRM?"

It could be argued that the DRM tendancies of Microsoft/Intel are a reason not to trust them to do it right. As far as DRM goes, I would tend to define a BIOS with that in it as NOT doing it right.

Intel versus Planet Earth

I found the assertion that 64bit PC's don't use the BIOS rather amusing. Evidently bits of Intel still haven't managed to bring themselves to admit the existance of Athlon64 just yet.

I'd prefer an Open Bios...

We don't need DRM built into the BIOS, and that's exactly what would happen if Microsoft had a say in it.

I agree that we don't need more complexity. Let the OS handle the hardware as much as possible.

Re:I'd prefer an Open Bios...

On the contrary, it could be interesting if the BIOS were to handle as much of the hardware as possible. Drivers could be written for the BIOS, and then that would solve our *n[ui]x problems since every operating would be accessing these routines the same way. Wouldn't something like this level the field?

Ya, shure

We don't need no stinkin' software, firmware will do it for us.

mouse control in bios is nothing new

i had an amd 486dx4/100 motherboard back in the mid 90s that had a full gui windowing system to configure the bios that relied on the mouse (tabs were used, too). i think it was 640x480 or something very similar.

Retroactive bios

Apple has been doing this since the beginning, since they control all hardware (or has to be approved by them). Having MS or Intel do it on a box that will have an immeasurable amount of peripherals by different manufacturers is only looking for problems. It may be possible but I fear it will be at the expense of creativity and thinking differently will not be an option.

Re:Retroactive bios

On the contrary: if they do this right, it could really help hardware compatibility.

In the case of Sun and Apple machines, once you've got the Open Firmware driver in flash or ROM on the card, it just works. You can use it from the firmware, boot the system from it (if applicable), etc.

Contrast with my damn PC, which can't even boot firewire or my USB key, despite having both ports on the motherboard, where the BIOS people should have been able to make them fully compatible.

EFI has the potential to be a more modular solution (hence the E in EFI) where third-parties -- Promise, Adaptec, 3COM if they're still around -- can drop in drivers. No more relying on your mobo/BIOS manufacturer for boot-and-root support for your Megatron IV whatever, or remote console support for your Groovynet card.

This is a Good Thing.

Linux Kernel discussion

Here's a link to an older KT entry; "Status And Discussion Of EFI (Extensible Firmware Interface) Support [kerneltraffic.org]"

Explains some history, rationale and technical details.

pocket pc

heh reminds me of a pocket pc where the Windows OS is in the ROM

Firmware

Glad to see there is attention being paid to the firmware end of things both commercially and as open source - that's one area your average geek is a little leary of toying with, due to Inoperative Hardware potential.

What I always worry about is the non-techical end of these things. BIOS level control on what software a computer can run is a much harder obstruction to overcome than things like driver issues. I wonder if they won't use the "Next Generation" mantra to say this is the perfect time to pass legislation that requires DRM control be built into all computational devices. OpenBIOS wouldn't be of much use if DRM laws require a closed system.

Also, if firmware gets too smart, you might get things like a DVD drive refusing to play a movie unless your operating system can guarantee it that you computer doesn't have the ability to copy content illegally.

When you can program games in BIOS level systems, I start to get a little wary. Keep my BIOS to the minimum please - configuration options needed to handle my hardware (things like boot order, low level configuration options the OS shouldn't know about, etc.) should be all the capability needed. A BIOS should be simple, efficient, and stick precisely to its job. I've got an OS for the rest. If the new system is good for that type of work, excellent. But if the hardware starts getting too smart for its own good, then I might wind up hauling out those two Sun Ultra 1s I bought - they should run more or less forever and I'll live with slower speeds in order to stick with a consumer friendly machine.

Re:Firmware

The reason you can program games in OpenFirmware is that it is versatile. In spite of its flexibility, because it is based on Forth, it is still simple and efficient.

Ironically, your Sun Ultra 1's firmware is pretty much the same. It's OpenFirmware, and it uses a Forth interpreter to execute on-adapter code which is used until the kernel is loaded and a system-level driver can be used. This is why text displays faster in the X Window System than on Sun consoles - the console is using a video driver written in Forth and interpreting it on the fly! Hence this is true for all Sparcs back into antiquity. (I used to have a 3/260 which I later upgraded to a 4/260, that's one of the first generation of SPARC-based Sun systems.)

Re:Firmware

If USA's DRM laws don't aply here in Spain, I will be glad to swap a crippled BIOS by a shiny Openfirmware

Go right ahead. They don't need laws to ram this crap down your throat.

If you don't have a Trusted Computing compliant system then you will not be able to install any of the new Trusted software. You will not be able to use any of the new Trusted files. You will not be able to access any of the new Trusted websites. After a couple of years you may not be able to get onto the internet at all.

Take the websites for example - it would be much like attempting to surf the web today with cookies and javascript off. Tons of websites simply spit out an error message saying there's something wrong with YOUR computer, and that YOU need to fix the problem.

All sorts of websites already try to lock you out if you try to block ads, or if you have a pop-up blocker, or if you try to deep-link, or use javascript encryption to prevent you from copying anything, or to enforce registration. Well, websites will be able to use Trusted Computing to enforce all of that and more. If your computer is not compliant they will simply lock you out.

The only thing that can stop Trusted Computing is if there is a massive public backlash against it.

-

EFI meet my PAL SAL

This would definitely help Intel and its 'Not'tanium. Then AMD would have to make something similar or pay to use the same design. I am more interested in the System Abstraction layer. Would this simplify direct access to sys devices?

Wierd sentence on Open Firmware

Let me add something that I find remarkable: I have not seen a single reference to Open Firmware in any EFI specification, presentation, whitepaper, or related document. Perhaps I did not look hard enough. This is not a criticism though. Some might argue that EFI's pathbreaking-ness is valid in the context of PCs, so it is appropriate not to mention prior similar ideas.

I'm not quite sure what that last part means - how can you say it's not appropriate to mention when the technology is so similar? Just because it hasn't been used on PC's before is no reason not to learn from what has been used before.

I would have liked to see more of a comparison of exactly whe EFI gives you over Open Firmware of today - I gathered it was the custom pre-boot programs and network connectivity, but I would have liked to see more examples of new things that make use of these features that you can't do in Open Firmware.

It's funny to have a whole article about EFI then show all the cool things you can do with an advanaced BIOS by giving Open Firmware demos. Sort of like watching a Longhorn demo of transparency in UI while working on a Mac.

Re:Wierd sentence on Open Firmware

Actually, Apple also had to do a transition between machines without open-firmware to the one with it, so there was some backward compatibility. On the other hand, I suspect the newer macs could not boot older oses (I don't know if EFI machines would seriously boot Windows 95, and why anybody would try that...)

The sad thing about intel doing their own stuff is that Open-firmware is here and standard. One of the most interesting ideas of having the F-code engine was to have processor independent drivers on the card. I.e you plug-in the card and it works, regardless of the fact the processor is PPC, sparc, or i686.

One funny trivia fact about Apple's open-firmware is that the firmware understands certain file-systems (HFS+,Ext2) and executable formats (PEF,ELF). The funning thing is the firmware does not understand OS X's executable format (Mach-O) so on every OS X machine, there is an ELF format bootloader.

Wow, mouse in Open Firmware

Golly, the amount of time Amit seems to spend messing around with the very low levels of Open Firmware seems insane! Imagine figuring out how to get a mouse to work solely to get his 'Tower of Hanoi' program to work nicer! :-)

Still, more power to him.

What's the problem with "real mode"?

640K ought to be enough for any BIOS :)

Where's the DRM?

I just skimmed through the article looking for information about the Palladium-like DRM stuff that was supposed to be embedded down to the hardware level within the next few years. I couldn't find anything. Not being a hardware/firmware person, a lot of the stuff in the article is over my head, but I expected something about DRM to shine through, if not to be the overriding theme.

DRM has already been mentioned in a few comments in this thread (perhaps by people who didn't RTFA). But where is it???

A Graphical Config Utility for Open Firmware

You can do a lot of stuff in Open Firmware by changing environment variables. A good project would be to create a graphical configuration utility that lets you do just that in addition to browsing the device tree.

Any EFI motherboards available?

So I glaned over the article, and while it mainly focused on EFI being done for IA-64, it also hinted that EFI was available for x86. Does anyone know of any reasonable priced motherboards that use this as opposed to an older BIOS? I'm looking for the hinted at x86 support, as I don't feel like buying an Itanium. Also, while we are on the subject, is this an Intel only thing or does AMD have a say in the matter?

EFI is actually OS independent and quite useful

I've been using EFI (on Itanium) for quite some time, and have had zero issues with it. I really like the fact there are DCHP modules that allow networking to be started without the OS running. They have ftp servers, disk drivers and you can boot your machine from a remote image using bootp services. If your OS is dead on your disk, you can restart to efi and download a previous image on to your harddisk (or remote boot/install). Heck, you can run your code without even booting the OS. Imagine dedicated distributed.net clients that run straight from EFI without the overhead of an OS.
While I understand people have concerns that Microsoft is using this as a DRM delivery mechanism, there is nothing that is stopping Microsoft from working with Phoniex to add DRM to today's bios's. EFI (and non-legacy bios environments like openBios) make it easier for non-windows OSes to run on new Hardware. This isn't in microsoft's best interests. Microsoft wants a bios that only runs signed code (like their XBOX), so that you have to ask them nicely for a key to your equipment.

EFI is the firmware that says "NIH"

The author mentions that EFI is somehow better than Open Firmware, but I fail to see how. It all sounds like Intel decided to go their own way again (just like their Itanium had to be different and incompatible with any (RISC or CISC) CPU out there).

Why, for sanity's sake, can these companies never adopt a perfectly good standard, but do they always have to give everyone headaches by rolling their own? If Open Firmware has some deficiencies, surely they can be fixed with some incremental improvements?

The Intel Architecture is evolving...from the primitive, kludgy, underperforming, el cheapo to the overhyped, overheating, overexpensive and incompatible. Even IBM (Connector Conspiracy) and Apple (Think Different) are more open and standards-oriented these days.

PC's like the xbox

I hope this doesn't mean that PCs will be sold like Xboxes. I don't want to have to intall a mod chip on my laptop to run linux. I like the idea of the BIOS having more function and power, but I want it to do more than just prevent code from being executed. This should definately be an open standard otherwise Microsoft or Intel will have too much control. It's one thing to boot into windows and have that muck up your computer, but it's different when microsoft code is running on a linux box.

Since microsoft doesn't seem to like to innovate anymore, I wonder why they are pushing for this. Linux has shown that you don't need security at the hardware level to prevent viruses from taking down your computer.

So far I don't see many benefits the user will notice and enjoy. I'm not trying to spread DRM FUD because this article doesn't talk about it, I'm just asking why Microsoft cares so much to push this.

hmm Innovatyion 10 years late?

You mean after ten years of proven success in both SUN AND APPLE SYSTEMS Intel finally gets PCI religon?

That is right folsk intle is finally enacting the last part of the PCI psec.. should we jump and cheer for it after ten years of foot dragging?

Open Source Firmware?

There are various system emulators that need ROM images to boot the virtual system. I have been wondering about open source projects to provide these images, unencumbered by copyright restrictions, trade secrets, what have you.

I am into operating system development, and I would like to play around with architectures that I don't have real hardware of. It can't be too hard to write a firmware implementation if the code for the emulator is already available.

If you are aware of any such projects that are not mentioned here, please post. Ones that I know of are OpenBIOS, FreeBIOS, and LinuxBIOS, which are also mentioned in the article, with links.

Mac Firmware

It would be fun to see someone port one of those Apple ][ emulators to this thing, so you can actually boot a Mac into an Applesoft programming mode, just like in the old Apple ]['s. If it can handle a simple GUI like in the article, or if it could handle an implementation of System 1, I'm sure an Apple ][ emulation would be no problem.

From what I gather in the article, any of these Forth programs have to be loaded off of the hard drive in order to be executed. I didn't really understand if they could be stored in non-volatile memory, and if the computer could be configured to run them when it is turned on. I don't know how much space there is for non-volatile memory, but it would be interesting to be able to write a really basic OS that runs off of it without having to read from the hard drive at all.

I suppose it's possible since you can update the firmware, but does Apple keep information about how to program the firmware proprietary, or is it open for people to tinker with?

For a moment I thought it read...

"In More Power To The Firmware Agent Smith talks about..."

AIOS?

It wouldn't be very Basic if it had DRM on it.

If BIOS is Going to be an OS, Then I Choose Linux!

What's happening here with EFI is that the BIOS has now grown to become an OS. If all you want BIOS to do is init the hardware and then jump to an OS then that's all the BIOS should be, just some init code to set up memory, chipset registers and cache so that it can jump to an OS for all the rest. But if you want the BIOS to do a whole lot more than just call it an OS and use an OS with lots of support with drivers already written.
And for this BIOS that's really acting and grown to be an OS, I choose Linux!

More at : http://www.linuxbios.org/

EFI brings back bad memories.

Back in the day, when I was a co-op student employee, I spent some time testing Linux drivers on Itanium systems. EFI was about as intuitive as a worm eaten apple (no docs, just a "hey, you're good at figuring things out, test this"). Plus, it kept forgetting changes to its configuration. Eventually, I became familiar with its obtuse ways, but it never exactly brought a smile to my face when I saw the EFI prompt.

That said, the PC BIOS should have been put out of its misery years ago. I'm just not sure EFI's really going to make developer's & users/admin's live that much easier.

1980 IBM PC BIOS source listing rocked

Let us not forget [com.com] that IBM published the assembly language source code listing for the original PC BIOS in full beginning in 1980.

This "openness" allowed and enabled the first generation of PC developers to see and understand what was going on at the firmware level - literally an open book and manna from heaven for the times.

This was not quite the precursor of today's open source movement though since IBM never granted permission to copy or use the code, but 1 billion PC compatibles later it is easy to see that IBM's approach unlocked at least one aspect of the value of openness.

Dan Bricklin comments thoughtfully about the PC BIOS in his blog [danbricklin.com]. Search for "purple".

Not Feature Complete

Until you can do email from within it.

Is This Revelant?

Wont this new standard die in a few years once we get those instant-on PCs using integrated silicon and nanotechnology?

That shell is atrocious

Backslashes? DOS-style dir listings? UGH, I thought the idea was to remove obsolescence.

Also, this is even worse than ACPI from a needless compl