Forgot your password?
typodupeerror
Intel Software

Intel To Release Next-Gen BIOS Code Under CPL 224

Posted by timothy
from the old-texas-town-of-el-paso dept.
An anonymous reader writes "Intel said today that it plans to release the 'Foundation code' of its next-generation firmware technology -- a successor to the PC BIOS -- under the Common Public License (CPL), an open source license, later this year. More than 20 years old, the BIOS (Basic Input-Output System) is the oldest software technology in PC platforms. Intel says its firmware Foundation code, a result of a project codenamed Tiano, 'provides that the successor to the BIOS will be based on up-to-date software technology.' The Foundation code is designed to be extended with new features and services, such as improved platform manageability, serviceability, and administrative interfaces which are too complex to implement in the old BIOS environment, according to Intel."
This discussion has been archived. No new comments can be posted.

Intel To Release Next-Gen BIOS Code Under CPL

Comments Filter:
  • by ThisNukes4u (752508) <.moc.liamg. .ta. .ippoct.> on Tuesday June 01, 2004 @10:22PM (#9311120) Homepage
    Sorry, but right now Intel isn't a viable option for servers, at least multi-processor ones. The front side bus speed and it being shared kills the performance of the otherwise great Xeon. Opterons are at a decent price range now for 2-4 x42-x46, and they are great performers as well as being 64bit compatiable. Also, the Xeon platform is most likely going to be replaced by whatever Intel's answer to AMD64 is, so upgrading is not too good. On the other hand, the Opteron is here to stay.
  • Re:Not again... (Score:5, Informative)

    by Dun Malg (230075) on Tuesday June 01, 2004 @10:27PM (#9311149) Homepage
    Processor ID's sucked

    I never had a problem with Intel's processor ID. Every networked computer already has a unique MAC address. What is the difference?

    MAC addresses can be changed by swapping out a $15 part and in some cases can be changed in firmware, so they're not an effective tracking/identification tool. Processor IDs are hardcoded and unique. Thankfully, they can also be turned off.

  • Re:Not again... (Score:5, Informative)

    by SeanTobin (138474) * <byrdhuntr@ho[ ]il.com ['tma' in gap]> on Tuesday June 01, 2004 @10:27PM (#9311150)
    I never had a problem with Intel's processor ID. Every networked computer already has a unique MAC address. What is the difference?
    The big problem that many people had with the processor ID's initially was that you couldn't turn them off. Any program running localy could query your PID and send it off to god knows where. It wasn't until later that they released bios updates that allowed you to turn the feature off.

    So, it wasn't the fact that the computer had a uniquely identifiable number (ip address/mac address/whatever), its the fact that you didn't have control over the use of that number.

    I can deny you access to my ip address (I just don't connect to your server/use a proxy). I can also deny you access to my mac address (spoofing/proxies/whatnot). The rebellion people had was they couldn't deny programs access to your PID. Now, there wasn't any particular reason to deny programs access to a PID yet but it isn't too hard to think of a few.

    Anyway, enough rambling. It was the removal of choice that set people off. We didn't have a choice to not use the feature - Assuming we stuck with Intel processors.
  • by Landaras (159892) <neil@nOSpam.wehneman.com> on Tuesday June 01, 2004 @10:51PM (#9311283) Homepage
    More information is in a similar article [com.com] over at News.com.

    They mention that proprietary BIOS's is one of the key obstacles to implementing proper power management (ie hibernation) under Linux.

    - Neil Wehneman
  • OpenFirmware (Score:5, Informative)

    by leandrod (17766) <l&dutras,org> on Tuesday June 01, 2004 @10:58PM (#9311329) Homepage Journal
    One more advantage of RISC systems: OpenFirmware is a real standard, while Intel just wants us to believe it has an 'open architecture standard' and an 'SIG' instead of conforming to an already existing, real open standard.

    One more instance of the proprietary lock-in game.
  • Re:OpenFirmware (Score:5, Informative)

    by Etcetera (14711) * on Tuesday June 01, 2004 @11:25PM (#9311445) Homepage

    That's exactly what I was going to post :) So.... I'll post some useful links instead! For those that don't know, Open Firmware is a FORTH-based boottime environment that handles all Sun and Mac machines recently produced, and also was used in the PReP/CHRP boards. IBM may still use it in some areas, I'm not sure...

    The Firmworks stuff with Linux and OF looks particularly neat...



    And here's a cool example of things you can do with OF. Two-machine mode boot debugging [apple.com]
  • Re:OpenBoot? (Score:3, Informative)

    by pavon (30274) on Tuesday June 01, 2004 @11:29PM (#9311473)
    One of the big features of this new bios is that it is completely backwards compatible (as far as the OS is concerned) with the current BIOS. I don't think that switching OpenFirmware would be quite as seamless of a transistion.
  • by stox (131684) on Tuesday June 01, 2004 @11:47PM (#9311552) Homepage
    If memory serves correct, the ASM source for the BIOS was published as part of the original PC/XT Technical Reference Manual.
  • Re:OpenBoot? (Score:4, Informative)

    by ronaldgminnich (567142) on Wednesday June 02, 2004 @12:06AM (#9311631)
    Why not open boot? Because the "open" means only "open spec".

    Open Boot is not Open Source Have you ever wondered why nobody ports it to lots of things? Or why http://www.openbios.org exists? Simple. Open Boot is a marketing name.

    Again, Open Boot is NOT Open Source. It's just a cute name that seems to fool lots of people.

    But go ahead, prove me wrong: point to the Open Source site for Open Boot.
  • Re:Not really (Score:5, Informative)

    by ComputerSlicer23 (516509) on Wednesday June 02, 2004 @12:17AM (#9311679)
    I don't think you are correct. If I can control the POST sequence, and I have the Microsoft Software, the system can be broken. Period.

    It's the ability to flash the BIOS that will make it happen. At some point, Microsoft will have to trust a piece of hardware. If they trust the software, it's merely a matter of time to find out where the branch is that says "yes this is trustworthy", and change the binary so that branch always takes "trustworthy" choice. Just like if I have access to your GPG binary, I can say that a message I sent you is in fact signed by Microsoft (the element of trust everone forgets is that you have to trust the binary sources, in this case, Microsoft can't, as I can fiddle with them). This is an arms race that Microsoft will always lose, it's just a fact of life.

    So they must trust a piece of hardware at some point. That hardware must be untamperable, with no way for me to interject myself between it and the Microsoft hardware. As soon as I can interject myself between Microsoft and that piece of hardware, I've won. If I have access to the BIOS, all I have to do is setup some type of virtualization software (Think VMware). At this point, all I have to do is emulate the piece of hardware, and jigger it to always say: "Trustworthy" (essentially a MITM).

    If you don't believe that type of attack is plausible, then remember also, I control the client, at some point, I can attack the PKI system. I have access to the PKI portion. At some point, you must have absolute trust of the PKI system, I have the client, what would it take to beat that system? Does Microsoft keep it's list of keys someplace around (it has to, I can subvert that)? That's like giving me access to the root cert's for your Web Browser. You'll trust my hacker sites if I can insert my key into your list of "trustworthy certs". At some point, if I have access to the boot sequence, I can break the system.

    The only way it could be secure is to have the hardware have the list of trustworthy keys and have the hardware never give up control to anything that is considered untrusted.

    How does Microsoft check that they are running on such a trusted? At some point, they either have to trust the hardware implicitly (which I can fake), or they have it in software that I can modify. At that point, it's either making an untrustworthy piece of hardware (or emulating one), or fiddling the bits of the software. In the end, DRM is a losing proposition. All DRM systems will be broken.

    Microsoft might be able to encrypt the software, and only allow it to be decrypted by modules hardware that has the public key embedded inside. However, somebody will just tear the thing apart, or use an X-ray machine to just extract the public key (which at this point is merely a secret piece of data, not really a public key).

    Kirby

  • Re:Great! (Score:2, Informative)

    by PXE Geek (754288) on Wednesday June 02, 2004 @12:18AM (#9311688)

    Forget the BIOS patch. Why boot to Linux when you're already booting to BSD [slashdot.org]?

    With EFI having a built-in TCPIP stack, you can bet that an EFI based Web server is only a recompile away for some people.

    PXEGeek

  • Re:CPL (Score:3, Informative)

    by geminidomino (614729) on Wednesday June 02, 2004 @07:21AM (#9313167) Journal
    From the license:
    When the Program is made available in source code form:

    a) it must be made available under this Agreement; and

    b) a copy of this Agreement must be included with each copy of the Program.



    And:


    A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that:

    a) it complies with the terms and conditions of this Agreement; and

    b) its license agreement: ...

    iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange.


    Looks like it's just as viral as the GPL, just less frothing behind it. I could be reading it wrong, but it doesn't look like it is any less different from BSD License than the GPL is.
  • by Rich0 (548339) on Wednesday June 02, 2004 @04:14PM (#9318493) Homepage
    Only if there is only one private key. If each machine has a serial number and a unique key, and there is a published databases of serial numbers and public keys, then each machine must be cracked once.

    DeCSS works only because there are only a few hundred DVD keys that work on all players.

    Imagine if CSS were implemented by:

    1. DVD player dials DVD consortium over phone.
    2. DVD player supplies mainframe with DVD serial number and DVD player serial number.
    3. DVD consortium supplies unlock code for that particular DVD (not title - that copy).

    If you could hack your player you might be able to get the code and then rip the DVD. But only that DVD. And by dialing up you potentially identified yourself to the consortium so they have the ability to look for trends, and if the DVD video was watermarked they might be able to identify copies that you make. If they narrowed down a likely copier to one of 50 possibly-hacked DVD players they'd just tell the mainframe not to supply codes for any of them, and the 49 legit people would call up and complain, they'd send out a service guy who would check for tampering and then call in and re-enable the player. The guy who didn't call in gets a visit from the BSA...

    Sure, this is impractical for DVDs - which is why it wasn't done this way. But if it were done this way there would be no DeCSS.

    And if Palladium does take off, this is how it will be done - it is easy to make computers phone home since this technology is being applied to media that will be available online.

    As long as each computer has its own private key, you'll never find a practical crack unless the key can be obtained through other channels. But if MS is smart, they'll use smartcard technology - have the computer generate its keypair and output only the public key. If the computer never outputs its private key then not even they will know it. Hence nobody can leak it.

    This is how modern smartcards work - not even the owner knows their private key. (That way the owner can't inadvertently lose it, or an attacker can't pretend they are the owner and get the key, since the card has no facility for doing this...)

Often statistics are used as a drunken man uses lampposts -- for support rather than illumination.

Working...