Slashdot Mirror
Phoenix's BIOS Roadmap
An anonymous reader writes "Phoenix Technologies Ltd. unveiled a vision and roadmap for a next generation of system BIOS firmware that the company calls "core system software" today, at its Strategy 2004 conference. As defined by Phoenix, CSS is a new category of core system firmware that transcends the boundaries of traditional BIOSes and to deliver "extensible firmware that provides the critical foundation of trust, manageability, and connectivity required for networked computing," in a broad range of devices including desktop and laptop PCs, servers, and handhelds gadgets. Specific technologies that Phoenix is integrating into its d-NA CSS firmware include: support for the Trusted Computing Group (TCG) specification, remote diagnostics and error-checking, intelligent configuration checking and integrated system policy management, automated provisioning of servers and server virtualization, "radically enhanced" device power management, embedded TCP/IP, remote management functions including dynamic provisioning, load balancing and software resource control, and an XML and SOAP standards-based interface to CSS functions."
Trust -- [...] In addition, Phoenix d-NA will incorporate a new class of Windows-advantaged components that leverage the Microsoft CryptoAPI (CAPI) to provide unprecedented trust and intrinsic security for systems running Windows and
If this crap cannot be disabled then I guess I won't be using Phoenix BIOSes in the future. This whole "trust" nonsense is a thinly veiled attempt at shifting some of the security-onus from the OS to the hardware with the blessing of Microsoft along with the side "benefit" of Digital Rights Management.
This may start a whole new style of hacking; releasing BIOSes for flashing which have the DRM/Trust shite removed.
Trolling is a art,
Trust -- Devices serving as network endpoints can be integrated into to an easy to implement "trustworthy computing" model that leverages secure, digitally signed core system software. This is the critical first link in a "chain of trust." In addition, Phoenix d-NA will incorporate a new class of Windows-advantaged components that leverage the Microsoft CryptoAPI (CAPI) to provide unprecedented trust and intrinsic security for systems running Windows and .NET applications.
.02,
Trust? I don't trust either of these two companies to do anything but take over computer applications and hardware forcing people to use them to "protect" their investments.
Manageability -- Intelligent devices and servers based on Phoenix d-NA are able to provide self-management, self-healing and self-authentication as standard capabilities. By leveraging Phoenix d-NA, software developers in a wide range of categories, from identity management to asset management, will be able to incorporate intrinsic "device authentication" into the fabric of their offerings.
In other words, we are going to give you a unique fingerprint that can be traced back to you. You better not try anything funny with our digitally signed OSs.
Is Microsoft taking over the BIOS?
No, they are forcing us to use them. They are also forcing us to have our computers be traced back to us.
Phoenix and Microsoft recently announced that they were collaborating on CSS firmware focused on WinPE (Microsoft's Windows Preinstallation Environment tool), security, and future Microsoft client and server OS releases, intended to "improve a device's reliability, usability, manageability, and security."
Bullshit. It *might* be for some of this. It's most definitely not their main goal. They want to be able to stop their programs from being run w/o their authority. While this is all and good I don't believe our privacy should be violated to do so.
Who's to say that the BIOS won't phone home and report usage statistics on what OS is running, if there are multiple ones installed, what hardware is in use, etc... Just what we need, direct marketing due to hardware installations.
Would this be different if it was a group creating an open standard? Perhaps but I still wouldn't like it. Being that it is one of the most sinister corporations ever teaming up with a single BIOS company it worries me. I wonder if they realize that they are going to become Apple. Didn't they make their money because of open hardware?
Just my worthless
Conspiracy theorists: "NOES!!!! TEH B|0S HAS TEH DRM!!! N0 MORE LINUX!!!!!111"
I, for one, welcome our new well-secured extensible BIOS overlords.
SCREW THE ADS! http://adblock.mozdev.org/ Proud user of teh Fox of Fire - Registered Linux User #289618
The bigger the ROM, the more vulnerable and the harder it is to patch. What a cool target, especially if it does network stuff!
extensible firmware that provides the critical foundation of trust, manageability, and connectivity required for networked computing
:
Trust ?
Real trust or trust like in
"smoking cigarettes doesn't cause cancer. Trust us."
"Hell hath no fury like a hippo with a machine gun."
At least it always did in the past. MS has yet to learn the lesson (and someday it will) that IBM had to learn: you have to evolve from a company that sets standards to a company that contributes to them.
First Palladium and now this?
Certainly cloaked under the "benefits" someone at MS has thought "Oh a way to make *nix useless on PC architecture".
You didn't think this was just going to affect Linux did you?
Maybe it's time to start helping out/using LinuxBIOS. I went to SCALE over the weekend and saw a interesting presentaion on LinuxBIOS, it has lots of benifits over other commercial BIOS's.
Its only to muck with the Slashdot editors. They might have to actually read to see which "DeCSS" the story is talking about before posting a dupe.
That to prevent confusion with the popular web-standard technology CSS, the CSS BIOS technology will before release be renamed to "Firebird", a name chosen after an exhaustive search based on the fact that it kind of describes "Phoenix" and hey, it's like the car.
To match this, and as part of the promotional effort for Firebird, they will be rebranding most of their products with animal-inspired names, for example renaming their remote-BIOS-diagnostics-and-administration technology to "Longhorn", a name to evoke images of stability. The entire promotional push will be branded to stockholders as the System Consolidation of Operations project, or SCO for short, overall an effort to draw together their product line for more clarity to consumers.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
"Will there be Windows-specific APIs in the BIOS? Are they available to other operating systems? Are these APIs cryptographically hidden from reverse engineering? Legally, do these APIs belong to Microsoft or to Phoenix? Is this a loophole with respects to the anti-trust settlement? This raises a lot of questions about the ability of hardware that includes this new Phoenix BIOS to run non-Microsoft operating systems. Would they run? Would they be crippled it they run? Would Microsoft customers switching to Linux have to change hardware as well, if their PCs run this BIOS? "
Tread very carefully.
This is braindead. Introducing a huge layer of complexity between the OS and hardware etc. Really the job of the BIOS should be to do as little as necessary and then hand things off to the OS. Does a BIOS truly need a TCP/IP stack? Perhaps it is time to put a bit more effort in to linuxBIOS.
If I had no sense of humor, I would long ago have committed suicide. -Ghandi
letting my BIOS do one thing and do it well ?
Embedded TCP/IP ? Huh ? Now I'm going to get hacked on the hardware level ?
Sunny Dubey
CSS is taken and is already confused by many a begining developer with eXtensible Stylesheet Language. Name it BIOS.NET instead.
Most of the viruses lately have been of the email-you-are-dumb variety. I'd been wondering where all the excellent boot sector and hardware level viruses of the 1980s and early 1990s had gotten to.
I couldn't stand yet-another I-love-you clone. I want some real destruction!
Crypto API is about strong encryption and non-pseudo-random-number-generators, and it also isn't new but has been around since NT4. see: Crypto API.
I thought hardware support would just speed up those functions, so disabling it wouldn't disable the features (which were around years before this hardware), just make them slower.
This is going to end up just like BIOS based Virus detection. To get anything to install on your computer you will have to reboot, enter the BIOS and turn this feature off and then enter the OS and install your app. How many of those BIOS virus protection features get turned back on after the first couple of times having to hassle with it?
If Phoenix thinks companies are going to pay for the digital certificate creation or whatever is needed to be able to install their app then they are mistaken. They should ask Microsoft how many software companies get them and keep them up to date. How many hardware vendors have gotten digital certs. on their drivers? Not many. As it is, we put the driver disk in that came w/ the hardware and move on. Or we download the latest driver from the net, install it and move on.
Just post md5 sums on the website w/ the driver and software downloads. Microsoft should build a simple MD5 sum checker that can be loaded from Windowsupdate. That would be the BEST thing they could do for security.
YMMV and if you break it, you get to keep both parts.
--Somewhere there is a village missing an idiot.
I want a kitchen sink included in the BIOS!!!
Really... why not scrap all that and add a JVM instead... That at least would be usefull...
I think people are really, really missing something here with all the Microsoft hate. If this product does what it says it will, and does it well, it is a major step up for the x86 server.
I've always enjoyed the way Sun systems are designed for remote managability, same with HP's PA-RISC servers and workstations as well and IBM's Power offerings. Sun's is the one I've had the most experiece with and it rocks. Networking booting into single user mode when your disks or file systems go bad, doing hardware diagnostics or just porting Doom to Forth. Anyway, where was I?
Oh yeah. I'm sick of having to walk down to the server room to get on the console of Linux boxes and there are a slew of things that cannot easily be done with current x86 offerings.
Hopefuly this BIOS can give x86 boxes a step up in managability.
If there's TCP/IP support in the BIOS, how much of a step would it be to have support for booting iSCSI?
I believe that there's a lot of intest in diskless PCs in the corporate environment (with the storage on large storage servers). There are huge advantages in system administration possible with such a setup, not to mention better environmentals in the workspace.
Well that sure explains why IBM is doing so much better that MS, doesn't it? I'm not trying to troll, it's just that what motivation does MS have to follow other peoples standards when they can set the terms themselves and force the rest of the world to follow without any repercussions? I'm with you in wishing that they would, but don't fool yourself into thinking that it would actually be good for MS's bottom line, all it would do would let other people compete on a more equal ground, and they don't want that to happen.
SCO.com uses Linux
Here's the problem I see with this type of advanced bios. How long will it be until a virus is written that exploits bios code? Imagine the horror of having to flash your bios to rid yourself of the latest internet worm.
Do these people remember that BIOS stands for Basic Input-Output System? It is designed to be the foundation of the computer system, not the latest futile gesture to stop piracy.
I give the "security features" 6 months to get hacked, and then all we are left with security holes and bugs that could theoretically destroy hardware. This is progress?????
----
Squirrel
I won't be happy until my bios comes with a relational database, skinnable 3d windowing environment and a full J2EE stack.
In addition, I should be able to download bug fixes, new features and skinds from a website, call it biosupdate.com
Come on Phoenix, listen to your customers!
Seeing that take a slashdotting is what we're really interested in... totally in the spirit of slash (TM)
Conversion Rate Optimisation French / English consultant
I would personally like firmware on motherboards that made stuff like installing linux accross a network and configuring dual boot machines a little easier-particularly for novices.
Seems to me this whole plan is merely an attempt by Phoenix to make their product more desirable by throwing more features into it. We've seen this pattern before with disk controllers, disk drives, network cards, motherboards, monitors, keyboards, mice, etc.
Unfortunately for them, aside from Microsoft's "let's integrate security with hardware" gambit, the trend has been to rely less and less on the BIOS.
Sorry, I don't really want my BIOS to do any more than get my machine started up, thank you very much. Simple=beautiful.
The Phoenix BIOS Business Plan:
Step 1: Pile on the complexity
Step 2: Become more important to the consumer
Step 3: Profit!
It could set a good example for other BIOS developers if Phoenix retracts their decision and removes CSS from their BIOS. Please send them an email and let them know of your opinion. Whether or not you use, or would use Phoenix products, lets let other manufacturers know we won't stand for this type of activity.
+ us /
http://www.phoenix.com/en/about+phoenix/contact
To: americas_sales@phoenix.com
Subject: Phoenix CSS BIOS
Just wanted to let you know ahead of time, that I won't be purchasing any product that includes your CSS BIOS, and I will go out of my way to avoid it. I will also make sure that any product recommendations that I make to my current employer will not include your BIOS. Just thought I'd let you know of my opinion, as a consumer, and someone who's owned motherboards with Phoenix BIOS in the past. I hope you reverse your decision, until then, I'll shop elsewhere.
Thanks for your time, and consideration on this matter.
Jon
I can't wait for the first flashable Linux-on-BIOS distro. Of course, the DRM system probably won't allow it.
If a job's not worth doing, it's not worth doing right.
Crypto API is designed to give your applications a consistent and secure way to encrypt data by asymetric encryption. Support in hardware is designed to speed this process up.
It might be used instead of PGP to encrypt your home directory, you can use it to securely communicate over networks, you can use it to generate great passwords.
That it's there is a good thing (tm), but someone might use it to keep stuff from you.
"Welcome to the real world".
Intel has been working on EFI since 1998. This is just a rip off of that.
They can try all they... they can put all the DRM in the hardware, slap people with the DMCA if they try to work around it, that will only succeed in the doing 2 things:
1) [maybe] Raise awareness of the evil of the DMCA, and finally get it reversed.
2) [surely] Give huge competitive advantages to foreign companies that will start selling non-DRM enabled hardware.
Nowadays, how many MP3 players do you see out there, and how many proprietary DRM-Only players can you find ?
Also, how many non-US governments will tolerate having their hardware totally locked and at the mercy of an US corporation ?
I suppose you've never tried running Linux on any non-clone x86 box right? The BIOSes on the HP/Compaq blade and DL-series enterprise servers are pretty advanced. While the iLO (integrated lights out) feature on the Compaq BIOS is not perfect (it's too damn slow for one, especially when your console goes to graphics mode), it almost gives you a fully functional console over a 100 MBps Ethernet link. In fact, this is the only way to access the console on a BL20p or similar blade server. Basically the only thing you can't do with iLO that you can do on the physical console is insert and eject removable media. Yeah, with this feature you can network boot into single user mode when your disks and filesystems go bad and do hardware diagnostics too.
No, this isn't meant to be anything even remotely resembling these remote management features. Phoenix is seriously in bed with Microsoft, and well, this their monster offspring is meant to be the first step toward Palladium or NGSCB or whatever the hell Microsoft calls it now.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Please, contribute to one of the various open/free hardware projects out there.
I am starting to think that the Athlon 64 I'm going to buy(when the price comes down a bit) may be my last CPU purchase for many years. Later board/chip combos look increasingly scary. Watch for a brisk underground economy develop for the last generations of DRM, TCP and MS free technology. It won't be much of a hardship. I can play games now at 1280x1024 in 32bit. By the time the curtain comes down, I'll be able to play them with anti-aliasing as well. Nothing else I have ever done (including voice recognition) needed the kind of horsepower required by Unreal Tournament 2003. If my computer can play that, its going to be a looooong time until I buy another.
As usual, the ideal solution would be free firmware, but a big step forward would be the adoption of OpenFirmware, a Forth-based open standard already used in Alphas, Sparcs and Powers.
Leandro Guimarães Faria Corcete DUTRA
DA, DBA, SysAdmin, Data Modeller
GNU Project, Debian GNU/Lin
You should also check out the OpenBios project. They are working towards making a working openfirmware solution that will work on the x86 platform.
Jumpstart the tartan drive.
With the number of features and calls that they are adding, their BIOS is getting close to being an operating system. Frankly, I see this as a good thing for Open Source.
The BIOS does not need to be "open" in order for Open Source to take advantage of this. By necessity they will have to publish their calls and protocols to allow the BIOS to be as effective as it can be. Using this information, Opne Source projects can have direct access to this "mini-os" and be able to build whatever they please around it.
Will this spell the end for Windows? I doubt it. But it may help level the playing field a bit.
In all examples you mention, there's some degree of legal security. If the ATM has the right logos and something goes wrong, the bank will have some obligations to set things straight. If somebody uses your credit card number, the risk is for the credit card company (it still sucks though) and car manufacturers actually have to submit their vehicles to extensive testing before they are allowed on the road. If you can prove you had an accident because the manufacturer made a mistake you can get very rich (if you live in the US).
Anyway, palladium isn't about consumers but about the enterprise market (that's where the future revenue growth lies). DRM is interesting to MS because content providers pay for licensing it, not because consumers buy protected media.
In the enterprise market, trust is important. Companies will definately care about who they trust and about the integrity of their security. Some of them are in fact already very annoyed about the lack of security. MS telling them they will just have to believe in them is not going to be very convincing.
This is the fundamental problem that MS has so far not addressed.
Jilles
There is no need to fear this. This is just a matter of Phoenix proving a market trend. Either the proof will be true or false in the end. Which brings me to this point "who is in control?" and I say whomever has possesion of a thing controls it. We will have physical possesion of the hardware thus we will ultimately be the most powerful factor in this market. We can exersise this power or not. Those of you who have been around long enough will remember the days when you could buy your bios separtely from your motherboard or gasp program your own. This happens all the time in the embedded industry (not as much as it use to though). So if the market is unfavorable to Phoenix's new bios and unsavory locks on our hardware we can always roll our own. Nay you say? Well I offer up these links for you to browse. Free the bios open the bios
The truth suffers more from convictions than from lies.
You've just stated a slew of technologies here. But I think you are wrong about many items in the list.
* How many of these technologies require licensing to use?
* Of the ones that are listed why do you say they are "standards"? What makes a standard?
* DirectX is certainly a "standard". It is documented and standardized under Microsoft.
* Almost all the technologies listed are not "standards" as they are all proprietary in some way.
You are incorrect that these are recognized standards, they are not. The only true standards are those that have been recognized by working groups that are independent of the companies that developed them. True standards are recognized by non-profit organizations that have representatives from many vendors.
What is a "standard"???????
+1
This isn't about you trusting them. This is about them *not* trusting you.
The entire point of all these Trusted Computing initiatives is that the software/content makers do not trust their users to follow the limitations that the manufacturers want them to follow. Therefore, they want a hardware design that they can trust to enforce these limitations.
Let me say that again.
It's about the content providers trusting the hardware, because they don't trust you.
You trusting them has nothing to do with it. Be a good consumer and buy what you're told.
Yes, this is the "customer as enemy" worldview. You are, by definition, the enemy here. And it says a lot about the limitations they want, that they automatically assume you will want to violate those limitations, doesn't it?
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
Phoenix has mad several attempts to invade the privacy of PC end-users.
See
Phoenix Phone Home. 2001-06-19
and
Phoenix to embed bootup ads in BIOS
on Slashdot.
Phoenix, with its subsidary Award, is the largest player in the BIOS market. The only other big player is AMI.
Also, I can see a day when manufacturers advertise their LinuxBIOS compatibility. There's obviously money to be made from Linux...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"