Slashdot Mirror
More Power To The Firmware
An anonymous reader writes "In More Power To The Firmware Amit Singh talks about technical details of EFI, the next-gen BIOS replacement standard Intel, Microsoft and others are pushing. This is a very informative piece where he talks of issues with legacy BIOS, how it affects those who develop in the firmware environment and how EFI plans to solve these problems. EFI usage examples are included, including a programming example. He contrasts EFI with Open Firmware as well. IMO the second half of the article is even more interesting, where sample FORTH code is provided for displaying a window/mouse pointer GUI inside the Apple/Mac firmware! And of course, there's code for a new 'Towers of Hanoi' animation using the Mac firmware (remember Hanoimania?). Aspiring Mac Firmware Hackers could also check out the suggested projects ;-)"
We don't need DRM built into the BIOS, and that's exactly what would happen if Microsoft had a say in it.
I agree that we don't need more complexity. Let the OS handle the hardware as much as possible.
- It's not the Macs I hate. It's Digg users. -
"I'm not in favor of increasing the complexity of the bios."
Tough, it's happening.
"They can barely get them stable after a few updates now, how will it be when they are doing alot more?"
Modern BIOS is a lot more capacious that the days of the XT and AT, and it's usually really low level stuff that goes on. Given the separation between the people that do the hardware and people that have to handle the low level drivers, it's no surprise that hardware leaves the warehouse with unfinished drivers; couple to that the dizzying array of hardware that can attach to a motherboard, and you are going to have some patching. EFI look a lot more flexible in what it can do.
"I don't trust Microsoft and Intel to do it right."
And they speak so highly of you. Despite crappy business practices, they actually have some talented people that produce some good solid work. If you want to be paranoid, why don't you look up EFI and cross reference with DRM?
Oddly Draconis
Too cynical to live, too stubborn to die.
Then there will be a nice market for people to build non DRM machines, so that people can run their non Windows OS. I don't think it's time to panic just yet.
Glad to see there is attention being paid to the firmware end of things both commercially and as open source - that's one area your average geek is a little leary of toying with, due to Inoperative Hardware potential.
What I always worry about is the non-techical end of these things. BIOS level control on what software a computer can run is a much harder obstruction to overcome than things like driver issues. I wonder if they won't use the "Next Generation" mantra to say this is the perfect time to pass legislation that requires DRM control be built into all computational devices. OpenBIOS wouldn't be of much use if DRM laws require a closed system.
Also, if firmware gets too smart, you might get things like a DVD drive refusing to play a movie unless your operating system can guarantee it that you computer doesn't have the ability to copy content illegally.
When you can program games in BIOS level systems, I start to get a little wary. Keep my BIOS to the minimum please - configuration options needed to handle my hardware (things like boot order, low level configuration options the OS shouldn't know about, etc.) should be all the capability needed. A BIOS should be simple, efficient, and stick precisely to its job. I've got an OS for the rest. If the new system is good for that type of work, excellent. But if the hardware starts getting too smart for its own good, then I might wind up hauling out those two Sun Ultra 1s I bought - they should run more or less forever and I'll live with slower speeds in order to stick with a consumer friendly machine.
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
"'I don't trust Microsoft and Intel to do it right.'
And they speak so highly of you. Despite crappy business practices, they actually have some talented people that produce some good solid work. If you want to be paranoid, why don't you look up EFI and cross reference with DRM?"
It could be argued that the DRM tendancies of Microsoft/Intel are a reason not to trust them to do it right. As far as DRM goes, I would tend to define a BIOS with that in it as NOT doing it right.
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
You do realize that once this is in place, the **AA will convince Congress that only pirates, criminals, and terrorists would possibly want a computer without a "trusted" BIOS, don't you? Non-trusted hardware will go the way of Macrovision-free VCRs and Broadcast-flag-free HDTV tuners. When all of the Linux users and OS hackers raise holy hell, the response will be:
Jack Valenti: "These people are just a fringe nitch. Why should we threaten our precious content just to cater to the whims of a few people?"
Bill Gates: "The 'Trusted Computing Consotium' has made available [closed, blackboxed, and encrypted] APIs to the 'trusted hardware' industry spec. Why can't Linux use them just like any other OS?"
dinner: it's what's for beer
eg
Sure, you'd possibly be able to hack it. But if your DVD player's BIOS has non-changable firmware and talks to the systme BIOS over an encrypted channel - what chance would you have?
This is about having secure communication between everything. DVD -> Soundcard -> Speakers. All requiring authentication before they'll do anything.
If a square is really a rhombus, why aren't all triangles purple?
*And they speak so highly of you. Despite crappy business practices, they actually have some talented people that produce some good solid work. If you want to be paranoid, why don't you look up EFI and cross reference with DRM?*
what does talented people have to do with trusting them to do it 'right' for our viewpoint? in fact, why do you think that they would do it 'right' when even you accept the fact that they have 'crappy business practices' which is ultimately what chooses how they'll execute it, NOT if they have talented people or not!
world was created 5 seconds before this post as it is.
This is why it's good that IBM is in the Linux fold. If they want to keep selling Linux servers, they'll need to support a "trusted" BIOS. In order to abide by the GPL, they will have to release the source. This will allow support across the board, even on cheap consumer DRM-enabled devices.
Gamingmuseum.com: Give your 3D accelerator a rest.
Not to mention that Intel is also a huge Linux-backer, and is basically paying Linus Torvolds' salary now days. You can be sure that any Intel-based inititive is not going to be hostile to Linux.
(After fighting with grub's perverse view of the universe for a week, the conclusion is that better firmware can only help Linux adoption...)
Yeah, if non DRM machines become difficult to aquire...it'd be a shame to be relegated to a fringe niche who build our computers from kits, use obscure operating systems, share code and knowlege via informal and uncommercial channels, and generally operate in communities of geeky friends under the radar of multi-billion dollar companies.
Sometimes going back to such things seems like a really, really good idea.
All that this will mean is that the Hardware Of The Future will be built in fabs all over Asia, Africa, the Pacific, etc for non-US customers, developing inovative and new software/hardware products. Meanwhile, the Gnomes of Redmond will insure that inovation in no way enters the American equation. First the third world gets a boost in communication by not needing to amortize any legacy geer, now, if such nonsense goes forward it will boost them on the hardware front. Is Senegal going to be the new Silicon Valley?
- Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
What's happening here with EFI is that the BIOS has now grown to become an OS. If all you want BIOS to do is init the hardware and then jump to an OS then that's all the BIOS should be, just some init code to set up memory, chipset registers and cache so that it can jump to an OS for all the rest. But if you want the BIOS to do a whole lot more than just call it an OS and use an OS with lots of support with drivers already written.
And for this BIOS that's really acting and grown to be an OS, I choose Linux!
More at : http://www.linuxbios.org/
Quidquid latine dictum sit altum viditur
The one thing people always forget is that, in truth, Microsoft/Adobe/Autodesk need people to have pirated versions of their software. Have you ever noticed how quickly major pieces of software are cracked after release? My guess is that they unofficially provide people with information to make this possible.
If everyone absolutely and without an option had to pay for their version of Office/Autocad/Photoshop, free software would become ten times more popular in no time at all. Right now, software companies can keep their prices artificially high for the businesses that have to pay for it, and keep the "installed user base" artifically high without having to provide tech support.
It's sort of the same thing with laws in the States. If every law was enforced every time, then people would be pissed and they would go away. Instead, laws that aren't enforced 100% of the time can be used against people the government doesn't like.
If DRM ever hits 100% of the market, prices will go down because people will refuse to pay.
Now, IANAL but what I read on this topic seemed to indicate that only binaries would be signed, so even if you had the source, you'd be running untrusted binaries without any capacity to get them signed. This would of course be ok for IBM, but would cancel the benefit of having the source(you can't build a working binary from it). Maybe GPL4 can say that the source you get from a developer has to "be usable to generate a working binary equivalent to the binary you receive from vendor" next time...
Let us not forget that IBM published the assembly language source code listing for the original PC BIOS in full beginning in 1980.
This "openness" allowed and enabled the first generation of PC developers to see and understand what was going on at the firmware level - literally an open book and manna from heaven for the times.
This was not quite the precursor of today's open source movement though since IBM never granted permission to copy or use the code, but 1 billion PC compatibles later it is easy to see that IBM's approach unlocked at least one aspect of the value of openness.
Dan Bricklin comments thoughtfully about the PC BIOS in his blog. Search for "purple".
Controlling access to copyrighted media is not the DRM BIOS's direct role; its role is to ensure that the operating system that boots can be trusted to do so.
Right now, a secure trusted music player may ensure that the copyrighted media it plays never ends up in the wrong hands (i.e., the user's); however, there's nothing (in theory) stopping the no-good thieving user from replacing the audio device driver with one which makes a copy of the unencrypted sample stream elsewhere. If the OS requires drivers to be signed, then the OS can be hacked; they can boot from a hacked kernel which doesn't enforce this requirement.
This is where the DRM BIOS comes in; under it, all bootup code would have to be digitally signed. Any code that's signed would, in theory, continue the chain and not load any other code which is untrusted in a privileged capacity. Only once the black iron sandbox is built does any potentially untrustworthy code get loaded, where it can't do anything untoward.
Incidentally, this may be compatible with the GPL. Linux could still be distributed with source code you could look at; just that if you compiled your own kernel, it wouldn't boot on your machine (at least not on the bare metal).
On the contrary: if they do this right, it could really help hardware compatibility.
In the case of Sun and Apple machines, once you've got the Open Firmware driver in flash or ROM on the card, it just works. You can use it from the firmware, boot the system from it (if applicable), etc.
Contrast with my damn PC, which can't even boot firewire or my USB key, despite having both ports on the motherboard, where the BIOS people should have been able to make them fully compatible.
EFI has the potential to be a more modular solution (hence the E in EFI) where third-parties -- Promise, Adaptec, 3COM if they're still around -- can drop in drivers. No more relying on your mobo/BIOS manufacturer for boot-and-root support for your Megatron IV whatever, or remote console support for your Groovynet card.
This is a Good Thing.
Not to be a troll, but just cuz you can say it doesn't mean its true. Only history will be able to say that. Many of your comments are valid, but a balance needs to be made by supporting legacy vs. enabling hw and sw makers the freedom to innovate. I agree its annoying trying to get something to work when you didn't have any involvement in the design, but creating a hardware interface that meets everyone's needs (usb, grafix, lan, fibrechannel) might be worse than dealing with the problem. Hell, I'd love it if ieee standard came out that required everyone to either be little endian or big endian, but the hw world can't even decide on that. Can you expect them to come up with a standard interface for accessing devices.
That's the heart of the problem. The term 'Trusted Computing' only makes sense when you look at it in an orwellian sense. It's not the owner or user that can trust the computer, it's MS and the *AA that trust it.
If it was really worthwhile (and the name truthful), the BIOS would demand MY signature on the OS that I trust. In turn, the OS would demand MY signature on the apps that I trust. It would be reasonable in either case that I could sign a vendor's public key if I trust anything the vendor signs as well.
Naturally, MS and the *AA don't want that, they want to hold the keys (and thus the power) over the machine even while other people pay for it.
I am fine with them protecting their Preciousssss (erm, IP) if they want. I would suggest that they encase it in concrete and bury it at the botton of the ocean. Nobody will copy it then. If they like, I could even toss it into a volcano for them. (I seem to remember something about that in a highly successful and unencrypted book somewhere).
Backslashes? DOS-style dir listings? UGH, I thought the idea was to remove obsolescence.
Also, this is even worse than ACPI from a needless complexity standpoint.
That is soooo lame. If I have a recovery tape, which is common practice under HP-UX, I can't recover from it, unless I use a very uncomfortable 2-step procedure (booting from CD and then proceeding from tape). HP-UX is one of Itanium's "native" OSes, but EFI is somewhat of a step back in some parts compared to HP's Boot Console Handler.