Slashdot Mirror
More Power To The Firmware
An anonymous reader writes "In More Power To The Firmware Amit Singh talks about technical details of EFI, the next-gen BIOS replacement standard Intel, Microsoft and others are pushing. This is a very informative piece where he talks of issues with legacy BIOS, how it affects those who develop in the firmware environment and how EFI plans to solve these problems. EFI usage examples are included, including a programming example. He contrasts EFI with Open Firmware as well. IMO the second half of the article is even more interesting, where sample FORTH code is provided for displaying a window/mouse pointer GUI inside the Apple/Mac firmware! And of course, there's code for a new 'Towers of Hanoi' animation using the Mac firmware (remember Hanoimania?). Aspiring Mac Firmware Hackers could also check out the suggested projects ;-)"
I'm not in favor of increasing the complexity of the bios. They can barely get them stable after a few updates now, how will it be when they are doing alot more? Yeah I know that Sun Sparc's have a complicated bios, but they did it right. I don't trust Microsoft and Intel to do it right.
thisnukes4u.net
"but can you imagine any sort of Windows-dependent BIOS?"
No. Luckily, the article didn't mention one.
Oddly Draconis
Too cynical to live, too stubborn to die.
We don't need DRM built into the BIOS, and that's exactly what would happen if Microsoft had a say in it.
I agree that we don't need more complexity. Let the OS handle the hardware as much as possible.
- It's not the Macs I hate. It's Digg users. -
Here's a link to an older KT entry; "Status And Discussion Of EFI (Extensible Firmware Interface) Support"
Explains some history, rationale and technical details.
Belief is the currency of delusion.
Well, given that there's LinuxBIOS
The Tao of math: The numbers you can count are not the real numbers.
I have mentioned this plenty of times before. In order for Windows DRM to *really* work the OS has to require a BIOS that is tied directly to it.
The only way for this to happen is for MSFT to cut deals w/the BIOS manufactorers (which they have done already w/Phoenix).
*MOST* people are not going to care one way or the other (ie "free" hardware while paying for the software) as long as their computer runs without problems, they have no work lost because of viruses, etc.
It's actually pretty scary when you think about it. You want to buy a piece of hardware? You are going to be buying it w/a MSFT approved DRM BIOS and their OS. Nothing else will install w/that BIOS because that would allow for software that isn't approved to be running (OS included). Take the BIOS out or flash it? None of the rest of the hardware will work either.
Then there will be a nice market for people to build non DRM machines, so that people can run their non Windows OS. I don't think it's time to panic just yet.
Now, now - that's enough of the negative thoughts. I think you should go to the M$ retraining centre for re-education right now.
Stay tuned for new sig...
Glad to see there is attention being paid to the firmware end of things both commercially and as open source - that's one area your average geek is a little leary of toying with, due to Inoperative Hardware potential.
What I always worry about is the non-techical end of these things. BIOS level control on what software a computer can run is a much harder obstruction to overcome than things like driver issues. I wonder if they won't use the "Next Generation" mantra to say this is the perfect time to pass legislation that requires DRM control be built into all computational devices. OpenBIOS wouldn't be of much use if DRM laws require a closed system.
Also, if firmware gets too smart, you might get things like a DVD drive refusing to play a movie unless your operating system can guarantee it that you computer doesn't have the ability to copy content illegally.
When you can program games in BIOS level systems, I start to get a little wary. Keep my BIOS to the minimum please - configuration options needed to handle my hardware (things like boot order, low level configuration options the OS shouldn't know about, etc.) should be all the capability needed. A BIOS should be simple, efficient, and stick precisely to its job. I've got an OS for the rest. If the new system is good for that type of work, excellent. But if the hardware starts getting too smart for its own good, then I might wind up hauling out those two Sun Ultra 1s I bought - they should run more or less forever and I'll live with slower speeds in order to stick with a consumer friendly machine.
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
The OS is the BIOS? Either you're trolling [but given your subject disclaimer, perhaps not], or you misunderstand the concept of abstraction layers, and their ordering. The BIOS cannot be dependent on Windows, it sits beneath the OS. The OS is dependent on it. Drivers, in effect, are mini-BIOSs in themselves. They abstract out the different hardware devices to a standard windows API. The BIOS that comes with your machine abstracts out the out-of-the-box components of your motherboard among other things. Sometimes windows drivers talk to the bios, but mostly they skip it altogether.
- Oisin
PGP KeyId: 0x08D63965
I don't see how DRM can be solved at the BIOS level. Unless the media player and file system are completely controlled by hardware with no OS intervention, there will always be a piece of software asking "Is this file OK to play/copy?" As long as this query exists, there is an opportunity for a programmer to fake the response and play the file anyways.
Let me add something that I find remarkable: I have not seen a single reference to Open Firmware in any EFI specification, presentation, whitepaper, or related document. Perhaps I did not look hard enough. This is not a criticism though. Some might argue that EFI's pathbreaking-ness is valid in the context of PCs, so it is appropriate not to mention prior similar ideas.
I'm not quite sure what that last part means - how can you say it's not appropriate to mention when the technology is so similar? Just because it hasn't been used on PC's before is no reason not to learn from what has been used before.
I would have liked to see more of a comparison of exactly whe EFI gives you over Open Firmware of today - I gathered it was the custom pre-boot programs and network connectivity, but I would have liked to see more examples of new things that make use of these features that you can't do in Open Firmware.
It's funny to have a whole article about EFI then show all the cool things you can do with an advanaced BIOS by giving Open Firmware demos. Sort of like watching a Longhorn demo of transparency in UI while working on a Mac.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You do realize that once this is in place, the **AA will convince Congress that only pirates, criminals, and terrorists would possibly want a computer without a "trusted" BIOS, don't you? Non-trusted hardware will go the way of Macrovision-free VCRs and Broadcast-flag-free HDTV tuners. When all of the Linux users and OS hackers raise holy hell, the response will be:
Jack Valenti: "These people are just a fringe nitch. Why should we threaten our precious content just to cater to the whims of a few people?"
Bill Gates: "The 'Trusted Computing Consotium' has made available [closed, blackboxed, and encrypted] APIs to the 'trusted hardware' industry spec. Why can't Linux use them just like any other OS?"
dinner: it's what's for beer
eg
Sure, you'd possibly be able to hack it. But if your DVD player's BIOS has non-changable firmware and talks to the systme BIOS over an encrypted channel - what chance would you have?
This is about having secure communication between everything. DVD -> Soundcard -> Speakers. All requiring authentication before they'll do anything.
If a square is really a rhombus, why aren't all triangles purple?
So I glaned over the article, and while it mainly focused on EFI being done for IA-64, it also hinted that EFI was available for x86. Does anyone know of any reasonable priced motherboards that use this as opposed to an older BIOS? I'm looking for the hinted at x86 support, as I don't feel like buying an Itanium. Also, while we are on the subject, is this an Intel only thing or does AMD have a say in the matter?
-- Fighting mediocrity one bad post at a time.
I don't know of any BIOS-based viruses but there certainly have been some viruses which will damage your BIOS on systems which keep it in flash/eeprom.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I've been using EFI (on Itanium) for quite some time, and have had zero issues with it. I really like the fact there are DCHP modules that allow networking to be started without the OS running. They have ftp servers, disk drivers and you can boot your machine from a remote image using bootp services. If your OS is dead on your disk, you can restart to efi and download a previous image on to your harddisk (or remote boot/install). Heck, you can run your code without even booting the OS. Imagine dedicated distributed.net clients that run straight from EFI without the overhead of an OS.
While I understand people have concerns that Microsoft is using this as a DRM delivery mechanism, there is nothing that is stopping Microsoft from working with Phoniex to add DRM to today's bios's. EFI (and non-legacy bios environments like openBios) make it easier for non-windows OSes to run on new Hardware. This isn't in microsoft's best interests. Microsoft wants a bios that only runs signed code (like their XBOX), so that you have to ask them nicely for a key to your equipment.
The author mentions that EFI is somehow better than Open Firmware, but I fail to see how. It all sounds like Intel decided to go their own way again (just like their Itanium had to be different and incompatible with any (RISC or CISC) CPU out there).
Why, for sanity's sake, can these companies never adopt a perfectly good standard, but do they always have to give everyone headaches by rolling their own? If Open Firmware has some deficiencies, surely they can be fixed with some incremental improvements?
The Intel Architecture is evolving...from the primitive, kludgy, underperforming, el cheapo to the overhyped, overheating, overexpensive and incompatible. Even IBM (Connector Conspiracy) and Apple (Think Different) are more open and standards-oriented these days.
Please correct me if I got my facts wrong.
I found the assertion that 64bit PC's don't use the BIOS rather amusing. Evidently bits of Intel still haven't managed to bring themselves to admit the existance of Athlon64 just yet.
This is why it's good that IBM is in the Linux fold. If they want to keep selling Linux servers, they'll need to support a "trusted" BIOS. In order to abide by the GPL, they will have to release the source. This will allow support across the board, even on cheap consumer DRM-enabled devices.
Gamingmuseum.com: Give your 3D accelerator a rest.
Not to mention that Intel is also a huge Linux-backer, and is basically paying Linus Torvolds' salary now days. You can be sure that any Intel-based inititive is not going to be hostile to Linux.
(After fighting with grub's perverse view of the universe for a week, the conclusion is that better firmware can only help Linux adoption...)
It would be fun to see someone port one of those Apple ][ emulators to this thing, so you can actually boot a Mac into an Applesoft programming mode, just like in the old Apple ]['s. If it can handle a simple GUI like in the article, or if it could handle an implementation of System 1, I'm sure an Apple ][ emulation would be no problem.
From what I gather in the article, any of these Forth programs have to be loaded off of the hard drive in order to be executed. I didn't really understand if they could be stored in non-volatile memory, and if the computer could be configured to run them when it is turned on. I don't know how much space there is for non-volatile memory, but it would be interesting to be able to write a really basic OS that runs off of it without having to read from the hard drive at all.
I suppose it's possible since you can update the firmware, but does Apple keep information about how to program the firmware proprietary, or is it open for people to tinker with?
Let us not forget that IBM published the assembly language source code listing for the original PC BIOS in full beginning in 1980.
This "openness" allowed and enabled the first generation of PC developers to see and understand what was going on at the firmware level - literally an open book and manna from heaven for the times.
This was not quite the precursor of today's open source movement though since IBM never granted permission to copy or use the code, but 1 billion PC compatibles later it is easy to see that IBM's approach unlocked at least one aspect of the value of openness.
Dan Bricklin comments thoughtfully about the PC BIOS in his blog. Search for "purple".
Developers (that means you) will have to be able to sign their own software, or the system would be pointless. This would be an extra command in the makefile, no biggie.
You don't understand Trusted Computing. It's not about signing software. There's no need to sign at all. What happens is if you change the software at all - even a single instruction - that that software no longer works with and existing data and can no longer communicate with other programs on the internet.
The Trust chip generates a hash of the software. The hash is linked to an encryption key. If you change the software you lose the hash and can no longer get the the decryption key at all. Nothing works anymore. Very biggie.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
On the contrary: if they do this right, it could really help hardware compatibility.
In the case of Sun and Apple machines, once you've got the Open Firmware driver in flash or ROM on the card, it just works. You can use it from the firmware, boot the system from it (if applicable), etc.
Contrast with my damn PC, which can't even boot firewire or my USB key, despite having both ports on the motherboard, where the BIOS people should have been able to make them fully compatible.
EFI has the potential to be a more modular solution (hence the E in EFI) where third-parties -- Promise, Adaptec, 3COM if they're still around -- can drop in drivers. No more relying on your mobo/BIOS manufacturer for boot-and-root support for your Megatron IV whatever, or remote console support for your Groovynet card.
This is a Good Thing.
That's the heart of the problem. The term 'Trusted Computing' only makes sense when you look at it in an orwellian sense. It's not the owner or user that can trust the computer, it's MS and the *AA that trust it.
If it was really worthwhile (and the name truthful), the BIOS would demand MY signature on the OS that I trust. In turn, the OS would demand MY signature on the apps that I trust. It would be reasonable in either case that I could sign a vendor's public key if I trust anything the vendor signs as well.
Naturally, MS and the *AA don't want that, they want to hold the keys (and thus the power) over the machine even while other people pay for it.
I am fine with them protecting their Preciousssss (erm, IP) if they want. I would suggest that they encase it in concrete and bury it at the botton of the ocean. Nobody will copy it then. If they like, I could even toss it into a volcano for them. (I seem to remember something about that in a highly successful and unencrypted book somewhere).