Setup Utility.
Historically, the BIOS in the
IBM PC and XT had no built-in user interface. The BIOS versions in earlier PCs
(XT-class) were not software configurable; instead, users set the options via DIP switches on the motherboard. Later computers,
including all IBM-compatibles with 80286 CPUs, had a battery-backed nonvolatile BIOS memory (CMOS RAM chip) that held BIOS
settings. These settings, such as
video-adapter type, memory size, and hard-disk parameters, could only be
configured by running a configuration program from a disk, not built into the
ROM. A special "reference diskette" was inserted in an IBM AT to
configure settings such as memory size.
Early BIOS versions did not
have passwords or boot-device selection options. The BIOS was hard-coded to
boot from the first floppy drive, or, if that failed, the first hard disk.
Access control in early AT-class machines was by a physical key lock switch
(which was not hard to defeat if the computer case could be opened). Anyone who
could switch on the computer could boot it.
Later, 386-class computers started integrating the BIOS setup
utility in the ROM itself, alongside the BIOS code; these computers usually
boot into the BIOS setup utility if a certain key or key combination is
pressed, otherwise the BIOS POST and boot process are executed.
A modern BIOS setup utility has a menu-based user interface (UI) accessed by pressing a certain key on the keyboard
when the PC starts. Usually the key is advertised for short time during the
early startup, for example "Press F1 to enter CMOS setup". The actual
key depends on specific hardware. Features present in the BIOS setup utility
typically include:
·
Configuring the
hardware components, including setting their various operating modes and
frequencies (for example, selecting how the storage controllers are visible to
the operating system, or over locking the CPU)
·
Setting the system clock
·
Enabling or disabling
system components
·
Selecting which
devices are potential boot devices, and in which order booting from them will
be attempted
·
Setting various
passwords, such as a password for securing access to the BIOS user interface
functions itself and preventing malicious users from booting the system from
unauthorized portable storage devices, a password for booting the system, or a
hard disk drive password that limits access to it and stays assigned even if
the hard disk drive is moved to another computer.
Re-programming.
In modern PCs the BIOS is stored in rewritable memory, allowing the contents to be replaced or "rewritten". This rewriting of the contents is sometimes termed flashing, based on the common use of a kind of EEPROM known technically as "flash EEPROM" and colloquially as "flash memory". It can be done by a special program, usually provided by the system's manufacturer, or at POST, with a BIOS image in a hard drive or USB flash drive. A file containing such contents is sometimes termed "a BIOS image". A BIOS might be re flashed in order to upgrade to a newer version to fix bugs or provide improved performance or to support newer hardware, or re flashing operation might be needed to fix a damaged BIOS.
Hardware.
The original IBM PC BIOS (and
cassette BASIC) was stored on mask-programmed read-only
memory (ROM) chips in sockets on
the motherboard. ROMs could be replaced, but not altered, by users. To allow
for updates, many compatible computers used re-programmable memory devices such
as EPROM and later flash memory devices. According to Robert Braver,
the president of the BIOS manufacturer Micro Firmware, Flash BIOS chips became common around 1995
because the electrically erasable PROM (EEPROM) chips are cheaper and easier to
program than standard ultraviolet erasable
PROM (EPROM) chips. Flash chips are programmed (and re-programmed) in-circuit,
while EPROM chips need to be removed from the motherboard for re-programming.
BIOS versions are upgraded to take advantage of newer versions of hardware and
to correct bugs in previous revisions of BIOS.
Beginning with the IBM AT, PCs supported a hardware clock
settable through BIOS. It had a century bit which allowed for manually changing
the century when the year 2000 happened. Most BIOS revisions created in 1995
and nearly all BIOS revisions in 1997 supported the year 2000 by setting the century bit automatically when the clock
rolled past midnight, December 31, 1999.
The first flash chips were attached to the ISA bus. Starting in 1997, the BIOS flash moved to the LPC bus, a functional replacement for ISA, following a new
standard implementation known as "firmware hub" (FWH). In 2006, the
first systems supporting a Serial Peripheral Interface (SPI) appeared, and the BIOS flash memory moved again.
The size of the BIOS, and the
capacity of the ROM, EEPROM, or other media it may be stored on, has increased
over time as new features have been added to the code; BIOS versions now exist
with sizes up to 16 megabytes. For contrast, the original IBM PC BIOS was
contained in an 8 KiB mask ROM. Some modern motherboards are including even
bigger NAND flash memory ICs on board which are capable of
storing whole compact operating systems, such as some Linux distributions. For
example, some ASUS motherboards included Splash Top Linux
embedded into their NAND flash memory ICs. However, the idea of including
an operating system along with BIOS in the ROM of a PC is not new; in the
1980s, Microsoft offered a ROM option for MS-DOS, and it was included in the
ROMs of some PC clones such as the Tandy 1000 HX. Another
type of firmware chip was found on the IBM PC AT and early compatibles. In the
AT, the keyboard interface was controlled by a micro controller with
its own programmable memory. On the IBM AT, that was a 40-pin socketed device,
while some manufacturers used an EPROM version of this chip which resembled an
EPROM. This controller was also assigned the A20 gate function
to manage memory above the one-megabyte range; occasionally an upgrade of this
"keyboard BIOS" was necessary to take advantage of software that
could use upper memory. The BIOS may contain components such as the Memory
Reference Code (MRC), which is responsible for handling memory timings
and related hardware settings.
Vendors And Products.
IBM published
the entire listings of the BIOS for its original PC, PC XT, PC AT, and other
contemporary PC models, in an appendix of the Technical Reference manual for
each machine type. The effect of the publication of the BIOS listings is that
anyone can see exactly what a definitive BIOS does and how it does it. Phoenix Technologies was the first company to write a fully compatible and
completely legal BIOS through clean-room reverse
engineering. New standards grafted
onto the BIOS are usually without complete public documentation or any BIOS
listings. As a result, it is not as easy to learn the intimate details about
the many non-IBM additions to BIOS as about the core BIOS services.
Most PC motherboard suppliers
license a BIOS "core" and toolkit from a commercial third-party,
known as an "independent BIOS vendor" or IBV. The motherboard
manufacturer then customizes this BIOS to suit its own hardware. For this
reason, updated BIOS are normally obtained directly from the motherboard manufacturer.
Major BIOS vendors include American Megatrends (AMI), In side Software, Phoenix Technologies and Byosoft.
Former vendors include Award
Software and Micro
Research which were
acquired by Phoenix Technologies in 1998; Phoenix later phased out the
Award Brand name. General
Software, which was also acquired by Phoenix in 2007, sold BIOS for Intel
processor based embedded systems. The open
source community increased their effort to develop a replacement for
proprietary BIOSes and their future incarnations with an open sourced
counterpart through the core-boot and Open BIOS/Open Firmware projects. AMD provided
product specifications for some chipsets, and Google is
sponsoring the project. Motherboard manufacturer Tyan offers core-boot next to
the standard BIOS with their Opteron line of
motherboards. MSI and Gigabyte
Technology have followed suit with the MSI K9ND MS-9282 and MSI K9SD
MS-9185 resp. the M57SLI-S4 models.
|
Comparison of
different BIOS implementations
|
||||
|
AwardBIOS
|
AMIBIOS
|
Insyde
|
SeaBIOS
|
|
|
License
|
Proprietary
|
Proprietary
|
Proprietary
|
LGPL v3
|
|
Maintained / developed
|
No
|
Yes
|
Yes
|
Yes
|
|
32-bit PCI BIOS calls
|
?
|
?
|
?
|
Yes
|
|
AHCI
|
Yes
|
Yes
|
Yes
|
Yes
|
|
APM
|
Yes
|
Yes
|
Yes (1.2)
|
Yes (1.2)
|
|
BBS
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Boot menu
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Compression
|
Yes (LHA)
|
Yes (LHA)
|
Yes (RLE)
|
Yes (LZMA)
|
|
CMOS
|
Yes
|
Yes
|
Yes
|
Yes
|
|
EDD
|
Yes
|
Yes
|
Yes
|
Yes (3.0)
|
|
ESCD
|
Yes
|
Yes
|
?
|
No
|
|
Flash from ROM
|
?
|
Yes
|
?
|
No
|
|
Language
|
Assembly
|
Assembly
|
Assembly
|
C
|
|
LBA
|
Yes (48)
|
Yes (48)
|
Yes
|
Yes (48)
|
|
MultiProcessor
Specification
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Option ROM
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Password
|
Yes
|
Yes
|
Yes
|
No
|
|
PMM
|
?
|
Yes
|
?
|
Yes
|
|
Setup screen
|
Yes
|
Yes
|
Yes
|
No
|
|
SMBIOS
|
Yes
|
Yes
|
Yes
|
Yes (2.4)
|
|
Splash screen
|
Yes
|
Yes (PCX)
|
Yes
|
Yes (BMP, JPG)
|
|
USB booting
|
Yes
|
Yes
|
Yes
|
Yes
|
|
USB hub
|
?
|
?
|
?
|
Yes
|
|
USB keyboard
|
Yes
|
Yes
|
Yes
|
Yes
|
|
USB mouse
|
Yes
|
Yes
|
Yes
|
Yes
|
Security.
EEPROM chips are
advantageous because they can be easily updated by the user; hardware
manufacturers frequently issue BIOS updates to upgrade their products, improve
compatibility and remove bugs. However, this advantage had the risk that an
improperly executed or aborted BIOS update could render the computer or device
unusable. To avoid these situations, more recent BIOS use a "boot
block"; a portion of the BIOS which runs first and must be updated
separately. This code verifies if the rest of the BIOS is intact (using hash check sums or other methods) before transferring
control to it. If the boot block detects any corruption in the main BIOS, it
will typically warn the user that a recovery process must be initiated by
booting from removable media (floppy, CD or USB memory)
so the user can try flashing the BIOS again. Some motherboard shave a backup BIOS (sometimes referred to as
Dual BIOS boards) to recover from BIOS corruptions.
There are at least four known
BIOS attack viruses, two of which were for demonstration purposes. The first
one found in the wild was Mebromi, targeting Chinese users.
The first BIOS virus was CIH, whose
name matches the initials of its creator, Chen Ing Hau. CIH was also called the
"Chernobyl Virus", because its payload date was 1999-04-26, the 13th
anniversary of the Chernobyl
accident. CIH appeared in mid-1998 and became active in April 1999. It
was able to erase flash ROM BIOS content. Often, infected computers could no
longer boot, and people had to remove the flash ROM IC from the motherboard and
reprogram it. CIH targeted the then-widespread Intel i430TX motherboard chipset
and took advantage of the fact that the Windows
9x operating
systems, also widespread at the time, allowed direct hardware access to all
programs.
Modern systems are not
vulnerable to CIH because of a variety of chipsets being used which are
incompatible with the Intel i430TX chipset, and also other flash ROM IC types.
There is also extra protection from accidental BIOS rewrites in the form of
boot blocks which are protected from accidental overwrite or dual and quad BIOS
equipped systems which may, in the event of a crash, use a backup BIOS. Also,
all modern operating systems such as FreeBSD, Linux, OS X, Windows NT-based
Windows OS like Windows
2000, Windows
XP and
newer, do not allow user-mode programs to have direct hardware access. As a
result, as of 2008, CIH has become essentially harmless, at worst causing
annoyance by infecting executable files and triggering antivirus software.
Other BIOS viruses remain possible, however; since most Windows home users without
Windows Vista/7's UAC run all applications with administrative privileges, a
modern CIH-like virus could in principle still gain access to hardware without
first using an exploit. The operating system Opens prevents
all users from having this access and the gr security patch for the linux
kernel also prevents this direct hardware access by default, the difference
being an attacker requiring a much more difficult kernel level exploit or
reboot of the machine.
The second BIOS virus was a
technique presented by John Heasman, principal security consultant for UK-based
Next-Generation Security Software. In 2006, at the Black Hat Security
Conference, he showed how to elevate privileges and read physical memory, using
malicious procedures that replaced normal ACPI functions stored in flash memory.
The third BIOS virus was a
technique called "Persistent BIOS infection." It appeared in 2009 at
the Can Sec-West Security Conference in Vancouver, and at the SyS-Scan Security
Conference in Singapore. Researchers Anibal Sacco and Alfredo Ortega, from Core Security
Technologies, demonstrated how to insert malicious code into the decompression
routines in the BIOS, allowing for nearly full control of the PC at start-up,
even before the operating system is booted. The proof-of-concept does not
exploit a flaw in the BIOS implementation, but only involves the normal BIOS
flashing procedures. Thus, it requires physical access to the machine, or for
the user to be root. Despite these requirements, Ortega underlined the profound
implications of his and Sacco's discovery: "We can patch a driver to drop
a fully working rootkit. We even
have a little code that can remove or disable antivirus." Mebromi is a trojan which targets computers with Award BIOS, Microsoft Windows, and antivirus software from two Chinese companies: Rising Antivirus and Jiangmin KV Antivirus Mebromi installs a rootkit which
infects the master
boot record.
In a December 2013 interview
with CBS 60
Minutes, Deborah Plunkett, Information Assurance Director for the US National Security Agency claimed that NSA analysts had uncovered and
thwarted a possible BIOS attack by a foreign nation state. The attack on the
world's computers could have allegedly "literally taken down the US
economy." The segment further cites anonymous cyber security experts
briefed on the operation as alleging the plot was conceived in China. A later
article in The
Guardian cast
doubt on the likelihood of such a threat, quoting Berkeley computer-science
researcher Nicholas Weaver, Matt
Blaze, a computer and information sciences professor at the
University of Pennsylvania, and cyber security expert Robert David Graham in an
analysis of the NSA's claims.
Alternatives
And Successors.
As of 2011, the BIOS is being
replaced by the more complex Extensible Firmware Interface (EFI)
in many new machines. EFI is a specification which replaces the run time
interface of the legacy BIOS. Initially written for the Itanium architecture,
EFI is now available for x86 and x86-64 platforms;
the specification development is driven by The Unified
EFI Forum, an industry Special Interest Group. EFI booting has been supported in only Microsoft
Windows versions supporting GPT, the Linux
kernel 2.6.1 and later, and Mac OS X on Intel-based
Macs. Other alternatives to the functionality of the "Legacy
BIOS" in the x86 world include core boot.
A number of larger, more
powerful servers and workstations use a platform-independent Open Firmware (IEEE-1275) based on the Forth programming language; it is included with
Sun's SPARC computers, IBM's RS/6000 line, and other PowerPC systems such as the CHRP motherboards, along with the x86-based OLPC XO-1. Later
x86-based personal computer operating systems, like Windows NT, use their own,
native drivers; this makes it much easier to extend support to new hardware.