BIOS

BIOS

Overview
In IBM PC compatible
IBM PC compatible
IBM PC compatible computers are those generally similar to the original IBM PC, XT, and AT. Such computers used to be referred to as PC clones, or IBM clones since they almost exactly duplicated all the significant features of the PC architecture, facilitated by various manufacturers' ability to...

 computers, the basic input/output system (BIOS), also known as the System BIOS or ROM
Read-only memory
Read-only memory is a class of storage medium used in computers and other electronic devices. Data stored in ROM cannot be modified, or can be modified only slowly or with difficulty, so it is mainly used to distribute firmware .In its strictest sense, ROM refers only...

 BIOS
(ˈbaɪ.oʊs), is a de facto standard
De facto standard
A de facto standard is a custom, convention, product, or system that has achieved a dominant position by public acceptance or market forces...

 defining a firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...

 interface.
The BIOS software is built into the PC
Personal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...

, and is the first code run by a PC when powered on ('boot firmware'). When the PC starts up, the first job for the BIOS is to initialize and identify system devices such as the video display card, keyboard
Computer keyboard
In computing, a keyboard is a typewriter-style keyboard, which uses an arrangement of buttons or keys, to act as mechanical levers or electronic switches...

 and mouse, hard disk drive, optical disc drive and other hardware
Computer hardware
Personal computer hardware are component devices which are typically installed into or peripheral to a computer case to create a personal computer upon which system software is installed including a firmware interface such as a BIOS and an operating system which supports application software that...

.
Discussion
Ask a question about 'BIOS'
Start a new discussion about 'BIOS'
Answer questions from other users
Full Discussion Forum
 
Unanswered Questions
Encyclopedia
In IBM PC compatible
IBM PC compatible
IBM PC compatible computers are those generally similar to the original IBM PC, XT, and AT. Such computers used to be referred to as PC clones, or IBM clones since they almost exactly duplicated all the significant features of the PC architecture, facilitated by various manufacturers' ability to...

 computers, the basic input/output system (BIOS), also known as the System BIOS or ROM
Read-only memory
Read-only memory is a class of storage medium used in computers and other electronic devices. Data stored in ROM cannot be modified, or can be modified only slowly or with difficulty, so it is mainly used to distribute firmware .In its strictest sense, ROM refers only...

 BIOS
(ˈbaɪ.oʊs), is a de facto standard
De facto standard
A de facto standard is a custom, convention, product, or system that has achieved a dominant position by public acceptance or market forces...

 defining a firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...

 interface.
The BIOS software is built into the PC
Personal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...

, and is the first code run by a PC when powered on ('boot firmware'). When the PC starts up, the first job for the BIOS is to initialize and identify system devices such as the video display card, keyboard
Computer keyboard
In computing, a keyboard is a typewriter-style keyboard, which uses an arrangement of buttons or keys, to act as mechanical levers or electronic switches...

 and mouse, hard disk drive, optical disc drive and other hardware
Computer hardware
Personal computer hardware are component devices which are typically installed into or peripheral to a computer case to create a personal computer upon which system software is installed including a firmware interface such as a BIOS and an operating system which supports application software that...

. The BIOS then locates boot loader software held on a peripheral device (designated as a 'boot device'), such as a hard disk
Hard disk
A hard disk drive is a non-volatile, random access digital magnetic data storage device. It features rotating rigid platters on a motor-driven spindle within a protective enclosure. Data is magnetically read from and written to the platter by read/write heads that float on a film of air above the...

 or a CD/DVD
DVD
A DVD is an optical disc storage media format, invented and developed by Philips, Sony, Toshiba, and Panasonic in 1995. DVDs offer higher storage capacity than Compact Discs while having the same dimensions....

, and loads and executes that software, giving it control of the PC.
This process is known as booting, or booting up, which is short for bootstrapping.

BIOS software is stored on a non-volatile ROM
Read-only memory
Read-only memory is a class of storage medium used in computers and other electronic devices. Data stored in ROM cannot be modified, or can be modified only slowly or with difficulty, so it is mainly used to distribute firmware .In its strictest sense, ROM refers only...

 chip on the motherboard
Motherboard
In personal computers, a motherboard is the central printed circuit board in many modern computers and holds many of the crucial components of the system, providing connectors for other peripherals. The motherboard is sometimes alternatively known as the mainboard, system board, or, on Apple...

. It is specifically designed to work with each particular model of computer, interfacing with various devices that make up the complementary chipset of the system. In modern computer systems the BIOS chip's contents can be rewritten
EEPROM
EEPROM stands for Electrically Erasable Programmable Read-Only Memory and is a type of non-volatile memory used in computers and other electronic devices to store small amounts of data that must be saved when power is removed, e.g., calibration...

 without removing it from the motherboard, allowing BIOS software to be upgraded in place.

A BIOS has a user interface
User interface
The user interface, in the industrial design field of human–machine interaction, is the space where interaction between humans and machines occurs. The goal of interaction between a human and a machine at the user interface is effective operation and control of the machine, and feedback from the...

 (UI), typically a menu system accessed by pressing a certain key on the keyboard when the PC starts. In the BIOS UI, a user can:
  • configure hardware
  • set the system clock
  • enable or disable system components
  • select which devices are eligible to be a potential boot device
  • set various password prompts, such as a password for securing access to the BIOS UI functions itself and preventing malicious users from booting the system from unauthorized peripheral devices.


The BIOS provides a small library of basic input/output functions used to operate and control the peripherals such as the keyboard, text display functions and so forth, and these software library functions are callable by external software. In the IBM PC and AT, certain peripheral cards such as hard-drive controllers and video display adapters carried their own BIOS extension Option ROM
Option ROM
An Option ROM typically consists of firmware that is called by the system BIOS. For example, an adapter card that controls a boot device might contain firmware that is used to connect the device to the system once the Option ROM is loaded....

, which provided additional functionality. Operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

s and executive software, designed to supersede this basic firmware functionality, will provide replacement software interfaces to applications.

The role of the BIOS has changed over time. As of 2011, the BIOS is being replaced by the more complex Extensible Firmware Interface
Extensible Firmware Interface
The Unified Extensible Firmware Interface is a specification that defines a software interface between an operating system and platform firmware...

 (EFI) in many new machines, but BIOS remains in widespread use, and EFI booting has only been supported in Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

's operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

 products supporting GPT
GUID Partition Table
In computer hardware, GUID Partition Table is a standard for the layout of the partition table on a physical hard disk. Although it forms a part of the Extensible Firmware Interface standard , it is also used on some BIOS systems because of the limitations of MBR partition tables, which restrict...

 and Linux kernel
Linux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....

s 2.6.1 and greater builds (and in Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...

 on Intel-based Macs). However, the distinction between BIOS and EFI is rarely made in terminology by the average computer user, making BIOS a catch-all term for both systems.

Terminology


The term BIOS (Basic Input/Output System) was invented by Gary Kildall
Gary Kildall
Gary Arlen Kildall was an American computer scientist and microcomputer entrepreneur who created the CP/M operating system and founded Digital Research, Inc....

 and first appeared in the CP/M
CP/M
CP/M was a mass-market operating system created for Intel 8080/85 based microcomputers by Gary Kildall of Digital Research, Inc...

 operating system in 1975, describing the machine-specific part of CP/M loaded during boot time that interfaced directly with the hardware
Computer hardware
Personal computer hardware are component devices which are typically installed into or peripheral to a computer case to create a personal computer upon which system software is installed including a firmware interface such as a BIOS and an operating system which supports application software that...

 (CP/M machines usually had only a simple boot loader in their ROM
Read-only memory
Read-only memory is a class of storage medium used in computers and other electronic devices. Data stored in ROM cannot be modified, or can be modified only slowly or with difficulty, so it is mainly used to distribute firmware .In its strictest sense, ROM refers only...

). Later versions of CP/M, as well as Concurrent CP/M, Concurrent DOS, DOS Plus
DOS Plus
DOS Plus is an operating system written by Digital Research, first released in 1985. It can be seen as an intermediate step between CP/M-86 and DR-DOS....

, Multiuser DOS
Multiuser DOS
Multiuser DOS is a soft real-time multi-user multi-tasking operating system for IBM PC-compatible microcomputers.An evolution of the older Concurrent CP/M-86 and Concurrent DOS operating systems, it was originally developed by Digital Research and later further developed by Novell...

, System Manager and REAL/32 came with an XIOS (Extended Input/Output System) instead of the BIOS. Most versions of DOS
DOS
DOS, short for "Disk Operating System", is an acronym for several closely related operating systems that dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 if one includes the partially DOS-based Microsoft Windows versions 95, 98, and Millennium Edition.Related...

 have a file called "IO.SYS
IO.SYS
IO.SYS is an essential part of MS-DOS and Windows 9x. It contains the default MS-DOS device drivers and the DOS initialization program.- Boot sequence :...

", "IBMBIO.COM
IBMBIO.COM
IBMBIO.COM is the filename of the DOS-BIOS in many DOS operating systems, and as such part of PC-DOS, earlier versions of MS-DOS, and DR DOS 5.0 and higher...

", "IBMBIO.SYS" or "DRBIOS.SYS", called the DOS BIOS, that is analogous to the CP/M BIOS.

Among other classes of computers, the generic terms boot monitor
Boot monitor
A boot monitor is a small interactive computer program that allows a computer operator to load an operating system. Such programs are stored in read-only memory or in a known location on disk...

, boot loader or boot ROM
Booting
In computing, booting is a process that begins when a user turns on a computer system and prepares the computer to perform its normal operations. On modern computers, this typically involves loading and starting an operating system. The boot sequence is the initial set of operations that the...

were commonly used. Some Sun and PowerPC-based computers use Open Firmware
Open Firmware
Open Firmware, or OpenBoot in Sun Microsystems parlance, is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers . It originated at Sun, and has been used by Sun, Apple, IBM, and most other non-x86 PCI chipset...

 for this purpose. There are a few alternatives for Legacy BIOS in the x86 world: Extensible Firmware Interface
Extensible Firmware Interface
The Unified Extensible Firmware Interface is a specification that defines a software interface between an operating system and platform firmware...

, Open Firmware
Open Firmware
Open Firmware, or OpenBoot in Sun Microsystems parlance, is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers . It originated at Sun, and has been used by Sun, Apple, IBM, and most other non-x86 PCI chipset...

 (used on the OLPC XO-1
OLPC XO-1
The XO-1, previously known as the $100 Laptop, Children's Machine, and 2B1, is an inexpensive subnotebook computer intended to be distributed to children in developing countries around the world, to provide them with access to knowledge, and opportunities to "explore, experiment and express...

) and coreboot.

IBM PC-compatible BIOS chips


In principle, the BIOS in ROM was customized to the particular manufacturer's hardware, allowing low-level services (such as reading a keystroke or writing a sector of data to diskette) to be provided in a standardized way to the operating system.  For example, an IBM PC might have had either a monochrome or a color display adapter, using different display memory addresses and hardware, but a single, standard, BIOS system call would be invoked to display a character at a specified position on the screen in text mode
Text mode
Text mode is a kind of computer display mode in which the content of the screen is internally represented in terms of characters rather than individual pixels. Typically, the screen consists of a uniform rectangular grid of character cells, each of which contains one of the characters of a...

.
Boot Block
DMI
Desktop Management Interface
The Desktop Management Interface generates a standard framework for managing and tracking components in a desktop, notebook or server computer, by abstracting these components from the software that manages them. The development of DMI marked the first move by the Distributed Management Task...

 Block
Main Block

Prior to the early 1990s, BIOSes were stored in ROM
Read-only memory
Read-only memory is a class of storage medium used in computers and other electronic devices. Data stored in ROM cannot be modified, or can be modified only slowly or with difficulty, so it is mainly used to distribute firmware .In its strictest sense, ROM refers only...

 or PROM
Programmable read-only memory
A programmable read-only memory or field programmable read-only memory or one-time programmable non-volatile memory is a form of digital memory where the setting of each bit is locked by a fuse or antifuse. Such PROMs are used to store programs permanently...

 chips, which could not be altered by users.  As its complexity and need for updates grew, and re-programmable parts became more available, BIOS firmware was most commonly stored on EEPROM
EEPROM
EEPROM stands for Electrically Erasable Programmable Read-Only Memory and is a type of non-volatile memory used in computers and other electronic devices to store small amounts of data that must be saved when power is removed, e.g., calibration...

 or flash memory
Flash memory
Flash memory is a non-volatile computer storage chip that can be electrically erased and reprogrammed. It was developed from EEPROM and must be erased in fairly large blocks before these can be rewritten with new data...

 devices.  According to Robert Braver, the president of the BIOS manufacturer Micro Firmware, Flash BIOS chips became common around 1995 because the electrically erasable PROM (EEPROM) chips are cheaper and easier to program than standard erasable PROM (EPROM
EPROM
An EPROM , or erasable programmable read only memory, is a type of memory chip that retains its data when its power supply is switched off. In other words, it is non-volatile. It is an array of floating-gate transistors individually programmed by an electronic device that supplies higher voltages...

) chips.  EPROM chips may be erased by prolonged exposure to ultraviolet light, which accessed the chip via the window.  Chip manufacturers use EPROM programmers (blasters) to program EPROM chips.  Electrically erasable (EEPROM) chips allow BIOS reprogramming using higher-than-normal voltage.  BIOS versions are upgraded to take advantage of newer versions of hardware and to correct bugs in previous revisions of BIOSes.

Beginning with the IBM AT, PCs supported a hardware clock settable through BIOS.  It had a century bit which allowed for manually changing the century when the year 2000 happened.  Most BIOS revisions created in 1995 and nearly all BIOS revisions in 1997 supported the year 2000 by setting the century bit automatically when the clock rolled past midnight, December 31, 1999.

The first flash chips were attached to the ISA bus
Industry Standard Architecture
Industry Standard Architecture is a computer bus standard for IBM PC compatible computers introduced with the IBM Personal Computer to support its Intel 8088 microprocessor's 8-bit external data bus and extended to 16 bits for the IBM Personal Computer/AT's Intel 80286 processor...

.  Starting in 1997, the BIOS flash moved to the LPC
Low Pin Count
The Low Pin Count bus, or LPC bus, is used on IBM-compatible personal computers to connect low-bandwidth devices to the CPU, such as the boot ROM and the "legacy" I/O devices . The "legacy" I/O devices usually include serial and parallel ports, PS/2 keyboard, PS/2 mouse, floppy disk controller...

 bus, a functional replacement for ISA, following a new standard implementation known as "firmware hub" (FWH).  In 2006, the first systems supporting a Serial Peripheral Interface (SPI) appeared, and the BIOS flash moved again.

The size of the BIOS, and the capacities of the ROM, EEPROM and other media it may be stored on, has increased over time as new features have been added to the code; BIOS versions now exist with sizes up to 16 megabytes. Some modern motherboards are including even bigger NAND flash memory
Flash memory
Flash memory is a non-volatile computer storage chip that can be electrically erased and reprogrammed. It was developed from EEPROM and must be erased in fairly large blocks before these can be rewritten with new data...

 ICs on board which are capable of storing whole compact operating system distribution like some Linux distribution
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...

s. For example, some recent ASUS motherboards included SplashTop
Splashtop
Splashtop is a remote desktop software solution that allows users to connect to and control their computer from a mobile computing device, such as an iPad, iPhone, webOS, or Android device...

 Linux embedded into their NAND flash memory ICs.

Flashing the BIOS


In modern PCs the BIOS is stored in rewritable memory
EEPROM
EEPROM stands for Electrically Erasable Programmable Read-Only Memory and is a type of non-volatile memory used in computers and other electronic devices to store small amounts of data that must be saved when power is removed, e.g., calibration...

, allowing the contents to be replaced or 'rewritten'. This rewriting of the contents is sometimes termed flashing. This can be done by a special program, usually provided by the system's manufacturer, or at POST
Power-on self-test
Power-On Self-Test refers to routines run immediately after power is applied, by nearly all electronic devices. Perhaps the most widely-known usage pertains to computing devices...

, with a BIOS image in a hard drive or USB flash drive
USB flash drive
A flash drive is a data storage device that consists of flash memory with an integrated Universal Serial Bus interface. flash drives are typically removable and rewritable, and physically much smaller than a floppy disk. Most weigh less than 30 g...

. A file containing such contents is sometimes termed 'a BIOS image'. A BIOS might be reflashed in order to upgrade to a newer version to fix bugs or provide improved performance or to support newer hardware, or a reflashing operation might be needed to fix a damaged BIOS.
A BIOS may also be "flashed" by putting the file on the root of a USB drive and booting.

BIOS chip vulnerabilities


EEPROM
EEPROM
EEPROM stands for Electrically Erasable Programmable Read-Only Memory and is a type of non-volatile memory used in computers and other electronic devices to store small amounts of data that must be saved when power is removed, e.g., calibration...

 chips are advantageous because they can be easily updated by the user; hardware manufacturers frequently issue BIOS updates to upgrade their products, improve compatibility and remove bugs
Software bug
A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's...

. However, this advantage had the risk that an improperly executed or aborted BIOS update could render the computer or device unusable. To avoid these situations, more recent BIOSes use a "boot block"; a portion of the BIOS which runs first and must be updated separately. This code verifies if the rest of the BIOS is intact (using hash
Hash function
A hash function is any algorithm or subroutine that maps large data sets to smaller data sets, called keys. For example, a single integer can serve as an index to an array...

 checksum
Checksum
A checksum or hash sum is a fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage. The integrity of the data can be checked at any later time by recomputing the checksum and...

s or other methods) before transferring control to it. If the boot block detects any corruption in the main BIOS, it will typically warn the user that a recovery process must be initiated by booting from removable media
Removable media
In computer storage, removable media refers to storage media which is designed to be removed from the computer without powering the computer off.Some types of removable media are designed to be read by removable readers and drives...

 (floppy, CD or USB memory) so the user can try flashing the BIOS again. Some motherboard
Motherboard
In personal computers, a motherboard is the central printed circuit board in many modern computers and holds many of the crucial components of the system, providing connectors for other peripherals. The motherboard is sometimes alternatively known as the mainboard, system board, or, on Apple...

s have a backup BIOS (sometimes referred to as DualBIOS boards) to recover from BIOS corruptions.

Overclocking


Some BIOS chips allow overclocking
Overclocking
Overclocking is the process of operating a computer component at a higher clock rate than it was designed for or was specified by the manufacturer, but some manufacturers purposely underclock their components to improve battery life. Many people just overclock or 'rightclock' their hardware to...

, an action in which the CPU
Central processing unit
The central processing unit is the portion of a computer system that carries out the instructions of a computer program, to perform the basic arithmetical, logical, and input/output operations of the system. The CPU plays a role somewhat analogous to the brain in the computer. The term has been in...

 is adjusted to a higher clock rate
Clock rate
The clock rate typically refers to the frequency that a CPU is running at.For example, a crystal oscillator frequency reference typically is synonymous with a fixed sinusoidal waveform, a clock rate is that frequency reference translated by electronic circuitry into a corresponding square wave...

 than its factory preset. Overclocking may, however, seriously compromise system reliability in insufficiently cooled computers and generally shorten component lifespan. Overclocking, incorrectly performed, may also cause component temperatures to rise so quickly that they destroy themselves.

Virus attacks


There are at least four known BIOS attack viruses, two of which were for demonstration purposes. The first one found in the wild was Mebromi, targeting Chinese users.

CIH



The first was a virus which was able to erase Flash ROM BIOS content, rendering computer systems unstable. CIH
CIH (computer virus)
CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows computer virus written by Chen Ing Hau of Travian...

, also known as "Chernobyl Virus", appeared for the first time in mid-1998 and became active in April 1999. It affected systems' BIOSs and often they could not be fixed on their own since they were no longer able to boot at all. To repair this, flash ROM IC had to be removed from the motherboard to be reprogrammed elsewhere. Damage from CIH was possible since the virus was specifically targeted at the then widespread Intel i430TX motherboard chipset, and the most common operating systems of the time were based on the Windows 9x
Windows 9x
Windows 9x is a generic term referring to a series of Microsoft Windows computer operating systems produced since 1995, which were based on the original and later modified Windows 95 kernel...

 family allowing direct hardware access to all programs.

Modern systems are not vulnerable to CIH because of a variety of chipsets being used which are incompatible with the Intel i430TX chipset, and also other flash ROM IC types. There is also extra protection from accidental BIOS rewrites in the form of boot blocks which are protected from accidental overwrite or dual and quad BIOS equipped systems which may, in the event of a crash, use a backup BIOS. Also, all modern operating systems such as Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

, Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...

, Windows NT
Windows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...

-based Windows OS like Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...

, Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...

 and newer, do not allow user-mode programs to have direct hardware access. As a result, as of 2008, CIH has become essentially harmless, at worst causing annoyance by infecting executable files and triggering alerts from antivirus software. Other BIOS viruses remain possible, however; since most Windows home users without Windows Vista/7's UAC run all applications with administrative privileges, a modern CIH-like virus could in principle still gain access to hardware.

Black Hat 2006


The second one was a technique presented by John Heasman, principal security consultant for UK-based Next-Generation Security Software at the Black Hat Security Conference (2006), where he showed how to elevate privileges and read physical memory, using malicious procedures that replaced normal ACPI
Advanced Configuration and Power Interface
In computing, the Advanced Configuration and Power Interface specification provides an open standard for device configuration and power management by the operating system....

 functions stored in flash memory.

Persistent BIOS infection


The third one, known as "Persistent BIOS infection", was a method presented in CanSecWest Security Conference (Vancouver, 2009) and SyScan Security Conference (Singapore, 2009) where researchers Anibal Sacco and Alfredo Ortega, from Core Security Technologies, demonstrated insertion of malicious code into the decompression routines in the BIOS, allowing for nearly full control of the PC at every start-up, even before the operating system is booted.

The proof-of-concept does not exploit a flaw in the BIOS implementation, but only involves the normal BIOS flashing procedures. Thus, it requires physical access to the machine or for the user on the operating system to be root. Despite this, however, researchers underline the profound implications of their discovery: “We can patch a driver to drop a fully working rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

. We even have a little code that can remove or disable antivirus.”

Mebromi


Mebromi is a trojan
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...

 primarily targeting Chinese users using the AwardBIOS and Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

. Upon execution it will first search to see if the system uses the AwardBIOS. If the system does use the AwardBIOS it infects the BIOS. Then it installs a rootkit infecting the Master boot record
Master boot record
A master boot record is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk...

. Mebromi selectively seeks out if a computer is protected by antivirus software made by two Chinese companies: Rising Antivirus
Rising AntiVirus
Rising is a Chinese software company that produces the anti-virus software Rising Antivirus, a firewall, UTM and spam-blocking products.Founded in 1991, Rising is a privately-owned company, with its global headquarters based in Zhongguancun in Beijing, China. The company has subsidiaries and branch...

 and Jiangmin KV Antivirus.

Firmware on adapter cards


A computer system can contain several BIOS firmware chips. The motherboard BIOS typically contains code to access hardware components absolutely necessary for bootstrapping the system, such as the keyboard (either PS/2 or on a USB
Universal Serial Bus
USB is an industry standard developed in the mid-1990s that defines the cables, connectors and protocols used in a bus for connection, communication and power supply between computers and electronic devices....

 human interface device), and storage (floppy drives, if available, and PATA or SATA hard disk controllers). In addition, plug-in adapter cards such as SCSI
SCSI
Small Computer System Interface is a set of standards for physically connecting and transferring data between computers and peripheral devices. The SCSI standards define commands, protocols, and electrical and optical interfaces. SCSI is most commonly used for hard disks and tape drives, but it...

, RAID
RAID
RAID is a storage technology that combines multiple disk drive components into a logical unit...

, network interface cards, and video boards often include their own BIOS (e.g. Video BIOS
Video BIOS
Video BIOS is the BIOS of a graphics card in a computer.Much the way the system BIOS provides a set of functions that are used by software programs to access the system hardware, the video BIOS provides a set of video-related functions that are used by programs to access the video hardware...

), complementing or replacing the system BIOS code for the given component. (This code is generally referred to as an option ROM
Option ROM
An Option ROM typically consists of firmware that is called by the system BIOS. For example, an adapter card that controls a boot device might contain firmware that is used to connect the device to the system once the Option ROM is loaded....

). Even devices built into the motherboard can behave in this way; their option ROMs can be stored as separate code on the main BIOS flash chip, and upgraded either in tandem with, or separately from, the main BIOS.

An add-in card usually only requires an option ROM if it:
  • Needs to be used before the operating system can be loaded (usually this means it is required in the bootstrapping process), and
  • Is too sophisticated or specific a device to be handled by the main BIOS


Older PC
Personal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...

 operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

s, such as MS-DOS
MS-DOS
MS-DOS is an operating system for x86-based personal computers. It was the most commonly used member of the DOS family of operating systems, and was the main operating system for IBM PC compatible personal computers during the 1980s to the mid 1990s, until it was gradually superseded by operating...

 (including all DOS-based versions of Microsoft Windows), and early-stage bootloaders, may continue to use the BIOS for input and output. However, the restrictions of the BIOS environment means that modern OSes will almost always use their own device driver
Device driver
In computing, a device driver or software driver is a computer program allowing higher-level computer programs to interact with a hardware device....

s to directly control the hardware. Generally, these device drivers only use BIOS and option ROM calls for very specific (non-performance-critical) tasks, such as preliminary device initialization.

In order to discover memory-mapped ISA
Industry Standard Architecture
Industry Standard Architecture is a computer bus standard for IBM PC compatible computers introduced with the IBM Personal Computer to support its Intel 8088 microprocessor's 8-bit external data bus and extended to 16 bits for the IBM Personal Computer/AT's Intel 80286 processor...

 option ROMs during the boot process, PC BIOS implementations scan real memory from 0xC0000 to 0xF0000 on 2 KiB boundaries, looking for a ROM signature: 0xAA55 (0x55 followed by 0xAA, since the x86 architecture is little-endian). In a valid expansion ROM, this signature is immediately followed by a single byte indicating the number of 512-byte blocks it occupies in real memory. The next byte contains an offset describing the option ROM's entry point, to which the BIOS immediately transfers control. At this point, the expansion ROM code takes over, using BIOS services to register interrupt vector
Interrupt vector
An interrupt vector is the memory address of an interrupt handler, or an index into an array called an interrupt vector table that contains the memory addresses of interrupt handlers...

s for use by post-boot applications, provide a user configuration interface, or display diagnostic information.

There are many methods and utilities for examining the contents of various motherboard BIOS and expansion ROMs, such as Microsoft DEBUG
DEBUG (DOS Command)
debug is a command in DOS, MS-DOS, OS/2 and Microsoft Windows which runs the program debug.exe...

 or the Unix dd
Dd (Unix)
In computing, dd is a common Unix program whose primary purpose is the low-level copying and conversion of raw data. According to the manual page for Version 7 Unix, it will "convert and copy a file". It is used to copy a specified number of bytes or blocks, performing on-the-fly byte order...

.

BIOS boot specification


If the expansion ROM wishes to change the way the system boots (such as from a network device or a SCSI adapter for which the BIOS has no driver code), it can use the BIOS Boot Specification (BBS) API
Application programming interface
An application programming interface is a source code based specification intended to be used as an interface by software components to communicate with each other...

 to register its ability to do so. Once the expansion ROMs have registered using the BBS APIs, the user can select among the available boot options from within the BIOS's user interface. This is why most BBS compliant PC BIOS implementations will not allow the user to enter the BIOS's user interface until the expansion ROMs have finished executing and registering themselves with the BBS API.

Changing role of the BIOS


Some operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

s, for example MS-DOS
MS-DOS
MS-DOS is an operating system for x86-based personal computers. It was the most commonly used member of the DOS family of operating systems, and was the main operating system for IBM PC compatible personal computers during the 1980s to the mid 1990s, until it was gradually superseded by operating...

, rely on the BIOS to carry out most input/output tasks within the PC. A variety of technical reasons makes it inefficient for some recent operating systems written for 32-bit
32-bit
The range of integer values that can be stored in 32 bits is 0 through 4,294,967,295. Hence, a processor with 32-bit memory addresses can directly access 4 GB of byte-addressable memory....

 CPUs such as Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...

 and Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

 to invoke the BIOS directly. Larger, more powerful, servers and workstations using PowerPC
PowerPC
PowerPC is a RISC architecture created by the 1991 Apple–IBM–Motorola alliance, known as AIM...

 or SPARC
SPARC
SPARC is a RISC instruction set architecture developed by Sun Microsystems and introduced in mid-1987....

 CPUs by several manufacturers developed a platform-independent Open Firmware
Open Firmware
Open Firmware, or OpenBoot in Sun Microsystems parlance, is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers . It originated at Sun, and has been used by Sun, Apple, IBM, and most other non-x86 PCI chipset...

 (IEEE-1275), based on the Forth programming language. It is included with Sun's SPARC computers, IBM's RS/6000
RS/6000
RISC System/6000, or RS/6000 for short, is a family of RISC and UNIX based servers, workstations and supercomputers made by IBM in the 1990s. The RS/6000 family replaced the IBM RT computer platform in February 1990 and was the first computer line to see the use of IBM's POWER and PowerPC based...

 line, and other PowerPC CHRP
Common Hardware Reference Platform
Common Hardware Reference Platform was a standard system architecture for PowerPC based computer systems published jointly by IBM and Apple in 1995. Like its predecessor PReP, it was conceptualized as a design to allow various operating systems to run on an industry standard hardware platform,...

 motherboards. Later x86-based personal computer operating systems, like Windows NT, use their own, native drivers which also makes it much easier to extend support to new hardware, while the BIOS still relies on a legacy 16-bit real mode
Real mode
Real mode, also called real address mode, is an operating mode of 80286 and later x86-compatible CPUs. Real mode is characterized by a 20 bit segmented memory address space and unlimited direct software access to all memory, I/O addresses and peripheral hardware...

 runtime interface.

There was a similar transition for the Apple Macintosh, where the system software originally relied heavily on the ToolBox
Macintosh Toolbox
The Macintosh Toolbox is a set of application programming interfaces with a particular access mechanism. They implement many of the high-level features of the Mac OS. The Toolbox consists of a number of "managers," software components such as QuickDraw, responsible for drawing onscreen graphics,...

—a set of drivers and other useful routines stored in ROM based on Motorola's 680x0 CPUs. These Apple ROMs were replaced by Open Firmware in the PowerPC
PowerPC
PowerPC is a RISC architecture created by the 1991 Apple–IBM–Motorola alliance, known as AIM...

 Macintosh
Macintosh
The Macintosh , or Mac, is a series of several lines of personal computers designed, developed, and marketed by Apple Inc. The first Macintosh was introduced by Apple's then-chairman Steve Jobs on January 24, 1984; it was the first commercially successful personal computer to feature a mouse and a...

, then EFI
Extensible Firmware Interface
The Unified Extensible Firmware Interface is a specification that defines a software interface between an operating system and platform firmware...

 in Intel Macintosh computers.

Later BIOS took on more complex functions, by way of interfaces such as ACPI
Advanced Configuration and Power Interface
In computing, the Advanced Configuration and Power Interface specification provides an open standard for device configuration and power management by the operating system....

; these functions include power management
Power management
Power management is a feature of some electrical appliances, especially copiers, computers and computer peripherals such as monitors and printers, that turns off the power or switches the system to a low-power state when inactive. In computing this is known as PC power management and is built...

, hot swapping
Hot swapping
Hot swapping and hot plugging are terms used to describe the functions of replacing computer system components without shutting down the system...

, thermal management. To quote Linus Torvalds
Linus Torvalds
Linus Benedict Torvalds is a Finnish software engineer and hacker, best known for having initiated the development of the open source Linux kernel. He later became the chief architect of the Linux kernel, and now acts as the project's coordinator...

,
the task of BIOS is "just load the OS
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

 and get the hell out of there". However BIOS limitations (16-bit processor mode, only 1 MiB addressable space, PC AT hardware dependencies, etc.) were seen as clearly unacceptable for the newer computer platforms. Extensible Firmware Interface
Extensible Firmware Interface
The Unified Extensible Firmware Interface is a specification that defines a software interface between an operating system and platform firmware...

 (EFI) is a specification which replaces the runtime interface of the legacy BIOS. Initially written for the Itanium architecture, EFI is now available for x86 and x86-64
X86-64
x86-64 is an extension of the x86 instruction set. It supports vastly larger virtual and physical address spaces than are possible on x86, thereby allowing programmers to conveniently work with much larger data sets. x86-64 also provides 64-bit general purpose registers and numerous other...

 platforms; the specification development is driven by The Unified EFI Forum, an industry Special Interest Group
Special Interest Group
A Special Interest Group is a community with an interest in advancing a specific area of knowledge, learning or technology where members cooperate to effect or to produce solutions within their particular field, and may communicate, meet, and organize conferences...

.

Linux supports EFI via the elilo and GNU GRUB
GNU GRUB
GNU GRUB is a boot loader package from the GNU Project. GRUB is the reference implementation of the Multiboot Specification, which provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular...

 boot loaders. The open source community increased their effort to develop a replacement for proprietary BIOSes and their future incarnations with an open sourced counterpart through the coreboot and OpenBIOS
OpenBIOS
OpenBIOS is a project aiming to provide free and open source implementations of Open Firmware. It is also the name of such an implementation.Most of the implementations provided by OpenBIOS rely on an additional lower-level firmware for hardware initialization, such as coreboot or Das U-Boot.- Open...

/Open Firmware
Open Firmware
Open Firmware, or OpenBoot in Sun Microsystems parlance, is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers . It originated at Sun, and has been used by Sun, Apple, IBM, and most other non-x86 PCI chipset...

 projects. AMD
Advanced Micro Devices
Advanced Micro Devices, Inc. or AMD is an American multinational semiconductor company based in Sunnyvale, California, that develops computer processors and related technologies for commercial and consumer markets...

 provided product specifications for some chipsets, and Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...

 is sponsoring the project. Motherboard
Motherboard
In personal computers, a motherboard is the central printed circuit board in many modern computers and holds many of the crucial components of the system, providing connectors for other peripherals. The motherboard is sometimes alternatively known as the mainboard, system board, or, on Apple...

 manufacturer Tyan
Tyan
Tyan Computer Corporation , is a subsidiary of MiTAC International, and a manufacturer of computer motherboards, including models for both Intel and AMD processors...

 offers coreboot next to the standard BIOS with their Opteron
Opteron
Opteron is AMD's x86 server and workstation processor line, and was the first processor which supported the AMD64 instruction set architecture . It was released on April 22, 2003 with the SledgeHammer core and was intended to compete in the server and workstation markets, particularly in the same...

 line of motherboards. MSI
Micro-Star International
Micro-Star International Co., Ltd is a Taiwan-based electronics company and one of the world's largest motherboard and video card manufacturers.-Overview:MSI is one of the top three motherboard and video card manufacturers worldwide...

 and Gigabyte Technology
Gigabyte Technology
Gigabyte Technology Co., Ltd. is a Taiwan-based manufacturer of computer hardware products best known for its motherboards. The company is publicly held and traded on the Taiwan Stock Exchange .-Company:...

 have followed suit with the MSI K9ND MS-9282 and MSI K9SD MS-9185 resp. the M57SLI-S4 models.

Some BIOSes contain a "SLIC" (software licensing description table), a digital signature placed inside the BIOS by the manufacturer, for example Dell
Dell
Dell, Inc. is an American multinational information technology corporation based in 1 Dell Way, Round Rock, Texas, United States, that develops, sells and supports computers and related products and services. Bearing the name of its founder, Michael Dell, the company is one of the largest...

. This SLIC is inserted in the ACPI table and contains no active code. Computer manufacturers that distribute OEM versions of Microsoft Windows and Microsoft application software can use the SLIC to authenticate licensing to the OEM Windows Installation disk and/or system recovery disc containing Windows software. Systems having a SLIC can be preactivated with an OEM product key, and they verify an XML formatted OEM certificate against the SLIC in the BIOS as a means of self-activating (see System Locked Preinstallation
System Locked Preinstallation
System Locked Pre-installation, often abbreviated as SLP, is a procedure used by major OEM computer manufacturers in order to pre-activate Microsoft Windows before mass distribution. There are three different versions of SLP: SLP SLP 2.0 and SLP 2.1. These versions roughly coincide with Windows NT...

). If a user performs a fresh install of Windows, they will need to have possession of both the OEM key and the digital certificate for their SLIC in order to bypass activation; in practice this is extremely unlikely and hence the only real way this can be achieved is if the user performs a restore using a pre-customised image provided by the OEM.

Recent Intel processors (P6 and P7) have reprogrammable microcode
Microcode
Microcode is a layer of hardware-level instructions and/or data structures involved in the implementation of higher level machine code instructions in many computers and other processors; it resides in special high-speed memory and translates machine instructions into sequences of detailed...

. The BIOS may contain patches to the processor code to allow errors in the initial processor code to be fixed, updating the processor microcode each time the system is powered up. Otherwise, an expensive processor swap would be required. For example, the Pentium FDIV bug
Pentium FDIV bug
The Pentium FDIV bug was a bug in the Intel P5 Pentium floating point unit . Certain floating point division operations performed with these processors would produce incorrect results...

 became an expensive fiasco for Intel that required a product recall
Product recall
A product recall is a request to return to the maker a batch or an entire production run of a product, usually due to the discovery of safety issues. The recall is an effort to limit liability for corporate negligence and to improve or avoid damage to publicity...

 because the original Pentium did not have patchable microcode.

The BIOS business


The vast majority of PC motherboard suppliers license a BIOS "core" and toolkit from a commercial third-party, known as an "independent BIOS vendor" or IBV. The motherboard manufacturer then customizes this BIOS to suit its own hardware. For this reason, updated BIOSes are normally obtained directly from the motherboard manufacturer.

Major BIOS vendors include American Megatrends
American Megatrends
American Megatrends Incorporated is an American hardware and software company that specializes in PC hardware and firmware. The company was founded in 1985 by Pat Sarma and S. Shankar, who was chairman and president...

 (AMI), Insyde Software
Insyde Software
Insyde Software is a company listed on the Gre Tai Market of Taiwan. It is headquartered in Taipei with offices in Westborough, MA and Portland, OR, USA. The company's market capitalization of the company's common shares is currently around $115M...

, Phoenix Technologies
Phoenix Technologies
Phoenix Technologies Ltd designs, develops and supports core system software for personal computers and other computing devices. Phoenix's products — commonly referred to as BIOS or firmware — support and enable the compatibility, connectivity, security and management of the various components and...

 and Byosoft. Former vendors include Award Software
Award Software
Award Software International Inc. was a BIOS manufacturer headquartered in Mountain View, California, United States.In June 1997 Award announced that it acquired a BIOS upgrade provider called Unicore, making it a subsidiary of Award....

 and Microid Research which were acquired by Phoenix Technologies
Phoenix Technologies
Phoenix Technologies Ltd designs, develops and supports core system software for personal computers and other computing devices. Phoenix's products — commonly referred to as BIOS or firmware — support and enable the compatibility, connectivity, security and management of the various components and...

 in 1998. Phoenix has now phased out the Award Brand name. General Software, which was also acquired by Phoenix in 2007, sold BIOS for Intel processor based embedded systems.

Comparison

AwardBIOS AMIBIOS SeaBIOS
SeaBIOS
SeaBIOS is an open source implementation of a 16-bit x86 BIOS. SeaBIOS can run in an emulator or it can run natively on x86 hardware with the use of coreboot....

32-bit PCI BIOS calls
Boot menu
CMOS
(3.0)
Language Assembly Assembly C
(48) (48) (48)
Option ROM
Password
Setup screen
SMBIOS
Splash screen (BMP, JPG)
USB booting
USB hub
USB keyboard
USB mouse

See also


  • Advanced Configuration and Power Interface
    Advanced Configuration and Power Interface
    In computing, the Advanced Configuration and Power Interface specification provides an open standard for device configuration and power management by the operating system....

     (ACPI)
  • ARCS
  • Boot devices (IBM PC)
  • BIOS interrupt call
    BIOS interrupt call
    BIOS interrupt calls are a facility that DOS programs and some other software, such as boot loaders, use to invoke the facilities of the Basic Input/Output System...

    s
  • coreboot, a project whose aim is to create a free and open source
    Free and open source software
    Free and open-source software or free/libre/open-source software is software that is liberally licensed to grant users the right to use, study, change, and improve its design through the availability of its source code...

     replacement for the BIOS
  • Unified Extensible Firmware Interface (UEFI)
  • Firmware
    Firmware
    In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...

  • Input/output base address
    Input/Output Base Address
    In the x86 architecture, an input/output base address is a base address of an I/O port. In other words, this is the first address of a range of consecutive I/O port addresses that device uses....

  • Nonvolatile BIOS memory
    Nonvolatile BIOS memory
    Nonvolatile BIOS memory refers to a small memory on PC motherboards that is used to store BIOS settings. It was traditionally called CMOS RAM because it used a low-power Complementary metal-oxide-semiconductor SRAM powered by a small battery when system power was off...

  • Open Firmware
    Open Firmware
    Open Firmware, or OpenBoot in Sun Microsystems parlance, is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers . It originated at Sun, and has been used by Sun, Apple, IBM, and most other non-x86 PCI chipset...

  • Power-on self-test
    Power-on self-test
    Power-On Self-Test refers to routines run immediately after power is applied, by nearly all electronic devices. Perhaps the most widely-known usage pertains to computing devices...

     (POST)
  • e820h memory map
    E820
    e820 is shorthand to refer to the facility by which the BIOS of x86-based computer systems reports the memory map to the operating system or boot loader.It is accessed via the int 15h call, by setting the AX register to value E820 in hexadecimal....


Further reading

  • How BIOS Works - howStuffWorks
    HowStuffWorks
    HowStuffWorks is a commercial edutainment website that was founded by Marshall Brain with the goal of giving its target audience an insight into the way in which many things work. The site uses various media in its effort to explain complex concepts, terminology and mechanisms, including...


External links



Specifications