Download BIOS Startup Firmware

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Nintendo 3DS system software wikipedia , lookup

Copland (operating system) wikipedia , lookup

Distributed operating system wikipedia , lookup

Security-focused operating system wikipedia , lookup

Windows NT startup process wikipedia , lookup

Master boot record wikipedia , lookup

Booting wikipedia , lookup

CP/M wikipedia , lookup

BIOS wikipedia , lookup

Transcript
Technology Forum
BIOS Startup Firmware
Increases System Reliability and Improves
Device Security
By Stephen Jones, Chief Technology Officer, Phoenix Technologies
F
or embedded system developers, adopting the PC
architecture as a design foundation brings with it a
convincing set of advantages. The semiconductor technology
supporting the architecture is both powerful and diverse,
and a large number of software tools, operating systems, and
applications are readily available to run on x86 architecture.
All of these benefits come at a relatively low cost. The low cost
stems partly from the high production volumes and resulting
production efficiency that the hardware enjoys. Intense
competition among a wide range of hardware and software
vendors also works to keep costs low.
PC Drawbacks
Unfortunately the PC architecture also brings with it several
attributes that create problems for embedded applications,
like boot time—a PC-based embedded design running a
Windows operating system can take 30 seconds or more to
become functional after powering on, see Figure 1.
most IT-oriented BIOS have hard-coded system functions
and attributes that keep the PC architecture operating solely
as a PC. This hard coding creates significant challenges for
developers seeking to adapt the architecture to embedded
applications. Removing or bypassing the unnecessary code
adds both development time and risk.
Embedded BIOS® Solution
Phoenix Technologies’ Embedded BIOS® with StrongFrame®
Technology was designed from the ground up to simplify the
designer’s task when modifying the BIOS for different system
behaviors, different hardware configurations, and even a
variety of choices in the operating system.
Embedded BIOS is also easily extensible. System developers
can add functionality to the BIOS without any rewriting of the
original source. The BIOS can also run firmware applications
such as a basic web browser as part of the firmware. The BIOS
and its additional functionality also operate independently
of the OS (see Figure 2), so that such applications can be
available to the user before the OS loads or in the event of an
OS crash.
Embedded designs based on the PC architecture exhibit excessive boot
times - even without the operating system - creating acceptability issues for
potential mainstream customers.
Start-up delays are not the only unfortunate attribute of the
PC architecture running a Windows variant. Such devices
also exhibit reliability and availability limitations. Windowsbased systems are notorious for their instability.
From an embedded design stance, the PC hardware
architecture is largely historical and vestigial—the things a
desktop computer does do not necessarily map to a medical
cockpit display.
The BIOS is ideally positioned to address many of these issues,
18
Technology Forum
A configurable BIOS that leverages the System Management Mode (SMM)
of the x86 architecture - like the Phoenix Technologies Embedded BIOS
with StrongFrame Technology - can resolve many of the PC architecture’s
security and availability issues.
Because these applications form part of the system firmware
they also possess a high degree of security. The BIOS and its
applications kernel cannot be altered from within the system.
This prevents both malicious software and application software
errors from permanently damaging firmware operation.
Technology Forum
A key factor in the design of Embedded BIOS is the way it
handles the system configuration policy. In IT-oriented BIOS
designs that policy is hard coded. The firmware searches for
specific types of hardware at specific locations and decides
at run time how that hardware is to be handled. The typical
IT BIOS has more than 1,000 such policy decisions to make.
Changing that code is a large task.
Embedded BIOS makes these policy decision points configurable. Because the embedded system’s hardware structure is
fixed and known, much of that configuration can occur at
build time. Developers can select values for system parameters
and enable or disable system options when creating the BIOS
object code. And, flexible run-time parameters may be used
to precisely tailor the system’s control strategy.
Optimizing Boot Time
This combination of build-time and run-time configurability
in the Embedded BIOS design can dramatically reduce
boot time. Legacy devices such as the PS/2 keyboard and
mouse controllers must be part of the system hardware for
an IT-oriented BIOS to boot, for instance, but can be easily
eliminated from the design when using a configurable BIOS.
The hard disk drive (HDD) that is standard within a PC
represents another opportunity to reduce boot time. An IToriented BIOS expects to find an ATA HDD and has a builtin delay of up to ten seconds to wait for the drive motors to
spin up to speed following power-up. The configurable BIOS
allows designers to readily replace the HDD with a Flash
disk, handling the relevant code changes by modifying the
personality module.
System Monitoring Enhances Security
The ability to survive crashes of the OS or its applications
makes System Management Mode (SMM) ideal for monitoring
OS and applications at runtime. The SMM code can identify
errors, unauthorized modifications, or failures in the OS and
applications, then take corrective action such as rebooting the
OS. In the meantime, the basic functionality in the SMMbased applications continues to remain available, increasing
the system’s overall availability.
One way to provide such monitoring is for the system
developer to create a list of sensitive software objects such
as CMOS settings and key files on mass storage, and sign the
data. The monitoring program can then verify that the data
are valid before the software uses them.
The system can respond to detected errors in various ways
such as sending error messages over the network, restoring
the damaged files from backup copies, rebooting the OS or
application, or completely shutting down system operation,
depending on the error and the developer’s requirements.
The protection that such monitoring provides can extend
beyond secure system operation to provide security against
software piracy, as well. The monitoring programs can
examine the hardware for security codes to validate the
environment before launching an application.
Adding Secure Provisioning
Monitoring firmware operating in SMM can provide a system
design with a new capability: secure provisioning. The
firmware can hold a list of software objects in the OS and
application code that are open for updates.
Because the firmware has access to system resources such
as the network interfaces and stacks, mass storage, and file
systems, the firmware can make modifications to OS and
application code from outside the OS. Thus, the system can
receive, validate, and implement updates and enhancements
under the firmware’s secure control.
Such updates can occur either at boot time or during run
time. For boot-time updates the BIOS can query the network
to look for specific software objects and see if updates are
available. The run-time updates would allow the system to
request files from the network in response to a particular
system condition.
The applications for such automatic provisioning are extensive.
For example, a point-of-sale kiosk can load its operating
system, applications, and data files automatically upon power
up, so that a remote management team can repurpose the kiosk
without a site visit. Similarly, identical hardware blades in a
system can each receive a unique functional configuration
under network control during power-up.
Embedded BIOS® Benefits
The combination of a configurable BIOS and SMM firmware
thus greatly expands the importance of the PC architecture to
embedded applications. It helps eliminate the long boot times
inherent in IT-oriented BIOS designs by eliminating hardcoded configurations and thus simplifying customization for
a specific hardware platform.
The boot reduction increases system availability and thus
the design’s acceptability to mainstream users, and system
security also increases. It also expands design options by
supporting secure field reconfiguration and maintenance.
The right type of BIOS can eliminate many of the drawbacks
that the PC architecture brings to embedded applications
without sacrificing compatibility with PC hardware, drivers,
protocol stacks, operating systems, and a wide range of
applications.
Technology Forum
19