BIOS

In IBM PC Compatible computers, the basic input/output system (BIOS), also known as the System BIOS, is a de facto standard defining a firmware interface.

Phoenix AwardBIOS CMOS (non-volatile memory) Setup utility on a standard PC

The BIOS of a PC software is built into the PC, and is the first code run by a PC when powered on ('boot firmware') (Dell XPS M1210 Battery) .

The primary function of the BIOS is to load and start an operating system. When the PC starts up, the first job for the BIOS is to initialize and identify system devices such as the video display card, keyboard and mouse, hard disk, CD/DVD drive and other hardware. The BIOS then locates software held on a peripheral device (designated as a 'boot device'), such as a hard disk or a CD, and loads and executes that software, giving it control of the PC (Dell Studio XPS 1340 Battery) .

This process is known as booting, or booting up, which is short for bootstrapping.

BIOS software is stored on a non-volatile ROM chip built into the system on the mother board. The BIOS software is specifically designed to work with the particular type of system in question, including having a knowledge of the workings of various devices that make up the complementary chipset of the system (Dell Studio XPS 1640 Battery) .

In modern computer systems, the BIOS chip's contents can be rewritten allowing BIOS software to be upgraded.

A BIOS will also have a user interface (or UI for short). Typically this is a menu system accessed by pressing a certain key on the keyboard when the PC starts. In the BIOS UI, a user can (Dell Vostro 1710 Battery) :

• configure hardware
• set the system clock
• enable or disable system components
• select which devices are eligible to be a potential boot device (ASUS EEE PC900 battery)
• set various password prompts, such as a password for securing access to the BIOS UI functions itself and preventing malicious users from booting the system from unauthorized peripheral devices.

The BIOS provides a small library of basic input/output functions used to operate and control the peripherals such as the keyboard, text display functions and so forth, and these software library functions are callable by external software (Dell RM791 battery) .

In the IBM PC and AT, certain peripheral cards such as hard-drive controllers and video display adapters carried their own BIOS extension ROM, which provided additional functionality. Operating systems and executive software, designed to supersede this basic firmware functionality, will provide replacement software interfaces to applications (Sony VGP-BPS13 battery) .

The role of the BIOS has changed over time; today BIOS is a legacy system, superseded by the more complex Extensible Firmware Interface (EFI), but BIOS remains in widespread use, and EFI booting has only been supported in x86 Windows since 2008. BIOS is primarily associated with the 16-bit and 32-bit architecture eras (x86-32), while EFI is used for some 32-bit and most 64-bit architectures (Sony VGP-BPL9 battery) .

Today BIOS is primarily used for booting a system, and for certain additional features such as power management (ACPI) and video initialization (in X.org), but otherwise is not used during the ordinary running of a system, while in early systems (particularly in the 16-bit era), BIOS was used for hardware access – operating systems (notably MS-DOS) would call the BIOS rather than directly accessing the hardware (Sony VGP-BPL11 battery) .

In the 32-bit era and later, operating systems instead generally directly accessed the hardware using their own device drivers. However, the distinction between BIOS and EFI is rarely made in terminology by the average computer user, making BIOS a catch-all term for both systems (Sony VGP-BPL15 battery) .

Terminology

The term first appeared in the CP/M operating system, describing the part of CP/M loaded during boot time that interfaced directly with the hardware (CP/M machines usually had only a simple boot loader in their ROM). Most versions of DOS have a file called "IBMBIO.COM" or "IO.SYS" that is analogous to the CP/M BIOS (Dell Inspiron E1505 battery) .

Among other classes of computers, the generic terms boot monitor, boot loader or boot ROM were commonly used. Some Sun and PowerPC-based computers use Open Firmware for this purpose. There are a few alternatives for Legacy BIOS in the x86 world: Extensible Firmware Interface, Open Firmware (used on the OLPC XO-1) and coreboot (Dell Latitude E6400 battery) .

IBM PC-compatible BIOS chips

In principle, the BIOS in ROM was customized to the particular manufacturer's hardware, allowing low-level services (such as reading a keystroke or writing a sector of data to diskette) to be provided in a standardized way to the operating system. For example, an IBM PC might have had either a monochrome or a color display adapter, using different display memory addresses and hardware - but the BIOS service to print a character on the screen in text mode would be the same (HP Pavilion dv6000 Battery) .

Prior to the early 1990s, BIOSes were stored in ROM or PROM chips, which could not be altered by users. As its complexity and need for updates grew, and re-programmable parts became more available, BIOS firmware was most commonly stored on EEPROM or flash memory devices (Sony Vaio VGN-FZ31S battery) .

According to Robert Braver, the president of the BIOS manufacturer Micro Firmware, Flash BIOS chips became common around 1995 because the electrically erasable PROM (EEPROM) chips are cheaper and easier to program than standard erasable PROM (EPROM) chips. EPROM chips may be erased by prolonged exposure to ultraviolet light, which accessed the chip via the window. Chip manufacturers use EPROM programmers (blasters) to program EPROM chips (Sony Vaio VGN-FZ31S battery) .

Electrically erasable (EEPROM) chips come with the additional feature of allowing a BIOS reprogramming via higher-than-normal amounts of voltage. BIOS versions are upgraded to take advantage of newer versions of hardware and to correct bugs in previous revisions of BIOSes (Hp pavilion dv6000 battery) .

Beginning with the IBM AT, PCs supported a hardware clock settable through BIOS. It had a century bit which allowed for manually changing the century when the year 2000 happened. Most BIOS revisions created in 1995 and nearly all BIOS revisions in 1997 supported the year 2000 by setting the century bit automatically when the clock rolled past midnight, December 31, 1999 (Sony VGN-FW11S Battery) .

The first flash chips were attached to the ISA bus. Starting in 1997, the BIOS flash moved to the LPC bus, a functional replacement for ISA, following a new standard implementation known as "firmware hub" (FWH). In 2006, the first systems supporting a Serial Peripheral Interface (SPI) appeared, and the BIOS flash moved again (Sony VGP-BPS13A/B Battery) .

The size of the BIOS, and the capacities of the ROM, EEPROM and other media it may be stored on, has increased over time as new features have been added to the code; BIOS versions now exist with sizes up to 16 megabytes. Some modern motherboards are including even bigger NAND Flash ROM ICs on board which are capable of storing whole compact operating system distribution like some Linux distributions (Sony VGP-BPS13B/B Battery) .

For example, some recent ASUS motherboards included SplashTop Linux embedded into their NAND Flash ROM ICs.

Flashing the BIOS

In modern PCs the BIOS is stored in rewritable memory, allowing the contents to be replaced or 'rewritten'. This rewriting of the contents is sometimes termed 'flashing'. This is done by a special program, usually provided by the system's manufacturer (Toshiba Satellite P10 Battery) .

A file containing such contents is sometimes termed 'a BIOS image'. A BIOS might be reflashed in order to upgrade to a newer version to fix bugs or provide improved performance or to support newer hardware, or a reflashing operation might be needed to fix a damaged BIOS (SONY VAIO VGN-FZ210CE Battery) .

BIOS chip vulnerabilities

An American Megatrends BIOS registering the “Intel CPU uCode Error” while doing POST, most likely a problem with the POST.

EEPROM chips are advantageous because they can be easily updated by the user; hardware manufacturers frequently issue BIOS updates to upgrade their products, improve compatibility and remove bugs (SONY VAIO VGN-FZ38M Battery) .

However, this advantage had the risk that an improperly executed or aborted BIOS update could render the computer or device unusable. To avoid these situations, more recent BIOSes use a "boot block"; a portion of the BIOS which runs first and must be updated separately. This code verifies if the rest of the BIOS is intact (using hash checksums or other methods) before transferring control to it (SONY VAIO VGN-FZ31z Battery) .

If the boot block detects any corruption in the main BIOS, it will typically warn the user that a recovery process must be initiated by booting from removable media (floppy, CD or USB memory) so the user can try flashing the BIOS again. Some motherboards have a backup BIOS (sometimes referred to as DualBIOS boards) to recover from BIOS corruptions (SONY VAIO VGN-FZ31E Battery) .

Overclocking

Some BIOS chips allow overclocking, an action in which the CPU is adjusted to a higher clock rate than its factory preset. Overclocking may, however, seriously compromise system reliability in insufficiently cooled computers and generally shorten component lifespan (SONY VAIO VGN-FZ31J Battery) .

Virus attacks

There are at least three known BIOS attack viruses, two of which were for demonstration purposes.

CIH

The first was a virus which was able to erase Flash ROM BIOS content, rendering computer systems unstable. CIH, also known as "Chernobyl Virus", appeared for the first time in mid-1998 and became active in April 1999 (SONY VAIO VGN-FZ31M Battery) .

It affected systems' BIOS's and often they could not be fixed on their own since they were no longer able to boot at all. To repair this, Flash ROM IC had to be removed from the motherboard to be reprogrammed elsewhere. Damage from CIH was possible since the virus was specifically targeted at the then widespread Intel i430TX motherboard chipset, and the most common operating systems of the time were based on the Windows 9x family allowing direct hardware access to all programs (SONY VAIO VGN-FZ31B Battery) .

Modern systems are not vulnerable to CIH because of a variety of chipsets being used which are incompatible with the Intel i430TX chipset, and also other Flash ROM IC types. There is also extra protection from accidental BIOS rewrites in the form of boot blocks which are protected from accidental overwrite or dual and quad BIOS equipped systems which may, in the event of a crash, use a backup BIOS (SONY VGP-BPS13 Battery) .

Also, all modern operating systems like Linux, Mac OS X, Windows NT-based Windows OS like Windows 2000, Windows XP and newer, do not allow user mode programs to have direct hardware access. As a result, as of 2008, CIH has become essentially harmless, at worst causing annoyance by infecting executable files and triggering alerts from antivirus software. Other BIOS viruses remain possible, however : since most Windows users run all applications with administrative privileges, a modern CIH-like virus could in principle still gain access to hardware (Dell Precision M70 Battery) .

Black Hat 2006

The second one was a technique presented by John Heasman, principal security consultant for UK based Next-Generation Security Software at the Black Hat Security Conference (2006), where he showed how to elevate privileges and read physical memory, using malicious procedures that replaced normal ACPI functions stored in flash memory (Acer Aspire One battery) .

Persistent BIOS Infection

The third one, known as "Persistent BIOS infection", was a method presented in CanSecWest Security Conference (Vancouver, 2009) and SyScan Security Conference (Singapore, 2009) where researchers Anibal Sacco and Alfredo Ortega, from Core Security Technologies, demonstrated insertion of malicious code into the decompression routines in the BIOS, allowing for nearly full control of the PC at every start-up, even before the operating system is booted (Toshiba Satellite L305 Battery) .

The proof-of-concept does not exploit a flaw in the BIOS implementation, but only involves the normal BIOS flashing procedures. Thus, it requires physical access to the machine or for the user on the operating system to be root. Despite this, however, researchers underline the profound implications of their discovery: “We can patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable antivirus (Toshiba Satellite M65 battery) .”

Firmware on adapter cards

A computer system can contain several BIOS firmware chips. The motherboard BIOS typically contains code to access hardware components absolutely necessary for bootstrapping the system, such as the keyboard (either PS/2 or on a USB human interface device), and storage (floppy drives, if available, and IDE or SATA hard disk controllers). In addition, plug-in adapter cards such as SCSI, RAID,Network interface cards, and video boards often include their own BIOS (e.g. Video BIOS), complementing or replacing the system BIOS code for the given component (Toshiba Satellite T4900 Battery) .

(This code is generally referred to as an option ROM.) Even devices built into the motherboard can behave in this way; their option ROMs can be stored as separate code on the main BIOS flash chip, and upgraded either in tandem with, or separately to, the main BIOS.

An add-in card usually only requires an option ROM if it (Toshiba PA3399U-2BRS battery) :

• Needs to be used before the operating system can be loaded (usually this means it is required in the bootstrapping process), and
• Is too sophisticated or specific a device to be handled by the main BIOS

Older PC operating systems, such as MS-DOS (including all DOS-based versions of Microsoft Windows), and early-stage bootloaders, may continue to use the BIOS for input and output (Dell Latitude E6400 battery) .

However, the restrictions of the BIOS environment means that modern OSes will almost always use their own device drivers to directly control the hardware. Generally, these device drivers only use BIOS and option ROM calls for very specific (non-performance-critical) tasks, such as preliminary device initialization (Toshiba Satellite A200 Battery) .

In order to discover memory-mapped option ROMs during the boot process, PC BIOS implementations scan real memory from 0xC0000 to 0xF0000 on 2 KiB boundaries, looking for a ROM signature:0xAA55 (0x55 followed by 0xAA, since the x86 architecture is little-endian). In a valid expansion ROM, this signature is immediately followed by a single byte indicating the number of 512-byte blocks it occupies in real memory (Toshiba Satellite 1200 Battery) .

The next byte contains an offset describing the option ROM's entry point, to which the BIOS immediately transfers control. At this point, the expansion ROM code takes over, using BIOS services to register interrupt vectors for use by post-boot applications, provide a user configuration interface, or display diagnostic information.

There are many methods and utilities for examining the contents of various motherboard BIOS and expansion ROMs, such as Microsoft DEBUG or the UNIX dd (Toshiba NB100 Battery) .

BIOS boot specification

If the expansion ROM wishes to change the way the system boots (such as from a network device or a SCSI adapter for which the BIOS has no driver code), it can use the BIOS Boot Specification(BBS) API to register its ability to do so. Once the expansion ROMs have registered using the BBS APIs, the user can select among the available boot options from within the BIOS's user interface. This is why most BBS compliant PC BIOS implementations will not allow the user to enter the BIOS's user interface until the expansion ROMs have finished executing and registering themselves with the BBS API (Toshiba Satellite M300 Battery) .

Changing role of the BIOS

Some operating systems, for example MS-DOS, rely on the BIOS to carry out most input/output tasks within the PC.A variety of technical reasons makes it inefficient for some recent operating systems written for 32-bit CPUs such as Linux and Microsoft Windows to invoke the BIOS directly. Larger, more powerful, servers and workstations using PowerPC or SPARC CPUs by several manufacturers developed a platform-independent Open Firmware (IEEE-1275), based on the Forth programming language (Dell INSPIRON 1525 battery) .

It is included with Sun's SPARC computers, IBM's RS/6000 line, and other PowerPC CHRP motherboards. Later x86-based personal computer operating systems, like Windows NT, use their own, native drivers which also makes it much easier to extend support to new hardware, while the BIOS still relies on a legacy 16-bit runtime interface (Dell Inspiron Mini 10 Battery) .

There was a similar transition for the Apple Macintosh, where the system software originally relied heavily on the ToolBox—a set of drivers and other useful routines stored in ROM based on Motorola's 680x0 CPUs. These Apple ROMs were replaced by Open Firmware in the PowerPC Macintosh, then EFI in Intel Macintosh computers (Dell Latitude D830 Battery) .

Later BIOS took on more complex functions, by way of interfaces such as ACPI; these functions include power management, hot swapping and thermal management. However BIOS limitations (16-bit processor mode, only 1 MiB addressable space, PC AT hardware dependencies, etc.) were seen as clearly unacceptable for the newer computer platforms. Extensible Firmware Interface (EFI) is a specification which replaces the runtime interface of the legacy BIOS (Dell Studio 1735 Battery) .

Initially written for the Itanium architecture, EFI is now available for x86 and x86-64 platforms; the specification development is driven by The Unified EFI Forum, an industry Special Interest Group.

Linux has supported EFI via the elilo boot loader. The Open Source community increased their effort to develop a replacement for proprietary BIOSes and their future incarnations with an open sourced counterpart through the coreboot and OpenBIOS/Open Firmware projects (Dell Latitude D620 Battery) .

AMD provided product specifications for some chipsets, and Google is sponsoring the project. Motherboard manufacturer Tyanoffers coreboot next to the standard BIOS with their Opteron line of motherboards. MSI and Gigabyte Technology have followed suit with the MSI K9ND MS-9282 and MSI K9SD MS-9185 resp. the M57SLI-S4 models (SONY VAIO VGN-FZ150E Battery) .

Some BIOSes contain a "SLIC", a digital signature placed inside the BIOS by the manufacturer, for example Dell. This SLIC is inserted in the ACPI table and contains no active code. Computer manufacturers that distribute OEM versions of Microsoft Windows and Microsoft application software can use the SLIC to authenticate licensing to the OEM Windows Installation disk and/or systemrecovery disc containing Windows software (Dell Studio 1555 Battery) .

Systems having a SLIC can be activated with an OEM Product Key, and they verify an XML formatted OEM certificate against the SLIC in the BIOS as a means of self-activating. If a user performs a fresh install of Windows, they will need to have possession of both the OEM key and the digital certificate for their SLIC in order to bypass activation; in practice this is extremely unlikely and hence the only real way this can be achieved is if the user performs a restore using a pre-customised image provided by the OEM (Dell Latitude D610 Battery).

The BIOS business

The vast majority of PC motherboard suppliers license a BIOS "core" and toolkit from a commercial third-party, known as an "independent BIOS vendor" or IBV. The motherboard manufacturer then customizes this BIOS to suit its own hardware. For this reason, updated BIOSes are normally obtained directly from the motherboard manufacturer (Dell Latitude E6400 battery) .

Major BIOS vendors include American Megatrends (AMI), Insyde Software, Phoenix Technologies and Byosoft. Former vendors include Award Software which was acquired by Phoenix Technologies in 1998. Phoenix has now phased out the Award Brand name. General Software, which was also acquired by Phoenix in 2007, sold BIOS for Intel processor based embedded systems (Dell Inspiron 300M Battery) .

Advanced Configuration and Power Interface

In computing, the Advanced Configuration and Power Interface (ACPI) specification provides an open standard for unified operating system-centric device configuration and power management. ACPI, first released in December 1996, defines platform-independent interfaces for hardware discovery, configuration, power management and monitoring (Dell Inspiron E1505 battery) .

The specification is central to Operating System-directed configuration and Power Management (OSPM); a term used to describe a system implementing ACPI, which therefore removes device management responsibilities from legacy firmware interfaces. The standard was originally developed by Intel, Microsoft, and Toshiba, and last published as "Revision 4.0a", on April 5, 2010. As of 2010, developers of ACPI also include HP andPhoenix (Dell RM791 battery) .

Overview

ACPI aims to consolidate and improve upon existing power and configuration standards for hardware devices. It provides a transition from existing standards to entirely ACPI-compliant hardware, with some ACPI operating systems already removing support for legacy hardware. With the intention of replacing Advanced Power Management, the MultiProcessor Specification and the Plug and Play BIOS Specification, the standard brings power management into operating system control (OSPM), as opposed to the previous BIOS central system, which relied on platform-specific firmware to determine power management and configuration policy (Dell XPS M1530 battery) .

The ACPI specification contains numerous related components for hardware and software programming, as well as a unified standard for device/power interaction and bus configuration. As a document that unifies many previous standards it covers many areas, for system and device builders as well as system programmers. Some software developers have trouble implementing ACPI and express concerns about the requirements that bytecode from an external source must be run by the system with full privileges (Dell XPS M2010 battery) .

Linus Torvalds, creator of the Linux kernel, once described it as "a complete design disaster in every way", in relation to his view that "modern PCs are horrible".

Microsoft Windows 98 was the first operating system with full support for ACPI, with Windows 2000, Windows XP, Windows Vista, Windows 7, eComStation, FreeBSD, NetBSD,OpenBSD, HP-UX, OpenVMS, Linux and PC versions of SunOS all having at least some support for ACPI (Dell Vostro 1000 battery) .

OSPM responsibilities

ACPI requires that once an OSPM-compatible operating system has activated ACPI on a computer, it then takes over and has exclusive control of all aspects of power management and device configuration. The OSPM implementation must expose an ACPI-compatible environment to device drivers, which exposes certain system, device and processor states (HP Pavilion dv9000 battery) .

Power States

Global states

The ACPI specification defines the following seven states (so-called global states) for an ACPI-compliant computer-system:

• G0 (S0): Working
• G1, Sleeping subdivides into the four states S1 through S4 (Sony Vaio VGN-FZ61B battery)
• S1: All processor caches are flushed, and the CPU(s) stop executing instructions. Power to the CPU(s) and RAM is maintained; devices that do not indicate they must remain on may be powered down.
• S2: CPU powered off
• S3: Commonly referred to as Standby, Sleep, or Suspend to RAM. RAM remains powered
• S4: Hibernation or Suspend to Disk. All content of main memory is saved to non-volatile memory such as a hard drive, and is powered down.

• G2 (S5), Soft Off: G2 is almost the same as G3 Mechanical Off, but some components remain powered so the computer can "wake" from input from the keyboard, clock, modem, LAN, or USBdevice (Sony Vaio VGN-FZ18M battery) .

• G3, Mechanical Off: The computer's power consumption approaches close to zero, to the point that the power cord can be removed and the system is safe for dis-assembly (typically, only the real-time clock is running off its own small battery).

Furthermore, the specification defines a Legacy state: the state on an operating system which does not support ACPI. In this state, the hardware and power are not managed via ACPI, effectively disabling ACPI (Sony VGN-FZ21M battery) .

Device states

The device states D0-D3 are device-dependent:

• D0 Fully-On is the operating state.
• D1 and D2 are intermediate power-states whose definition varies by device.
• D3 Off has the device powered off and unresponsive to its bus (Dell Precision M70 Battery) .

Processor states

The CPU power states C0-C3 are defined as follows:

• C0 is the operating state.
• C1 (often known as Halt) is a state where the processor is not executing instructions, but can return to an executing state essentially instantaneously. All ACPI-conformant processors must support this power state. Some processors, such as the Pentium 4, also support an Enhanced C1 state (C1E or Enhanced Halt State) for lower power consumption (Dell XPS M1210 Battery) .

• C2 (often known as Stop-Clock) is a state where the processor maintains all software-visible state, but may take longer to wake up. This processor state is optional.
• C3 (often known as Sleep) is a state where the processor does not need to keep its cache coherent, but maintains other state. Some processors have variations on the C3 state (Deep Sleep, Deeper Sleep, etc.) that differ in how long it takes to wake the processor. This processor state is optional (Dell Vostro 1400 Battery) .

Performance states

While a device or processor operates (D0 and C0, respectively), it can be in one of several power-performance states. These states are implementation-dependent, but P0 is always the highest-performance state, with P1 to Pn being successively lower-performance states, up to an implementation-specific limit of n no greater than 16 (Dell Vostro 1510 Battery) .

P-states have become known as SpeedStep in Intel processors, as PowerNow! or Cool'n'Quiet in AMD processors, and as PowerSaver in VIA processors.

• P0 max power and frequency
• P1 less than P0, voltage/frequency scaled
• Pn less than P(n-1), voltage/frequency scaled (Dell Vostro 2510 Battery)

Hardware Interface

ACPI-compliant systems interact with hardware through either a "Function Fixed Hardware (FFH) Interface" or a platform-independent hardware programming model which relies on platform-specificAML provided by the original equipment manufacturer (OEM) (Dell Vostro A860 Battery) .

Function Fixed Hardware interfaces are platform-specific features, provided by platform manufacturers for the purposes of performance and failure recovery. Standard Intel-based PCs have a fixed function interface defined by Intel[8], which provides a set of core functionality that reduces an ACPI-compliant system's need for full driver stacks for providing basic functionality during boot time or in the case of major system failure (Dell Vostro A90 Battery) .

Firmware Interface

ACPI defines a large number of tables that provide the interface between an ACPI-compliant operating system and system firmware. These allow description of system hardware in a platform-independent manner, and are presented as either fixed formatted data structures or in ACPI Machine Language (AML). The main AML table is the DSDT (differentiated system description table (HP Pavilion DV4 Battery) .

The Root System Description Pointer is located in a platform-dependent manner, and describes the rest of the tables.

ACPI Component Architecture (ACPICA)

The ACPI Component Architecture (ACPICA) provides an open-source OS-independent reference implementation of the ACPI specification (HP Pavilion DV7 Battery) .

History

The first revision of the ACPI specification was released in December 1996 supporting 16 and 32-bit addressing spaces. It wasn't until August 2000 that ACPI received 64-bit address support as well as support for multiprocessor workstations and servers with revision 2.0. In September 2004, revision 3.0 gave the ACPI specification support for SATA connectors, PCI Express bus, >256 multiprocessor support, ambient light sensors and user presence devices, as well as extending the Thermal model beyond the previous processor centric support (ACER TRAVELMATE 2410 battery) .

The latest of the major publications is that of revision 4.0. Released in June 2009, the 4.0 specification added many new features to the design; most notable are USB 3.0 support, logical processor idling support, and x2APIC support.