BIOS Startup Firmware - Advantech

Technology Forum

BIOS Startup Firmware Increases System Reliability and Improves Device Security By Stephen Jones, Chief Technology Officer, Phoenix Technologies

F

or embedded system developers, adopting the PC architecture as a design foundation brings with it a convincing set of advantages. The semiconductor technology supporting the architecture is both powerful and diverse, and a large number of software tools, operating systems, and applications are readily available to run on x86 architecture. All of these benefits come at a relatively low cost. The low cost stems partly from the high production volumes and resulting production efficiency that the hardware enjoys. Intense competition among a wide range of hardware and software vendors also works to keep costs low.

PC Drawbacks Unfortunately the PC architecture also brings with it several attributes that create problems for embedded applications, like boot time—a PC-based embedded design running a Windows operating system can take 30 seconds or more to become functional after powering on, see Figure 1.

most IT-oriented BIOS have hard-coded system functions and attributes that keep the PC architecture operating solely as a PC. This hard coding creates significant challenges for developers seeking to adapt the architecture to embedded applications. Removing or bypassing the unnecessary code adds both development time and risk.

Embedded BIOS® Solution Phoenix Technologies’ Embedded BIOS® with StrongFrame® Technology was designed from the ground up to simplify the designer’s task when modifying the BIOS for different system behaviors, different hardware configurations, and even a variety of choices in the operating system. Embedded BIOS is also easily extensible. System developers can add functionality to the BIOS without any rewriting of the original source. The BIOS can also run firmware applications such as a basic web browser as part of the firmware. The BIOS and its additional functionality also operate independently of the OS (see Figure 2), so that such applications can be available to the user before the OS loads or in the event of an OS crash.

Embedded designs based on the PC architecture exhibit excessive boot times - even without the operating system - creating acceptability issues for potential mainstream customers.

Start-up delays are not the only unfortunate attribute of the PC architecture running a Windows variant. Such devices also exhibit reliability and availability limitations. Windowsbased systems are notorious for their instability. From an embedded design stance, the PC hardware architecture is largely historical and vestigial—the things a desktop computer does do not necessarily map to a medical cockpit display. The BIOS is ideally positioned to address many of these issues, 18

Technology Forum

A configurable BIOS that leverages the System Management Mode (SMM) of the x86 architecture  - like the Phoenix Technologies Embedded BIOS with StrongFrame Technology - can resolve many of the PC architecture’s security and availability issues.

Because these applications form part of the system firmware they also possess a high degree of security. The BIOS and its applications kernel cannot be altered from within the system. This prevents both malicious software and application software errors from permanently damaging firmware operation.

Technology Forum A key factor in the design of Embedded BIOS is the way it handles the system configuration policy. In IT-oriented BIOS designs that policy is hard coded. The firmware searches for specific types of hardware at specific locations and decides at run time how that hardware is to be handled. The typical IT BIOS has more than 1,000 such policy decisions to make. Changing that code is a large task. Embedded BIOS makes these policy decision points configurable. Because the embedded system’s hardware structure is fixed and known, much of that configuration can occur at build time. Developers can select values for system parameters and enable or disable system options when creating the BIOS object code. And, flexible run-time parameters may be used to precisely tailor the system’s control strategy.

Optimizing Boot Time This combination of build-time and run-time configurability in the Embedded BIOS design can dramatically reduce boot time. Legacy devices such as the PS/2 keyboard and mouse controllers must be part of the system hardware for an IT-oriented BIOS to boot, for instance, but can be easily eliminated from the design when using a configurable BIOS. The hard disk drive (HDD) that is standard within a PC represents another opportunity to reduce boot time. An IToriented BIOS expects to find an ATA HDD and has a builtin delay of up to ten seconds to wait for the drive motors to spin up to speed following power-up. The configurable BIOS allows designers to readily replace the HDD with a Flash disk, handling the relevant code changes by modifying the personality module.

System Monitoring Enhances Security The ability to survive crashes of the OS or its applications makes System Management Mode (SMM) ideal for monitoring OS and applications at runtime. The SMM code can identify errors, unauthorized modifications, or failures in the OS and applications, then take corrective action such as rebooting the OS. In the meantime, the basic functionality in the SMMbased applications continues to remain available, increasing the system’s overall availability. One way to provide such monitoring is for the system developer to create a list of sensitive software objects such as CMOS settings and key files on mass storage, and sign the data. The monitoring program can then verify that the data are valid before the software uses them. The system can respond to detected errors in various ways such as sending error messages over the network, restoring the damaged files from backup copies, rebooting the OS or application, or completely shutting down system operation, depending on the error and the developer’s requirements.

The protection that such monitoring provides can extend beyond secure system operation to provide security against software piracy, as well. The monitoring programs can examine the hardware for security codes to validate the environment before launching an application.

Adding Secure Provisioning Monitoring firmware operating in SMM can provide a system design with a new capability: secure provisioning. The firmware can hold a list of software objects in the OS and application code that are open for updates. Because the firmware has access to system resources such as the network interfaces and stacks, mass storage, and file systems, the firmware can make modifications to OS and application code from outside the OS. Thus, the system can receive, validate, and implement updates and enhancements under the firmware’s secure control. Such updates can occur either at boot time or during run time. For boot-time updates the BIOS can query the network to look for specific software objects and see if updates are available. The run-time updates would allow the system to request files from the network in response to a particular system condition. The applications for such automatic provisioning are extensive. For example, a point-of-sale kiosk can load its operating system, applications, and data files automatically upon power up, so that a remote management team can repurpose the kiosk without a site visit. Similarly, identical hardware blades in a system can each receive a unique functional configuration under network control during power-up.

Embedded BIOS® Benefits The combination of a configurable BIOS and SMM firmware thus greatly expands the importance of the PC architecture to embedded applications. It helps eliminate the long boot times inherent in IT-oriented BIOS designs by eliminating hardcoded configurations and thus simplifying customization for a specific hardware platform. The boot reduction increases system availability and thus the design’s acceptability to mainstream users, and system security also increases. It also expands design options by supporting secure field reconfiguration and maintenance. The right type of BIOS can eliminate many of the drawbacks that the PC architecture brings to embedded applications without sacrificing compatibility with PC hardware, drivers, protocol stacks, operating systems, and a wide range of applications.

Technology Forum

19