If Firm Implies Secure, Does That Imply My Firmware Is Secure?

Has there ever been a time in your life when you asked, “How does that work”?

In the early days of computing, we learned that BIOS stood for “Basic Input Output (instruction) Set.” It is a set of nonvolatile instructions that dictates how a hardware system should function at startup.

I remember my first experiences interacting with BIOS. I specifically recall configuring my first IBM 8088 computer. There were DIP switches on the motherboard which we could set to dictate a limited range of BIOS functionality at boot such as memory size and the number of floppy disk drives. Then we went to disk-based BIOS utilities on the early IBM/AT (80286) class of computers. When we were introduced to hard drives, we used jumpers to determine the master drive. From there, we went to allowing user access to the BIOS by pressing a key or key-combination at startup.

BIOS has been around for a while now. Only rarely were these instructions referred to as “firmware” in the early days. For sure, nobody ever thought of security on firmware back then, but today, it is a common thought amongst most security engineers.

Origins of Firmware

The term firmware was first coined back in 1967 and was meant to designate microprograms resident in the computer’s control memory but not the physical control memory itself. Originally, it referred to the contents of a writable control store containing microcode that defined and implemented the computer’s instruction set and that could be reloaded to specialize or modify the instructions that the central processing unit (CPU) could execute at startup.

How is it defined today? According to the Tech Terms dictionary, firmware is a software program or set of instructions programmed on a hardware device. It provides the necessary instructions (at startup) for how (Read more...)