computing
Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, e ...
, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is
firmware
In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
used to provide runtime services for
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
s and programs and to perform hardware initialization during the
booting
In computing, booting is the process of starting a computer as initiated via hardware such as a button or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so som ...
process (power-on startup). The BIOS firmware comes pre-installed on an
IBM PC
The IBM Personal Computer (model 5150, commonly known as the IBM PC) is the first microcomputer released in the IBM PC model line and the basis for the IBM PC compatible de facto standard. Released on August 12, 1981, it was created by a team ...
or
IBM PC compatible
IBM PC compatible computers are similar to the original IBM PC, XT, and AT, all from computer giant IBM, that are able to use the same software and expansion cards. Such computers were referred to as PC clones, IBM clones or IBM PC clones. ...
's system board and exists in some
UEFI
UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of f ...
-based systems to maintain compatibility with operating systems that do not support UEFI native operation. The name originates from the Basic Input/Output System used in the
CP/M
CP/M, originally standing for Control Program/Monitor and later Control Program for Microcomputers, is a mass-market operating system created in 1974 for Intel 8080/ 85-based microcomputers by Gary Kildall of Digital Research, Inc. Initial ...
operating system in 1975. The BIOS originally
proprietary
{{Short pages monitor
The operating system
OpenBSD
OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project em ...
prevents all users from having this access and the grsecurity patch for the Linux kernel also prevents this direct hardware access by default, the difference being an attacker requiring a much more difficult kernel level exploit or reboot of the machine.
The third BIOS virus was a technique presented by John Heasman, principal security consultant for UK-based Next-Generation Security Software. In 2006, at the Black Hat Security Conference, he showed how to elevate privileges and read physical memory, using malicious procedures that replaced normal
ACPI
Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management (e.g. putting unused hardware components to sleep), auto c ...
functions stored in flash memory.
The fourth BIOS virus was a technique called "Persistent BIOS infection." It appeared in 2009 at the CanSecWest Security Conference in Vancouver, and at the SyScan Security Conference in Singapore. Researchers Anibal Sacco and Alfredo Ortega, from Core Security Technologies, demonstrated how to insert malicious code into the decompression routines in the BIOS, allowing for nearly full control of the PC at start-up, even before the operating system is booted. The proof-of-concept does not exploit a flaw in the BIOS implementation, but only involves the normal BIOS flashing procedures. Thus, it requires physical access to the machine, or for the user to be root. Despite these requirements, Ortega underlined the profound implications of his and Sacco's discovery: "We can patch a driver to drop a fully working
rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
. We even have a little code that can remove or disable antivirus."
Mebromi is a
trojan
Trojan or Trojans may refer to:
* Of or from the ancient city of Troy
* Trojan language, the language of the historical Trojans
Arts and entertainment Music
* ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 1890 ...
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
, and
antivirus software
Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...
from two Chinese companies: Rising Antivirus and Jiangmin KV Antivirus. Mebromi installs a rootkit which infects the
Master boot record
A master boot record (MBR) is a special type of boot sector at the very beginning of partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond. The concept of MBR ...
.
In a December 2013 interview with ''
60 Minutes
''60 Minutes'' is an American television news magazine broadcast on the CBS television network. Debuting in 1968, the program was created by Don Hewitt and Bill Leonard, who chose to set it apart from other news programs by using a unique styl ...
'', Deborah Plunkett, Information Assurance Director for the US
National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
claimed the NSA had uncovered and thwarted a possible BIOS attack by a foreign nation state, targeting the US financial system. The program cited anonymous sources alleging it was a Chinese plot. However follow-up articles in ''
The Guardian
''The Guardian'' is a British daily newspaper. It was founded in 1821 as ''The Manchester Guardian'', and changed its name in 1959. Along with its sister papers ''The Observer'' and ''The Guardian Weekly'', ''The Guardian'' is part of the Gu ...
,'' ''
The Atlantic
''The Atlantic'' is an American magazine and multi-platform publisher. It features articles in the fields of politics, foreign affairs, business and the economy, culture and the arts, technology, and science.
It was founded in 1857 in Boston, ...
,'' ''
Wired
''Wired'' (stylized as ''WIRED'') is a monthly American magazine, published in print and online editions, that focuses on how emerging technologies affect culture, the economy, and politics. Owned by Condé Nast, it is headquartered in San Fra ...
'' and ''
The Register
''The Register'' is a British technology news website co-founded in 1994 by Mike Magee, John Lettice and Ross Alderson. The online newspaper's masthead sublogo is "''Biting the hand that feeds IT''." Their primary focus is information tec ...
'' refuted the NSA's claims.
Newer Intel platforms have Intel Boot Guard (IBG) technology enabled, this technology will check the BIOS digital signature at startup, and the IBG public key is fused into the PCH. End users can't disable this function.
Alternatives and successors
Unified Extensible Firmware Interface
UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of ...
(UEFI) supplements the BIOS in many new machines. Initially written for the
Intel Itanium architecture
IA-64 (Intel Itanium architecture) is the instruction set architecture (ISA) of the Itanium family of 64-bit Intel microprocessors. The basic ISA specification originated at Hewlett-Packard (HP), and was subsequently implemented by Intel in co ...
, UEFI is now available for
x86
x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introd ...
and
ARM architecture
ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configured ...
platforms; the specification development is driven by the
Unified EFI Forum
UEFI Forum, Inc. is an alliance between technology companies to coordinate the development of the UEFI specifications. The board of directors includes representatives from twelve ''promoter'' companies: AMD, American Megatrends, ARM, Apple, Dell ...
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
Linux kernel
The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...
2.6.1 and later, and
macOS
macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
on Intel-based Macs. , new PC hardware predominantly ships with UEFI firmware. The architecture of the rootkit safeguard can also prevent the system from running the user's own software changes, which makes UEFI controversial as a legacy BIOS replacement in the
open hardware
Open-source hardware (OSH) consists of physical artifact (software development), artifacts of technology designed and offered by the open-design movement. Both free and open-source software (FOSS) and open-source hardware are created by this ope ...
community. Also,
Windows 11
Windows 11 is the latest major release of Microsoft's Windows NT operating system, released in October 2021. It is a free upgrade to its predecessor, Windows 10 (2015), and is available for any Windows 10 devices that meet the new Windows 11 ...
requires UEFI to boot.
Other alternatives to the functionality of the "Legacy BIOS" in the x86 world include
coreboot
coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware (BIOS or UEFI) found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and r ...
and
libreboot
Libreboot (briefly known as GNU Libreboot) is a free software project based on coreboot, aimed at replacing the proprietary BIOS firmware contained by most computers. Libreboot is a lightweight system designed to perform only the minimum number ...
.
Some servers and workstations use a platform-independent
Open Firmware
Open Firmware is a standard defining the interfaces of a computer firmware system, formerly endorsed by the Institute of Electrical and Electronics Engineers (IEEE). It originated at Sun Microsystems, where it was known as OpenBoot, and has bee ...
(IEEE-1275) based on the
Forth
Forth or FORTH may refer to:
Arts and entertainment
* ''forth'' magazine, an Internet magazine
* ''Forth'' (album), by The Verve, 2008
* ''Forth'', a 2011 album by Proto-Kaw
* Radio Forth, a group of independent local radio stations in Scotla ...
programming language; it is included with Sun's
SPARC
SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system developed ...
computers, IBM's
RS/6000
The RISC System/6000 (RS/6000) is a family of Reduced instruction set computer, RISC-based Unix Server (computing), servers, workstations and supercomputers made by IBM in the 1990s. The RS/6000 family replaced the IBM RT PC computer platform in ...
line, and other
PowerPC
PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple Inc., App ...
systems such as the CHRP motherboards, along with the x86-based
OLPC XO-1
The OLPC XO (formerly known as $100 Laptop, Children's Machine, 2B1) is a low cost laptop computer intended to be distributed to children in developing countries around the world, to provide them with access to knowledge, and opportunities to " ...
.
As of at least 2015,
Apple
An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
has removed legacy BIOS support from MacBook Pro computers. As such the BIOS utility no longer supports the legacy option, and prints "Legacy mode not supported on this system". In 2017, Intel announced that it would remove legacy BIOS support by 2020. Since 2019, new Intel platform OEM PCs no longer support the legacy option.
See also
*
Double boot
Double boot (also known as cold double boot, double cold boot, double POST, power-on booting, auto reboot, or fake boot) is a feature of the BIOS, and may occur after changes to the BIOS' settings or the system configuration, system's configuratio ...
*
Extended System Configuration Data The Extended System Configuration Data (ESCD) is a specification for configuring x86 computers of the ISA PNP era. The specification was developed by Compaq, Intel and Phoenix Technologies. It consists of a method for storing configuration informat ...
(ESCD)
*
Input/Output Control System
Input/Output Control System (IOCS) is any of several packages on early IBM entry-level and mainframe computers that provided low level access to records on peripheral equipment. IOCS provides functionality similar to 1960s packages from other ve ...
*
Advanced Configuration and Power Interface
Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management (e.g. putting unused hardware components to sleep), auto c ...
(ACPI)
*
Ralf Brown's Interrupt List
Ralf Brown's Interrupt List (aka RBIL, x86 Interrupt List, MS-DOS Interrupt List or INTER) is a comprehensive list of interrupts, calls, hooks, interfaces, data structures, CMOS settings, memory and port addresses, as well as processor opcodes a ...
(RBIL) interrupts, calls, interfaces, data structures, memory and port addresses, and processor opcodes for the x86 architecture
* System Management BIOS (SMBIOS)
*
Unified Extensible Firmware Interface
UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of ...