Firmware Applications

Firmbase® is a run-time operating environment that that runs in parallel with any OS or even without the foreground OS (as in the case of an OS crash situation). It supports the execution of 32-bit firmware applications in System Management Mode (SMM). The Firmbase kernel compresses to < 80KB in ROM.


Phoenix uses the Firmbase SDK to create applications like its Boot Security feature, HA Monitor, Platform Update Facility, and USB Boot feature for Embedded BIOS® with StrongFrame® Technology.


firmwareoption2.jpg

Platform Update Facility updates a system's firmware, CMOS, and mass storage content either automatically or under control of a remote administration user community.


High Availability Monitor checks the health of a running system and automatically takes corrective actions when health deteriorates. HA Monitor is remote manageable and configurable, allowing for automatic and unattended operation.


Boot Security Application provides a chain of trust from the hardware to the OS and application through cryptographic challenges, ensuring that the BIOS and OS have not been tampered with; disallowing the application to run on non-authorized hardware; and disallowing the hardware to boot without running the authorized application.


The Boot Security Application is a firmware application that begins running in the Firmbase environment before the OS boots, allowing it to automatically verify the cryptographic hashes of OEM-specified system content, including ROM images, CMOS images, disk images, and disk files. If these cryptographic hashes are correct, then POST allows the operating system to boot, providing a trusted path to the OS from power on.


During the system's steady state, this application receives periodic cryptographic challenges from the application program through System Management Interrupts, allowing the user application the opportunity to verify that the hardware and associated BIOS are genuine.


Also, at run time, the Boot Security Application receives challenge polls from the application, which must occur within fixed timing parameters. This allows the Boot Security Application the opportunity to present challenges to the user application and verify that it is genuine.


The Boot Security Application is implemented as a single firmware application executable (BOOTSEC.EXE) and is integrated into the composite BIOS image using the Embedded BIOS with StrongFrame Technology adaptation kit. The Boot Security Application can be run in the BIOS ROM or run from Firmbase -recognized mass storage devices.


Resources