What Is Firmware?
It exists on every type of computing device, from kitchen appliances to autonomous vehicles, yet many people don’t understand its function. Let’s start at the beginning to answer the question, “What is firmware?”
Basic Firmware Definition
Firmware is a type of software, typically held in nonvolatile read-only memory (ROM) chips, that provides low-level control for the hardware that runs a specific device. First, the firmware configures and initializes the hardware to begin loading the operating system. Then, it provides the operating system with an interface to run normal operations on the hardware.
In the late 1970s, IBM began developing personal computers (PCs) for business. These PCs needed a way to initialize the hardware, check memory, boot the system, and provide basic input/output (I/O) functionality to operating systems and application programs.
IBM created a small (2kB) program placed in the system read-only memory (ROM) and written in the processor’s native assembly language to provide these functions. It was called the Basic Input/Output System (BIOS).
Shortly after IBM’s system was announced, other manufacturers wanted to create “clone” PCs that were compatible with the IBM PC — but IBM held its BIOS closely and didn’t allow clone makers access.
Shortly after, Phoenix Technologies developed another version of BIOS compatible with the IBM PC BIOS and licensed it to clone computer makers. And the rest is history!
Over the years, the traditional BIOS adapted to support new processor features, increased memory, and additional devices. This evolution pushed BIOS into a niche where it started the system boot process but did little else because it was limited by its requirement to start the CPU in Intel processor 16-bit real mode. This limitation forced the I/O functionality to be used mainly in major hardware failure emergencies to communicate basic error messages to end-users.
In the late 1990s, Intel and Hewlett-Packard developed a new 64-bit processor chip using a new architecture. They decided that it made no sense to include an 8088 16-bit real mode processor or emulation in this new design just to support BIOS.
Instead, Hewlett-Packard created a design called the Extensible Firmware Interface (EFI). It had the same functionality as BIOS but was developed in C language instead of assembly and used modern design techniques. Intel encouraged the adoption of this new design and presented it as the new industry standard. As part of this standardization effort, they helped form the Unified Extensible Firmware Interface (UEFI) Forum and developed TianoCore as a reference code implementation to the open-source market.
Over 20 years after the initial development of EFI and with Windows 8 in 2012, Microsoft laid BIOS to rest. It required platforms running Windows to have UEFI-based platform firmware and no longer needed this firmware to emulate the old BIOS.
Today’s Terminology: Platform Firmware
It has been many years since these systems were truly BIOS. Today, standards groups refer to this functionality as “platform firmware.” Some call it UEFI \u-fee\ or UEFI BIOS. There’s no doubt that as the originator, BIOS will continue to be referenced for many years as shorthand for platform firmware. However, from a technical standpoint, the embedded code that initializes a computing device’s hardware and securely starts up an OS, hypervisor, or direct application and provides interfaces to hardware should be called “platform firmware.”
Firmware is the Foundation
Even with its evolution over the past decades, the answer to “What is firmware?” remains the same: It’s the core foundational software for every computing device.
As things have evolved and become more connected to the Internet of Things, firmware faces an ever-growing deluge of security threats. As foundational software, any breach of firmware poses a serious risk. Therefore, it’s critical that original equipment manufacturers (OEMs) and original design manufacturers (ODMs) understand the risks involved and take the steps necessary to ensure firmware security.