Firmware

A television remote control is an example of an engineered product that contains firmware. The firmware monitors the buttons, controls the LEDs, and processes the button presses to send the data in a format the receiving device, in this case, a television set, can understand and process. In fact, the television's motherboard has complex firmware too.

In electronic systems and computing, firmware^[a] is a specific class of computer software that provides the low-level control for the device's specific hardware. Firmware can either provide a standardized operating environment for the device's more complex software (allowing more hardware-independence), or, for less complex devices, act as the device's complete operating system, performing all control, monitoring and data manipulation functions. Typical examples of devices containing firmware are embedded systems, consumer appliances, computers, computer peripherals, and others. Almost all electronic devices beyond the simplest contain some firmware.

Firmware is held in non-volatile memory devices such as ROM, EPROM, or flash memory. Changing the firmware of a device may rarely or never be done during its lifetime; some firmware memory devices are permanently installed and cannot be changed after manufacture. Common reasons for updating firmware include fixing bugs or adding features to the device. This may require ROM integrated circuits to be physically replaced, or flash memory to be reprogrammed through a special procedure.^[2] Firmware such as the ROM BIOS of a personal computer may contain only elementary basic functions of a device and may only provide services to higher-level software. Firmware such as the program of an embedded system may be the only program that will run on the system and provide all of its functions.

Before the inclusion of integrated circuits, other firmware devices included a discrete semiconductor diode matrix. The Apollo guidance computer had firmware consisting of a specially manufactured core memory plane, called "core rope memory", where data was stored by physically threading wires through (1) or around (0) the core storing each data bit.^[3]

History[edit]

Ascher Opler coined the term "firmware" in a 1967 Datamation article.^[4] Originally, it meant the contents of a writable control store (a small specialized high speed memory), containing microcode that defined and implemented the computer's instruction set, and that could be reloaded to specialize or modify the instructions that the central processing unit (CPU) could execute. As originally used, firmware contrasted with hardware (the CPU itself) and software (normal instructions executing on a CPU). It was not composed of CPU machine instructions, but of lower-level microcode involved in the implementation of machine instructions. It existed on the boundary between hardware and software; thus the name "firmware". Over time, popular usage extended the word "firmware" to denote any computer program that is tightly linked to hardware, including processor machine instructions for BIOS, bootstrap loaders, or the control systems for simple electronic devices such as a microwave oven, remote control, or computer peripheral.

Applications[edit]

Personal computers[edit]

ROM BIOS firmware on a Baby AT motherboard

In some respects, the various firmware components are as important as the operating system in a working computer. However, unlike most modern operating systems, firmware rarely has a well-evolved automatic mechanism of updating itself to fix any functionality issues detected after shipping the unit.

The BIOS may be "manually" updated by a user, using a small utility program. In contrast, firmware in storage devices (harddisks, DVD drives, flash storage) rarely gets updated, even when flash (rather than ROM) storage is used for the firmware; there are no standardized mechanisms for detecting or updating firmware versions.

Most computer peripherals are themselves special-purpose computers. Devices such as printers, scanners, cameras and USB flash drives have internally stored firmware; some devices may also permit field upgrading of their firmware.

Some low-cost peripherals no longer contain non-volatile memory for firmware, and instead rely on the host system to transfer the device control program from a disk file or CD.^[5]

Consumer products[edit]

As of 2010^[update], most portable music players support firmware upgrades. Some companies use firmware updates to add new playable file formats (codecs); iriver added Vorbis playback support this way, for instance. Other features that may change with firmware updates include the GUI or even the battery life. Most mobile phones have a Firmware Over The Air firmware upgrade capability for much the same reasons; some may even be upgraded to enhance reception or sound quality, illustrating that firmware is used at more than one level in complex products (in a CPU-like microcontroller versus in a digital signal processor, in this particular case).

Automobiles[edit]

Since 1996, most automobiles have employed an on-board computer and various sensors to detect mechanical problems. As of 2010^[update], modern vehicles also employ computer-controlled anti-lock braking systems (ABS) and computer-operated transmission control units (TCUs). The driver can also get in-dash information while driving in this manner, such as real-time fuel economy and tire pressure readings. Local dealers can update most vehicle firmware.

Examples[edit]

Examples of firmware include:

In consumer products:
- Timing and control systems for washing machines
- Controlling sound and video attributes, as well as the channel list, in modern TVs
- EPROM chips used in the Eventide H-3000 series of digital music processors
In computers:
- The BIOS found in IBM-compatible personal computers
- The (U)EFI-compliant firmware used on Itanium systems, Intel-based computers from Apple, and many Intel desktop computer motherboards
- Open Firmware, used in SPARC-based computers from Sun Microsystems and Oracle Corporation, PowerPC-based computers from Apple, and computers from Genesi
- ARCS, used in computers from Silicon Graphics
- Kickstart, used in the Amiga line of computers (POST, hardware init + Plug and Play auto-configuration of peripherals, kernel, etc.)
- RTAS (Run-Time Abstraction Services), used in computers from IBM
- The Common Firmware Environment (CFE)
In routers and firewalls:
- LibreCMC – a 100% free software router distribution based on the Linux-libre kernel
- IPFire – an open-source firewall/router distribution based on the Linux kernel
- fli4l – an open-source firewall/router distribution based on the Linux kernel
- OpenWrt – an open-source firewall/router distribution based on the Linux kernel
- m0n0wall – an embedded firewall distribution of FreeBSD
In NAS systems:
- NAS4Free – an open-source NAS operating system based on FreeBSD 9.1
- Openfiler – an open-source NAS operating system based on the Linux kernel

Flashing[edit]

Flashing^[6] involves the overwriting of existing firmware or data, contained in EEPROM or flash memory modules present in an electronic device, with new data.^[6] This can be done to upgrade a device^[7] or to change the provider of a service associated with the function of the device, such as changing from one mobile phone service provider to another or installing a new operating system. If firmware is upgradable, it is often done via a program from the provider, and will often allow the old firmware to be saved before upgrading so it can be reverted to if the process fails, or if the newer version performs worse.

Firmware hacking[edit]

Sometimes, third parties create an unofficial new or modified ("aftermarket") version of firmware to provide new features or to unlock hidden functionality; this is referred to as custom firmware. An example is Rockbox as a firmware replacement for portable media players. There are many homebrew projects for video game consoles, which often unlock general-purpose computing functionality in previously limited devices (e.g., running Doom on iPods).

Firmware hacks usually take advantage of the firmware update facility on many devices to install or run themselves. Some, however, must resort to exploits to run, because the manufacturer has attempted to lock the hardware to stop it from running unlicensed code.

Most firmware hacks are free software.

HDD firmware hacks[edit]

The Moscow-based Kaspersky Lab discovered that a group of developers it refers to as the "Equation Group" has developed hard disk drive firmware modifications for various drive models, containing a trojan horse that allows data to be stored on the drive in locations that will not be erased even if the drive is formatted or wiped.^[8] Although the Kaspersky Lab report did not explicitly claim that this group is part of the United States National Security Agency (NSA), evidence obtained from the code of various Equation Group software suggests that they are part of the NSA.^[9]^[10]

Researchers from the Kaspersky Lab categorized the undertakings by Equation Group as the most advanced hacking operation ever uncovered, also documenting around 500 infections caused by the Equation Group in at least 42 countries.

Security risks[edit]

Mark Shuttleworth, the founder of the company Canonical, which maintains the Ubuntu Linux distribution, has described proprietary firmware as a security risk, saying that "firmware on your device is the NSA's best friend" and calling firmware "a trojan horse of monumental proportions". He has asserted that low-quality, closed source firmware is a major threat to system security:^[11] "Your biggest mistake is to assume that the NSA is the only institution abusing this position of trust – in fact, it's reasonable to assume that all firmware is a cesspool of insecurity, courtesy of incompetence of the highest degree from manufacturers, and competence of the highest degree from a very wide range of such agencies". As a potential solution to this problem, he has called for declarative firmware, which would describe "hardware linkage and dependencies" and "should not include executable code".^[12] Firmware should be open-source so that the code can be checked and verified.

Custom firmware hacks have also focused on injecting malware into devices such as smartphones or USB devices. One such smartphone injection was demonstrated on the Symbian OS at MalCon,^[13]^[14] a hacker convention. A USB device firmware hack called BadUSB was presented at Black Hat USA 2014 conference,^[15] demonstrating how a USB flash drive microcontroller can be reprogrammed to spoof various other device types to take control of a computer, exfiltrate data, or spy on the user.^[16]^[17] Other security researchers have worked further on how to exploit the principles behind BadUSB,^[18] releasing at the same time the source code of hacking tools that can be used to modify the behavior of different USB devices.^[19]

Notes[edit]

^ It is sometimes abbreviated as "FW", which is constructed after "HW" and "SW" standing for "hardware" and "software", respectively.^[1]

References[edit]

^ "Ciena – Acronym Guide". ciena.com. Archived from the original on 10 January 2016. Retrieved 6 February 2016.
^ "What is firmware?". incepator.pinzaru.ro. Missing or empty |url= (help); |access-date= requires |url= (help)
^ Dag Spicer (August 12, 2000). "One Giant Leap: The Apollo Guidance Computer". Dr. Dobbs. Retrieved August 24, 2012.
^ Opler, Ascher (January 1967). "Fourth-Generation Software". Datamation. 13 (1): 22–24.
^ Corbet, Jonathan; Rubini, Alessandro; Kroah-Hartman, Greg (2005). Linux Device Drivers. O'Reilly Media. p. 405. ISBN 0596005903.
^ ^a ^b "Flashing Firmware". Tech-Faq.com. Archived from the original on September 27, 2011. Retrieved July 8, 2011.
^ "HTC Developer Center". HTC. Archived from the original on April 26, 2011. Retrieved July 8, 2011.
^ "Equation Group: The Crown Creator of Cyber-Espionage". Kaspersky Lab. February 16, 2015. Archived from the original on December 2, 2015.
^ Dan Goodin (February 2015). "How "omnipotent" hackers tied to NSA hid for 14 years—and were found at last". Ars Technica. Archived from the original on 2016-04-24.
^ "Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware". Daily Kos. February 17, 2015. Archived from the original on February 25, 2015.
^ Linux Magazine issue 162, May 2014, page 9
^ Shuttleworth, Mark (March 17, 2014). "ACPI, firmware and your security". Archived from the original on March 15, 2015.
^ "We will be back soon!". Malcon.org. Archived from the original on 2013-05-26. Retrieved 2013-06-14.
^ "Hacker plants back door in Symbian firmware". H-online.com. 2010-12-08. Archived from the original on 21 May 2013. Retrieved 2013-06-14.
^ "Why the Security of USB Is Fundamentally Broken". Wired.com. 2014-07-31. Archived from the original on 2014-08-03. Retrieved 2014-08-04.
^ "BadUSB - On Accessories that Turn Evil". BlackHat.com. Archived from the original on 2014-08-08. Retrieved 2014-08-06.
^ Karsten Nohl; Sascha Krißler; Jakob Lell (2014-08-07). "BadUSB – On accessories that turn evil" (PDF). srlabs.de. Archived (PDF) from the original on 2016-10-19. Retrieved 2014-08-23.
^ "BadUSB Malware Released - Infect millions of USB Drives". The Hacking Post - Latest hacking News & Security Updates. Archived from the original on 6 October 2014. Retrieved 7 October 2014.
^ "The Unpatchable Malware That Infects USBs Is Now on the Loose". WIRED. Archived from the original on 7 October 2014. Retrieved 7 October 2014.

External links[edit]

BadUSB - On Accessories that Turn Evil on YouTube, by Karsten Nohl and Jakob Lell
Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB)

[2] It is sometimes abbreviated as "FW", which is constructed after "HW" and "SW" standing for "hardware" and "software", respectively.^[1]

[1] "Ciena – Acronym Guide". ciena.com. Archived from the original on 10 January 2016. Retrieved 6 February 2016.

[3] "What is firmware?". incepator.pinzaru.ro. Missing or empty |url= (help); |access-date= requires |url= (help)

[4] Dag Spicer (August 12, 2000). "One Giant Leap: The Apollo Guidance Computer". Dr. Dobbs. Retrieved August 24, 2012.

[Opler-5] Opler, Ascher (January 1967). "Fourth-Generation Software". Datamation. 13 (1): 22–24.

[6] Corbet, Jonathan; Rubini, Alessandro; Kroah-Hartman, Greg (2005). Linux Device Drivers. O'Reilly Media. p. 405. ISBN 0596005903.

[techfaq-7] "Flashing Firmware". Tech-Faq.com. Archived from the original on September 27, 2011. Retrieved July 8, 2011.

[8] "HTC Developer Center". HTC. Archived from the original on April 26, 2011. Retrieved July 8, 2011.

[9] "Equation Group: The Crown Creator of Cyber-Espionage". Kaspersky Lab. February 16, 2015. Archived from the original on December 2, 2015.

[10] Dan Goodin (February 2015). "How "omnipotent" hackers tied to NSA hid for 14 years—and were found at last". Ars Technica. Archived from the original on 2016-04-24.

[11] "Breaking: Kaspersky Exposes NSA's Worldwide, Backdoor Hacking of Virtually All Hard-Drive Firmware". Daily Kos. February 17, 2015. Archived from the original on February 25, 2015.

[linux-mag-162-12] Linux Magazine issue 162, May 2014, page 9

[13] Shuttleworth, Mark (March 17, 2014). "ACPI, firmware and your security". Archived from the original on March 15, 2015.

[14] "We will be back soon!". Malcon.org. Archived from the original on 2013-05-26. Retrieved 2013-06-14.

[15] "Hacker plants back door in Symbian firmware". H-online.com. 2010-12-08. Archived from the original on 21 May 2013. Retrieved 2013-06-14.

[16] "Why the Security of USB Is Fundamentally Broken". Wired.com. 2014-07-31. Archived from the original on 2014-08-03. Retrieved 2014-08-04.

[17] "BadUSB - On Accessories that Turn Evil". BlackHat.com. Archived from the original on 2014-08-08. Retrieved 2014-08-06.

[18] Karsten Nohl; Sascha Krißler; Jakob Lell (2014-08-07). "BadUSB – On accessories that turn evil" (PDF). srlabs.de. Archived (PDF) from the original on 2016-10-19. Retrieved 2014-08-23.

[19] "BadUSB Malware Released - Infect millions of USB Drives". The Hacking Post - Latest hacking News & Security Updates. Archived from the original on 6 October 2014. Retrieved 7 October 2014.

[20] "The Unpatchable Malware That Infects USBs Is Now on the Loose". WIRED. Archived from the original on 7 October 2014. Retrieved 7 October 2014.

[a]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[1]

v t e Embedded systems
General terms	Embedded software Original equipment manufacturer (OEM) Embedded database Embedded hypervisor Consumer electronics Microcontroller ASIC FPGA SoC Memory footprint Single-board computer Raspberry pi IoT Board support package Cross compiler Embedded OS Bootloader
Firmware and controls	Custom firmware Rooting (Android) iOS jailbreaking PlayStation 3 Jailbreak Closed platform Vendor lock-in Defective by Design Hacking of consumer electronics Homebrew (video games) Crippleware
Software libraries	uClibc dietlibc Embedded GLIBC musl
Development tools	Bitbake Buildroot BusyBox Yocto Project Almquist shell Stand-alone shell OpenEmbedded
Operating systems	Linux on embedded systems Linux for mobile devices Light-weight Linux distribution Windows IoT Win CE Real-time operating system
Programming languages	Ada Assembly language CAPL Embedded C MISRA C nesC Embedded C++ Embedded Java
Lightweight browsers Open-source computing hardware Open-source robotics