Keep a tight grip on the controls for firmware updates

Everyone's agreed the BIOS must die, but nobody's saying too much about the replacement

Earlier this year, I wrote about a new idea from Intel, the Extensible Firmware Initiative. This is in effect a tiny operating system and programming language, which Intel proposes as a replacement for the PC BIOS -- the legacy lump of code that gets your PC out of bed in the morning, cleans its teeth and drives it to work at the operating system. The EFI got a lot of interest: firmware, the stuff that sits between hardware and software, has a bad reputation for being difficult to work with and anything that makes it easier is going to be popular. In particular, nobody likes the BIOS; it's like having a medieval innkeeper working behind the desk at a five-star Hilton.

EFI is a good idea: it lets lots of different peripherals get on well when a computer first starts up, it adds more diagnostics and control options for tricky conflicts between hardware devices, and it lets ordinary programmers -- not the rare and commonly bonkers assembly language variety -- write firmware.

In fact, it's such a good idea that Microsoft and Phoenix Technologies have decided to do exactly the same thing with their Core System Software (CSS). This replaces the BIOS, has improved control, diagnostics, and start-up abilities, and lets ordinary programmers write firmware. Of course, while the Phoenix press releases make great play of how wonderful it is and how Phoenix is "creating an entirely new category of system software", there's no mention that the entirely new category is in fact an entirely old hat.

Where CSS does differ from EFI is that partnership with Microsoft. CSS will have a "new integration model" with Windows, which is puzzling: in general; once firmware has handed over the keys to the kingdom to the operating system, that's it. They no more integrate than a commuter train does with your office desk. What that means for other operating systems is unclear, but there may be a clue in the fact the CSS announcement doesn't have any occasion to use the O word.

The original IBM PC standard ate the world not because it was wonderful but because it was effectively open. While nobody could duplicate the hardware or the BIOS software without IBM's permission, it was legal and worthwhile to find ways to duplicate what they did. Take a functional specification and a handful of bright programmers, and lock them in a clean room until they come up with their own version: that's what a start-up company called Compaq did with the PC BIOS and the rest is history.

And anybody could write stuff that worked with the PC BIOS standard without getting anyone's say-so. A system where you don't need to pay to play -- essential for a really vigorous market. A shame, then, that the latest talk about EFI at the Intel Developer Forum said that developers would normally need to buy in technology from an Intel partner.

There is another way: the international, open standard for firmware, IEEE 1275, otherwise known as Open Firmware. If you hunt around the Web for it you'd be forgiven for thinking that it's open and closed, with the main Web site drifting untouched since before the Millennium: it's very much alive, though, with Apple using it on its latest Macintoshes and an OpenBIOS project pushing it into the PC world.

Open Firmware has the lot. It's easy to extend, is designed to be entirely processor independent -- where EFI uses its own bytecode language, Open Firmware uses one of the original control languages, Forth -- and well documented. It works. You don't have to buy anything from anybody, and nobody will tell you what you can and can't do with it -- stick to the standard and off you go.

This is of little interest to those who see the firmware at the heart of a PC as a vital point for corporate control. It's the first thing a processor sees when the power comes on: it's the ideal point to add the encryption, verification and hardware aspects of digital rights management. When that is then tightly coupled with a suitably approved operating system… well, you don't need me to go on. It matters little that "you can always turn the DRM off" if nothing then consents to run on the denuded system. And if the BIOS replacement does have any DRM or cryptographic functions, it becomes illegal in the US to attempt to write a replacement that works the same way -- regardless of intellectual property issues. What Compaq did to kick-start an entire industry back then would land the engineers in prison today.

So there are two questions for anyone who wants to sell you a BIOS replacement -- or a computer using one. Who do I have to get permission from before I can write software for it, and will it stop me using whatever mix of hardware and software I see fit? For all the changes that the PC industry has seen over the past twenty years, the answers to the above have always been "Nobody" and "No". Ask anyone who says this must change to tell you why, and treat the answers with extreme scepticism.

A medieval innkeeper is one thing: a witch-hunting gaoler is quite another.