A number of years ago I tried to imagine the most horrible error message I could hope to never see on a computer. This was what I came up with: UNRECOVERABLE ERROR #13: VIRUS IN THE BIOS
It appears that the hackers are getting ready to do that (see link).
What sort of defense can there be, against this? The only one I KNOW can be completely safe is something called a "mask ROM". Those who already know what that is can skip the next couple of paragraphs.
The process of mass-manufacture of computer chips involves some steps (among others) called "masking and etching". A "mask" is much like a stencil; placing one near a piece of silicon means that some of the silicon can be affected through the holes in the mask, and the rest of the silicon is protected by the body of the mask. A Read-Only-Memory (ROM) chip is among the simplest of chips that can be made. It is a pattern of circuits that looks, to the attached computer, like a block of filled memory, and the data "built in" that memory can be accessed much like ordinary data in ordinary computer RAM.
Mask ROMs were common in the early days of personal computers; machines like the Apple II or the Commodore 64, and even the first IBM PCs, used them to hold not only the BIOS (Basic Input/Output System) software that told the CPU how to use the rest of the system hardware, but those ROMs also often held a rudimentary Operating System, for users interacting with the machine in the BASIC programming language.
Read-Only-Memory has its drawbacks. If the software that is hard-wired inside the chip has a bug, you have to redesign the mask and produce a new chip. If you want to enhance the software, you have to do the same thing. This is why "Flash" memory is used so widely these days, to hold BIOS data. It's data can be changed when necessary. Of course, it can also be changed when UN-necessary, which is the essence of the Problem that this Idea is intended to solve.
Nowadays much of a modern BIOS is "standardized". Most development effort goes into adding and debugging new features. All the old original features have long ago been perfected. That leads us directly to this Idea.
Let the BIOS chip be manufactured such that part of it is a Mask ROM, and part of it is Flash. The ROM portion should contain all the old perfected software, plus a couple more things, which we'll get to in a moment. The Flash portion would contain nothing until it is programmed at the factory where the computer is assembled. It would then contain the software needed for proper interaction with the latest hardware fads, built into the computer that contains this chip. This Flash portion is the only thing that could be updated, of course, which means it also is the only part of the BIOS that can be hacked by the bad guys.
Inside the ROM portion of the chip, though, there would be a "Full Erase" feature, to completely wipe all data from the Flash part of the chip. Goodbye, malware! Yes, this could mean that part of your computer hardware would become inoperable until you could reFlash that part of the BIOS with "clean" code. So? Would you rather have an unremovable virus? At least the fundamental systems would still work (keyboard, mouse, monitor, disk access), so that you COULD quickly reFlash, thanks to the ROM portion of the BIOS.
If possible, there should also be a "rootkit" eliminator, in the ROM, for cleaning the hard disk drive; almost by definition a rootkit needs to closely communicate with the BIOS, which means the BIOS ought to be able to detect it.-- Vernon, Mar 23 2009 The first steps toward putting a virus in the BIOS http://threatpost.c...bios-attack-methodsAs mentioned in the main text. [Vernon, Mar 23 2009] Slashdot debate about BIOS attacks. http://it.slashdot....id=09/03/23/1248214 [DrBob, Mar 23 2009] Well, well, this danger is not theoretical! http://www.net-secu...re_news.php?id=1837Old news [Vernon, Sep 14 2011] As far back as 1999 http://en.wikipedia...IH_(computer_virus)perhaps the first BIOS-infector [Vernon, Sep 14 2011] The latest threat http://www.symantec...hreat-showing-againAnd, probably, more/worse is yet to come [Vernon, Sep 14 2011] Back in my day, before Flash, we used UV EPROM for BIOS. Yes, they could be erased (using strong UV light) and reprogrammed (using a voltage not present at the socket in the motherboard), but in use they were invulnerable to attack.
UV EPROM for the "BIOS behind the BIOS" might be a way to what you want. The UV EPROM and Flash could be bundled together in one package.
Another option might be a USB connector on a removable BIOS chip, so that it could be plugged into a known-good computer and reprogrammed.-- cindik, Mar 23 2009 Some CMOS chips do contain a copy of the BIOS that can be loaded in the event a flash upgrade goes bad. I don't know off hand if the copy if hard coded or also a soft copy.-- phoenix, Mar 23 2009 really, every bios that i had any hand with (odd, but since WIN 95 I don't think that I have needed to enter the bios) had a manual reset to a hardcopy that you could trigger. Isn't this just a re-hash of the old boot sector viri of the 1980's?-- WcW, Mar 23 2009 [cindik], UV-EPROMs don't hold data as long as Flash can. The packaging is also more expensive, since that "window" is needed to let the UV through, to erase it. Flash is simply more convenient several ways (vulnerability not being one of them, of course).
[phoenix], that copy of the BIOS, in computers I've seen with it, is stored on a 2nd Flash chip. If it is not write-enabled, I suppose that would also work as an alternative to this Idea.
[WCW], that "hard copy" of default BIOS settings, for the CMOS chip (perhaps I should have discussed that, too, in the main text), is actually part of the data stored in Flash, along with copying code. Any hacker planning on putting malware in there will be sure to disable it as part of the Flash write.-- Vernon, Mar 23 2009 I have UV EPROMS from 1980 and they still work. How long do you need the data to be held?-- cindik, Mar 23 2009 Mine date approx 1985 and lost critical data in less than 10 years. Smaller memory cells is the reason, I bet. I suspect that if you want any new ones to last, they will have to be as silicon-real-estate expensive as the ones made in 1980.-- Vernon, Mar 23 2009 By "critical data", you're not talking about BIOS settings (hard drive selection, memory on board, boot settings), are you? That's in battery-backed CMOS R/W memory.
I haven't had a UV EPROM fail in decades.-- cindik, Mar 23 2009 Digital signatures might work. The ROM chip would be consulted first on startup. It would check that the Flash part was signed by the manufacturer, and restore it to factory default if it was not.-- Bad Jim, Mar 23 2009 [cindik], I have a pre-PC computer that allowed the ROM code to be copied to RAM and then modified. After adding various enhancements I "burned" the new code into (2) UVEPROMs and used them as replacements for the original (2) ROMs (controlled by a switch I added). Since the computer won't boot now from the EPROMs, but still boots from the original ROMs, the conclusion is that at least one of the EPROMs has lost critical data of one sort (such as assembly-language code) or another.-- Vernon, Mar 23 2009 Many flash chips have a feature that will write-protect a portion of the chip in such a way that software cannot change it; on some chips, unlocking this feature requires applying a special voltage (e.g. +9V) to a particular pin; on others the locking is permanent.
A variation on this concept which could be useful, however, and is not baked in any parallel flash chips I'm aware of, would be a function to write-protect the chip until the next power cycle or hardware reset. If on startup the BIOS checked whether the user was requesting an update and--if not--engaged the write-protect function before any other code could run, that would protect against rogue alterations (at the expense of making legitimate upgrades more difficult, but not unworkable).
If the flash had room for two copies of the BIOS, the system could have a small region permanently write-protected, about half the chip conditionally protected, and half relatively unprotected. To upgrade the BIOS, one would put the new BIOS into the unprotected region and power-cycle the machine. The permanently-protected region would notice the new BIOS installed, validate a digital signature, display a cryptographic "thumbprint", and ask the user whether to install it, erase it, or start the system without doing either. The user should confirm that the hash value is as expected and then approve the upgrade.-- supercat, Mar 23 2009 you people really like to make things complicated: just have one USB port that can be used to flash BIOSes from... and have the MB's come with 3 low-capacity thumbdrives, one a ROM, and two RAM-types for "last known good" and "latest".-- FlyingToaster, Mar 23 2009 I once had a Gigabyte brand motherboard with "dual BIOS feature". That would work supposing Gigabyte didn't suck (they do).-- Spacecoyote, Mar 24 2009 [+] Truely half baked. Making an unprogrammable section of the bios is much like having a section of the frying pan where teflon won't stick.-- Jscotty, Mar 25 2009 Ever heard of PROM? this is a device that does not require a special order for every model of machine (well, with the exception of the size of it, both physically and in terms of capacity) i.e. it doesn't need to be programmed DURING the manufacture of the chip itself. A special machine, usually called a P-ROM programmer, is later used by a seperate party (like a factory or a "home-brewer") which basically sends strong pulses which burn-out connectors at specific locations in the chip. This is obviously permanent and unhackable, since the burned-out connectors can't be restored, and the stronger pulses that burn out the connectors can't be produced by the computer itself.
P-ROM is cheaper to make because you don't need to set up the manufacturing process for every single model of computer that has any difference in the bios. Flash bioses already have to be programmed during computer assembly anyhow, so it seems that using a P-ROM would have little impact on the price of the machine.
A flash chip will also be present for updates, but the P-ROM can boot the computer by itself. That way, you have the best of both worlds.-- Dickcheney6, Oct 18 2010 no no no you're doing it all wrong. you need to have the memory flashed by an included actual physical mask and LED light programed into it by trained beetles walking on a semitranslucent surface dragging behind them polarizing devices to allow etching of the ROM. This would be put into place by a robotic hamster running Slackware and downloading his program from a internet update site using location and picture based cryptography.-- Voice, Oct 18 2010 Only with a P-ROM writer can you write to a P-ROM, and the computer wouldn't have one built in. Once the chip is "burned", it can't be reset.
However, the factory (or whoever it is who wants to write their program on the chip) doesn't need to make a special order or etch a new mask for it. This way, they don't have to modify their manufacturing systems just to make a new program-they'd just need the program itself and blank P-ROMS to burn them to.
The computer will still have a flash chip that can be updated/modified by software, but with some way to boot from the P-ROM copy of the BIOS, possibly by a paper-clip hole in the computer case marked something like "RESET BIOS TO FACTORY SETTINGS" which will bypass or erase the flash bios.-- Dickcheney6, Jan 11 2011 So it's somewhere between half-hard and soft-on.-- normzone, Jan 11 2011 random, halfbakery