In-Depth Look At LinuxBIOS

DrSkwid writes "With PhoenixBIOS reading your email because of such inordinate boot up times for Windows and other OSs, it was remarked in #plan9 about our 5s boot times using LinuxBIOS. My friend f2f pasted an article from Linux Journal which looks at the basic structure of LinuxBIOS, the origins of LinuxBIOS and how it evolved to its current state. It also covers the platforms supported and the lessons they have learned about trying to marry a GPL project to some of the lowest-level, most heavily guarded secrets that vendors possess."

Already tried...?

[xeon4life]

Didn't Microsoft want to do the same thing? Only Linux advocates started to become angry... -Xeon

A bootloader?

[ObviousGuy]

Initializes the CPU, initializes the bus, initializes the hardware, dumps to OS.

Isn't that a bootloader? Is it special because it is burned into the ROM?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Grub

[Trashman]

aside from grub being "just a boot loader", Wouldn't it make sense if grub was somehow moved into the bios?

It really is amazing...

[ZuperDee]

I think it is really amazing how many people here on Slashdot are just so eager to post comments that they obviously don't even bother to read the actual article.

If some of you people had read the article, for example, you'd notice some important points being made, such as, "From what we can see, the two factors in our success were competition and the creation of a market. Competition gave us a wide variety of choices as to motherboard, chipset and CPU. Once there was a reasonable market, vendors were concerned about being left out."

I don't know about any of you, but I think the creation of an open source "market" is EXACTLY what has enabled the success of open source products like Linux in the first place.

It was also what enabled the success of the Wintel architecture, if you think about it. At the time the original IBM PC was released, it was virtually a foreign idea to IBM--many people at the time were asking the question, "how on EARTH could IBM possibly release a machine based on open specifications and parts with a straight face?" Let us not forget that at the time, IBM desperately needed to get ANY kind of microcomputer on the market ASAP, for fear that Apple and others might get firmly entrenched. Once that thinking took hold, IBM practically had no choice but to hope and pray that their Big Name would keep them at the forefront. As we know, companies like Compaq came along and proved them wrong, and the rest is history.

The point is, I wonder why things like chipsets are still so closely guarded secrets. Can you people imagine what the world would be like if Intel had made the x86 CPUs with a proprietary, closely-guarded SECRET ISA, that you could only program for if you signed an NDA? If Intel had done that, Linux probably wouldn't even exist!!

I sometimes have this feeling Microsoft would do ANYTHING to go back in history and try to get all the laws of our country re-written and the market changed so this kind of all-secret world I speak of could exist.

In the end, the markets for products, be it open OR closed, occur because someone created that market. I think it is high time someone created an "open source" chipset, myself. But that's just me. If you people want all things to be open, stop talking about it and complaining about closed-source, proprietary things, and DO SOMETHING about it.

Re:Grub

[ciroknight]

Fuck grub, this is moving the whole kernel into flash-ram. This is to save the step of having to connect to the hard drive until when it's actually needed to run software, which can be done WHILE the system is booting the kernel, instead of before-hand. And as we know, in the computer world, multitasking is a good way of speeding up things.

;)

Using x86 PCI adapters in the Macintosh?

[leandrod]

What I'd like to know is if it would be possible to overwrite a, say, Apple Power Macintosh beige OldWorld G3 with LinuxBIOS or OpenBIOS and thus get to use x86 SCSI and VGA adapters.

White flash streaking by...

[Anonymous Coward]

...Jack Valenti running to Lousiana to instruct successor to get this terrorist tool banned through the next anti-terror legislation, through international treaties, and getting all the lawyers phones working on contacting state legislators on the payroll.

If this Bios gives us a fighting chance against DRM and the DRM chips in the IBM laptops, great.

5 second boot times will be the icing on the cake.

For the end consumer...

[0x0d0a]

Where can I purchase a board preloaded with and known to work with LinuxBIOS? Does it cost significantly more than one running Award or one of the other conventional BIOSes?

Re:Motherboard support

[zakezuke]

in which case without being installed by a manufacturer no-one is going to even contemplate wiping their "working" bios for an unknown 3rd party of no significant benefit to them

I'm not sure the current license fee for a bios... but this would be of some great benifit to the lowest bid type computer makers like e-machines. I could also see someone re-branding other motherboards purchaced in bulk, like we see with PC chips motherboards, and saving money using a free-bios. Not like I haven't seen pirated bios's before... this way it would be legit.

Re:Clustering

[Steffan]

• "it saves people who build clusters a heck of a lot of money on Hard Drives and CD-ROM drives, when a cluster node only really needs a mainboard, CPU, and RAM."

• "Maybe with faster, bootable USB on motherboards in future, and cheaper flash RAM, flashing the BIOS to run Linux will seem a little less necessary."

You can do this now. I have multiple machines booting over the network, none of which have any local storage whatsoever. Just use a PXE based bootloader, or a motherboard with a BIOS you can flash and you can boot the kernel over the net and NFS-mount root.

It's great for tying a media box to a raid array without having all those pesky hard drives near your TV.

OpenFirmware

[Quok]

I read this article a couple months ago when my issue of Linux Journal arrived. I had a couple questions about it then, guess this is a good time to ask them. :)

As I see it, half the point of LinuxBIOS is to provide a fast, open-sourced BIOS for x86 machines. It gets extra cool points for being Linux.

But I have to ask, why not just use OpenFirmware? Or at least, give LinuxBIOS some of the features of OpenFirmware. As far as I know, there is no such thing as OpenFirmware for the x86. It's got lots of neat benefits, like booting your machine off of another one on your network, or debugging a non-bootable machine remotely. Serial console, anyone? It has other benefits as well, that I can't remember; my brain is shot for the week.

For those of you that haven't heard of OpenFirmware, it's basically the "BIOS" on Macs.

Re:Already tried...?

[Rick the Red]

They [microsoft.com] keep claiming that DRM will be optional, so booting Windows 2010 (or whatever) on Linux BIOS sounds like a great way to ensure that DRM will never darken my door. And if it won't boot from a non-DRM BIOS, then we have proof they've been lying all along.

Personally, I'll never buy any DRM-based media (movies, music, cable TV, etc.), so I don't ever intend to have DRM-enabled hardware. So far, games are about the only reason I have to continue running Windows, and if the games of the future all require DRM then I'll just stick with the Windows I have today (I still run 98 for the games XP won't play. Hell, I still run DOS for the stuff XP won't play. It's far easier to boot into DOS to run "legacy" apps than it is to migrate my data to something else, especially since in some cases "someting else" doesn't exist.)

LinuxBIOS to boot other OSs

[jerel]

In my admittedly cursory review of the main LinuxBIOS site (here [linuxbios.org]) and of the article I was unable to find anything about using it to boot other operating systems besides Linux. Can I buy a compatible mobo, put the LinuxBIOS on it, and then run Windows? I'm still running dual-boot for now and would need this.

This is a wonderful idea... yeah right.

[rice_burners_suck]

I have an idea relating to LinuxBIOS that stems from a job I work sometimes involving industrial machines and their archaic control systems. Some of these computers require a technician to turn them on because of a complex procedure that must be carried out, including the typing in, by hand, of the first few assembly instructions to be executed, which tell the computer to read some software from some weird ROM, which then tells the computer to load the "real" operating software from something over RS-232. For this reason (among others), these machines are never turned off, except in a power outtage, which is a nightmare for machine shop owners. And it could all have been avoided by designing the computer a little differently, placing the OS itself in the ROM, and making the computer load it automatically on powerup.

I see this exactly the way I see modern operating systems boot up. The BIOS goes to some place and reads 512 bytes. Those bytes load up a "real" bootloader. That bootloader loads up some darn thing, which loads up the kernel, which loads up a bunch of device drivers and other software, and after a minute of grinding the disk, you have a system waiting for input. Why all this fuss?

My idea, then, is that instead of having an operating system kernel on your hard drive, it and its bootloader should reside in a really friggen powerful BIOS chip. By powerful I mean that there should be a LOT of flash space and the BIOS itself should be a relatively powerful microprocessor. The software is started immediately upon the powerup of the computer. The BIOS Flash then looks like the root partition; it is mounted just like the hard drives and other devices are. All device drivers are present in the kernel, anyway, and since the BIOS is designed for the computer (by the factory) or configured (by a hacker who puts together his own system), there is nothing to detect or load. Furthermore, all software that starts at startup has a complete image "frozen" in the BIOS Flash, and is copied directly into RAM during the initial stages of startup. Therefore, if you have X, and an entire desktop environment, the entire computer goes from OFF to running X and your desktop software, and whatever else you want for that matter, in almost no time at all. Your monitor would probably take longer to warm up then it would take for your desktop to be ready for input.

This sounds a lot like un-suspending a computer that is in suspend mode, and yes, in effect, it's just like that. You have your system running the way you want it to start up, then you "freeze" it a la VMWare, put it in the BIOS Flash, and when you turn on the computer, the BIOS copies the image directly into RAM, with perhaps a few routines here and there that initialize hardware upon powerup, or set a few values throughout RAM, like time-sensitive things and whatnot... No matter how fast MS makes their OS load, it'll never come close to this kind of performance.

Take it a step further, and each user could have almost an entire operating system setup, as if the computer has multiple personalities from the bootloader up. The BIOS has some routine that lets you log in, and accordingly, selects the image that will get loaded. In this respect, you could completely power down the computer, and come back a week later, turn it on, and immediately it will return to where it was.

This will probably be the case in 10 years or so. (Hey, in the 90's we went from the 386 SX to the Pentium 3. Who knows what the hell will happen by 2015 or so.)

Re:Motherboard support

[EzInKy]

Will this have any chance of being taken up by a motherboard manuafacturer by default or is this a aftermarket project ? in which case without being installed by a manufacturer no-one is going to even contemplate wiping their "working" bios for an unknown 3rd party of no significant benefit to them.

I was really surprised/disappointed to see that Gigabyte motherboards weren't being actively tested. You would think their DualBios would be perfect for a project like this because you would have a rescue image right on the board.

If it is for a lack of testers, I've got two 7V*** boxes at home and might be willing to give it a go. If it is because they are not cooperating, guess it will be Tyan boards when I replace them.

Re:Already tried...?

[phliar]

They keep claiming that DRM will be optional, ...

Yeah, "optional." The way it (the thing they used to call Palladium, I don't remember what it's called now) works is: there's write-once storage in a crypto processor on the motherboard and as the machine boots each software component (BIOS, kernel, application) writes a crypto-secure signature to it. Applications can read this string of signatures. Visiting a bank web-site (or music shop or ticketmaster or...) your machine would be required to present a valid string of signatures. This allows them to ensure you're running exactly what they want. "We only support IE6 on Windows" -- now you can't get past an IE-only website by simply setting your User-Agent header. You, the owner, are welcome to disable it -- but now you can't do any online banking or music purchase, or .... This means we're welcome to screw around with our little free software hobby, but in the real world you will have to enable DRM and run approved software.

Personally, I'll never buy any DRM-based media (movies, music, cable TV, etc.), so I don't ever intend to have DRM-enabled hardware.

What I'm afraid of is that it will become the only way content is available. Phase out un-encrypted CDs. Fix the DVD-CSS security hole. Voila! No more fair-use.

Re:A BIOS is for weens!

[pair-a-noyd]

Damn, that looks a lot like my Rolm [systemrecycler.com] (I know, it's a PBX but it is also a computer, and yes, it's my personal property)

Half-Full or Half-Empty

[AntiGenX]

While reading this article, I was struck by the paragraph:

"From what we can see, the two factors in our success were competition and the creation of a market. Competition gave us a wide variety of choices as to motherboard, chipset and CPU. Once there was a reasonable market, vendors were concerned about being left out."

Initially my reaction was, "Yeah, the market existed, and they found a cheap way to exploit it, since you're doing all the work for them." But that was my pessimistic side. After careful consideration, I prefer to take the optimistic approach on this one. I prefer to think of it as them working for us. The fact that they put all the little stuff together for me, saves me a lot of time in my garage with breadboards and soldering irons. Now we can have more control than just what processor, cards, and OS go into our systems. And the more input we have into how our computers run, the better we can improve computing, innovate, and come up with knew ways of handling problems.

I would like to see some of people involved with this group get onto standards committees since now, it seems, they have a voice. I'd like to see more open source type input into some of tomorrow's technology. Maybe someday we can stop having kludge after kludge shoved down our throats... Wouldn't the world be a better place then?

Re:Already tried...?

[silence535]

The president's Cyber Security advisor gave a speech at an industry conference and he called on ISP's to install these routers and in effect to impose Trusted Computing compliance onto all of their customers as part of the terms of service for internet access.

Yes, and this will be the time when all of us geeks will dig out good ole Fidonet Software and start rebuilding our own infrastructure.

But right now I have a valid contract with my provider, which does not require me to run some specific hardware and I would refuse to sign any such terms.

I don't think that ISPs will follow this recommendation. They have happily gained millions of new home "I can read my email and use a browser" customers who would definately refuse to buy a new computer for no obvious advantage.

-silence

Re:Non-Volatile RAM?

[vidarh]

Fast non-volatile RAM has been "well under way and within reach in the next several years" for decades... But even then you would sometimes want to reboot to reinitialize everything from scratch, for instance after a full OS upgrade.

Re:And now they are low quality?

[Anonymous Coward]

They may not be low quality but there are several reasons why tradtional BIOS's suck. For a start there is the huge amount of legacy 16bit, real-mode x86 code that just isn't used by modern operating systems but is supported because of things like Windows ME. If you're running Linux or Windows NT on your computer, you just do not need it. Then there are the traditional limitations in x86 BIOS's. You can't run an x86 machine headless and access the BIOS setup, for example. With LinuxBIOS they enable the network interfaces and allow you to perform setup via. a telnet session, exactly as you would with more expensive server kit. Last but not least there are bugs in some BIOS, and some of them can be pretty bad. LinuxBIOS offers you the ability to patch or workaround those bugs yourself, instead of having to wait for the vendor to fix them for you.

Re:Already tried...?

[Alsee]

start rebuilding our own infrastructure

Sure, you'd be perfectly free to do so. However you would be locked out of the real internet. Your new "freenet" would not have access to any of the millions of existing websites. You would not have access to anyone on the real internet. You would not be able to run any of teh new software. You would not be able to use any of the new files. You would be locked out of everything. It would be you and two friends on a little LAN with access to nothing else.

customers who would definately refuse to buy a new computer for no obvious advantage

Every few years old obsolete machines get replaced by new faster and cheaper machines with 10 times the harddrive space and 10 times the RAM.

Aunt Ditzy and uncle Clueless will not be choosing some special Trusted machine. No matter where aunt Ditzy and uncle Clueless go to buy a replacement, no matter which machine they select, they will simply be handed a machine with a Trust chip inside.

It's an insideous and devestaingly effective plan. They don't need to convince anyone to buy a Trusted machine. They simply plan to hand out Trust chips in EVERY new machine produced. Such machines are just hitting the stores today. The plan is that within a year or so 100% of new machines to be so equipped.

Give it one year for the manufacturing switchover and old inventry to clear out. Give it another three years or so for the normal obsolecence/replacement cycle. Abracadabra, presto chango, you have the vast majority of the public in possession of a Trusted machine. At that point ISP's can install the new Cisco routers and ban non-trusted machines fairly painlessly as an anti-virus measure as part of their terms of service. If you complain they will simply blame your obsolete and incompatible machine. They'll just tell you to toss your 5 year old peice of junk and buy a new machine if you want service.

It is a very easy and very possible scenario. The ONLY thing that can stop it is if there is a public backlash against Trusted Computing. We had such a backlash against the Pentium CPU-ID numbers, so hopefully there will be a backlash here too. But it's not guaranteed. They are promting Trust as a GoodThing. As an anti-virus and security anti-piracy and privacy measure. They are spending/will-spend millions on advertizing and public relations and spin. The next version of Windows will only fully work on the new Trusted machines.

You know it's evil, I know it's evil, but the public just wants to buy a computer that "just works". A Trusted computer will "just work", and any non-Trusted computer will increasingly fail to work with the new software and new files and new websites and ultimately to connect to the new routers. Non-trusted machines will start producing more and more error messages whenever they run into Trusted software or Trusted files or Trusted websites. In particular websites can and will use it to enforce that ads are displayed. If you have ads blocked then they don't want to let you see the website. If you don't have a Trusted computer they can't tell if ads are blocked and they will refuse to display the website. At more and more websites you will simply get error messages saying that there is a problem with YOUR computer. An error message saying you need to a secure NEXUS (or whatever). The public will get a Trusted machine just to get the damn websites to work. They don't care what Trust is or what it does, they just want to see the damn website and they want the damn machine to work without all the damn error messages.

The surest way to lose a battle is to underestimate the opponent and not bother to fight it. This is a huge movenment with hundreds of companies behind it and hundreds of millions invested in it. Smart people with very thorough plans. It even has support in congress.

There is a very real threat. They have a very plausible plan to pull a Microsoft style "embrace and extend" tactic to cause a gradual but total switchover given a few years.

-

Re:u-boot is superior and much farther ahead

[eltoyoboyo]

Both U-Boot and LinuxBIOS have large chunks written in C. I like C myself and am not willing to participate in a C vs. Assembly Language debate. However, You can not miss this in the article: "We realized early on that assembly code could not be the future of LinuxBIOS. OpenBIOS was a lot of assembly code, with a difficult-to-master build structure"

The real point is, even with maximum optimization in the compiled (or assembled) code, you still need to allow "magic" timeout numbers to wait for boot media to spin up. The only way to really optimize boot times is to have Flash ROM/embedded operating systems.

Re:And now they are low quality?

[IdleTime]

Well, I have a Dell P4 2.4Ghz PC and the CPU is capable of hypertreading but it is disabled by default and Dell will not make a BIOS (I guess Intel told them NO) that enables HT on that CPU. If LinuxBios would, I'd switch from the bad Dell BIOS to Linux BIOS in a heartbeat.

Re:Already tried...?

[Rich0]

I think the idea is that the string will work like this:

1. DRM chip is first thing to run on computer (before regular BIOS).
2. DRM calculates hash of BIOS, stores in secure memory.
3. BIOS runs.
4. BIOS calculates hash of bootloader, stores in secure memroy.
5. Bootloader runs.
6. Bootloader calculates hash of OS kernel, stores in secure memory.
7. And so on with the OS and its essential components.

Your DRM chip will have a private key burned into it, whose public key will be publicly known. The private key will be unobtainable without serious hardware attacks.

When you go to view a movie online, the website wants to verify that the movie is being downloaded by a DRM-compliant player into secure memory that no other app can access. So, the website tells you to ask your DRM chip to give it a signed list of hashes. The OS asks the DRM chip to take the list of hashes and sign it with the internal private key, then the OS gives it to the website. It then looks at the hashes against a database of approved BIOS/bootloader/OS combos.

If you boot linuxbios, then the DRM chip will record a hash of that bios instead. Your bios at that point could feed it all the fake hashes to store after that point, but the bios will still be identified. The website won't let you in if you have a linuxbios hash. And you can't generate a hash for a normal bios since you don't have the private key to sign it. Of course, you can't just replay a hash from booting using a normal bios since the real algorithm would have a challenge/response aspect to it.

It is quite possible using public-key crypto and secure hardware modules to make it impossible to falsify what OS you are booting from. The only way to bypass this is to either figure out your private key (hardware-level attack or factoring), or somehow get the foreign computer to use a different public key that you know the private key for (may be easy or hard depending on overall design).

Most likely the DRM chip will have both a public and private key in it. The public key will let the DRM masters send instructions to the chip (think of BIOS'es which only let you flash updates that are signed by the vendor), The private key will be used as described above. To make the system more hackerproof the vendor could even not retain a copy of the private key after it is burned - just the public key.

With a non-secure OS you can try to misrepresent yourself to a foreign website, but without the necessary private keys you won't be able to falsify the output of the DRM chip. And if every chip has a unique private key hardware attacks will only work to unlock an individual PC.

Re:And now they are low quality?

[cbreaker]

Yes, I do agree with many of your points. Being able to configure the bios via telnet or even a serial link would be very helpful in any data center or even a few servers in a closet.

The feature set of LinuxBIOS is really neat and it would be great if these features were universal.

As far as the actuall "quality" of existing BIOS's, I think they are pretty good. Sure, there's been bugs, but usually minor and almost always fixed asap. The major motherboard manufacturers make most of their money on these things and they tend to be on top of things like that, even well past the "normal" lifetime of PC hardware.

This is not to say that it's not very nice to be able to hack your own bios with LinuxBIOS in case there's a bug, but this only suits a small percentage of the admins out there that are able to do such a thing.

Like all OSS projects, I appreciate them quite a bit and I hope LinuxBIOS gains more vendor support. It would be really cool if it started replacing the standard BIOS on systems alltogether, especially with this DRM crap heading our way.

Re:And now they are low quality?

[Anonymous Coward]

You've never seen the actual code for your typical BIOS, have you? Believe me, it isn't pretty.