Product specifications
An American Megatrends BIOS
showing a "Intel CPU uCode Loading
Error" after a failed attempt to upload
microcode patches into the CPU.
Detached BIOS Chip
Research which were acquired by Phoenix Technologies in 1998; Phoenix later phased out the Award
Brand name. General Software, which was also acquired by Phoenix in 2007, sold BIOS for Intel
processor based embedded systems.
The open source community increased their effort to develop a replacement for proprietary BIOSes
and their future incarnations with an open sourced counterpart through the coreboot and
OpenBIOS/Open Firmware projects. AMD provided product specifications for some chipsets, and
Google is sponsoring the project. Motherboard manufacturer Tyan offers coreboot next to the standard
BIOS with their Opteron line of motherboards. MSI and Gigabyte Technology have followed suit with
the MSI K9ND MS-9282 and MSI K9SD MS-9185 resp. the M57SLI-S4 models.
Security
EEPROM chips are advantageous because they can be easily
updated by the user; hardware manufacturers frequently issue
BIOS updates to upgrade their products, improve compatibility
and remove bugs. However, this advantage had the risk that an
improperly executed or aborted BIOS update could render the
computer or device unusable. To avoid these situations, more
recent BIOSes use a "boot block"; a portion of the BIOS which
runs first and must be updated separately. This code verifies if
the rest of the BIOS is intact (using hash checksums or other
methods) before transferring control to it. If the boot block
detects any corruption in the main BIOS, it will typically warn
the user that a recovery process must be initiated by booting
from removable media (floppy, CD or USB memory) so the
user can try flashing the BIOS again. Some motherboards have
a backup BIOS (sometimes referred to as DualBIOS boards) to
recover from BIOS corruptions.
There are at least four known BIOS attack viruses, two of
which were for demonstration purposes. The first one found in
the wild was Mebromi, targeting Chinese users.
The first BIOS virus was CIH, whose name matches the initials
of its creator, Chen Ing Hau. CIH was also called the
"Chernobyl Virus", because its payload date was 1999-04-26,
the 13th anniversary of the Chernobyl accident. CIH appeared
in mid-1998 and became active in April 1999. It was able to
erase flash ROM BIOS content. Often, infected computers
could no longer boot, and people had to remove the flash ROM IC from the motherboard and
reprogram it. CIH targeted the then-widespread Intel i430TX motherboard chipset and took advantage
of the fact that the Windows 9x operating systems, also widespread at the time, allowed direct
hardware access to all programs.
Modern systems are not vulnerable to CIH because of a variety of chipsets being used which are
incompatible with the Intel i430TX chipset, and also other flash ROM IC types. There is also extra
protection from accidental BIOS rewrites in the form of boot blocks which are protected from
accidental overwrite or dual and quad BIOS equipped systems which may, in the event of a crash, use
