Open Source Firmware: Two Ends of the Spectrum

ID 659941
Updated 10/1/2018
Version Latest
Public

author-image

By

Open source firmware is a growing community in software development. While many participants are driven by principles of software freedom and ownership, there are also benefits for corporate infrastructure.


This was evident when I attended the first annual Open Source Firmware Conference (OSFC) last month in Germany. OSFC grew out of existing coreboot community gatherings and now covers multiple firmware projects. Participants can learn about existing projects, like TianoCore and u-boot, more recent developments like LinuxBoot and Slim Bootloader, or small single-developer projects like yabits. It’s a broad community looking at firmware from different angles.

Intel Demos @ OSFC 2018Like most open source projects, motivations tend to fall into two main categories: ownership and transparency. Those goals are typically associated with individual developers, but they’re important to corporations as well. That’s why you see companies, like Facebook and Google, promoting open source firmware development. They’re not necessarily interested in firmware, but they are interested in maintaining the firmware that runs their infrastructure. This is also evident in organizations, like the Open Compute Project (OCP), which promote a workflow with better visibility into the full software stack.

Vincent Zimmer (Intel) – keynote speaker
Vincent Zimmer (Intel) – keynote speaker

After a few decades of working with firmware, I’ve been aware of the fact my work has two consumers with competing needs:

The customer we all know and love is the one who shells out money for the computer. This could be an engineer, consultant, teacher, IT manager, or student. It could also be my mom, still milking that whole ‘we sent you to college’ thing for two decades of computer advice. However, they’re not actually the customer I deal with at Intel. My customer is the company making the computer that’s being purchased by that customer, and their needs are pretty different from those of my mother.

Turns out most computer manufacturers don’t want 3rd parties to just come along and change the BIOS. Aside from mundane things like voiding the warranty, companies don’t want attackers shoving malware into the firmware that gets control at the reset vector. It would be bad if something like that was embedded in my mom’s laptop, but it’s worse if it gets into my bank’s ATM.

The Tricky World of Securing Firmware” – Feb 2015

Maggie Jauregui (Intel) – presenter, UDK2018 Security Feature Roundup
Maggie Jauregui (Intel) – presenter, UDK2018 Security Feature Roundup

The popularity of open source firmware development shows a growing third customer category – a developer that wants the option to own the firmware stack. Maybe they’re customizing existing hardware for a new software payload, much in the way someone tailors an off-the-rack suit that doesn’t quite fit. Perhaps they’re responsible for out-of-warranty systems that can only get critical firmware patches if they do it themselves. System developers may want to build specialized firmware locked to a narrow range of highly secured systems or platforms where users have the option to take ownership of the firmware.

The adoption of open source has had a significant impact on software development over the past few decades. As those principles influence overall platform design, Intel continues to expand the use of open source in platform firmware development.

“Designing Firmware for an Open World” – Michael Greene, VP & General Manager, Intel System Technologies and Optimization Division

Erik Bjorge (Intel) – presenter, Writing CHIPSEC Modules & Tools
Erik Bjorge (Intel) – presenter, Writing CHIPSEC Modules & Tools

I recommend checking out the presentations from OSFC for a better understanding of the community. Links to Intel’s sessions are provided below:

Open source has provided decades of software innovation for Intel customers. Firmware is an emerging trend for open development, and one that we expect to drive innovation in the decades to come.