| Next-generation BIOS boasts network, security features |
Jun. 01, 2004
Phoenix Technology today launched a family of next-generation BIOS firmware aimed at increasing the security and manageability of PCs, notebooks, servers, embedded devices, and the networks that connect them. The company also launched a pre-boot environment, firmware development tools, and key application components providing advanced device-based authentication and encryption features.
Phoenix is demonstrating its next-generation BIOS products -- which it calls "TrustedCore" -- for the first time at the main hall and in the Linux Pavilion at the Computex 2004 trade event in Taipei, Taiwan, this week.
Phoenix began supplying TrustedCore firmware to Notebook manufacturers several months ago, but is now launching the product family in earnest and will soon offer it in separate versions for notebooks, desktops, servers, and embedded systems (outlined below).
 As indicated in the diagram at the left, TrustedCore includes the system's initialization and management firmware (including the code that interfaces with the hardware), but also provides a "pre-boot" environment in which various applications can run without requiring the presence of an operating system.
Phoenix calls this class of firmware and applications "Core System Software" (CSS), a term which it hopes will catch on for all pre-boot software.
Security a key focus
A key function of Phoenix's new TrustedCore software components is to enable "built-in device authentication," according to Phoenix, that creates a "'chain of trust' architecture that integrates with popular enterprise standards for network system management and security."
Security functions provided by TrustedCore firmware enable administrators to optionally assign unique IDs, or keys, to systems in their networks. These keys are stored in "StrongROM," a kind of secure flash memory storage system. Device keys can then be used to "transparently" authenticate the system to the network, or to applications, according to Phoenix, or to encrypt data using public key cryptography.
Phoenix says it partnered with Verisign on its Public Key Infrastruction (PKI) implementation, and plans to certify TrustedCore to FIPS140 security requirements for cryptographic modules.
Other features
TrustedCore firmware additionally provides a secure, console-managed environment supporting system recovery applications from Phoenix and certified third-party providers. Such applications can be launched from the pre-boot environment in the event of a system failure or security breach, and be used to recover the system.
TrustedCore also provides a mechanism for digitally signed installation of firmware updates, such as virus fingerprint or other security update information.
Multiple versions
The notebook, desktop, server, and embedded versions of TrustedCore are differentiated primarily by the system recovery and other applications that each supports. Phoenix describes the different versions thus:- TrustedCore Server -- Supports Intelligent Platform Management Interface (IPMI) 2.0 remote server management in Windows, Linux, and heterogeneous environments. Enhanced scalability, asset management, and reliability features support volume servers, as well as blade, cluster, and grid computing models.
- TrustedCore Embedded -- Supports cost-effective embedded platforms, chipsets, and operating environments supporting a wide range of special purpose x86 architecture OEM designs. Offers extensive system boot options, supporting local and network boot capabilities.
- TrustedCore Desktop -- Supports new technologies including PCI-Express and PCI 3.0. A modular design provides value-add opportunities for branded system builders and reseller channels.
- TrustedCore Notebook -- Supports mobile computing requirements such as optimized power management capabilities for notebook, sub-notebook, and tablet PCs. Also supports for Absolute TheftGuard asset tracking service.
Other CSS products
Along with the TrustedCore platform and pre-boot software architecture, Phoenix has also introduced . . . - TrustedCore firmware development tool -- "CoreArchitect" is a firmware development tool for Phoenix ODM and OEM partners developing TrustedCore firmware and pre-boot applications. Phoenix claims CoreArchitect is the first firmware development environment integrated with Microsoft Visual Studio .NET. A spokesperson said Phoenix expects CoreArchitect to bring increased productivity to firmware developers long limited by command-line-only tools. CoreArchitect was first launched on March 1, 2004.
- TrustConnection Crypto services -- "TrustConnection" is a Crypto Service Provider (CSP) application that installs as a Windows DLL using an installation wizard. It provides additional secure links into Microsoft Windows operating systems and application environments, according to Phoenix. TrustConnector can be used with or without TrustedCore BIOS firmware. It has been licensed by SafeNet for use in the High Assurance Client (HAC) that ships with its suite of virtual private networking (VPN) IP (intellectual property).
- Console for system recovery -- Phoenix's CSS products also includes recovery products, including one interesting one based on embedded Linux. The "Console" recovery firmware can boot a crippled machine into a pre-boot environment based on embedded Linux -- sort of like having a built-in Linux recovery CD. Console makes SMI calls into BIOS, and runs independently of it, enabling it to run on any PC, regardless of firmware version, according to Phoenix.
Windows-only, no; X86-only, yes
"The biggest vulnerability today is to Windows-based infrastructure, however our specific technology is not tied to Windows," a Phoenix spokesperson said. Phoenix plans later this summer to have security-related application software that will run on the various distributions of Linux.
Clearly, in order to fulfill its ambitious vision of network- and security-aware BIOS firmware, the company will need to drive its TrustedCore technology into a range of embedded Linux devices, including switches, routers, wireless access points, network servers, VoIP systems, thin-client devices, and more. One possible limiting factor could be the lack of support for non-x86 architectures. Phoenix pioneered the x86 BIOS in 1979, and has cleaved to the architecture ever since.
Phoenix spokespeople stated that they believe the use of x86 to be growing in embedded systems. This may be true in simple terms, but a recent LinuxDevices.com reader survey suggested that ARM and other commonly embedded architectures may be overtaking x86 as a percentage of total embedded Linux projects.
Early adopters
One early TrustedCore customer, Japanese networking giant NTT, uses the technology in its SecureAccess product, which it markets to security-conscious organizations such as governments and enterprises. Other Phoenix partners supporting TrustedCore products include notebook OEM Compal and integrated services provider Arima.
"Until now firmware has been designed as if the system is standalone. Phoenix cME TrustedCore delivers a solution that integrates devices into network computing environments," said Phoenix Sr. VP of Marketing Michael Goldgof. "Phoenix partners throughout the value chain – systems integrators, OEMs and ODMs -- can now deliver business solutions with built-in security and management capabilities that integrate with enterprise security policy and management systems."
Intel's next-generation BIOS effort
Another BIOS firmware technology billed as "next-generation," Intel's EFI is not limited to the x86 architecture. Intel today announced that it would open source EFI in an effort to drive adoption.
Related Stories:
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
Use of this site is governed by our Terms of
Service and Privacy Policy.
Except where otherwise specified, the contents of this site are copyright © 1999-2008
Ziff Davis Enterprise Holdings Inc. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is
prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.
news feed