INTERNATIONAL UNIVERSITY TRAVNIK

FACULITY OF INFORMATION TEHNOLOGY TRAVNIK

SOFTWARE PROGRAMMING

BASIC INPUT/ OUTPUT SYSTEM

BIOS FUNCTIONS AND MODIFICATIONS

Mentor: Student:
Prof. Aida Terzić Bekir Akeljić

Travnik, 08. nov. 2017.

 ABSTRACT

In this work we will research the basic input/ output system also called BIOS. BIOS setting
program is saved in BIOS chip. Only when starting up it can be set. BIOS mainly manages and
sets the basic input and output system. It also can exclude system faults or diagnosis system
poblems. Somebody thinks that since BIOS is a program, it is a software like Word or Excel. There
are still some opposite opinions. BIOS is still different from normal softwares. And it is similar to
hardware. Actually BIOS is the bridge of software programs and hardware devices. It is incharge of
the requirements of hardwares.

Users will always come into the contact with BIOS while using computer. The functions of BIOS
decides the performance of the main board. BIOS chip is a rectangular or square chip on the main
board. We will mention the main functions and modifications of BIOS and describe all the
operations that BIOS does in a computer. BIOS is short for „Basic Input Output System“.
Actually, it is a group of programs in the ROM chip of computer main board. It saves the most
important basic input and output programs of the computer, system settings and the self-checking
and self-triggered programs. The main function of it is to provide the basic and direct hardware
settings and controls to the device.

KEY WORDS:

BIOS, BOOT, CMOS, FLOPPY and HARD disc, Hardware control, IBM BIOS, POST, RAM,
ROM
 Contents

1. The concept and history of the BIOS ..........................................................................................1

1.1. Operations of BIOS .............................................................................................................3

1.1.1. System startup ..............................................................................................................3

1.1.2. Boot process .................................................................................................................4
1.1.3. Boot environment .........................................................................................................6

1.2. Configurations of BIOS .......................................................................................................6

1.3. BIOS security ......................................................................................................................8

1.4. What is the BIOS actually doing when I turn on my computer?.......................................... 10

References ................................................................................................................................... 12
1. The concept and history of the BIOS

For IBM PC computers, BIOS (Basic Input/ Output System and also known as the System BIOS,
PC BIOS) is non-volatile firmware used to perform hardware initialization during the booting
process (power-on startup), and to provide runtime services for operating systems and programs.
The BIOS firmware comes pre-installed on a personal computer's system board, and it is the first
software run when powered on.

The name originates from the Basic Input/Output System used in the CP/M operating system in
1975. Originally proprietary to the IBM PC, the BIOS has been reverse engineered by companies
looking to create compatible systems. The interface of that original system serves as a de
facto standard.

The BIOS in modern PCs initializes and tests the system hardware components, and loads a boot
loader or an operating system from a mass memory device. In the era of MS-DOS, the BIOS
provided a hardware abstraction layer for the keyboard, display, and other input/output (I/O)
devices that standardized an interface to application programs and the operating system. More
recent operating systems do not use the BIOS after loading, instead accessing the hardware
components directly.

Most BIOS fulfillments are specifically designed to work with a particular computer, by interfacing
with various devices that make up the complementary system chipset. Originally, BIOS firmware
was stored in a ROM chip on the PC motherboard. In modern computer systems, the BIOS contents
are stored on flash memory so it can be rewritten without removing the chip from the motherboard.

This allows easy, end-user updates to the BIOS firmware so features can be added or bugs can be
fixed fast, but it also creates a possibility for the computer to become infected with
BIOS “rootkits”. Furthermore, a BIOS upgrade that fails can „burn“ the motherboard permanently,
unless the system includes some form of backup for this case.

1
Unified Extensible Firmware Interface (UEFI) is the new modern successor to BIOS, aiming to
address its technical lacks and defects. The term BIOS (Basic Input/Output System) was invented
by Gary Kildall and first appeared in the CP/M operating system in 1975, describing the machine-
specific part of CP/M loaded during boot time that interfaces directly with the hardware. (A CP/M
machine usually has only a simple boot loader in its ROM).

Versions of MS-DOS, PC DOS or DR-DOS contain a file called variously "IO.SYS",

"IBMBIO.COM", "IBMBIO.SYS", or "DRBIOS.SYS"; this file is known as the "DOS BIOS" (also
known as "DOS I/O System") and contains the lower-level hardware-specific part of the operating
system. Together with the underlying hardware-specific, but operating system-independent
"System BIOS", which resides in ROM, it represents the analogue to the "CP/M BIOS".

With the introduction of PS/2 machines, IBM divided the System BIOS into real-mode and
protected mode portions. The real-mode portion was meant to provide backward-compatibility with
existing operating systems such as DOS, and therefore was named "CBIOS" (for Compatibility
BIOS), whereas the "ABIOS" (for Advanced BIOS) provided new interfaces specifically suited for
multitasking operating systems such as OS/2.

Photo 1.1

“BIOS setup utility while starting your computer”

1
BIOS setup utility while starting your computer, downloaded 2017-08-13 from
https://www.howtogeek.com/wp-content/uploads/2011/03/bios.jpg
2
1.1. Operations of BIOS

The IBM BIOS is designed to work through a system of software interrupts. The software interrupt
causes the microprocessor to stop what it is doing and start a new routine, by saving the workspace.
Each interrupt vector is a pointer that tells the microprocessor the location where the code
associated with the interrupt is located. The table of interrupt vectors begins at the very start of the
microprocessors memory address 00000. Programs can order these vectors to change the meaning
of the software interrupts.

1.1.1. System startup

When a modern x86 microprocessor resets, it starts in a 16-bit real-world mode. The code segment
register initializes the F000h selector, the FFFF0000h base, and limits FFFFh, so the execution
starts at 4 GB minus 16 bytes (FFFFFFF0h). The logical platform maps this address into the system
ROM, the mirroring address 000FFFF0h.

If the system is just turned on or the reset button is pressed, the self test is fully tested. If Ctrl + Alt
+ Delete is pressed, the special value of the flag is stored in the BIOS memory so-called. "CMOS"
before the processor is reset, and after resetting, the BIOS start up code detects this flag and does
not start the POST. This saves time that is normally used to detect and test the entire memory.

POST checks, identifies, and initializes system devices such as: CPU, RAM, switches and DMA
controllers and other chipset parts, video card, keyboard, hard disk, optical drive, and so on.

3
1.1.2. Boot process

“After the ROM, the scan is complete and all ROM detections with valid control systems are
called, or immediately after the POST in the BIOS version that does not scan the optional ROMs,
the BIOS invites INT 19h to initiate the restore process. Post-boot programs that are loaded can
also invite INT 19h to restart the system, but it must be careful to disable interruptions and
processes that can interfere with BIOS, otherwise the system may fail while it is restarted.

The BIOS selects devices to run a candidate using information that collects POST and
configuration information from an EEPROM, CMOS, or, on the first computers, a DIP switch.
After monitoring the start up priority sequence, the BIOS checks each device to see if it can be
started. If the sector is successfully read, BIOS will also check whether the last two bits of the
sector (which is 512 bytes long) have verified the boot sector system before accepting the startup
sector taking into account the startup of the device.

The BIOS continues to test each device sequentially until a boot device is found, and then the BIOS
transfers control to the loaded sector using the instruction to jump to the first. This location is one
of the reasons why the IBM computer requires at least 32 KB of RAM to be equipped with a disk
system. With less KB, BIOS would not be able to run the system at all.

Most computers have a bootable hard disk, but there is usually a bootable media that has a higher
boot priority, so that the user can run a moving drive that starts, simply by inserting it, without
removing the hard disk drive, or changing its contents to be unusable.

In most modern BIOSs, the priority order to run all potentially mobile devices can be freely
configured by the user using the “BIOS Configuration Utility”. In the earliest BIOS, a fixed
priority scheme has been implemented, with diskette diskettes first, fixed drives (hard disks) for
seconds, and other start up devices are usually not supported. The BIOS on earlier computers

4
would normally only start from the first hard drive, even if two drives of any type were installed.
More and more advanced boot priority sequences have evolved to this system.

Reading the "first sector" of a CD-ROM or DVD-ROM is not simply defined operation such as on
a floppy disk or on a hard drive. Therefore, the launch of optical media uses the standard “El
Torito”, which determines how the optical drive contains a high-density floppy disk image (1.44
MB) and that the disk provides access to this image in a simple way that emulates the disk drive
operations. A virtual diskette can contain software that allows access to the optical media in its
original format.

The behavior of the BIOS if it does not find a bootable device varied in how personal computers
are developing. One model of the original IBM PC was available without a drive; the cassette
player could be connected via the cassette port on the back, for loading and saving the BASIC
program on the tape. Since several programs have used BASIC in ROM, PC-based computers have
left it; then the computer that did not start from the disc displayed "No ROM BASIC" and stopped
(in response to INT 18h).

Later, computers would display a message such as "No bootable disk found"; some would be
encouraged to insert a disc and press the key, and when the push button is pressed, the startup
process will be restarted. A modern BIOS can not display anything or can automatically enter the
BIOS Configuration Utility when the startup process fails. Unlike earlier BIOSs, modern versions
are often written on the assumption that if the computer can not be booted from the hard drive, the
user will not have the software they want to run from the removable media.”2

2
Boot process, rewritten 2017-08-13 from https://en.wikipedia.org/wiki/BIOS#cite_note-Yam-33

5
1.1.3. Boot environment

The environment for the boot program is very simple: the CPU is in real mode and the general-
purpose and segment registers are undefined, except CS, SS, SP, and DL. CS is always zero and IP
is initially 0x7C00. Because boot programs are always loaded at this fixed address, there is no need
or motivation for a boot program to be relocatable. DL contains the drive number, as used with INT
13h, of the boot device, unless the BIOS is one that does not set the drive number in DL – and then
DL is undefined. SS:SP points to a valid stack that is presumably large enough to support hardware
interrupts, but otherwise SS and SP are undefined.

(A stack must be already set up in order for interrupts to be serviced, and interrupts must be
enabled in order for the system timer-tick interrupt, which BIOS always uses at least to maintain
the time-of-day count and which it initializes during POST, to be active and for the keyboard to
work. The keyboard works even if the BIOS keyboard service is not called; keystrokes are received
and placed in the 15-character type-ahead buffer maintained by BIOS.)

The boot program must set up its own stack (or at least MS-DOS 6 acts like it must), because the
size of the stack set up by BIOS is unknown and its location is likewise variable; although the boot
program can investigate the default stack by examining SS:SP, it is easier and shorter to just
unconditionally set up a new stack.

1.2. Configurations of BIOS

Historically, the BIOS in IBM PC and XT did not have an interface. BIOS versions have not
configured the software. Instead, users set up options via the DIP switch on the system board.
Later, computers had unauthorized BIOS memory (CMOS RAM chip) that had BIOS settings.

These settings, such as the type of video adapter, memory size and hard disk parameters, can be
configured only by running a configuration program from a disc that is not built into the ROM.

6
Early versions of BIOS did not have passwords or options for choosing a boot device. Access
control in the early AT-classes was carried out using a physical key switch. Anyone who could turn
on the computer could run it.

“The modern BIOS setup utility has access to the UI menu by pressing a specific key on the
keyboard when the computer starts up. Usually the key is briefly advertised during an early start,
for example, "Press F1 to enter the CMOS". The right key depends on the specific hardware. The
functions present in the BIOS Setup Utility typically include:

 Configuring hardware components, including setting different operating modes and

frequencies
 Setting the system clock
 Enable or disable system components
 Selecting which devices are potential startup devices, and in which order to run them from
startup
 Setting up various passwords, such as the password to provide access to the BIOS user
interface, and preventing malicious users from running the system from unauthorized
portable storage devices, a bootable password, or a hard disk password that limits access to
it, and remains allocated even if the hard drive moves to another computer” 3

3
BIOS setup utility, rewritten 2017-11-13 from https://en.wikipedia.org/wiki/BIOS#cite_note-Yam-33

7
1.3. BIOS security

EEPROM chips are advantageous because they can be easily updated by the user; it is customary
for hardware manufacturers to issue BIOS updates to upgrade their products, improve compatibility
and remove bugs. However, this advantage had the risk that an improperly executed or aborted
BIOS update could render the computer or device unusable. To avoid these situations, more recent
BIOSes use a "boot block"; a portion of the BIOS which runs first and must be updated separately.
This code verifies if the rest of the BIOS is intact (using hash checksums or other methods) before
transferring control to it. If the boot block detects any corruption in the main BIOS, it will typically
warn the user that a recovery process must be initiated by booting from removable media (floppy,
CD or USB flash drive) so the user can try flashing the BIOS again. Some motherboards have a
backup BIOS (sometimes referred to as DualBIOS boards) to recover from BIOS corruptions.

There are at least four known BIOS attack viruses, two of which were for demonstration purposes.
The first one found in the wild was Mebromi, targeting Chinese users.

The first BIOS virus was CIH, whose name matches the initials of its creator, Chen Ing Hau. CIH
was also called the "Chernobyl Virus", because its payload date was 1999-04-26, the 13th
anniversary of the Chernobyl accident. CIH appeared in mid-1998 and became active in April
1999. It was able to erase flash ROM BIOS content. Often, infected computers could no longer
boot, and people had to remove the flash ROM IC from the motherboard and reprogram it. CIH
targeted the then-widespread Intel i430TX motherboard chipset and took advantage of the fact that
the Windows 9x operating systems, also widespread at the time, allowed direct hardware access to
all programs.

Modern systems are not vulnerable to CIH because of a variety of chipsets being used which are
incompatible with the Intel i430TX chipset, and also other flash ROM IC types. There is also extra
protection from accidental BIOS rewrites in the form of boot blocks which are protected from
accidental overwrite or dual and quad BIOS equipped systems which may, in the event of a crash,
use a backup BIOS. Also, all modern operating systems such as FreeBSD, Linux, macOS,

8
Windows NT-based Windows OS like Windows 2000, Windows XP and newer, do not allow user-
mode programs to have direct hardware access.

As a result, as of 2008, CIH has become essentially harmless, at worst causing annoyance by
infecting executable files and triggering antivirus software. Other BIOS viruses remain possible,
however;4 since most Windows home users without Windows Vista/7's UAC run all applications
with administrative privileges, a modern CIH-like virus could in principle still gain access to
hardware without first using an exploit.

The operating system OpenBSD prevents all users from having this access and the grsecurity patch
for the linux kernel also prevents this direct hardware access by default, the difference being an
attacker requiring a much more difficult kernel level exploit or reboot of the machine.

The second BIOS virus was a technique presented by John Heasman, principal security consultant
for UK-based Next-Generation Security Software. In 2006, at the Black Hat Security Conference,
he showed how to elevate privileges and read physical memory, using malicious procedures that
replaced normal ACPI functions stored in flash memory.

The third BIOS virus was a technique called "Persistent BIOS infection." It appeared in 2009 at the
CanSecWest Security Conference in Vancouver, and at the SyScan Security Conference in
Singapore. Researchers Anibal Sacco5 and Alfredo Ortega, from Core Security Technologies,
demonstrated how to insert malicious code into the decompression routines in the BIOS, allowing
for nearly full control of the PC at start-up, even before the operating system is booted. The proof-
of-concept does not exploit a flaw in the BIOS implementation, but only involves the normal BIOS
flashing procedures. Thus, it requires physical access to the machine, or for the user to be root.
Despite these requirements, Ortega underlined the profound implications of his and Sacco's

4
New BIOS Virus Withstands HDD Wipes, March 27, 2009. Marcus Yam. Tom's Hardware US
5
Sacco, Anibal; Alfredo Ortéga. "Persistent BIOS Infection". Exploiting Stuff. Retrieved 2010-02-06.
9
discovery: "We can patch a driver to drop a fully working rootkit. We even have a little code that
can remove or disable antivirus."6

In a December 2013 interview with 60 Minutes, Deborah Plunkett, Information Assurance Director
for the US National Security Agency claimed that NSA analysts had uncovered and thwarted a
possible BIOS attack by a foreign nation state. The attack on the world's computers could have
allegedly "literally taken down the US economy." The segment further cites anonymous cyber
security experts briefed on the operation as alleging the plot was conceived in China.7 A later
article in The Guardian cast doubt on the likelihood of such a threat, quoting Berkeley computer-
science researcher Nicholas Weaver, Matt Blaze, a computer and information sciences professor at
the University of Pennsylvania, and cybersecurity expert Robert David Graham in an analysis of
the NSA's claims. 8

1.4. What is the BIOS actually doing when I turn on my computer?

When you turn on your computer, several events occur automatically: The CPU "wakes up" (has
power) and reads the x86 code in the BIOS chip. The code in the BIOS chip runs a series of tests,
called the POST for Power On Self Test, to make sure the system devices are working correctly. In
general, the BIOS:

 Initializes system hardware and chipset registers

 Initializes power management
 Tests RAM (Random Access Memory)
 Enables the keyboard
 Tests serial and parallel ports
 Initializes floppy disk drives and hard disk drive controllers
 Displays system summary information

6
Fisher, Dennis. "Researchers unveil persistent BIOS attack methods". Threat Post. Archived from the
original on 30 January 2010. Retrieved 2010-02-06.
7
"How did 60 Minutes get cameras into a spy agency?". CBS News. Retrieved 2014-04-15.
8
Spencer Ackerman in Washington (2013-12-16). "NSA goes on 60 Minutes: the definitive facts behind
CBS's flawed report | World news". theguardian.com. Retrieved 2014-01-27.
10
During POST, the BIOS compares the system configuration data obtained from POST with the
system information stored on a CMOS - Complementary Metal-Oxide Semiconductor - memory
chip located on the motherboard. (This CMOS chip, which is updated whenever new system
components are added, contains the latest information about system components.)

After the POST tasks are completed, the BIOS looks for the boot program responsible for loading
the operating system. Usually, the BIOS looks on the floppy disk drive A: followed by drive C:

After being loaded into memory, the boot program then loads the system configuration information
(contained in the registry in a Windows® environment) and device drivers. Finally, the operating
system is loaded, and, if this is a Windows® environment, the programs in the Start Up folder are
executed.

11
References

1. Fisher, Dennis. "Researchers unveil persistent BIOS attack methods". Threat Post.
Archived from the original on 30 January 2010. Retrieved 2010-02-06.

2. "How did 60 Minutes get cameras into a spy agency?". CBS News. Retrieved 2014-04-15.

3. New BIOS Virus Withstands HDD Wipes, March 27, 2009. Marcus Yam. Tom's Hardware
US

4. Sacco, Anibal; Alfredo Ortéga. "Persistent BIOS Infection". Exploiting Stuff. Retrieved
2010-02-06.

5. Spencer Ackerman in Washington (2013-12-16). "NSA goes on 60 Minutes: the definitive

facts behind CBS's flawed report | World news". theguardian.com. Retrieved 2014-01-27.
6. BIOS setup utility, rewritten 2017-11-13 from
https://en.wikipedia.org/wiki/BIOS#cite_note-Yam-33
7. BIOS setup utility while starting your computer, downloaded 2017-08-13 from
https://www.howtogeek.com/wp-content/uploads/2011/03/bios.jpg
8. Boot process, rewritten 2017-08-13 from https://en.wikipedia.org/wiki/BIOS#cite_note-
Yam-33

12