walker@aedc-vax.af.mil (William Walker C60223 x4570) (05/24/91)
Padgett Peterson <padgett%tccslr.dnet@mmc.com> writes: > Subject: re: MS-DOS in ROM? (PC) > The major problems would be: > 1) Hardware is always more expensive than software to produce Definitely. > 2) Would make it difficult to upgrade I'm not so sure. If the ROM upgrade is on a cartridge (similar to HP fonts), upgrading would involve swapping cartridges, which could also contain the other DOS-related files (CHKDSK, EDLIN, etc.). As it is now, upgrading DOS on a hard disk involves doing SYS and copying COMMAND.COM and the other files to the hard disk. Also, as I have found too many times, users have copied some of the DOS programs all over their drive rather than one location, and following a DOS upgrade, they call in with an "Incorrect DOS version" error. Swapping cartridges would be quicker and easier, and would eliminate "straggler programs." > 3) Would provide no protection from viruses - too many popular programs > and peripherals rely on tailoring the BIOS (e.g. hard disk controllers) > MBR (e.g. FDISK), and DOS (most TSRs) in approved methods. Unfortunately > many of these methods can also be used by malicious software. It would provide SOME protection from viri, in that the DOS files themselves, being in ROM, would be immune from infection. Also, since the remainder of the BIOS is also in ROM, it is immune as well (I'm aware of peripherals adding BIOS extensions, but not "tailoring" the existing BIOS). However, once in RAM, anything is fair game, and other program files on disk would not have the benefit of ROM protection. > 4) Undocumented necessities (such as necessary to use a CD-ROM or NETWARE). Items such as CD-ROMs have ROM BIOS extensions and/or drivers loaded by CONFIG.SYS. DOS in ROM would not affect their operation, so long as the boot process accessed the ROM extensions and used a user-modifiable CONFIG.SYS and AUTOEXEC.BAT. However, non-DOS executables stuck in CONFIG.SYS and AUTOEXEC.BAT would still be prone to infection if run from a disk. Netware, on the other hand, is a different puppy. Netware in ROM would be impractical, since it would have to be customized to each specific configuration, and there is a HUGE variety of configurations. I suppose it would be possible to produce a Netware kernel in ROM, but because so much configuration-dependent stuff would be left in software, it would probably be better to leave it all in software. > 5) "Bug" fixed would be much more expensive. Yes, indeed. But if DOS in ROM was on a handy cartridge, containing UV-erasable PROM, the old cartridges could be returned after an upgrade or bug-fix to be erased and reused by the manufacturer, thereby reducing costs. He also writes: > Subject: Software Upgradable BIOS (PC) > ... > if the hardware designers do their job. A EEPROM requires a special signal > on one lead to tell it to write. If that lead is under hardware control and > accessable only with the case open and a special plug in place that disables > everything except a "load & verify BIOS" program, risk can be minimal. Exactly. If the BIOS upgrade is tied to hardware control of some kind, then there's little problem. If it's COMPLETELY under software control, however, what's to prevent a virus author from writing a virus which can simulate a software BIOS upgrade? The whole idea that Intel has is to eliminate the need to open the case or do some complex hardware operation. A ROM cartridge still seems to be the better way to go; besides, how many times does one upgrade the BIOS during the life of a machine? > The point is not to "protest" the concept, it sounds like a good idea, but > demand adequate safeguards (dare I say "standards") for its use. OK, so I was a bit extreme. But we do need to DEMAND those safeguards or a more secure alternative. > ("flew" some digitally controlled gas-turbine engines with 8080s at > Tullahoma in the seventies - Hi Bill) Everybody sing - "It's a Small World after all." :-) These are, of course, ideas and opinions, and are subject to comment, criticism, or whatever. Bill Walker ( WALKER@AEDC-VAX.AF.MIL ) | "If you were locked in a room with OAO Corporation | Saddam Hussein, the Ayatullah, and Arnold Engineering Development Center | a lawyer, but you had only two M.S. 120 | bullets, which would you shoot?" Arnold Air Force Base, TN 37389-9998 | "I'd shoot the lawyer twice." ( somewhere near Tullahoma ) |