Matthew Broersma
ZDNet UK

The software that sits between the operating system and the PC's hardware hasn't changed much in decades, but now Phoenix wants to introduce greater security, usability - and copy protection

Phoenix Technologies, one of the biggest makers of BIOS (basic input/output system) software, has released the first entry in a line of next-generation products that it promises will drive utility computing, make PCs more secure and prevent unauthorised users from misusing protected intellectual property.

The Content Management Engine (CME) TrustedCore NB for notebooks and tablet PCs, announced this week, is the first product in Phoenix's Core System Software (CSS) category, designed to extend the usefulness of the humble BIOS. TrustedCore NB is designed to allow businesses to keep their mobile computers safe from identity theft, unauthorised network access and data loss. Future versions will take aim at servers, blades, desktops and embedded systems such as consumer electronics, with plans to introduce digital rights management (DRM) and more closely integrate the BIOS with Windows.

A BIOS is the software that ties the operating system to a PC's hardware. It carries out basic tasks such as hardware and system configuration, and has been standardised and made simple enough to allow the installation of alternative operating systems, including Linux.

Phoenix's Core System Software (CSS) is a next-generation BIOS with a more sophisticated integration of operating system and hardware -- for example, making it easier for system administrators to remotely monitor the hardware configurations of their systems. It is built on a framework Phoenix calls Device-Networked Architecture, or D-NA, and is part of a trend on the part of IT powers such as Microsoft and Intel to introduce "trustworthy computing" into their products at a more basic level.

The plans have been criticised as crippling PCs' capabilities, solidifying the Microsoft operating system monopoly and even, in cases where DRM is introduced, extending copyright holders' power into areas that have traditionally remained under the control of consumers.

A cryptographic engine in TrustedCore NB can be used for authenticating digital signatures, protecting the core system software, and the BIOS allows manufacturers to create a protected area for the secure execution of built-in applications, which is protected from attacks by malicious code.

A feature called Cryptographic Service Provider is designed to prevent unauthorised users from accessing corporate data from a stolen notebook by preventing duplication of digital certificates for Windows clients and applications.

"Through our Core System Software, Phoenix is making a dramatic change that will become the basis of networked computing for the next two decades," said Phoenix chief executive, chairman and president Albert E. Sisto, in a statement. "Today, nearly all digital devices are connected to a network, whether to conduct global commerce or just to access email. This requires an advanced foundation for implementing an extensible and flexible architecture designed specifically for the age of networked computing."

Ultimately, Phoenix wants to create a world of PCs and devices capable of interacting at a sub-operating system level, a crucial development for grids, clusters, blade servers and the "on-demand computing" technology advocated by IBM, HP, Sun and others. Manufacturers will be able to protect critical applications such as system recovery and virus protection from malicious code, and services such as self-management and self-authentication can be built into devices and servers at a basic level.

More controversially, Phoenix said manufacturers will be able to prevent users from tampering with areas of the system used for copy protection. Phoenix recently said it is touting a BIOS with built-in DRM technology to major PC manufacturers.

In September the company said it had developed a prototype of its CME including DRM from Orbid. The DRM would allow content providers to identify which PCs and devices were authorised to play particular files, more effectively controlling content distribution, file-trading and moving software from one machine to another, according to Phoenix. Orbid's DRM is not part of TrustedCore NB.

Phoenix said the DRM-enabled CME was not part of Microsoft's NGSCB, but that the technology was complementary. The CME would allow PC makers to embed digital rights management directly into the hardware, though they would have the option of allowing users to turn it off. Consumer electronics makers are particularly interested in the technology, according to Phoenix.

Windows integration
At the company's Strategy 2004 conference this week, Phoenix emphasised that the D-NA architecture is designed to fit neatly into Microsoft's plans for "trustworthy computing", part of which is the controversial "Palladium" scheme (now renamed Next-Generation Secure Computing Base) for building copy-protection and security features tied directly to PC hardware. Phoenix said that D-NA will incorporate components tied into Windows and .Net applications via Microsoft's CryptoAPI.

The company is marketing the TrustedCore NB BIOS to laptop system designers and contract manufacturers, and it is expected that IBM is a likely customer. Fujitsu and Samsung have endorsed the technology. Phoenix said it would begin shipping TrustedCore for desktops by March 2004.

Phoenix claims to have provided firmware to more than one billion PCs and non-PC digital devices over the past 25 years.