Firmware is software, named as such because it is permanent (firm) and functions to control each hardware element in the endpoint. Figure 1 shows firmware’s place in an endpoint’s tech stack. Commonly exemplified by BIOS in old PCs, firmware is the software that boots up first, telling the CPU how to load the operating system (OS) and other applications, as well as other functions.
Given firmware’s critical position as the software that controls every component of an endpoint, it is not surprising that hackers target firmware with great intensity. By compromising a device’s firmware, a malicious actor can gain complete control of a machine. Firmware makes this possible because it coordinates the hardware and software while also running as a precursor to the OS and applications.
The current industry focus on Zero Trust (ZT) should also encompass firmware, though many Zero Trust models and solutions do not. This is a mistake, as firmware is the root of trust for any endpoint. Since it is the first software loaded, compromised firmware can become an undetectable backdoor—an invisible gateway for implanting a rootkit to hijack the OS or network communications. From a ZT perspective, endpoint hardware should not trust firmware by default. Any serious discussions around ZT must include processes that regularly re-verify the firmware root of trust.