Firmware is Foundational to Security

To understand the foundational nature of firmware, it is first necessary to understand what firmware is and how its protection affects the overall security of a hardware endpoint.

Firmware Basics

Firmware is software, named as such because it is permanent (firm) and functions to control each hardware element in the endpoint. Figure 1 shows firmware’s place in an endpoint’s tech stack. Commonly exemplified by BIOS in old PCs, firmware is the software that boots up first, telling the CPU how to load the operating system (OS) and other applications, as well as other functions.

Without firmware, the endpoint would not be able to operate and would be nothing more than an expensive paperweight.

Firmware basics stack diagram

Why Firmware is a Prime Target

Given firmware’s critical position as the software that controls every component of an endpoint, it is not surprising that hackers target firmware with great intensity. By compromising a device’s firmware, a malicious actor can gain complete control of a machine. Firmware makes this possible because it coordinates the hardware and software while also running as a precursor to the OS and applications.

An attacker that hijacks device firmware can easily eavesdrop, destroy or exfiltrate data, and even render an endpoint inoperable.

How Firmware Fits into Zero Trust

The current industry focus on Zero Trust (ZT) should also encompass firmware, though many Zero Trust models and solutions do not. This is a mistake, as firmware is the root of trust for any endpoint. Since it is the first software loaded, compromised firmware can become an undetectable backdoor—an invisible gateway for implanting a rootkit to hijack the OS or network communications. From a ZT perspective, endpoint hardware should not trust firmware by default. Any serious discussions around ZT must include processes that regularly re-verify the firmware root of trust.