{ "id": "c48fb40f-9690-42e7-a3d7-ea6a48c1023f", "created_at": "2026-04-06T03:37:19.606313Z", "updated_at": "2026-04-10T03:36:13.913312Z", "deleted_at": null, "sha1_hash": "5b825631fb03610ae00360fbcc40d3a9452d281c", "title": "BIOS", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 642915, "plain_text": "BIOS\r\nBy Contributors to Wikimedia projects\r\nPublished: 2001-10-27 · Archived: 2026-04-06 03:20:40 UTC\r\nThis article is about the BIOS as found in IBM PC/AT and compatibles. For the modern replacement that is often\r\nstill called BIOS, see UEFI. For the general concept, see Firmware. For other uses, see Bios (disambiguation).\r\nA pair of AMD BIOS chips for a Dell 310 computer from the 1980s. The bottom one shows the distinct\r\nwindow of an EPROM chip.\r\nYear started 1981[a]\r\nOrganization\r\nOriginally IBM as proprietary software, later industry wide as a de facto standard. In 1996,\r\nthe BIOS Boot Specification was written by Compaq, Phoenix Technologies and Intel.\r\nSuccessor UEFI\r\nIn computing, BIOS (, BY-oss, -ohss; Basic Input/Output System, also known as the System BIOS, ROM\r\nBIOS, BIOS ROM or PC BIOS) is a type of firmware used to provide runtime services for operating systems\r\nand programs and to perform hardware initialization during the booting process (power-on startup).[1] On a\r\ncomputer using BIOS firmware, the firmware comes pre-installed on the computer's motherboard.\r\nThe name originates from the Basic Input/Output System used in the CP/M operating system in 1975.[2][3] The\r\nBIOS firmware was originally proprietary to the IBM PC; it was reverse engineered by some companies, such as\r\nCompaq, Phoenix Technologies, AMI and others, looking to create compatible systems. The interface of that\r\noriginal system serves as a de facto standard.\r\nThe BIOS in older PCs initializes and tests the system hardware components (power-on self-test or POST for\r\nshort), and loads a boot loader from a mass storage device which then initializes a kernel. In the era of DOS, the\r\nBIOS provided BIOS interrupt calls for the keyboard, display, storage, and other input/output (I/O) devices that\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 1 of 22\n\nstandardized an interface to application programs and the operating system. More recent operating systems do not\r\nuse the BIOS interrupt calls after startup.[4]\r\nMost BIOS implementations are specifically designed to work with a particular computer or motherboard model,\r\nby interfacing with various devices especially system chipset. Originally, BIOS firmware was stored in a ROM\r\nchip on the PC motherboard. In later computer systems, the BIOS contents are stored on flash memory so it can be\r\nrewritten without removing the chip from the motherboard. This allows easy, end-user updates to the BIOS\r\nfirmware so new features can be added or bugs can be fixed, but it also creates a possibility for the computer to\r\nbecome infected with BIOS rootkits. Furthermore, a BIOS upgrade that fails could brick the motherboard.\r\nUnified Extensible Firmware Interface (UEFI) is a successor to the PC BIOS, aiming to address its technical\r\nlimitations.[5] UEFI firmware may include legacy BIOS compatibility to maintain compatibility with operating\r\nsystems and option cards that do not support UEFI native operation.[6][7][8] Since 2020, all PCs for Intel platforms\r\nno longer support legacy BIOS.[9] The last version of Microsoft Windows to officially support running on PCs\r\nwhich use legacy BIOS firmware is Windows 10 as Windows 11 requires a UEFI-compliant system (except for\r\nIoT Enterprise editions of Windows 11 since version 24H2[10]).\r\n/* C P / M B A S I C I / O S Y S T E M (B I O S)\r\n COPYRIGHT (C) GARY A. KILDALL\r\n JUNE, 1975 */\r\n[…]\r\n/* B A S I C D I S K O P E R A T I N G S Y S T E M (B D O S)\r\n COPYRIGHT (C) GARY A. KILDALL\r\n JUNE, 1975 */\r\nThe term BIOS (Basic Input/Output System) was created by Gary Kildall[11][12] and first appeared in the CP/M\r\noperating system in 1975,[2][3][12][13][14][15] describing the machine-specific part of CP/M loaded during boot\r\ntime that interfaces directly with the hardware.\r\n[3]\r\n (A CP/M machine usually has only a simple boot loader in its\r\nROM.)\r\nVersions of MS-DOS, PC DOS or DR-DOS contain a file called variously \"IO.SYS\", \"IBMBIO.COM\",\r\n\"IBMBIO.SYS\", or \"DRBIOS.SYS\"; this file is known as the \"DOS BIOS\" (also known as the \"DOS I/O\r\nSystem\") and contains the lower-level hardware-specific part of the operating system. Together with the\r\nunderlying hardware-specific but operating system-independent \"System BIOS\", which resides in ROM, it\r\nrepresents the analogue to the \"CP/M BIOS\".\r\nThe BIOS originally proprietary to the IBM PC has been reverse engineered by some companies, such as\r\nCompaq, Phoenix Technologies, AMI and others, looking to create compatible systems.\r\nWith the introduction of PS/2 machines, IBM divided the System BIOS into real- and protected-mode portions.\r\nThe real-mode portion was meant to provide backward compatibility with existing operating systems such as\r\nDOS, and therefore was named \"CBIOS\" (for \"Compatibility BIOS\"), whereas the \"ABIOS\" (for \"Advanced\r\nBIOS\") provided new interfaces specifically suited for multitasking operating systems such as OS/2.\r\n[16]\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 2 of 22\n\nThe BIOS of the original IBM PC and XT had no interactive user interface. Error codes or messages were\r\ndisplayed on the screen, or coded series of sounds were generated to signal errors when the power-on self-test\r\n(POST) had not proceeded to the point of successfully initializing a video display adapter. Options on the IBM PC\r\nand XT were set by switches and jumpers on the main board and on expansion cards. Starting around the mid-1990s, it became typical for the BIOS ROM to include a \"BIOS configuration utility\" (BCU[17]\r\n) or \"BIOS setup\r\nutility\", accessed at system power-up by a particular key sequence. This program allowed the user to set system\r\nconfiguration options, of the type formerly set using DIP switches, through an interactive menu system controlled\r\nthrough the keyboard. In the interim period, IBM-compatible PCs‍—including the IBM AT—held configuration\r\nsettings in battery-backed RAM and used a bootable configuration program on floppy disk, not in the ROM, to set\r\nthe configuration options contained in this memory. The floppy disk was supplied with the computer, and if it was\r\nlost the system settings could not be changed. The same applied in general to computers with an EISA bus, for\r\nwhich the configuration program was called an EISA Configuration Utility (ECU).\r\nA modern Wintel-compatible computer provides a setup routine essentially unchanged in nature from the ROM-resident BIOS setup utilities of the late 1990s; the user can configure hardware options using the keyboard and\r\nvideo display. The modern Wintel machine may store the BIOS configuration settings in flash ROM, perhaps the\r\nsame flash ROM that holds the BIOS itself.\r\nExtensions (option ROMs)\r\n[edit]\r\nPeripheral cards such as hard disk drive host bus adapters and video cards have their own firmware, and BIOS\r\nextension option ROM code may be a part of the expansion card firmware; that code provides additional\r\ncapabilities in the BIOS. Code in option ROMs runs before the BIOS boots the operating system from mass\r\nstorage. These ROMs typically test and initialize hardware, add new BIOS services, or replace existing BIOS\r\nservices with their own services. For example, a SCSI controller usually has a BIOS extension ROM that adds\r\nsupport for hard drives connected through that controller. An extension ROM could in principle contain operating\r\nsystem, or it could implement an entirely different boot process such as network booting. Operation of an IBM-compatible computer system can be completely changed by removing or inserting an adapter card (or a ROM\r\nchip) that contains a BIOS extension ROM.\r\nThe motherboard BIOS typically contains code for initializing and bootstrapping integrated display and integrated\r\nstorage. The initialization process can involve the execution of code related to the device being initialized, for\r\nlocating the device, verifying the type of device, then establishing base registers, setting pointers, establishing\r\ninterrupt vector tables,[18] selecting paging modes which are ways for organizing available registers in devices,\r\nsetting default values for accessing software routines related to interrupts,\r\n[19]\r\n and setting the device's\r\nconfiguration using default values.[20] In addition, plug-in adapter cards such as SCSI, RAID, network interface\r\ncards, and video cards often include their own BIOS (e.g., Video BIOS), complementing or replacing the system\r\nBIOS code for the given component. Even devices built into the motherboard can behave in this way; their option\r\nROMs can be a part of the motherboard BIOS.\r\nAn add-in card requires an option ROM if the card is not supported by the motherboard BIOS and the card needs\r\nto be initialized or made accessible through BIOS services before the operating system can be loaded (usually this\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 3 of 22\n\nmeans it is required in the boot process). An additional advantage of ROM on some early PC systems (notably\r\nincluding the IBM PCjr) was that ROM was faster than main system RAM. (On modern systems, the case is very\r\nmuch the reverse of this, and BIOS ROM code is usually copied (\"shadowed\") into RAM so it will run faster.)\r\nBIOS chips in a Dell 310 that were updated by replacing the chips\r\nOption ROMs normally reside on adapter cards. However, the original PC, and perhaps also the PC XT, have a\r\nspare ROM socket on the motherboard (the \"system board\" in IBM's terms) into which an option ROM can be\r\ninserted, and the four ROMs that contain the BASIC interpreter can also be removed and replaced with custom\r\nROMs which can be option ROMs. The IBM PCjr is unique among PCs in having two ROM cartridge slots on the\r\nfront. Cartridges in these slots map into the same region of the upper memory area used for option ROMs, and the\r\ncartridges can contain option ROM modules that the BIOS would recognize. The cartridges can also contain other\r\ntypes of ROM modules, such as BASIC programs, that are handled differently. One PCjr cartridge can contain\r\nseveral ROM modules of different types, possibly stored together in one ROM chip.\r\nThe 8086 and 8088 start at physical address FFFF0h.[21] The 80286 starts at physical address FFFFF0h.[22] The\r\n80386 and later x86 processors start at physical address FFFFFFF0h.[23][24][25] When the system is initialized, the\r\nfirst instruction of the BIOS appears at that address.\r\nIf the system has just been powered up or the reset button was pressed (\"cold boot\"), the full power-on self-test\r\n(POST) is run. If Ctrl+Alt+Delete was pressed (\"warm boot\"), a special flag value stored in nonvolatile BIOS\r\nmemory (\"CMOS\") tested by the BIOS allows bypass of the lengthy POST and memory detection.\r\nThe POST identifies, tests and initializes system devices such as the CPU, chipset, RAM, motherboard, video\r\ncard, keyboard, mouse, hard disk drive, optical disc drive and other hardware, including integrated peripherals.\r\nEarly IBM PCs had a routine in the POST that would download a program into RAM through the keyboard port\r\nand run it.[26][27] This feature was intended for factory test or diagnostic purposes.\r\nAfter the motherboard BIOS completes its POST, most BIOS versions search for option ROM modules, also\r\ncalled BIOS extension ROMs, and execute them. The motherboard BIOS scans for extension ROMs in a portion\r\nof the \"upper memory area\" (the part of the x86 real-mode address space at and above address 0xA0000) and runs\r\neach ROM found, in order. To discover memory-mapped option ROMs, a BIOS implementation scans the real-mode address space from 0x0C0000 to 0x0F0000 on 2 KB (2,048 bytes) boundaries, looking for a two-byte\r\nROM signature: 0x55 followed by 0xAA. In a valid expansion ROM, this signature is followed by a single byte\r\nindicating the number of 512-byte blocks the expansion ROM occupies in real memory, and the next byte is the\r\noption ROM's entry point (also known as its \"entry offset\"). If the ROM has a valid checksum, the BIOS transfers\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 4 of 22\n\ncontrol to the entry address, which in a normal BIOS extension ROM should be the beginning of the extension's\r\ninitialization routine.\r\nAt this point, the extension ROM code takes over, typically testing and initializing the hardware it controls and\r\nregistering interrupt vectors for use by post-boot applications. It may use BIOS services (including those provided\r\nby previously initialized option ROMs) to provide a user configuration interface, to display diagnostic\r\ninformation, or to do anything else that it requires.\r\nAn option ROM should normally return to the BIOS after completing its initialization process. Once (and if) an\r\noption ROM returns, the BIOS continues searching for more option ROMs, calling each as it is found, until the\r\nentire option ROM area in the memory space has been scanned. It is possible that an option ROM will not return\r\nto BIOS, pre-empting the BIOS's boot sequence altogether.\r\nBoot process\r\nAfter the POST completes and, in a BIOS that supports option ROMs, after the option ROM scan is completed\r\nand all detected ROM modules with valid checksums have been called, the BIOS calls interrupt 19h to start boot\r\nprocessing. Post-boot, programs loaded can also call interrupt 19h to reboot the system, but they must be careful\r\nto disable interrupts and other asynchronous hardware processes that may interfere with the BIOS rebooting\r\nprocess, or else the system may hang or crash while it is rebooting.\r\nWhen interrupt 19h is called, the BIOS attempts to locate boot loader software on a \"boot device\", such as a hard\r\ndisk, a floppy disk, CD, or DVD. It loads and executes the first boot software it finds, giving it control of the PC.\r\n[28]\r\nThe BIOS uses the boot devices set in Nonvolatile BIOS memory (CMOS), or, in the earliest PCs, DIP switches.\r\nThe BIOS checks each device in order to see if it is bootable by attempting to load the first sector (boot sector). If\r\nthe sector cannot be read, the BIOS proceeds to the next device. If the sector is read successfully, some BIOSes\r\nwill also check for the boot sector signature 0x55 0xAA in the last two bytes of the sector (which is 512 bytes\r\nlong), before accepting a boot sector and considering the device bootable.[b]\r\nWhen a bootable device is found, the BIOS transfers control to the loaded sector. The BIOS does not interpret the\r\ncontents of the boot sector other than to possibly check for the boot sector signature in the last two bytes.\r\nInterpretation of data structures like partition tables and BIOS Parameter Blocks is done by the boot program in\r\nthe boot sector itself or by other programs loaded through the boot process.\r\nA non-disk device such as a network adapter attempts booting by a procedure that is defined by its option ROM or\r\nthe equivalent integrated into the motherboard BIOS ROM. As such, option ROMs may also influence or supplant\r\nthe boot process defined by the motherboard BIOS ROM.\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 5 of 22\n\nWith the El Torito optical media boot standard, the optical drive actually emulates a 3.5\" high-density floppy disk\r\nto the BIOS for boot purposes. Reading the \"first sector\" of a CD-ROM or DVD-ROM is not a simply defined\r\noperation like it is on a floppy disk or a hard disk. Furthermore, the complexity of the medium makes it difficult to\r\nwrite a useful boot program in one sector. The bootable virtual floppy disk can contain software that provides\r\naccess to the optical medium in its native format.\r\nIf an expansion ROM wishes to change the way the system boots (such as from a network device or a SCSI\r\nadapter) in a cooperative way, it can use the BIOS Boot Specification (BBS) API to register its ability to do so.\r\nOnce the expansion ROMs have registered using the BBS APIs, the user can select among the available boot\r\noptions from within the BIOS's user interface. This is why most BBS compliant PC BIOS implementations will\r\nnot allow the user to enter the BIOS's user interface until the expansion ROMs have finished executing and\r\nregistering themselves with the BBS API.[citation needed]\r\nAlso, if an expansion ROM wishes to change the way the system boots unilaterally, it can simply hook interrupt\r\n19h or other interrupts normally called from interrupt 19h, such as interrupt 13h, the BIOS disk service, to\r\nintercept the BIOS boot process. Then it can replace the BIOS boot process with one of its own, or it can merely\r\nmodify the boot sequence by inserting its own boot actions into it, by preventing the BIOS from detecting certain\r\ndevices as bootable, or both. Before the BIOS Boot Specification was promulgated, this was the only way for\r\nexpansion ROMs to implement boot capability for devices not supported for booting by the native BIOS of the\r\nmotherboard.[citation needed]\r\nThe user can select the boot priority implemented by the BIOS. For example, most computers have a hard disk\r\nthat is bootable, but sometimes there is a removable-media drive that has higher boot priority, so the user can\r\ncause a removable disk to be booted.\r\nIn most modern BIOSes, the boot priority order can be configured by the user. In older BIOSes, limited boot\r\npriority options are selectable; in the earliest BIOSes, a fixed priority scheme was implemented, with floppy disk\r\ndrives first, fixed disks (i.e., hard disks) second, and typically no other boot devices supported, subject to\r\nmodification of these rules by installed option ROMs. The BIOS in an early PC also usually would only boot from\r\nthe first floppy disk drive or the first hard disk drive, even if there were two drives installed.\r\nOn the original IBM PC and XT, if no bootable disk was found, the BIOS would try to start ROM BASIC with the\r\ninterrupt call to interrupt 18h. Since few programs used BASIC in ROM, clone PC makers left it out; then a\r\ncomputer that failed to boot from a disk would display \"No ROM BASIC\" and halt (in response to interrupt 18h).\r\nLater computers would display a message like \"No bootable disk found\"; some would prompt for a disk to be\r\ninserted and a key to be pressed to retry the boot process. A modern BIOS may display nothing or may\r\nautomatically enter the BIOS configuration utility when the boot process fails.\r\nThe environment for the boot program is very simple: the CPU is in real mode and the general-purpose and\r\nsegment registers are undefined, except SS, SP, CS, and DL. CS:IP always points to physical address 0x07C00 .\r\nWhat values CS and IP actually have is not well defined. Some BIOSes use a CS:IP of 0x0000:0x7C00 while\r\nothers may use 0x07C0:0x0000 .\r\n[29]\r\n Because boot programs are always loaded at this fixed address, there is no\r\nneed for a boot program to be relocatable. DL may contain the drive number, as used with interrupt 13h, of the\r\nboot device. SS:SP points to a valid stack that is presumably large enough to support hardware interrupts, but\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 6 of 22\n\notherwise SS and SP are undefined. (A stack must be already set up in order for interrupts to be serviced, and\r\ninterrupts must be enabled in order for the system timer-tick interrupt, which BIOS always uses at least to\r\nmaintain the time-of-day count and which it initializes during POST, to be active and for the keyboard to work.\r\nThe keyboard works even if the BIOS keyboard service is not called; keystrokes are received and placed in the 15-\r\ncharacter type-ahead buffer maintained by BIOS.) The boot program must set up its own stack, because the size of\r\nthe stack set up by BIOS is unknown and its location is likewise variable; although the boot program can\r\ninvestigate the default stack by examining SS:SP, it is easier and shorter to just unconditionally set up a new stack.\r\nAt boot time, all BIOS services are available, and the memory below address 0x00400 contains the interrupt\r\nvector table. BIOS POST has initialized the system timers, interrupt controller(s), DMA controller(s), and other\r\nmotherboard/chipset hardware as necessary to bring all BIOS services to ready status. DRAM refresh for all\r\nsystem DRAM in conventional memory and extended memory, but not necessarily expanded memory, has been\r\nset up and is running. The interrupt vectors corresponding to the BIOS interrupts have been set to point at the\r\nappropriate entry points in the BIOS, hardware interrupt vectors for devices initialized by the BIOS have been set\r\nto point to the BIOS-provided ISRs, and some other interrupts, including ones that BIOS generates for programs\r\nto hook, have been set to a default dummy ISR that immediately returns. The BIOS maintains a reserved block of\r\nsystem RAM at addresses 0x00400–0x004FF with various parameters initialized during the POST. All memory at\r\nand above address 0x00500 can be used by the boot program; it may even overwrite itself.[30][31]\r\nOperating system services\r\n[edit]\r\nThe BIOS ROM is customized to the particular manufacturer's hardware, allowing low-level services (such as\r\nreading a keystroke or writing a sector of data to diskette) to be provided in a standardized way to programs,\r\nincluding operating systems. For example, an IBM PC might have either a monochrome or a color display adapter\r\n(using different display memory addresses and hardware), but a single, standard, BIOS system call may be\r\ninvoked to display a character at a specified position on the screen in text mode or graphics mode.\r\nThe BIOS provides a small library of basic input/output functions to operate peripherals (such as the keyboard,\r\nrudimentary text and graphics display functions and so forth). When using MS-DOS, BIOS services could be\r\naccessed by an application program (or by MS-DOS) by executing an interrupt 13h interrupt instruction to access\r\ndisk functions, or by executing one of a number of other documented BIOS interrupt calls to access video display,\r\nkeyboard, cassette, and other device functions.\r\nOperating systems and executive software that are designed to supersede this basic firmware functionality provide\r\nreplacement software interfaces to application software. Applications can also provide these services to\r\nthemselves. This began even in the 1980s under MS-DOS, when programmers observed that using the BIOS video\r\nservices for graphics display were very slow. To increase the speed of screen output, many programs bypassed the\r\nBIOS and programmed the video display hardware directly. Other graphics programmers, particularly but not\r\nexclusively in the demoscene, observed that there were technical capabilities of the PC display adapters that were\r\nnot supported by the IBM BIOS and could not be taken advantage of without circumventing it. Since the AT-compatible BIOS ran in Intel real mode, operating systems that ran in protected mode on 286 and later processors\r\nrequired hardware device drivers compatible with protected mode operation to replace BIOS services.\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 7 of 22\n\nModern operating systems, such as Windows and Linux, use the BIOS interrupt calls only during the booting\r\nprocess. Before the operating system's first graphical screen is displayed, input and output are typically handled\r\nthrough BIOS. A boot menu such as the textual menu of Windows, which allows users to choose an operating\r\nsystem to boot, to boot into the safe mode, or to use the last known good configuration, is displayed through BIOS\r\nand receives keyboard input through BIOS.[4][failed verification]\r\nMany modern PCs can still boot and run legacy operating systems such as MS-DOS or DR-DOS that rely heavily\r\non BIOS for their console and disk I/O, providing that the system has a BIOS, or a CSM-capable UEFI firmware.\r\nProcessor microcode updates\r\n[edit]\r\nIntel processors have reprogrammable microcode since the P6 microarchitecture.[32][33][34] AMD processors have\r\nreprogrammable microcode since the K7 microarchitecture. The BIOS contains patches to the processor\r\nmicrocode that fix errors in the initial processor microcode; microcode is loaded into processor's SRAM so\r\nreprogramming is not persistent, thus loading of microcode updates is performed each time the system is powered\r\nup. Without reprogrammable microcode, an expensive processor swap would be required;[35] for example, the\r\nPentium FDIV bug became an expensive fiasco for Intel as it required a product recall because the original\r\nPentium processor's defective microcode could not be reprogrammed. Operating systems can also update the\r\nmicrocode.[36][37]\r\nSome BIOSes contain a software licensing description table (SLIC), a digital signature placed inside the BIOS by\r\nthe original equipment manufacturer (OEM), for example Dell. The SLIC is inserted into the ACPI data table and\r\ncontains no active code.[38][39]\r\nComputer manufacturers that distribute OEM versions of Microsoft Windows and Microsoft application software\r\ncan use the SLIC to authenticate licensing to the OEM Windows Installation disk and system recovery disc\r\ncontaining Windows software. Systems with a SLIC can be preactivated with an OEM product key, and they\r\nverify an XML formatted OEM certificate against the SLIC in the BIOS as a means of self-activating (see System\r\nLocked Preinstallation, SLP). If a user performs a fresh install of Windows, they will need to have possession of\r\nboth the OEM key (either SLP or COA) and the digital certificate for their SLIC in order to bypass activation.[38]\r\nThis can be achieved if the user performs a restore using a pre-customised image provided by the OEM. Power\r\nusers can copy the necessary certificate files from the OEM image, decode the SLP product key, then perform SLP\r\nactivation manually.\r\nSome BIOS implementations allow overclocking, an action in which the CPU is adjusted to a higher clock rate\r\nthan its manufacturer rating for guaranteed capability. Overclocking may, however, seriously compromise system\r\nreliability in insufficiently cooled computers and generally shorten component lifespan. Overclocking, when\r\nincorrectly performed, may also cause components to overheat so quickly that they mechanically destroy\r\nthemselves.[40]\r\nSome older operating systems, for example MS-DOS, rely on the BIOS to carry out most input/output tasks within\r\nthe PC.[41]\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 8 of 22\n\nCalling real mode BIOS services directly is inefficient for protected mode (and long mode) operating systems.\r\nBIOS interrupt calls are not used by modern multitasking operating systems after they initially load.\r\nIn the 1990s, BIOS provided some protected mode interfaces for Microsoft Windows and Unix-like operating\r\nsystems, such as Advanced Power Management (APM), Plug and Play BIOS, Desktop Management Interface\r\n(DMI), VESA BIOS Extensions (VBE), e820 and MultiProcessor Specification (MPS). Starting from the year\r\n2000, most BIOSes provide ACPI, SMBIOS, VBE and e820 interfaces for modern operating systems.[42][43][44]\r\n[45][46]\r\nAfter operating systems load, the System Management Mode code is still running in SMRAM. Since 2010, BIOS\r\ntechnology is in a transitional process toward UEFI.\r\n[5]\r\nHistorically, the BIOS in the IBM PC and XT had no built-in user interface. The BIOS versions in earlier PCs\r\n(XT-class) were not software configurable; instead, users set the options via DIP switches on the motherboard.\r\nLater computers, including most IBM-compatibles with 80286 CPUs, had a battery-backed nonvolatile BIOS\r\nmemory (CMOS RAM chip) that held BIOS settings.[47] These settings, such as video-adapter type, memory size,\r\nand hard-disk parameters, could only be configured by running a configuration program from a disk, not built into\r\nthe ROM. A special \"reference diskette\" was inserted in an IBM AT to configure settings such as memory size.[48]\r\nEarly BIOS versions did not have passwords or boot-device selection options. The BIOS was hard-coded to boot\r\nfrom the first floppy drive, or, if that failed, the first hard disk. Access control in early AT-class machines was by a\r\nphysical keylock switch (which was not hard to defeat if the computer case could be opened). Anyone who could\r\nswitch on the computer could boot it.[citation needed]\r\nLater, 386-class computers started integrating the BIOS setup utility in the ROM itself, alongside the BIOS code;\r\nthese computers usually boot into the BIOS setup utility if a certain key or key combination is pressed, otherwise\r\nthe BIOS POST and boot process are executed.\r\nAward BIOS setup utility on a standard PC\r\nA modern BIOS setup utility has a text user interface (TUI) or graphical user interface (GUI) accessed by pressing\r\na certain key on the keyboard when the PC starts. Usually, the key is advertised for short time during the early\r\nstartup, for example \"Press DEL to enter Setup\".\r\nThe actual key depends on specific hardware. The settings key is most often Delete (Acer, ASRock, Asus PC,\r\nECS, Gigabyte, MSI, Zotac) and F2 (Asus motherboard, Dell, Lenovo laptop, Origin PC, Samsung, Toshiba), but\r\nit can also be F1 (Lenovo desktop) and F10 (HP).[49]\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 9 of 22\n\nFeatures present in the BIOS setup utility typically include:\r\nConfiguring, enabling and disabling the hardware components\r\nSetting the system time\r\nSetting the boot order\r\nSetting various passwords, such as a password for securing access to the BIOS user interface and\r\npreventing malicious users from booting the system from unauthorized portable storage devices, or a\r\npassword for booting the system\r\nHardware monitoring\r\n[edit]\r\nA modern BIOS setup screen often features a PC Health Status or a Hardware Monitoring tab, which directly\r\ninterfaces with a Hardware Monitor chip of the mainboard.[50] This makes it possible to monitor CPU and chassis\r\ntemperature, the voltage provided by the power supply unit, as well as monitor and control the speed of the fans\r\nconnected to the motherboard.\r\nOnce the system is booted, hardware monitoring and computer fan control is normally done directly by the\r\nHardware Monitor chip itself, which can be a separate chip, interfaced through I²C or SMBus, or come as a part of\r\na Super I/O solution, interfaced through Industry Standard Architecture (ISA) or Low Pin Count (LPC).[51] Some\r\noperating systems, like NetBSD with envsys and OpenBSD with sysctl hw.sensors, feature integrated interfacing\r\nwith hardware monitors.\r\nHowever, in some circumstances, the BIOS also provides the underlying information about hardware monitoring\r\nthrough ACPI, in which case, the operating system may be using ACPI to perform hardware monitoring.[52][53]\r\n[54][55][56]\r\nBIOS replacement kit for a Dell 310 from the late 1980s. Included are two chips, a plastic holder for\r\nthe chips, and a IC extractor.\r\nIn modern PCs the BIOS is stored in rewritable EEPROM[57] or NOR flash memory,\r\n[58]\r\n allowing the contents to\r\nbe replaced and modified. This rewriting of the contents is sometimes termed flashing. It can be done by a special\r\nprogram, usually provided by the system's manufacturer, or at POST, with a BIOS image in a hard drive or USB\r\nflash drive. A file containing such contents is sometimes termed \"a BIOS image\". A BIOS might be reflashed in\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 10 of 22\n\norder to upgrade to a newer version to fix bugs or provide improved performance or to support newer hardware.\r\nSome computers also support updating the BIOS via an update floppy disk or a special partition on the hard drive.\r\n[59]\r\nAmerican Megatrends BIOS 686. This BIOS chip is housed in a PLCC package in a socket.\r\nThe original IBM PC BIOS (and cassette BASIC) was stored on mask-programmed read-only memory (ROM)\r\nchips in sockets on the motherboard. ROMs could be replaced,[60] but not altered, by users. To allow for updates,\r\nmany compatible computers used re-programmable BIOS memory devices such as EPROM, EEPROM and later\r\nflash memory (usually NOR flash) devices. According to Robert Braver, the president of the BIOS manufacturer\r\nMicro Firmware, Flash BIOS chips became common around 1995 because the electrically erasable PROM\r\n(EEPROM) chips are cheaper and easier to program than standard ultraviolet erasable PROM (EPROM) chips.\r\nFlash chips are programmed (and re-programmed) in-circuit, while EPROM chips need to be removed from the\r\nmotherboard for re-programming.[61] BIOS versions are upgraded to take advantage of newer versions of\r\nhardware and to correct bugs in previous revisions of BIOSes.[62]\r\nBeginning with the IBM AT, PCs supported a hardware clock settable through BIOS. It had a century bit which\r\nallowed for manually changing the century when the year 2000 happened. Most BIOS revisions created in 1995\r\nand nearly all BIOS revisions in 1997 supported the year 2000 by setting the century bit automatically when the\r\nclock rolled past midnight, 31 December 1999.[63]\r\nThe first flash chips were attached to the ISA bus. Starting in 1998, the BIOS flash moved to the LPC bus,\r\nfollowing a new standard implementation known as \"firmware hub\" (FWH). In 2005, the BIOS flash memory\r\nmoved to the SPI bus.[64]\r\nThe size of the BIOS, and the capacity of the ROM, EEPROM, or other media it may be stored on, has increased\r\nover time as new features have been added to the code; BIOS versions now exist with sizes up to 32 megabytes.\r\nFor contrast, the original IBM PC BIOS was contained in an 8 KB mask ROM. Some modern motherboards are\r\nincluding even bigger NAND flash memory ICs on board which are capable of storing whole compact operating\r\nsystems, such as some Linux distributions. For example, some ASUS notebooks included Splashtop OS embedded\r\ninto their NAND flash memory ICs.[65] However, the idea of including an operating system along with BIOS in\r\nthe ROM of a PC is not new; in the 1980s, Microsoft offered a ROM option for MS-DOS, and it was included in\r\nthe ROMs of some PC clones such as the Tandy 1000 HX.\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 11 of 22\n\nAnother type of firmware chip was found on the IBM PC AT and early compatibles. In the AT, the keyboard\r\ninterface was controlled by a microcontroller with its own programmable memory. On the IBM AT, that was a 40-\r\npin socketed device, while some manufacturers used an EPROM version of this chip which resembled an\r\nEPROM. This controller was also assigned the A20 gate function to manage memory above the one-megabyte\r\nrange; occasionally an upgrade of this \"keyboard BIOS\" was necessary to take advantage of software that could\r\nuse upper memory.\r\n[citation needed]\r\nThe BIOS may contain components such as the Memory Reference Code (MRC), which is responsible for the\r\nmemory initialization (e.g. SPD and memory timings initialization).[66]: 8 [67]\r\nModern BIOS[68] includes Intel Management Engine or AMD Platform Security Processor firmware.\r\nVendors and products\r\n[edit]\r\nComparison of different BIOS implementations\r\nCompany AwardBIOS AMIBIOS Insyde SeaBIOS\r\nLicense Proprietary Proprietary Proprietary LGPL v3\r\nMaintained / developed Terminated Terminated Terminated Yes\r\n32-bit PCI BIOS calls Yes Yes Yes Yes\r\nAHCI Yes Yes Yes Yes\r\nAPM Yes Yes Yes (1.2) Yes (1.2)\r\nBBS Yes Yes Yes Yes\r\nBoot menu Yes Yes Yes Yes\r\nCompression Yes (LHA\r\n[69]\r\n) Yes (LHA) Yes (RLE) Yes (LZMA)\r\nCMOS Yes Yes Yes Yes\r\nEDD Yes Yes Yes Yes\r\nESCD Yes Yes ? No\r\nFlash from ROM ? Yes ? No\r\nLanguage Assembly Assembly Assembly C\r\nLBA Yes (48) Yes (48) Yes Yes (48)\r\nMultiProcessor Specification Yes Yes Yes Yes\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 12 of 22\n\nOption ROM Yes Yes Yes Yes\r\nPassword Yes Yes Yes No\r\nPMM ? Yes ? Yes\r\nSetup screen Yes Yes Yes No\r\nSMBIOS Yes Yes Yes Yes\r\nSplash screen Yes (EPA)\r\n[70] Yes (PCX) Yes Yes (BMP, JPG)\r\nTPM Unknown Yes Unknown Some\r\nUSB booting Yes Yes Yes Yes\r\nUSB hub ? ? ? Yes\r\nUSB keyboard Yes Yes Yes Yes\r\nUSB mouse Yes Yes Yes Yes\r\nIBM published full listings of the BIOSes for its original PC, PC XT, PC AT, and other contemporary PC models,\r\nin an appendix of the IBM PC Technical Reference Manual for each machine type. A benefit of the publication of\r\nthe BIOS listings is that users could see exactly what the BIOS does and how it does it. However, those BIOSes\r\nwere still copyright by IBM, so they could not be used by other manufacturers.\r\nIn March 1983, Compaq released its Compaq Portable, which included a clean-room engineered BIOS. This made\r\nCompaq became the first company that cloned an IBM PC successfully. However, Compaq did not offer their\r\nBIOS to other computer manufacturers.\r\nCompaq Portable 386 BIOS\r\nIn May 1984, Phoenix Software Associates released its first ROM-BIOS. This BIOS enabled OEMs to build\r\nessentially fully compatible clones without having to reverse-engineer the IBM PC BIOS themselves, as Compaq\r\nhad done for the Portable; it also helped fuel the growth in the PC-compatibles industry and sales of non-IBM\r\nversions of DOS.[71] The first American Megatrends (AMI) BIOS was released in 1986.\r\nNew standards grafted onto the BIOS are usually without complete public documentation or any BIOS listings. As\r\na result, it is not as easy to learn the intimate details about the many non-IBM additions to BIOS as about the core\r\nBIOS services.\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 13 of 22\n\nMany PC motherboard suppliers licensed the BIOS \"core\" and toolkit from a commercial third party, known as an\r\n\"independent BIOS vendor\" or IBV. The motherboard manufacturer then customized this BIOS to suit its own\r\nhardware. For this reason, updated BIOSes are normally obtained directly from the motherboard manufacturer.\r\nMajor IBVs included American Megatrends (AMI), Insyde Software, Phoenix Technologies, and Byosoft. Microid\r\nResearch and Award Software were acquired by Phoenix Technologies in 1998; Phoenix later phased out the\r\nAward brand name (although Award Software is still credited in AwardBIOS versions until 2001–2002, and\r\nAWRDACPI is still credited in Phoenix UEFI firmwares until late 2012). General Software, which was also\r\nacquired by Phoenix in 2007, sold BIOS for embedded systems based on Intel processors.\r\nSeaBIOS is an open-source BIOS implementation.\r\nOpen-source BIOS replacements\r\n[edit]\r\nThe open-source community increased their effort to develop a replacement for proprietary BIOSes and their\r\nfuture incarnations with open-sourced counterparts. Open Firmware was an early attempt to make an open\r\nspecification for boot firmware. It was initially endorsed by IEEE in its IEEE 1275-1994 standard but was\r\nwithdrawn in 2005.[72][73] Later examples include the OpenBIOS, coreboot and libreboot projects. AMD provided\r\nproduct specifications for some chipsets using coreboot, and Google is sponsoring the project. Motherboard\r\nmanufacturer Tyan offers coreboot next to the standard BIOS with their Opteron line of motherboards.\r\nGigabyte DualBIOS PLCC32\r\nA detached BIOS chip\r\nEEPROM and flash memory chips are advantageous because they can be easily updated by the user; it is\r\ncustomary for hardware manufacturers to issue BIOS updates to upgrade their products, improve compatibility\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 14 of 22\n\nand remove bugs. However, this advantage had the risk that an improperly executed or aborted BIOS update could\r\nrender the computer or device unusable. To avoid these situations, more recent BIOSes use a \"boot block\"; a\r\nportion of the BIOS which runs first and must be updated separately. This code verifies if the rest of the BIOS is\r\nintact (using hash checksums or other methods) before transferring control to it. If the boot block detects any\r\ncorruption in the main BIOS, it will typically warn the user that a recovery process must be initiated by booting\r\nfrom removable media (floppy, CD or USB flash drive) so the user can try flashing the BIOS again. Some\r\nmotherboards have a backup BIOS (sometimes referred as DualBIOS) to recover from BIOS corruptions, and they\r\nuse a special PLC to do BIOS recovery from BIOS corruptions.\r\nThere are at least five known viruses that attack the BIOS, two of which were for demonstration purposes. The\r\nfirst one found in the wild was Mebromi, targeting Chinese users.\r\nThe first BIOS virus was BIOS Meningitis, which instead of erasing BIOS chips it infected them. BIOS\r\nMeningitis was relatively harmless, compared to a virus like CIH.\r\nThe second BIOS virus was CIH, also known as the \"Chernobyl Virus\", which was able to erase flash ROM BIOS\r\ncontent on compatible chipsets. CIH appeared in mid-1998 and became active in April 1999. Often, infected\r\ncomputers could no longer boot, and people had to remove the flash ROM IC from the motherboard and\r\nreprogram it. CIH targeted the then-widespread Intel i430TX motherboard chipset and took advantage of the fact\r\nthat the Windows 9x operating systems, also widespread at the time, allowed direct hardware access to all\r\nprograms.\r\nModern systems are not vulnerable to CIH because of a variety of chipsets being used which are incompatible\r\nwith the Intel i430TX chipset, and also other flash ROM IC types. There is also extra protection from accidental\r\nBIOS rewrites in the form of boot blocks which are protected from accidental overwrite or dual BIOS equipped\r\nsystems which may, in the event of a crash, use a backup BIOS. Also, all modern operating systems such as\r\nFreeBSD, Linux, macOS, Windows NT-based Windows OS like Windows 2000, Windows XP and newer, do not\r\nallow user-mode programs to have direct hardware access using a hardware abstraction layer.\r\n[74]\r\nAs a result, as of 2008, CIH has become essentially harmless, at worst causing annoyance by infecting executable\r\nfiles and triggering antivirus software. Other BIOS viruses remain possible, however;[75] since most Windows\r\nhome users without Windows Vista/7's UAC run all applications with administrative privileges, a modern CIH-like virus could in principle still gain access to hardware without first using an exploit.[citation needed]\r\n The\r\noperating system OpenBSD prevents all users from having this access and the grsecurity patch for the Linux\r\nkernel also prevents this direct hardware access by default, the difference being an attacker requiring a much more\r\ndifficult kernel level exploit or reboot of the machine.[citation needed]\r\nThe third BIOS virus was a technique presented by John Heasman, principal security consultant for UK-based\r\nNext-Generation Security Software. In 2006, at the Black Hat Security Conference, he showed how to elevate\r\nprivileges and read physical memory, using malicious procedures that replaced normal ACPI functions stored in\r\nflash memory.\r\n[76]\r\nThe fourth BIOS virus was a technique called \"Persistent BIOS infection.\" It appeared in 2009 at the CanSecWest\r\nSecurity Conference in Vancouver, and at the SyScan Security Conference in Singapore. Researchers Anibal\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 15 of 22\n\nSacco[77]\r\n and Alfredo Ortega, from Core Security Technologies, demonstrated how to insert malicious code into\r\nthe decompression routines in the BIOS, allowing for nearly full control of the PC at start-up, even before the\r\noperating system is booted. The proof-of-concept does not exploit a flaw in the BIOS implementation, but only\r\ninvolves the normal BIOS flashing procedures. Thus, it requires physical access to the machine, or for the user to\r\nbe root. Despite these requirements, Ortega underlined the profound implications of his and Sacco's discovery:\r\n\"We can patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable\r\nantivirus.\"[78]\r\nMebromi is a trojan which targets computers with AwardBIOS, Microsoft Windows, and antivirus software from\r\ntwo Chinese companies: Rising Antivirus and Jiangmin KV Antivirus.[79][80][81] Mebromi installs a rootkit which\r\ninfects the Master boot record.\r\nIn a December 2013 interview with 60 Minutes, Deborah Plunkett, Information Assurance Director for the US\r\nNational Security Agency claimed the NSA had uncovered and thwarted a possible BIOS attack by a foreign\r\nnation state, targeting the US financial system.[82] The program cited anonymous sources alleging it was a\r\nChinese plot.[82] However follow-up articles in The Guardian,\r\n[83]\r\n The Atlantic,\r\n[84]\r\n Wired[85] and The Register[86]\r\nrefuted the NSA's claims.\r\nNewer Intel platforms have Intel Boot Guard (IBG) technology enabled, this technology will check the BIOS\r\ndigital signature at startup, and the IBG public key is fused into the PCH. End users can't disable this function.\r\nAlternatives and successors\r\n[edit]\r\nFor comparable software on other computer systems, see booting.\r\nUnified Extensible Firmware Interface (UEFI) supplements the BIOS in many new machines. Initially written for\r\nthe Intel Itanium architecture, UEFI is now available for x86 and Arm platforms; the specification development is\r\ndriven by the Unified EFI Forum, an industry special interest group. EFI booting has been supported in only\r\nMicrosoft Windows versions supporting GPT,\r\n[87]\r\n the Linux kernel 2.6.1 and later, and macOS on Intel-based\r\nMacs.\r\n[88]\r\n As of 2014, new PC hardware predominantly ships with UEFI firmware. The architecture of the rootkit\r\nsafeguard can also prevent the system from running the user's own software changes, which makes UEFI\r\ncontroversial as a legacy BIOS replacement in the open hardware community. UEFI is required for devices\r\nshipping with Windows 8[89][90] and above. Likewise, Windows 11 requires UEFI to boot,[91] with the exception\r\nof IoT Enterprise editions of Windows 11.[10]\r\nAfter the popularity of UEFI in 2010s, the older BIOS that supported BIOS interrupt calls was renamed to \"legacy\r\nBIOS\".[citation needed]\r\nOther alternatives to the functionality of the \"Legacy BIOS\" in the x86 world include coreboot and libreboot.\r\nSome servers and workstations use a platform-independent Open Firmware (IEEE-1275) based on the Forth\r\nprogramming language; it is included with Sun's SPARC computers, IBM's RS/6000 line, and other PowerPC\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 16 of 22\n\nsystems such as the CHRP motherboards, along with the x86-based OLPC XO-1.\r\nAs of at least 2015, Apple has removed legacy BIOS support from the UEFI monitor in Intel-based Macs. As\r\nsuch, the BIOS utility no longer supports the legacy option, and prints \"Legacy mode not supported on this\r\nsystem\".\r\nIn 2017, Intel announced that it would remove legacy BIOS support by 2020. Since 2019, new Intel platform\r\nOEM PCs no longer support the legacy option.[92]\r\nDouble boot\r\nExtended System Configuration Data (ESCD)\r\nInput/Output Control System\r\nACPI (Advanced Configuration and Power Interface)\r\nRalf Brown's Interrupt List (RBIL) – interrupts, calls, interfaces, data structures, memory and port\r\naddresses, and processor opcodes for the x86 architecture\r\nSystem Management BIOS (SMBIOS)\r\nUEFI (Unified Extensible Firmware Interface)\r\nDas U-Boot, often used on embedded systems\r\nUBIOS\r\n1. ^ Although the term BIOS predates 1981, the standard for IBM PC–compatible computers started with the\r\nrelease of the original IBM Personal Computer.\r\n2. ^ The signature at offset +0x1FE in boot sectors is 0x55 0xAA , that is 0x55 at offset +0x1FE and\r\n0xAA at offset +0x1FF . Since little-endian representation must be assumed in the context of IBM PC–\r\ncompatible devices, this can be written as 16-bit word 0xAA55 in programs for x86 processors (note the\r\nswapped order), whereas it would have to be written as 0x55AA in programs for other CPU architectures\r\nusing a big-endian representation. Since this has been mixed up numerous times in books and even in\r\noriginal Microsoft reference documents, this article uses the offset-based byte-wise on-disk representation\r\nto avoid any possible misinterpretation.\r\n1. ^ Kozierok, Charles M. (2001-04-17). \"Ref — System BIOS\". The PC Guide. Archived from the original on\r\n2019-02-18. Retrieved 2014-12-06.\r\n2. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Kildall, Gary Arlen (June 1975), CP/M 1.1 or 1.2 BIOS and BDOS for Lawrence\r\nLivermore Laboratories\r\n3. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Kildall, Gary Arlen (January 1980). \"The History of CP/M - The Evolution of an\r\nIndustry: One Person's Viewpoint\" (Vol. 5, No. 1, Number 41 ed.). Dr. Dobb's Journal of Computer\r\nCalisthenics \u0026 Orthodontia. pp. 6–7. Archived from the original on 2016-11-24. Retrieved 2013-06-03.\r\n4. ^ Jump up to: a\r\n \r\nb\r\n \"Booting · Linux Inside\". 0xax.gitbooks.io. Retrieved 2020-11-10.\r\n5. ^ Jump up to: a\r\n \r\nb\r\n Bradley, Tony. \"R.I.P. BIOS: A UEFI Primer\". PCWorld. Archived from the original on\r\n2014-01-27. Retrieved 2014-01-27.\r\n6. ^ \"Unified Extensible Firmware Interface\". Intel.\r\n7. ^ \"UEFI\". OSDev.org.\r\n8. ^ \"Intel® Platform Innovation Framework for EFI Compatibility Support Module Specification (revision\r\n0.97)\" (PDF). Intel. 2007-09-04. Retrieved 2013-10-06.\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 17 of 22\n\n9. ^ \"Removal of Legacy Boot Support for Intel Platforms Technical Advisory\". Retrieved 2024-07-25.\r\n10. ^ Jump up to: a\r\n \r\nb\r\n \"Minimum System Requirements for Windows IoT Enterprise\". Microsoft Learn. 2024-05-\r\n22. Retrieved 2024-06-07.\r\n11. ^ Swaine, Michael (1997-04-01). \"Gary Kildall and Collegial Entrepreneurship\". Dr. Dobb's Journal.\r\nArchived from the original on 2007-01-24. Retrieved 2006-11-20.\r\n12. ^ Jump up to: a\r\n \r\nb\r\n \"IEEE Milestone in Electrical Engineering and Computing - CP/M - Microcomputer\r\nOperating System, 1974\" (PDF). Computer History Museum. 2014-04-25. Archived (PDF) from the\r\noriginal on 2019-04-03. Retrieved 2019-04-03.\r\n13. ^ Shustek, Len (2016-08-02). \"In His Own Words: Gary Kildall\". Remarkable People. Computer History\r\nMuseum. Archived from the original on 2016-12-17.\r\n14. ^ Killian, A. Joseph \"Joe\" (2001). \"Gary Kildall's CP/M: Some early CP/M history - 1976-1977\". Thomas\r\n\"Todd\" Fischer, IMSAI. Archived from the original on 2012-12-29. Retrieved 2013-06-03.\r\n15. ^ Fraley, Bob; Spicer, Dag (2007-01-26). \"Oral History of Joseph Killian, Interviewed by: Bob Fraley,\r\nEdited by: Dag Spicer, Recorded: January 26, 2007, Mountain View, California, CHM Reference number:\r\nX3879.2007\" (PDF). Computer History Museum. Archived from the original (PDF) on 2014-07-14.\r\nRetrieved 2013-06-03.\r\n16. ^ Glass, Brett (1989). \"The IBM PC BIOS\". Byte: 303–310. Retrieved 2021-12-31.\r\n17. ^ \"HP BIOS Configuration Utility\". Hewlett-Packard. 2013. Archived from the original on 2015-01-12.\r\nRetrieved 2015-01-12.\r\n18. ^ Phoenix Technologies, Ltd. (June 1991). System BIOS for IBM PCs, Compatibles, and EISA\r\nComputers — The Complete Guide to ROM-Based System Software. Phoenix Technical Reference Series\r\n(2nd ed.). Amsterdam: Addison Wesley Publishing Company, Inc. ISBN 0-201-57760-7.\r\n19. ^ Phoenix Technologies, Ltd. (1989) [1987]. System BIOS for IBM PC/XT/AT Computers and\r\nCompatibles — The Complete Guide to ROM-Based System Software. Phoenix Technical Reference Series\r\n(1st ed.). Addison Wesley Publishing Company, Inc. ISBN 0-201-51806-6.\r\n20. ^ Sanchez, Julio; Canton, Maria P. (2003-02-26). The PC Graphics Handbook. CRC Press. ISBN 978-0-\r\n203-01053-2.\r\n21. ^ \"iAPX 86,88 User's Manual\" (PDF). Intel. 1981. System Reset, p. 2-29, table 2-4. Retrieved 2025-08-05.\r\n22. ^ \"AMD 80286 Datasheet\" (PDF). AMD. 1985. p. 13. “the 286 begins execution in real mode with the\r\ninstruction at physical location FFFFF0H.”\r\n23. ^ \"80386 Programmer's Reference Manual\" (PDF). Intel. 1990. Section 10.1 Processor State After Reset,\r\npages 10-1 - 10.3.\r\n24. ^ \"80386 Programmer's Reference Manual\" (PDF). Intel. 1990. Section 10.2.3 First Instruction, p. 10-4.\r\nRetrieved 2013-11-03. “Execution begins with the instruction addressed by the initial contents of the CS\r\nand IP registers. To allow the initialization software to be placed in a ROM at the top of the address space,\r\nthe high 12 bits of addresses issued for the code segment are set, until the first instruction which loads the\r\nCS register, such as a far jump or call. As a result, instruction fetching begins from address\r\n0FFFFFFF0H.”\r\n25. ^ \"Intel® 64 and IA-32 Architectures Software Developer's Manual\" (PDF). Intel. May 2012. Section 9.1.4\r\nFirst Instruction Executed, p. 2611. Archived from the original (PDF) on 2012-08-08. Retrieved 2012-08-\r\n23. “The first instruction that is fetched and executed following a hardware reset is located at physical\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 18 of 22\n\naddress FFFFFFF0h. This address is 16 bytes below the processor's uppermost physical address. The\r\nEPROM containing the software-initialization code must be located at this address.”\r\n26. ^ page 5-27 IBM Personal Computer Hardware Reference Library Technical Reference, 1984, publication\r\nnumber 6361459\r\n27. ^ \"IBM 5162 PC XT286 TechRef 68X2537 Technical Reference manual\" (PDF). August 1986. p. 35\r\n(System BIOS A-5). Archived (PDF) from the original on 2014-12-11. Retrieved 2014-12-11.\r\n28. ^ \"How StuffWorks: What BIOS Does\". Archived from the original on 2008-02-07.\r\n29. ^ Akeljic, Bekir (2017-01-01). \"BIOS BASIC INPUT/ OUTPUT SYSTEM BIOS FUNCTIONS AND\r\nMODIFICATIONS\". BIOS: 12. Archived from the original on 2022-08-08. Retrieved 2022-08-08 – via\r\nINTERNATIONAL UNIVERSITY TRAVNIKFACULITY OF INFORMATION TECHNOLOGY\r\nTRAVNIKSOFTWARE PROGRAMMING.\r\n30. ^ \"Memory Layout and Memory Map\". flint.cs.yale.edu. Retrieved 2022-08-08.\r\n31. ^ \"BIOS Data ACPI Table (BDAT)\" (PDF). Interface Specification. 4 (5): 67. 2020. Archived (PDF) from\r\nthe original on 2021-07-03. Retrieved 2022-08-08.\r\n32. ^ Stiller, Andreas; Paul, Matthias R. (1996-05-12). \"Prozessorgeflüster\". c't – magazin für\r\ncomputertechnik. Trends \u0026 News / aktuell - Prozessoren (in German). Vol. 1996, no. 6. Verlag Heinz Heise\r\nGmbH \u0026 Co KG. p. 20. ISSN 0724-8679. Archived from the original on 2017-08-28. Retrieved 2017-08-\r\n28.\r\n33. ^ Mueller, Scott (2001-06-08). Processor Update Feature | Microprocessor Types and Specifications.\r\nInformIT. Archived from the original on 2014-04-16. Retrieved 2014-04-15.\r\n34. ^ \"Linux* Processor Microcode Data File\". Download Center. Downloadcenter.intel.com. 2009-09-23.\r\nArchived from the original on 2014-04-16. Retrieved 2014-04-15.\r\n35. ^ Scott Mueller (2003). Upgrading and repairing PCs 15th edition. Que Publishing. pp. 109–110. ISBN 0-\r\n7897-2974-1.\r\n36. ^ \"KB4100347: Intel microcode updates\". support.microsoft.com. Retrieved 2020-09-20.\r\n37. ^ \"Microcode - Debian Wiki\". wiki.debian.org. Retrieved 2020-09-19.\r\n38. ^ Jump up to: a\r\n \r\nb\r\n \"How SLP and SLIC Works\". guytechie.com. 2010-02-25. Archived from the original on\r\n2015-02-03. Retrieved 2015-02-03.\r\n39. ^ \"Create and add an OEM ACPI SLIC table module to a congatec BIOS\" (PDF). congatec.com. 2011-06-\r\n16. Archived (PDF) from the original on 2014-08-02. Retrieved 2015-02-03.\r\n40. ^ Whitson Gordon (2014-01-13). \"A Beginner's Introduction to Overclocking Your Intel Processor\".\r\nLifehacker. Gawker Media. Archived from the original on 2014-12-07. Retrieved 2014-12-06.\r\n41. ^ \"Smart Computing Article - What Is The BIOS?\". Computing Basics. Vol. 5, no. 7. July 1994. Archived\r\nfrom the original on 2012-03-10.\r\n42. ^ \"What is ACPI (Advanced Configuration and Power Interface)? - Definition from WhatIs.com\".\r\nSearchWindowsServer. Retrieved 2020-09-18.\r\n43. ^ \"Changing hardware abstraction layer in Windows 2000 / XP – Smallvoid.com\". 2001-01-15. Retrieved\r\n2020-09-18.\r\n44. ^ \"What is ACPI?\". www.spo-comm.de. Archived from the original on 2021-03-05. Retrieved 2020-09-18.\r\n45. ^ lorihollasch. \"Support for headless systems - Windows drivers\". docs.microsoft.com. Retrieved 2020-12-\r\n05.\r\n46. ^ \"Memory Map (x86) - OSDev Wiki\". wiki.osdev.org. Retrieved 2020-12-11.\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 19 of 22\n\n47. ^ Torres, Gabriel (2004-11-24). \"Introduction and Lithium Battery\". Replacing the Motherboard Battery.\r\nhardwaresecrets.com. Archived from the original on 2013-12-24. Retrieved 2013-06-20.\r\n48. ^ Beales, R. P. (2006-08-11). PC Systems, Installation and Maintenance. Routledge. ISBN 978-1-136-\r\n37441-8.\r\n49. ^ \"How to Enter the BIOS on Any PC: Access Keys by Manufacturer\". Tom's Hardware. 2022-02-04.\r\n50. ^ Constantine A. Murenin (2010-05-21). \"11.1. Interfacing from the BIOS\". OpenBSD Hardware Sensors –\r\nEnvironmental Monitoring and Fan Control (MMath thesis). University of Waterloo: UWSpace.\r\nhdl:10012/5234. Document ID: ab71498b6b1a60ff817b29d56997a418.\r\n51. ^ Constantine A. Murenin (2007-04-17). \"2. Hardware review\". Generalised Interfacing with\r\nMicroprocessor System Hardware Monitors. Proceedings of 2007 IEEE International Conference on\r\nNetworking, Sensing and Control, 15–17 April 2007. London, United Kingdom: IEEE. pp. 901–906.\r\ndoi:10.1109/ICNSC.2007.372901. ISBN 978-1-4244-1076-7. IEEE ICNSC 2007, pp. 901—906.\r\n52. ^ aibs(4)  – OpenBSD Kernel Interfaces Manual\r\n53. ^ aibs(4)  – DragonFly BSD Devices and Device Drivers Manual\r\n54. ^ aibs(4)  – NetBSD Kernel Interfaces Manual\r\n55. ^ aibs(4)  – FreeBSD Kernel Interfaces Manual\r\n56. ^ acpi_thermal(4)  – FreeBSD Kernel Interfaces Manual\r\n57. ^ Clarke, Glen E.; Tetz, Edward (2007-01-30). CompTIA A+ Certification All-In-One Desk Reference for\r\nDummies. John Wiley \u0026 Sons. ISBN 978-0-471-74811-3.\r\n58. ^ Micheloni, Rino; Crippa, Luca; Marelli, Alessia (2010-07-27). Inside NAND Flash Memories. Springer.\r\nISBN 978-90-481-9431-5.\r\n59. ^ Mueller, Scott (2004). Upgrading and Repairing PCS. Que. ISBN 978-0-7897-2974-3.\r\n60. ^ Clarke, Glen E.; Tetz, Edward (2007-01-30). CompTIA A+ Certification All-In-One Desk Reference for\r\nDummies. John Wiley \u0026 Sons. ISBN 978-0-471-74811-3.\r\n61. ^ \"Decoding RAM \u0026 ROM\". Smart Computing. Vol. 8, no. 6. June 1997. Archived from the original on\r\n2012-04-06.\r\n62. ^ \"Upgrading Your Flash BIOS For Plug And Play\". Smart Computing. March 1996. Archived from the\r\noriginal on 2012-04-06.\r\n63. ^ \"Time To Check BIOS\". Smart Computing. April 1999. Archived from the original on 2011-07-16.\r\n64. ^ \"BIOS Flash Location\". Archived from the original on 2021-08-18. Retrieved 2025-03-30.\r\n65. ^ \"SplashTop's Instant-On Linux Desktop | Geek.com\". Archived from the original on 2008-09-07.\r\n66. ^ Alex Watson (2007-11-27). \"The life and times of the modern motherboard\". Archived from the original\r\non 2007-12-29.\r\n67. ^ David Hilber Jr. (August 2009). \"Considerations for Designing an Embedded Intel Architecture System\r\nwith System Memory Down\" (PDF). Intel. Archived (PDF) from the original on 2012-10-18. Retrieved\r\n2013-02-02.\r\n68. ^ \"Types of BIOS\". rompacks.com. Retrieved 2021-09-20.\r\n69. ^ Stiller, Andreas (2001). \"Prozessor-Patches\". c't (in German) (5). Heise: 240. Archived from the original\r\non 2015-11-22. Retrieved 2015-11-21.\r\n70. ^ \"Award BIOS logo\". 2015-06-15. Archived from the original on 2015-12-21. Retrieved 2015-12-06.\r\n71. ^ \"Phoenix Eagerly Waiting to Clone Next-Generation IBM BIOS\". InfoWorld. Vol. 9, no. 10. 1987-03-09.\r\np. 8. Archived from the original on 2014-01-22.\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 20 of 22\n\n72. ^ IEEE Standard for Boot (Initialization Configuration) Firmware: Core Requirements and Practices.\r\n1994-10-28. pp. 1–262. doi:10.1109/IEEESTD.1994.89427. ISBN 978-0-7381-1194-0. IEEE STD 1275-\r\n1994.\r\n73. ^ \"IEEE Standards Association\". IEEE Standards Association. Retrieved 2023-04-26.\r\n74. ^ \"Definition of hardware abstraction layer\". PCMAG. Retrieved 2022-07-11.\r\n75. ^ Marcus Yam (2009-03-27). \"New BIOS Virus Withstands HDD Wipes\". Tom's Hardware US.\r\n76. ^ \"Black Hat 2006 Multimedia - Presentation, Audio and Video Archives\". www.blackhat.com. Retrieved\r\n2019-04-21.\r\n77. ^ Sacco, Anibal; Alfredo Ortéga (2009-03-23). \"Persistent BIOS Infection\". Exploiting Stuff. Archived from\r\nthe original on 2009-08-04. Retrieved 2010-02-06.\r\n78. ^ Fisher, Dennis. \"Researchers unveil persistent BIOS attack methods\". Threat Post. Archived from the\r\noriginal on 2010-01-30. Retrieved 2010-02-06.\r\n79. ^ Giuliani, Marco (2011-09-13). \"Mebromi: the first BIOS rootkit in the wild\". blog. Archived from the\r\noriginal on 2011-09-23. Retrieved 2011-09-19.\r\n80. ^ \"360发布\"BMW病毒\"技术分析报告\". blog. Archived from the original on 2011-09-25. Retrieved 2011-\r\n09-19.\r\n81. ^ Yuan, Liang. \"Trojan.Mebromi\". Threat Response. Archived from the original on 2011-09-23. Retrieved\r\n2011-09-19.\r\n82. ^ Jump up to: a\r\n \r\nb\r\n \"How did 60 Minutes get cameras into a spy agency?\". CBS News. 2013-12-15. Archived\r\nfrom the original on 2014-04-22. Retrieved 2014-04-15.\r\n83. ^ Spencer Ackerman in Washington (2013-12-16). \"NSA goes on 60 Minutes: the definitive facts behind\r\nCBS's flawed report\". theguardian.com. Archived from the original on 2014-01-25. Retrieved 2014-01-27.\r\n84. ^ Friedersdorf, Conor (2013-12-16). \"A Question for 60 Minutes: Why Would China Want to Destroy the\r\nGlobal Economy?\". The Atlantic. Retrieved 2019-03-26.\r\n85. ^ Poulsen, Kevin (2013-12-16). \"60 Minutes Puff Piece Claims NSA Saved U.S. From Cyberterrorism\".\r\nWired. ISSN 1059-1028. Retrieved 2019-03-26 – via www.wired.com.\r\n86. ^ Sharwood, Simon (2013-12-16). \"NSA alleges 'BIOS plot to destroy PCs'\". The Register. Retrieved 2019-\r\n03-26.\r\n87. ^ \"Windows and GPT FAQ\". microsoft.com. Microsoft. Archived from the original on 2011-02-19.\r\nRetrieved 2014-12-06.\r\n88. ^ \"Extensible Firmware Interface (EFI) and Unified EFI (UEFI)\". Intel. Archived from the original on\r\n2010-01-05. Retrieved 2014-12-06.\r\n89. ^ \"Next-gen boot spec could forever lock Linux off Windows 8 PCS\".\r\n90. ^ \"Windows 8 secure boot could complicate Linux installs\". 2011-09-21.\r\n91. ^ \"Windows 11 Specs and System Requirements | Microsoft\". Microsoft. Retrieved 2021-10-14.\r\n92. ^ Tung, Liam (2017-11-20). \"Intel: We're ending all legacy BIOS support by 2020\". ZDNET.\r\nIBM Personal Computer Technical Reference (Revised ed.). IBM Corporation. March 1983.\r\nIBM Personal Computer AT Technical Reference. IBM Personal Computer Hardware Reference Library.\r\nVol. 0, 1, 2 (Revised ed.). IBM Corporation. March 1986 [1984-03]. 1502494, 6139362, 6183310,\r\n6183312, 6183355, 6280070, 6280099.\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 21 of 22\n\nPhoenix Technologies, Ltd. (1989) [1987]. System BIOS for IBM PC/XT/AT Computers and\r\nCompatibles — The Complete Guide to ROM-Based System Software. Phoenix Technical Reference Series\r\n(1st ed.). Addison Wesley Publishing Company, Inc. ISBN 0-201-51806-6.\r\nPhoenix Technologies, Ltd. (1989) [1987]. CBIOS for IBM PS/2 Computers and Compatibles — The\r\nComplete Guide to ROM-Based System Software for DOS. Phoenix Technical Reference Series (1st ed.).\r\nAddison Wesley Publishing Company, Inc. ISBN 0-201-51804-X.\r\nPhoenix Technologies, Ltd. (1989) [1987]. ABIOS for IBM PS/2 Computers and Compatibles — The\r\nComplete Guide to ROM-Based System Software for OS/2. Phoenix Technical Reference Series (1st ed.).\r\nAddison Wesley Publishing Company, Inc. ISBN 0-201-51805-8.\r\nPhoenix Technologies, Ltd. (June 1991). System BIOS for IBM PCs, Compatibles, and EISA Computers —\r\nThe Complete Guide to ROM-Based System Software. Phoenix Technical Reference Series (2nd ed.).\r\nAmsterdam: Addison Wesley Publishing Company, Inc. ISBN 0-201-57760-7.\r\nBIOS Disassembly Ninjutsu Uncovered, 1st edition, a freely available book in PDF format [1]\r\nMore Power To Firmware, free bonus chapter to the Mac OS X Internals: A Systems Approach book\r\nWikimedia Commons has media related to the BIOS.\r\nLook up BIOS in Wiktionary, the free dictionary.\r\n\"BIOS Boot Specification 1.01\" (PDF). Phoenix.com. 1996-01-11. Archived from the original (PDF) on\r\n2011-07-15.\r\n\"How BIOS Works\". How Stuff Works. 2000-09-06.\r\n\"Implementing a Plug and Play BIOS Using Intel's Boot Block Flash Memory\" (PDF). Intel. February\r\n1995. Archived from the original (PDF) on 2007-11-28. Retrieved 2007-11-28.\r\n\"List of BIOS options\". techarp.com. Archived from the original on 2014-01-27.\r\n\"Persistent BIOS Infection\". Phrack. No. 66. 2009-06-01. Archived from the original on 2011-04-30.\r\nRetrieved 2011-04-30.\r\n\"Preventing BIOS Failures Using Intel Boot Block Flash Memory\" (PDF). Intel. December 1998. Archived\r\nfrom the original (PDF) on 2007-03-29. Retrieved 2007-03-29.\r\nSource: https://en.wikipedia.org/wiki/BIOS\r\nhttps://en.wikipedia.org/wiki/BIOS\r\nPage 22 of 22\n\n13. ^ Shustek, Museum. Len (2016-08-02). Archived from \"In His Own the original on 2016-12-17. Words: Gary Kildall\". Remarkable People. Computer History\n14. ^ Killian, A. Joseph \"Joe\" (2001). \"Gary Kildall's CP/M: Some early CP/M history -1976-1977\". Thomas\n\"Todd\" Fischer, IMSAI. Archived from the original on 2012-12-29. Retrieved 2013-06-03. \n15. ^ Fraley, Bob; Spicer, Dag (2007-01-26). \"Oral History of Joseph Killian, Interviewed by: Bob Fraley,\nEdited by: Dag Spicer, Recorded: January 26, 2007, Mountain View, California, CHM Reference number:\nX3879.2007\" (PDF). Computer History Museum. Archived from the original (PDF) on 2014-07-14. \nRetrieved 2013-06-03. \n16. ^ Glass, Brett (1989). \"The IBM PC BIOS\". Byte: 303-310. Retrieved 2021-12-31. \n17. ^ \"HP BIOS Configuration Utility\". Hewlett-Packard. 2013. Archived from the original on 2015-01-12. \nRetrieved 2015-01-12. \n18. ^ Phoenix Technologies, Ltd. (June 1991). System BIOS for IBM PCs, Compatibles, and EISA \nComputers -The Complete Guide to ROM-Based System Software. Phoenix Technical Reference Series\n(2nd ed.). Amsterdam: Addison Wesley Publishing Company, Inc. ISBN 0-201-57760-7. \n19. ^ Phoenix Technologies, Ltd. (1989) [1987]. System BIOS for IBM PC/XT/AT Computers and \nCompatibles -The Complete Guide to ROM-Based System Software. Phoenix Technical Reference Series\n(1st ed.). Addison Wesley Publishing Company, Inc. ISBN 0-201-51806-6. \n20. ^ Sanchez, Julio; Canton, Maria P. (2003-02-26). The PC Graphics Handbook. CRC Press. ISBN 978-0-\n203-01053-2. \n21. ^ \"iAPX 86,88 User's Manual\" (PDF). Intel. 1981. System Reset, p. 2-29, table 2-4. Retrieved 2025-08-05.\n22. ^ \"AMD 80286 Datasheet\" (PDF). AMD. 1985. p. 13. “the 286 begins execution in real mode with the\ninstruction at physical location FFFFF0H.” \n23. ^ \"80386 Programmer's Reference Manual\" (PDF). Intel. 1990. Section 10.1 Processor State After Reset,\npages 10-1 -10.3. \n24. ^ \"80386 Programmer's Reference Manual\" (PDF). Intel. 1990. Section 10.2.3 First Instruction, p. 10-4.\nRetrieved 2013-11-03. “Execution begins with the instruction addressed by the initial contents of the CS\nand IP registers. To allow the initialization software to be placed in a ROM at the top of the address space,\nthe high 12 bits of addresses issued for the code segment are set, until the first instruction which loads the\nCS register, such as a far jump or call. As a result, instruction fetching begins from address \n0FFFFFFF0H.” \n25. ^ \"Intel® 64 and IA-32 Architectures Software Developer's Manual\" (PDF). Intel. May 2012. Section 9.1.4\nFirst Instruction Executed, p. 2611. Archived from the original (PDF) on 2012-08-08. Retrieved 2012-08-\n23. “The first instruction that is fetched and executed following a hardware reset is located at physical\n Page 18 of 22", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://en.wikipedia.org/wiki/BIOS" ], "report_names": [ "BIOS" ], "threat_actors": [ { "id": "f8dddd06-da24-4184-9e24-4c22bdd1cbbf", "created_at": "2023-01-06T13:46:38.626906Z", "updated_at": "2026-04-10T02:00:03.043681Z", "deleted_at": null, "main_name": "Tick", "aliases": [ "G0060", "Stalker Taurus", "PLA Unit 61419", "Swirl Typhoon", "Nian", "BRONZE BUTLER", "REDBALDKNIGHT", "STALKER PANDA" ], "source_name": "MISPGALAXY:Tick", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "649b5b3e-b16e-44db-91bc-ae80b825050e", "created_at": "2022-10-25T15:50:23.290412Z", "updated_at": "2026-04-10T02:00:05.257022Z", "deleted_at": null, "main_name": "Dragonfly", "aliases": [ "TEMP.Isotope", "DYMALLOY", "Berserk Bear", "TG-4192", "Crouching Yeti", "IRON LIBERTY", "Energetic Bear", "Ghost Blizzard" ], "source_name": "MITRE:Dragonfly", "tools": [ "MCMD", "Impacket", "CrackMapExec", "Backdoor.Oldrea", "Mimikatz", "PsExec", "Trojan.Karagany", "netsh" ], "source_id": "MITRE", "reports": null }, { "id": "1a76ed30-4daf-4817-98ae-87c667364464", "created_at": "2022-10-25T16:47:55.891029Z", "updated_at": "2026-04-10T02:00:03.646466Z", "deleted_at": null, "main_name": "IRON LIBERTY", "aliases": [ "ALLANITE ", "ATK6 ", "BROMINE ", "CASTLE ", "Crouching Yeti ", "DYMALLOY ", "Dragonfly ", "Energetic Bear / Berserk Bear ", "Ghost Blizzard ", "TEMP.Isotope ", "TG-4192 " ], "source_name": "Secureworks:IRON LIBERTY", "tools": [ "ClientX", "Ddex Loader", "Havex", "Karagany", "Loek", "MCMD", "Sysmain", "xfrost" ], "source_id": "Secureworks", "reports": null }, { "id": "3a0be4ff-9074-4efd-98e4-47c6a62b14ad", "created_at": "2022-10-25T16:07:23.590051Z", "updated_at": "2026-04-10T02:00:04.679488Z", "deleted_at": null, "main_name": "Energetic Bear", "aliases": [ "ATK 6", "Blue Kraken", "Crouching Yeti", "Dragonfly", "Electrum", "Energetic Bear", "G0035", "Ghost Blizzard", "Group 24", "ITG15", "Iron Liberty", "Koala Team", "TG-4192" ], "source_name": "ETDA:Energetic Bear", "tools": [ "Backdoor.Oldrea", "CRASHOVERRIDE", "Commix", "CrackMapExec", "CrashOverride", "Dirsearch", "Dorshel", "Fertger", "Fuerboos", "Goodor", "Havex", "Havex RAT", "Hello EK", "Heriplor", "Impacket", "Industroyer", "Karagany", "Karagny", "LightsOut 2.0", "LightsOut EK", "Listrix", "Oldrea", "PEACEPIPE", "PHPMailer", "PsExec", "SMBTrap", "Subbrute", "Sublist3r", "Sysmain", "Trojan.Karagany", "WSO", "Webshell by Orb", "Win32/Industroyer", "Wpscan", "nmap", "sqlmap", "xFrost" ], "source_id": "ETDA", "reports": null }, { "id": "54e55585-1025-49d2-9de8-90fc7a631f45", "created_at": "2025-08-07T02:03:24.563488Z", "updated_at": "2026-04-10T02:00:03.715427Z", "deleted_at": null, "main_name": "BRONZE BUTLER", "aliases": [ "CTG-2006 ", "Daserf", "Stalker Panda ", "Swirl Typhoon ", "Tick " ], "source_name": "Secureworks:BRONZE BUTLER", "tools": [ "ABK", "BBK", "Casper", "DGet", "Daserf", "Datper", "Ghostdown", "Gofarer", "MSGet", "Mimikatz", "Netboy", "RarStar", "Screen Capture Tool", "ShadowPad", "ShadowPy", "T-SMB", "down_new", "gsecdump" ], "source_id": "Secureworks", "reports": null }, { "id": "d4e7cd9a-2290-4f89-a645-85b9a46d004b", "created_at": "2022-10-25T16:07:23.419513Z", "updated_at": "2026-04-10T02:00:04.591062Z", "deleted_at": null, "main_name": "Bronze Butler", "aliases": [ "Bronze Butler", "CTG-2006", "G0060", "Operation ENDTRADE", "RedBaldNight", "Stalker Panda", "Stalker Taurus", "Swirl Typhoon", "TEMP.Tick", "Tick" ], "source_name": "ETDA:Bronze Butler", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "9002 RAT", "AngryRebel", "Blogspot", "Daserf", "Datper", "Elirks", "Farfli", "Gh0st RAT", "Ghost RAT", "HOMEUNIX", "HidraQ", "HomamDownloader", "Homux", "Hydraq", "Lilith", "Lilith RAT", "McRAT", "MdmBot", "Mimikatz", "Minzen", "Moudour", "Muirim", "Mydoor", "Nioupale", "PCRat", "POISONPLUG.SHADOW", "Roarur", "RoyalRoad", "ShadowPad Winnti", "ShadowWali", "ShadowWalker", "SymonLoader", "WCE", "Wali", "Windows Credential Editor", "Windows Credentials Editor", "XShellGhost", "XXMM", "gsecdump", "rarstar" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775446639, "ts_updated_at": 1775792173, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5b825631fb03610ae00360fbcc40d3a9452d281c.pdf", "text": "https://archive.orkl.eu/5b825631fb03610ae00360fbcc40d3a9452d281c.txt", "img": "https://archive.orkl.eu/5b825631fb03610ae00360fbcc40d3a9452d281c.jpg" } }