When Edward Snowden leaked documents from the National Security Agency in 2013, he helped reveal that the NSA invested in hacking firmware — the software that is permanently embedded into a hardware device. It tells the wires, monitors, and any other physical component of an electronic device how to do its job. Unlike other parts of a computer, firmware is usually closed off to users, making it difficult to improve and check for security breaches.
From your car to your USB drive, firmware has found its way into virtually every modern electronic device. Almost all computers today contain at least a dozen pieces of firmware. And that proprietary firmware poses a huge vulnerability — since its code is kept secret, its security holes will also probably remain secret until exploited by a hacker.
Ron Minnich, founder of LinuxBoot and a software engineer at Google, has devoted the past two decades to improving the efficiency and security of firmware by making new versions with code that is open for all to see rather than hidden away.
Minnich will give a free talk for the Princeton ACM/IEEE called “If you trust your computer, you’re crazy,” Thursday, April 19, at 7:30 p.m. at Princeton University’s computer science building, speaking on how LinuxBoot helps protect firmware from security exploitations. For more information, visit www.princetonacm.org.
Minnich has been developing a lighter, open source firmware model for 19 years but has faced opposition from electronics vendors. In 1999 Minnich led a team at Los Alamos National Lab, where he made the firmware and boot-up process of the lab’s supercomputer much more efficient. He was able to cut down the boot-up time from about five minutes to a matter of seconds. Minnich thought, perhaps naively, that electronics vendors would be excited about this development. Instead, Minnich says, computer companies fought him “every step of the way.”
According to Minnich, computer companies use firmware to add unique features to their products and essentially lock customers in. By proposing to make the firmware open source, Minnich threatened this business model.
“They hated it,” Minnich said. “I didn’t realize I was going to these companies and saying, ‘You have got firmware, and it’s locked your customers in to use your computer line.’ And then I come along and say, ‘I’m going to throw all that away.’”
This initial firmware project was called “LinuxBIOS,” which Minnich would later revamp as “coreboot.” After several years of surviving off intermittent grants, the coreboot team was on the verge of abandoning the venture. Finally, the tides turned in 2010, when someone at Google (“Not me,” Minnich clarifies) recognized coreboot’s potential and brought it onto the Chromebook, Google’s line of basic notebooks. From the fourth model onwards, every Chromebook used coreboot as its firmware. This big break came more than a decade after Minnich’s initial developments at Los Alamos National Lab.
“I had no idea what I was doing. If I had known how hard it would have been, I don’t know if I would’ve done it. Sometimes it’s good to be ignorant,” Minnich said. “I had a lot of people telling me that what I was doing was impossible, which I refused to believe.”
Since then, Minnich has developed LinuxBoot, the third iteration of this firmware model.
“This is one of the fastest-moving projects I’ve ever been involved with, of this type. It’s just really taken off. We only started talking about it publicly a year ago and we already have a lot of users, so it’s been really neat to see,” Minnich said.
Major consumers of LinuxBoot will include Facebook data centers and Horizon Computing Solutions, which refurbishes and resells old Facebook computing nodes. LinuxBoot builds on coreboot and LinuxBIOS by replacing 7/8ths of a computer’s firmware with open source code. The last 1/8th is near impossible to crack, Minnich says, but he will settle for the other 7 parts to be open source, efficient, and more secure.
Minnich grew up in Springfield, Pennsylvania, raised by an instrument technician father and a school librarian mother. He remembers looking at his black-and-white TV as a news program broadcasted the launching of a spacecraft. Suddenly, the countdown stopped. The spacecraft failed to move. The newsman on the TV said, “The electronic brain commanded the spacecraft not to launch.”
“That got stuck in my head,” Minnich said. “That sounds pretty interesting, I thought. I’d like to know more about these electronic brains.”
Minnich started building miniature computers out of parts that his father brought home from the oil refinery where he worked. Minnich first learned the algebra and inner workings of a computer from small, plastic machines that he built himself in the late 1960s. He founded much of his understanding of computers on those early childhood experiments, which he says were common across the country at that time.
He received his bachelor’s degree in electrical engineering in 1979 from the University of Delaware. Minnich continued to study electrical engineering, earning a masters of science and later a doctorate from the University of Pennsylvania. Along the way he also got married and had two children, pushing his PhD work to the hours of 9 to 11 p.m. for years. In 1991, after about nine years in a PhD program, Minnich received his doctorate in computer science.
From the Sarnoff Corporation in 1994 to Google in 2011, Minnich found himself in odd positions until January, 2017, when he revisited coreboot and transformed it into LinuxBoot. Strangely enough, his very first internship at Hewlett Packard involved work with firmware in the 1980s, even though he was hired to work with hardware. In 1999, when Minnich revisited firmware as he tried to launch LinuxBIOS, he suddenly remembered everything he had learned as a young intern at Hewlett Packard.
“The path is never an obvious path,” Minnich said.