Instant Gratification: BIOS-level virtualization

One company is driving virtualization down into the BIOS and believes its technology could make computing more secure.

Virtualization in the system BIOS? Phoenix Technologies has developed it, and they say you're going to want it. It won't be long before you'll be able to run key apps like Web browsers and email as virtual appliances without waiting for the OS to boot up. Imagine hitting a function key on your laptop while you're waiting for a plane or gulping down your coffee and toaster waffle before you head out.

On the client, you can make things more secure through virtualization, and since Phoenix can launch its hypervisor before everything else, it appears to have that pole position.
Pete Lindstrom,
analystBurton Group

All this, and improved security to boot (pun intended.)

Really? Phoenix issues very sincere disclaimers that they aren't trying to establish an alternative to Windows or virtual desktops, but they're betting that its recently announced HyperSpace platform will bring to laptops the kind of "instant on" application access we're accustomed to in hand-held portable devices.

Milpitas, Calif.-based Phoenix has made a strong play in embedded security, including firmware to leverage the Trusted Platform Module (TPM) to provide pre-boot device authentication.

"You can run signed, validated mission-critical apps outside of Windows," said Gaurav Banga, chief technology officer of Phoenix, "They're small, secure, immutable, but we don't want to make another Windows."

"There's a battle going on for the pole position on the physical system," said Pete Lindstrom, Burton Group senior analyst. "The idea here is you want to be first and at lowest level for some level of control. On the client, you can make things more secure through virtualization, and since Phoenix can launch its hypervisor before everything else, it appears to have that pole position."

Phoenix envisions up to 20 light apps running inside the BIOS, enabled by its HyperCore hypervisor. You can check your email, browse the Web or launch a media player without burning through your battery life. Phoenix is banking on software vendors seeing the market potential and developing HyperSpace-friendly offerings. Security apps, such as your antivirus product of choice, resistant to compromise and getting updates before malware gets a shot at your laptop, could be among the those running on HyperSpace.

The built-in security includes a stripped-down, hardened Linux environment for small apps, secure start-up and secure launch of trusted code using the TPM.

"The overall benefit of virtualization is when you can separate resources and activities, You can reduce the attack surface," Lindstrom said, adding that that BIOS-based virtualization can run isolated on specific memory addresses, an advantage over a virtual desktop running on top of the OS.

That's for now. Virtualization is getting a lot of traction on the server, but not so much on the desktop yet. What happens when an embedded hypervisor and, say, VMWare's Virtual Desktop run side by side? Things can get complicated.

"There's a net short-term benefit," Lindstrom said. "But the long term depends on integration into the environment, specifically other virtualization architectures are running on the laptop."

Dig deeper on Virtualization Security Issues and Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close