What is firmware: definition, types and uses

Firmware can be found not only in computers and smartphones but in pretty much any electronic device with more than just a power button. So, what is firmware? In this article, we’ll explain it from the firmware development point of view.

ISO defines firmware as a combination of a hardware device and computer instructions or computer data that reside as read-only software on the hardware device [ISO/IEC 12207:2008 Systems and software engineering — Software life cycle processes, 4.14]

To put it simply, firmware is a type of software made for a specific system with limited computational capabilities: a microcontroller or microprocessor. Firmware is embedded into hardware devices’ non-volatile memory.

What is firmware used for? It completes basic functions like starting up hardware, communicating with other devices, device components, and peripherals, and performing basic input and output tasks. It can be the main software in the device like in smart home appliances, or be a part of the computer software.

Firmware works close to hardware and performs basic functions like starting up the device, connecting with peripherals, turning on screens, sensors, and actuators, transmitting the data collected from sensors, etc. Firmware is stored in a device’s read-only memory. The manufacturer installs firmware on a device and the user can’t uninstall or alter the firmware like it’s possible with software.

Firmware can be a standalone software on a device or a part of a higher-level computer system. Standalone firmware examples can be found on devices like smart thermostats, routers, cameras, smart speakers, etc. Firmware as a part of the system can be found in mobile phones, smartphones, tablets, and computers. Here firmware is responsible for basic hardware functions below the applications. Basic input-output system — BIOS or unified extensible firmware interface — UEFI is what is firmware in computer.

There’s no single conventional way of classifying firmware. In this article, we offer the classification we believe is the most appropriate for us and our clients in the firmware development context. So, we’ll use the following definitions:

It’s one of the user types of firmware developed for microcontrollers. A microcontroller is a chip with embedded RAM, ROM, input, and output systems. It’s a very tiny computer whose computing capacity is limited. 1 MB memory is good, but more often it’s just several kilobytes. The microcontroller is the main computing unit in smart devices like thermostats or washing machines.

Due to the limited capacity, microcontroller firmware can be referred to as low-level firmware. It usually runs real-time operating systems — RTOSes. RTOS guarantees fast and stable interaction between peripherals and completes relatively simple tasks: reading sensors and actuators, transmitting the data to higher system levels, etc.

If it’s necessary to read sensors regularly RTOS will do the job and guarantee the result. Thanks to its simplicity it is also more reliable than higher-level systems. However, due to a strict resource limitation, it may be quite challenging to design the firmware that meets all the requirements and has all the necessary functionality.

It’s another type of user firmware and it’s developed for microprocessors. A microprocessor is a tiny processing unit, it has a more complex structure and more computational power compared to the microcontroller. A microprocessor can feature gigabytes of memory and can run more powerful operating systems.

Microprocessors work on ordinary operating systems adjusted for hardware with limited computational capabilities. The most popular realizations of these OS are Embedded Linux, Raspberry Pi, custom OS assembled with Yocto, etc.

Since microprocessors have more resources, they allow for more complex firmware that can work with more complex information algorithms. We can refer to the microprocessor firmware as high-level firmware compared to microcontroller firmware.

Besides the two user types of firmware, there’s another kind of firmware developed on the system level. These are drivers and bootloaders. We singled them out because technically, they can also be classified as firmware but differ in several aspects.

First, drivers and bootloaders are rarely developed on demand. In most cases, they are provided by the device manufacturer and instead of being developed, they need to be set up correctly to guarantee the user software works correctly. Think of BIOS or UEFI in computers.

Second, they don’t depend on product value and don’t affect it. The purpose of drivers and bootloaders is solely technical: they are just a part of the system that can launch a component, help at startup, connect to a peripheral, etc.

Since firmware is closely connected to hardware, it’s quite difficult to separate hardware components from the firmware ones. We’ll include hardware in the firmware architecture to make the scheme and the components interaction more comprehensible.

The architecture here is relatively simple and consists of hardware and firmware components. The microcontroller starts and launches the bootloader. The bootloader launches on startup and triggers the application code. The application code communicates with peripherals.

Here the architecture becomes more complex as the operating system adds a system layer to the hierarchy. Hardware communicates with the system, and the system communicates with firmware. The components can communicate with each other as it is shown in the diagram.

If we were to represent the correlation between firmware and software graphically, it would look like this:

Firmware is just another software type built for hardware with limited computational capabilities. Software in common understanding is any application people use in classic operation systems: Windows, Mac, Linux, Android, iOS, etc. Web and server applications are also classified as software. Firmware is software for microcontrollers and microprocessors that can be found in various electronic and smart devices.

Firmware sets strict rules for working with memory since every byte is important and cannot be wasted. Software is more forgiving in terms of using memory and software optimization is usually the last step in the development process.

Firmware because of its limited capabilities has a restricted set of development tools like libraries or graphical components. In addition, firmware may not support all protocols that are supported by software. On the contrary, software has multiple tools, libraries, user interfaces, and graphical components at the developers’ disposal.

Software is multithread and has a bigger delay, while firmware, especially the RTOS-based, is executed in real-time. RTOS guarantees fast and stable interaction between peripherals, that’s why it is used in systems where even the smallest delays are unacceptable.

Firmware can be found in a lot of devices from multiple industries, let’s mention some of them.

Firmware security is a set of measures that ensures protection against unauthorized access, data theft, reverse engineering, and other malicious activities aimed at rendering the firmware inoperable.

Firmware as any other kind of software needs to be secure. The required security measures depend on the device’s configuration: is it connected to the internet, does it collect any sensitive data, does the firmware need to be protected from reverse engineering, etc.

The firmware security measures include:

Firmware security is crucial for the stable work of devices. For instance, a device has a connection to the internet and no proper security. A hacker can break into the device and send malicious code that blocks firmware from receiving authentic updates. As a result, thousands of devices become vulnerable and get out of control. This puts a huge risk on the manufacturer’s reputation and users’ safety.

To make firmware work stably for a long time, it needs updates to correct internal errors. Unlike standard software for mobile or desktop, firmware updates cannot be performed by the user: the device has to download and install firmware updates itself. That’s why it’s extremely important to add the possibility of an OTA update — over-the-air update — at the initial stage of planning the firmware project. With OTA, manufacturers can send firmware updates to all devices without physically connecting to each one.

A well-designed firmware works stably and requires much less updates than mobile or desktop software. For firmware, adding new features is quite a rare thing because of hardware restrictions.

Any software has bugs and firmware is not an exception. Since firmware’s system is simpler than standard software and the firmware code has more control over the hardware, a minor bug can become critical to the entire system. To enable bug fixes, firmware should feature the OTA update option.

To minimize and prevent firmware bugs and vulnerabilities, developers should follow the standard software development recommendations including

In addition to the standard software recommendations, there are some firmware-specific practices to minimize bugs. Let’s discuss them in more detail.

Firmware must adequately respond to unpredicted situations to avoid functioning incorrectly. Watchdog is a part that can put the device into a special mode, disconnect a component, or reboot firmware altogether in case the system becomes unresponsive. There are hardware-level and software-level watchdogs: the hardware ones come with the device, and the software ones should be set up correctly to work with firmware.

The main reason for firmware vulnerabilities is using insecure protocols or compromised update signatures. To prevent unauthorized access, engineers should sign firmware updates and use safe data-transferring protocols like HTTPS or SSL.

Firmware divided into sections becomes simpler and has less chance of getting a bug. Instead of one controller responsible for the whole system, there’s a bundle of controllers each accountable for its part of functionality. Such a division also allows for cost optimization: choosing more expensive components for the critical section and opting for reasonable-budget options for non-critical parts is possible.

A higher level of safeguarding firmware is making a system with doubled components: two processors, two memory modules, etc. In this case, if one component stops responding, another one launches and takes over the system. Obviously, this makes the project way more expensive and complicated, but in some cases, it does pay off. Think of an interstellar probe Voyager that has to be extremely reliable as nobody could fix an error in case something goes wrong on its way.

Since firmware is responsible for the basic hardware tasks, firmware errors can drive the entire device inoperable. That’s why it’s extremely important to think out the solution very carefully at the beginning of the project. Let’s discuss some firmware development peculiarities.

Firmware is developed on emulated environments that are usually not identical to the real devices. This can cause some inaccuracies that are impossible to catch during debugging and can be found only when the firmware is installed on the device. To minimize bugs, developers must have additional adapters or controllers that allow them to track real-time device feedback and find any inconsistencies right away.

Unlike software development which offers a wide range of programming languages and frameworks, firmware mostly requires programming on C or C++. Firmware frameworks are usually compatible with one or several architectures and won’t work for other systems. This aspect should be considered at the beginning of the project.

Firmware is highly dependent on hardware. If a component grows obsolete or is discontinued by the manufacturer, it can jeopardize the entire project. To minimize risks, it’s possible to design a more complex firmware architecture and make business logic less dependent on individual components. This way it would be easier to switch to another component without re-writing firmware code.

Say, we have a device with firmware, it works stable for several years. The pitfall is that a framework for developing firmware gets updated, but the hardware stays the same. With time, hardware can become incompatible with the new framework version making it impossible to make updates. This way, supporting obsolete firmware is only possible until a critical bug is found.

In the firmware context, the update is the only way to fix errors, that’s why it requires special attention.

Since the support team has no physical access to the device to find the issue, only logs can show what exactly went wrong. The more accurate loggers are added, the easier it is to identify the problem and find a solution.

These reports allow checking out the state of the system during the crash. The reports are sent to the supporting team servers and the engineers can reproduce the error in the developer environment to isolate and fix the issue.

Since users cannot interact with the firmware updates and fix any occurring errors, the system must do so. If the update goes wrong, the system has to roll back to the previous stable firmware version.

Firmware is software designed to work on hardware with limited computational capabilities: microcontrollers and microprocessors. Firmware can be found in almost every modern device, including smart devices, home appliances, and computers. Compared to software, firmware is more difficult to develop since it works closer to hardware. In order to develop a high-quality firmware, it’s important to choose knowledgeable and experienced engineers.