Various mechanisms exist for updating the basic input output system (BIOS) on a computing device. Existing systems typically use one of two approaches.
One approach, geared toward achieving high security is only allowing a BIOS update in the pre-boot environment. The BIOS update utility will first copy a BIOS image to specific memory location, and then conduct S3 (suspend to RAM). In the execution path of S3 resume, the BIOS code will authenticate the BIOS image in memory and then update it to a non-volatile memory, typically a Flash memory part. This approach is typically adopted in normal BIOS implemented on some processors available from Intel® Corporation having an Extensible Firmware Interface (EFI) architecture.
A second approach it to avoid any reboot (or S3) that might interrupt user operation in operating system (OS) lifecycle. The BIOS update may be performed via normal input/output (I/O) instructions or a system management interrupt (SMI) interface. This is a kind of trade off between usability and security. This approach may introduce a security hole that allows malware/virus to use the same mechanism to damage the Flash memory part.
It is also the case that the Flash memory part containing the BIOS is locked during runtime. Thus, in existing systems, the platform must be rebooted to unlock the Flash memory in order to update the BIOS. This reboot ultimately requires down time for all users and virtual machines (guest operating systems) on a virtualization architecture platform. This down time is often undesirable or unacceptable.