Skip to content

Firmware — Trivia & Interesting Facts

Surprising, historical, and little-known facts about firmware.

The word "firmware" was coined in 1967

Ascher Opler coined the term "firmware" in a 1967 Datamation article to describe the microcode layer between hardware and software. He needed a word for code that was more permanent than software but more changeable than hardware — hence "firm"ware. The term stuck and expanded far beyond its original microcode meaning.

UEFI replaced BIOS after 40 years, but BIOS terminology persists

The UEFI (Unified Extensible Firmware Interface) specification replaced the legacy BIOS (Basic Input/Output System) that IBM introduced in 1981. Despite UEFI being standard since the mid-2010s, people still say "BIOS" when they mean "firmware settings." UEFI supports GBs of code, graphical interfaces, and network booting — features impossible in 16-bit BIOS.

Intel ME runs a full operating system inside your CPU

Intel Management Engine (ME) is a subsystem embedded in Intel chipsets since 2008 that runs a full MINIX-based operating system independently of the main CPU. It has access to the network interface and memory, runs when the computer is "off" (but plugged in), and cannot be fully disabled. Security researchers have called it "a computer within your computer."

Firmware vulnerabilities persist because patching is terrifying

A 2023 survey found that 67% of organizations delay firmware updates by more than 30 days after release. The reason: firmware updates that fail can brick hardware, turning a $10,000 server into an expensive paperweight. Unlike software updates, a failed firmware update often can't be recovered remotely, requiring physical access or specialized equipment.

The Spectre and Meltdown vulnerabilities were partially mitigated through firmware

When the Spectre and Meltdown CPU vulnerabilities were disclosed in January 2018, Intel, AMD, and ARM released microcode (firmware) updates as part of the mitigation strategy. These firmware patches reduced CPU performance by 2-30% depending on workload — an unprecedented case where a security fix made hardware measurably slower.

Server BMC firmware is one of the most neglected attack surfaces

Baseboard Management Controllers (BMCs) run their own firmware with full access to the server's hardware, including remote console, power control, and storage. A 2022 study found that 70% of servers in enterprise environments were running BMC firmware more than 2 years old, with known vulnerabilities that could give attackers persistent, undetectable access.

SSD firmware bugs have caused silent data corruption

Multiple SSD manufacturers have shipped firmware with bugs that caused silent data corruption — data written to disk was not what was read back, without any error being reported. HPE issued an urgent firmware update in 2019 for SSDs that would brick themselves after exactly 32,768 hours (3 years, 270 days) of operation due to a firmware counter overflow.

Hard drive firmware has been used for state-sponsored espionage

In 2015, Kaspersky Lab revealed that the "Equation Group" (widely attributed to the NSA) had developed malware that reprogrammed hard drive firmware from major manufacturers. The malware survived disk formatting and OS reinstallation, creating a virtually undetectable persistence mechanism. It affected drives from Western Digital, Seagate, and Toshiba.

Network switch firmware runs the same binary for decades

Unlike server operating systems that are updated regularly, network switch firmware often runs unchanged for years or decades. A 2021 survey of enterprise networks found switches running firmware versions released 5-10 years prior. The attitude "if it works, don't touch it" is especially strong in networking, where firmware updates require maintenance windows and carry bricking risk.

The coreboot project aims to replace proprietary firmware with open source

The coreboot project (formerly LinuxBIOS) has been working since 1999 to create open-source firmware for x86 systems. Google uses coreboot in Chromebooks, making it one of the most widely deployed open-source firmware projects. However, most server and desktop manufacturers still use proprietary firmware from AMI, Phoenix, or Insyde.