A few years ago, journalist Sara Bongiorni wrote a book called A Year Without “Made in China:” One Family’s True Life Adventure in the Global Economy, about her family’s yearlong quest to boycott Chinese-made products. The author never quite articulates the fundamental reasons for her boycott, nor explores the macroeconomic reasons for China’s manufacturing juggernaut. But she does succeed in making the point that yes, it’s pretty difficult for a middle-class American family to avoid buying products that are made in China or that contain Chinese components or materials.
OK, so living life without Chinese stuff is hard. But here’s a bigger challenge:
Try living life without firmware.
Firmware is (Secretly) Everywhere
Once upon a time, the world was analog. To the extent that devices had electronic circuits at all, they functioned on the basis of continuously variable (i.e., analog) voltage and current signals. Telephones and telephone switchgear, cameras, television and radio broadcasting and receiving equipment, audio and video recording devices, avionics, radar, thermostats, even nuclear power plant control systems and satellites in space—all were analog devices, with nary a microprocessor to be found.
Then along came digital computers, with their bits and bytes; ones and zeroes.
At first, the advent of digital computers didn’t change much, because they were giant, power-hungry machines that filled entire rooms and required teams of experts to operate. It wasn’t until the invention of the integrated circuit, and the subsequent steady miniaturization of silicon transistors, that the world started turning digital.
Device behavior that once was defined by mathematical relationships such as integrals and differential equations slowly became digitized, their behaviors defined by Boolean logic relationships (AND, NAND, OR, NOR, NOT, XOR, etc.). Moreover, they could be programmed, enabling much more complex behavior, features, and functions.
The secret to making all these newly digital devices work is firmware.
Firmware is the low-level set of programming instructions that runs automatically when a device is engaged and controls the functions and operation of the hardware. Without firmware, a digital device would do nothing.
Your desktop, laptop computer, and your smartphone have multiple firmware programs in them, keeping things running. The computer’s motherboard has firmware that tells the system where to find and how to launch the operating system. Disk or solid-state storage devices also have firmware controlling their operation and communication with the rest of the computer.
The video adapter, wired and wireless network adapters, Bluetooth radio, and USB controller all have their own firmware. Even your keyboard and mouse have firmware running, as do peripherals such as printers, webcams, and monitors.
In addition to the obvious cases, such as robots and network switchgear, firmware shows up in some surprising places:
- Automobiles
- Baby monitors
- Bathroom scales
- Digital cameras
- Digital thermometers
- Electronic toys
- Kitchen appliances
- Land-line telephones
- Pacemakers and other implantable medical devices
- Smart thermostats
- Traffic lights
- TV remote controls
- USB flash drives
- Wearable devices (watches, fitness monitors, and so on)
- Wireless earbuds
You get the picture. Pretty-much everything electronic these days has a microcontroller or microprocessor, and therefore has firmware lurking in it somewhere.
So What?
For the most part, users neither know nor care about firmware running in the devices they use. Relatively simple devices have commensurately simple firmware, and it just works.
For many devices, it’s not even possible to update the firmware. If a problem with such a device were traced to the firmware, it would be cheaper for the manufacturer to simply replace the devices under warranty.
For more complex mechanisms, such as wireless routers, building monitoring systems, and physical security systems, it makes sense to update the firmware from time to time. Manufacturers supply firmware updates for these devices to add features and functions, support new protocols, fix bugs, enhance performance, and—most importantly—patch security vulnerabilities.
Updating the firmware of a device that’s designed for such updates can range from simple and straightforward to complex, time-consuming, and high-risk. Firmware updates are inherently risky because if something goes wrong, such as an interrupted data connection or power loss, it may not be possible to recover. The firmware, corrupted by a partially completed update, can no longer run, and the device becomes a useless collection of circuitry, known colloquially as a “brick.”
Other things that can go wrong with firmware updates include:
- Poorly designed update process and tool: The update process is typically governed by a program running on a connected external device (such as a PC). This program should check for a number of things before starting the update, such as whether the device is the correct make and model and whether other prerequisites are met. If these checks are not done correctly (or at all) the update can fail.
- Inadequate testing of the new firmware: Without thorough testing of the new firmware, the developers might distribute firmware with fatal bugs in it. The bugs might cause problems in only 0.1% of possible conditions, but with millions of devices in the field, that could add up to a large number of bricked devices (and angry customers).
Firmware and its update process should be subject to a much higher level of scrutiny than a typical software application.
IoT and the Upcoming Firmware Storm
We continue to be told by fearless forecasters that the internet will soon be home to billions of chatty devices—the so-called “internet of things” (IoT). Regardless of the final number, it’s certain that a large number of devices are already on the network and more are on the way; everything from Amazon Echo and similar smart-home devices to sensors, actuators, and systems in office buildings, factories, warehouses, power grids, farms, hospitals, and more.
And every one of them will need firmware in order to operate.
The sheer number and variety of these devices means that although for most of them the firmware will work flawlessly; for some, it will not. Driven by “first-to-market” time pressures and budget constraints, and hindered by poor project management, inadequate testing, and lax design oversight, some firmware with issues, such as bugs and security holes, is bound to make it into the field.
Given the difficulty and risk associated with updating firmware on these devices, such issues are going to cause serious headaches, not to mention legal and financial troubles, for some manufacturers, particularly those companies for which device-failure can cause injury or death, such building-safety systems and medical apparatuses.
That’s why a solid, robust development strategy, such as the agile methodology we use at AndPlus, is so important when developing and deploying firmware. Although firmware development isn’t as “sexy” as developing mobile or web apps used directly by real people, we treat firmware development with the same level of rigor, if not more. Our experts in hardware integration understand the importance of fine-grained design and meticulous testing. This ensures only flawless firmware makes it out the door.
If you have an idea for a device that needs firmware to run (and what device doesn’t?), we invite you to speak with our firmware experts to learn how we can help you develop a product and release it with confidence that the firmware will be robust, secure, and bug-free.
