Definition

What is firmware?

By

Rahul Awati
Ben Lutkevich, Site Editor

Firmware is a type of software program embedded into hardware devices to help them function smoothly and effectively.

Firmware is installed directly onto a piece of hardware during manufacturing. It is used to run user programs on the device and can be thought of as the software that enables hardware to run.

Infographic of the software stack. — Firmware is the foundation of the software stack that computer hardware uses for basic operations and to run applications.

Hardware makers use embedded firmware to control the functions of various hardware devices and systems, much like a computer's operating system (OS) controls the function of software applications. Firmware is often written into non-volatile memory such as ROM. It may also be written into erasable programmable read-only memory (EPROM), flash memory or one-time programmable memory.

Firmware installed in ROM or one-time programmable memory cannot be rewritten or updated. Also, this type of firmware is usually low-level firmware that's intrinsic to the device it is installed in. Firmware installed in flash memory can be updated and is therefore known as high-level firmware.

American computer scientist Ascher Opler is said to have coined the phrase firmware in a 1967 issue of the publication Datamation. He used the term to describe a type of microprogram in between hardware and software. Today, the term is considered a combination of two terms: firm and software. Firm, meaning embedded in hardware and not meant to be frequently updated and software, meaning software meant for a specific hardware device.

Why are firmware updates important and how do they work?

Firmware updates consist of code that tells the hardware how to behave in a new or modified way. Firmware updates are often issued to fix bugs, prevent firmware hacks, roll out new features, improve security or interact with new media.

Some examples of what might happen following firmware updates include the following:

A CD disc writer gains the ability to burn a new type of disk.
A router improves its performance and stability.
A motherboard manufacturer releases a BIOS update to support new processors.

Some internet-connected devices regularly check for new firmware and automatically download and install it. Other device manufacturers require the user to visit the manufacturer's website to download and install firmware updates manually.

The frequency of firmware updates will vary depending on the device. The firmware in a smart light bulb may not need frequent updates. However, the firmware on a smart thermostat may need to be updated periodically to remain compatible with smartphone OS updates. Smartphones commonly automate firmware upgrades alongside software updates, so the phone remains functional and users don't have to manually update firmware versions to coincide with software updates. The process of remotely updating firmware by downloading upgrades from the service provider is sometimes referred to as firmware over the air.

Infographic showing the over-the-air update process for IoT devices. — Over-the-air updates are a common way for IoT devices to upgrade their firmware.

Many electronic devices also require that the device remains powered on while updating firmware so that the update doesn't get corrupted. Corrupting the firmware can damage some devices or cause them to malfunction. If the malfunction is permanent, the device may be damaged beyond repair. This is known as bricking, and is usually the result of damaged or deleted firmware.

Types of firmware

There are many types of firmware, but all firmware can be sorted into three categories:

Low-level firmware. Low-level firmware is considered an intrinsic part of a device's hardware. It is often stored on non-volatile, read-only chips like ROM and cannot be rewritten or updated.
High-level firmware. High-level firmware allows updates and is generally more complex than low-level firmware. It usually resides on flash memory chips.
Subsystem firmware. Subsystem firmware is often part of an embedded system, such as a CPU or liquid-crystal display. Another example is a server's power subsystem, which is a piece of server hardware that functions semi-independently from the server. Like high-level firmware, subsystem firmware can be updated. Also, it is more complex than low-level firmware.

Applications of firmware

Firmware is found in a range of computing equipment, including complex devices. It is also included in devices not traditionally thought of as having computer control and in devices that are typically not considered computing devices. Some real-world applications of firmware include the following:

Personal computer. The firmware of a personal computer -- either BIOS or unified extensible firmware interface -- comes embedded on a small memory chip on the computer's motherboard. A computer's peripherals, such as graphics and video cards, also contain firmware.
Storage devices. USB drives, hard drives and other portable storage devices contain basic firmware that enable them to function with a computer.
Mobile devices. Mobile phones, tablets, laptops and other mobile devices all contain firmware that let the hardware work with various software.
Automotive. Automobiles contain many embedded systems, sensors and small computers that contain firmware that enables them to perform their designated tasks.
Home appliances. Dishwashers and washing machines contain firmware that helps them communicate with the computer used to configure the machine's settings and control their operations.
Smart cards. Smart cards have instructions embedded in a chip that provides the card's basic functionality, as well as authentication and encryption.

In addition to the previously listed, these devices also require firmware to operate as intended and to run user programs:

Routers.
Network drives.
Printers.
Scanners.
Cameras.
Industrial equipment.

Embedded firmware is a crucial element of IoT devices and networks.

The difference between firmware and software

Firmware is a type of software. However, there are several distinctions between the two.

Firmware

Firmware is software that provides basic machine instructions that allow the hardware to function and communicate with other software running on a device. Firmware provides low-level control for the various basic aspects of a specific piece of hardware, such as its startup, communication, interaction with the operating and other hardware, and so on. For this reason, it is sometimes called "software for hardware."

Another distinguishing feature is that firmware is not generally designed to be user friendly since end users usually don't interact it with directly. Also, firmware is not updated frequently. Most device manufacturers release firmware updates to address critical issues -- i.e., related to performance or security -- or to add new functionality.

Examples of firmware include BIOS and Extensible Firmware Interface.

Software

Software is designed for users to interact with a device in order to accomplish specific tasks. It sits above the firmware, is abstracted from the hardware, and uses the firmware to communicate with the underlying hardware. Software is more complex and not as bound to the underlying hardware.

A software program can usually be updated, upgraded, patched and changed out without replacing a hardware component. This is rarely possible with firmware due to its embedded nature and permanent storage on a dedicated chip within the hardware itself.

Examples of software include operating systems, as well as applications for word processing, project management, video conferencing, data processing, business intelligence and customer relationship management.

What is firmware security?

Cyberattackers and hackers can take advantage of vulnerabilities in firmware to take control of the hardware it is embedded in. They can install malware into the device, steal data and spy on users and their online activities. If the vulnerabilities are not known to the device manufacturer, exploitation may result in a zero-day attack that's almost impossible to prevent and difficult to mitigate. Also, if the hardware device is connected to other devices, say over an IoT network, these issues can spread throughout the network and exacerbate the effects of the attack.

In addition to increased vulnerability to attack, poor firmware security can also do the following:

Erode customer confidence in the device and manufacturer.
Weaken the manufacturer's reputation and competitive standing.
Cause compliance-related problems (fines, legal actions) for the manufacturer.

To avoid these problems, hardware vendors need to ensure that their devices are secure by design. They must also release security patches as soon as they detect vulnerabilities to protect firmware and device users.

Firmware embedded in flash memory chips can be updated more easily than firmware written to ROM or EPROM. As flash memory plays a bigger role in the enterprise, admins must learn about the types of flash and their use cases.

This was last updated in November 2024

Continue Reading About What is firmware?

An overview of storage firmware and the importance of updates

Causes of SSD failure and how to deal with them

Creating a patch management policy: Step-by-step guide

Over-the-air architectures for IoT devices

Network documentation best practices for DR teams

Search Networking

What is Cisco Performance Routing (PfR)?
Cisco Performance Routing (PfR) is a way of sending network packets based on intelligent path control.
What is a MAC address and how do I find it?
A MAC address (media access control address) is a 12-digit hexadecimal number assigned to each device connected to the network.
What is cloud networking?
Cloud networking is a type of IT infrastructure in which the cloud hosts some or all of an organization's networking resources.

Search Security

What is endpoint detection and response (EDR)?
Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer ...
What is Common Vulnerabilities and Exposures (CVE)?
Common Vulnerabilities and Exposures (CVE) is a publicly listed catalog of known security threats.
What is a whaling attack (whaling phishing)?
A whaling attack, also known as 'whaling phishing' or a 'whaling phishing attack,' is a specific type of phishing attack that ...

Search CIO

What is qualitative data?
Qualitative data is descriptive information that focuses on concepts and characteristics, rather than numbers and statistics.
What is a learning management system (LMS)?
A learning management system (LMS) is a software application or web-based technology used to plan, implement and assess a ...
What is a PMO (project management office)?
A project management office (PMO) is a group, agency or department that defines and maintains the standards of project management...

Search HRSoftware

What is employee self-service (ESS)?
Employee self-service (ESS) is a widely used human resources technology that enables employees to perform many job-related ...
What is DEI? Diversity, equity and inclusion explained
Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...
What is payroll software?
Payroll software automates the process of paying salaried, hourly and contingent employees.

Search Customer Experience

What is a chief experience officer (CXO)?
A chief experience officer (CXO) is an executive in the C-suite who ensures positive interactions with an organization's ...
What is contact center infrastructure?
A contact center infrastructure (CCI) is a framework composed of the physical and virtual resources that a contact or call center...
What is speech recognition?
Speech recognition, or speech-to-text, is the ability of a machine or program to identify words spoken aloud and convert them ...

Close