biossums Intention Writing a bios for a pc-compatible includes the task of embedding various checksums. At least there is the overall bios checksum stored in the very last byte of the program. Depending on the number and types of services the bios provides there are others, e.g. -- a checksum for the pci bios extensions, -- a checksum for the plug and play bios extensions, -- checksums for multiprocessor bios extensions. All these checksums have one common point: using the usual assembler directives they are hard (if not impossible) to compute at compile time. You can either compute them by hand --- a tedious, error-prone, task, where in addition you often have to make unreliable assumptions about the memory layout of the entire bios. Or you patch them directly into your compiled bios-image. Apart from computing the checksums this is what biossums does for you. Checksums With the exception of the overall bios checksum, in a modern pc-bios checksums are not used to ensure data integrity. Instead they are used in conjunction with certain signatures to securely identify the entry points or the addresses of important data of some bios-extensions. Because these services are often invoked from x86 protected mode the original method via interrupts is not applicable. Scanning (even only parts) of the bios for (short) signatures and solely relying on this is insecure though, cause the found signature might not refer to the sought service but rather be some obscure machine code resembling the signature by accident. Since signatures are usually part of a larger header or table the above mentioned problem is being circumvented by checksumming over this header and comparing the result to a checksum stored next to the signature. In practice the checksum is often part of the header, chosen in a way that the contents of the header add up to zero. Usage biossums is very simple and straightforward. The only (and mandatory) argument is the file-name of the bios-image. The file is being read, patched and written. So if you want to keep your original file for reference, use biossums on a copy of your bios-image. For now, biossums can only rely on signatures to find the locations of the accompanying checksums. Therefore biossums refuses to set any checksums if it finds more than one signature of the same type. Example output Run upon a Bochs bios configured for 2 CPUs (ver. 1.29) biossums displays: PCI-Bios header at: 0x9480 Current checksum: 0xA9 Calculated checksum: 0xA9 MP header at: 0xD0F0 Current checksum: 0xC1 Calculated checksum: 0xC1 PCMP header at: 0xD000 Current checksum: 0x65 Calculated checksum: 0x65 Bios checksum at: 0xFFFF Current checksum: 0x00 Calculated checksum: 0x24 Setting checksum. If we patch in a second "_32_" signature at offset 0x9760 and reset the PCMP checksum to 0x00 we get: PCI-Bios header at: 0x9480 Current checksum: 0xA9 Calculated checksum: 0xA9 PCI-Bios header at: 0x9760 Current checksum: 0x00 Calculated checksum: 0x00 Multiple PCI headers! No checksum set. MP header at: 0xD0F0 Current checksum: 0xC1 Calculated checksum: 0xC1 PCMP header at: 0xD000 Current checksum: 0x00 Calculated checksum: 0x65 Setting checksum. Bios checksum at: 0xFFFF Current checksum: 0x00 Calculated checksum: 0x01 Setting checksum. Possible enhancements Although biossums takes care of all checksums being used by the bios of the Bochs project (as of version 2.02) there are more to cover, e.g. the checksums for "Plug and Play" bios extension. In addition it was planned to provide further information to biossums via map-/ symbol-files to verify the locations of checksums apart from scanning for signatures. For now this seems not to be necessary; in practice no double signatures have been observed yet.