Lenovo just bought Phoenix Technologies' firmware business, putting the code that boots millions of PCs under a Beijing-headquartered company. The acquisition, completed April 27, covers Phoenix's firmware intellectual property and expertise registered in Dublin. Financial terms weren't disclosed.
Firmware is the Root of Trust for computing hardware. It runs before the operating system loads. Controlling BIOS means deep, low-level system access, which makes it a prime target for state-sponsored espionage through things like UEFI rootkits. Lenovo is headquartered in Beijing. The U.S. State Department and Department of Defense already restrict Lenovo hardware on classified networks over supply chain concerns. This deal puts the source code for the fundamental boot process of Western PCs under a Chinese parent company. Expect scrutiny from CFIUS and European cybersecurity agencies. The NDAA review framework will likely come into play too.
The history adds context. IBM originally built proprietary BIOS for its PCs. Companies like Phoenix reverse-engineered legal clones, which birthed the commodity PC market. IBM later sold its PC division to Lenovo. The industry then relied on third-party firmware vendors. Now the former IBM division is bringing firmware back in-house, closing a loop that started in the original PC era.
Luca Rossi, who runs Lenovo's Intelligent Devices Group, said the move gives Lenovo control over "one of the most critical layers of the computing experience." The company says it will speed up development and cut costs across its PC portfolio and future AI devices. Fair enough. That still leaves Western governments with a new reason to question what's running on their computers before the operating system even starts.