Intel has confirmed the leaked UEFI BIOS documentation and source code for Alder Lake processors (the code name for 12th generation Intel processors that have been released since November 2021).
Late last week, Twitter user Freak posted links to the UEFI source code for Intel Alder Lake, claiming that the leak was rooted in 4chan.
The link led to a GitHub repository called ICE_TEA_BIOS, which was uploaded by user LCFCASD. This repository contained something described as “BIOS code from the C970 project”.
In total, the leak contains 5.97 GB of data, including source code, private keys, changelogs, and compilation tools. Moreover, some files are dated September 30, 2022, that is, it was probably at the end of last month that a hacker or an insider leaked the data (it is not yet clear whether the source code was stolen during a hacker attack or an insider leaked it to the network).
According to Bleeping Computer, all of the leaked source code was created by UEFI firmware developer Insyde Software Corp. In addition, the leak contains numerous references to Lenovo, including code for integrating with Lenovo String Service, Lenovo Secure Suite, and Lenovo Cloud Service. Lenovo and Insyde Software Corp have not yet commented on the situation.
But Intel has already confirmed to Tom’s Hardware journalists that the leak is genuine and is indeed “proprietary UEFI code.”
“Looks like our proprietary UEFI code has been stolen by a third party. We do not believe this exposes any new security vulnerabilities, as we do not rely on information obfuscation as a security measure. This code is participating in our Project Circuit Breaker bug bounty program, and we encourage all researchers who can discover potential vulnerabilities to bring them to our attention through this program, ”said Intel representatives.
Unfortunately, despite these assurances from Intel, security experts believe that A leak of source code can still pose a threat and, at a minimum, will simplify the search for vulnerabilities in the code.
“Attacker/Bughunter can greatly benefit from such leaks, even if it is an OEM implementation leak that is only partially used in production,” writes hardware security firm Hardened Vault.
Positive Technologies expert Mark Yermolov discovered that the dump contains a private KeyManifest encryption key used to protect the Intel Boot Guard platform. Although it is not yet clear if this key was used in production, in theory, attackers can use it to change the boot policy in Intel firmware and bypass hardware security.