Source code for the BIOS used with Intel’s 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers (MSRs) and even the private signing key for Intel’s Boot Guard security technology.
The source code was apparently shared via 4chan and GitHub, in a file containing tools and code for generating and optimizing BIOS/UEFI firmware images, plus related documentation. Word quickly spread to Twitter at the weekend, Alder Lake being the code-name for the x86 giant’s 12th-gen desktop processors.
The source code may reveal exploitable vulnerabilities in the firmware that miscreants could abuse in future on people’s PCs. Here’s a note from the usually reliable infosec watchers VX Underground:
The source code to the Intel Alder Lake has been leaked online.* Alder Lake CPU was released November 4, 2021* Source code is 2.8GB (compressed)* Leak (allegedly) from 4chan* We have not reviewed the entirety of the code base, it is massive
— vx-underground (@vxunderground) October 8, 2022
Other folks have claimed to the file contains tools for provisioning or tweaking BIOS images, as well as Intel’s reference implementation of the Alder Lake UEFI and an OEM implementation, said to be that of Lenovo.
Intel has now verified the authenticity of the leak as being its UEFI firmware code.
In a statement to The Reg, Intel said it does not believe this exposes any vulnerabilities to exploit writers, adding that anyone who does uncover any bugs found in the leaked BIOS code can claim a reward under the company’s bug bounty program.
“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them to our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation,” Intel said.
However, one security researcher has already identified information from the files that Intel may not have wished disclosed, including details of Alder Lake MSRs – undocumented registers within the processor that are used for functions such as debugging or enabling or disabling specific features of the chip.
The hardware guru, Mark Ermolov of Positive Technologies, also claimed the file contained the private signing key for Intel’s Boot Guard technology. If correct, this could be serious since Boot Guard provides the hardware Root of Trust for the system and is a vital part of the UEFI secure boot mechanism.
Ermolov tweeted that “a very bad thing happened: now, the Intel Boot Guard on the vendor’s platforms can no longer be trusted.”
It’s suggested that whoever has the private signing key now could successfully digitally sign a malicious or altered BIOS image for Alder Lake systems and have the machines accept that unofficial version.
Despite what Intel says, that the source code has itself been made public means there is a danger that criminals could comb through the code and perhaps spot novel ways of attacking the family of chips, or find undiscovered vulnerabilities in the code.
“Source code holds massive value to cybercriminals as it is part of a company’s intellectual property,” said Sam Linford, VP EMEA Channels at cybersecurity vendor Deep Instinct. “Cybercriminals are always looking for new techniques or vulnerabilities in order to catch security teams off guard.”
Intel’s Alder Lake chips were launched late in 2021, with a wave of new chips being added earlier this year. The family covers processors for laptops and desktops, but not servers, so datacenter staff can perhaps heave a sigh of relief. ®