October 13, 2022

Intel has confirmed the Alder Lake BIOS source leak as genuine. A 6GB file containing tools and code for creating and optimizing BIOS/UEFI images is included in the leaked source code. In the BIOS/UEFI of a computer, the hardware is initialized before the operating system is loaded. In the BIOS, connections to certain security mechanisms such as the TPM (Trusted Platform Module) are also established.

The fact that the code is now in the wild means that cybercriminals will now be looking for ways to exploit it. Security researcher Mark Ermolov discovered secret MSRs Model Specific Registers, which are normally reserved for privileged code and private signature keys that are used for Intel’s Boot Guard that can potentially invalidate the feature. There are also signs of ACMs (Authenticated Code Modules) for BootGuard and TXT (Trusted Execution Technology) which could create further root-trust problems.

However, the impact and breath of the discoveries may be limited, as Intel has already provided suppliers and OEMs with similar tools and information to build the company’s platforms. Since Intel’s declaration is not based on information obfuscation as a security measure, it means that the company has scrubbed the most overly- sensitive material before it was made available to external suppliers.

Intel also encourages researchers to submit vulnerabilities they find to its Project Circuit Breaker bug bounty program, which provides rewards of between $500 and $100,000 per bug.

The sources for this piece include an article in Tomshardware.