Intel confirms leak in Alder Lake BIOS source code

Share post:

Intel has confirmed the Alder Lake BIOS source leak as genuine. A 6GB file containing tools and code for creating and optimizing BIOS/UEFI images is included in the leaked source code. In the BIOS/UEFI of a computer, the hardware is initialized before the operating system is loaded. In the BIOS, connections to certain security mechanisms such as the TPM (Trusted Platform Module) are also established.

The fact that the code is now in the wild means that cybercriminals will now be looking for ways to exploit it. Security researcher Mark Ermolov discovered secret MSRs Model Specific Registers, which are normally reserved for privileged code and private signature keys that are used for Intel’s Boot Guard that can potentially invalidate the feature. There are also signs of ACMs (Authenticated Code Modules) for BootGuard and TXT (Trusted Execution Technology) which could create further root-trust problems.

However, the impact and breath of the discoveries may be limited, as Intel has already provided suppliers and OEMs with similar tools and information to build the company’s platforms. Since Intel’s declaration is not based on information obfuscation as a security measure, it means that the company has scrubbed the most overly- sensitive material before it was made available to external suppliers.

Intel also encourages researchers to submit vulnerabilities they find to its Project Circuit Breaker bug bounty program, which provides rewards of between $500 and $100,000 per bug.

The sources for this piece include an article in Tomshardware.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024

This episode features discussion on the takedown of the LockBit ransomware gang

Breaking news: RCMP facing ‘alarming’ cyber attack

The RCMP is facing a serious cyber attack from an unspecified threat actor. The Mounties told CBC News today that a “breach of this magnitude is alarming.” “The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” a spokesperson

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways