Intel confirms leak in Alder Lake BIOS source code

Share post:

Intel has confirmed the Alder Lake BIOS source leak as genuine. A 6GB file containing tools and code for creating and optimizing BIOS/UEFI images is included in the leaked source code. In the BIOS/UEFI of a computer, the hardware is initialized before the operating system is loaded. In the BIOS, connections to certain security mechanisms such as the TPM (Trusted Platform Module) are also established.

The fact that the code is now in the wild means that cybercriminals will now be looking for ways to exploit it. Security researcher Mark Ermolov discovered secret MSRs Model Specific Registers, which are normally reserved for privileged code and private signature keys that are used for Intel’s Boot Guard that can potentially invalidate the feature. There are also signs of ACMs (Authenticated Code Modules) for BootGuard and TXT (Trusted Execution Technology) which could create further root-trust problems.

However, the impact and breath of the discoveries may be limited, as Intel has already provided suppliers and OEMs with similar tools and information to build the company’s platforms. Since Intel’s declaration is not based on information obfuscation as a security measure, it means that the company has scrubbed the most overly- sensitive material before it was made available to external suppliers.

Intel also encourages researchers to submit vulnerabilities they find to its Project Circuit Breaker bug bounty program, which provides rewards of between $500 and $100,000 per bug.

The sources for this piece include an article in Tomshardware.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways