Security News > 2022 > October > Intel Alder Lake BIOS code leak may contain vital secrets

Source code for the BIOS used with Intel's 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers and even the private signing key for Intel's Boot Guard security technology.

</p. Other folks have claimed to the file contains tools for provisioning or tweaking BIOS images, as well as Intel's reference implementation of the Alder Lake UEFI and an OEM implementation, said to be that of Lenovo.

In a statement to The Reg, Intel said it does not believe this exposes any vulnerabilities to exploit writers, adding that anyone who does uncover any bugs found in the leaked BIOS code can claim a reward under the company's bug bounty program.

"Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them to our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation," Intel said.

One security researcher has already identified information from the files that Intel may not have wished disclosed, including details of Alder Lake MSRs - undocumented registers within the processor that are used for functions such as debugging or enabling or disabling specific features of the chip.

Despite what Intel says, that the source code has itself been made public means there is a danger that criminals could comb through the code and perhaps spot novel ways of attacking the family of chips, or find undiscovered vulnerabilities in the code.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/10/alder_lake_bios_code_leaked/