The UEFI BIOS source code of Alder Lake CPUs ends up on the web - Intel minifies

Intel was a victim of related source code theft to the UEFI BIOS of Alder Lake CPUsthe 12th generation Core CPUs that hit the market at the end of 2021.

The first hints of this theft appeared on the web on Friday, when on Twitter a user called “freak” posted the link to what he said was the source code of the UEFI firmware of the Alder Lake CPUs. According to freak, the code was originally released on 4chan.

The link led to a repository on GitHub called “ICE_TEA_BIOS”, whose upload was done by a user identified with the user name “LCFCASD”. Within the repository, some code identified as’BIOS Code from project C970“: well 5.97 GB of files, source code, private keys, change log and compilation tools, all dating back to the end of September 2022, the date on which the data allegedly occurred.

According to what has been reconstructed, all code was developed by Insyde Software Corp, a company that develops UEFI firmware. After a few days, questioned by Tom’s Hardware USA, Intel confirmed that the source code was genuine and that it was proprietary UEFI code.

“Our proprietary UEFI code was leaked by a third party. We don’t believe it exposes any new security vulnerabilities as we do not rely on information obfuscation as a security measure. This code is covered by our Bug Bounty program within the Project Circuit Breaker campaign, and we encourage any researcher who could identify potential vulnerabilities to bring them to our attention through this program. We are making contact with both customers and the security research community to keep them updated on this situation“said a spokesperson.

Intel therefore minimizes what happened, but according to some researchers – as reported by Bleeping Computer – this code theft could make it easier for the bad guys to track down flaws and even reverse engineer. According to Mark Ermolov, security researcher at Positive Technologies, the leak would be the KeyManifest encryption private key, used for Inte’s Boot Guard platformL. If such a key were in use, attackers could potentially use it to change the boot policy in Intel firmware and bypass hardware security systems.

#UEFI #BIOS #source #code #Alder #Lake #CPUs #ends #web #Intel #minifies

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *