Intel confirms that the UEFI source code for Alder Lake processors has been leaked. Last weekend, 5.86GB of bios files and tools appeared to create vibrant images of those processors. The company does not expect this to lead to security vulnerabilities.
Intel Corporation Tom . devices leak confirmed. “It appears that our uefi code was leaked by a third party,” a company spokesperson said. “We don’t think this exposes new vulnerabilities, because we don’t rely on them Obfuscation of information As a security measure,” the company claims. The company states that the symbol Falls under the bug bounty program Users who discover any vulnerabilities are encouraged to report them. “We are reaching out to both customers and the security community to update them on this situation.”
The source code for Intel’s Alder Lake-uefi appeared on 4chan and GitHub this weekend. It is a file that has a size of 2.8 GB when compressed and 5.86 GB when extracted. It is not known where the code came from, but hackers already have them Evidence found to external suppliers. In the leaked code, several references to Lenovo were also found, Writes Bleeping Computer.
Security researcher Mark Ermolov is currently investigating the code. He mentions, among other things, this secret Form records It was leaked. also private signature key From Boot Guard from Intel It seems to have leaked. However, it is not known if this key is currently used in production. So it is not yet clear what the exact consequences of this leak will be. Since Intel claims it does not rely on obfuscation, it is possible that the most sensitive material was removed from the leaked gadgets before being shared with third-party vendors. Tweakers have questions about this at Intel.
Something very bad happened: now, Intel Boot Guard can no longer be trusted on vendor platforms… ☹️ pic.twitter.com/K5mXcp5ipW