Intel confirms leak in Alder Lake BIOS source code

Intel has confirmed the Alder Lake BIOS source leak as genuine. A 6GB file containing tools and code for creating and optimizing BIOS/UEFI images is included in the leaked source code. In the BIOS/UEFI of a computer, the hardware is initialized before the operating system is loaded. In the BIOS, connections to certain security mechanisms such as the TPM (Trusted Platform Module) are also established.

The fact that the code is now in the wild means that cybercriminals will now be looking for ways to exploit it. Security researcher Mark Ermolov discovered secret MSRs Model Specific Registers, which are normally reserved for privileged code and private signature keys that are used for Intel’s Boot Guard that can potentially invalidate the feature. There are also signs of ACMs (Authenticated Code Modules) for BootGuard and TXT (Trusted Execution Technology) which could create further root-trust problems.

However, the impact and breath of the discoveries may be limited, as Intel has already provided suppliers and OEMs with similar tools and information to build the company’s platforms. Since Intel’s declaration is not based on information obfuscation as a security measure, it means that the company has scrubbed the most overly- sensitive material before it was made available to external suppliers.

Intel also encourages researchers to submit vulnerabilities they find to its Project Circuit Breaker bug bounty program, which provides rewards of between $500 and $100,000 per bug.

The sources for this piece include an article in Tomshardware.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web