Intel has acknowledged that the UEFI code from its Alder Lake 12th-generation processors has been leaked.
Claims of the leak emerged over the weekend in the publication Tom’s Hardware, which Intel has confirmed in a statement.
“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure,” Intel said.
Getting on the front foot, Intel made an offer to security researchers: “This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program.”
Project Circuit Breaker offers bounties up to $US100,000 (A$158,840).
“We are reaching out to both customers and the security research community to keep them informed of this situation,” the company concluded.
The 3GB compressed file posted to 4chan and Github was discussed on Twitter by @VxUnderground and @glowingfreak, who included a link to the Github repository.
Russian security researcher Mark Ermolov of Positive Technologies asserted that the leaked code contained the private signing key for Intel’s Boot Guard technology.
Ermolov claimed this meant Intel Boot Guard “can no longer be trusted”, since an attacker could sign fake firmware and have it accepted as the real thing.
He also said the leak exposed model-specific registers (MSRs), used for functions like debugging and feature enabling/disabling.
Alder Lake chips first started shipping in desktops and laptops late in 2021.
.jpg&h=140&w=231&c=1&s=0)
