"Intel Alder Lake BIOS Code Leak May Contain Vital Secrets"

The source code for the BIOS used with Intel's 12th-generation Core processors has been leaked online, possibly including details of undocumented Model-Specific Registers (MSRs) and Intel's Boot Guard security technology's private signing key. The source code appears to have been distributed through 4chan and GitHub in the form of a file containing tools and code for generating and optimizing BIOS/UEFI firmware images, as well as related documentation. The source code may reveal exploitable vulnerabilities in the firmware that threat actors could exploit on people's computers in the future. According to reports, the file contains tools for provisioning or tweaking BIOS images, Intel's reference implementation of the Alder Lake UEFI, and an OEM implementation, allegedly from Lenovo. Intel has now confirmed that the leak is its UEFI firmware code. Intel has stated that it does not believe this leak exposes any vulnerabilities to exploit writers, but that anyone who finds any bugs in the leaked BIOS code can claim a reward through the company's bug bounty program. According to Intel, a third party appears to have leaked its proprietary UEFI code. Intel believes this does not expose any new security vulnerabilities because it does not rely on information obfuscation as a security measure. This code is covered by Intel's bug bounty program as part of the Project Circuit Breaker campaign, and any researchers who discover potential vulnerabilities are encouraged to report them through the program. One security researcher has already identified information from the files that Intel may not have wanted revealed, such as details of Alder Lake MSRs, undocumented registers within the processor used for functions such as debugging, enabling, or disabling specific chip features. This article continues to discuss the Intel Alder Lake BIOS code leak.

The Register reports "Intel Alder Lake BIOS Code Leak May Contain Vital Secrets"