"Intel Alder Lake Source Code Leak Caused by Third Party, Boot Guard at Risk of Compromise"
The chip manufacturer has confirmed that a copy of the Intel Alder Lake BIOS posted online is real, and the source code leak has raised security concerns. Inside documentation of Intel Boot Guard, a feature that has been present since the 4th Intel Core generation, is among the proprietary information security researchers have discovered. The Intel Alder Lake leak first emerged as a 2.8 GB ZIP, which expanded to 5.86 GB, posted by an unknown party to 4Chan. It was unclear whether the leak contained any proprietary or inside information at first, but Intel has since confirmed that it is a genuine source code leak. The Intel Alder Lake processor was released in late 2021, but the secrets revealed by this internal documentation and code could span the entire 4th Intel Core generation. In addition to the source code leak, the ZIP file contains many tools for developing BIOS for the platform, as well as private keys and Authenticated Code Modules (ACMs) for security. The source code leak now clearly provides enough information to potentially develop exploits for Intel Alder Lake and other relatively recent Intel chips, though the possibilities may be somewhat limited due to Intel's security approach. According to Intel, the source code leak reveals no new vulnerabilities, and the company does not rely on information obfuscation as a security measure. That statement, however, does not rule out the possibility that the numerous parties currently studying the code will discover something to exploit. Intel encourages any findings to be submitted to its Project Circuit Breaker bug bounty program. Security researcher Mark Ermolov's analysis of the Intel Alder Lake file dump has found that certain aspects of chip security are at risk. A private signing key for Intel Boot Guard was apparently included in the source code leak, which means that if this key is used in production, the feature will be completely broken. This article continues to discuss the Intel Alder Lake source code leak.