Intel Core 12 (Alder Lake), BIOS source code leaked online

The BIOS source code for the 12th Generation Intel Core processors, also known as Alder Lake, is leaked on the Net: the files have been around for a few days, and Intel itself has confirmed their authenticity, at least according to a first analysis. The company believes that this does not pose new security risks to the chips (and consequently of course to the systems on which they are mounted), but independent researchers disagree.

The files appeared online on Friday. A user simply called freak posted on Twitter the link to a GitHub repository containing, according to him, the sources, and citing 4chan as a source. The GitHub repo is called ICE_TEA_BIOSwas posted by a user named LCFCASDand the description reads BIOS Code from project C970. The archive weighs 5.97 GB, and the files have September 30, 2022 as the last modified date. The archive contains among other things:

• source code
• private cryptographic keys
• register changes
• compilation tools
• multiple references to Lenovo services, including Lenovo String Service, Lenovo Secure Suite, Lenovo Cloud Service

According to the sources of BleepingComputerthe code is not developed directly by Intel, but by a third Taiwanese company called Insyde, which specializes in the development of UEFI firmware. At this stage it is not clear the origin of the data: it could be a hacker attack or a “mole” inside one of the two companies.

Intel, we said, does not believe that this exposes new vulnerabilities in the chips because it does not employ information obfuscation techniques as a security measure. On the contrary: the company recalls that the code is covered by Project Circuit Breaker, the internal bug bounty initiative, and encourages all researchers to report any new flaws. In any case, the company said it is in contact with customers and the research community to keep everyone updated as there are developments.

At the same time, however, the first independent analyzes highlight several points in contrast with Intel’s official line: in the meantime, it is emphasized that it will probably be much easier to identify new flaws – and this will be true for researchers of both factions; also was found the KeyManifest private security key which is used to encrypt the Boot Guard platform. It is unclear whether the same key was used in the definitive chips that went on sale, but if so it means that the Boot Guard can be hacked, and therefore is no longer trusted.