Intel confirmed The authenticity of the initial texts of UEFI Carries and BIOS, published unknown unknowned unknowned unknown on github. A total of 5.8 GB of code, utilities, documentation, blobs and settings related to the formation of firmware for systems with processors based on the Alder Lake, released in November 2021, were published. The freshest change in the published code is dated September 30, 2022.
At the request of Intel, the leak occurred through the fault of a third party, and not as a result of compromising the company’s infrastructure. It is also mentioned that the code that gets into open access is covered by the program Project Circuit Breaker , which implies payment of remuneration from 500 to 100,000, for identifying problems. with safety in firmware and Intel products (it is understood that researchers can receive a reward for messages about vulnerabilities found using the contents of the leak).
It does not specify who exactly became a source of leakage (access to the tool for assembling the firmware had OEM manufacturers of equipment and companies that develop firmware to order). During the analysis of the contents of the published archive identified some specific tests and services for products (Lenovo Feature Tag Test Information ‘, “Lenovo String Service”, “Lenovo Secure Suite”, “Lenovo Cloud Service”), but Lenovo involvement in the leak has not yet been confirmed. The archive also revealed the utility and libraries Order of OEM manufacturers, and in GIT-Log there is Email of one of the employees of LC Future Center, which produces laptops for different OEM manufacturers. Both companies collaborate with Lenovo.
According to Intel, the code that has an open access does not contain confidential data or some components that could contribute to the disclosure of new vulnerabilities. At the same time, Mark Ermolov, who specializes in the safety study of Intel platforms, revealed in the published archive, information about the shortcomings MSR (Model Specific Registers, are also used to manage microcodes, trace and debugging), information about which is submissive for non-disclosure agreement. Moreover, as part of the archive found a closed key used to certify the digital signature of firmware, which can potentially be used to bypass the protection of Intel Boot Guard (key performance is not confirmed, it is possible that this is a test key).