A file that is considered to be the source code related to BIOS compatible with Intel’s 12th generation Core series CPU, known by the codename “Alder Lake“, leaked to 4Chan and GitHub.
The 6GB file contained tools and code for building and optimizing BIOS/UEFI images; Intel has issued statements confirming the authenticity of the leaked files.
Intel said, “Our proprietary UEFI code was leaked, but we do not believe this will lead to the exposure of new security vulnerabilities. If you find a potential vulnerability, please let us know through the program.”
As the manufacturer emphasizes that the data that has now been disclosed poses no danger to users. The source code for the BIOS, like other code, is analyzed for security vulnerabilities and is part of Intel’s bug bounty programs.
Renowned security researcher Mark Ermolov is working on analyzing the leaked code. He reported that he discovered MSRs (Model Specific Registers), which could lead to security problems, and that he also found Intel Boot Guard‘s private key, which could disable this feature.
However, most motherboard vendors and OEMs have information similar to the leaked code so any impact would be limited. Intel is optimistic, but since the actual Alder Lake BIOS/UEFI code has been leaked, malicious hackers and security researchers will certainly look for backdoors and vulnerabilities and scrutinize them.
The GitHub repository was already removed at the time of article writing. However, it may be found on the Internet Archive, among other places. Intel has not yet identified who, where, or how the code was leaked.
However, the GitHub repository is known to have been created by someone believed to be an employee of LC Future Center, which makes OEM laptops for Lenovo and others. One leaked document is labelled “Lenovo Feature Tag Test Information”, indicating its connection to the leak.
