Intel Confirm Alder Lake UEFI/BIOS Source Code Leak

AleksandarK · Oct 10, 2022

Intel Alder Lake source code for BIOS/UEFI building and optimization has been leaked in a massive 6 GB leak that appeared on 4chan and GitHub. While this number may seem small, it is a colossal codebase, given that the regular code files take up small space. We assume that the documentation is bundled there as well, however, we can not check ourselves as the repository has been taken down. Tom's Hardware has contacted an Intel representative to talk about the code leak and the rep issued a statement for the website.

Intel Spokesperson said:
Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.

While we don't know exactly who made the source code public, assumptions led to Chinese vendors creating software for Lenovo. There are no direct accusations, and Intel hasn't stated who is to blame, so we have to wait for further information.

View at TechPowerUp Main Site | Source

Crackong · Oct 10, 2022

Some PR team put the wrong file in the 'Another Day another Intel Leak' Folder ?

Chaitanya · Oct 10, 2022

Crackong said:
Some PR team put the wrong file in the 'Another Day another Intel Leak' Folder ?

Rather another day another leak. Far too many breaches these days with these companies.

GoldenX · Oct 10, 2022

So, AVX-512 toggles when.

bug · Oct 10, 2022

While this number may seem small, it is a colossal codebase

Why would that seem small? Was the code leaked in 4k HDR uncompressed format?

marios15 · Oct 10, 2022

Well....if this includes microcode...meltdown is going to be back

Deleted member 185088 · Oct 10, 2022

GoldenX said:
So, AVX-512 toggles when.

Unlockable multipliers!

zlobby · Oct 10, 2022

What cyberdefense doing?

Ownedtbh · Oct 10, 2022

zlobby said:
What cyberdefense doing?

for something that is way older than 10 years?

Vayra86 · Oct 10, 2022

zlobby said:
What cyberdefense doing?

Keeping busy

zlobby · Oct 10, 2022

Vayra86 said:
Keeping busy

Ah, a NAFO fella! :cool:

Vayra86 · Oct 10, 2022

Just caught the last line in that article.

'While we don't know exactly who made the source code public, assumptions led to Chinese vendors creating software for Lenovo. There are no direct accusations, and Intel hasn't stated who is to blame, so we have to wait for further information'

Oh boy, Superfish V2, here we come

TheoneandonlyMrK · Oct 10, 2022

This can't be good.

What's the commonality like for uefi between vendors is one question I have.

bug · Oct 10, 2022

TheoneandonlyMrK said:
This can't be good.

This can be better than good. It can show the importance of security that is not built upon closed firmware and things like that. You know, things projects like Coreboot have been preaching for years.

TheoneandonlyMrK · Oct 10, 2022

bug said:
This can be better than good. It can show the importance of security that is not built upon closed firmware and things like that. You know, things projects like Coreboot have been preaching for years.

I mean yes, it could push that correct agenda, but given most Aibs have been hacked at some point does it mean greater security issues for all in the short term.

I am not in security so these questions are both genuine and non confrontational IE I want to know.

Do I need to be careful about bios flashes now from OEM sources etc.

Is it worse than that in respect to this hacked knowledge allowing some serious administration level violation through simple phishing exploits etc.

bug · Oct 10, 2022

TheoneandonlyMrK said:
I mean yes, it could push that correct agenda, but given most Aibs have been hacked at some point does it mean greater security issues for all in the short term.

I am not in security so these questions are both genuine and non confrontational IE I want to know.

Do I need to be careful about bios flashes now from OEM sources etc.

Is it worse than that in respect to this hacked knowledge allowing some serious administration level violation through simple phishing exploits etc.

The first thing you could do, would be to modify the UEFI itself, or some firmware module it uses. But then, you'd need a way to install that on a machine to compromise it. Most people update their UEFI from the motherboard's manufacturer's site. And you get newer firmware modules through Windows or Linux updates. While I'm sure someone will find a way to do just that, I expect the damage to be limited to users that get their updates from questionable sources. I.e., very limited.

But I'm no security expert, let's wait and see what they have to say.

zlobby · Oct 10, 2022

bug said:
The first thing you could do, would be to modify the UEFI itself, or some firmware module it uses. But then, you'd need a way to install that on a machine to compromise it. Most people update their UEFI from the motherboard's manufacturer's site. And you get newer firmware modules through Windows or Linux updates. While I'm sure someone will find a way to do just that, I expect the damage to be limited to users that get their updates from questionable sources. I.e., very limited.

But I'm no security expert, let's wait and see what they have to say.

Many UEFI have OS interfaces to push blobs to them. Or worse, there are undocumented ways to push new code (even unsigned one) to UEFI, without the users even knowing.

bug · Oct 10, 2022

zlobby said:
Many UEFI have OS interfaces to push blobs to them.

Of course they do, that's how you get new firmware through Windows or Linux update.

zlobby said:
Or worse, there are undocumented ways to push new code (even unsigned one) to UEFI, without the users even knowing.

Idk about undocumented means, but it's not like users are too aware when they get a firmware update anyway. Luckily, that's what makes them likely to be using the default update channels: they don't know how to mess with that.
That changes if the users click on "install this asap for added security" email they got from an innocent bystanders. But you can't save those users anyway.

mechtech · Oct 10, 2022

"Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities"

But is it possible??

zlobby · Oct 10, 2022

bug said:
Of course they do, that's how you get new firmware through Windows or Linux update.

Idk about undocumented means, but it's not like users are too aware when they get a firmware update anyway. Luckily, that's what makes them likely to be using the default update channels: they don't know how to mess with that.
That changes if the users click on "install this asap for added security" email they got from an innocent bystanders. But you can't save those users anyway.

Every update that you didn't get from an official source and you didn't deploy it yourself is a security risk.
I for one prefer to be able to update UEFI only from one place, needing the physical presence of moir.

natr0n · Oct 10, 2022

hacked optimizations perhaps

Dyatlov A · Oct 10, 2022

Maybe we can adjust SA voltage for non K processors after this?

zlobby · Oct 10, 2022

Dyatlov A said:
Maybe we can adjust SA voltage for non K processors after this?

Only if you put your order in the log, comrade?

3.6V. Not great, not terrible.

PapaTaipei · Oct 10, 2022

We do not believe this exposes any new security vulnerabilities

The key word here is "BELIVE"...

R-T-B · Oct 11, 2022

marios15 said:
Well....if this includes microcode...meltdown is going to be back

If they were relying on security through obscurity maybe. Nobody does that anymore though. This should make little difference, and maybe even help the overall security.

PapaTaipei said:
We do not believe this exposes any new security vulnerabilities

The key word here is "BELIVE"...

Believe. And That's all you can ever do when predicting the future.

mechtech said:
But is it possible??

Anything is possible. But they'd have to be doing some seriously bad practice for it to make things worse.

zlobby said:
Many UEFI have OS interfaces to push blobs to them. Or worse, there are undocumented ways to push new code (even unsigned one) to UEFI, without the users even knowing.

Those loopholes are closed on most modern builds by vendors these days, at least for unsigned code. There was a big push to eliminate that a year or so ago. And thank god, because UEFI malware was on the cusp of becoming a real issue...

TheoneandonlyMrK said:
I mean yes, it could push that correct agenda, but given most Aibs have been hacked at some point does it mean greater security issues for all in the short term.

Not likely.

System Name	Personal Gaming Rig
Processor	Ryzen 7800X3D
Motherboard	MSI X670E Carbon
Cooling	MO-RA 3 420
Memory	32GB 6000MHz
Video Card(s)	RTX 4090 ICHILL FROSTBITE ULTRA
Storage	4x 2TB Nvme
Display(s)	Samsung G8 OLED
Case	Silverstone FT04

System Name	Ciel
Processor	AMD Ryzen R5 5600X
Motherboard	Asus Tuf Gaming B550 Plus
Cooling	ID-Cooling 224-XT Basic
Memory	2x 16GB Kingston Fury 3600MHz@3933MHz
Video Card(s)	Gainward Ghost 3060 Ti 8GB + Sapphire Pulse RX 6600 8GB
Storage	NVMe Kingston KC3000 2TB + NVMe Toshiba KBG40ZNT256G + HDD WD 4TB
Display(s)	AOC Q27G3XMN + Samsung S22F350
Case	Cougar MX410 Mesh-G
Audio Device(s)	Kingston HyperX Cloud Stinger Core 7.1 Wireless PC
Power Supply	Aerocool KCAS-500W
Mouse	EVGA X15
Keyboard	VSG Alnilam
Software	Windows 11

Processor	Intel i5-12600k
Motherboard	Asus H670 TUF
Cooling	Arctic Freezer 34
Memory	2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s)	EVGA GTX 1060 SC
Storage	500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s)	Dell U3219Q + HP ZR24w
Case	Raijintek Thetis
Audio Device(s)	Audioquest Dragonfly Red :D
Power Supply	Seasonic 620W M12
Mouse	Logitech G502 Proteus Core
Keyboard	G.Skill KM780R
Software	Arch Linux + Win10

Processor	i7 8700k 4.6Ghz @ 1.24V
Motherboard	AsRock Fatal1ty K6 Z370
Cooling	beQuiet! Dark Rock Pro 3
Memory	16GB Corsair Vengeance LPX 3200/C16
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Fractal Design Define R5
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	XTRFY M42
Keyboard	Lenovo Thinkpad Trackpoint II
Software	W10 x64

Processor	i7 8700k 4.6Ghz @ 1.24V
Motherboard	AsRock Fatal1ty K6 Z370
Cooling	beQuiet! Dark Rock Pro 3
Memory	16GB Corsair Vengeance LPX 3200/C16
Video Card(s)	ASRock RX7900XT Phantom Gaming
Storage	Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s)	Gigabyte G34QWC (3440x1440)
Case	Fractal Design Define R5
Audio Device(s)	Harman Kardon AVR137 + 2.1
Power Supply	EVGA Supernova G2 750W
Mouse	XTRFY M42
Keyboard	Lenovo Thinkpad Trackpoint II
Software	W10 x64

Intel Confirm Alder Lake UEFI/BIOS Source Code Leak

AleksandarK

News Editor

Crackong

Chaitanya

GoldenX

bug

marios15

Deleted member 185088

Guest

zlobby

Ownedtbh

Vayra86

zlobby

Vayra86

TheoneandonlyMrK

bug

TheoneandonlyMrK

bug

zlobby

bug

mechtech

zlobby

natr0n

Dyatlov A

zlobby

PapaTaipei

R-T-B

System Name	RyzenGtEvo/ Asus strix scar II
Processor	Amd R5 5900X/ Intel 8750H
Motherboard	Crosshair hero8 impact/Asus
Cooling	360EK extreme rad+ 360$EK slim all push, cpu ek suprim Gpu full cover all EK
Memory	Corsair Vengeance Rgb pro 3600cas14 16Gb in four sticks./16Gb/16GB
Video Card(s)	Powercolour RX7900XT Reference/Rtx 2060
Storage	Silicon power 2TB nvme/8Tb external/1Tb samsung Evo nvme 2Tb sata ssd/1Tb nvme
Display(s)	Samsung UAE28"850R 4k freesync.dell shiter
Case	Lianli 011 dynamic/strix scar2
Audio Device(s)	Xfi creative 7.1 on board ,Yamaha dts av setup, corsair void pro headset
Power Supply	corsair 1200Hxi/Asus stock
Mouse	Roccat Kova/ Logitech G wireless
Keyboard	Roccat Aimo 120
VR HMD	Oculus rift
Software	Win 10 Pro
Benchmark Scores	8726 vega 3dmark timespy/ laptop Timespy 6506

Processor	Ryzen 5700x
Motherboard	Gigabyte X570S Aero G R1.1 BiosF5g
Cooling	Noctua NH-C12P SE14 w/ NF-A15 HS-PWM Fan 1500rpm
Memory	Micron DDR4-3200 2x32GB D.S. D.R. (CT2K32G4DFD832A)
Video Card(s)	AMD RX 6800 - Asus Tuf
Storage	Kingston KC3000 1TB & 2TB & 4TB Corsair LPX
Display(s)	LG 27UL550-W (27" 4k)
Case	Be Quiet Pure Base 600 (no window)
Audio Device(s)	Realtek ALC1220-VB
Power Supply	SuperFlower Leadex V Gold Pro 850W ATX Ver2.52
Mouse	Mionix Naos Pro
Keyboard	Corsair Strafe with browns
Software	W10 22H2 Pro x64

System Name	natr0n-PC
Processor	Ryzen 5950x/5600x
Motherboard	B450 AORUS M
Cooling	EK AIO 360 - 6 fan action
Memory	Patriot - Viper Steel DDR4 (B-Die)(4x8GB)
Video Card(s)	EVGA 3070ti FTW
Storage	Various
Display(s)	PIXIO IPS 240Hz 1080P
Case	Thermaltake Level 20 VT
Audio Device(s)	LOXJIE D10 + Kinter Amp + 6 Bookshelf Speakers Sony+JVC+Sony
Power Supply	Super Flower Leadex III ARGB 80+ Gold 650W
Software	XP/7/8.1/10
Benchmark Scores	http://valid.x86.fr/79kuh6

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64