Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens Wu Yanzu in South China for the delivery of clues! CTOnews.com October 8 news, security expert @ vxunderground said that an anonymous person released the source code of Intel Alder Lake to 4chan, mainly related to some files and tools for Intel Alder Lake platform and chipset BIOS / UEFI.

@ glowingfreak added that a copy of the BIOS source code of the C970 project appeared on GitHub last week. The compressed file is about the size of 2.8GB and unzipped to 5.86GB, but we are currently unable to verify whether it is true or contains sensitive code. Intel has not yet responded.

It's not clear where the whistleblower got the files, but one of the documents mentioned "Lenovo function tag test information," and @ SttyK found other clues through the git log.

The main character of this leak is part of the development framework of firmware supplier Insyde, which integrates the content licensed by Intel. Insyde is the support of various platforms for continuous development and integration of the overall firmware solution. This leak is a deleted version of the Insyde solution, which only supports Alder Lake. There are several interesting contents of the leak:

A complete tool chain provided by Insyde to simplify OEM manufacturers' unpacking and BIOS image adjustment

Insyde's customized framework that encapsulates EDK2-compatible interfaces, making it easier for ODM / OEM vendors to integrate platform components such as Intel FSP

The reference implementation of Intel and the implementation of OEM. The OEM protagonist in this leak is Lenovo Lenovo.

Binary blobs: it is worth noting that in addition to the binary blobs required for various devices (Bluetooth BLE,WiFi, Ethernet, etc.), there are also three different ACM:BiosGuard,BootGuard and TXT for security features

In addition, it is worth noting that the key stack used by BootGuard to open the box is also leaked. The ACM in the first half of x86 startup is signed by Intel, and the second half is controlled by OEM vendor.

CTOnews.com cautioned that currently these files cannot prove whether they contain sensitive files and it is not clear whether they will be used for vulnerability development.

It is worth mentioning that most motherboard brands and OEM manufacturers have similar tools and information, mainly for developing firmware and optimizations for Intel platforms, but Intel tends to remove overly sensitive materials.

But in any case, any internal material is at risk of being compromised, and even a few sentences of source code can cause a major security incident, especially when it comes to security features such as TPM.

Although we don't know how these documents were obtained, recent hacking attacks have been particularly frequent, with several large organizations choosing to steal internal information from technology companies and semiconductor manufacturers, making people suspect motives other than extortion.

A series of recent hacker attacks include RansomHouse's access to AMD's approximately 450GB data and extortion, as well as the infamous "Gigabyte Hack" of AMD, Intel, AMI and Nvidia partner Gigabyte, which resulted in about 112 GB of sensitive data obtained by RansomExx.

In addition, Nvidia was recently attacked by the hacker organization LAPSU$, which led to the theft of more data than 1TB, including some documents and source code for future technology, but the giant fought back with its own hard power, making the stolen data useless.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.