Sign in / up

back to article Intel Alder Lake BIOS code leak may contain vital secrets

Source code for the BIOS used with Intel's 12th-gen Core processors has been leaked online, possibly including details of undocumented model-specific registers (MSRs) and even the private signing key for Intel's Boot Guard security technology. The source code was apparently shared via 4chan and GitHub, in a file containing …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. DS999 Silver badge
    Facepalm

    2.8 GIGABYTES of source code??!!

    So much for keeping security critical code small enough that it can be properly audited, or better yet formally proven.

    16 1 Reply
    1. emfiliane
      Reply Icon

      Re: 2.8 GIGABYTES of source code??!!

      Uncompressed size is 5.8 GB. Most of it is not source code, there's a full SVN repo that's stupendously huge, along with the files of the most recent commit, a complete build environment for several different platforms, and a large chunk of the code is various OS-level drivers to interact with the actual UEFI. But yes, it is still pretty huge.

      17 0 Reply
      1. Joe W Silver badge
        Reply Icon

        Re: 2.8 GIGABYTES of source code??!!

        It sounds like there are a ton of binary files in the SVN repo, otherwise they don't grow to stupid sizes (as quickly). Those are usually interesting. Especially those that were "deleted" (but which are actually in the older versions), those tend to contain things like private keys (as mentioned in the article) - which is why they were "deleted" (except you cannot do that, ok, you can, but it is a nightmare to get it right).

        1 0 Reply
    2. heyrick Silver badge
      Reply Icon

      Re: 2.8 GIGABYTES of source code??!!

      Came to say the same thing. It's... the bit that gets everything going before handing over to the installed operating system. What the hell?

      4 1 Reply
    3. captain veg Silver badge
      Reply Icon

      Re: 2.8 GIGABYTES of source code??!!

      From the article:

      > the file contains tools for provisioning or tweaking BIOS images, as well as Intel's reference implementation of the Alder Lake UEFI and an OEM implementation, said to be that of Lenovo.

      But yes, that's a shed-lot of bloat.

      -A.

      7 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    While everybody is concerned about bad guys

    I'd say it is also an opportunity for the good guys to improve UEFI support for Linux.

    12 0 Reply
    1. sreynolds
      Reply Icon

      Re: While everybody is concerned about bad guys

      Why even bother? Just take the keys, the bits that do the CPU and DRAM setup and shove a kernel in the FLASH.

      When there is less Intel Inside(tm), things just run better.

      8 0 Reply
  3. captain veg Silver badge

    airbrushing history

    "Alder Lake being the code-name for the x86 giant's 12th-gen desktop processors."

    Right. So all the chips between 4004 through Core2 weren't desktop processors? That includes all the ones that had names actually ending x86.

    -A.

    3 6 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: airbrushing history

      "Alder Lake is Intel's codename for the 12th generation of Intel Core processors." ca. 2006 And 'desktop' vs. 'mobile'.

      So... slow down, your steam is making your memory foggy.

      4 0 Reply
      1. captain veg Silver badge
        Reply Icon

        Re: airbrushing history

        I am perfectly aware of the limitations of my memory. Which is why my quotation was literally copied and pasted from the second paragraph of the article.

        -A.

        3 0 Reply
  4. eldakka
    Joke

    Maybe this is a marketing attempt to get people to buy 13th-gen?

    (AMD has apparently and understandably had trouble moving it's new 7000 series1, so Intel seeing that may have decided to pre-empt that for their 13th gen by making 12th-gen not just unattractive but actively avoidable and somethnig to upgrade from ASAP)

    ____________________________________________________________________________

    1 if you are on 5000 it is not a worthwhile upgrade dollar/performance, and if you are primarily a gamer and you are on, say, 3000, buying a drop-in CPU replacement to 5000 or especially 5800X3D is much more cost effective than having to purchase - in addition to a CPU - an expenisve motherboard and expensive RAM to go to 7000.

    4 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    I bet right now that shady Israeli phone hacking company, has a team poring through that source code, looking for a way to extend their rootkit to desktop systems.

    These teams that seek to hack us are state backed, and venture capital funded :/

    2 0 Reply
  6. X5-332960073452
    Happy

    So, it could be modded to NOT run Windows 11

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like