Intel has confirmed that its proprietary UEFI code for its 12th Gen processors has been leaked. The 6GB file, published to 4chan and Github, contains information regarding the creation and optimisation of BIOS code for Alder Lake chips, however, Intel does not suspect this will expose any new security vulnerabilities.
The source code to the Intel Alder Lake has been leaked online.* Alder Lake CPU was released November 4, 2021* Source code is 2.8GB (compressed)* Leak (allegedly) from 4chan* We have not reviewed the entirety of the code base, it is massiveOctober 8, 2022
«Our proprietary UEFI code appears to have been leaked by a third party,» an Intel spokesperson says to Tom's Hardware(opens in new tab).
«We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.»
It appears as though Intel's strategy is to avoid having any 'secret code' as a part of its processor security. I imagine that's to primarily avoid a situation like this one today, where said code could, if in the wrong hands, make mincemeat of its processor security. The company does sound quite confident that this leak shouldn't pose any security threat as a result.
Intel's statement suggests a third party is responsible for the files getting out there, rather than a hack of its own internal systems. As Twitter user SttyK(opens in new tab) and the Tom's
Read more on pcgamer.com