Skip to main content
  1. Home
  2. Computing
  3. News

Intel Alder Lake BIOS source code was leaked — should you be worried?

Add as a preferred source on Google

It’s official — the source code for the Intel Alder Lake BIOS was leaked, and Intel has confirmed it. A total of 6GB of code used for building the BIOS/UEFI source code is now out in the wild, having been posted on GitHub and 4chan.

Intel doesn’t seem too concerned, but security researchers are now hard at work trying to see if this can be used in a malicious way. If you own an Alder Lake CPU, should you be worried?

Recommended Videos

I can't believe: NDA-ed MSRs, for the newest CPU, what a good day… pic.twitter.com/bNitVJlkkL

— Mark Ermolov (@_markel___) October 8, 2022

News of the leak broke out a couple of days ago when the code was found in a public GitHub repository, as well as shared on 4chan. The 6GB file contains some of the tools and code that Intel has used to build the BIOS/UEFI in its Alder Lake CPUs. Seeing as these are some of the best processors out currently, this could potentially put a lot of Intel’s customers at risk.

The BIOS/UEFI source code is responsible for initializing the hardware even before the operating system has the chance to load. As such, it’s responsible for establishing secure connections to important mechanisms within the computer, such as the Trusted Platform Module (TPM). The BIOS plays an important role in any computer, so it’s certainly not good that the source code for it could now be in the hands of nefarious threat actors.

Initially, it was uncertain whether the leaked file was the real deal, but Intel itself has now confirmed that to be the case. In a statement issued to Tom’s Hardware, Intel said:

“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them to our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.”

Intel’s statement implies that the most sensitive data had already been scrubbed from the source code before it was released to external partners. The source code contains many references to Lenovo, including “Lenovo String Service,” “Lenovo Cloud Service,” and “Lenovo Secure Suite.” Bleeping Computer notes that all of the code was developed by Insyde Software Corp.

An Intel Alder Lake Core i5-12600K CPU and its packaging.
Jacob Roach / Digital Trends

While this leak sounds pretty bad, Intel doesn’t seem to be overly concerned — although it’s good that it refers everyone to its bug bounty program. Many security researchers are already looking for cracks in the code, and some of the findings are less optimistic.

Hardware security firm Hardened Vault told Bleeping Computer: “The attacker/bug hunter can hugely benefit from the leaks even if leaked [manufacturer] implementation is only partially used in the production. The Insyde’s solution can help the security researchers, bug hunters, (and the attackers) find the vulnerability and understand the result of reverse engineering easily, which adds up to the long-term high risk to the users.”

Seeing as a KeyManifest private encryption key was found in the leak, it’s possible that hackers could use it to bypass Intel’s hardware security. Even so, it’s still a fairly long shot, so you probably don’t have to be too worried.

In any case, it’s worth it to keep yourself safe with some antivirus software to ensure that no attackers can access your computer, and subsequently, the BIOS.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Apple’s Hide My Email feature has an unfixed bug that leaves email addresses exposed
100% exploitable in limited testing, known since June 2025, and still unfixed as of today.
apple-merging-sign-in-with-apple-hide-my-email-icloud+

Apple has been selling Hide My Email to keep your real email address hidden, but it has a vulnerability that does the exact opposite. The worst part is that the company has known about it for a year. 

Hide My Email, part of Apple’s paid iCloud+ subscription, lets users generate anonymous email addresses for signing up to a website, so that their personal or work email remains free of promotional emails and spam. 

Read more
I hate sharing my Mac, but a face-unlocking app finally cured my privacy paranoia
Someone finally built the app locker every Mac user has been asking for.
FaceGate in action on Mac

If you have ever handed your Mac to a friend, family member, or coworker for "just a minute," you know the mild panic that follows. Sure, your Mac has a lock screen, but once someone is past it, they can open Messages, Photos, Notes, Mail, WhatsApp, and your browser.

iPhones had the same issue, but Apple solved it by adding an app lock feature with the iOS 18 update. Sadly, no such feature exists for macOS. That’s where the new FaceGate app for Mac can help you. It’s a free and open-source app that lets you lock apps on your Mac and even has some novel tricks up its sleeve. So, let’s talk about it, shall we?

Read more
The charm of a tiny Windows tablet is apparently dead at Microsoft. Long live the Surface Go!
Microsoft’s budget Surface era may be over
Microsoft Surface Go 3 stand.

Microsoft might be cleaning up its Surface lineup. According to Windows Central, Microsoft has stopped manufacturing the Surface Go and Surface Laptop Go lines, with no successors currently planned. Surface Go 4 and Surface Laptop Go 3 are reportedly out of stock in most places, and once remaining retail stock is gone, that may be it.

If this is true, then we are looking at the end of the brand's budget Surface PCs as Microsoft has plenty of premium Windows hardware.

Read more