Skip to main content

Intel Alder Lake BIOS source code was leaked — should you be worried?

It’s official — the source code for the Intel Alder Lake BIOS was leaked, and Intel has confirmed it. A total of 6GB of code used for building the BIOS/UEFI source code is now out in the wild, having been posted on GitHub and 4chan.

Intel doesn’t seem too concerned, but security researchers are now hard at work trying to see if this can be used in a malicious way. If you own an Alder Lake CPU, should you be worried?

Recommended Videos

I can't believe: NDA-ed MSRs, for the newest CPU, what a good day… pic.twitter.com/bNitVJlkkL

— Mark Ermolov (@_markel___) October 8, 2022

News of the leak broke out a couple of days ago when the code was found in a public GitHub repository, as well as shared on 4chan. The 6GB file contains some of the tools and code that Intel has used to build the BIOS/UEFI in its Alder Lake CPUs. Seeing as these are some of the best processors out currently, this could potentially put a lot of Intel’s customers at risk.

The BIOS/UEFI source code is responsible for initializing the hardware even before the operating system has the chance to load. As such, it’s responsible for establishing secure connections to important mechanisms within the computer, such as the Trusted Platform Module (TPM). The BIOS plays an important role in any computer, so it’s certainly not good that the source code for it could now be in the hands of nefarious threat actors.

Initially, it was uncertain whether the leaked file was the real deal, but Intel itself has now confirmed that to be the case. In a statement issued to Tom’s Hardware, Intel said:

“Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them to our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation.”

Intel’s statement implies that the most sensitive data had already been scrubbed from the source code before it was released to external partners. The source code contains many references to Lenovo, including “Lenovo String Service,” “Lenovo Cloud Service,” and “Lenovo Secure Suite.” Bleeping Computer notes that all of the code was developed by Insyde Software Corp.

An Intel Alder Lake Core i5-12600K CPU and its packaging.
Jacob Roach / Digital Trends

While this leak sounds pretty bad, Intel doesn’t seem to be overly concerned — although it’s good that it refers everyone to its bug bounty program. Many security researchers are already looking for cracks in the code, and some of the findings are less optimistic.

Hardware security firm Hardened Vault told Bleeping Computer: “The attacker/bug hunter can hugely benefit from the leaks even if leaked [manufacturer] implementation is only partially used in the production. The Insyde’s solution can help the security researchers, bug hunters, (and the attackers) find the vulnerability and understand the result of reverse engineering easily, which adds up to the long-term high risk to the users.”

Seeing as a KeyManifest private encryption key was found in the leak, it’s possible that hackers could use it to bypass Intel’s hardware security. Even so, it’s still a fairly long shot, so you probably don’t have to be too worried.

In any case, it’s worth it to keep yourself safe with some antivirus software to ensure that no attackers can access your computer, and subsequently, the BIOS.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Intel’s promised Arrow Lake autopsy details up to 30% loss in performance
The Core Ultra 9 285K socketed into a motherboard.

Intel's Arrow Lake CPUs didn't make it on our list of the best processors when they released earlier this year. As you can read in our Core Ultra 9 285K review, Intel's latest desktop offering struggled to keep pace with last-gen options, particularly in games, and showed strange behavior in apps like Premiere Pro. Now, Intel says it has fixed the issues with its Arrow Lake range, which accounted for up to a 30% loss in real-world performance compared to Intel's in-house testing.

The company identified five issues with the performance of Arrow Lake, four of which are resolved now. The latest BIOS and Windows Updates (more details on those later in this story) will restore Arrow Lake processors to their expected level of performance, according to Intel, while a new firmware will offer additional performance improvements. That firmware is expected to release in January, pushing beyond the baseline level of performance Intel expected out of Arrow Lake.

Read more
Intel Arrow Lake gets a surprise 33% gaming boost — with one caveat
The Core Ultra 9 285K socketed into a motherboard.

Intel Arrow Lake has struggled to compete against some of the best processors from both AMD and Intel itself, but improvements are on the way. In fact, a completely unexpected update just gave the CPUs a major boost. Unfortunately, there's a caveat: That boost only applies to one game.

The update in question was just announced by CDProjektRed, which has dropped a surprise patch for Cyberpunk 2077. The game studio now promises to improve in-game performance on Arrow Lake CPUs by up to 33%, which is a tune-up that gamers badly need, considering that the CPUs generally failed to impress in gaming scenarios.

Read more
Intel admits defeat on Arrow Lake — but it’s not down for the count
intel core ultra 5 245k review 4

Intel's Arrow Lake CPUs aren't off to a great start. As you can read in our Core Ultra 9 285K review and Core Ultra 5 245K review, Intel's latest CPUs miss the mark across productivity and gaming apps, and they're miles away from some of the best processors you can buy right now. According to Intel, there are several issues with the new platform that it plans to address within a matter of weeks.

In an interview with HotHardware, Intel's Robert Hallock was blunt about the release of Arrow Lake CPUs: "The launch didn't go as planned ... we have a number of things we got to go fix." Hallock, formerly of AMD, is near the top of Intel's technical marketing division. Although he didn't address exactly what's wrong with Arrow Lake, Hallock promised that Intel is working on updates that could significantly improve performance, and that they'll arrive in a matter of weeks.

Read more