The Intel CoreAlder Lake BIOS source code has leaked online, and the uncompressed version has a 5.9GB capacity, which is likely to have been leaked from a partner.
Netizens speculated that the code came from 4chan. It was shared on GitHub yesterday and retired today. Someone read the source code log and saw that the release date was September 30th. The author is an employee of the LC Future Center. The code is still obtained by other means. .
I can’t believe: MSR with NDA, for the brand new CPU, what a beautiful day … pic.twitter.com/bNitVJlkkL
– Mark Ermolov (@_markel___) 8 October 2022
It took several days to read the entire code, but someone found multiple references to “functional label testing” in the code, which in turn links the leak to the OEM. I heard that some of the code mentioned AMD’s CPU, which indicates that the code was tampered with after the leak. Surprisingly, one researcher found explicit references to undocumented MSRs that could pose a significant safety risk.
The Model Specific Register (MSR) is only accessible by privileged code such as BIOS or operating system. Vendors use them to toggle options within the CPU.
A CPU probably has several hundred MSRs, while Intel and AMD only publish more than half of the files. Undocumented MSRs are often associated with options that CPU manufacturers want to keep secret. For example, the researchers discovered an undocumented MSR within AMD K8 CPUs to enable privileged debug mode. MSR plays an important role in security. Both Intel and AMD use the MSR option to close the Spectrum hole.
Security researchers have shown that it is possible to create new exploit vulnerabilities in modern CPUs by manipulating undocumented MSRs. The circumstances under which this could happen are very complex and not necessarily what is happening now, but it is still a possibility. It is up to Intel to explain the situation and the risk to its customers.
