An employee of a Chinese PC manufacturer has published the source code of Intel's 12th generation Alder Lake BIOS on GitHub
The source code for the Alder Lake BIOS appeared on GitHub and although it has been deleted it is already circulating in mirrors on various sites. It was leaked in its entirety, 5,9GB in size uncompressed, possibly by someone working at a motherboard vendor or accidentally by a Lenovo manufacturer.
The Alder Lake it is Intel's codename for the 12th generation Intel Core processors, based on a hybrid architecture using Golden Cove cores and Gracemont cores.
It is not clear who exactly blew it, so there are many rumors. Some Twitter users believe that the code came from 4chan.
Anyway it was on GitHub yesterday and before it was removed, someone noticed the post log and found that it was dated September 30 and that it was drawn up by one of its employees L.C. Future Center, a Chinese company that probably makes laptops for Lenovo.
The code is now available in many mirrors, shared and discussed all over the internet.
It may take days for someone to analyze all 5,9GB, but those already searching have revealed some interesting sections. There are many references in a “Lenovo Feature Tag Test” further linking the leak to the OEM manufacturer.
The most worrying thing is that one researcher found explicit references to undocumented MSRs, which could pose a significant security risk.
MSRs are special registers that can only be accessed by the BIOS and operating system. Vendors use them to toggle options within the CPU, such as enabling special debugging or performance monitoring functions.
Security researchers have shown that it is possible to create a new type of attack on modern CPUs by manipulating undocumented MSRs. The scenario in which this although complex remains a possibility. It is up to Intel to clarify the situation and risks to its customers.