An unknown person has reportedly leaked the source code for Intel’s Alder Lake BIOS onto 4chan, and a duplicate copy has been posted to GitHub. The files are in a 2.8 GB zip file that expands to 5.86 GB after decompression, but we do not know if the contents over there are genuine and contain sensitive source code.  

The news of the leak is shared on Twitter postings from @glowingfreak and @vxunderground.  

The file consists of a plethora of files and tools for the purpose of building a BIOS/UEFI for Intel’s Alder Lake platform and chipsets. It is not clear where the leaker got the files, but the documents surely refer to “Lenovo Feature Tag Test information.” There are a few other clues too that have emerged through the git log. 

Even if the files are proven to have sensitive material in it, it is still not clear whether they could be used to develop exploits and moreover, if it was gained from a source external to Intel. It can be assumed that most motherboard vendors and OEMs would have similar tools and information to build firmware for Intel platforms, and Intel would likely scrub any sensitive material before releasing it to external vendors. Sensitive material is not good if it gets into the hands of nefarious actors, and also little information can lead to big vulnerabilities. Moreover, if it pertains to security features like the TPM (Trusted Platform Module). 

Though we do not know how the files have been obtained, the recent hacks point towards outside vendors who must have stolen information from semiconductor manufacturers indirectly. 

The spate of recent attacks includes an attempt by RansomHouse to extort AMD after having 56GB of data. AMD partner Gigabyte had 112GB of data stolen in the ‘Gigabyte Hack’, but AMD denied to pay the ransom for the latter hack. Therefore, information regarding AMD’s Zen 4 processors was divulged before its release, which was later proved to be genuine. 

Nvidia also faced a recent attack that led to the theft of 1TB of its data, but the GPU-making giant retaliated with its own operations to render the stolen data useless. 

Right now, not many details are known about the Intel leak, but we will keep you updated with the latest information from the company. Hopefully, you will get to know us soon.