HardenedVault wrote, ” The protagonist of this leak is a part of the development framework of firmware supplier Insyde, whose framework integrates Intel-authorized content. This framework is mainly for its customer OEM manufacturer Lenovo (Lenovo), according to the timestamp of the leaked warehouse on github . Information, On September 30, 2022, an unidentified user uploaded the overall firmware scheme for the Intel Alder Lake platform, which includes the reference implementation, OEM implementation, IBV scheme, and related documents, with a size of 4.8GB. October 2022 On the 8th, the leak attracted the attention and reports of the media tom’sHardware, and then the leaked warehouse was deleted , but security researchers can still obtain the leaked content from the time machine. Insyde, as an overall firmware solution business, will continue to develop and integrate the support of various platforms. The content of this leak is a shortened version of the Insyde solution, which only supports Alder Lake. There are several interesting content in the leaked content:
Complete toolchain provided by Insyde to simplify unboxing and BIOS image tuning for OEMs
Insyde’s custom framework, which encapsulates EDK2-compatible interfaces, makes it easier for ODMs/OEMs to integrate platform components such as Intel FSP
Intel reference implementation and OEM implementation , the OEM protagonist in this leak is Lenovo
Binary blobs: It is worth noting that in addition to the binary blobs required by various devices (Bluetooth BLE, WiFi, Ethernet, etc.), there are also three different ACMs for security features: BiosGuard, BootGuard and TXT
In addition, a point worth paying attention to is that the key heap used by BootGuard out of the box is also leaked. The ACM in the first half of the x86 boot is signed by Intel, and the second half is controlled by the OEM. Let us hope that Lenovo does not They are used in production environments, please prove us wrong! “
This article is reprinted from: https://www.solidot.org/story?sid=72989
This site is for inclusion only, and the copyright belongs to the original author.