A whole bunch of people’s weeks became a whole lot more interesting on Thursday, when Swiss software engineer Tillie Kottmann dropped 20GB of Intel’s confidential intellectual property online with claims of more to come.
https://twitter.com/deletescape/status/1291405688204402689
Intel has responded to press reports about the leak with a statement, writing: ‘We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe that a person with access can download and share this data. ”
The Intel Resource and Design Center is a repository of data provided to various Intel partners working with the company on various projects. For example, if you are building motherboards for Intel CPUs, you will need instructions on how to initialize them at the lowest level.
Most of what I’ve seen from the leaking data looks like it came from the IRDC. According to Kottmann, the data repository includes:
– Intel ME Bringup Guide + (flash) tooling + samples for different platforms
– Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization Code (some of which as exported repos with full history)
– Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader Game)) SOURCES
– Silicon / FSP source code packages for different platforms
– Various tools for Intel development and debugging
– Simics simulation for Rocket Lake S and potentially other platforms
– Various roadmaps and other documents
– Binaries for camera drivers Intel created for SpaceX
– Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
– (very terrible) Kabylake FDK training videos
– Intel Trace Hub + decoder files for various Intel ME versions
– Elkhart Lake Silicon Reference Code and Platform Sample Code
– Some Verilog stuff for different Xeon platforms, not sure what it is exactly.
– Debug BIOS / TXE builds for different platforms
– Bootguard SDK (encrypted zip)
– Intel Snowridge / Snowfish Process Simulator ADK
– Different schemes
– Templates for Intel Marketing Materials (InDesign)
– Many other things
Now, do not forget me – there may be some killer data lurking in this repository, with major implications for Intel security, like IP, or whatever you have. I did not exactly violate it. But while a Simics simulation for an unreleased platform is interesting, Simics is a commercial platform that you can buy. It is a complete system simulator system used for software development. There may be security flaws in some of the software, and the leaker has encouraged people to look for backdoor vulnerabilities in the dump – which is very different from a leak in which you say “Hi everyone, here is the 8MB documents shown here Intel hid the x86 hardware backdoor… No, not IME other back door. “
Note: The extent to which closed-source processors that have invisible code (from the OS’s perspective) are considered “backdoors” is hotly contested between a subset of security researchers and open-source computing advocates on the one hand , and Intel and AMD on the other. The former group believes that security processors and ‘trusted computing’ zones should either not exist, or, if they exist, should be based on open, transparent projects. AMD and Intel disagree. The comment above should be considered tongue-in-cheek, especially if you are the kind of person who requires a paragraph statement to mollify through everything.
In any case, it is not clear how many of these are juicy details and how much of it is duplicate. Some of them include chips that have been under NDA since May, but the presentations we get regularly are also under NDA, and trust me, Intel does not give us the keys to the kingdom, as information will not leak until it is ready is to announce it. According to Ars Technica, the details were experienced on a non-secure server hosted by Akamai.
No Read:
