Exconfidential Lake: 20GB of Intel IP Dumped on Internet in Major Data Leak

This web site may well gain affiliate commissions from the hyperlinks on this website page. Phrases of use.

A total bunch of people’s months acquired a total whole lot a lot more attention-grabbing on Thursday, when Swiss program engineer Tillie Kottmann dropped 20GB of Intel’s confidential intellectual home on the net with claims of a lot more to occur.

Intel has responded to push inquiries about the leak with a statement, writing: “We are investigating this scenario. The info seems to occur from the Intel Source and Style and design Heart, which hosts info for use by our prospects, companions and other external events who have registered for entry. We think an individual with entry downloaded and shared this facts.”

The Intel Source and Style and design Heart is a repository of facts delivered to Intel’s various companions who do the job with the enterprise on various projects. If you establish motherboards for Intel CPUs, for case in point, you are going to have to have directions on how to initialize them at the cheapest stage.

Most of what I’ve witnessed from the leaked facts does look as while it arrived from the IRDC. According to Kottmann, the facts repository incorporates:

– Intel ME Bringup guides + (flash) tooling + samples for various platforms
– Kabylake (Purley System) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with comprehensive background)
– Intel CEFDK (Customer Electronics Firmware Progress Package (Bootloader stuff)) Sources
– Silicon / FSP source code packages for various platforms
– Different Intel Progress and Debugging Equipment
– Simics Simulation for Rocket Lake S and potentially other platforms
– Different roadmaps and other documents
– Binaries for Camera motorists Intel manufactured for SpaceX
– Schematics, Docs, Equipment + Firmware for the unreleased Tiger Lake platform
– (really horrible) Kabylake FDK training video clips
– Intel Trace Hub + decoder information for various Intel ME variations
– Elkhart Lake Silicon Reference and System Sample Code
– Some Verilog stuff for various Xeon Platforms, uncertain what it is accurately.
– Debug BIOS/TXE builds for various Platforms
– Bootguard SDK (encrypted zip)
– Intel Snowridge / Snowfish Process Simulator ADK
– Different schematics
– Intel Marketing Content Templates (InDesign)
– Tons of other factors

Now, really do not oversight me — it could be that there’s some killer facts lurking in this repository, with major implications for Intel security, or IP, or what have you. I haven’t accurately scanned it. But although a Simics simulation for an unreleased platform is attention-grabbing, Simics is a business platform you can obtain. It’s a comprehensive-process simulator used for program enhancement. There could be security flaws lurking in some of the program, and the leaker has encouraged people today to look for backdoor mentions in the dump — which is a total whole lot distinctive than a leak in which you say “Hey all people, here’s the 8MB of documents exhibiting in which Intel hid the x86 components backdoor… no, not IME. The other backdoor.”

Observe: The degree to which closed-source processors that run invisible code (from the OS’ standpoint) should be viewed as “backdoors” is hotly contested amongst a subset of security scientists and open up-source computing advocates on the a single hand, and Intel and AMD on the other. The former team thinks that security processors and “trusted computing” zones should both not exist or, if they do exist, should be dependent on open up, transparent projects. AMD and Intel disagree. The remark above should be viewed as tongue-in-cheek, significantly if you are the form of particular person who requires a paragraph-lengthy clarification to be mollified by just about anything.

In any function, it’s not crystal clear how substantially of this is juicy information and how substantially of it is uninteresting. Some of it addresses chips that had been beneath NDA as recently as Could, but the presentations we get on a common foundation are beneath NDA as properly, and have confidence in me, Intel doesn’t give us the keys to the kingdom, so substantially as info it doesn’t want leaked right until it’s ready to announce it. According to Ars Technica, the information had been fond on an unsecured server hosted by Akamai.

Now Examine:

Leave a Reply

Your email address will not be published. Required fields are marked *