Intel confirms that Alder Lake BIOS code has been leaked but expects no new security flaws

Intel Core i9 12900K up-close images with the chip exposed
(Image credit: Future)
Audio player loading…

Intel has confirmed that its proprietary UEFI code for its 12th Gen processors has been leaked. The 6GB file, published to 4chan and Github, contains information regarding the creation and optimisation of BIOS code for Alder Lake chips, however, Intel does not suspect this will expose any new security vulnerabilities. 

See more

"Our proprietary UEFI code appears to have been leaked by a third party," an Intel spokesperson says to Tom's Hardware (opens in new tab)

"We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation."

It appears as though Intel's strategy is to avoid having any 'secret code' as a part of its processor security. I imagine that's to primarily avoid a situation like this one today, where said code could, if in the wrong hands, make mincemeat of its processor security. The company does sound quite confident that this leak shouldn't pose any security threat as a result.

Intel's statement suggests a third party is responsible for the files getting out there, rather than a hack of its own internal systems. As Twitter user SttyK (opens in new tab) and the Tom's Hardware report note, the Github repository was created by an employee at LC Future Center, a China-based laptop manufacturer, and parts of the code mention Lenovo, one of LC Future Center's clients. However, this connection has not been confirmed by Intel or elsewhere.

The exposed UEFI files will still cause concern to security researchers, even if ultimately Intel feels its CPUs will still be safe from nefarious actors. The UEFI works in tandem with the OS to deliver on fundamental security principles within Windows and to ensure that exploits don't gain access to private information. It already appears that security researchers are paying close attention to the leaked files to see what they can uncover.

Those that uncover any vulnerabilities in the code may be in line for a cash reward, too. Intel mentions that the code is covered by its Project Circuit Breaker campaign, which is another name for its bug bounty program. There's a specific "Code Challenge" in place for this particular BIOS leak. It's called "Alders & Seekers (opens in new tab)".

Your next upgrade

(Image credit: Future)

Best CPU for gaming (opens in new tab): The top chips from Intel and AMD
Best gaming motherboard (opens in new tab): The right boards
Best graphics card (opens in new tab): Your perfect pixel-pusher awaits
Best SSD for gaming (opens in new tab): Get into the game ahead of the rest

"Due to the unauthorized disclosure of Intel’s proprietary UEFI code for Alder Lake we are opening the private Alders & Seekers bug bounty campaign to all security researchers. In addition, we have extended the end date of this campaign from October 15, 2022 to 9AM US eastern time on January 20, 2022.  The standard Intel(R) Bug Bounty Program policy applies to this campaign."

So if there are any holes in Alder Lake's security that arise from this leak, here's hoping they'll be patched up before they're more widespread as a result of the bug bounty. These programs can pay handsomely, depending on the severity of the bug, which often attracts some skilled security experts into helping out.

In the meantime, this shouldn't be cause of any immediate concern for PC gamers rocking an Intel Core i9 12900K or other 12th Gen processor. So don't fret. If there is any such cause for concern in the future, making sure you've kept your system up to date and running the latest mitigations will often prove the best defence against these sorts of exploits.

Jacob Ridley
Senior Hardware Editor

Jacob earned his first byline writing for his own tech blog from his hometown in Wales in 2017. From there, he graduated to professionally breaking things as hardware writer at PCGamesN, where he would later win command of the kit cupboard as hardware editor. Nowadays, as senior hardware editor at PC Gamer, he spends his days reporting on the latest developments in the technology and gaming industry. When he's not writing about GPUs and CPUs, however, you'll find him trying to get as far away from the modern world as possible by wild camping.