The Binarly security research team conducts an analysis of the recent Intel and Lenovo source code leaks to model the potential impact.

Over the past two years, attacks on multiple targets in the semiconductor industry have consistently led to leaks of firmware source code. A compromised developer device could potentially give an attacker access to the source code repository, adding a major gap in the security of the software supply chain.

A few weeks ago, news emerged about a firmware code leak from Lenovo that includes Intel Alder Lake reference code from the most recent devices. There was a lot of unfounded speculation on the internet about the impact of the leak, including discussions on the Intel Boot Guard private key leak and whether it makes the security technology no longer effective.

In this blog, the Binarly REsearch team will provide a deep-dive to explain how Intel Boot Guard works, what exactly was leaked, and to provide an assessment of the leak’s real impact.

Our analysis of all publicly available firmware images from Lenovo devices resulted in the following key discoveries:

• There have been 72 unique keys generated for BootGuard Key Manifest (KEYM) since 2015.
• Since 2015, a total of 74 unique keys have been generated for Boot Policy Manifest (BPM).
• Lenovo uses the exact same key for KEYM and BPM for different devices in the ThinkCentre and IdeaCentre product series. That leads to a general misunderstanding of the Intel Boot Guard technology and the misleading the purpose of those keys. It's no separation of Boot Guard’s trusted chain into two consecutive parts, which allows to reduce the impact of a compromised chain of trust in case the leaked keys.
• Another interesting observation: sometimes Lenovo changes both keys to new ones and then after a few updates later, roll back the old keys. The goal of these actions could only be assumed.

Let’s dive into Intel Boot Guard internals to better understand this technology and the impact of these kinds of firmware supply chain compromises. The Boot Guard is unfortunately not documented by Intel but some of the information was recovered by Binarly REsearchers in the past -- see this Black Hat 2017 presentation.

First, Intel Boot Guard is a hardware-based technology intended to protect PCs against executing non-genuine UEFI Firmware, which could happen in case a possible attacker has bypassed protection against modification of BIOS.

If Intel Boot Guard is enabled on the platform, upon powering on the platform and prior to execution of BIOS, the BootStrap Processor (BSP) wakes up to locate Firmware Interface Table (FIT) using a pointer stored at a fixed address 0xFFFFFFC0.

LABScon_2022_Binarly_Discloses_High_Impact_Firmware_Vulnerabilities_In_Insyde_Based_Devices

This table contains pointers to firmware objects related to startup and security procedures, including Boot Guard specific files:

• Boot Guard Authentication Code Module (ACM);
• Boot Guard Key Manifest (KEYM);
• Boot Guard Boot Policy Manifest (BPM).

The UEFITool automatically parses this data and display it in human readable format: