Intel private keys used to certify MSI firmware, leaked
Micro-Star International Co., Ltd (MSI) is a Taiwanese multinational information technology corporation headquartered in New Taipei City, Taiwan. It designs, develops and provides computer hardware, related products and services, including laptops, desktops, motherboards, graphics cards, all-in-one PCs, servers, industrial computers, PC peripherals, car infotainment products, etc.
During the attack on the systems of the company MSI, the attackers (Money Message ransomware group) managed to extract more than 1TB of internal data of the company, containing among other things, the source code of the firmware and related tools. They demanded $4 million for non-disclosure and all the data was publicly published when MSI didn’t pay the ransom.
Among the published data were Intel’s private keys transmitted to OEM manufacturers, which were used to certify the released firmware with a digital signature and to ensure secure boot using Intel BootGuard technology. The presence of firmware authentication keys makes it possible to generate correct digital signatures for fictitious or modified firmware. The Boot Protection keys allow you to bypass the mechanism of launching only verified components at the initial boot stage, which can be used, for example, to compromise the verified boot mechanism of UEFI Secure Boot.