Stepping Insyde System Management Mode
In October of 2022, Intel’s Alder Lake BIOS source code was leaked online. The leaked code was comprised of firmware components that originated from three sources:
- The independent BIOS vendor (IBV) named Insyde Software,
- Intel’s proprietary Alder Lake BIOS reference code,
- The Tianocore EDK2 open-source UEFI reference implementation.
I obtained a copy of the leaked code and began to hunt for vulnerabilities. This writeup focuses on the vulnerabilities that I found and reported to Insyde Software. These bugs span various System Management Mode (SMM) modules, including:
- Insyde H2O Internal Soft-SMI Interface (IHISI) dispatcher
- Flash BIOS Through SMI (FTBS) handlers
- BIOS Guard SMI handlers