In October of 2022, Intel’s Alder Lake BIOS source code was leaked online. The leaked code was comprised of firmware components that originated from three sources:
- The independent BIOS vendor (IBV) named Insyde Software,
- Intel’s proprietary Alder Lake BIOS reference code,
- The Tianocore EDK2 open-source UEFI reference implementation.
I obtained a copy of the leaked code and began to hunt for vulnerabilities. This writeup focuses on the vulnerabilities that I found and reported to Insyde Software. These bugs span various System Management Mode (SMM) modules, including:
- Insyde H2O Internal Soft-SMI Interface (IHISI) dispatcher
- Flash BIOS Through SMI (FTBS) handlers
- BIOS Guard SMI handlers
so.cl
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer