This article is more than 1 year old
Intel NDA blueprints – 20GB of source code, schematics, specs, docs – spill onto web from partners-only vault
Leaker only 'a bit concerned' about getting sued
Updated Switzerland-based IT consultant Tillie Kottmann on Thursday published a trove of confidential Intel technical material, code, and documents related to various processors and chipsets.
"They were given to me by an anonymous source who breached them earlier this year, more details about this will be published soon," Kottmann wrote on Twitter, suggesting someone had broken into Intel's systems and siphoned off the material. More leaks of secret Intel documents are promised.
A spokesperson for Intel told us the information was likely taken from its Resource and Design Center, which is a private library of resources for computer manufacturers and the like to build systems using Intel's silicon. Access to this center is not open to the public, and its confidential content is intended to be used, for instance, to craft firmware and design motherboards compatible with Chipzilla's microprocessors.
The first tranche of documents, distributed via a Mega file sharing link in a Telegram post and probably mirrored elsewhere by now, weighs in at about 20GB. The data dump contains sensitive Intel files subject to an NDA – a non-disclosure agreement – meaning they are not supposed to be shared in public. The repository, we're told, includes things like:
- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Kaby Lake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for various platforms
- Various Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for Camera drivers Intel made for SpaceX
- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very horrible) Kaby Lake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
- Debug BIOS/TXE builds for various Platforms
- Boot Guard SDK (encrypted zip)
- Intel Snow Ridge / Snowfish Process Simulator ADK
- Various schematics
- Intel Marketing Material Templates (InDesign)
- Lots of other things
Kottmann posted some of the code from the archive on Twitter, such as this snippet after searching for "backdoor" in Intel's firmware sources:
you should definitely search for "backdoor" in the firmware sources though. pic.twitter.com/92vxWITO1h— Tillie 1312 Kottmann #BLM 💛🤍💜🖤 (@deletescape) August 6, 2020
This code, to us, appears to involve the handling of memory error detection and correction rather than a "backdoor" in the security sense. The IOH SR 17 probably refers to scratchpad register 17 in the I/O hub, part of Intel's chipsets, that is used by firmware code.
In this context, I suspect from the mention of ACPI that RAS is Reliability, Availability, and Serviceability, which does memory error detection and correction. IOH SR 17 probably refers to a scratchpad register in the I/O Hub chipset used by the firmware— Chris Williams (@diodesign) August 6, 2020
Via private message, The Register asked Kottmann why they published the files and whether they are concerned about legal action.
"So, I do a lot of leaks and releases," Kottmann replied. "My overall motivation is to free information, and I am just very curious. I also love exposing and looking at the (often horrible) things you can find in proprietary code."
With hardware-related information, Kottmann said, they want to give people the ability to use their own hardware to the fullest and to help security researchers better find and assess potential issues.
"I am a bit concerned about some legal action with this one, as it IS the biggest release yet, but so far I have been fine even with bigger [companies]," said Kottmann, who just a few hours ago shared source code from within Europe's Intellectual Property Office. "And like other leaks, this one is again just exploiting horribly configured infrastructure (with absolutely negligence for security)."
Maker of SonarQube defends DevOps product's security after source code leaks blamed on bad configurationsREAD MORE
In a recent interview with The Register about a code dump that exposed source code from multiple companies including Adobe, Microsoft, Qualcomm and others, Kottmann explained that part of their motivation was to encourage companies not to be careless with security.
"We are investigating this situation," a spokesperson for Intel said. "The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data."
If so, this reminds us of the time Microsoft's private Windows 10 source code intended for "qualified customers, enterprises, governments, and partners for debugging and reference purposes" leaked online in 2017.
This is certainly the season for software and hardware leaks. Last month, a huge trove of internal Nintendo source code and designs from its early days to the modern era was exfiltrated from a contractor and dumped online. ®
Updated to add
The purported source of the leaked Intel documents has explained how they found the material: apparently by scanning the internet with Nmap and finding an unsecured Akamai CDN server hosting Chipzilla's files.
Kottmann also told us the archives passed to them were obtained from the partners-only design center: "As far as I am informed, the data I have was pretty much directly grabbed from the CDN for Intel's Resource and Design Center."
Meanwhile, sources familiar with Intel's investigation told us the shared documents may not be up to date, as it's unclear when the information was fetched from the center, and that no personal or customer data was included in today's dump. At this stage, Intel does not believe it was hacked, we're told.