On Twitter, there are threads starting on the recent MSI data breach. Security researchers are probing the leaked materials and seem to be uncovering something interesting: Intel BootGuard private keys may have been leaked.
Intel BootGuard OEM Private Key Allegedly Leaked
Here is the start of the thread from Alex Matrosov on Twitter (we are going to embed the tweets so you can follow these easily):
https://twitter.com/matrosov/status/1653923749723512832
Apparently, the Intel BootGuard OEM private keys are compromised.
https://twitter.com/binarly_io/status/1654287041339998208
Here is the OEM key manifest screenshot:
⛓️Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem. It appears that Intel BootGuard may not be effective on certain devices based on the 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake. Our investigation is ongoing, stay tuned for updates. https://t.co/rkxZIpReE8 pic.twitter.com/fLopw1qeSD
— Alex Matrosov (@matrosov) May 5, 2023
Intel BootGuard is a form of protection, like Secure Boot, but with a key difference. BootGuard requires an Authenticated Code Module which is signed cryptographically.
The impact of the OEM key leaking is enormous for the industry. It could mean that attackers can sign tampered systems and then gain access to what would be considered a secure system.
Final Words
This is one of those that if indeed the keys were leaked during the MSI breach, it would be a huge deal. One of the challenges with cryptographically signing firmware in order to ensure platform security makes sense, but it also exposes a major systemic risk. If a large vendor like Intel, Microsoft, AMD, NVIDIA, Apple, or others have their keys leaked, it can cause an enormous downstream impact.
Overall, the industry is moving more towards these types of secure boot and cryptographic signing schemes. If this leak is indeed true, then it highlights the need to protect things like these private keys.
Our hope is that it is not true, but if it is, then we are going to need Intel with its OEMs to come up with a solution soon as this is bad not just from the potential attack perspective, but it is also important to restore trust in the industry.
Now we are waiting to hear confirmation from others, and perhaps Intel itself, that the BootGuard key was leaked. Stay tuned for more.
Update 2023-05-08 from Intel: “Intel sent STH a statement: Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data including MSI OEM Signing Keys for Intel® BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys.”
Update 2023-05-09 from Supermicro: “Based on our current review, Supermicro products are not affected. Please go to our security portal for further updates.”
Oh boy I sure do love these low level “security” mechanisms especially when they misbehave which is all the time in the last 15 years
Oh dear. One key for ALL these systems? I’m guessing Intel wishes they’d made a key per partner or something like that.
This is not a bad thing, it gives users the freedom to modify their own machine’s firmware, it prevents DRM uses. It is positively a good thing if true. I really wish none of this signed firmware crap existed, instead just have external hardware to read the firmware that users can use to check that the firmware hasn’t been modified, then you have some true assurances rather than ceding control to the manufacturer to keep you ‘safe’.
I’m not holding out much hope; but it would be nice if this episode would encourage some more pushback on Intel’s habit of maintaining a much hyped but comparatively ill-documented roster of snappily named black boxes that are more ‘trusted’ than trustworthy.
We have what appears to be a significant key handling fiasco and so far all the information is 3rd parties who have been reverse engineering around the edges of Intel’s various buzzwords; along with some Intel pitch decks about the glories of “Hardware Shield” and not even an official response. Not a great look.
Why did MSI even have access to Intel’s private keys? You would have thought that MSI just had their own keys which were signed by Intel.
That you can compromise other OEMs is astounding.
Why is this even a surprise to anyone? Every lock is destined to be busted. It’s a matter of being able to mimimize and localize the damage. The Intels, AMDs, Ciscos etc of the world hording the silver bullet that kills everyone all at once has been, is and will always be the fevered dream of security kabuki theatre because obviously key ancryption 123 and protocol XYZ can never be broken…except with money, physical violence and the quest for glory by ones deeds. So, basically unbreakable security and this is just a totally unavoidable black swan event no one can expect or prepare for and move along, nothing to see here.
Are there other leaks that have not become public?
Likely this is not the first, or the last.
From history, we know that secrets leak.
How about instead of relying on trust we rely on verification instead? That would mean publishing the source of a lot of components, in which case we can build and verify it ourselves and use our own keys to sign stuff instead of relying on security by obscurity with a big helping of certification snake-oil.
@Nils
If AMD’s openSIL plan ends up working as announced, it will go a long way. It is not going to be 100% there, but a lot better than what we have today.