A whole bunch of people’s weeks got a whole lot more interesting on Thursday, when Swiss software engineer Tillie Kottmann dropped 20GB of Intel’s confidential intellectual property online with claims of more to come.
Intel exconfidential Lake Platform Release 😉
This is the first 20gb release in a series of large Intel leaks.
Most of the things here have NOT been published ANYWHERE before and are classified as confidential, under NDA or Intel Restricted Secret. pic.twitter.com/KE708HCIqu
— Tillie 1312 Kottmann #BLM 💛🤍💜🖤 (@deletescape) August 6, 2020
Intel has responded to press inquiries about the leak with a statement, writing: “We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”
The Intel Resource and Design Center is a repository of data provided to Intel’s various partners who work with the company on various projects. If you build motherboards for Intel CPUs, for example, you’ll need instructions on how to initialize them at the lowest level.
Most of what I’ve seen from the leaked data does look as though it came from the IRDC. According to Kottmann, the data repository includes:
– Intel ME Bringup guides (flash) tooling samples for various platforms
– Kabylake (Purley Platform) BIOS Reference Code and Sample Code Initialization code (some of it as exported git repos with full history)
– Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
– Silicon / FSP source code packages for various platforms
– Various Intel Development and Debugging Tools
– Simics Simulation for Rocket Lake S and potentially other platforms
– Various roadmaps and other documents
– Binaries for Camera drivers Intel made for SpaceX
– Schematics, Docs, Tools Firmware for the unreleased Tiger Lake platform
– (very horrible) Kabylake FDK training videos
– Intel Trace Hub decoder files for various Intel ME versions
– Elkhart Lake Silicon Reference and Platform Sample Code
– Some Verilog stuff for various Xeon Platforms, unsure what it is exactly.
– Debug BIOS/TXE builds for various Platforms
– Bootguard SDK (encrypted zip)
– Intel Snowridge / Snowfish Process Simulator ADK
– Various schematics
– Intel Marketing Material Templates (InDesign)
– Lots of other things
Now, don’t mistake me — it could be that there’s some killer data lurking in this repository, with major implications for Intel security, or IP, or what have you. I haven’t exactly scanned it. But while a Simics simulation for an unreleased platform is interesting, Simics is a commercial platform you can buy. It’s a full-system simulator used for software development. There could be security flaws lurking in some of the software, and the leaker has encouraged people to look for backdoor mentions in the dump — which is a whole lot different than a leak in which you say “Hey everybody, here’s the 8MB of documents showing where Intel hid the x86 hardware backdoor… no, not IME. The other backdoor.”
Note: The degree to which closed-source processors that run invisible code (from the OS’ perspective) should be considered “backdoors” is hotly contested between a subset of security researchers and open-source computing advocates on the one hand, and Intel and AMD on the other. The former group believes that security processors and “trusted computing” zones should either not exist or, if they do exist, should be based on open, transparent projects. AMD and Intel disagree. The remark above should be considered tongue-in-cheek, particularly if you’re the kind of person who requires a paragraph-long explanation to be mollified by anything.
In any event, it’s not clear how much of this is juicy details and how much of it is dull. Some of it covers chips that were under NDA as recently as May, but the presentations we get on a regular basis are under NDA as well, and trust me, Intel doesn’t give us the keys to the kingdom, so much as information it doesn’t want leaked until it’s ready to announce it. According to Ars Technica, the details were fond on an unsecured server hosted by Akamai.