Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

by do son · May 6, 2023

In April, MSI fell victim to a cyberattack perpetrated by the ransomware group Money Message, who successfully infiltrated MSI’s internal systems and exfiltrated a staggering 1.5TB of data, predominantly comprising source code.

Nowadays, ransomware typically exfiltrates data before encrypting it, using the stolen information as leverage against victims who are unwilling to pay the ransom or seek to restore their systems from backups. In the absence of ransom payments, the data is then released publicly.

Money Message demanded a $4 million ransom from MSI, and it appears that MSI has not paid, as some of the stolen data has already surfaced online.

The MSI data breach led to the leakage of the Intel OEM private key, which could significantly undermine UEFI’s secure boot security.

It has been confirmed that the private key (KeyManifest) provided by Intel to OEMs has been leaked. These keys pertain to Intel Boot Guard digital signatures, a processor feature designed to ensure that computers only run verified programs before booting.

In essence, this concerns UEFI secure boot, a mechanism that validates programs prior to operating system startup to prevent malware from running.

The leaked private keys affect Intel’s 11th, 12th, and 13th generation processors and were distributed to various OEMs, including Intel itself, Lenovo, and Supermicro.

According to security research firm Binarly, the leaked Intel Boot Guard BPM/KM keys impact at least 166 MSI products, with the extent of the damage to other products currently unknown.

Instances of leaks involving Intel Boot Guard private keys have occurred previously, with at least two separate incidents last year involving partial key leaks.

Theoretically, if these private keys have been employed in production environments, they could pose significant threats, allowing malefactors to modify firmware boot policies and bypass hardware security measures.

Neither MSI nor Intel has issued statements on the matter, leaving the full extent of the private key leaks unclear. It is possible that the hackers are gradually releasing data to pressure MSI into paying the ransom, which suggests that more data is likely to be disclosed in the future.