Intel's Alder Lake BIOS Source Code Reportedly Leaked Online
tomshardware.comThis article seems to assume that computers are secure as long as source code is secret. The opposite is true, only open source can give maxium security.
(Of course the owner of the system might still want to secure their system e.g. by digital signatures. Open source does not mean open write access.)
> This article seems to assume that computers are secure as long as source code is secret. The opposite is true, only open source can give maxium security.
Citation needed, open source can just have as problematic security problems as closed source even when they are high profile.
Random web search: https://ithemes.com/blog/security-vs-security-through-obscur... (And that points to NIST)
Nobody said that open source has no security bugs. No software that does something useful is bug-free.
Maybe over a very long time, having the source code just means you can peruse the thing at leisure and find holes that you can then exploit. Security by obfuscation is very effective.
To me personally, the weirdest part about this whole story is Intel's response:
"Our proprietary UEFI code appears to have been leaked by a third party. We do not believe this exposes any new security vulnerabilities as we do not rely on obfuscation of information as a security measure. This code is covered under our bug bounty program within the Project Circuit Breaker campaign, and we encourage any researchers who may identify potential vulnerabilities to bring them our attention through this program. We are reaching out to both customers and the security research community to keep them informed of this situation." — Intel spokesperson.
It is almost as if they are expecting some major holes to exist and just per-emptively attempt to defuse it.
It seems the leak files are mirrored here: https://web.archive.org/web/20221007235925/https://codeload....
This is according to user @hardenedlinux on Twitter.
The GitHub repository that refers to has since been removed.
Aside from the security concerns, is there anything "cool" (useful) that could be done with this code, or learned from it? I think nowadays most interesting features are actually locked down inside the CPU itself, so modding a BIOS to enable additional features of the cheaper models is probably not on the table.
So is there any way to further improve power efficiency? Alder Lake mobile seems to be a regression across the board in terms of battery life.