Security news that informs and inspires

Intel BootGuard, Firmware Signing Keys Found in MSI Data Leak

UPDATE--A recent intrusion at Taiwanese hardware maker MSI is beginning to have widespread effects throughout the industry, as the attackers behind the breach have posted some of the stolen data, including private keys used to sign firmware images and the keys for the Intel BootGuard firmware-verification technology on devices made by several different manufacturers.

The initial ransomware intrusion hit MSI in early April and the company released a statement urging customers to use only firmware images they get directly from the company’s website. A few weeks later, the attackers behind the intrusion began posting some data stolen from MSI after the company decided not to pay the ransom demands, Researchers dug into that data dump and soon discovered that it included not just the normal company information, but also some much more sensitive data: the firmware signing keys and BootGuard keys for manufacturers.

“Clearly such leaks can cause a complete disaster for device manufacturers. Keys are very hard to revoke or change. The hash is baked into the hardware root of trust,” Alex Matrosov, the CEO and founder of Binarly, a security firm that specializes in firmware security and reverse engineering that discovered the keys in the data dump.

MSI makes a wide range of products, most notably high-end gaming desktops and laptops. But it also makes motherboards for both gaming machines and general purpose computers. Binarly researchers discovered the private firmware signing keys for 57 separate MSI products and the Intel BootGuard keys for 116 products. Having the private firmware signing keys leak is bad enough on its own. Those keys are used to provide verification that the firmware installed on the device is legitimate and came from MSI. But, coupling that with the leak of the corresponding BootGuard keys potentially makes the leak far worse.

BootGuard is an Intel technology that is responsible for protecting the firmware image and preventing any unauthorized modification of it. So if an attacker is able to get low-level access to a target device and install a custom, malicious firmware image signed with a leaked key, the attacker could also bypass the BootGuard protection. The leaked keys affect MSI products with Intel’s Tiger Lake, Alder Lake, and Raptor Lake core processors. The BootGuard keys are generated by each individual manufacturer.

“It’s a scenario where you have a security feature meant to protect firmware, where physical access to the device can’t allow an attacker to modify the firmware. In this way, attackers can craft malicious firmware which will be protected by this feature,” Matrosov said.

“This can be very bad and not a lot of people understand this situation.”

Aside from its statement about the initial intrusion in April, MSI has not addressed the incident or the ensuing data leaks.

Intel said in a statement to Decipher that it knew about the leak and the research on the keys, but stressed that the leaked keys are those generated by the individual OEMs, and not Intel itself.

“Intel is aware of these reports and actively investigating. There have been researcher claims that private signing keys are included in the data including MSI OEM Signing Keys for Intel BootGuard. It should be noted that Intel BootGuard OEM keys are generated by the system manufacturer, and these are not Intel signing keys," the company said in a statement.

There was a somewhat similar leak in October 2022 when source code for the Alder Lake processor BIOS source code was posted in a couple of places online. The BootGuard private key was leaked in that incident, as well. That leak was the result of an intrusion at a third-party OEM.

This story was updated on May 9 to include Intel's statement.