An buga lambar kayan aikin BIOS don masu sarrafa Intel Alder Lake akan 4chan
Kwanaki kadan da suka gabata akan yanar gizo An fitar da labarai game da leak ɗin code na Alder Lake UFEI daga Intel akan 4chan kuma an buga kwafin akan GitHub.
Game da lamarin Intel, bai yi aiki nan take ba, amma yanzu ya tabbatar da sahihancinsa daga UEFI da lambobin tushen firmware na BIOS wanda wani wanda ba a sani ba ya buga akan GitHub. Gabaɗaya, 5,8 GB na lamba, kayan aiki, takaddun bayanai, ɓangarorin, da daidaitawa masu alaƙa da ƙirƙirar firmware an buga su don tsarin tare da masu sarrafawa dangane da microarchitecture na Alder Lake, wanda aka saki a cikin Nuwamba 2021.
Intel ya ambaci cewa fayilolin da ke da alaƙa sun kasance suna yawo na 'yan kwanaki kuma don haka ana tabbatar da labarin kai tsaye daga Intel, wanda ya ambata cewa yana son nuna cewa lamarin ba ya haifar da sabbin haɗari ga tsaron kwakwalwan kwamfuta da tsarin da ake amfani da su, don haka yana kira da kada a firgita game da lamarin.
A cewar Intel, ruwan ya faru ne saboda wani bangare na uku kuma ba sakamakon sulhu a cikin ababen more rayuwa na kamfanin ba.
"Lambar UEFI ta mallakarmu ta bayyana kamar wani ɓangare na uku ne ya fitar da shi. Ba mu yi imanin wannan zai fallasa duk wani sabon rauni na tsaro ba, saboda ba mu dogara da toshe bayanai a matsayin matakan tsaro ba. Wannan lambar tana kunshe da shirin kyautar kwaro namu a cikin Project Circuit Breaker, kuma muna ƙarfafa duk wani mai bincike wanda zai iya gano yuwuwar lahani don kawo hankalinmu ta wannan shirin. Muna tuntuɓar abokan ciniki da jami'an binciken tsaro don sanar da su game da wannan halin da ake ciki." - Kakakin Intel.
Don haka ba a ƙayyade wanda ya zama ainihin tushen ɗigon ruwa ba (tun da alal misali masana'antun kayan aikin OEM da kamfanoni masu haɓaka firmware na al'ada sun sami damar yin amfani da kayan aikin don haɗa firmware).
Game da lamarin, an ambaci cewa nazarin abubuwan da ke cikin fayil ɗin da aka buga ya nuna wasu gwaje-gwaje da ayyuka takamaiman samfurin Lenovo ("Lenovo Feature Tag Information Information", "Lenovo String Service", "Lenovo Secure Suite", "Lenovo Cloud Service"), amma hannun Lenovo a cikin ruwan ya kuma bayyana abubuwan amfani da ɗakunan karatu daga Insyde Software, wanda ke haɓaka firmware don OEMs, kuma git log ya ƙunshi imel daga daya daga cikin ma'aikatan Cibiyar LC na gaba, wanda ke samar da kwamfutar tafi-da-gidanka don OEM daban-daban.
A cewar Intel, lambar da ta shiga buɗaɗɗen shiga ba ta ƙunshi bayanai masu mahimmanci ba ko abubuwan da za su iya ba da gudummawa ga bayyana sabbin lahani. A lokaci guda, Mark Yermolov, wanda ya ƙware a cikin binciken tsaro na dandamali na Intel, ya bayyana a cikin bayanan fayil ɗin da aka buga game da rajistan ayyukan MSR mara izini (takamaiman rajistan ayyukan ƙira, waɗanda aka yi amfani da su don sarrafa microcode, bin diddigin, da lalata), bayanai game da abin da ke ƙarƙashinsa. yarjejeniyar rashin sirri.
Har ila yau, an sami maɓalli na sirri a cikin fayil ɗin, wanda ake amfani da shi don sanya hannu a cikin lambobi ta firmware, cewa ana iya amfani da yuwuwar a ketare kariyar Intel Boot Guard (Ba a tabbatar da maɓallin yana aiki ba, yana iya zama maɓallin gwaji.)
An kuma ambata cewa lambar da ta shiga cikin buɗewa ta ƙunshi shirin Project Circuit Breaker, wanda ya haɗa da biyan lada daga $ 500 zuwa $ 100,000 don gano matsalolin tsaro a cikin firmware da samfuran Intel (an fahimci cewa masu bincike za su iya samun lada don bayar da rahoto). raunin da aka gano ta hanyar amfani da abubuwan da ke cikin leak).
Intel ya kara da cewa "Wannan lambar tana kunshe da shirin kyautar kwaro namu a cikin kamfen na Breaker na Project, kuma muna karfafa duk wani mai bincike da zai iya gano raunin da zai iya yi mana rahoto ta wannan shirin," in ji Intel.
A ƙarshe, yana da kyau a faɗi cewa game da ɗigon bayanan, canjin kwanan nan a cikin lambar da aka buga ta kwanan watan Satumba 30, 2022, don haka ana sabunta bayanan da aka fitar.