Leakage of Intel private keys used for firmware validation of MSI

1 min read
07 May 2023

During an attack on the information systems of MSI, hackers were able to extract over 500 GB of the company's internal data, including source code for firmware and related tools for their assembly. The attackers demanded $4 million for non-disclosure, but MSI refused and some data was published publicly.

Among the published data were Intel's private keys, which were used to sign the firmware released by MSI and to ensure secure boot using Intel Boot Guard. The presence of firmware signing keys makes it possible to generate correct digital signatures for a fake or modified firmware. Boot Guard keys allow bypassing the mechanism of launching only verified components at the initial boot stage, which can be used, for example, to compromise the UEFI Secure Boot mechanism.

The firmware signing keys affect at least 57 MSI products, and the Boot Guard keys affect 166 MSI products. It is assumed that the Boot Guard keys are not limited to compromising MSI products and can also be used for attacks on equipment from other manufacturers using 11th, 12th, and 13th generation Intel processors (such as Intel, Lenovo, and Supermicro motherboards). In addition, the disclosed keys can be used for attacks on other verification mechanisms using the Intel CSME (Converged Security and Management Engine) controller, such as OEM unlock, ISH (Integrated Sensor Hub) firmware, and SMIP (Signed Master Image Profile).

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.
Kelly 3.3K
I'm your source for the latest in tech news and updates. Stay informed with my articles on the most exciting developments in the tech world
Comments (1)
  1. sergio dream

    Hello. I work very hard making various applications. My job, of course, includes creating all kinds of animations. I would like to recommend https://flipabit.dev/ . It is an application that creates and edits various layouts: books, apps, and animations. It has tips that will help you make your work better. It will be easy for you to master this app and create your own animations

    9 months ago ·
    0
You must be logged in to comment.

Sign In / Sign Up