Hello again,
If you follow security news, you have likely seen several articles over the last year or so talking about private encryption keys used by Intel for firmware signing that were leaked to the public. Some of these stories have even claimed that Intel® Boot Guard private keys were leaked, leaving billions of computer systems vulnerable. These claims were incorrect either because key usage was misunderstood, or multiple issues were conflated. To set the record straight and to help understand what was really exposed in those data leaks, we have published a new tech paper titled “Introduction to Key Usage in Integrated Firmware Images (IFWI)”.
First and foremost, we want to be very clear that, to our knowledge, no Intel “production” signing keys have been leaked. Intel uses industry standard Hardware Security Modules (HSM) to protect private production keys. All of the Intel signing keys found in the various data leaks that we have seen have been pre-production or test keys Intel provides to Original Equipment Manufacturers (OEMs) or Original Design Manufacturers (ODMs) for the purpose of aiding them in the firmware development process. Unfortunately, even though Intel provides extensive documentation and ongoing training around firmware signing, some of these test keys have ended up in production systems. Customers with affected systems should reach out to their OEM/ODM to see if they have remediations available. At the very least, those with affected systems should ensure firmware updates come directly from their OEM/ODM before applying them.
The main goals of the paper are:
- Provide details about how system firmware/BIOS protects against unauthorized firmware modification using a Chain-of-Trust (CoT) concept starting at the hardware layer and progressing through operating system boot.
- Demonstrate how the hardware root of trust and a hierarchy of key manifests, hashes, and signatures are used to cryptographically enable the CoT.
- Provide recommendations on how to protect cryptographic keys and the impact of improper key use.
In the episode of Chips & Salsa below, CRob and I talk to the author of the paper, William (Bill) Penner, a senior principal engineer with 26 years of experience here at Intel. Bill walks us through some of the key concepts (pardon the pun) in the paper and some of our recommendations.
Transparency is a significant part of our Security First Pledge. We hope that this paper helps provide customers with information they need to assess risks associated with improper key use and to understand that Intel has invested in mature processes aligning to industry best practices for key management and protection.
Jerry Bryant
Sr. Director, Incident Response & Security Communications
Intel Product Assurance and Security
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.