Intel confirmed the authenticity of the leak but maintained that it did not immediately expose new vulnerabilities, as their security model does not rely on "security through obscurity". However, security researchers noted several long-term risks:
Shortly after the leak was discovered, the original GitHub repository and its major mirrors were taken down due to DMCA notices or terms of service violations. Intel integrated the leaked components into its bug bounty program, encouraging researchers to report any flaws found in the code for rewards rather than exploiting them. ICE_TEA_BIOS-master.zip
Security keys, including a private key for Intel Boot Guard , which is used to verify that the firmware has not been tampered with before the OS loads. Intel confirmed the authenticity of the leak but
Confidential details on Model Specific Registers (MSRs) and other low-level CPU features not found in public documentation. 2. Security Implications Security keys, including a private key for Intel
The repository, often attributed to a user named "LCFCASD," was titled "ICE_TEA_BIOS" and described as "BIOS Code from project C970". The leaked data was reportedly developed by , a major firmware vendor for computer manufacturers, and contained extensive references to Lenovo systems. The archive includes several critical categories of data:
Compilation tools, change logs, and internal scripts used to build and test BIOS images.
The exposure of private keys could theoretically allow attackers to sign malicious firmware that bypasses hardware-level security checks.