February 14, 2025

However the leaked key was present in firmware launched as early as 2018 and as not too long ago as this 12 months. To learn the way frequent the follow nonetheless is, Binarly’s researchers scanned their database of tens of hundreds of firmware binaries collected over time and recognized 22 totally different AMI check PKs with warnings “DO NOT TRUST” or “DO NOT SHIP.” These keys had been present in UEFI firmware binaries for nearly 900 totally different laptop and server motherboards from over 10 distributors, together with Acer, Dell, Fujitsu, Gigabyte, HP, Intel, Lenovo, and Supermicro. Mixed, they accounted for greater than 10% of the firmware photographs within the dataset.

These keys can’t be trusted, as they had been seemingly shared with many distributors, OEMs, ODMs, and builders — and had been seemingly saved insecurely. Any of them might have already got been leaked or stolen in undiscovered incidents. Final 12 months, a knowledge dump revealed by an extortion gang from motherboard and laptop producer ​​Micro-Star Worldwide (MSI) included an Intel OEM private key and a 12 months earlier than a knowledge leak from Lenovo included firmware supply code and Intel Boot Guard signing keys.

Binarly has launched an online scanner the place customers can submit copies of their motherboard firmware to examine whether or not it makes use of a check key, and a listing of affected motherboard fashions is included within the firm’s advisory. Sadly, there’s not a lot customers can do till distributors present firmware updates with new, securely generated PKs, assuming their motherboard fashions are nonetheless beneath help. The earliest use of such check keys discovered by Binarly goes again to 2012.