Secrets: Up to 20GB of Intel NDA material leaked

Intel NDA material published

Through Intel’s partner portal, unknowns have gained access to a lot of NDA material from previous but also new processors, software, design guidelines and more. Some parts were put on the net, Intel stressed, they were not hacked.

We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which provides information for use by our customers, partners and other external parties who have registered for access. We believe that a person with access downloaded and shared this data.

The Intel Resource and Design Center gives partners access to many details of products in Intel’s portfolio. Computerbase has also been reviewing the data since last night, Intel’s theory may prove to be true, because personal data or genuine, secret IP is not included in the documents. The first of supposedly several datasets contains, among others:

• Intel ME Bringup Guides + (flash) tooling + samples for different platforms
• Kabylake (Purley platform) BIOS reference code and sample code + initialization code (partly as executed git repos with complete history)
• Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff) SOURCES
• Silicon/FSP source code packages for different platforms
• Various Intel Development and Debugging Tools
• Simics simulation for Rocket Lake S, Alder Lake and potentially other platforms
• Various roadmaps and other documents
• Binaries for camera driver Intel for Spacex
• Schematics, Docs, Tools + Firmware for the Unreleased Tiger Lake Platform
• (very terrible) Kabylake FDK training videos
• Intel Trace Hub + decoder files for various Intel ME versions
• Elkhart Lake Silicon reference and platform code
• Some Verilog stuff for different Xeon platforms, unsure what it is exactly.
• Debug BIOS/TXE builds for different platforms
• Bootguard SDK (encrypted zip)
• Intel Snowridge / Snowfish Process Simulator ADK
• Intel Marketing Material Templates (Indesign)

Since Day Evening can the Data of Innumerable places to be picked up. On the basis of this in the coming days a lot of information about the upcoming new products takes place. The Powerpoint/Indesign templates could also be used to easily create false roadmaps that look very real. What can be made possible with the software templates and other things will have to be revealed.

The coming weeks will show how Intel will handle this and tackle it. Because the biggest problem is obviously because the data was pretty public on an Akamai cloud server - not directly in Intel’s resource center - and was accessed via a simple nmap scan. Even simple passwords such as "intel123" were a great help.