Intel Boot Guard Is No Longer Quite So Secure
We are learning more from the MSI data breach from last month, sadly because the people that were behind it are starting to release the contents. The terrible news is that the data included private signing keys for Intel Boot Guard used on 116 MSI products. Intel Boot Guard is used to prevent tampering with your UEFI, something you need considering the various vulnerabilities which can infect your UEFI and simply cannot be removed.
The effected products include a variety of 11th Tiger Lake, 12th Adler Lake, and 13th Raptor Lake motherboards from MSI. The keys are now for sale on the dark web and sadly there isn’t anything in the way of a patch available. Make sure you are grabbing your BIOS updates directly from the manufacturer, and be very wary of people claiming to represent MSI when you are gaming online.
Update: Intel has responded with an official statement, clarifying that the boot keys were system manufacturer-generated, and not Intel signing keys. Their statement is reproduced below: