During the attack on MSI's information systems, the attackers managed to download more than 500 GB of the company's internal data, which contains, among other things, the source codes of firmware and related tools for assembling them. The perpetrators demanded $4 million for non-disclosure, but MSI refused and some of the data was made public.
Among the published data were Intel's private keys transmitted to OEMs, which were used to digitally sign released firmware and to provide secure boot using Intel Boot Guard technology. The presence of firmware verification keys makes it possible to generate correct digital signatures for fictitious or modified firmware. Boot Guard keys allow you to bypass the mechanism for launching only verified components at the boot stage, which can be used, for example, to compromise the UEFI Secure Boot verified boot mechanism.
Firmware assurance keys affect at least 57 MSI products, and Boot Guard keys affect 166 MSI products. Boot Guard keys are not expected to be limited to compromising MSI products and can also be used to attack equipment from other manufacturers using 11th, 12th, and 13th generation Intel processors (for example, Intel, Lenovo, and Supermicro boards are mentioned). In addition, the public keys can be used to attack other verification mechanisms using the Intel CSME (Converged Security and Management Engine) controller, such as OEM unlock, ISH (Integrated Sensor Hub) firmware, and SMIP (Signed Master Image Profile).
Source: opennet.ru