As some as you may know, MSI suffered a data breach which leaked a huge amount of source code, documentation and low-level firmware PRIVATE KEYS. This is super bad as it now allows anyone to sign a random firmware image and install it as an official MSI firmware. It’s even more super bad than that, as the certificates leaked seem to be the
KeyManifest keys, which actually control the layer below SecureBoot, this little-documented and even less well understood thing called BootGuard. I’ll not overplay the impact here, but there is basically no firmware security on most modern MSI hardware now. We already detect the leaked test keys from Lenovo and notify the user via the HSI test failure and I think we should do the same thing for MSI devices too. I’ve not downloaded the leak for obvious reasons, and I don’t think the KM hashes would be easy to find either.
So what can you do to help? Do you have an MSI laptop or motherboard affected by the leak? The full list is here (source: Binarly) and if you have one of those machines I’d ask if you could follow the instructions below, run
MEInfo and attach it to the discussion please.
As for how to get
MEInfo, Intel doesn’t want to make it easy for us. The Intel CSME System Tools are all different binaries, and are seemingly all compiled one-by-one for each specific MEI generation — and available only from a semi-legitimate place unless you’re an OEM or ODM. Once you have the archive of tools you either have to work out what CSME revision you have (e.g. Ice Point is 13.0) or do what I do and extract all the versions and just keep running them until one works. e.g. choosing the wrong one will get you:
sudo ./CSME\ System\ Tools\ v13.50\ r3/MEInfo/LINUX64/MEInfo Intel (R) MEInfo Version: 18.104.22.1685 Copyright (C) 2005 - 2021, Intel Corporation. All rights reserved. Error 621: Unsupported hardware platform. HW: Cometlake Platform. Supported HW: Jasplerlake Platform.
And choosing the right one will get you:
Intel (R) MEInfo Version: 22.214.171.1240 Copyright (C) 2005 - 2021, Intel Corporation. All rights reserved. General FW Information … OEM Public Key Hash FPF 2B4D5D79BD7EE3C192412A4501D88FB2066C853FF7B1060765395D671B15D30C
Now, how to access these hashes is what Intel keeps a secret, for no reason at all. I literally need to know what integer index to use when querying the HECI device. I’ve asked Intel, but I’ve been waiting since October 2022. For instance:
sudo strace -xx -s 4096 -e openat,read,write,close ./CSME\ System\ Tools\ v14.0.20+\ r20/MEInfo/LINUX64/MEInfo … write(3, "\x0a\x0a\x00\x00\x00\x23\x00\x40\x00\x00\x00\x00\x20\x00\x00\x00\x00", 17) = 17 read(3, "\x0a\x8a\x00\x00\x20\x00\x00\x00\x2b\x4d\x5d\x79\xbd\x7e\xe3\xc1\x92\x41\x2a\x45\x01\xd8\x8f\xb2\x06\x6c\x85\x3f\xf7\xb1\x06\x07\x65\x39\x5d\x67\x1b\x15\xd3\x0c", 4096) = 40 …
That contains all the information I need – the Comet Lake
READ_FILE_EX ID is
0x40002300 and there’s a SHA256 hash that matches what the OEM Public Key Hash FPF console output said above. There are actually three accesses to get the same hash in three different places, so until I know why I’d like the entire output from
The information I need uploading to the bug is then just these two files:
sudo ./THE_CORRECT_PATH/MEInfo/LINUX64/MEInfo &> YOUR_GITHUB_USERNAME-meinfo.txt sudo strace -xx -s 4096 -e openat,read,write,close ./THE_CORRECT_PATH/MEInfo/LINUX64/MEInfo &> YOUR_GITHUB_USERNAME-meinfo-strace.txt
If I need more info I’ll ask on the ticket. Thanks!
6 thoughts on “MSI and Insecure KMs”
I’m one of those people with an MSI motherboard, but mine’s AMD. I know Boot Guard is an Intel thing so that part of the breach doesn’t really affect me. Has there been any word on how badly this breach affects MSI’s AMD customers beyond losing the keys to their local kingdom as it were? Does AMD have anything similar to Boot Guard? Was AMD smart enough to allow compromised keys to be revoked via updating the PSP’s firmware? Hard coding keys is such a rookie mistake. The whole point of cryptographic signatures is to revoke them in the event of compromise.
As far as I’m aware this doesn’t affect AMD. PSP is indeed the closest thing AMD has to the CSME module.
How do you figure out if your motherboard is affected? Look at the output of “dmidecode -t baseboard” and compare to Binarly’s list?
Yes, I think so. I have got zero data from MSI themselves.
Great technical blog post! The explanation of MSI and insecure KMs was clear and easy to understand. Thank you for sharing your expertise on this topic.
Great technical blog post by Richard Hughes on MSI and insecure KMs. The article was informative and well-written, providing valuable insights into the topic. I look forward to reading more from this author in the future.