[Dismas]

While this may not present as big of a threat to those on desktops, if you have a laptop with an Intel graphics card - you might want to be careful. This particular vulnerability affects those using Bitlocker and possibly other encryption solutions.

Intel is fixing a vulnerability that unauthorized people with physical access can exploit to install malicious firmware on the chip to defeat a variety of measures, including protections provided by Bitlocker, trusted platform modules, anti-copying restrictions, and others.

The vulnerability—present in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms—allows skilled hackers with possession of an affected chip to run it in debug and testing modes used by firmware developers. Intel and other chipmakers go to great lengths to prevent such access by unauthorized people.

Once in developer mode, an attacker can extract the key used to encrypt data stored in the TPM enclave and, in the event TPM is being used to store a Bitlocker key, defeat that latter protection as well. An adversary could also bypass code-signing restrictions that prevent unauthorized firmware from running in the Intel Management Engine, a subsystem inside vulnerable CPUs, and from there permanently backdoor the chip.

While the attack requires the attacker to have brief physical access to the vulnerable device that's precisely the scenario TPM, Bitlocker, and codesigning are designed to mitigate. The entire process takes about 10 minutes.

Read More: https://arstechnica.com/gadgets/2021/11/...aster-key/

[Boudica]

If I'm reading this correctly, the "hacker" must have physical possession of the device. Although they may not need it for long, surely the temporary solution is to not let the laptop ever leave your possession and don't let anyone else use it until you know the vulnerability is fixed? Sadly, the people who would need to be made aware of this most, probably have no idea this vulnerability exists.