Preface: On March 31, 2026, a researcher affiliated with Positive Technologies posted that he had “extracted the Global Wrapping Key from an instance of Intel Gemini Lake Platform.”

While researchers have identified foundational design weaknesses and supply chain risks in Secure Boot and key handling, there are no known instances of Intel KEK design flaws being actively exploited in the wild for widespread attacks.

Background: The Intel Gemini Lakes platform remains actively used by the industry in 2026, but only as traditional, long-lived embedded infrastructure, not for manufacturing new products. Although Intel officially completed the end-of-life (EOL) processes for Gemini Lakes and Gemini Lakes Refresh Silicon in 2024, the platform is still widely used in operational environments due to the exceptionally long operational life cycles of commercial systems.

Active Industry Use Cases in 2026

You will still find Gemini Lake chips (like the Celeron N4100 or J4125) actively working in several industries:

• Industrial Automation & Thin Clients
• Network & Edge Gateways
• Network Attached Storage (NAS)

In Intel’s chip design, the Global Wrapping Key (GWK) is burned directly into the chip’s internal fuse during manufacturing. [1] • It is not an open software feature: Intel does not provide any API for operating systems, drivers, or applications to call the GWK. • Its sole function: When an IoT device is powered on, the processor automatically uses the GWK to decrypt the firmware and initialize the chip’s internal security engine (such as the root key for Intel CSME and SGX).

Cybersecurity researchers (Maxim Goryachy et al. from Positive Technologies) discovered a hardware logic flaw in Intel chips regarding the management of debugging permissions. Probe Mode should normally be locked on retail chips, but the researchers successfully exploited a specific vulnerability (such as controlling the timing of microcode loading) to forcibly activate Probe Mode before the hardware locked the debugging interface.

Vulnerability details: On March 31, 2026, a researcher affiliated with Positive Technologies posted that he had “extracted the Global Wrapping Key from an instance of Intel Gemini Lake Platform.”

Based on Intel analysis, the activity appears to extend previously addressed research. The researcher previously indicated that they were running tests on systems they have physical access to, which are not up to date with the latest mitigations and are not properly configured with Intel recommended Flash Descriptor write protection (which occurs as part of end of manufacturing by system manufacturers). Researchers are using previously mitigated vulnerabilities dating as far back as 2017 to gain access to an Intel Unlocked state (aka “Red Unlocked”). See “Additional Resources” for technical papers describing these issues. 

In this latest posting, the researcher claims to have additionally identified a Global Wrapping Key, which is used to decrypt the device-specific Intel® Software Guard Extensions (Intel® SGX) key. This specific issue only impacts Intel Gemini Lake and Gemini Lake Refresh platforms using Intel SGX including products that have exited baseline servicing. Intel® Trust Domain Extensions (Intel® TDX) is not affected.

Official announcement: Please refer to the link for details – https://www.intel.com/content/www/us/en/security-center/announcement/intel-security-announcement-2026-04-08-001.html