bayani game da sabon nau'in hare-hare (Load Value Allurar, ) akan tsarin aiwatar da hasashe a cikin Intel CPUs, wanda za'a iya amfani dashi don fitar da maɓalli da bayanan sirri daga enclaves na Intel SGX da sauran matakai.
Wani sabon nau'in hare-hare ya dogara ne akan magudin tsarin microarchitectural iri ɗaya da ake amfani da shi wajen kai hari (Samfurin Bayanan Ƙirar Ma'auni), . A lokaci guda, ba a toshe sabbin hare-hare ta hanyoyin kariya daga Meltdown, Specter, MDS da sauran makamantan hare-hare. Ingantacciyar kariyar LVI tana buƙatar canje-canje na hardware zuwa CPU. Lokacin shirya kariya ta tsarin tsari, ta hanyar ƙara umarnin LFENCE ta mai tarawa bayan kowane aiki na kaya daga ƙwaƙwalwar ajiya da maye gurbin umarnin RET tare da POP, LFENCE da JMP, ana yin rikodin sama da yawa - a cewar masu bincike, cikakkiyar kariya ta software zai haifar da raguwa a cikin yi ta sau 2-19.
Wani ɓangare na wahala wajen toshe matsalar yana da alaƙa da gaskiyar cewa harin a halin yanzu ya fi ƙayyadaddun ka'ida fiye da aikace-aikacen (harrin yana yiwuwa a fahimta, amma yana da wahalar aiwatarwa kuma ana iya maimaita shi kawai a cikin gwaje-gwajen roba).
Intel matsalar tana da matsakaicin matakin haɗari (5.6 cikin 10) da sabunta firmware da SDK don yanayin SGX, wanda ya yi ƙoƙarin toshe harin ta amfani da hanyar aiki. Hanyoyin harin da aka tsara a halin yanzu suna amfani da na'urori na Intel kawai, amma ba za a iya kawar da yiwuwar daidaita LVI ga sauran na'urori masu sarrafawa waɗanda ake amfani da hare-haren ajin Meltdown ba.
Wani mai bincike Jo Van Bulck daga Jami'ar Leuven ne ya gano matsalar a cikin watan Afrilun da ya gabata, bayan haka, tare da halartar masu bincike 9 daga wasu jami'o'i, an samar da hanyoyin kai hari guda biyar, wanda kowannensu ya ba da damar samun ƙarin takamaiman. . Da kansa, a cikin Fabrairu na wannan shekara, masu bincike daga Bitdefender suma daya daga cikin bambance-bambancen harin LVI kuma ya ba da rahoto ga Intel. An bambanta bambance-bambancen harin ta hanyar amfani da tsarin microarchitectural daban-daban, kamar ma'aunin ajiya (SB, Buffer Store), cika buffer (LFB, Line Fill Buffer), buffer mahallin FPU da cache matakin farko (L1D), da aka yi amfani da su a baya. a hare-hare kamar , , , , и .
Babban LVI akan hare-haren MDS shine MDS yana sarrafa ƙayyadaddun abubuwan da ke cikin sigar microarchitectural da suka rage a cikin ma'ajin bayan hasashe na kuskure ko ɗaukar kaya da ayyukan adanawa, yayin da
Hare-hare na LVI suna ba da damar shigar da bayanan maharin cikin sifofin microarchitectural don yin tasiri mai ƙima na kisa na lambar wanda aka azabtar. Yin amfani da waɗannan magudi, mai hari zai iya fitar da abubuwan da ke cikin tsarin bayanan sirri a cikin wasu matakai yayin aiwatar da wasu lambobi akan ainihin CPU.
domin a cikin code na aiwatar da wanda aka azabtar jeri na musamman na lambobi (na'urori) waɗanda aka ɗora nauyin sarrafa maharin, kuma ɗora wannan ƙimar yana haifar da keɓancewa (laifi, zubar da ciki ko taimako) don jefar da sakamakon da sake aiwatar da umarnin. Lokacin da aka sarrafa keɓancewa, taga mai hasashe yana bayyana lokacin da bayanan da aka sarrafa a cikin na'urar ke zubowa. Musamman ma, na'ura mai sarrafa ta fara aiwatar da wani yanki na lambar (na'urar) a cikin yanayin hasashe, sannan ya ƙayyade cewa hasashen bai dace ba kuma ya mayar da ayyukan zuwa matsayinsu na asali, amma bayanan da aka sarrafa yayin aiwatar da hasashe ana ajiye su a cikin cache na L1D. da microarchitectural buffers kuma yana samuwa don dawowa daga gare su tare da amfani da sanannun hanyoyi don ƙayyade ragowar bayanai ta hanyar tashoshi na ɓangare na uku.
Banbancin “taimakawa”, ba kamar keɓan “laifi” ba, mai sarrafawa ne ke sarrafa shi a ciki ba tare da kiran masu sarrafa software ba. Taimako na iya faruwa, misali, lokacin da ake buƙatar sabunta bit A (An samu) ko D (Dirty) a cikin tebur ɗin ƙwaƙwalwar ajiya. Babban wahala wajen kai hari kan wasu matakai shine yadda za a fara faruwar taimako ta hanyar yin amfani da tsarin wanda aka azabtar. A halin yanzu babu wasu amintattun hanyoyin yin hakan, amma yana yiwuwa nan gaba za a same su. Yiwuwar kai hari ya zuwa yanzu an tabbatar da shi ne kawai don Intel SGX enclaves, sauran al'amura na ka'ida ne ko kuma ana iya yin su a cikin yanayin roba (yana buƙatar ƙara wasu na'urori zuwa lambar)
Matsalolin hari masu yiwuwa:
- Yabo bayanai daga tsarin kwaya zuwa tsarin matakin mai amfani. Kariyar kernel na Linux daga hare-haren Specter 1, da kuma tsarin kariya na SMAP (Mai Kula da Yanayin Samun damar), yana rage yuwuwar harin LVI. Ƙara ƙarin kariya ga kwaya na iya zama dole idan an gano mafi sauƙi hanyoyin harin LVI a nan gaba.
- Yabo bayanai tsakanin matakai daban-daban. Harin yana buƙatar kasancewar wasu guntu na lamba a cikin aikace-aikacen da ma'anar hanyar jifa keɓantawa a cikin tsarin manufa.
- Yayyo bayanai daga yanayin mai masaukin baki zuwa tsarin baƙo. An rarraba harin a matsayin mai rikitarwa, yana buƙatar matakai daban-daban masu wahala don aiwatarwa da hasashen ayyuka a cikin tsarin.
- Yabo bayanai tsakanin matakai a cikin tsarin baƙo daban-daban. Matsakaicin harin yana kusa da tsara kwararar bayanai tsakanin matakai daban-daban, amma kuma yana buƙatar hadaddun magudi don keɓance keɓance tsakanin tsarin baƙi.
Masu bincike ne suka buga tare da nuna ka'idojin kai hari, amma har yanzu ba su dace da kai hare-hare na gaske ba. Misali na farko yana ba ku damar tura kisa na ƙididdigewa a cikin tsarin wanda aka azabtar, kama da shirye-shiryen dawo da kai (,Shirye-shiryen Da Aka Komawa). A cikin wannan misali, wanda aka azabtar wani tsari ne na musamman wanda ya ƙunshi na'urori masu mahimmanci (yin amfani da harin zuwa matakai na ɓangare na uku yana da wahala). Misali na biyu yana ba mu damar tsoma baki tare da lissafin yayin boye-boye AES a cikin Intel SGX enclave kuma mu tsara zubewar bayanai yayin aiwatar da hasashe na umarni don dawo da ƙimar mabuɗin da aka yi amfani da shi don ɓoyewa.
source: budenet.ru