Intel sabunta microcode wanda ke gyarawa (CVE-2019-14607),, ta hanyar sarrafa ƙarfin ƙarfin lantarki da injin sarrafa mitoci a cikin CPU, fara lalacewa ga abubuwan da ke cikin sel bayanai, gami da wuraren da ake amfani da su don ƙididdigewa a cikin keɓancewar Intel SGX. Ana kiran harin Plundervolt, kuma yana iya ba wa mai amfani da gida damar haɓaka gatansu akan tsarin, haifar da hana sabis da samun damar yin amfani da mahimman bayanai.
Harin yana da haɗari kawai a cikin mahallin magudi tare da ƙididdiga a cikin SGX enclaves, tun da yake yana buƙatar haƙƙin tushen a cikin tsarin don aiwatarwa. A cikin mafi sauƙi, mai hari zai iya cimma murdiya na bayanan da aka sarrafa a cikin ɓoye, amma a cikin mafi rikitarwa al'amuran, yiwuwar sake ƙirƙirar maɓallan sirri da aka adana a cikin ɓoye da aka yi amfani da shi don ɓoyewa ta amfani da RSA-CRT da AES-NI algorithms ba haka ba ne. cire. Hakanan za'a iya amfani da dabarar don samar da kurakurai a cikin daidaitattun algorithms na farko don haifar da lahani yayin aiki tare da ƙwaƙwalwar ajiya, alal misali, don tsara damar zuwa wani yanki a waje da kan iyakokin da aka keɓe.
Lambar samfuri don yin hari ku GitHub
Ma'anar hanyar ita ce ƙirƙirar yanayi don faruwar ɓarnawar bayanan da ba zato ba tsammani yayin ƙididdigewa a cikin SGX, wanda yin amfani da ɓoyayyen ɓoyewa da amincin ƙwaƙwalwar ajiya a cikin ɓoye ba ya karewa. Don gabatar da murdiya, ya bayyana cewa yana yiwuwa a yi amfani da daidaitattun musaya na software don sarrafa mita da ƙarfin lantarki, yawanci ana amfani da su don rage yawan amfani da wutar lantarki yayin lokacin rashin aiki da kunna matsakaicin aiki yayin babban aiki. Mitar mitoci da halayen ƙarfin lantarki sun mamaye gabaɗayan guntu, gami da tasirin ƙididdiga a cikin keɓewar keɓaɓɓen.
Ta hanyar canza ƙarfin lantarki, zaku iya ƙirƙirar yanayin da cajin bai isa ya sake haɓaka ƙwayar ƙwaƙwalwar ajiya a cikin CPU ba, kuma ƙimarsa ta canza. Babban bambanci daga harin shine RowHammer yana ba ku damar canza abubuwan da ke cikin ragowa ɗaya a cikin ƙwaƙwalwar DRAM ta hanyar karatun cyclically daga sel makwabta, yayin da Plundervolt ke ba ku damar canza rago a cikin CPU lokacin da aka riga an loda bayanan daga ƙwaƙwalwar ajiya don ƙididdigewa. Wannan fasalin yana ba ku damar ƙetare hanyoyin sarrafa mutunci da hanyoyin ɓoyewa da aka yi amfani da su a cikin SGX don bayanai a cikin ƙwaƙwalwar ajiya, tunda ƙimar ƙwaƙwalwar ajiya ta kasance daidai, amma ana iya gurbata yayin aiki tare da su kafin a rubuta sakamakon zuwa ƙwaƙwalwar ajiya.
Idan aka yi amfani da wannan ƙimar da aka gyara a cikin tsarin ninkawa na tsarin ɓoyewa, ana ƙi abin da aka fitar tare da rubutun da ba daidai ba. Samun ikon tuntuɓar mai kulawa a cikin SGX don ɓoye bayanan sa, maharin na iya, haifar da gazawa, tara ƙididdiga game da canje-canje a cikin sifa na fitarwa kuma, a cikin ƴan mintuna kaɗan, dawo da ƙimar mabuɗin da aka adana a cikin ɓoye. An san rubutun shigarwa na asali da madaidaicin sifar rubutu, maɓalli ba ya canzawa, kuma fitowar rubutun da ba daidai ba yana nuna cewa an karkatar da wani bit zuwa kishiyar kima.
Bayan nazarin nau'i-nau'i na dabi'u na daidaitattun rubutun da aka lalata da aka tattara a lokacin gazawar daban-daban, ta amfani da hanyoyin bincike na gazawar bambance-bambance (DFA, ) Can yuwuwar maɓallai da aka yi amfani da su don ɓoye madaidaicin AES, sa'an nan, ta hanyar nazarin mahaɗin maɓallai a cikin saiti daban-daban, ƙayyade maɓallin da ake so.
Irin nau'ikan na'urorin sarrafa Intel iri-iri suna fama da matsalar, gami da Intel Core CPUs masu 6
Ƙarni na 10, da kuma na biyar da na shida na Xeon E3, ƙarni na farko da na biyu na Intel Xeon Scalable, Xeon D,
Xeon W da Xeon E.
Bari mu tunatar da ku cewa fasahar SGX () ya bayyana a cikin ƙarni na shida na Intel Core processors (Skylake) da jerin umarni waɗanda ke ba da damar aikace-aikacen matakin mai amfani don keɓance rufaffiyar wuraren žwažwalwar ajiya - ɓoyayyun abubuwan da ba za a iya karantawa ko gyara abubuwan da ke cikin su ba ko da ta kernel da lambar da ke gudana a cikin yanayin ring0, SMM da VMM. Ba shi yiwuwa a canja wurin sarrafawa zuwa lambar a cikin ƙaƙƙarfan ta amfani da ayyukan tsalle na gargajiya da gyare-gyare tare da rajista da tari; don canja wurin sarrafawa zuwa ƙaƙƙarfan, ana amfani da sabon umarni na musamman wanda ke yin rajistan hukuma. A wannan yanayin, lambar da aka sanya a cikin maƙarƙashiya na iya amfani da hanyoyin kira na gargajiya don samun damar ayyuka a ciki da umarni na musamman don kiran ayyukan waje. Ana amfani da ɓoye ɓoyayyen ƙwaƙwalwar ajiya don karewa daga harin kayan masarufi kamar haɗawa zuwa tsarin DRAM.
source: budenet.ru