Bayani game da a cikin kayan aiki tare da ƙirar Thunderbolt, haɗin kai a ƙarƙashin sunan lambar da ketare duk manyan abubuwan tsaro na Thunderbolt. Dangane da matsalolin da aka gano, ana gabatar da yanayin hari guda tara, ana aiwatar da su idan maharin yana da damar shiga cikin gida ta hanyar haɗa na'urar ƙeta ko sarrafa firmware.
Yanayin harin sun haɗa da ikon ƙirƙirar masu gano na'urorin Thunderbolt na sabani, na'urori masu izini na clone, bazuwar damar zuwa ƙwaƙwalwar tsarin ta DMA da soke saitunan matakin Tsaro, gami da kashe duk hanyoyin kariya gaba ɗaya, toshe shigar da sabunta firmware da fassarorin mu'amala zuwa yanayin Thunderbolt akan kunnawa. Tsarukan iyaka zuwa kebul ko isar da DisplayPort.
Thunderbolt shine keɓancewar duniya don haɗa na'urorin gefe waɗanda ke haɗa PCIe (PCI Express) da musaya na DisplayPort a cikin kebul ɗaya. Intel da Apple ne suka kirkiro Thunderbolt kuma ana amfani da su a cikin kwamfyutocin zamani da na PC da yawa. Ana ba da na'urorin Thunderbolt na tushen PCIe tare da DMA I/O, wanda ke haifar da barazanar hare-haren DMA don karantawa da rubuta duk ƙwaƙwalwar ajiyar tsarin ko ɗaukar bayanai daga na'urori masu rufaffiyar. Don hana irin waɗannan hare-hare, Thunderbolt ya ba da shawarar manufar Matakan Tsaro, wanda ke ba da damar amfani da na'urori masu izini kawai kuma yana amfani da ingantaccen haɗin kai don kariya daga jabun ID.
Lalacewar da aka gano suna ba da damar ƙetare irin wannan ɗaurin da haɗa na'urar ƙeta a ƙarƙashin sunan mai izini. Bugu da ƙari, yana yiwuwa a canza firmware kuma canza SPI Flash zuwa yanayin karantawa kawai, wanda za'a iya amfani dashi don kashe matakan tsaro gaba ɗaya da kuma hana sabunta firmware (an shirya kayan aiki don irin wannan magudi. и ). Gabaɗaya, an bayyana bayanai game da matsaloli bakwai:
- Amfani da rashin isassun tsare-tsaren tabbatar da firmware;
- Yin amfani da tsarin tabbatar da na'ura mai rauni;
- Load da metadata daga na'urar da ba ta da tabbas;
- Samar da hanyoyin daidaitawa na baya waɗanda ke ba da damar yin amfani da hare-hare a kan ;
- Yin amfani da sigogin daidaitawar mai sarrafawa mara inganci;
- Rashin kuskure a cikin dubawa don SPI Flash;
- Rashin kayan kariya a matakin .
Rashin lahani yana rinjayar duk na'urorin sanye take da Thunderbolt 1 da 2 (Mini DisplayPort tushen) da Thunderbolt 3 (USB-C tushen). Har yanzu ba a bayyana ko matsaloli sun bayyana a cikin na'urorin da ke da USB 4 da Thunderbolt 4 ba, tunda an sanar da waɗannan fasahohin ne kawai kuma babu wata hanyar gwada aiwatar da su tukuna. Software ba zai iya kawar da lahani ba kuma yana buƙatar sake fasalin kayan masarufi. Koyaya, ga wasu sabbin na'urori yana yiwuwa a toshe wasu matsalolin da ke da alaƙa da DMA ta amfani da injin , tallafi wanda aka fara aiwatarwa tun daga 2019 ( a cikin Linux kwaya, farawa da saki 5.0, za ka iya duba hadawa ta hanyar "/ sys/bus/thunderbolt/na'urori/domainX/iommu_dma_protection").
An samar da rubutun Python don duba na'urorin ku , wanda ke buƙatar gudana azaman tushen samun damar DMI, ACPI DMAR tebur da WMI. Don kare tsarin masu rauni, muna ba da shawarar ka da ku bar tsarin ba tare da kula da shi ba a kan ko a yanayin jiran aiki, kar a haɗa na'urorin Thunderbolt na wani, kar ku bar ko ba da na'urorin ku ga wasu, kuma tabbatar da cewa na'urorinku suna da tsaro ta zahiri. Idan ba a buƙatar Thunderbolt, ana bada shawara don kashe mai sarrafa Thunderbolt a cikin UEFI ko BIOS (wannan na iya haifar da tashar USB da DisplayPort ba aiki ba idan an aiwatar da su ta hanyar mai sarrafa Thunderbolt).
source: budenet.ru