ProHoster > Блог > labaran intanet > An saki Coreboot 4.17

An saki Coreboot 4.17

An buga sakin aikin CoreBoot 4.17, a cikin tsarin wanda ake haɓaka madadin kyauta ga firmware na mallaka da BIOS. Ana rarraba lambar aikin a ƙarƙashin lasisin GPLv2. Masu haɓaka 150 sun shiga cikin ƙirƙirar sabon sigar, waɗanda suka shirya canje-canje fiye da 1300.

Babban canje-canje:

  • Wani rauni (CVE-2022-29264) wanda ya bayyana a cikin sakin CoreBoot 4.13 zuwa 4.16 an gyara shi kuma yana ba da damar aiwatar da lamba akan tsarin tare da AP (Mai sarrafa aikace-aikacen) a matakin SMM (Yanayin Gudanar da Tsarin), wanda ke da fifiko mafi girma ( Ring -2) fiye da yanayin hypervisor da zobe na kariya, da samun damar shiga mara iyaka zuwa duk ƙwaƙwalwar ajiya. Matsalar ta samo asali ne ta hanyar kiran da ba daidai ba ga mai kula da SMI a cikin smm_module_loader module.
  • Ƙarin tallafi don uwayen uwa guda 12, 5 daga cikinsu ana amfani da su akan na'urori masu Chrome OS ko akan sabar Google. Daga cikin kudaden da ba na Google ba:
    • Clevo L140MU / L141MU / L142MU
    • Dell daidaici T1650
    • HP Z220 CMT Workstation
    • Star Labs LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000) da Lite Mk IV (N5030).
  • An daina tallafawa Google Deltan da Deltaur uwayen uwa.
  • An ƙara sabon kayan biya coreDOOM, yana ba ku damar ƙaddamar da wasan DOOM daga Coreboot. Aikin yana amfani da lambar doomgeneric, wanda aka aika zuwa libpayload. Ana amfani da framebuffer na layin Coreboot don fitarwa, kuma ana ɗora fayilolin WAD tare da albarkatun wasan daga CBFS.
  • Abubuwan da aka sabunta kayan aikin biya SeaBIOS 1.16.0 da iPXE 2022.1.
  • Ƙara yanayin SeaGRUB (GRUB2 akan SeaBIOS), wanda ke ba GRUB2 damar yin amfani da kiran dawo da kiran da SeaBIOS ke bayarwa, alal misali, don samun damar kayan aiki waɗanda ba a iya samun su daga GRUB2 biya.
  • Ƙara kariya daga harin SinkHole, wanda ke ba da damar yin amfani da lambar a matakin SMM (Yanayin Gudanar da Tsarin).
  • An aiwatar da ginanniyar ikon samar da tsayayyen tebur na shafukan ƙwaƙwalwar ajiya daga fayilolin taro, ba tare da buƙatar kiran abubuwan amfani na ɓangare na uku ba.
  • Bada damar rubuta bayanin kuskure zuwa na'urar wasan bidiyo na CBMEMC daga masu amfani da SMI lokacin amfani da DEBUG_SMI.
  • An canza tsarin masu kula da farawa na CBMEM; maimakon *_CBMEM_INIT_HOOK masu kula da matakan da aka ɗaure zuwa matakai, ana ba da shawarar masu aiki guda biyu: CBMEM_CREATION_HOOK (amfani da farkon matakin da ke haifar da cbmem) da CBMEM_READY_HOOK (amfani da kowane matakan da cbmem ya riga ya kasance. halitta).
  • Ƙara tallafi don PSB (Platform Secure Boot), wanda PSP (Platform Security Processor) ke kunnawa don tabbatar da amincin BIOS ta amfani da sa hannu na dijital.
  • Ƙara namu aiwatar da mai sarrafa don gyara bayanan da aka canjawa wuri daga FSP (FSP Debug Handler).
  • Ƙara takamaiman ayyukan TIS (TPM Interface Specification) ayyuka don karatu da rubutu kai tsaye daga rajistar TPM (Trusted Platform Module) - tis_vendor_read () da tis_vendor_write().
  • Ƙara goyon baya don sa baki mara tushe ta hanyar rajistar kuskure.
  • Aiwatar da gano na'urar i2c, yana sauƙaƙa aiki tare da allunan sanye take da faifan taɓawa ko allon taɓawa daga masana'anta daban-daban.
  • An ƙara ikon adana bayanan lokaci a cikin sigar da ta dace don samar da jadawali na FlameGraph, wanda ke nuna karara nawa lokacin da aka kashe a matakai daban-daban na ƙaddamarwa.
  • An ƙara wani zaɓi zuwa mai amfani na cbmem don ƙara "tambarin lokaci" na lokaci daga sararin mai amfani zuwa teburin cbmem, wanda ke ba da damar yin la'akari da abubuwan da suka faru a matakan da aka yi bayan CoreBoot a cbmem.

Bugu da ƙari, za mu iya lura da bugun OSFF (Open-Source Firmware Foundation) na buɗaɗɗen wasiƙa zuwa Intel, wanda ke ba da shawarar yin fakitin tallafin firmware (FSP, Fakitin Tallafin Firmware) mafi na yau da kullun kuma fara buga takaddun da suka danganci ƙaddamar da Intel SoC . Rashin lambar FSP yana da matukar wahala ga ƙirƙirar buɗaɗɗen firmware kuma yana hana ci gaban ayyukan Coreboot, U-Boot da LinuxBoot akan kayan aikin Intel. A baya can, irin wannan yunƙurin ya yi nasara kuma Intel ya buɗe lambar don PSE (Injin Sabis na Shirin) toshe firmware da al'umma suka nema.

source: budenet.ru

Add a comment