Eric Biggers, ɗaya daga cikin masu haɓaka Adiantum cipher kuma mai kula da tsarin Linux kernel fscrypt subsystem, ya ba da shawarar saitin faci don toshe matsalolin tsaro da suka taso daga fasalin na'urori na Intel waɗanda ba su da garantin aiwatarwa akai-akai don bayanan da aka sarrafa daban-daban. Matsalar ta bayyana a cikin na'urori na Intel waɗanda suka fara daga dangin Ice Lake. Ana ganin irin wannan matsala a cikin masu sarrafa ARM.
Kasancewar dogaro da lokacin aiwatar da umarni akan bayanan da aka sarrafa a cikin waɗannan umarnin ana ɗaukar marubucin facin azaman rauni a cikin na'urori masu sarrafawa, tunda irin wannan hali ba zai iya ba da garantin tsaro na ayyukan sirri da aka yi a cikin tsarin ba. Yawancin aiwatar da algorithms na sirri an tsara su don tabbatar da cewa bayanai ba su shafi lokacin aiwatar da umarni ba, kuma keta wannan hali na iya haifar da ƙirƙirar hare-haren tashoshi na gefe waɗanda ke dawo da bayanai dangane da nazarin lokacin sarrafa shi.
Mai yuwuwa, ana iya amfani da dogaron lokacin aiki don ƙaddamar da hare-hare don tantance bayanan kwaya daga sararin mai amfani. A cewar Eric Biggers, ba a samar da lokacin aiwatar da kullun ta hanyar tsohuwa ko da umarnin da ke yin ƙari da ayyukan XOR, da kuma na musamman umarnin AES-NI (bayanan da ba a tabbatar da su ta hanyar gwaje-gwaje ba, bisa ga sauran bayanan, akwai jinkiri na ɗaya). sake zagayowar a lokacin jujjuyawar vector da kirga bit).
Don kashe wannan hali, Intel da ARM sun ba da shawarar sabbin tutoci: PSTATE bit DIT (Data Independent Timeing) don ARM CPUs da MSR bit DOITM (Data Operand Independent Timeing Mode) don Intel CPUs, suna dawo da tsohon hali tare da lokacin aiwatarwa akai-akai. Intel da ARM suna ba da shawarar ba da damar kariya kamar yadda ake buƙata don lamba mai mahimmanci, amma a zahiri, ƙididdige ƙididdigewa na iya faruwa a ko'ina a cikin kernel da sarari mai amfani, don haka muna la'akari da kunna yanayin DOITM da DIT ga duka kernel a kowane lokaci.
Ga masu sarrafa ARM, reshen kwaya na Linux 6.2 ya riga ya karɓi faci waɗanda ke canza halayen kwaya, amma ana ɗaukar waɗannan facin ba su isa ba tunda kawai suna rufe lambar kernel kuma ba sa canza hali ga sararin mai amfani. Ga masu sarrafa Intel, haɗawar kariya har yanzu tana kan matakin bita. Har yanzu ba a auna tasirin facin akan aiki ba, amma bisa ga takaddun Intel, kunna yanayin DOITM yana rage aiki (alal misali, ta hanyar kashe wasu haɓakawa, kamar preloading takamaiman bayanai) kuma a cikin samfuran sarrafawa na gaba raguwar ayyukan na iya ƙaruwa. .
source: budenet.ru