Manaʻo mākou e iho i lalo i ka pae haʻahaʻa a kamaʻilio e pili ana i ka palekana o ka firmware x86-compatible computer platforms. I kēia manawa, ʻo ka mea nui o ka noiʻi ʻo Intel Boot Guard (ʻaʻole e huikau me Intel BIOS Guard!) - kahi ʻenehana boot hilinaʻi BIOS i kākoʻo ʻia e ka mea kūʻai pūnaewele kamepiula hiki ke hoʻopau mau a hoʻopau paha i ka pae hana. ʻAe, ua ʻike mua mākou i ka ʻano noiʻi: ʻoki liʻiliʻi i ka hoʻokō ʻana o kēia ʻenehana e ka ʻenekinia hoʻohuli, wehewehe i kona hoʻolālā, hoʻopiha iā ia me nā kikoʻī undocumented, kau iā ia me nā vectors hoʻouka e ʻono a hui pū. E hoʻohui i ke ahi me kahi moʻolelo e pili ana i ke ʻano o ka cloned bug i ka hana ʻana o kekahi mau mea kūʻai aku no nā makahiki e hiki ai i kahi mea hoʻouka kaua ke hoʻohana i kēia ʻenehana e hana i kahi rootkit huna ʻaʻole hiki ke hoʻoneʻe ʻia (ʻoiai e ka mea papahana) i ka ʻōnaehana.
Ma ke ala, ua hoʻokumu ʻia ka ʻatikala ma nā hōʻike "On Guard for Rootkits: Intel BootGuard" mai ka hālāwai kūkā. a me ka halawai 29 (nā hōʻike ʻelua ).
Firmware no ke kahua kamepiula me Intel 64 architecture
I ka hoʻomaka ʻana, e pane mākou i ka nīnau: he aha ka firmware o kahi kahua kamepiula hou me ka Intel 64 architecture? ʻOiaʻiʻo, UEFI BIOS. Akā ʻaʻole pololei kēia pane. E nānā kāua i ke kiʻi, e hōʻike ana i ka pākaukau (laptop) mana o kēia hoʻolālā.
ʻO ke kumu ka loulou:
- Kaʻina hana (CPU, Central Processing Unit), ka mea, ma waho aʻe o nā cores nui, loaʻa kahi kiʻi kiʻi i kūkulu ʻia (ʻaʻole i nā hiʻohiʻona āpau) a me kahi mea hoʻomanaʻo hoʻomanaʻo (IMC, Integrated Memory Controller);
- Chipset (PCH, Platform Controller Hub), loaʻa nā mea hoʻoponopono like ʻole no ka launa pū ʻana me nā ʻaoʻao peripheral a me ka hoʻokele subsystem. Aia ma waena o lākou ka Intel Management Engine kaulana (ME), nona ka firmware (Intel ME firmware).
ʻO nā laptops, ma waho aʻe o ka mea i luna, e koi i kahi mea hoʻoponopono i hoʻohui ʻia (ACPI EC, Advanced Control and Power Interface Embedded Controller), nona ke kuleana no ka hana o ka subsystem mana, touchpad, keyboard, kī Fn ('ālohilohi pale, kani kani, keyboard backlight, etc.) a me nā mea ʻē aʻe. A loaʻa iā ia kāna firmware ponoʻī.
No laila, ʻo ka hui pū ʻana o ka firmware ma luna nei ʻo ka firmware o ke kahua kamepiula (system firmware), i mālama ʻia ma kahi hoʻomanaʻo flash SPI maʻamau. I ʻole e huikau nā mea hoʻohana o kēia hoʻomanaʻo i kahi e moe ai kekahi, ua māhele ʻia nā mea o kēia hoʻomanaʻo i nā ʻāpana aʻe (e like me ka mea i hōʻike ʻia ma ke kiʻi):
- UEFI BIOS;
- ʻO ACPI EC firmware (ua ʻike ʻia kahi ʻāpana ʻokoʻa me ka Skylake processor microarchitecture (2015), akā i loko o ka hihiu ʻaʻole mākou i ʻike i nā hiʻohiʻona o kāna hoʻohana ʻana, no laila ʻo ka firmware hoʻopili i hoʻopili ʻia he ʻāpana o ka UEFI BIOS);
- Intel ME firmware;
- hoʻonohonoho (MAC address, etc.) o ke kikowaena pūnaewele GbE (Gigabit Ethernet) i kūkulu ʻia;
- flash descriptors - ka māhele nui o ka hoʻomanaʻo flash, aia nā kuhikuhi i nā wahi ʻē aʻe, a me nā ʻae e komo iā lākou.
ʻO ka ʻokoʻa o ke komo ʻana i nā wahi (e like me nā ʻae i ʻōlelo ʻia) e mālama ʻia e ka SPI bus master - ka mea hoʻokele SPI i kūkulu ʻia i loko o ka chipset, kahi i loaʻa ai kēia hoʻomanaʻo. Inā hoʻonohonoho ʻia nā ʻae i nā waiwai i ʻōlelo ʻia (no nā kumu palekana) e Intel, a laila loaʻa i kēlā me kēia mea hoʻohana o ka flash SPI ke komo piha (heluhelu / kākau) i ko lākou ʻāina. ʻO nā mea i koe he heluhelu wale nō a hiki ʻole ke kiʻi ʻia. ʻIke ʻia: ma nā ʻōnaehana he nui, hiki i ka CPU ke komo piha i ka UEFI BIOS a me GbE, heluhelu i ke komo wale i nā mea wehewehe flash, a ʻaʻohe komo i ka ʻāina Intel ME. No ke aha ka nui a ʻaʻole nā mea a pau? ʻO ka mea i ʻōlelo ʻia he koho. E haʻi hou aku mākou iā ʻoe ma hope o ka ʻatikala.
Mechanisms no ka pale ʻana i ka firmware o kahi kahua kamepiula mai ka hoʻololi ʻana
ʻOiaʻiʻo, pono e pale ʻia ka firmware o kahi kahua kamepiula mai ka hiki ke hoʻohālikelike ʻia, e hiki ai i ka mea hoʻouka kaua ke loaʻa kahi paʻa i loko o ia mea (ola i nā hoʻoponopono OS / reinstallations), e hoʻokō i kā lākou code i nā ʻano hiʻohiʻona, etc. A ʻo ka hoʻokaʻawale ʻana i ke komo ʻana i nā wahi hoʻomanaʻo flash SPI, ʻoiaʻiʻo, ʻaʻole lawa. No laila, hoʻohana ʻia nā ʻano hana like ʻole i kēlā me kēia wahi hoʻokō e pale i ka firmware mai nā hoʻololi.
No laila, ua pūlima ʻia ka Intel ME firmware no ka mālama pono a me ka ʻoiaʻiʻo, a nānā ʻia e ka mea hoʻokele ME i kēlā me kēia manawa e hoʻouka ʻia i ka hoʻomanaʻo ME UMA. Ua kūkākūkā ʻia kēia kaʻina hōʻoia e mākou i kekahi o nā hoʻolaʻa ʻia i ka subsystem Intel ME.
A ʻo ACPI EC firmware, ma ke ʻano he kānāwai, nānā wale ʻia no ka pololei. Eia nō naʻe, ma muli o ka hoʻokomo ʻia ʻana o kēia binary i ka UEFI BIOS, ʻaneʻane ma lalo o nā ʻano pale like ʻole a ka UEFI BIOS e hoʻohana ai. E kamaʻilio kākou no lākou.
Hiki ke hoʻokaʻawale ʻia kēia mau mīkini i ʻelua ʻāpana.
Kākau i ka pale i ka ʻāina UEFI BIOS
- Ka pale kino o nā mea i loko o ka hoʻomanaʻo flash SPI me kahi lele pale kākau;
- Ka pale ʻana i ka projection o ka ʻāina UEFI BIOS ma ka wahi helu helu CPU me ka hoʻohana ʻana i nā papa inoa PRx o ka chipset;
- Ke kāohi nei i nā hoʻāʻo e kākau i ka ʻāina UEFI BIOS ma o ka hana ʻana a me ka hoʻoponopono ʻana i ka SMI e pili ana i ka hoʻonohonoho ʻana i nā bits BIOS_WE / BLE a me SMM_BWP i loko o nā papa inoa chipset;
- ʻO ka mana hou o kēia pale ʻo Intel BIOS Guard (PFAT).
Ma waho aʻe o kēia mau hana, hiki i nā mea kūʻai ke hoʻomohala a hoʻokō i kā lākou mau hana palekana (no ka laʻana, ke kau inoa ʻana i nā capsules me nā mea hou UEFI BIOS).
He mea nui e hoʻomaopopo ʻia ma kahi ʻōnaehana kikoʻī (ma muli o ka mea kūʻai aku), ʻaʻole hiki ke hoʻohana ʻia nā ʻano hana palekana a pau, ʻaʻole hiki ke hoʻohana ʻia, a i ʻole e hoʻokō ʻia ma kahi ala palupalu. Hiki iā ʻoe ke heluhelu hou aʻe e pili ana i kēia mau mīkini a me ke kūlana me kā lākou hoʻokō . No ka poʻe hoihoi, paipai mākou e heluhelu ʻoe i ka pūʻulu holoʻokoʻa o nā ʻatikala ma ka palekana UEFI BIOS mai .
UEFI BIOS Authentication Verification
Ke kamaʻilio mākou e pili ana i nā ʻenehana boot hilinaʻi, ʻo ka mea mua i hiki i ka noʻonoʻo ʻo Secure Boot. Eia nō naʻe, ma ke ʻano hana, ua hoʻolālā ʻia e hōʻoia i nā ʻāpana i waho o ka UEFI BIOS (nā mea hoʻokele, loaders, etc.), ʻaʻole ka firmware ponoʻī.
No laila, ua hoʻokō ʻo Intel i SoCs me ka Bay Trail microarchitecture (2012) i kahi hāmeʻa non-switchable Secure Boot (Verified Boot), ʻaʻohe mea pili i ka ʻenehana Secure Boot i ʻōlelo ʻia ma mua. Ma hope mai (2013), ua hoʻomaikaʻi ʻia kēia ʻano hana a, ma lalo o ka inoa ʻo Intel Boot Guard, ua hoʻokuʻu ʻia no nā papapihi me ka microarchitecture Haswell.
Ma mua o ka wehewehe ʻana i ka Intel Boot Guard, e nānā kākou i nā manawa holo i ka Intel 64 architecture, ʻo ia hoʻi, i ka hui pū ʻana, nā aʻa o ka hilinaʻi no kēia ʻenehana boot hilinaʻi.
Intel CPU
Hōʻike ʻo Cap ʻo ke kaʻina hana ka mea hoʻokō nui i ka hale hana Intel 64. No ke aha ke kumu o ka hilinaʻi? ʻIke ʻia ʻo ia ka loaʻa ʻana o kēia mau mea e hana ai pēlā:
- ʻO ka Microcode ROM kahi hoʻomanaʻo non-volatile, non-rewritable no ka mālama ʻana i ka microcode. Manaʻo ʻia ʻo ka microcode ka hoʻokō ʻana i ka ʻōnaehana aʻo ʻōnaehana ma nā ʻōlelo maʻalahi. Loaʻa i ka microcode kekahi . No laila ma ka BIOS hiki iā ʻoe ke loaʻa nā binaries me nā microcode updates (ua hoʻopaʻa ʻia lākou i ka wā boot, no ka mea ʻaʻole hiki ke kākau ʻia ka ROM). Hoʻopili ʻia ka ʻike o kēia mau binaries, kahi e hoʻopiʻi nui ai i ka nānā ʻana (no laila, ʻike ʻia ka ʻike kikoʻī o ka microcode i ka poʻe e hoʻomohala ana), a kau inoa ʻia e hoʻomalu i ka pono a me ka ʻoiaʻiʻo;
- ʻO ke kī AES e hoʻokaʻawale i nā ʻike o nā mea hou microcode;
- he hash o ke kī lehulehu RSA e hōʻoia ana i ka pūlima o nā mea hou microcode;
- RSA public key hash, nāna e nānā i ka pūlima o Intel-developed ACM (Authenticated Code Module) code modules, hiki i ka CPU ke holo ma mua o ka hoʻomaka ʻana o ka BIOS (hello microcode) a i ʻole i ka wā o kāna hana, ke hiki mai kekahi mau hanana.
Intel ME
Ua hoʻolaʻa ʻia kēia subsystem i kā mākou blog . E hoʻomanaʻo ʻo kēia kaiapuni hiki ke hoʻokumu ʻia ma luna o ka microcontroller i kūkulu ʻia i loko o ka chipset a ʻo ia ka mea huna a me ka pono o ka ʻōnaehana.
ʻOiai ʻo ka ʻaihue, ʻo Intel ME ke kumu o ka hilinaʻi, no ka mea, loaʻa iā ia:
- ME ROM - non-volatile, non-rewritable hoʻomanaʻo (ʻaʻohe ala hou i hāʻawi ʻia), i loaʻa ka code hoʻomaka, a me ka SHA256 hash o ke kī lehulehu RSA, nāna e nānā i ka pūlima o ka Intel ME firmware;
- Kiʻi AES no ka mālama ʻana i ka ʻike huna;
- ke komo i kahi pūʻulu fuses (FPFs, Field Programmable Fuses) i hoʻohui ʻia i loko o ka chipset no ka mālama mau ʻana o kekahi mau ʻike, me ka ʻike i kuhikuhi ʻia e ka mea kūʻai pūnaewele kamepiula.
Intel Boot Guard 1.x
Hoʻokuʻu liʻiliʻi. ʻO nā helu mana o ka ʻenehana Intel Boot Guard a mākou e hoʻohana ai i kēia ʻatikala he mea ʻole a ʻaʻohe mea pili i ka helu i hoʻohana ʻia i loko o nā palapala Intel kūloko. Eia kekahi, ua loaʻa ka ʻike e pili ana i ka hoʻokō ʻana o kēia ʻenehana i hāʻawi ʻia ma ʻaneʻi i ka wā o ka ʻenekinia reverse, a aia paha nā hewa i hoʻohālikelike ʻia i ka kikoʻī no Intel Boot Guard, ʻaʻole paha e paʻi ʻia.
No laila, ʻo Intel Boot Guard (BG) kahi ʻenehana hōʻoia UEFI BIOS i kākoʻo ʻia. Ke hoʻoholo nei i kāna wehewehe liʻiliʻi i loko o ka puke [Platform Embedded Security Technology Revealed, Chapter Boot with Integrity, or Not Boot], hana ia ma ke ʻano he kaulahao pahu hilinaʻi. A ʻo ka loulou mua i loko ʻo ia ka boot code (microcode) i loko o ka CPU, i hoʻoulu ʻia e ka hanana RESET (ʻaʻole e huikau me ka RESET vector i ka BIOS!). Loaʻa ka CPU i kahi module code (Intel BG startup ACM) i kūkulu ʻia a kau inoa ʻia e Intel ma ka hoʻomanaʻo flash SPI, hoʻouka iā ia i loko o kāna cache, hōʻoia iā ia (ua ʻike ʻia ma luna o ka CPU he kī kī ākea e hōʻoia i ka pūlima ACM) a hoʻomaka.
ʻO kēia module code ke kuleana no ka hōʻoia ʻana i kahi ʻāpana hoʻomaka liʻiliʻi o ka UEFI BIOS - Initial Boot Block (IBB), ʻo ia hoʻi, aia ka hana no ka hōʻoia ʻana i ka ʻāpana nui o ka UEFI BIOS. No laila, ʻae ʻo Intel BG iā ʻoe e hōʻoia i ka ʻoiaʻiʻo o ka BIOS ma mua o ka hoʻouka ʻana i ka OS (hiki ke hana ʻia ma lalo o ka nānā ʻana o ka ʻenehana Secure Boot).
Hāʻawi ka ʻenehana Intel BG i ʻelua mau ʻano hana (a ʻaʻole e hoʻopilikia kekahi i kekahi, ʻo ia hoʻi.
Ana Boot
Ma ka Measured Boot (MB), kēlā me kēia ʻāpana boot (e hoʻomaka ana me ka CPU boot ROM) "ana" i ka mea aʻe me ka hoʻohana ʻana i nā mana o ka Trusted Platform Module (TPM). No ka poʻe ʻike ʻole, e wehewehe wau.
Loaʻa iā TPM nā PCR (Platform Configuration Registers), nāna e hoʻopaʻa i ka hopena o ka hana hashing e like me ke ʻano:
ʻO kēlā mau mea. ʻO ka helu PCR o kēia manawa e pili ana i ka mea ma mua, a hoʻopaʻa hou ʻia kēia mau papa inoa inā RESET wale nō ka ʻōnaehana.
No laila, ma ke ʻano MB, i kekahi manawa i ka manawa, hōʻike ka PCR i kahi ʻike kūʻokoʻa (i loko o nā mana o ka hana hash) o ka code a i ʻole ka ʻikepili i "ana ʻia". Hiki ke hoʻohana ʻia nā waiwai PCR i ka hoʻopili ʻana o kekahi ʻikepili (TPM_Seal) hana. Ma hope o kēlā, hiki i kā lākou decryption (TPM_Unseal) inā ʻaʻole i loli nā helu PCR ma muli o ka hoʻouka ʻana (ʻo ia hoʻi, ʻaʻole i hoʻololi ʻia kahi ʻāpana "ana").
Boot Hooia
ʻO ka mea weliweli loa no ka poʻe makemake e hoʻololi i ka UEFI BIOS ʻo ia ka mode Verified Boot (VB), kahi e hōʻoia ai kēlā me kēia ʻāpana boot i ka pono a me ka ʻoiaʻiʻo o ka mea e hiki mai ana. A inā he hewa hōʻoia, (kekahi o kēia mau mea) hiki mai:
- pani ʻia e ka manawa hoʻopau mai 1 mau minuke a 30 mau minuke (i loaʻa i ka mea hoʻohana ka manawa e hoʻomaopopo ai i ke kumu o ka holo ʻole ʻana o kāna kamepiula, a, inā hiki, e hoʻāʻo e hoʻihoʻi i ka BIOS);
- pani koke (i loaʻa ʻole i ka mea hoʻohana ka manawa e hoʻomaopopo ai a, ʻoi aku, e hana);
- ka hoʻomauʻana i ka hana me ka maka pololei (ʻo ka hihia ināʻaʻohe manawa no ka palekana, no ka mea, aia nā mea nui e hana ai).
ʻO ke koho o ka hana e pili ana i ka hoʻonohonoho Intel BG i kuhikuhi ʻia (ʻo ia hoʻi, ma ka mea i kapa ʻia ke kulekele hoʻokō), i hoʻopaʻa paʻa ʻia e ka mea kūʻai aku i ka kamepiula i loko o kahi waihona i hoʻolālā ʻia - chipset fuses (FPFs). E noʻonoʻo hou mākou ma kēia wahi ma hope.
Ma waho aʻe o ka hoʻonohonoho hoʻonohonoho, hoʻopuka ka mea kūʻai aku i ʻelua mau kī RSA 2048 a hana i ʻelua mau hanana data (hōʻike ʻia ma ke kiʻi):
- ʻO ka hōʻike kumu kumu a ka mea kūʻai aku (KEYM, OEM Root Key Manifest), kahi e kau ai i ka SVN (Security Version Number) o kēia hōʻike, ka SHA256 hash o ke kī ākea o ka hōʻike e hiki mai ana, ke kī lehulehu RSA (ʻo ia hoʻi ka ʻāpana ākea o ke kī kumu o ka mea kūʻai aku) e hōʻoia i ka pūlima o kēia hōʻike, a me ka pūlima ponoʻī;
- ʻO ka IBB Manifest (IBBM, Initial Boot Block Manifest), e kau ana i ka SVN o kēia hōʻike, ka SHA256 hash o ka IBB, ke kī ākea no ka hōʻoia ʻana i ka pūlima o kēia hōʻike, a me ka pūlima ponoʻī.
Ua kākau mau ʻia ka SHA256 hash o ka OEM Root Key i nā chipset fuses (FPFs), e like me ka hoʻonohonoho Intel BG. Inā hāʻawi ka hoʻonohonoho Intel BG i ka hoʻokomo ʻana i kēia ʻenehana, a laila mai kēia manawa ma kēia ʻōnaehana wale nō ka mea nona ka ʻāpana pilikino o ka OEM Root Key hiki ke hoʻonui i ka BIOS (ʻo ia hoʻi e hiki ke helu hou i kēia mau hōʻike), ʻo ia. mea kūʻai aku.
Ke nānā ʻoe i ke kiʻi, kū koke nā kānalua e pili ana i ka pono o kahi kaulahao hōʻoia lōʻihi - hiki iā ʻoe ke hoʻohana i hoʻokahi hōʻike. No ke aha e paʻakikī ai?
ʻOiaʻiʻo, hāʻawi ʻo Intel i ka mea kūʻai aku i ka manawa e hoʻohana ai i nā kī IBB ʻokoʻa no nā laina huahana like ʻole a hoʻokahi ma ke kumu. Inā ʻae ʻia ka ʻāpana pilikino o ke kī IBB (ʻo ia ka mea e hōʻailona ai i ka lua o ka hōʻike), e hoʻopilikia wale ka hanana i hoʻokahi laina huahana a hiki wale i ka mea kūʻai aku e hana i kahi pālua hou a hiki i ka hōʻike hou ʻana i ka hōʻano hou BIOS.
Akā inā hoʻololi ʻia ke kī kumu (kahi i kau inoa ʻia ka hōʻike mua), ʻaʻole hiki ke hoʻololi ʻia, ʻaʻole i hāʻawi ʻia ke kaʻina hana hoʻopau. ua hoʻolālā ʻia ka hash o ka ʻāpana lehulehu o kēia kī i nā FPF i hoʻokahi manawa.
Hoʻonohonoho ʻia ʻo Intel Boot Guard
I kēia manawa, e nānā pono kākou i ka hoʻonohonoho Intel BG a me ke kaʻina hana o kāna hana ʻana. Inā ʻoe e nānā i ka ʻaoʻao pili i ka GUI o ka Flash Image Tool mai ka Intel System Tool Kit (STK), e ʻike ʻoe i ka hoʻonohonoho Intel BG e loaʻa kahi hash o ka ʻāpana ākea o ke kī kumu o ka mea kūʻai aku, ʻelua mau waiwai huna, a pēlā aku. ʻIkepili Intel BG.
ʻO ke ʻano o kēia ʻaoʻao:
typedef struct BG_PROFILE
{
unsigned long Force_Boot_Guard_ACM : 1;
unsigned long Verified_Boot : 1;
unsigned long Measured_Boot : 1;
unsigned long Protect_BIOS_Environment : 1;
unsigned long Enforcement_Policy : 2; // 00b – do nothing
// 01b – shutdown with timeout
// 11b – immediate shutdown
unsigned long : 26;
};Ma keʻano laulā, he mea maʻalahi loa ka hoʻonohonoho Intel BG. E noʻonoʻo, no ka laʻana, ka hae Force_Boot_Guard_ACM. Ke hoʻomaʻemaʻe ʻia, inā ʻaʻole ʻike ʻia ka module ACM hoʻomaka BG ma ka flash SPI, ʻaʻohe pahu hilinaʻi e kū mai. E hilinai ole ia.
Ua kākau mua mākou ma luna aʻe e hiki ke hoʻonohonoho ʻia ke kulekele hoʻokō no ke ʻano VB a inā ʻaʻole i pau ka hōʻoia ʻana, e hana hou ʻia kahi download hilinaʻi ʻole.
E waiho i nā mea e like me kēia i nā mea kūʻai aku ...
Hāʻawi ka GUI o ka pono i nā ʻaoʻao "makaukau" i hana ʻia:
Helu
Hāloa
hōʻikeʻano
0
ʻAʻole_FVME
Ua pio ka ʻenehana Intel BG
1
VE
Hoʻohana ʻia ke ʻano VB, pani ʻia e ka manawa pau
2
VME
Ua hoʻohana ʻia nā ʻano ʻelua (VB a me MB), pani ʻia e ka manawa pau
3
VM
Hiki ke hoʻohana ʻia nā ʻano ʻelua, me ka hoʻopau ʻole ʻana i ka ʻōnaehana
4
FVE
Hoʻohana ʻia ke ʻano VB, pani koke
5
FVME
hoʻohana ʻia nā ʻano ʻelua, pani koke
E like me ka mea i haʻi mua ʻia, pono e kākau ʻia ka hoʻonohonoho Intel BG i hoʻokahi manawa a no nā mea āpau e ka mea kūʻai aku i nā chipset fuses (FPFs) - kahi liʻiliʻi (e like me ka ʻike i hōʻoia ʻole ʻia, ʻo 256 bytes wale nō) ka mālama pono ʻana o ka ʻike i loko o ka chipset, hiki ke hoʻolālā ʻia ma waho o nā keʻena hana o Intel (no laila, ʻo ia. Māhele Programmable fuses).
He mea maikaʻi no ka mālama ʻana i ka hoʻonohonoho no ka mea:
- Loaʻa iā ia kahi wahi mālama ʻikepili hoʻokahi manawa-programmable (kahi i kākau ʻia ai ka hoʻonohonoho Intel BG);
- ʻO Intel ME wale nō ka mea hiki ke heluhelu a hoʻolālā.
No laila, i mea e hoʻonohonoho ai i ka hoʻonohonoho no ka ʻenehana Intel BG ma kahi ʻōnaehana kikoʻī, hana ka mea kūʻai aku i kēia aʻe i ka wā e hana ai:
- Ke hoʻohana nei i ka Flash Image Tool (mai Intel STK), hana i kahi kiʻi paʻa me kahi hoʻonohonoho Intel BG i hāʻawi ʻia ma ke ʻano he mau loli i loko o ka ʻāpana Intel ME (ka mea i kapa ʻia ke aniani pōkole no nā FPF);
- Ke hoʻohana nei i ka Flash Programming Tool (mai Intel STK), kākau i kēia kiʻi i ka SPI flash memory o ka ʻōnaehana a pani i ka mea i kapa ʻia. ʻano hana hana (ma kēia hihia, hoʻouna ʻia ke kauoha e pili ana iā Intel ME).
Ma muli o kēia mau hana, e hāʻawi ʻo Intel ME i nā FPF i nā waiwai kikoʻī mai ke aniani no nā FPF ma ka ʻāina ME, e hoʻonohonoho i nā ʻae i nā mea wehewehe flash SPI i nā waiwai i ʻōlelo ʻia e Intel (i wehewehe ʻia ma ka hoʻomaka o ka ʻatikala) a hana i kahi ʻōnaehana RESET.
ʻIkepili hoʻokō Intel Boot Guard
I mea e nānā ai i ka hoʻokō ʻana o kēia ʻenehana ma kahi hiʻohiʻona kikoʻī, ua nānā mākou i nā ʻōnaehana aʻe no nā ʻano o ka ʻenehana Intel BG:
'ōnaehana
i hoʻopuka
Gigabyte GA-H170-D3H
Skylake, aia ke kākoʻo
Gigabyte GA-Q170-D3H
Skylake, aia ke kākoʻo
Gigabyte GA-B150-HD3
Skylake, aia ke kākoʻo
MSI H170A Pāʻani Pro
Skylake, ʻaʻohe kākoʻo
Lenovo Pūnaewele 460
Skylake, loaʻa ke kākoʻo, hiki ke ʻenehana
Lenovo Yoga 2 Pro
Haswell, ʻaʻohe kākoʻo
Lenovo U330p
Haswell, ʻaʻohe kākoʻo
"Kōkoʻo" ʻo ia ka hiki ʻana o ka module Intel BG startup ACM module, nā hōʻike i ʻōlelo ʻia ma luna a me ke code pili i ka BIOS, i.e. hoʻokō no ka nānā ʻana.
No ka laʻana, e lawe kākou i ka mea i hoʻoiho ʻia mai ke keʻena. kiʻi kahua kahua kūʻai o SPI flash memory no Gigabyte GA-H170-D3H (version F4).
ʻO Intel CPU boot ROM
ʻO ka mea mua, e kamaʻilio e pili ana i nā hana a ka mea hana inā hiki ke ʻenehana Intel BG.
ʻAʻole hiki ke loaʻa nā laʻana o ka microcode decrypted, no laila, pehea e hoʻokō ʻia ai nā hana i hōʻike ʻia ma lalo nei (ma ka microcode a i ʻole nā mea hana) he nīnau wehe. Eia nō naʻe, ʻo ka ʻoiaʻiʻo o nā kaʻina hana Intel hou "hiki" ke hana i kēia mau hana he ʻoiaʻiʻo.
Ma hope o ka haʻalele ʻana i ka mokuʻāina RESET, ʻike ka mea hana (ma kāna wahi kikoʻī nā ʻike o ka hoʻomanaʻo flash) e ʻike i ka FIT (Firmware Interface Table). Maʻalahi ka ʻimi ʻana, kākau ʻia ka mea kuhikuhi ma ka helu FFFF FFC0h.
Ma kēia laʻana, aia kēia helu wahi i ka waiwai FFD6 9500h. Ke huli nei i kēia helu wahi, ʻike ka mea hana i ka papa FIT, nā mea i hoʻokaʻawale ʻia i nā moʻolelo. ʻO ka helu mua ke poʻomanaʻo o kēia hale:
typedef struct FIT_HEADER
{
char Tag[8]; // ‘_FIT_ ’
unsigned long NumEntries; // including FIT header entry
unsigned short Version; // 1.0
unsigned char EntryType; // 0
unsigned char Checksum;
};
No kekahi kumu i ʻike ʻole ʻia, ʻaʻole i helu mau ʻia ka checksum i kēia mau papa (ua waiho ʻia ke kahua he null).
ʻO nā mea i koe e kuhikuhi i nā binaries like ʻole e pono e paʻi ʻia / hoʻokō ʻia ma mua o ka hoʻokō ʻia ʻana o ka BIOS, ʻo ia hoʻi. ma mua o ka hoʻololi ʻana i ka hoʻoilina RESET vector (FFFF FFF0h). ʻO ke ʻano o kēlā me kēia komo ʻana penei:
typedef struct FIT_ENTRY
{
unsigned long BaseAddress;
unsigned long : 32;
unsigned long Size;
unsigned short Version; // 1.0
unsigned char EntryType;
unsigned char Checksum;
};
Hōʻike ke kahua EntryType i ke ʻano o ka poloka i kuhikuhi ai kēia komo. ʻIke mākou i kekahi mau ʻano:
enum FIT_ENTRY_TYPES
{
FIT_HEADER = 0,
MICROCODE_UPDATE,
BG_ACM,
BIOS_INIT = 7,
TPM_POLICY,
BIOS_POLICY,
TXT_POLICY,
BG_KEYM,
BG_IBBM
};I kēia manawa ua ʻike ʻia kekahi o nā mea komo i ka wahi o ka Intel BG hoʻomaka ACM binary. He ʻano maʻamau ke ʻano o ke poʻo o kēia binary no nā module code i hoʻomohala ʻia e Intel (ACMs, microcode updates, Intel ME code sections, ...).
typedef struct BG_ACM_HEADER
{
unsigned short ModuleType; // 2
unsigned short ModuleSubType; // 3
unsigned long HeaderLength; // in dwords
unsigned long : 32;
unsigned long : 32;
unsigned long ModuleVendor; // 8086h
unsigned long Date; // in BCD format
unsigned long TotalSize; // in dwords
unsigned long unknown1[6];
unsigned long EntryPoint;
unsigned long unknown2[16];
unsigned long RsaKeySize; // in dwords
unsigned long ScratchSize; // in dwords
unsigned char RsaPubMod[256];
unsigned long RsaPubExp;
unsigned char RsaSig[256];
};
Hoʻouka ka mea hana i kēia binary i loko o kāna cache, hōʻoia a hoʻokuʻu.
Hoʻomaka ʻo Intel BG ACM
Ma muli o ka nānā ʻana i ka hana a kēia ACM, ua maopopo ka hana ʻana i kēia:
- loaʻa mai Intel ME ka hoʻonohonoho Intel BG i kākau ʻia i nā fuse chipset (FPFs);
- loaʻa iā KEYM a me IBBM hōʻike, hōʻoia iā lākou.
No ka huli ʻana i kēia mau hōʻike, hoʻohana pū ʻo ACM i ka pākaukau FIT, nona nā ʻano helu ʻelua e kuhikuhi i kēia mau hale (e nānā i ka FIT_ENTRY_TYPES ma luna).
E nānā pono kākou i nā manifesto. Ma ke ʻano o ka hōʻike mua, ʻike mākou i kekahi mau ʻano pohihihi, kahi hash o ke kī ākea mai ka lua o ka hōʻike, a me kahi OEM Root Key i hoʻopaʻa inoa ʻia ma ke ʻano he hale pūnana:
typedef struct KEY_MANIFEST
{
char Tag[8]; // ‘__KEYM__’
unsigned char : 8; // 10h
unsigned char : 8; // 10h
unsigned char : 8; // 0
unsigned char : 8; // 1
unsigned short : 16; // 0Bh
unsigned short : 16; // 20h == hash size?
unsigned char IbbmKeyHash[32]; // SHA256 of an IBBM public key
BG_RSA_ENTRY OemRootKey;
};
typedef struct BG_RSA_ENTRY
{
unsigned char : 8; // 10h
unsigned short : 16; // 1
unsigned char : 8; // 10h
unsigned short RsaPubKeySize; // 800h
unsigned long RsaPubExp;
unsigned char RsaPubKey[256];
unsigned short : 16; // 14
unsigned char : 8; // 10h
unsigned short RsaSigSize; // 800h
unsigned short : 16; // 0Bh
unsigned char RsaSig[256];
};
No ka hōʻoia ʻana i ke kī ākea o ka OEM Root Key, hoʻomanaʻo mākou ua hoʻohana ʻia ka SHA256 hash mai nā fuses, i kēia manawa ua loaʻa mai iā Intel ME.
E neʻe kākou i ka manifesto ʻelua. Aia i loko o ʻekolu mau hale:
typedef struct IBB_MANIFEST
{
ACBP Acbp; // Boot policies
IBBS Ibbs; // IBB description
IBB_DESCRIPTORS[];
PMSG Pmsg; // IBBM signature
};Aia ka mea mua i kekahi mau mea mau:
typedef struct ACBP
{
char Tag[8]; // ‘__ACBP__’
unsigned char : 8; // 10h
unsigned char : 8; // 1
unsigned char : 8; // 10h
unsigned char : 8; // 0
unsigned short : 16; // x & F0h = 0
unsigned short : 16; // 0 < x <= 400h
};Aia ka lua i ka SHA256 hash o ka IBB a me ka helu o nā mea wehewehe e wehewehe ana i nā mea o ka IBB (ʻo ia hoʻi.
typedef struct IBBS
{
char Tag[8]; // ‘__IBBS__’
unsigned char : 8; // 10h
unsigned char : 8; // 0
unsigned char : 8; // 0
unsigned char : 8; // x <= 0Fh
unsigned long : 32; // x & FFFFFFF8h = 0
unsigned long Unknown[20];
unsigned short : 16; // 0Bh
unsigned short : 16; // 20h == hash size ?
unsigned char IbbHash[32]; // SHA256 of an IBB
unsigned char NumIbbDescriptors;
};Hoʻopili nā mea wehewehe IBB i kēia ʻano, hoʻokahi ma hope o kekahi. Aia kā lākou ʻike i kēia ʻano:
typedef struct IBB_DESCRIPTOR
{
unsigned long : 32;
unsigned long BaseAddress;
unsigned long Size;
};He mea maʻalahi: loaʻa i kēlā me kēia mea wehewehe ka helu wahi / ka nui o kahi ʻāpana IBB. No laila, ʻo ka hui ʻana o nā poloka i kuhikuhi ʻia e kēia mau wehewehe (ma ke ʻano o nā mea wehewehe ponoʻī) ʻo IBB. A, ma ke ʻano he lula, ʻo IBB kahi hui o nā modula āpau o ka SEC a me ka pae PEI.
Hoʻopau ka hōʻike ʻelua me kahi hale i loaʻa ke kī lehulehu IBB (hōʻoia ʻia e ka SHA256 hash mai ka hōʻike mua) a me ka pūlima o kēia hōʻike:
typedef struct PMSG
{
char Tag[8]; // ‘__PMSG__’
unsigned char : 8; // 10h
BG_RSA_ENTRY IbbKey;
};
No laila, ma mua o ka hoʻomaka ʻana o ka hoʻokō UEFI BIOS, e hoʻomaka ka mea hana i ka ACM, ka mea e hōʻoia i ka ʻoiaʻiʻo o nā ʻāpana me ka SEC a me ka code phase PEI. A laila, haʻalele ka mea hana i ka ACM, neʻe ma ka RESET vector, a hoʻomaka e hoʻokō i ka BIOS.
Pono ka ʻāpana i hōʻoia ʻia e PEI i kahi module e nānā i ke koena o ka BIOS (DXE code). Ke kūkulu ʻia nei kēia module e IBV (Independent BIOS Vendor) a i ʻole ka mea kūʻai pūnaewele ponoʻī. No ka mea ʻO nā ʻōnaehana Lenovo a me Gigabyte wale nō i loaʻa iā mākou a loaʻa iā mākou ke kākoʻo Intel BG, e noʻonoʻo kākou i ke code i unuhi ʻia mai kēia mau ʻōnaehana.
UEFI BIOS module LenovoVerifiedBootPei
I ka hihia o Lenovo, ua lilo ia i ka LenovoVerifiedBootPei {B9F2AC77-54C7-4075-B42E-C36325A9468D} module, i hoʻomohala ʻia e Lenovo.
ʻO kāna hana ʻo ka nānā ʻana (e GUID) i kahi papaʻaina hash no ka DXE a hōʻoia i ka DXE.
if (EFI_PEI_SERVICES->GetBootMode() != BOOT_ON_S3_RESUME)
{
if (!FindHashTable())
return EFI_NOT_FOUND;
if (!VerifyDxe())
return EFI_SECURITY_VIOLATION;
}Хеш таблица {389CC6F2-1EA8-467B-AB8A-78E769AE2A15} имеет следующий формат:
typedef struct HASH_TABLE
{
char Tag[8]; // ‘$HASHTBL’
unsigned long NumDxeDescriptors;
DXE_DESCRIPTORS[];
};typedef struct DXE_DESCRIPTOR
{
unsigned char BlockHash[32]; // SHA256
unsigned long Offset;
unsigned long Size;
};UEFI BIOS module BootGuardPei
Ma ka hihia o Gigabyte, ua lilo ia i BootGuardPei {B41956E1-7CA2-42DB-9562-168389F0F066} module, i hoʻomohala ʻia e AMI, a no laila aia i loko o kekahi AMI BIOS me ke kākoʻo Intel BG.
He ʻokoʻa ka algorithm o kāna hana, akā naʻe, hoʻoheheʻe ʻia i ka mea like:
int bootMode = EFI_PEI_SERVICES->GetBootMode();
if (bootMode != BOOT_ON_S3_RESUME &&
bootMode != BOOT_ON_FLASH_UPDATE &&
bootMode != BOOT_IN_RECOVERY_MODE)
{
HOB* h = CreateHob();
if (!FindHashTable())
return EFI_NOT_FOUND;
WriteHob(&h, VerifyDxe());
return h;
}ʻO ka papa hash {389CC6F2-1EA8-467B-AB8A-78E769AE2A15} ke nānā aku nei ke ʻano penei:
typedef HASH_TABLE DXE_DESCRIPTORS[];
typedef struct DXE_DESCRIPTOR
{
unsigned char BlockHash[32]; // SHA256
unsigned long BaseAddress;
unsigned long Size;
};Intel Boot Guard 2.x
E kamaʻilio pōkole e pili ana i kahi hoʻokō hou o Intel Boot Guard, i loaʻa i kahi ʻōnaehana hou e pili ana i ka Intel SoC me Apollo Lake microarchitecture - ASRock J4205-IT.
ʻOiai e hoʻohana wale ʻia kēia mana ma SoCs (nā ʻōnaehana hou me Kaby Lake processor microarchitecture e hoʻomau i ka hoʻohana ʻana iā Intel Boot Guard 1.x), he mea hoihoi nui ia i ka ʻimi ʻana i kahi koho hoʻolālā hou no nā paepae e pili ana i nā Intel SoCs, nona nā loli maoli, no ka laʻana:
- ʻO nā ʻāpana BIOS a me Intel ME (a i ʻole Intel TXE, e like me ka Intel SoC terminology) i kēia manawa hoʻokahi wahi IFWI;
- ʻoiai ua hoʻohana ʻia ʻo Intel BG ma ka paepae, ʻaʻole i loaʻa nā hale e like me FIT, KEYM, IBBM i ka hoʻomanaʻo flash;
- ma kahi o TXE a me ISH cores (x86), ua hoʻohui ʻia ke kolu o ke kolu (hou ARC, ma ke ala) i ka chipset - PMC (Power Management Controller), pili me ka hōʻoia ʻana i ka operability o ka subsystem mana a me ka nānā ʻana i ka hana.
ʻO ka ʻike o ka ʻāina IFWI hou he hoʻonohonoho o kēia mau modula:
ʻO Bias
inoa
hōʻikeʻano
0000 2000 hola
SMIP
kekahi hoʻonohonoho paepae, pūlima ʻia e ka mea kūʻai aku
0000 6000 hola
RBEP
ʻO Intel TXE firmware code section, x86, i pūlima ʻia e Intel
0001 0000 hola
PMCP
ʻāpana code firmware Intel PMC, ARC, i pūlima ʻia e Intel
0002 0000 hola
FTPR
ʻO Intel TXE firmware code section, x86, i pūlima ʻia e Intel
0007B000h
UCOD
ʻO nā mea hou microcode CPU i kau inoa ʻia e Intel
0008 0000 hola
ʻO IBBP
UEFI BIOS, SEC/PEI māhele, x86, mea kūʻai pūlima
0021 8000 hola
ISHC
ʻāpana code o ka Intel ISH firmware, x86, i pūlima ʻia e ka mea kūʻai aku
0025 8000 hola
NFTP
ʻO Intel TXE firmware code section, x86, i pūlima ʻia e Intel
0036 1000 hola
IUNP
ʻikeʻole
0038 1000 hola
OBBP
UEFI BIOS, pae DXE, x86, kau inoa ʻole
I ka wā o ka nānā ʻana o ka firmware TXE, ua ʻike ʻia ma hope o RESET, mālama ʻo TXE i ka kaʻina hana ma kēia mokuʻāina a hiki i ka hoʻomākaukau ʻana i nā ʻike kumu o ka wahi helu no ka CPU (FIT, ACM, RESET vector ...). Eia kekahi, waiho ʻo TXE i kēia ʻikepili i kāna SRAM, a ma hope o ka manawa e hāʻawi ai i ke kaʻina hana me ke komo i laila a "hoʻokuʻu" iā ia mai RESET.
Ma ke kiaʻi o rootkits
ʻAe, i kēia manawa e neʻe kākou i ka "wela". Ua ʻike mua mākou aia ma nā ʻōnaehana he nui nā mea wehewehe flash SPI i ʻae e komo i nā wahi o ka hoʻomanaʻo flash SPI i hiki i nā mea hoʻohana a pau o kēia hoʻomanaʻo ke kākau a heluhelu i nā wahi āpau. ʻO kēlā mau mea. ʻaʻole iki.
Ma hope o ka nānā ʻana me ka pono MEinfo (mai Intel STK), ʻike mākou ʻaʻole i pani ʻia ke ʻano hana hana ma kēia mau ʻōnaehana, no laila, waiho ʻia nā chipset fuses (FPFs) i kahi kūlana ʻole. ʻAe, ʻaʻole hiki ke hoʻopau ʻia ʻo Intel BG ma ia mau hihia.
Ke kamaʻilio nei mākou e pili ana i nā ʻōnaehana aʻe (e pili ana iā Intel BG a me ka mea e wehewehe ʻia ma hope o ka ʻatikala, e kamaʻilio mākou e pili ana i nā ʻōnaehana me Haswell processor microarchitecture a kiʻekiʻe aʻe):
- nā huahana Gigabyte a pau;
- nā huahana MSI a pau;
- 21 mau hiʻohiʻona laptop Lenovo a me 4 mau hiʻohiʻona kikowaena Lenovo.
ʻOiaʻiʻo, ua hōʻike mākou i ka ʻike i kēia mau mea kūʻai aku, a me Intel.
ʻO ka pane kūpono i ukali wale ʻia mai Lenovonāna i ʻae i ka pilikia a .
ʻO Gigabyte Me he mea lā ua ʻae lākou i ka ʻike e pili ana i ka nāwaliwali, akā ʻaʻole lākou i ʻōlelo ma kekahi ʻano.
Kūkākūkā me MSI paʻa loa i kā mākou noi e hoʻouna i kā mākou kī PGP lehulehu (i mea e hoʻouna iā lākou i kahi ʻōlelo aʻoaʻo palekana i hoʻopili ʻia). Ua ʻōlelo lākou he "mea hana lako lako a ʻaʻole hana i nā kī PGP."
Akā ʻoi aku ka nui o ka manaʻo. No ka waiho ʻana o nā fuse i kahi kūlana ʻike ʻole, hiki i ka mea hoʻohana (a i ʻole ka mea hoʻouka) ke hoʻolālā iā lākou iho (ʻo ka paʻakikī loa. ). Pono kēia i nā ʻanuʻu aʻe.
1. E hoʻomaka i ka Windows OS (ma ka laulā, hiki ke hana ʻia nā ʻanuʻu i wehewehe ʻia ma lalo o Linux, inā ʻoe e hoʻomohala i kahi analogue o Intel STK no ka OS makemake). Me ka hoʻohana ʻana i ka pono MEinfo, e hōʻoia ʻaʻole i hoʻolālā ʻia nā fuse ma kēia ʻōnaehana.
2. E heluhelu i nā mea o ka hoʻomanaʻo flash me ka hoʻohana ʻana i ka Flash Programming Tool.
3. E wehe i ke kiʻi heluhelu me ka hoʻohana ʻana i kekahi mea hoʻoponopono UEFI BIOS, e hana i nā hoʻololi e pono ai (e hoʻokō i kahi rootkit, no ka laʻana), hana / hoʻoponopono i nā ʻōnaehana KEYM a me IBBM i ka ʻāina ME.
Hōʻike ʻia ka ʻāpana ākea o ke kī RSA ma ke kiʻi, e hoʻolālā ʻia ka hash i nā fuse chipset me ke koena o ka hoʻonohonoho Intel BG.
4. Ke hoʻohana nei i ka Flash Image Tool, kūkulu i kahi kiʻi firmware hou (ma ka hoʻonohonoho ʻana i ka hoʻonohonoho Intel BG).
5. E kākau i kiʻi hou e uila me ka Flash Programming Tool, e hōʻoia me ka hoʻohana ʻana i MEinfo aia i ka ʻāina ME ka hoʻonohonoho Intel BG i kēia manawa.
6. E hoʻohana i ka Flash Programming Tool e pani i ke ʻano hana.
7. E hoʻomaka hou ka ʻōnaehana, a laila, me ka hoʻohana ʻana iā MEinfo, hiki iā ʻoe ke hōʻoia ua hoʻonohonoho ʻia nā FPF i kēia manawa.
ʻO kēia mau hana a mau loa aku hiki iā Intel BG ma kēia ʻōnaehana. ʻAʻole hiki ke wehe i ka hana, ʻo ia hoʻi:
- ʻO ka mea nona ka ʻāpana pilikino o ke kī kumu (ʻo ia hoʻi ka mea i hiki iā Intel BG) ke hoʻonui i ka UEFI BIOS ma kēia ʻōnaehana;
- inā ʻoe e hoʻihoʻi i ka firmware kumu i kēia ʻōnaehana, no ka laʻana, me ka hoʻohana ʻana i kahi polokalamu, ʻaʻole ia e hoʻomaka (kahi hopena o ke kulekele hoʻokō inā he hewa hōʻoia);
- no ka hoʻopau ʻana i kēlā UEFI BIOS, pono ʻoe e hoʻololi i ka chipset me nā FPF i hoʻolālā ʻia me kahi "maʻemaʻe" (ʻo ia hoʻi, e hoʻihoʻi i ka chipset inā loaʻa iā ʻoe ke komo i kahi kikowaena infrared ma ke kumukūʻai o ke kaʻa, a i ʻole e hoʻololi wale i ka motherboard).
No ka hoʻomaopopo ʻana i ka mea e hiki ai i kahi rootkit ke hana, pono ʻoe e loiloi i ka mea e hiki ai ke hoʻokō i kāu code ma kahi ʻano UEFI BIOS. E ʻōlelo, ma ke ʻano ʻoi loa o ke kaʻina hana - SMM. Loaʻa i kēlā rootkit nā waiwai penei:
- e hoʻokō ʻia e like me ka OS (hiki iā ʻoe ke hoʻonohonoho i ka hana ʻana ma ka hana ʻana i kahi interrupt SMI, e hoʻomaka ʻia e kahi manawa);
- Loaʻa i nā pono āpau o ka noho ʻana i ke ʻano SMM (ke komo piha i nā ʻike o ka RAM a me nā kumuwaiwai lako, hūnā mai ka OS);
- Hiki ke hoʻopili ʻia a hoʻokaʻawale ʻia ke code rootkit i ka wā i hoʻokuʻu ʻia ma ke ʻano SMM. Hiki ke hoʻohana ʻia nā ʻikepili i loaʻa ma ke ʻano SMM ma ke ʻano he kī hoʻopunipuni. No ka laʻana, he hash mai kahi hoʻonohonoho o nā helu wahi ma SMRAM. No ka loaʻa ʻana o kēia kī, pono ʻoe e piʻi i ka SMM. A hiki ke hana i kēia ma nā ʻano ʻelua. E ʻimi i ka RCE ma ka code SMM a hoʻohana iā ia, a i ʻole e hoʻohui i kāu module SMM ponoʻī i ka BIOS, ʻaʻole hiki ʻole, no ka mea, ua hoʻohana mākou iā Boot Guard.
No laila, hiki i kēia nāwaliwali ke hiki i ka mea hoʻouka ke:
- e hana i kahi rootkit huna a hiki ʻole ke hoʻoneʻe ʻia o ke kumu ʻike ʻole i ka ʻōnaehana;
- e hoʻokō i kāu code ma kekahi o nā cores chipset i loko o ka Intel SoC, ʻo ia hoʻi, ma ka Intel ISH (e nānā pono i ke kiʻi).
ʻOiai ʻaʻole i ʻimi ʻia nā mana o ka subsystem Intel ISH, me he mea lā he mea hoʻouka kaua hoihoi e kūʻē iā Intel ME.
haʻina
- Hāʻawi ka haʻawina i kahi wehewehe ʻenehana i ka hana ʻana o ka ʻenehana Intel Boot Guard. Hoʻemi i kekahi mau mea huna i ka palekana o Intel ma o ka hiʻohiʻona obscurity.
- Hōʻike ʻia kahi hiʻohiʻona hoʻouka e hiki ai ke hana i kahi rootkit unremovable i loko o ka ʻōnaehana.
- Ua ʻike mākou ua hiki i nā kaʻina hana Intel hou ke hoʻokō i nā code proprietary ma mua o ka hoʻomaka ʻana o ka BIOS.
- Ke emi nei nā paepae me ka Intel 64 architecture no ka holo ʻana i nā polokalamu manuahi: ka hōʻoia ʻana i ka ʻenehana, ka piʻi nui ʻana o nā ʻenehana proprietary a me nā subsystems (ʻekolu cores i ka chipset SoC: x86 ME, x86 ISH a me ARC PMC).
Nā Mitigations
ʻO nā mea kūʻai aku me ka manaʻo e haʻalele i ke ʻano hana hana e wehe pono e pani pono iā ia. I kēia manawa, ke pani nei lākou i ko lākou mau maka a hōʻike nā ʻōnaehana hou ʻo Kaby Lake i kēia.
Hiki i nā mea hoʻohana ke hoʻopau iā Intel BG ma kā lākou mau ʻōnaehana (i hoʻopilikia ʻia e ka nāwaliwali i wehewehe ʻia) ma ka holo ʻana i ka Flash Programming Tool me ke koho -closemnf. ʻO ka mea mua, pono ʻoe e hōʻoia (me ka hoʻohana ʻana iā MEinfo) ʻo ka hoʻonohonoho ʻana o Intel BG ma ka ʻāina ME e hāʻawi i ka hoʻopau pololei ʻana i kēia ʻenehana ma hope o ka hoʻonohonoho ʻana i nā FPF.
Source: www.habr.com