ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Coreboot 4.17 tso tawm

Coreboot 4.17 tso tawm

Qhov kev tso tawm ntawm CoreBoot 4.17 qhov project tau raug luam tawm, nyob rau hauv lub moj khaum uas muaj lwm txoj hauv kev pub dawb rau tus tswv firmware thiab BIOS tab tom tsim. Txoj haujlwm code raug faib raws li daim ntawv tso cai GPLv2. 150 tus tsim tawm tau koom nrog hauv kev tsim cov ntawv tshiab, uas tau npaj ntau dua 1300 qhov kev hloov pauv.

Cov kev hloov loj:

  • Qhov tsis zoo (CVE-2022-29264) uas tau tshwm sim hauv CoreBoot tso tawm 4.13 txog 4.16 tau raug kho thiab tso cai rau cov cai ua tiav ntawm cov tshuab nrog AP (Application Processor) ntawm SMM (System Management Mode) qib, uas muaj qhov tseem ceeb dua ( Nplhaib -2) dua li hom hypervisor thiab xoom nplhaib ntawm kev tiv thaiv, thiab muaj kev txwv tsis pub nkag mus rau txhua lub cim xeeb. Qhov teeb meem yog tshwm sim los ntawm kev hu tsis raug rau SMI handler hauv smm_module_loader module.
  • Ntxiv kev txhawb nqa rau 12 motherboards, 5 ntawm cov khoom siv nrog Chrome OS lossis hauv Google servers. Ntawm cov nqi tsis yog Google:
    • Clevo L140MU / L141MU / L142MU
    • Dell Precision T1650
    • HP Z220 CMT Workstation
    • Star Labs LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000) thiab Lite Mk IV (N5030).
  • Kev them nyiaj yug rau Google Deltan thiab Deltaur motherboards tau raug txiav lawm.
  • Ntxiv ib qho tshiab payload coreDOOM, tso cai rau koj tso DOOM game los ntawm Coreboot. Qhov project siv doomgeneric code, ported rau libpayload. Coreboot linear framebuffer yog siv rau cov zis, thiab WAD cov ntaub ntawv nrog cov peev txheej kev ua si raug thauj khoom los ntawm CBFS.
  • Hloov tshiab payload Cheebtsam SeaBIOS 1.16.0 thiab iPXE 2022.1.
  • Ntxiv SeaGRUB hom (GRUB2 dhau SeaBIOS), uas tso cai rau GRUB2 siv cov kev hu rov qab los ntawm SeaBIOS, piv txwv li, txhawm rau nkag mus rau cov khoom siv uas tsis siv tau los ntawm GRUB2 payload.
  • Ntxiv kev tiv thaiv tawm tsam SinkHole, uas tso cai rau kev ua tiav ntawm SMM (System Management Mode) qib.
  • Siv lub peev xwm ua kom muaj peev xwm tsim cov rooj zoo li qub ntawm cov nplooj ntawv nco los ntawm cov ntaub ntawv sib dhos, tsis tas yuav hu rau cov khoom siv thib peb.
  • Tso cai sau cov ntaub ntawv debugging rau CBMEMC console los ntawm SMI handlers thaum siv DEBUG_SMI.
  • Cov txheej txheem ntawm CBMEM cov neeg ua haujlwm pib pib tau raug hloov lawm; hloov ntawm *_CBMEM_INIT_HOOK cov neeg tuav haujlwm khi rau theem, ob tus neeg tuav haujlwm tau thov: CBMEM_CREATION_HOOK (siv rau theem pib uas tsim cbmem) thiab CBMEM_READY_HOOK (siv ntawm txhua theem ntawm cbmem twb tau siv lawm. tsim).
  • Ntxiv kev txhawb nqa rau PSB (Platform Secure Boot), qhib los ntawm PSP (Platform Security Processor) processor los txheeb xyuas qhov tseeb ntawm BIOS siv tus lej kos npe.
  • Ntxiv peb tus kheej kev siv ntawm tus tuav rau kev debugging cov ntaub ntawv xa los ntawm FSP (FSP Debug Handler).
  • Ntxiv cov neeg muag khoom tshwj xeeb TIS (TPM Interface Specification) ua haujlwm rau kev nyeem ntawv thiab sau ncaj qha los ntawm TPM (Trusted Platform Module) sau npe - tis_vendor_read() thiab tis_vendor_write().
  • Ntxiv kev txhawb nqa rau kev cuam tshuam qhov tsis muaj qhov taw qhia tsis txaus ntseeg ntawm kev sau npe debug.
  • Siv i2c ntaus ntawv nrhiav kom tau, ua kom yooj yim rau kev ua hauj lwm nrog cov laug cam nruab nrog touchpads lossis kov cov ntxaij vab tshaus los ntawm cov tuam txhab sib txawv.
  • Ntxiv lub peev xwm los txuag lub sijhawm cov ntaub ntawv hauv ib hom tsim nyog rau tsim cov duab FlameGraph, uas qhia meej tias siv sijhawm ntau npaum li cas ntawm ntau theem ntawm kev tshaj tawm.
  • Ib qho kev xaiv tau ntxiv rau cbmem qhov hluav taws xob ntxiv rau "timestamp" ntawm lub sijhawm los ntawm cov neeg siv qhov chaw mus rau lub rooj cbmem, uas ua rau nws muaj peev xwm cuam tshuam cov xwm txheej hauv theem ua tom qab CoreBoot hauv cbmem.

Tsis tas li ntawd, peb tuaj yeem nco ntsoov cov ntawv tshaj tawm los ntawm OSFF (Open-Source Firmware Foundation) ntawm tsab ntawv qhib rau Intel, uas tau thov kom ua cov pob khoom txhawb nqa firmware (FSP, Firmware Support Package) ntau dua thiab pib tshaj tawm cov ntaub ntawv ntsig txog kev pib Intel SoC. . Qhov tsis muaj FSP code ua rau nyuaj rau kev tsim cov firmware qhib thiab tiv thaiv kev nce qib ntawm Coreboot, U-Boot thiab LinuxBoot cov haujlwm ntawm Intel kho vajtse. Yav dhau los, ib qho kev pib zoo sib xws tau ua tiav thiab Intel tau qhib cov cai rau PSE (Programmable Services Engine) thaiv firmware thov los ntawm zej zog.

Tau qhov twg los: opennet.ru

Ntxiv ib saib