Ndị na-eme nchọpụta sitere na Mahadum Birmingham, bụ ndị a ma ama maka ịmalite mwakpo Plundervolt na VoltPillager, achọpụtala adịghị ike (CVE-2022-43309) na ụfọdụ nne na nna nkesa nke na-enye ohere ka CPU nwee nkwarụ anụ ahụ na-enweghị ohere nke mgbake ya na-esote. Enwere ike iji adịghị ike ahụ, akpọrọ PMFault, mebie sava nke onye na-awakpo ahụ na-enweghị ohere anụ ahụ, mana ọ nwere ohere ịnweta sistemụ arụmọrụ, enwetara, dịka ọmụmaatụ, site na iji adịghị ike emechiri emechi ma ọ bụ na-egbochi nzere onye nchịkwa.
Ihe kachasị mkpa nke usoro a tụrụ aro bụ iji PMBus interface, nke na-eji usoro I2C, iji mee ka voltaji a na-enye na processor na ụkpụrụ nke na-emebi mgbawa. A na-emejuputa ngwa ngwa PMBus na VRM (Voltage Regulator Module), nke enwere ike ịnweta site na iji njikwa BMC. Iji mee mwakpo na bọọdụ na-akwado PMBus, na mgbakwunye na ikike nchịkwa na sistemụ arụmọrụ, ị ga-enwerịrị ike ịnweta ngwanrọ na BMC (Baseboard Management Controller), dịka ọmụmaatụ, site na interface IPMI KCS (Keyboard Controller Style), site na. Ethernet, ma ọ bụ site na-egbukepụ BMC site na sistemụ dị ugbu a.
Esemokwu na-enye ohere ka ebuso agha n'amaghị ama paramita nyocha na BMC ka akwadoro na Supermicro motherboards na nkwado IPMI (X11, X12, H11 na H12) na ASRock, mana bọọdụ sava ndị ọzọ nwere ike ịnweta PMBus nwekwara. emetụtara. N'oge nnwale, mgbe voltaji na-abawanye na 2.84 volts na mbadamba ndị a, abụọ Intel Xeon processors mebiri. Iji nweta BMC n'amaghị paramita nyocha, mana na ịnweta mgbọrọgwụ na sistemụ arụmọrụ, a na-eji adịghị ike na usoro nkwenye firmware, nke mere ka o kwe omume ibunye mmelite firmware gbanwetụrụ n'ime onye njikwa BMC, yana ohere nke. ohere enwetaghị ikike site na IPMI KCS.
Usoro nke ịgbanwe voltaji site na PMBus nwekwara ike iji mee mwakpo Plundervolt, nke na-enye ohere, site n'iwetu voltaji na ụkpụrụ kacha nta, mebie ọdịnaya nke sel data dị na CPU ejiri maka mgbako na Intel SGX dịpụrụ adịpụ. na ịmepụta njehie na algọridim mbụ ziri ezi. Dịka ọmụmaatụ, ọ bụrụ na ị gbanwee uru ejiri na mmụba n'oge usoro ezoro ezo, mmepụta ga-abụ ederede ezighi ezi. Site n'inwe ike ịnweta onye njikwa na SGX iji zoo data ya, onye na-awakpo nwere ike, site na ịkpata ọdịda, kpakọba ọnụ ọgụgụ gbasara mgbanwe na ciphertext mmepụta wee nwetaghachi uru nke igodo echekwara na SGX enclave.
A na-ebipụta ngwaọrụ maka ibuso ọgụ na bọọdụ Supermicro na ASRock, yana akụrụngwa maka ịlele ịnweta PMBus na GitHub.
isi: opennet.ru