Achọpụtala ihe ọghọm (CVE-2-2023) na onye ọkwọ ụgbọ ala nke na-enye ọrụ na sistemụ faịlụ NTFS na bootloader GRUB4692, nke na-enye ohere ka emee koodu ya na ọkwa bootloader mgbe ị na-enweta onyonyo sistemụ faịlụ ahaziri iche. Enwere ike iji adịghị ike ahụ gafere UEFI Secure Boot kwenyesiri ike na usoro buut.
Ọdịmma ahụ bụ n'ihi ahụhụ dị na koodu ngbanwe maka àgwà $ATTRIBUTE_LIST NTFS (grub-core/fs/ntfs.c), nke enwere ike iji dee ozi na-achịkwa onye ọrụ na mpaghara ebe nchekwa na-abụghị ebe nchekwa ekenyela. Mgbe ị na-ahazi onyonyo NTFS ahaziri ahazi, oke njupụta na-eduga na idegharị akụkụ nke ebe nchekwa GRUB, yana kwa, n'ọnọdụ ụfọdụ, mebie mpaghara ebe nchekwa firmware UEFI, nke nwere ike inye gị ohere ịhazi mmebe koodu gị na bootloader ma ọ bụ firmware larịị.
Na mgbakwunye, a chọpụtakwara adịghị ike ọzọ (CVE-2-2023) na onye ọkwọ ụgbọ ala NTFS sitere na GRUB4693, nke na-enye ohere ịgụ ọdịnaya nke ebe nchekwa aka ike mgbe ị na-atụgharị àgwà "$ DATA" na ihe oyiyi NTFS a haziri ahazi. Tinyere ihe ndị ọzọ, adịghị ike na-enye gị ohere iweghachite data dị nro nke echekwara na ebe nchekwa ma ọ bụ chọpụta ụkpụrụ nke mgbanwe EFI.
Ruo ugbu a, a na-edozi nsogbu ndị a naanị site na patches. Enwere ike ịtụle ọnọdụ nke ndozi adịghị ike na nkesa na ibe ndị a: Debian, Ubuntu, SUSE, RHEL, Fedora. Idozi nsogbu GRUB2 chọrọ ihe karịrị naanị imelite ngwugwu ahụ; ọ chọkwara imepụta mbinye aka dijitalụ ọhụrụ dị n'ime na imelite ndị nrụnye, bootloaders, ngwugwu kernel, firmware fwupd, na shim layer.
Ọtụtụ LinuxNkesa maka buut enyochachara na ọnọdụ buut UEFI Secure na-eji obere shim layer, nke Microsoft bịanyere aka na dijitalụ. Akwa a na-enyocha GRUB2 site na asambodo nke ya, na-ewepụ mkpa ọ dị maka ndị mmepe nkesa ịgwa Microsoft maka mmelite kernel na GRUB ọ bụla. Njehie na GRUB2 na-enye ohere maka mmejuputa koodu na-enweghị usoro mgbe emechara nkwenye shim nke ọma, mana tupu sistemụ arụmọrụ amalite. Nke a na-enye ndị mwakpo ohere ịbanye n'ime usoro ntụkwasị obi mgbe enyere Secure Boot aka ma nweta njikwa zuru oke na usoro buut na-esote, dịka ọmụmaatụ, ịmalite OS ọzọ, gbanwee akụkụ sistemụ arụmọrụ, ma ọ bụ gafere nchedo mkpọchi.
Iji gbochie adịghị ike ahụ n'iwepụghị mbinye aka dijitalụ, nkesa nwere ike iji usoro SBAT (UEFI Secure Boot Advanced Targeting), nke a na-etinye nkwado maka GRUB2, shim, na fwupd na nkesa kachasị ewu ewu. LinuxE mepụtara SBAT na mmekorita ya na Microsoft ma gụnye ịgbakwunye metadata ndị ọzọ na faịlụ UEFI nke a na-arụ ọrụ, gụnyere ozi gbasara onye nrụpụta, ngwaahịa, akụkụ, na ụdị ya. A na-abanye metadata a na dijitalụ ma enwere ike itinye ya iche na ndepụta nke akụkụ ndị a kwadoro ma ọ bụ ndị a jụrụ maka UEFI Secure Boot.
SBAT na-enye gị ohere igbochi ojiji nke mbinye aka dijitalụ maka nọmba ụdị akụrụngwa n'otu n'otu na-enweghị ịwepụ igodo maka Boot Secure. Mgbochi adịghị ike site na SBAT anaghị achọ iji ndepụta mwepu akwụkwọ UEFI (dbx), mana a na-eme ya n'ogo nke dochie igodo ime iji mepụta mbinye aka na melite GRUB2, shim na arịa akpụkpọ ụkwụ ndị ọzọ nke nkesa wetara. Tupu iwebata SBAT, imelite ndepụta nke asambodo mwepu (dbx, UEFI Ntughari Ndepụta) bụ ihe dị mkpa maka igbochi adịghị ike kpamkpam, ebe ọ bụ na onye na-awakpo, n'agbanyeghị sistemụ arụmọrụ ejiri, nwere ike iji akpụkpọ ụkwụ buut mebie UEFI Secure Boot.
isi: opennet.ru
