ProHoster > Блог > ozi ịntanetị > Ihe ọghọm dị na firmware UEFI dabere na usoro InsydeH2O, na-enye ohere igbu koodu na ọkwa SMM.

Ihe ọghọm dị na firmware UEFI dabere na usoro InsydeH2O, na-enye ohere igbu koodu na ọkwa SMM.

N'ime usoro InsydeH2O, nke ọtụtụ ndị na-emepụta na-eji mepụta firmware UEFI maka akụrụngwa ha (mmejuputa a na-ahụkarị nke UEFI BIOS), achọpụtala adịghị ike 23 nke na-enye ohere ịme koodu na SMM (System Management Mode), nke nwere a mkpa dị elu (Mgbanaka -2) karịa ọnọdụ hypervisor na mgbanaka nchebe efu, yana ịnweta ohere na-akparaghị ókè na ebe nchekwa niile. Okwu a na-emetụta firmware UEFI nke ndị nrụpụta dị ka Fujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel na Bull Atos ji.

Iji ihe adịghị ike na-achọ ịnweta mpaghara na ikike onye nchịkwa, nke na-eme ka okwu ndị a bụrụ ihe na-ewu ewu dị ka adịghị ike nke abụọ, nke a na-eji eme ihe mgbe emechara ihe ndị ọzọ na-adịghị ike na usoro ma ọ bụ iji usoro nhazi mmekọrịta ọha na eze. Ịnweta na ọkwa SMM na-enye gị ohere ịme koodu na ọkwa nke sistemụ arụmọrụ anaghị achịkwa, nke enwere ike iji gbanwee firmware wee hapụ koodu ọjọọ ma ọ bụ rootkits zoro ezo na SPI Flash nke na-adịghị ahụ site na sistemụ arụmọrụ, yana iji gbanyụọ nkwenye na ọkwa buut (UEFI Secure Boot, Intel BootGuard) na ọgụ na hypervisors iji gafere usoro maka ịlele iguzosi ike n'ezi ihe nke gburugburu mebere.

Ihe ọghọm dị na firmware UEFI dabere na usoro InsydeH2O, na-enye ohere igbu koodu na ọkwa SMM.

Enwere ike ịmegbu ihe adịghị ike site na sistemụ arụmọrụ site na iji ndị na-ahụ maka SMI na-akwadoghị (System Management Interrupt), yana n'oge mmalite nke sistemụ arụmọrụ n'oge mmalite nke booting ma ọ bụ na-alọta na ọnọdụ ụra. Nsogbu ebe nchekwa na-ebute adịghị ike niile ma kewara ya ụzọ atọ:

  • SMM Callout - mmezu koodu gị site na iji ikike SMM site na ibugharị ogbugbu nke SWSMI ndị na-akwụsị akwụsị na koodu na mpụga SMRAM;
  • Nrụrụ aka ebe nchekwa na-enye onye na-awakpo ohere ide data ha na SMRAM, mpaghara ebe nchekwa pụrụ iche nke ejiri ikike SMM mebie koodu.
  • Nrụrụ ebe nchekwa na koodu na-agba ọsọ na ọkwa DXE (Driver eXecution Environment).

Iji gosipụta ụkpụrụ nke ịhazi ọgụ, ebipụtala ihe atụ nke nrigbu, nke na-enye ohere, site na mwakpo sitere na mgbanaka nchekwa nke atọ ma ọ bụ efu, ịnweta DXE Runtime UEFI wee mebie koodu gị. Nrigbu a na-achịkwa oke njupụta (CVE-2021-42059) na ọkwọ ụgbọ ala UEFI DXE. N'oge agha ahụ, onye na-awakpo ahụ nwere ike tinye koodu ya na onye ọkwọ ụgbọ ala DXE, nke na-anọgide na-arụ ọrụ mgbe arụ ọrụ ahụ maliteghachiri, ma ọ bụ mee mgbanwe na mpaghara NVRAM nke SPI Flash. Mgbe a na-egbu ya, koodu onye na-awakpo nwere ike ime mgbanwe na mpaghara ebe nchekwa dị mkpa, gbanwee ọrụ EFI Runtime, ma na-emetụta usoro buut.

isi: opennet.ru

Tinye a comment