Intel kusintha kwa ma microcode komwe kumakonza (CVE-2019-14607) kudzera m'kusintha kwamphamvu yamagetsi ndi makina owongolera pafupipafupi mu CPU, kuyambitsa kuwonongeka kwa zomwe zili m'maselo a data, kuphatikiza m'malo omwe amagwiritsidwa ntchito powerengera m'malo a Intel SGX akutali. Kuwukiraku kumatchedwa Plundervolt, ndipo zotheka kulola wogwiritsa ntchito m'deralo kuti awonjezere mwayi wawo pamakina, kupangitsa kukana ntchito ndikupeza mwayi wodziwa zambiri.
Kuwukirako ndi koopsa pokhapokha potengera kuwerengera kwa ma SGX enclaves, chifukwa pamafunika ufulu wa mizu mu dongosolo kuti uchite. Munthawi yosavuta, wowukira amatha kusokoneza zidziwitso zomwe zasinthidwa mu enclave, koma muzochitika zovuta kwambiri, kuthekera kokonzanso makiyi achinsinsi omwe amasungidwa mu enclave yomwe imagwiritsidwa ntchito kubisa pogwiritsa ntchito ma algorithms a RSA-CRT ndi AES-NI si. osaphatikizidwa. Njirayi ingagwiritsidwenso ntchito kupanga zolakwika poyambira ma aligorivimu olondola kuti apangitse chiwopsezo pogwira ntchito ndi kukumbukira, mwachitsanzo, kukonza zofikira kudera lomwe lili kunja kwa malire a buffer yomwe yaperekedwa.
Nambala ya prototype yochita kuwukira pa GitHub
Chofunikira cha njirayo ndikupangitsa kuti pakhale ziphuphu zosayembekezeka za data pakuwerengera ku SGX, komwe kugwiritsa ntchito encryption ndi kukumbukira kukumbukira mu enclave sikuteteza. Kuti ayambitse kupotoza, zidapezeka kuti ndizotheka kugwiritsa ntchito njira zolumikizirana zamapulogalamu kuti aziwongolera ma frequency ndi ma voliyumu, omwe nthawi zambiri amagwiritsidwa ntchito kuchepetsa kugwiritsa ntchito mphamvu panthawi yanthawi yopanda ntchito ndikuyambitsa magwiridwe antchito kwambiri pantchito yayikulu. Ma frequency ndi ma voltage amatengera chip chonse, kuphatikizira kukhudzidwa kwa computing pamalo akutali.
Posintha voteji, mutha kupanga zinthu zomwe kulipiritsa sikokwanira kukonzanso selo la kukumbukira mkati mwa CPU, ndipo mtengo wake umasintha. Kusiyana kwakukulu ndi kuwukira ndikuti RowHammer imakulolani kuti musinthe zomwe zili mkati mwa kukumbukira kwa DRAM powerenga deta kuchokera ku maselo oyandikana nawo, pamene Plundervolt imakulolani kusintha ma bits mkati mwa CPU pamene deta yasungidwa kale kuchokera pamtima kuti muwerenge. Izi zimakuthandizani kuti mulambalale njira zowongolera kukhulupirika ndi kubisa zomwe zimagwiritsidwa ntchito mu SGX kuti mukumbukire, popeza zomwe zili m'makumbukidwe zimakhalabe zolondola, koma zitha kupotozedwa pochita nawo ntchito zisanalembedwe.
Ngati mtengo wosinthidwawu ugwiritsidwa ntchito pakuchulutsa kwa kabisidwe, zotulukazo zimakanidwa ndi mawu olakwika. Pokhala ndi kuthekera kolumikizana ndi wothandizira ku SGX kuti alembetse deta yake, wowukira akhoza, kuchititsa zolephera, kudziunjikira ziwerengero zakusintha kwa mawu otuluka ndipo, mumphindi zochepa, kubwezeretsa mtengo wa kiyi yosungidwa mu enclave. Zolemba zoyambira ndi mawu olondola otulutsa zimadziwika, makiyi sasintha, ndipo kutulutsa kwa mawu olakwika kukuwonetsa kuti pang'ono pang'onopang'ono zasokonekera.
Nditasanthula mikhalidwe yolondola komanso yowonongeka yomwe idasonkhanitsidwa panthawi yolephereka kosiyanasiyana, pogwiritsa ntchito njira zowunikira mosiyanasiyana (DFA, ) angathe makiyi otheka omwe amagwiritsidwa ntchito pakubisa kwa AES symmetric encryption, kenako, posanthula mphambano ya makiyi m'magulu osiyanasiyana, dziwani makiyi omwe mukufuna.
Mitundu yosiyanasiyana ya ma processor a Intel imakhudzidwa ndi vutoli, kuphatikiza ma Intel Core CPU okhala ndi 6
M'badwo wa 10, komanso m'badwo wachisanu ndi chisanu ndi chimodzi wa Xeon E3, m'badwo woyamba ndi wachiwiri wa Intel Xeon Scalable, Xeon D,
Xeon W ndi Xeon E.
Tikukumbutsani kuti ukadaulo wa SGX () adawonekera m'badwo wachisanu ndi chimodzi wa Intel Core processors (Skylake) ndi mndandanda wa malangizo omwe amalola mapulogalamu a msinkhu wa ogwiritsa ntchito kugawa malo otsekedwa otsekedwa - ma enclaves, zomwe zili mkati mwake sizingawerengedwe kapena kusinthidwa ngakhale ndi kernel ndi code yomwe ikuyenda mu ring0, SMM ndi VMM modes. Ndikosatheka kusamutsa kuwongolera ku ma code omwe ali mu enclave pogwiritsa ntchito zida zachikhalidwe zodumphira ndikuwongolera ndi ma registas ndi stack; kusamutsa kuwongolera ku enclave, malangizo atsopano opangidwa mwapadera amagwiritsidwa ntchito omwe amafufuza maulamuliro. Pankhaniyi, kachidindo anaika mu enclave angagwiritse ntchito akale kuitana njira kupeza ntchito mkati enclave ndi malangizo apadera kuitana ntchito zakunja. Enclave memory encryption imagwiritsidwa ntchito kuteteza motsutsana ndi zida za Hardware monga kulumikizana ndi gawo la DRAM.
Source: opennet.ru