Zambiri za m'zida zokhala ndi mawonekedwe a Bingu, ogwirizana pansi pa dzina la code ndikulambalala mbali zonse zazikulu zachitetezo cha Thunderbolt. Kutengera ndi zovuta zomwe zadziwika, zochitika zisanu ndi zinayi zowukira zimaperekedwa, zomwe zimakhazikitsidwa ngati wowukirayo ali ndi mwayi wogwiritsa ntchito pulogalamuyo polumikiza chipangizo choyipa kapena kugwiritsa ntchito firmware.
Zochitika zowukira zimaphatikizapo kuthekera kopanga zidziwitso za zida za Bingu, zida zovomerezeka, kulowa mwachisawawa kukumbukira dongosolo kudzera pa DMA ndikuwongolera zoikamo za Security Level, kuphatikiza kuyimitsa njira zonse zotetezera, kuletsa kuyika kwa zosintha za firmware ndi kumasulira kwa mawonekedwe ku Thunderbolt mode pa. machitidwe omwe ali ndi USB kapena DisplayPort kutumiza.
Thunderbolt ndi mawonekedwe apadziko lonse lapansi olumikizira zida zolumikizira zomwe zimaphatikiza PCIe (PCI Express) ndi DisplayPort mu chingwe chimodzi. Thunderbolt idapangidwa ndi Intel ndi Apple ndipo imagwiritsidwa ntchito pamalaputopu ndi ma PC ambiri amakono. Zipangizo za PCIe zochokera ku Thunderbolt zimaperekedwa ndi DMA I/O, zomwe zimawopseza DMA kuti awerenge ndi kulemba kukumbukira dongosolo lonse kapena kujambula deta kuchokera pazida zobisidwa. Pofuna kupewa kuukira kotereku, Thunderbolt idapereka lingaliro la Security Levels, lomwe limalola kugwiritsa ntchito zida zololedwa ndi ogwiritsa ntchito komanso kugwiritsa ntchito kutsimikizika kwachinsinsi kwa maulumikizidwe kuti atetezere ku ID yabodza.
Zowopsa zomwe zazindikirika zimapangitsa kuti zilambalale chomangira chotere ndikulumikiza chida choyipa mobisa ngati chovomerezeka. Kuphatikiza apo, ndizotheka kusintha fimuweya ndikusintha SPI Flash kuti iwerenge-pokha, yomwe ingagwiritsidwe ntchito kuletsa magawo achitetezo ndikuletsa zosintha za firmware (zothandizira zakonzedwa kuti zitheke. и ). Pazonse, zidziwitso zamavuto asanu ndi awiri zidawululidwa:
- Kugwiritsa ntchito njira zotsimikizira za firmware zosakwanira;
- Kugwiritsa ntchito chiwembu chotsimikizika cha chipangizo chofooka;
- Kutsegula metadata kuchokera ku chipangizo chosavomerezeka;
- Kupezeka kwa njira zakumbuyo zofananira zomwe zimalola kugwiritsa ntchito ma rollback attack on ;
- Kugwiritsa ntchito magawo osintha owongolera osavomerezeka;
- Kuwonongeka kwa mawonekedwe a SPI Flash;
- Kupanda zida zodzitetezera pamlingo .
Kusatetezeka kumakhudza zida zonse zomwe zili ndi Thunderbolt 1 ndi 2 (Mini DisplayPort based) ndi Thunderbolt 3 (USB-C based). Sizikudziwikabe ngati mavuto akuwoneka pazida zomwe zili ndi USB 4 ndi Bingu 4, popeza matekinolojewa angolengezedwa kumene ndipo palibe njira yoyesera kukhazikitsidwa kwawo. Zowopsa sizingathetsedwe ndi mapulogalamu ndipo zimafuna kukonzanso zigawo za hardware. Komabe, pazida zina zatsopano ndizotheka kuletsa mavuto ena okhudzana ndi DMA pogwiritsa ntchito makinawo , thandizo lomwe linayamba kukhazikitsidwa kuyambira 2019 ( mu Linux kernel, kuyambira ndi kumasulidwa 5.0, mukhoza kuyang'ana kuphatikizapo "/sys/bus/thunderbolt/devices/domainX/iommu_dma_protection").
Python script imaperekedwa kuti muwone zida zanu , zomwe zimafunika kuthamanga ngati mizu kuti mupeze DMI, tebulo la ACPI DMAR ndi WMI. Kuti muteteze makina omwe ali pachiwopsezo, tikupangira kuti musasiye makina osayang'aniridwa kapena muyimilire, osalumikiza zida za Bingu za munthu wina, osasiya kapena kupereka zida zanu kwa ena, ndikuwonetsetsa kuti zida zanu zili zotetezedwa. Ngati Bingu silikufunika, tikulimbikitsidwa kuti tiyimitse wowongolera wa Bingu mu UEFI kapena BIOS (izi zitha kupangitsa kuti madoko a USB ndi DisplayPort asagwire ntchito ngati akhazikitsidwa kudzera pa Bingu lowongolera).
Source: opennet.ru