Gulu la ofufuza ochokera ku Worcester Polytechnic Institute, University of Lübeck ndi University of California, San Diego Njira yowukira m'mbali yomwe imalola kuti makiyi achinsinsi asungidwe mu TPM (Trusted Platform Module). Kuukiraku kudalembedwa mwachinsinsi ndipo zimakhudza fTPM ( firmware-based, ikuyenda pa microprocessor yapadera mkati mwa CPU) kuchokera ku Intel (CVE-2019-11090) ndi hardware TPM pa tchipisi ta STMicroelectronics (CVE-2019-16863).
Ofufuza Zida zowukira zoyeserera zidapangidwa ndipo kuthekera kobwezeretsanso kiyi yachinsinsi ya 256-bit yomwe imagwiritsidwa ntchito kupanga siginecha ya digito pogwiritsa ntchito ma algorithms a ECDSA ndi EC-Schnorr elliptic curve algorithms. Kutengera ndi ufulu wofikira, nthawi yonse yowukira pamakina a Intel fTPM imachokera ku 4 mpaka mphindi 20 ndipo imafuna kusanthula ntchito za 1 mpaka 15. Kuwukira kwamakina omwe ali ndi chipangizo cha ST33 kumafuna pafupifupi mphindi 80 ndikuwunika pafupifupi 40 ntchito zopanga siginecha za digito.
Ofufuzawo adawonetsanso kuthekera kochita kuwukira kwakutali pamakina othamanga kwambiri, kuwalola kuti apezenso kiyi yachinsinsi m'maola asanu pa intaneti ya 1GB yamderalo pansi pamikhalidwe ya labotale, atatha kuyeza nthawi yoyankhira magawo otsimikizika a 45 ndi seva yamphamvu yaSwan-based VPN yosunga makiyi ake mu TPM yosatetezeka.
Njira yowukirayi imachokera pakuwunika kusiyana kwa nthawi zogwirira ntchito panthawi yopanga siginecha ya digito. Kuyerekeza kuchedwa kwapang'onopang'ono kumalola munthu kudziwa zambiri zamagulu amodzi panthawi yakuchulutsa kwa ma scalar mu ma elliptic curve operations. Kwa ECDSA, kudziwa ngakhale zidziwitso zochepa zokhuza vekitala yoyambira (nonce) ndikokwanira kuchita chiwembu kuti mubwezeretse makiyi onse achinsinsi motsatana. Kuwukira kopambana kumafuna kusanthula nthawi yomwe ma siginecha zikwizikwi a digito amapangidwa pa data yodziwika ndi wowukirayo.
Chiwopsezo STMicroelectronics idapeza mtundu watsopano wa tchipisi take, momwe kukhazikitsidwa kwa algorithm ya ECDSA kunamasulidwa kumalumikizidwe ndi nthawi zophedwa. Chosangalatsa ndichakuti tchipisi ta STMicroelectronics zomwe zakhudzidwa zimagwiritsidwanso ntchito pazida zomwe zimakwaniritsa mulingo wachitetezo wa Common Criteria (CC) EAL 4+. Ofufuzawo adayesanso tchipisi ta TPM kuchokera ku Infineon ndi Nuvoton, koma adapeza kuti sanawonetse kutayikira kutengera kusiyanasiyana kwa nthawi yowerengera.
Nkhaniyi yakhala ikukhudza ma processor a Intel kuyambira banja la Haswell, lotulutsidwa mu 2013. Zimanenedwa kuti vutoli limakhudza ma laputopu osiyanasiyana, ma PC, ndi ma seva ochokera kwa opanga osiyanasiyana, kuphatikizapo Dell, Lenovo, ndi HP.
Intel yaphatikizanso kukonza mkati kusintha kwa firmware, komwe, kuwonjezera pa vuto lomwe likuganiziridwa, Zofooka zina 24, zisanu ndi zinayi zomwe zidavotera kuuma kwakukulu komanso kumodzi kofunikira. Zomwe zimangoperekedwa pazinthu izi, mwachitsanzo, zimanenedwa kuti kusatetezeka kwakukulu (CVE-2019-0169) kumakhudza kuthekera koyambitsa mulu mulu wa Intel CSME (Converged Security and Management Engine) ndi Intel TXE (Trusted Execution Engine), kulola wowukira kuti achulukitse mwayi wawo wopeza zambiri.
Mukhozanso kuzindikira Zotsatira za kafukufuku wa ma SDK osiyanasiyana opangira mapulogalamu omwe amalumikizana ndi ma code omwe akuyenda m'malo akutali adawunikidwa. Ma SDK asanu ndi atatu adawunikidwa kuti azindikire zovuta zomwe zingagwiritsidwe ntchito poukira: , , , ,
и kwa Intel SGX, za RISC-V ndi kwa Sancus TEE. Pa nthawi ya audit, 35 pachiwopsezo, kutengera momwe zochitika zingapo zowukira zidapangidwira, kulola munthu kuchotsa makiyi a AES mu enclave kapena kulinganiza kuchitidwa kwa code yake popanga zivundikiro zamakumbukiro.
Source: opennet.ru
