Ofufuza ochokera ku NCC Group zofooka () mu tchipisi ta Qualcomm, zomwe zimakupatsani mwayi wodziwa zomwe zili m'makiyi achinsinsi omwe ali pamalo akutali a Qualcomm QSEE (Qualcomm Secure Execution Environment), kutengera ukadaulo wa ARM TrustZone. Vuto likuwonekera mu Snapdragon SoC, yomwe yafala kwambiri m'mafoni a m'manja pogwiritsa ntchito nsanja ya Android. Zokonza zomwe zimakonza vuto zili kale mu Epulo zosintha za Android ndi kutulutsa kwatsopano kwa firmware kwa tchipisi ta Qualcomm. Qualcomm idatenga nthawi yopitilira chaka kuti ikonzekere; zidziwitso zokhudzana ndi chiwopsezo zidatumizidwa ku Qualcomm pa Marichi 19, 2018.
Tikumbukire kuti ukadaulo wa ARM TrustZone umakupatsani mwayi wopanga malo otetezedwa a hardware omwe amasiyanitsidwa kwathunthu ndi dongosolo lalikulu ndikuyendetsa purosesa yosiyana pogwiritsa ntchito makina opangira apadera. Cholinga chachikulu cha TrustZone ndikupereka ma processor ang'onoang'ono a makiyi achinsinsi, kutsimikizika kwa biometric, data yolipira ndi zinsinsi zina. Kuyanjana ndi OS yayikulu kumachitika mosadukiza kudzera pa mawonekedwe otumizira. Makiyi achinsinsi amasungidwa mkati mwa sitolo yosungiramo zida za Hardware, zomwe, ngati zitayikidwa bwino, zitha kuletsa kutayikira kwawo ngati dongosolo lamkati lisokonezedwa.
Chiwopsezocho ndi chifukwa cha zolakwika pakukhazikitsa algorithm ya elliptic curve processing, zomwe zidapangitsa kuti zidziwitso zidziwike pakupita patsogolo kwa data. Ofufuza apanga njira yowukira mbali yomwe imalola kugwiritsa ntchito kutayikira komwe kulipo kale kuti apezenso zomwe zili m'makiyi achinsinsi omwe ali pawokha pa hardware. . Kutayikira kumatsimikiziridwa kutengera kusanthula kwa ntchito ya block yolosera ya nthambi ndikusintha kwa nthawi yofikira ku data mu kukumbukira. Pakuyesaku, ofufuzawo adawonetsa bwino kubwezeretsedwa kwa makiyi a 224- ndi 256-bit ECDSA kuchokera ku sitolo yachinsinsi ya hardware yomwe imagwiritsidwa ntchito mu foni yamakono ya Nexus 5X. Kubwezeretsanso fungulo kumafunikira kupanga masiginecha pafupifupi 12, omwe adatenga maola opitilira 14. Zida zomwe zimagwiritsidwa ntchito kuti ziwononge .
Chifukwa chachikulu cha vuto ndi kugawana wamba hardware zigawo zikuluzikulu ndi posungira kwa mawerengedwe mu TrustZone ndi dongosolo waukulu - kudzipatula ikuchitika pa mlingo wa kulekana zomveka, koma ntchito mayunitsi wamba kompyuta ndi kuda mawerengedwe ndi zambiri zokhudza nthambi. ma adilesi akusungidwa mu cache wamba processor. Pogwiritsa ntchito njira ya Prime + Probe, kutengera kuwunika kwa kusintha kwa nthawi yofikira ku zidziwitso zosungidwa, ndizotheka, poyang'ana kupezeka kwamitundu ina mu cache, kuyang'anira kayendedwe ka data ndi zizindikiro za kuphedwa kwa ma code okhudzana ndi kuwerengera kwa siginecha ya digito mu. TrustZone yolondola kwambiri.
Nthawi zambiri popanga siginecha ya digito pogwiritsa ntchito makiyi a ECDSA mu tchipisi ta Qualcomm amathera pochita ntchito zochulutsa mu lupu pogwiritsa ntchito makina oyambira omwe sasintha pa siginecha iliyonse (). Ngati wowukirayo atha kuchira pang'ono pang'ono ndi chidziwitso chokhudza vekitalayi, zimakhala zotheka kuchita chiwembu kuti mubwezeretsenso kiyi yonse yachinsinsi.
Pankhani ya Qualcomm, malo awiri omwe chidziwitso choterechi chidatsitsidwa adadziwika mu algorithm yochulutsa: pochita ntchito zoyang'ana m'matebulo komanso mu code yotsatsira deta yokhazikika potengera mtengo waposachedwa mu vekitala ya "nonce". Ngakhale khodi ya Qualcomm ili ndi njira zothana ndi kutayikira kwa zidziwitso kudzera pamayendedwe a chipani chachitatu, njira yowukira yomwe yapangidwa imakulolani kuti mulambalale miyeso iyi ndikuzindikira ma bits angapo amtengo wa "nonce", omwe ndi okwanira kubwezeretsa makiyi a 256-bit ECDSA.
Source: opennet.ru