Vagadziri kubva kuGoogle Cloud timu kusagadzikana (CVE-2019-9836) mukushandiswa kwe AMD SEV (Yakachengeteka Encrypted Virtualization) tekinoroji, iyo inobvumira data kuchengetedzwa uchishandisa tekinoroji iyi kukanganisika. AMD SEV padanho rehardware inopa pachena encryption ye virtual muchina ndangariro, umo chete yazvino yevaenzi sisitimu inokwanisa kuwana yakadhirowewa data, uye mamwe chaiwo machina uye hypervisor inogamuchira yakavharidzirwa seti yedata paunenge uchiedza kuwana iyi ndangariro.
Dambudziko rakaonekwa rinoita kuti zvikwanise kudzoreredza zvachose zviri mukati meyakavanzika PDH kiyi, iyo inogadziriswa pamwero weyakasiyana yakachengetedzwa PSP processor (AMD Security processor), iyo isingasvikike kune huru OS.
Kuve nekiyi yePDH, anorwisa anogona kudzoreredza kiyi yechikamu uye yakavanzika kutevedzana kwakatsanangurwa paunenge uchigadzira chaiwo muchina uye kuwana iyo yakavharidzirwa data.
Kusagadzikana kunokonzerwa nekukanganisa mukuitwa kwe elliptic curve encryption (ECC), iyo inobvumira. kudzorera ma curve parameters. Munguva yekuitwa kweyakachengetedzwa chaiyo muchina wekutanga kuraira, munhu anorwisa anogona kutumira curve paramita isingaenderane neNIST-inokurudzirwa paramita, zvichikonzera kushandiswa kweyakaderera kurongeka poindi kukosha mukuwedzera mashandiro ane kiyi yakavanzika data.
Chengetedzo yeECDH protocol zvakananga ΠΎΡ iyo yakagadzirwa yekutangira ye curve, iyo discrete logarithm iyo ibasa rakaoma kwazvo. Pakati peimwe yematanho ekutanga eiyo AMD SEV nharaunda, yakavanzika kiyi kuverenga inoshandisa paramita yakagamuchirwa kubva kumushandisi. Chaizvoizvo, iko kushanda kuri kuwedzera mapoinzi maviri, imwe yacho inoenderana nekiyi yakavanzika. Kana iyo yechipiri poindi ichitaura kune yakaderera-yakarongeka nhamba dzekutanga, zvino anorwisa anogona kuona maparamita eiyo poindi yekutanga (bits yemodulus inoshandiswa mukushanda kwemodulo) nekutsvaga kuburikidza nemhando dzese dzinogoneka. Kuti uone kiyi yakavanzika, zvimedu zvakasarudzwa zvenhamba zvinogona kupatsanurwa pamwechete uchishandisa .
Dambudziko rinobata AMD EPYC server mapuratifomu anoshandisa SEV firmware kusvika kune vhezheni 0.17 kuvaka 11. AMD yatove Firmware update iyo inowedzera kuvharika kwemapoinzi asingaenderane neNIST curve. Panguva imwecheteyo, zvitupa zvakambogadzirwa zvePDH kiyi zvinoramba zviripo, izvo zvinobvumira munhu anorwisa kuti aite kurwisa kutamisa mashini chaiwo kubva munzvimbo dzakadzivirirwa kubva mukusagadzikana kuenda kunzvimbo dzinosangana nedambudziko. Iko mukana wekuita kurwisa kudzosera iyo firmware vhezheni kune yekare kusunungurwa kuburitswa kunotaurwa zvakare, asi mukana uyu hausati wasimbiswa.
Source: opennet.ru