ProHoster > Blog > internet nhau > Coreboot 4.17 kuburitswa

Coreboot 4.17 kuburitswa

Kuburitswa kweiyo CoreBoot 4.17 purojekiti yakaburitswa, mukati meiyo dhizaini iyo yemahara imwe nzira kune proprietary firmware uye BIOS iri kuvandudzwa. Iyo kodhi yeprojekiti yakagoverwa pasi peGPLv2 rezinesi. Vagadziri ve150 vakatora chikamu mukugadzirwa kweshanduro itsva, vakagadzirira zvinopfuura 1300 shanduko.

Shanduko huru:

  • A vulnerability (CVE-2022-29264) iyo yakaonekwa muCoreBoot kuburitsa 4.13 kusvika 4.16 yakagadziriswa uye inobvumira kodhi kuti iitwe pamasystem ane AP (Application processor) paSMM (System Management Mode) nhanho, iyo ine kukosha kwepamusoro ( Mhete -2) kupfuura iyo hypervisor modhi uye zero mhete yekudzivirira, uye kuve nekuwana kusingagumi kundangariro dzese. Dambudziko rinokonzerwa nekufona kwakashata kune SMI inobata mune smm_module_loader module.
  • Yakawedzerwa tsigiro yemabhodhi makumi mana nemaviri, makumi maviri neshanu ayo anoshandiswa pamidziyo ine Chrome OS kana pamaseva eGoogle. Pakati pezvisiri zveGoogle muripo:
    • Clevo L140MU / L141MU / L142MU
    • Dell Kuchengetedza T1650
    • HP Z220 CMT Workstation
    • Star Labs LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000) uye Lite Mk IV (N5030).
  • Tsigiro yeGoogle Deltan uye Deltaur mamaboards yakamiswa.
  • Yakawedzera imwe payload coreDOOM, ichikubvumidza kuti utange mutambo weDOOM kubva kuCoreboot. Iyo purojekiti inoshandisa doomgeneric kodhi, inotakurwa kune libpayload. Iyo Coreboot linear framebuffer inoshandiswa kuburitsa, uye mafaera eWAD ane zviwanikwa zvemitambo anotakurwa kubva kuCBFS.
  • Yakagadziridzwa payload zvikamu SeaBIOS 1.16.0 uye iPXE 2022.1.
  • Yakawedzera SeaGRUB modhi (GRUB2 pamusoro peSeaBIOS), iyo inobvumira GRUB2 kushandisa macallback anopihwa neSeaBIOS, semuenzaniso, kuwana michina isingasvikike kubva kuGRUB2 payload.
  • Yakawedzerwa dziviriro pakurwisa kweSinkHole, iyo inobvumira kodhi kuti iitwe padanho reSMM (System Management Mode).
  • Yakaitwa yakavakirwa-mukati kugona kugadzira static matafura emapeji endangariro kubva kumafaira egungano, pasina chikonzero chekufonera chechitatu-bato rekushandisa.
  • Bvumira kunyora ruzivo rwekugadzirisa kune CBMEMC koni kubva kuSMI vanobata kana uchishandisa DEBUG_SMI.
  • Iyo sisitimu yeCBMEM yekutanga vanobata yakashandurwa; pachinzvimbo che *_CBMEM_INIT_HOOK mabati akasungirirwa kumatanho, maviri ekubata anotsanangurwa: CBMEM_CREATION_HOOK (inoshandiswa padanho rekutanga inogadzira cbmem) uye CBMEM_READY_HOOK (inoshandiswa chero nhanho iyo cbmem yatovepo. yakagadzirwa).
  • Yakawedzerwa tsigiro yePSB (Platform Yakachengeteka Boot), yakagadziriswa nePSP (Platform Security processor) processor kuratidza kuvimbika kweBIOS uchishandisa siginecha yedhijitari.
  • Yakawedzera isu pachedu kuita kwemubati wekugadzirisa data kubva kuFSP (FSP Debug Handler).
  • Yakawedzera mutengesi-chaiyo TIS (TPM Interface Specification) mabasa ekuverenga nekunyora zvakananga kubva kuTPM (Trusted Platform Module) marejista - tis_vendor_read() uye tis_vendor_write().
  • Yakawedzera tsigiro yekubata null pointer dereferences kuburikidza nedebug marejista.
  • Yakaiswa i2c yekuona mudziyo, zvichiita kuti zvive nyore kushanda nemabhodhi akashongedzerwa ne touchpads kana kubata skrini kubva kune vakasiyana vagadziri.
  • Yakawedzera kugona kuchengetedza data yenguva mufomati yakakodzera kugadzira magirafu eFlameGraph, ayo anoratidza zvakajeka kuti inguvai yakashandiswa pamatanho akasiyana ekutanga.
  • Sarudzo yakawedzerwa kune cbmem utility yekuwedzera "timestamp" yenguva kubva munzvimbo yemushandisi kuenda kune cbmem tafura, izvo zvinoita kuti zvikwanise kuratidza zviitiko mumatanho akaitwa mushure meCoreBoot mu cbmem.

Pamusoro pezvo, isu tinogona kucherechedza kuburitswa neOSFF (Open-Source Firmware Foundation) yetsamba yakavhurika kuIntel, iyo inokurudzira kugadzira firmware rutsigiro mapakeji (FSP, Firmware Support Package) modular uye kutanga kuburitsa zvinyorwa zvine chekuita nekutanga Intel SoC. . Kushaikwa kweFSP kodhi kunokanganisa zvakanyanya kusikwa kweiyo yakavhurika firmware uye kunodzivirira kufambira mberi kweCoreboot, U-Boot uye LinuxBoot mapurojekiti paIntel hardware. Pakutanga, chirongwa chakafanana chakabudirira uye Intel yakavhura kodhi yePSE (Programmable Services Engine) block firmware yakakumbirwa nenharaunda.

Source: opennet.ru

Voeg