Eric Bigers, mumwe wevagadziri veAdiantum cipher uye muchengeti weLinux kernel fscrypt subsystem, akaronga seti yezvigamba kuvharidzira matambudziko ekuchengetedza anobva kune chimwe chinhu cheIntel processors isingavimbise nguva dzese dzekuuraya kune dzakasiyana dhizaini. Dambudziko rinoonekwa muIntel processors kutanga nemhuri yeIce Lake. Dambudziko rakafanana rinoonekwa muma processors eARM.
Kuvapo kwekutsamira kwenguva yekuitwa kwemirairo pane iyo data yakagadziriswa mumirairo iyi inoonekwa nemunyori wezvigamba sekusagadzikana muma processors, sezvo maitiro akadaro haagone kuvimbisa kuchengetedzeka kwecryptographic mashandiro anoitwa muhurongwa. Kuitwa kwakawanda kwecryptographic algorithms kwakagadzirirwa kuve nechokwadi kuti data haikanganise nguva yekuitwa yemirairo, uye kutyora hunhu uhu kunogona kutungamira mukusikwa kwekurwiswa kwepadivi-chiteshi kunodzoreredza data zvichienderana nekuongorora kwayo nguva yekugadzirisa.
Zvinogona, runtime data dependency inogona zvakare kushandiswa kutanga kurwisa kuona kernel data kubva munzvimbo yemushandisi. Sekureva kwaEric Bigers, nguva yekuuraya inogara haipiwe nekusarudzika kunyangwe mirairo inoita yekuwedzera uye XOR mashandiro, pamwe neyeakasarudzika AES-NI mirairo (ruzivo rusina kusimbiswa nemiedzo, maererano nedzimwe data, pane kunonoka kweimwe. kutenderera panguva yekuwedzera kwevector uye kuverenga zvishoma).
Kudzima hunhu uhu, Intel neARM vakakurudzira mireza mitsva: PSTATE bit DIT (Data Yakazvimirira Nguva) yeARM CPUs uye MSR bit DOITM (Data Operand Independent Timing Mode) yeIntel CPUs, ichidzosa hunhu hwekare nekugara nguva yekuuraya. Intel neARM inokurudzira kugonesa kuchengetedzwa sezvinodiwa kune yakakosha kodhi, asi muchokwadi, yakakosha computation inogona kuitika chero kupi mu kernel uye mushandisi nzvimbo, saka tiri kufunga kugonesa DOITM uye DIT modhi kune iyo kernel yese nguva dzese.
Kune ma ARM processors, iyo Linux 6.2 kernel bazi rakatotora zvigamba zvinoshandura maitiro ekernel, asi zvigamba izvi zvinoonekwa sezvisina kukwana sezvo zvinongovhara kernel kodhi uye hazvishandure maitiro enzvimbo yemushandisi. Kune Intel processors, kuisirwa kwekudzivirira kuchiri padanho rekuongorora. Kukanganisa kwechigamba pakuita hakusati kuyerwa, asi maererano neIntel zvinyorwa, kugonesa DOITM modhi kunoderedza mashandiro (semuenzaniso, nekudzima mamwe magadzirirwo, senge data-chaiyo preloading) uye mune ramangwana processor modhi kuderedzwa kwekuita kunogona kuwedzera. .
Source: opennet.ru