ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Coreboot 4.17 ayaa la sii daayay

Coreboot 4.17 ayaa la sii daayay

Siideynta mashruuca CoreBoot 4.17 waa la daabacay, iyada oo ku dhex jirta qaab dhismeedka kaas oo beddelka bilaashka ah ee firmware-ka lahaanshaha iyo BIOS la sameeyay. Xeerka mashruuca waxa lagu qaybiyaa shatiga GPLv2. 150 horumariyayaal ayaa ka qaybqaatay abuurista nooca cusub, kuwaas oo diyaariyey in ka badan 1300 oo isbeddel ah.

Isbeddellada ugu waaweyn:

  • Nuglaanta (CVE-2022-29264) ee ka soo muuqatay CoreBoot siidaynta 4.13 ilaa 4.16 waa la hagaajiyay waxayna ogolaatay in kood lagu fuliyo nidaamyada AP (Codsiga Processor) ee heerka SMM ( Habka Maareynta Nidaamka), kaas oo leh mudnaan sare ( Giraanta -2) marka loo eego qaabka hypervisor-ka iyo giraanta ilaalinta eber, iyo helitaanka aan xadidneyn ee dhammaan xusuusta. Dhibka waxaa keenay wicitaan aan sax ahayn oo loo diray maamulaha SMI ee ku jira moduleka smm_module_loader.
  • Taageero lagu daray 12 Motherboard, 5 ka mid ah waxaa loo isticmaalaa aaladaha leh Chrome OS ama server-yada Google. Waxaa ka mid ah khidmadaha Google-ka:
    • Clevo L140MU / L141MU / L142MU
    • Dell Sax T1650
    • HP Z220 CMT Workstation
    • Xiddigaha LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000) iyo Lite Mk IV (N5030).
  • Taageerada Google Deltan iyo Deltaur Motherboard-yada waa la joojiyay.
  • Waxaa lagu soo daray coreDOOM cusub, kaasoo kuu oggolaanaya inaad ciyaarta DOOM ka bilowdo Coreboot. Mashruucu wuxuu isticmaalaa koodka doomgeneric, oo loo soo gudbiyay libpayload. Qaabka toosan ee Coreboot waxa loo isticmaalaa wax soo saarka, iyo faylasha WAD ee leh agabka ciyaarta waxaa laga soo raray CBFS.
  • Qaybaha lacag bixinta ee la cusboonaysiiyay SeaBIOS 1.16.0 iyo iPXE 2022.1.
  • Habka SeaGRUB ee lagu daray (GRUB2 oo ka sarreeya SeaBIOS), kaas oo u oggolaanaya GRUB2 in ay isticmaasho wicitaannada dib-u-celinta ee ay bixiso SeaBIOS, tusaale ahaan, si ay u gasho qalab aan laga heli karin GRUB2 lacag-bixinta.
  • Ilaalinta dheeraadka ah ee ka dhanka ah weerarka SinkHole, kaas oo u oggolaanaya koodka in lagu fuliyo SMM (Habka Maareynta Nidaamka).
  • Hirgeliyay karti-ku-dhismay si ay u soo saaraan miisaska boggaga xusuusta taagan ee faylalka isku-xidhka, iyada oo aan loo baahnayn in la waco adeegyada qolo saddexaad.
  • Oggolow inaad u qorto macluumaadka khaladka CBMEMC console-ka gacanta ku haya SMI marka la isticmaalayo DEBUG_SMI.
  • Nidaamka hawl wadeenada bilowga ah ee CBMEM waa la bedelay; halkii *_CBMEM_INIT_HOOK maamulayaasha lagu xidhi lahaa marxaladaha, laba maamule ayaa la soo jeediyay: CBMEM_CREATION_HOOK (la isticmaalo marxaladda hore ee abuurta cbmem) iyo CBMEM_READY_HOOK (loo adeegsaday marxalad kasta oo cbmem hore loo isticmaalay. abuuray).
  • Taageero dheeri ah oo loogu talagalay PSB (Platform Secure Boot), oo uu dhaqaajiyo Processor-ka PSP (Platform Security Processor) si loo xaqiijiyo daacadnimada BIOS iyadoo la adeegsanayo saxeex dhijitaal ah.
  • Ku darsanay fulinta noo gaar ah ee maamulaha sifaynta xogta laga soo wareejiyay FSP (FSP Debug Handler).
  • Tis_vendor_read () iyo tis_vendor_write () oo lagu daray TIS-gacanta-iibiyaha ah (TPM Interface Specification) ee akhriska iyo qorista tooska ah ee TPM (Trusted Platform Module)
  • Taageero lagu daray ka-hortagga tixraacyada tilmaame-yaasha ee aan waxba ka jirin iyada oo loo marayo diiwaannada cilladaha.
  • Waxaa la hirgeliyay ogaanshaha aaladda i2c, taasoo sahlaysa in lagu shaqeeyo loox ku qalabaysan taabashada taabashada ama shaashadaha taabashada ee soo saarayaasha kala duwan.
  • Waxaa lagu daray awoodda lagu keydinayo xogta waqtiga qaab ku habboon soo saarista garaafyada FlameGraph, kaas oo si cad u muujinaya inta waqti ee lagu qaato marxaladaha kala duwan ee furitaanka.
  • Ikhtiyaar ayaa lagu daray utility cbmem si loogu daro "timestamp" ee wakhtiga booska isticmaalaha ilaa miiska cbmem, taas oo suurtogal ka dhigaysa in ay ka tarjumayso dhacdooyinka marxaladaha la sameeyay ka dib CoreBoot ee cbmem.

Intaa waxaa dheer, waxaan ogaan karnaa daabacaadda OSFF (Open-Source Firmware Foundation) ee warqad furan oo loo diray Intel, kaas oo soo jeedinaya in la sameeyo xirmooyinka taageerada firmware (FSP, Xidhmada Taageerada Firmware) oo ka sii casrisan oo ay bilaabaan daabacaadda dukumeenti la xidhiidha bilaabista Intel SoC . La'aanta koodka FSP waxay si weyn u adkeyneysaa abuurista firmware-ka furan waxayna ka hortagtaa horumarinta mashaariicda Coreboot, U-Boot iyo LinuxBoot ee qalabka Intel. Markii hore, hindise kan la mid ah ayaa lagu guuleystay oo Intel ayaa furay furaha PSE (Programmable Services Engine) block firmware ee bulshadu codsatay.

Source: opennet.ru

Add a comment