ProHoster > Blog > litaba tsa inthanete > AEPIC Leak - tlhaselo e lebisang ho lutla ha bohlokoa ho tsoa ho Intel SGX enclaves

AEPIC Leak - tlhaselo e lebisang ho lutla ha bohlokoa ho tsoa ho Intel SGX enclaves

Tlhahisoleseling e senotsoe mabapi le tlhaselo e ncha ho li-processor tsa Intel - AEPIC Leak (CVE-2022-21233), e lebisang ho phatloheng ha data ea lekunutu ho tsoa ho Intel SGX (Software Guard eXtensions) e ka thoko. Taba ena e ama meloko ea 10, ea 11 le ea 12 ea Intel CPUs (ho kenyeletsoa letoto le lecha la Ice Lake le Alder Lake) mme e bakoa ke bofokoli ba meralo bo lumellang phihlello ea data e sa lebelloang e setseng ho APIC (Advanced Programmable Interrupt Controller) kamora nako e fetileng. ts'ebetso.

Ho fapana le litlhaselo tsa sehlopha sa Specter, ho lutla ho AEPIC Leak ho etsahala ntle le ts'ebeliso ea mekhoa ea ho hlaphoheloa ka liteishene tsa mokha oa boraro - tlhahisoleseling mabapi le data ea lekunutu e fetisoa ka kotloloho ka ho fumana litaba tsa lirekoto tse bonts'itsoeng leqepheng la memori la MMIO (memory-mapped I/O) . Ka kakaretso, tlhaselo eo e u lumella ho fumana hore na data e fetiselitsoe pakeng tsa li-cache tsa maemo a bobeli le a ho qetela, ho kenyelletsa le litaba tsa lirekoto le liphetho tsa ts'ebetso ea ho bala ho tsoa mohopolong, e neng e sebetsoa ka har'a motheo o tšoanang oa CPU.

Kaha ho etsa tlhaselo hoa hlokahala ho fumana maqephe a 'mele a APIC MMIO, i.e. e hloka litokelo tsa molaoli, mokhoa ona o lekanyelitsoe ho hlasela li-enclave tsa SGX tseo mookameli a se nang phihlelo e tobileng ho tsona. Bafuputsi ba thehile lisebelisoa tse lumellang, ka metsotsoana e seng mekae, ho tseba linotlolo tsa AES-NI le RSA tse bolokiloeng ho SGX, hammoho le linotlolo tsa setifikeiti sa Intel SGX le li-parameter tsa jenereithara tsa pseudo-random. Khoutu ea tlhaselo e phatlalalitsoe ho GitHub.

Intel e phatlalalitse tokiso ka mokhoa oa ntlafatso ea microcode e tla kenya tšebetsong ts'ehetso bakeng sa ho phunya buffer le ho eketsa mehato e meng ho sireletsa data ea enclave. Tokollo e ncha ea SDK bakeng sa Intel SGX e boetse e lokiselitsoe ka liphetoho ho thibela ho lutla ha data. Baetsi ba lisebelisoa tsa ts'ebetso le li-hypervisors ba khothalletsoa ho sebelisa mokhoa oa x2APIC ho e-na le mokhoa oa xAPIC oa lefa, oo ho oona ho sebelisoang li-rejista tsa MSR ho e-na le MMIO ho fumana li-registas tsa APIC.

Source: opennet.ru

Eketsa ka tlhaloso