Bafuputsi ba Positive Technologies tlokotsi (), e lumellang, haeba u na le phihlelo ea 'mele ea lisebelisoa, ho ntša senotlolo sa motso oa sethaleng (Chipset key), e sebelisoang e le motso oa tšepo ha u netefatsa bonnete ba likarolo tse sa tšoaneng tsa sethaleng, ho akarelletsa le TPM (Trusted Platform Module) le Firmware ea UEFI.
Kotsi e bakoa ke kokoanyana ho hardware le firmware ea Intel CSME, e teng ka har'a boot ROM, e thibelang bothata ho lokisoa lisebelisoa tse seng li ntse li sebelisoa. Ka lebaka la ho ba teng ha fensetere nakong ea Intel CSME restart (mohlala, ha u qala ho robala), ka ho qhekella ha DMA hoa khoneha ho ngolla memori ea Intel CSME le ho fetola litafole tsa memori tsa Intel CSME tse seng li qalile ho thibela ts'ebetso. fumana senotlolo sa sethala, 'me u fumane taolo holim'a tlhahiso ea linotlolo tsa encryption bakeng sa li-module tsa Intel CSME. Lintlha tse mabapi le ts'ebeliso ea bofokoli li reretsoe ho phatlalatsoa hamorao.
Ntle le ho ntša senotlolo, phoso e boetse e lumella khoutu hore e phethoe boemong ba tokelo ea zero (Converged Security and Manageability Engine). Bothata bo ama li-chipsets tse ngata tsa Intel tse lokollotsoeng lilemong tse hlano tse fetileng, empa molokong oa 10 oa li-processor (Ice Point) bothata ha bo sa hlaha. Intel o ile a hlokomela bothata hoo e ka bang selemo se fetileng mme a lokolloa , eo, le hoja e ke ke ea fetola khoutu e tlokotsing ho ROM, leka ho thibela litsela tse ka sebelisoang hampe boemong ba li-module tsa Intel CSME ka bomong.
Liphello tse ka bang teng tsa ho fumana senotlolo sa motso oa sethala li kenyelletsa tšehetso bakeng sa firmware ea likarolo tsa Intel CSME, ho sekisetsa lits'ebetso tsa encryption tsa media tse thehiloeng ho Intel CSME, hammoho le monyetla oa ho theha li-identifiers tsa EPID.) ho fetisa komporo ea hau joalo ka e 'ngoe ea ho tlola tšireletso ea DRM. Haeba li-module tsa CSME ka bomong li sekiselitsoe, Intel e fane ka bokhoni ba ho nchafatsa linotlolo tse amanang le eona ho sebelisa mochini oa SVN (Security Version Number). Boemong ba ho fihlella senotlolo sa motso oa sethala, mochini ona ha o sebetse kaha senotlolo sa sethala se sebelisoa ho hlahisa senotlolo sa ho notlela boloko ba taolo ea botshepehi (ICVB, Integrity Control Value Blob), ho fumana seo, le sona, se o lumellang ho theha khoutu ea efe kapa efe ea li-module tsa firmware tsa Intel CSME.
Hoa hlokomeloa hore senotlolo sa sethala se bolokiloe ka mokhoa o patiloeng 'me bakeng sa ho sekisetsa ka ho feletseng hoa hlokahala ho fumana senotlolo sa hardware se bolokiloeng ho SKS (Secure Key Storage). Senotlolo se boletsoeng ha se ikhethang ebile sea tšoana bakeng sa moloko o mong le o mong oa Intel chipsets. Kaha kokoanyana e lumella khoutu hore e etsoe sethaleng pele mochine oa bohlokoa oa SKS o koetsoe, ho boleloa esale pele hore haufinyane senotlolo sena sa hardware se tla khethoa.
Source: opennet.ru