ProHoster > Blog > litaba tsa inthanete > Coreboot 4.17 e lokollotsoe

Coreboot 4.17 e lokollotsoe

Ho lokolloa ha morero oa CoreBoot 4.17 ho phatlalalitsoe, ka har'a moralo oo ho ntseng ho ntlafatsoa mefuta e meng ea mahala ea firmware ea thepa le BIOS. Khoutu ea projeke e ajoa tlasa laesense ea GPLv2. Bahlahisi ba 150 ba nkile karolo ho thehoeng ha mofuta o mocha, ba lokiselitseng liphetoho tse fetang 1300.

Liphetoho tse kholo:

  • A vulnerability (CVE-2022-29264) e hlahileng ho CoreBoot e hlahisa 4.13 ho isa ho 4.16 e se e tsitsitse mme e lumella lits'ebetso tse nang le AP (Application Processor) ho sebelisa khoutu boemong ba SMM (System Management Mode), e etelletsoeng pele (Ring). -2) ho feta mokhoa oa hypervisor le selikalikoe sa ts'ireletso, le ho ba le phihlello e sa lekanyetsoang ea memori eohle. Bothata bo bakoa ke mohala o fosahetseng o eang ho sebatli sa SMI mojuleng oa smm_module_loader.
  • Tšehetso e ekelitsoeng bakeng sa liboto tsa bo-mme tse 12, tse 5 tsa tsona li sebelisoa lisebelisoa tse nang le Chrome OS kapa li-server tsa Google. Har'a litefiso tseo e seng tsa Google:
    • Clevo L140MU / L141MU / L142MU
    • Dell sebetsa ka ho nepahetseng T1650
    • Setsi sa Mosebetsi sa HP Z220 CMT
    • Star Labs LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000) le Lite Mk IV (N5030).
  • Tšehetso bakeng sa liboto tsa bo-mme tsa Google Deltan le Deltaur ha e sa sebelisoa.
  • E kentse coreDOOM e ncha ea payload, e u lumellang ho qala papali ea DOOM ho tsoa Coreboot. Morero o sebelisa khoutu ea doomgeneric, e kentsoeng ho libpayload. Coreboot linear framebuffer e sebelisetsoa tlhahiso, 'me lifaele tsa WAD tse nang le lisebelisoa tsa papali li laeloa ho tloha CBFS.
  • Likarolo tse nchafalitsoeng tsa ho lefa SeaBIOS 1.16.0 le iPXE 2022.1.
  • Mokhoa o ekelitsoeng oa SeaGRUB (GRUB2 holim'a SeaBIOS), e lumellang GRUB2 ho sebelisa mehala e fanoang ke SeaBIOS, mohlala, ho fumana lisebelisoa tse sa fumaneheng ho tsoa ho GRUB2 payload.
  • Tšireletso e ekelitsoeng khahlanong le tlhaselo ea SinkHole, e lumellang khoutu hore e phethoe boemong ba SMM (System Management Mode).
  • E kentse tšebetsong bokhoni bo hahelletsoeng ba ho hlahisa litafole tse tsitsitseng tsa maqephe a memori ho tsoa lifaeleng tsa kopano, ntle le tlhoko ea ho letsetsa lits'ebeletso tsa mokha oa boraro.
  • Lumella ho ngola lintlha tsa ho lokisa bothata ho khomphutha ea CBMEMC ho tsoa ho li-SMI ha u sebelisa DEBUG_SMI.
  • Sistimi ea libapali tsa ho qala tsa CBMEM e fetotsoe; sebakeng sa *_CBMEM_INIT_HOOK litšoari tse tlamelletsoeng methating, ho khothaletsoa libapali tse peli: CBMEM_CREATION_HOOK (e sebelisoa qalong ea ho theha cbmem) le CBMEM_READY_HOOK (e sebelisoa maemong afe kapa afe ao cbmem e seng e sebelisitsoe ho eona. bopilwe).
  • Tšehetso e ekelitsoeng bakeng sa PSB (Platform Secure Boot), e entsoeng ke processor ea PSP (Platform Security Processor) ho netefatsa botšepehi ba BIOS ka ho saena sa digital.
  • Re kentse ts'ebetsong ea rona ea sebatli bakeng sa ho lokisa lintlha tse fetisitsoeng ho tsoa ho FSP (FSP Debug Handler).
  • E kentse mesebetsi e khethehileng ea TIS (TPM Interface Specification) bakeng sa ho bala le ho ngola ka kotloloho ho tsoa lirejiseteng tsa TPM (Trusted Platform Module) - tis_vendor_read() le tis_vendor_write().
  • Ts'ehetso e ekelitsoeng bakeng sa ho thibela litšupiso tsa null pointer ka lirejistara tsa debug.
  • E kentsoeng ts'ebetsong ea ho lemoha lisebelisoa tsa i2c, e leng ho nolofalletsang ho sebetsa ka liboto tse nang le li-touchpads kapa li-skrini tse tsoang ho bahlahisi ba fapaneng.
  • E ekelitse bokhoni ba ho boloka data ea nako ka mokhoa o loketseng ho hlahisa li-graph tsa FlameGraph, tse bontšang ka ho hlaka hore na ke nako e kae e sebelisoang ka mekhahlelo e fapaneng ea ho qala.
  • Khetho e ekelitsoe ts'ebetsong ea cbmem ho eketsa "timestamp" ea nako ho tloha sebakeng sa mosebedisi ho ea tafoleng ea cbmem, e leng se etsang hore ho khonehe ho bonahatsa liketsahalo ka mekhahlelo e entsoeng ka mor'a CoreBoot ho cbmem.

Ho feta moo, re ka ela hloko phatlalatso ea OSFF (Open-Source Firmware Foundation) ea lengolo le bulehileng ho Intel, e khothalletsang ho etsa liphutheloana tsa tšehetso ea firmware (FSP, Firmware Support Package) ka mokhoa o tloaelehileng le ho qala ho hatisa litokomane tse amanang le ho qala Intel SoC. . Ho haella ha khoutu ea FSP ho thatafatsa haholo ho theoa ha firmware e bulehileng mme ho thibela tsoelo-pele ea merero ea Coreboot, U-Boot le LinuxBoot ho Intel hardware. Nakong e fetileng, morero o tšoanang o ile oa atleha 'me Intel e ile ea bula khoutu ea PSE (Programmable Services Engine) thibela firmware e neng e kōptjoa ke sechaba.

Source: opennet.ru

Eketsa ka tlhaloso