Abaphandi abavela kwiQela le-NCC iziphumo zophicotho-zincwadi lwasimahla , inkqubo yokusebenza yexesha langempela (RTOS), ejolise ekuxhobiseni izixhobo ezihambelana ne-Intanethi ye-Intanethi yeZinto (IoT, i-Intanethi yezinto). Ngexesha lophicotho kwavezwa eZephyr kunye 1 semngciphekweni kwi-MCUboot. I-Zephyr iphuhliswa ngokuthatha inxaxheba kweenkampani ze-Intel.
Lilonke, ubuthathaka be-6 ichongiwe kwi-stack yenethiwekhi, i-4 kwi-kernel, i-2 kwigobolondo lomyalelo, i-5 kubaphathi beefowuni zenkqubo, i-5 kwi-subsystem ye-USB kunye ne-3 kwindlela yokuhlaziya i-firmware. Imiba emibini ilinganiswe njengento ebalulekileyo, emibini iphezulu, i-9 iphakathi, i-9 iphantsi, kwaye i-4 ifanele ukuqwalaselwa. Iingxaki ezinzima zichaphazela i-IPv4 stack kunye ne-MQTT parser, eziyingozi zichaphazela ukugcinwa kobuninzi be-USB kunye nabaqhubi be-USB DFU. Ngexesha lokuvezwa kolwazi, izilungiso bezilungiselelwe kuphela i-15 kwezona buthathaka ziyingozi kakhulu, iingxaki ezikhokelela ekungavunyelwa kwenkonzo okanye ezinxulumene neziphene kwiindlela ezongezelelweyo zokukhusela i-kernel zihlala zingalungiswa.
Ukuba semngciphekweni okusetyenziswa kude kuchongiwe kwi-IPv4 yeqonga, ekhokelela kurhwaphilizo lwememori xa kusetyenzwa iipakethi ze-ICMP eziguqulwe ngendlela ethile. Enye ingxaki enkulu ifunyenwe kwi-MQTT protocol parser, ebangelwa ukungabikho kokujonga ubude bendawo yentloko efanelekileyo kwaye kunokukhokelela ekuqhutyweni kwekhowudi ekude. Ukwalelwa okuncinci kwemibandela yenkonzo kufunyanwa kwi-IPv6 stack kunye nokuphunyezwa kweprotocol ye-CoAP.
Ezinye iingxaki zingasetyenziswa ekuhlaleni ukwenza ukwaliwa kwenkonzo okanye kuphunyezwe ikhowudi kwinqanaba le-kernel. Uninzi lwaba semngciphekweni lunxulumene nokunqongophala kokuhlolwa okufanelekileyo kweengxoxo zokufowuna kwenkqubo, kwaye kunokukhokelela kwiindawo ezingafunekiyo zememori ye-kernel ebhaliweyo kwaye ifundwe ukusuka. Iingxaki zikwandise kwikhowudi yokusetyenzwa kwefowuni ngokwayo-ukubiza inombolo yefowuni engalunganga iphumela ekuphuphumeni okupheleleyo. I-kernel iphinde ichonge iingxaki ekuphunyezweni kokhuseleko lwe-ASLR (i-address space randomization) kunye nendlela yokubeka amanqaku e-canary kwi-stack, okwenza ezi ndlela zingasebenzi.
Iingxaki ezininzi zichaphazela isitaki se-USB kunye nabaqhubi ngabanye. Umzekelo, iingxaki kugcino oluninzi lwe-USB zinokubangela ukuphuphuma kwe-buffer kwaye iphumeze ikhowudi kwinqanaba le-kernel xa isixhobo siqhagamshelwe kumamkeli we-USB olawulwa ngumhlaseli. Umngcipheko kwi-USB DFU, umqhubi wokulayisha i-firmware entsha nge-USB, ikuvumela ukuba ulayishe umfanekiso we-firmware olungisiweyo kwi-Flash yangaphakathi ye-microcontroller ngaphandle kokusebenzisa i-encryption kunye nokugqithisa imo ekhuselekileyo yokuqalisa kunye nokuqinisekiswa kwamacandelo usebenzisa isignesha yedijithali. Ukongeza, ikhowudi ye-bootloader evulekileyo yafundwa , apho kwafunyanwa ubuthathaka obulungileyo,
enokukhokelela ekuphuphumeni kwesithinteli xa usebenzisa i-SMP (iProtocol yoLawulo oluLula) kwi-UART.
Khumbula ukuba eZephyr, inye kuphela indawo yedilesi ekwabelwana ngayo yehlabathi (i-SASOS, iNkqubo yokuSebenza yeNdawo enye yeedilesi) inikezelwe kuzo zonke iinkqubo. Ikhowudi ecacileyo yesicelo idibaniswe ne-kernel ecacileyo yesicelo ukwenza i-monolithic executable enokuthi ilayishwe kwaye iqhutywe kwi-hardware ethile. Zonke izixhobo zenkqubo zinqunywe ngexesha lokuqokelela, ukunciphisa ubungakanani bekhowudi kunye nokwandisa ukusebenza. Umfanekiso wenkqubo ungabandakanya kuphela ezo mpawu zekernel ezifunekayo ukuqhuba isicelo.
Kuyaphawuleka ukuba phakathi kweenzuzo eziphambili zeZephyr uphuhliso ngokhuseleko engqondweni. ukuba zonke izigaba zophuhliso zihamba kwizigaba ezinyanzelekileyo zokuqinisekisa ukhuseleko lwekhowudi: uvavanyo oluxubileyo, uhlalutyo lwe-static, uvavanyo lokungena, ukuphononongwa kwekhowudi, ukuhlalutya ukuphunyezwa kwe-backdoor kunye ne-model modeling.
umthombo: opennet.ru