Iqela labaphandi abavela kwi-Vrije Universiteit Amsterdam lichonge entsha (CVE-2020-0543) kwizakhiwo ezincinci ze-Intel processors, eziphawulekayo kuba ikuvumela ukuba ubuyisele iziphumo zokwenza eminye imiyalelo eyenziwa kwenye i-CPU engundoqo. Obu bubuthathaka bokuqala kwindlela yokwenziwa komyalelo oqikelelwayo ovumela ukuvuza kwedatha phakathi kweecores ze-CPU (ngaphambili ukuvuza bekukhawulelwe kwimisonto eyahlukeneyo yondoqo omnye). Abaphandi babiza ingxaki ye-CROSTalk, kodwa Ukuba sesichengeni kubhekiselwa kuyo njenge-SRBDS (iRejista eKhethekileyo yeSithinteli seSampulu seDatha).
Ukuba sesichengeni kunxulumene ne kunyaka odlulileyo kwiklasi ye-MDS (i-Microarchitectural Data Sampling) iingxaki kwaye isekelwe ekusebenziseni iindlela zokuhlalutya kwecala le-channel kwidatha kwizakhiwo ze-microarchitectural. I-CROSSTalk ikufutshane nokuba sesichengeni , kodwa iyahluka kwimvelaphi yokuvuza.
Ubuthathaka obutsha bulawula ukuvuza kwesikhuseli esiphakathi esingabhalwanga ngaphambili esabelwana ngazo zonke ii-CPU cores.
kukuba eminye imiyalelo ye-microprocessor, equka i-RDRAND, i-RDSEED kunye ne-SGX EGETKEY, iphunyezwe ngokusebenzisa i-SRR yangaphakathi ye-microarchitectural (iRejista eKhethekileyo yokuFunda). Kwiiprosesa ezichaphazelekayo, idatha ebuyiselweyo ye-SRR ifakwe kwi-buffer ephakathi eqhelekileyo kuzo zonke ii-CPU cores, emva koko idluliselwe kwi-buffer yokuzalisa ehambelana nombindi othile we-CPU apho umsebenzi wokufunda uqaliswe. Okulandelayo, ixabiso elisuka kwisithinteli sokuzalisa likhutshelwa kwiirejista ezibonakalayo kwizicelo.
Ubungakanani bendawo ephakathi ekwabelwana ngayo isithinteli ihambelana nomgca wecache, odla ngokuba mkhulu kunobungakanani bedatha efundwayo, kwaye ufundo olwahlukileyo luchaphazela ii-offsets ezahlukeneyo kwi-buffer. Ekubeni i-buffer ekwabelwana ngayo ikhutshelwa ngokupheleleyo kwi-buffer yokuzalisa, kungekhona kuphela isahlulo esifunekayo ekusebenzeni kwangoku esishukunyiswayo, kodwa kunye nedatha eseleyo evela kweminye imisebenzi, kubandakanywa naleyo yenziwa kwezinye ii-CPU cores.
Ukuba uhlaselo luphumelele, umsebenzisi wasekhaya oqinisekisiweyo kwinkqubo unokugqiba isiphumo sokwenza imiyalelo ye-RDRAND, i-RDSEED kunye ne-EGETKEY kwinkqubo yangaphandle okanye ngaphakathi kwe-Intel SGX enclave, kungakhathaliseki ukuba i-CPU ingundoqo apho ikhowudi iqhutywe khona.
Abaphandi abachonge ingxaki Iprototype yokuxhaphaza ebonisa ukukwazi ukuvuza ulwazi malunga namaxabiso angahleliweyo afunyenwe nge-RDRAND kunye nemiyalelo ye-RDSEED ukufumana kwakhona isitshixo sabucala se-ECDSA esiqhutyelwe kwi-Intel SGX enclave emva kokwenza utyikityo lwedijithali kuphela kwinkqubo.
ingxaki uluhlu olubanzi lwe-desktop, i-mobile kunye ne-server ye-Intel processors, kuquka i-Core i3, i-i5, i7, i-i9, i-m3, i-Celeron (i-J, i-G kunye ne-N series), i-Atom (i-C, i-E kunye ne-X series), i-Xeon (E3, E5, Iintsapho ze-E7 , i-W kunye no-D), i-Xeon Scalable, njl. Kuyaphawuleka ukuba i-Intel yaziswa ngobungozi ngoSeptemba ka-2018, kwaye ngoJulayi ka-2019 iprototype yokuxhaphaza yanikezelwa ebonisa ukuvuza kwedatha phakathi kwe-CPU cores, kodwa uphuhliso lolungiso lwalibaziseka ngenxa yobunzima bokuphunyezwa kwayo. Uhlaziyo lwe-microcode olucetywayo lwanamhlanje lulungisa umcimbi ngokutshintsha indlela yokuziphatha ye-RDRAND, i-RDSEED, kunye ne-EGETKEY imiyalelo yokubhala ngaphezulu idatha kwi-buffer ekwabelwana ngayo ukuthintela ulwazi olushiyekileyo ukuba luzinze apho. Ukongeza, ufikelelo lwe-buffer luyanqunyanyiswa de imixholo ifundwe kwaye ibhalwe kwakhona.
Isiphumo esisecaleni solu hlobo lokhuselo luyanda ukubambezeleka xa kusenziwa i-RDRAND, i-RDSEED, kunye ne-EGETKEY, kwaye kuncitshiswe i-throughput xa uzama ukuphumeza le miyalelo ngaxeshanye kwiiprosesa ezahlukeneyo ezinengqiqo. Ukwenza i-RDRAND, i-RDSEED, kunye ne-EGETKEY ikwanqumamisa ukufikelela kwimemori kwezinye iiprosesa ezinengqiqo. Ezi mpawu zinokuchaphazela kakubi ukusebenza kwezinye iinkqubo zeseva, ngoko ke i-firmware ibonelela ngendlela (RNGDS_MITG_DIS) ukukhubaza ukhuseleko lwe-RDRAND kunye nemiyalelo ye-RDSEED eyenziwa ngaphandle kwe-Intel SGX enclave.
umthombo: opennet.ru
