U-Eric Bigers, omnye wabaphuhlisi be-Adiantum cipher kunye nomgcini we-Linux kernel fscrypt subsystem, ucebise iseti yeepatches ukuvala iingxaki zokhuseleko ezivela kwinqaku le-Intel processors elingaqinisekisi amaxesha okwenziwa rhoqo kwiidatha ezahlukeneyo ezicwangcisiweyo. Ingxaki ibonakala kwiiprosesa ze-Intel ziqala ngosapho lwe-Ice Lake. Ingxaki efanayo ijongwa kwiiprosesa ze-ARM.
Ubukho bokuxhomekeka kwexesha lokwenziwa kwemiyalelo kwidatha eqhutywe kule miyalelo ithathwa ngumbhali weepatches njengomngcipheko kwiiprosesa, ekubeni ukuziphatha okunjalo akunakuqinisekisa ukhuseleko lwemisebenzi ye-cryptographic eyenziwa kwinkqubo. Ukuphunyezwa okuninzi kwe-cryptographic algorithms yenzelwe ukuqinisekisa ukuba idatha ayichaphazeli ixesha lokwenziwa kwemiyalelo, kwaye ukwaphula le ndlela yokuziphatha kunokukhokelela ekudalweni kohlaselo lwecala-channel olufumana idatha esekelwe kuhlalutyo lwexesha layo lokucubungula.
Ngokunokwenzeka, ukuxhomekeka kwedatha yexesha lokusebenza kungasetyenziselwa ukuqalisa uhlaselo ukumisela idatha ye-kernel kwindawo yomsebenzisi. Ngokutsho kuka-Eric Bigers, ixesha lokubulawa rhoqo alibonelelwanga ngokungagqibekanga nakwimiyalelo eyenza imisebenzi yokudibanisa kunye ne-XOR, kunye nemiyalelo ekhethekileyo ye-AES-NI (ulwazi aluqinisekiswanga ngovavanyo, ngokutsho kwezinye iinkcukacha, kukho ukulibaziseka kwenye umjikelo ngexesha lophindaphindo lwevektha nokubala kancinane ).
Ukukhubaza le ndlela yokuziphatha, i-Intel kunye ne-ARM zicebise iiflegi ezintsha: i-PSATE bit DIT (iDatha eZimeleyo zeXesha) ye-ARM CPUs kunye ne-MSR bit DOITM (Indlela yokuSebenza yeDatha eZimeleyo) ye-Intel CPUs, ukubuyisela ukuziphatha kwakudala kunye nexesha lokubulawa rhoqo. I-Intel kunye ne-ARM zincoma ukhuseleko oluvumela ukhuseleko njengoko lufuneka kwikhowudi ebalulekileyo, kodwa ngokwenene, ukubala okubalulekileyo kunokwenzeka naphi na kwi-kernel kunye nendawo yomsebenzisi, ngoko sicinga ukwenza i-DOITM kunye neendlela ze-DIT kwi-kernel yonke ngamaxesha onke.
Kwiiprosesa ze-ARM, isebe le-Linux 6.2 kernel sele lithathe iipatches ezitshintsha indlela yokuziphatha kwi-kernel, kodwa ezi ziqwenga zithathwa njengezingonelanga kuba zigubungela kuphela ikhowudi yekernel kwaye azitshintshi indlela yokuziphatha kwindawo yomsebenzisi. Kwiiprosesa ze-Intel, ukufakwa kokhuseleko kusekho kwinqanaba lokuphonononga. Impembelelo yesiqwenga ekusebenzeni ayikalinganiswa, kodwa ngokutsho kwamaxwebhu e-Intel, ukwenza imo ye-DOITM inciphise ukusebenza (umzekelo, ngokukhubaza ulungiselelo oluthile, olufana nokulayisha kwangaphambili okuthe ngqo) kunye neemodeli zeprosesa zexesha elizayo ukucutha ukusebenza kunokunyusa. .
umthombo: opennet.ru