Abacwaningi abavela ku-NCC Group imiphumela yokuhlolwa kwephrojekthi yamahhala , isistimu yokusebenza yesikhathi sangempela (RTOS), okuhloswe ngayo ukuhlomisa amadivayisi athobela umqondo we-inthanethi Yezinto (IoT, I-inthanethi Yezinto). Ngesikhathi sokucwaninga kwavezwa e-Zephyr kanye nokuba sengozini okungu-1 ku-MCUboot. I-Zephyr ithuthukiswa ngokubamba iqhaza kwezinkampani ze-Intel.
Sekukonke, kutholwe ubuthakathaka obungu-6 kusitaki senethiwekhi, 4 ku-kernel, 2 kugobolondo lomyalo, 5 kwizibambi zesistimu, 5 kusistimu engaphansi ye-USB kanye no-3 kumshini wokuvuselela i-firmware. Izinkinga ezimbili zilinganiselwe njengezibucayi, ezimbili ziphakeme, ezingu-9 zilinganiselwe, ezingu-9 ziphansi, kanti ezi-4 zifanele ukucatshangelwa. Izinkinga ezibucayi zithinta isitaki se-IPv4 kanye nesihlazululi se-MQTT, eziyingozi zithinta isitoreji esikhulu se-USB nezishayeli ze-USB DFU. Ngesikhathi sokudalulwa kolwazi, ukulungiswa bekulungiselelwe kuphela okungu-15 kobungozi obuyingozi kakhulu; izinkinga eziholela ekunqatshelweni kwesevisi noma ezihlotshaniswa namaphutha ezindleleni ezengeziwe zokuvikela i-kernel zihlala zingalungiswa.
Ukuba sengozini okusebenziseka kalula kukhonjwe kusitaki seplathifomu ye-IPv4, okuholela ekonakaleni kwenkumbulo lapho kucutshungulwa amaphakethe e-ICMP alungiswe ngendlela ethile. Enye inkinga engathi sΓna itholwe kusihlazululi sephrothokholi ye-MQTT, ebangelwa ukuntuleka kokuhlola ubude benkambu kanhlokweni efanele futhi kungaholela ekwenzeni ikhodi ekude. Ukunqatshelwa okuqinile kwezinkinga zesevisi kutholakala kusitaki se-IPv6 nasekusetshenzisweni kwephrothokholi ye-CoAP.
Ezinye izinkinga zingasetshenziswa endaweni ukuze kubangele ukwenqatshwa kwesevisi noma kukhishwe ikhodi ezingeni le-kernel. Iningi lalobu bungozi buhlobene nokushoda kokuhlolwa okufanele kwama-agumenti ocingo lwesistimu, futhi kungaholela ezindaweni ezingafanele zenkumbulo ye-kernel ebhalelwa futhi ifundwe kusukela. Izinkinga ziphinde zidlulele kukhodi yokucubungula ikholi yesistimu ngokwayoβukushayela inombolo yekholi yesistimu engalungile kubangela ukuchichima kwenombolo ephelele. I-kernel iphinde yahlonza izinkinga ekusetshenzisweni kokuvikelwa kwe-ASLR (i-address space randomization) kanye nendlela yokusetha amamaki e-canary esitakini, okwenza lezi zindlela zingasebenzi.
Izinkinga eziningi zithinta isitaki se-USB kanye namashayeli angawodwana. Isibonelo, izinkinga ekugcinweni okuningi kwe-USB zingabangela ukuchichima kwebhafa futhi zikhiphe ikhodi ezingeni le-kernel lapho idivayisi ixhunywe kumsingathi we-USB olawulwa umhlaseli. Ukuba sengozini ku-USB DFU, umshayeli wokulayisha i-firmware entsha nge-USB, ikuvumela ukuthi ulayishe isithombe se-firmware esilungisiwe ku-Flash yangaphakathi yesilawuli esincane ngaphandle kokusebenzisa ukubethela nokudlula imodi yokuqalisa evikelekile ngokuqinisekiswa kwezingxenye usebenzisa isiginesha yedijithali. Ukwengeza, ikhodi ye-bootloader evuliwe yafundwa , lapho kutholwe khona ukuba sengozini eyodwa,
okungaholela ekuchichimeni kwebhafa uma usebenzisa iphrothokholi ye-SMP (Simple Management Protocol) phezu kwe-UART.
Khumbula ukuthi e-Zephyr, indawo eyodwa kuphela yamakheli angokoqobo okwabelwana ngawo emhlabeni wonke (i-SASOS, Uhlelo Lokusebenza Lwendawo Yekheli Elilodwa) olunikezwe zonke izinqubo. Ikhodi eqondene nohlelo lokusebenza ihlanganiswa ne-kernel eqondene nohlelo lokusebenza ukwenza i-monolithic esebenzisekayo engalayishwa futhi isebenze ku-hardware ethile. Zonke izinsiza zesistimu zinqunywa ngesikhathi sokuhlanganiswa, ukunciphisa usayizi wekhodi nokwandisa ukusebenza. Isithombe sesistimu singafaka lezo zici ze-kernel kuphela ezidingekayo ukuze kuqalise uhlelo lokusebenza.
Kuyaphawuleka ukuthi phakathi kwezinzuzo ezibalulekile zeZephyr ukuthuthukiswa ngokuphepha engqondweni. ukuthi zonke izigaba zokuthuthuka zingena ezigabeni eziphoqelekile zokuqinisekisa ukuvikeleka kwekhodi: ukuhlolwa kwe-fuzzing, ukuhlaziya okumile, ukuhlolwa kokungena, ukubuyekezwa kwekhodi, ukuhlaziya ukuqaliswa kwe-backdoor kanye nemodeli yosongo.
Source: opennet.ru