Abacwaningi abavela ku-Binarly bakhombe uchungechunge lobungozi kukhodi yokudlulisa isithombe esetshenziswa ku-firmware ye-UEFI evela kubakhiqizi abahlukahlukene. Ubungozi buvumela umuntu ukuthi afinyelele ekusebenziseni ikhodi ngesikhathi sokuqalisa ngokubeka isithombe esiklanywe ngokukhethekile esigabeni se-ESP (EFI System Partition) noma engxenyeni yesibuyekezo se-firmware esingasayiniwe ngedijithali. Indlela yokuhlasela ehlongozwayo ingasetshenziswa ukudlula indlela yokuqalisa eqinisekisiwe ye-UEFI Secure Boot kanye nezindlela zokuvikela izingxenyekazi zekhompuyutha njenge-Intel Boot Guard, i-AMD Hardware-Validated Boot kanye ne-ARM TrustZone Secure Boot.
Inkinga ibangelwa ukuthi i-firmware ikuvumela ukuthi ubonise ama-logos ashiwo umsebenzisi futhi usebenzise imitapo yolwazi yokuhlukanisa isithombe yalokhu, eyenziwa ezingeni le-firmware ngaphandle kokusetha kabusha amalungelo. Kuyaphawulwa ukuthi i-firmware yesimanje ihlanganisa ikhodi yokuhlaziya amafomethi e-BMP, GIF, JPEG, PCX kanye ne-TGA, aqukethe ubungozi obuholela ekuchichimeni kwebhafa lapho kudluliswa idatha engalungile.
Ubungozi buphawulwe ku-firmware ehlinzekwa abahlinzeki bezingxenyekazi zekhompuyutha abahlukahlukene (Intel, Acer, Lenovo) kanye nabakhiqizi be-firmware (AMI, Insyde, Phoenix). Ngenxa yokuthi ikhodi yenkinga ikhona ezingxenyeni zereferensi ezinikezwa abathengisi be-firmware abazimele futhi isetshenziswa njengesisekelo sabakhiqizi abahlukahlukene bezingxenyekazi zekhompiyutha ukuze bakhe i-firmware yabo, ubungozi abucaciswanga ngqo nomthengisi futhi buthinta yonke i-ecosystem.
Imininingwane emayelana nokuba sengozini okuhlonziwe ithenjiswa ukuthi izodalulwa ngo-December 6 engqungqutheleni ye-Black Hat Europe 2023. Isethulo engqungqutheleni sizophinda sibonise ukuxhaphaza okukuvumela ukuthi usebenzise ikhodi yakho ngamalungelo e-firmware kumasistimu ane-x86 ne-ARM Architecture. Ekuqaleni, ubungozi babonwa ngesikhathi kuhlaziywa i-firmware ye-Lenovo eyakhelwe ezisekelweni ezivela ku-Insyde, AMI kanye ne-Phoenix, kodwa i-firmware evela ku-Intel ne-Acer nayo yashiwo njengabangase babe sengozini.
Source: opennet.ru