Abacwaningi abavela ku-Positive Technologies ubungozi (), okuvumela, uma unokufinyelela ngokomzimba emishinini, ukukhipha ukhiye wempande yesikhulumi (ukhiye we-Chipset), osetshenziswa njengempande yokwethenjwa lapho kuqinisekiswa ubuqiniso bezingxenye ezihlukahlukene zepulatifomu, okuhlanganisa i-TPM (I-Trusted Platform Module) kanye UEFI firmware.
Ukuba sengozini kubangelwa iphutha ku-hardware ne-Intel CSME firmware, etholakala ku-ROM yokuqalisa, evimbela inkinga ukuthi ingalungiswa kumadivayisi asevele esetshenziswa. Ngenxa yokuba khona kwewindi ngesikhathi sokuqalisa kabusha kwe-Intel CSME (isibonelo, lapho uqala kabusha kumodi yokulala), ngokusebenzisa ukukhohlisa kwe-DMA kungenzeka ukuthi ubhalele idatha kumemori emile ye-Intel CSME futhi uguqule amathebula ekhasi lememori ye-Intel CSME asevele eqalisiwe ukuze unqande ukubulawa, buyisa ukhiye weplathifomu, futhi uthole ukulawula ukukhiqizwa kokhiye bokubethela bamamojula e-Intel CSME. Imininingwane yokuxhashazwa kokuba sengozini ihlelelwe ukuthi ishicilelwe kamuva.
Ngokungeziwe ekukhipheni ukhiye, iphutha liphinde livumele ikhodi ukuthi isetshenziswe ezingeni lelungelo elinguziro (Converged Security and Manageability Engine). Inkinga ithinta ama-chipset amaningi e-Intel akhishwe eminyakeni emihlanu edlule, kodwa esizukulwaneni se-10 sabaprosesa (I-Ice Point) inkinga ayisaveli. I-Intel yaqaphela inkinga esikhathini esingangonyaka esidlule futhi yakhululwa , okuthi, nakuba bengakwazi ukushintsha ikhodi esengozini ku-ROM, bazame ukuvimba izindlela zokuxhashazwa ezingaba khona ezingeni lamamojula e-Intel CSME ngamanye.
Imiphumela engaba khona yokuthola ukhiye wempande yesikhulumi ihlanganisa ukusekelwa kwe-firmware yezingxenye ze-Intel CSME, ukuyekethisa kwezinhlelo zokubethela zemidiya ezisuselwe ku-Intel CSME, kanye nethuba lokufoja izihlonzi ze-EPID () ukudlulisa ikhompuyutha yakho njengomunye ukudlula ukuvikelwa kwe-DRM. Uma amamojula e-CSME efakwa engcupheni, i-Intel inikeze ikhono lokukhiqiza kabusha okhiye abahlobene kusetshenziswa indlela ye-SVN (Inombolo Yenguqulo Yokuphepha). Esimeni sokufinyelela kukhiye wezimpande zenkundla, le ndlela yokusebenza ayisebenzi njengoba ukhiye wempande wenkundla usetshenziselwa ukukhiqiza ukhiye wokubethela ibhulokhi yokulawula ubuqotho (ICVB, Integrity Control Value Blob), ukuthola lokho, ngokulandelayo, okukuvumela ukuthi dala ikhodi yanoma yimaphi amamojula we-Intel CSME firmware.
Kuyaphawulwa ukuthi ukhiye wezimpande weplathifomu ugcinwa ngendlela ebethelwe futhi ukuze kutholwe ngokuphelele kuyadingeka futhi ukucacisa ukhiye wehadiwe ogcinwe ku-SKS (Isitoreji Sokhiye Ovikelekile). Ukhiye oshiwo awuhlukile futhi uyafana esizukulwaneni ngasinye se-Intel chipsets. Njengoba isiphazamisi sivumela ikhodi ukuthi isetshenziswe esigabeni ngaphambi kokuthi kuvinjwe indlela yokukhiqiza engukhiye ku-SKS, kubikezelwa ukuthi maduze nje lo khiye wehadiwe uzonqunywa.
Source: opennet.ru