I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > I-Coreboot 4.17 ikhishwe

I-Coreboot 4.17 ikhishwe

Ukukhishwa kwephrojekthi ye-CoreBoot 4.17 kushicilelwe, ngaphakathi kohlaka lapho kuthuthukiswa enye indlela yamahhala ye-firmware yobunikazi kanye ne-BIOS. Ikhodi yephrojekthi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2. Abathuthukisi be-150 babambe iqhaza ekwakhiweni kwenguqulo entsha, abalungiselele izinguquko ezingaphezu kwe-1300.

Izinguquko eziyinhloko:

  • Ukuba sengozini (CVE-2022-29264) okuvele ekukhishweni kwe-CoreBoot okungu-4.13 kuye ku-4.16 kulungisiwe futhi kuvumela amasistimu ane-AP (Application Processor) ukuthi asebenzise ikhodi ezingeni le-SMM (Imodi Yokulawulwa Kwesistimu), ebaluleke kakhulu (Indandatho). -2) kunemodi ye-hypervisor kanye nendandatho enguziro yokuvikela, nokuba nokufinyelela okungenamkhawulo kuyo yonke inkumbulo. Inkinga ibangelwa ucingo olungalungile oluya kusibambi se-SMI kumojuli smm_module_loader.
  • Usekelo olungeziwe lwamabhodi omama angu-12, angu-5 asetshenziswa kumadivayisi ane-Chrome OS noma kumaseva e-Google. Phakathi kwezinkokhelo ezingezona eze-Google:
    • I-Clevo L140MU / L141MU / L142MU
    • UDell Precision T1650
    • I-HP Z220 CMT Workstation
    • I-Star Labs LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000) ne-Lite Mk IV (N5030).
  • Ukusekelwa kwamabhodi omama we-Google Deltan kanye ne-Deltaur kunqanyuliwe.
  • Kwengezwe i-coreDOOM entsha yokulayisha, okukuvumela ukuthi uqalise igeyimu ye-DOOM usuka ku-Coreboot. Iphrojekthi isebenzisa ikhodi ye-doomgeneric, ethunyelwa ku-libpayload. I-Coreboot linear framebuffer isetshenziselwa okukhiphayo, futhi amafayela e-WAD anezinsiza zegeyimu alayishwa ku-CBFS.
  • Izingxenye zokulayisha okukhokhelwayo ezibuyekeziwe i-SeaBIOS 1.16.0 kanye ne-iPXE 2022.1.
  • Imodi ye-SeaGRUB eyengeziwe (i-GRUB2 phezu kwe-SeaBIOS), evumela i-GRUB2 ukuthi isebenzise izingcingo zokushayela ezinikezwa i-SeaBIOS, isibonelo, ukuze ifinyelele okokusebenza okungafinyeleleki ekulayishweni kwe-GRUB2.
  • Ukuvikela okungeziwe ekuhlaselweni kwe-SinkHole, okuvumela ikhodi ukuthi isetshenziswe ezingeni le-SMM (Imodi Yokulawulwa Kwesistimu).
  • Kusetshenziswe ikhono elakhelwe ngaphakathi lokukhiqiza amathebula amile amakhasi enkumbulo ukusuka kumafayela omhlangano, ngaphandle kwesidingo sokubiza izinsiza zezinkampani zangaphandle.
  • Vumela ukubhala imininingwane yokususa iphutha kukhonsoli ye-CBMEMC kusuka kuzibambi ze-SMI uma usebenzisa i-DEBUG_SMI.
  • Isistimu yezibambi zokuqalisa ze-CBMEM ishintshiwe; esikhundleni sezibambi *_CBMEM_INIT_HOOK eziboshelwe ezigabeni, kuhlongozwa izibambi ezimbili: CBMEM_CREATION_HOOK (esetshenziswa esigabeni sokuqala esidala i-cbmem) kanye ne-CBMEM_READY_HOOK (isetshenziswa kunoma yiziphi izigaba lapho i-cbmem isivele isetshenziswe khona. idaliwe).
  • Ukwesekwa okwengeziwe kwe-PSB (i-Platform Secure Boot), eyenziwe yasebenza iphrosesa ye-PSP (Platform Security Processor) ukuze kuqinisekiswe ubuqotho be-BIOS kusetshenziswa isiginesha yedijithali.
  • Sengeze ukwethulwa kwethu kwesibambi sokususa iphutha kwedatha edluliswa isuka ku-FSP (FSP Debug Handler).
  • Kwengezwe imisebenzi ye-TIS eqondene nomthengisi (i-TPM Interface Specification) yokufunda nokubhala ngokuqondile ukusuka kumarejista we-TPM (I-Trusted Platform Module) - tis_vendor_read() kanye ne-tis_vendor_write().
  • Kwengezwe usekelo lokuvimbela izinkomba ezingenalutho ngamarejista okususa iphutha.
  • Kusetshenziswe ukutholwa kwedivayisi ye-i2c, okwenza kube lula ukusebenza ngamabhodi afakwe amaphedi wokuthinta noma izikrini zokuthinta ezivela kubakhiqizi abahlukene.
  • Kwengezwe ikhono lokulondoloza idatha yesikhathi ngefomethi efaneleka ukukhiqiza amagrafu e-FlameGraph, abonisa ngokucacile ukuthi singakanani isikhathi esichithwa ezigabeni ezihlukene zokwethulwa.
  • Inketho yengezwe kunsiza ye-cbmem yokwengeza "isitembu sesikhathi" sesikhathi kusuka endaweni yomsebenzisi kuya kuthebula le-cbmem, okwenza kube nokwenzeka ukukhombisa imicimbi ngezigaba ezenziwe ngemuva kwe-CoreBoot ku-cbmem.

Ukwengeza, singaphawula ukushicilelwa kwe-OSFF (Open-Source Firmware Foundation) kwencwadi evulekile eya ku-Intel, ehlongoza ukwenza amaphakheji okusekelwa kwe-firmware (i-FSP, Iphakheji Yokusekela I-Firmware) abe yimodyuli kakhudlwana futhi aqale ukushicilela imibhalo ehlobene nokuqalisa i-Intel SoC. . Ukuntuleka kwekhodi ye-FSP kwenza kube nzima kakhulu ukwakhiwa kwe-firmware evulekile futhi kuvimbela ukuthuthuka kwamaphrojekthi we-Coreboot, U-Boot kanye ne-LinuxBoot ku-Intel hardware. Ngaphambilini, uhlelo olufanayo lwaba yimpumelelo futhi i-Intel yavula ikhodi ye-PSE (Programmable Services Engine) block firmware ecelwe umphakathi.

Source: opennet.ru

Engeza amazwana