U-Eric Bigers, omunye wabathuthukisi be-Adiantum cipher kanye nomnakekeli we-Linux kernel fscrypt subsystem, uhlongoze isethi yamapeshi ukuze uvimbele izinkinga zokuphepha ezivela esicini se-Intel processors esingaqinisekisi izikhathi zokusebenzisa njalo zedatha ehlukene ecutshunguliwe. Inkinga ivela kuma-Intel processors aqala ngomndeni we-Ice Lake. Inkinga efanayo ibonwa kuma-ARM processors.
Ukuba khona kokuncika kwesikhathi sokwenziwa kwemiyalo kudatha ecutshungulwe kule miyalo kuthathwa ngumbhali wamapheshana njengobungozi kumaphrosesa, ngoba ukuziphatha okunjalo akukwazi ukuqinisekisa ukuphepha kokusebenza kwe-cryptographic okwenziwa ohlelweni. Ukuqaliswa okuningi kwama-cryptographic algorithms kuklanyelwe ukuqinisekisa ukuthi idatha ayithinti isikhathi sokwenza imiyalelo, futhi ukwephula lokhu kuziphatha kungaholela ekudalweni kokuhlaselwa kwesiteshi esiseceleni esibuyisela idatha ngokusekelwe ekuhlaziyweni kwesikhathi sayo sokucubungula.
Ngokunokwenzeka, ukuncika kwedatha yesikhathi sokusebenza kungasetshenziswa futhi ukuqalisa ukuhlasela ukuze kunqunywe idatha ye-kernel esikhaleni somsebenzisi. Ngokuka-Eric Bigers, isikhathi sokwenza njalo asinikezwa ngokuzenzakalelayo ngisho nemiyalo eyenza imisebenzi yokwengeza kanye ne-XOR, kanye nemiyalo ekhethekile ye-AES-NI (ulwazi olungaqinisekisiwe ngokuhlolwa, ngokusho kolunye idatha, kukhona ukubambezeleka kokukodwa. umjikelezo ngesikhathi sokuphindaphinda kwevekhtha nokubala kancane ).
Ukuze ukhubaze lokhu kuziphatha, i-Intel ne-ARM baphakamise amafulegi amasha: I-PSATE bit DIT (Isikhathi Esizimele Sedatha) yama-ARM CPUs kanye ne-MSR bit DOITM (Imodi Yesikhathi Esebenza Ngedatha Ezimele) yama-Intel CPUs, ibuyisela ukuziphatha okudala ngesikhathi sokwenza njalo. I-Intel ne-ARM batusa ukunika amandla ukuvikeleka njengoba kudingekile kumakhodi abalulekile, kodwa empeleni, ukubala okubalulekile kungenzeka noma yikuphi ku-kernel nesikhala somsebenzisi, ngakho-ke sicabanga ukunika amandla izindlela ze-DOITM ne-DIT kuyo yonke i-kernel ngaso sonke isikhathi.
Kumaphrosesa e-ARM, igatsha le-kernel ye-Linux 6.2 selivele lamukele ama-patches ashintsha ukuziphatha kwe-kernel, kodwa lezi ziqephu zithathwa njengezinganele njengoba zimboza ikhodi ye-kernel kuphela futhi azishintshi ukuziphatha kwesikhala somsebenzisi. Kuma-Intel processors, ukufakwa kokuvikela kusesesiteji sokubuyekezwa. Umthelela wesichibi ekusebenzeni awukalinganiswa, kodwa ngokuya ngemibhalo ye-Intel, ukunika amandla imodi ye-DOITM kunciphisa ukusebenza (isibonelo, ngokukhubaza okunye ukulungiselelwa, njengokulayishwa kuqala kwedatha ethile) futhi kumamodeli wephrosesa wesikhathi esizayo ukuncipha kokusebenza kungase kukhule. .
Source: opennet.ru