Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Pulse Security vaongorori vakaburitsa kuburikidza ne blog post, ruzivo nezve kuwanikwa kwako kwe vulnerability in kushandiswa kwemaitiro Kuvhura otomatiki kune yakazara disk encryption.
Vatsvakurudzi vanotaura kuti kusagadzikana Inotendera, Kana iwe uine mukana wenyama pakombuta, run commands as mudzi Padanho rekutanga rekubhomba, vhura nemaoko dhisiki yakavharidzirwa uye uwane ruzivo rwakakwana kune ruzivo rwakachengetwa pamadhisiki.
Uku kuongorora kwekusagadzikana chaiko kwekuchengetedza kwatakawana nekushandisa tichishanda nemumwe wevatengi vedu. Kusagadzikana uku kunogona kushandiswa kuwana midzi yemuno kupinda kune TPM-yakachengetedzwa Ubuntu 20.04 Linux komputa kana ukashandisa RedHat's Clevis uye dhirowa software kuita kuvhurika kusingatarisirwe kwe yakazara LUKS disk encryption.
Izvo zvinotaurwa kuti Kusagadzikana kunobata Linux masisitimu anoshandisa iyo LUKS encryption fomati, TPM-yakavakirwa kiyi yekudzivirira masisitimu uye Clevis, dhizaini uye systemd zvikamu kuronga otomatiki kuvhura panguva yebhutsu.
Kuseta uku kunodiwa kana komputa ichida kuve nedhisiki encryption asi ichibvumidza kure kure boots pasina mumwe munhu anoivhura nemaoko mushure. Mumamiriro ezvinhu akajairwa, vese vanorwisa vanounzwa pakombuta yakavharidzirwa vaizoona meseji yekupinda isina kugona kuwana yakananga kuhurongwa.
Muruzivo rwakagovaniswa nevagadziri kunotaurwa kuti, nzira yekurwisa yakafanana nekusagadzikana kuwanikwa muna 2016 paCrypsetup, iyo yakabvumira midzi kupinda kune yekutanga boot environment command shell nekubata pasi Enter kiyi mukupindura password yekukurumidza kuvhura iyo encrypted partition.
Uye inotaurwa izvozvo mhando itsva yekurwisa yakaonekwa mushure mekutarisa kuti system yacho yaizoita sei kana Enter isina kugadzirwa nemaoko, asi uchishandisa kiibhodhi emulator inopa kunonoka kunobvira pakati pekiyi.
Pakuyedza, kiyi ye USB yakaiswa iyo inoramba ichiteedzera kudzvanya Enter nekunonoka kwegumi nemashanu milliseconds, inova kanokwana kagumi nekukurumidza pane kubata kiyi pane yakajairika keyboard.
Kurwiswa kwakabudirira kwakaratidzwa pane setup yakavakirwa paUbuntu 20.04 iyo inosangana nezvinodiwa pamusoro apa, iyo yakashandiswa nemumwe wePulse Security vatengi. Izvi zvigadziriso zvakavakirwa paClevis chimiro uye kuchengetedza ruzivo kudhipfenyura makiyi muTPM anowanzo shandiswa pazvinenge zvichidikanwa kupa disk encryption pamaseva ari kure uko pasina nzira yekuisa nemaoko password kuti uvhure encrypted disks mushure mekutangazve yega yega.
Panguva imwecheteyo, mukuwedzera kuvhura otomatiki mune akadaro masisitimu, pane zvakare mukana wekupinda nemaoko password kuti uvhure iyo encrypted partition, iyo inosara kana iyo otomatiki yekuvhura maitiro ikatadza.
Kurwiswa kwacho kunobva pakuti munhu anorwisa anogona kubatanidza mudziyo kutevedzera kuenderera mberi kwe Enter, dzosera boot process kuisa nemaoko password yekuvhura uye uve nenguva yekupedza muganho wepamusoro pahuwandu hwekuedza yekupinda pasiwedhi munguva pfupi pfupi isati yapera kuurayiwa kweauto unlock controller, nekuti kuvhura otomatiki kunotora nguva uye nekuteedzera nekukurumidza Enter mashini, unogona kupedzisa iyo yekuvhura manyorero isati yapedza kufanana kuvhura otomatiki. process.
Pamusoro pezvo, sezvo ruzivo rwekubvisa makiyi rwakachengetwa muTPM, anorwisa, achichengeta midzi yekuwana, anogona kutanga maitiro enguva dzose ekuvhura otomatiki madhiraivha achishandisa Clevis toolkit uye kukwidza midzi yekuparadzanisa kubva mudhiraivha.
Pakupedzisira zvinotaurwa kuti sezvidziviriro zvinogoneka kurwisa kurwiswa, zvinokurudzirwa kugadzirisa ma paramita pabhoti, izvo zvinozozvitangazve pachinzvimbo chekuchinja kune inopindirana chikamu kana paine yekutanga boot kukanganisa.
kernel rd.shell=0
y
rd.emergency=reboot
Kana uri kufarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.