CoreBoot 4.17 yakatoburitswa uye idzi ndidzo nhau dzayo

Kuburitswa kweiyo CoreBoot 4.17 chirongwa chakaburitswa, mukati umo imwe yemahara imwe nzira kune proprietary firmware uye BIOS iri kugadzirwa.

Kubva pakaburitswa vhezheni 4.16, kwave nezvinodarika chiuru nemazana matatu ezvipo kubva kune vanosvika zana nemakumi mashanu. Pavanhu ivavo, vangangosvika gumi nevashanu vaive mafireta ekutanga.

Huru hutsva maficha eCoreBoot 4.17

Mune iyi vhezheni itsva inoratidzwa, tinogona kuwana izvozvo TIS mabasa akawedzerwa (TPM Interface Specification) mutengesi-chaiyo kuverenga nekunyora zvakananga kubva kuTPM (Trusted Platform Module) marejista: tis_vendor_read() uye tis_vendor_write().

Imwe shanduko inomira pachena ndeyekuti tsigiro yekubata kunongedza kunongedza null kuburikidza ne debug logs uye izvo mukuwedzera i2c yekuona mudziyo yaitwa kufambisa basa nema lacquers ane touchpads kana touch screens kubva kune vakasiyana vagadziri.

Kunze kwaizvozvo, Zvinocherechedzwa kuti kugona kuchengetedza nguva data mune fomati yakawedzerwa. yakakodzera kugadzira machati eFlameGraph anoratidza zvakajeka kuti inguvai yakashandiswa pamatanho akasiyana ekuburitswa.

Yakawedzera sarudzo kune cbmem utility yekuwedzera nguva kubva muuserspace kune cbmem's "timestamp" tafura, izvo zvinoita kuti zvikwanise kuratidza zviitiko mu cbmem pamatanho akaitwa mushure meCoreBoot.

Iyo yakavakirwa-mukati kugona kugadzira static memory peji matafura kubva kuassembler mafaera, pasina chikonzero chekufonera chechitatu-bato rekushandisa.

Kune rimwe divi, zvinoratidzwawo izvo yakagadzirisa kusagadzikana (CVE-2022-29264) inoratidzwa muCoreBoot shanduro 4.13 kusvika 4.16 uye yakabvumira masisitimu ane AP (Application Processor) kuita kodhi paSMM (System Management Mode) nhanho, iyo ine yepamusoro pekutanga (Ring -2) pane hypervisor modhi uye yekudzivirira mhete zero, uye kuve nekuwana kusingagumi kundangariro dzese. Dambudziko rinokonzerwa nekufona kwakashata kune SMI mugadziri mune smm_module_loader module.

Zvevamwe zvinoshandukaizvo zvinobuda mushanduro itsva iyi:

  • Inobvumidzwa kunyora debug ruzivo kune CBMEMC koni kubva kuSMI vanobata kana uchishandisa DEBUG_SMI.
  • Iyo CBMEM yekutanga yekubata system yakashandurwa, pachinzvimbo che *_CBMEM_INIT_HOOK mabati akabatana nematanho, maviri ekubata anotsanangurwa: CBMEM_CREATION_HOOK (inoshandiswa padanho rekutanga inogadzira cbmem) uye CBMEM_READY_HOOK (inoshandiswa mune chero nhanho iyo cbmem yakatogadzirwa) .
  • Yakawedzerwa tsigiro yePSB (Platform Yakachengeteka Boot), yakagadziriswa nePSP (Platform Security processor) kuratidza kuvimbika kweBIOS uchishandisa siginecha yedhijitari.
  • Yakawedzera wega kuita kwedebug data handler yakapfuura kubva kuFSP (FSP Debug Handler).
  • Yakawedzerwa rutsigiro rwemabhodhi gumi nemaviri, mashanu ayo anoshandiswa muChrome OS zvishandiso kana maseva eGoogle:
    Clevo L140MU / L141MU / L142MU
    Dell Precision T1650
    HP Z220 CMT Workstation
    Star Labs LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000), uye Lite Mk IV (N5030).
  • Yakabviswa rutsigiro rweGoogle Deltan uye Deltaur mamabhodhi.
  • Yakawedzera nyowani coreDOOM payload, iyo inokutendera kuti umhanye mutambo weDOOM kubva kuCoreboot.
  • Iyo purojekiti inoshandisa doogeneric kodhi inotakurwa kune libpayload.
  • Coreboot's linear framebuffer inoshandiswa kuburitsa uye mafaera eWAD ane midziyo yemutambo anotakurwa kubva kuCBFS.
  • Yakagadziridzwa payload zvikamu SeaBIOS 1.16.0 uye iPXE 2022.1.
  • Yakawedzerwa SeaGRUB modhi (GRUB2 pamusoro peSeaBIOS), iyo inobvumira GRUB2 kushandisa SeaBIOS-inopihwa macallbacks, semuenzaniso, kuwana michina iyo GRUB2 payload haina kuwana.
  • Yakawedzerwa dziviriro pakurwisa kweSinkHole, iyo inokutendera kuti uite kodhi paSMM (System Administration Mode) nhanho.

Mukuwedzera, tinogona kutsanangura kuburitswa neOSFF (Open-Source Firmware Foundation) mune yakavhurika tsamba kuna Intel, umo inokurudzira kumodularize firmware tsigiro mapakeji (FSP, Firmware Support Package) uye tanga kuburitsa zvinyorwa zvine chekuita neIntel SoC kutanga.

Kushaikwa kweFSP kodhi kunoita kuti zviome kwazvo kuvaka yakavhurika firmware uye zvinoita kuti zviome kuti mapurojekiti eCoreboot, U-Boot, uye LinuxBoot afambire mberi paIntel hardware. Pakutanga, danho rakafanana rakabudirira uye Intel yakavhurika yakavhurika nharaunda-yakakumbirwa PSE (Programmable Services Engine) firmware.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako