Munguva pfupi yapfuura, boka revatsvakurudzi kubva kuYunivhesiti yeTexas, Illinois uye University of Washington akaburitsa mashoko e mhuri itsva yekurwiswa kwepadivi chiteshi (yakatonyorwa pasi peCVE-2022-23823, CVE-2022-24436), codenamed Hertzbleed.
Hertzbleed, inzira yakarongwa yekurwisa, iyo inobva pane maitiro e dynamic frequency control muma processors emazuva ano uye anobata ese aripo Intel uye AMD CPUs. Iyo nyaya inogona kuzviratidza mune yechitatu-bato processors inotsigira ine simba frequency shanduko, senge ARM masisitimu, asi kudzidza kwacho kwakagumira kuyedza Intel uye AMD machipi.
Kuti uwedzere kushandiswa kwesimba uye kudzivirira kupisa, the processors inoshandura frequency zvichienderana nemutoro, izvo zvinounza shanduko mukushanda uye zvinokanganisa nguva yekushandiswa kwekushanda (kuchinja kwehuwandu hwe1 Hz kunotungamirira kukuchinja kwekushanda kwe 1 cycle pasekondi).
Mukati mekudzidza, Zvakaonekwa kuti mune mamwe mamiriro pa AMD uye Intel processors, shanduko yefrequency inopindirana zvakananga nedata riri kugadziriswa.
Zvichienderana nekuongororwa kwemisiyano munguva yekuitwa kwekushanda nedata rakasiyana, zvinokwanisika kudzorera zvisina kunanga ruzivo rwakashandiswa mukuverenga. Panguva imwecheteyo, pamatanho ekumhanya-mhanya nekunonoka kusinga fungidzike, kurwiswa kunogona kuitwa kure,
Kana kurwiswa kwacho kwakabudirira, nyaya dzakatarwa dzinobvumira makiyi epachivande kuti atemerwe kubva pakuongororwa kwenguva yekuverenga mumaraibhurari e-cryptographic kuburikidza nealgorithms umo masvomhu ekuverenga anogara achiitwa munguva inogara, zvisinei nemhando yedata iri kugadziriswa. Maraibhurari akadaro aionekwa seakadzivirirwa kubva pakurwiswa kuburikidza nevechitatu-bato chiteshi, asi zvakazoitika kuti nguva yekuverenga inotarwa kwete chete nealgorithm, asiwo nehunhu hweiyo processor.
Semuenzaniso unoshanda unoratidza huchokwadi hwekushandiswa kweiyo nzira yakatsanangurwa:
Kurwiswa kwekushandiswa kweSIKE (Supersingular Isogeny Key Encapsulation) key encapsulation mechanism yakaratidzwa, iyo yakapinda mukupedzisira kwemakwikwi e-post-quantum cryptosystems akaitwa neUS National Institute of Standards and Technology (NIST), uye akaiswa panzvimbo yakachengetedzwa. kurwiswa nevatatu.
Munguva yekuedza, kushandisa shanduko nyowani yekurwiswa kwakavakirwa pane yakasarudzwa ciphertext (kusarudzwa zvishoma nezvishoma kunoenderana nekugadzirisa ciphertext uye kuwana decryption yayo) yakakwanisa kudzoreredza zvizere kiyi yakashandiswa encryption nekutora zviyero kubva kune iri kure system, zvisinei nekushandiswa Kuitwa kweSIKE nekugara kwekuverenga nguva.
Zvakatora maawa makumi matatu nematanhatu kuti uone kiyi ye36-bit uchishandisa CIRCL kuita uye maawa makumi masere nemasere ePQCrypto-SIDH.
Intel ne AMD vakabvuma kusadzivirirwa kwevagadziri vavo kunyaya, asi havaronge kuvharidzira kusazvibata kuburikidza neiyo microcode update, sezvo zvisingaite kugadzirisa kusazvibata muhardware pasina kukosha kwekuita.
Pane kudaro, vanogadzira raibhurari ye cryptographic vanogashira kurudziro yemaitiro ekuvharisa ruzivo kuburitswa paunenge uchiita masvomhu ane hunyanzvi.
Cloudflare neMicrosoft vakatowedzera dziviriro iyi kune yavo SIKE kuita, zvichikonzera kudzikira kwe5% muCIRCL uye PQCrypto-SIDH kuita ne11%. Seimwe mhinduro yekuvhara njodzi muBIOS kana mutyairi, unogona kudzima "Turbo Boost", "Turbo Core" kana "Precision Boost" modes, asi shanduko iyi inotungamira mukudzikira kwakanyanya.
Intel, Cloudflare, neMicrosoft vakaziviswa nezvenyaya muQ2021 2022 uye AMD muQ14 2022, asi pachikumbiro cheIntel, kuburitswa pachena kwenyaya iyi kwakanonoka kusvika June XNUMX, XNUMX.
Nyaya yakasimbiswa pa8th kusvika 11th chizvarwa Intel Core microarchitecture-based desktop uye laptop processors, pamwe nemhando dzakasiyana dze AMD Ryzen, Athlon, Athlon desktop, mobile, uye server processors. -Series uye EPYC (vaongorori vakaratidza nzira pa Ryzen CPUs ine Zen 2 uye Zen 3 microarchitecture).
Pakupedzisira kune avo vanofarira kuziva zvakawanda nezvazvoIwe unogona kutarisa ruzivo mu inotevera chinongedzo.