Munguva Black Hat Asia 2023 nhau dzakaburitswa kuti vaongorori vepaYunivhesiti yeBirmingham vakaona a kusagadzikana (CVE-2022-43309) Pane mamwe maseva mamaboards unogona kudzima iyo CPU pasina mukana wekuwedzera kupora.
Kune avo vasingazive Black Hat", vanofanira kuziva kuti ndizvochiitiko chinozivikanwa pasi rose checybersecurity chiitiko ichipa yakanyanya hunyanzvi uye yakakodzera ruzivo rwekuchengetedza ruzivo. Kukura kubva pamusangano wepagore wepagore kusvika kune inoremekedzwa yakatevedzana yezviitiko zvekuchengetedza ruzivo rwepasirese, izvi zviitiko zvemazuva mazhinji zvinopa nharaunda yekuchengetedza netsvagurudzo yazvino, budiriro, uye yekucheka-kumucheto maitiro.
Nezve PMFault
Vatsvagiri vepaYunivhesiti yeBirmingham (inozivikanwawo nekuburitsa njodzi muSoftware Guard Extensions chimiro uye kugadzira iyo Plundervolt uye VoltPillager kurwisa), yakaratidza pfungwa ye kusagadzikana, codenamed PMFault.
Kukosha kwePMFault ndiko kuti inogona kushandiswa kukuvadza maseva ayo munhu anorwisa asingakwanise kuwana yemuviri, asi ine rombo rekuwana kune iyo inoshanda sisitimu, yakawanikwa, semuenzaniso, semugumisiro wekushandisa kusagadzikana kusati kwaitwa kana kubvunzurudza maneja.
Izvo zvakakosha zveiyo nzira yakatsanangurwa ndeye kushandisa iyo PMBus interface, iyo inoshandisa I2C protocol, kuwedzera voltage inopihwa kune processor kune zvakakosha zvinokonzeresa kukuvadza kune chip. Iyo PMBus interface inowanzoitwa muVRM (Voltage Regulator Module), iyo inogona kuwanikwa nekushandisa BMC controller.
Para mapuranga ekurwisa anotsigira PMBus, kunze kwekodzero dzemutungamiri muhurongwa hwekushanda, zvakakosha kuti uve nepurogiramu yekuwana BMC (Baseboard Management Controller), somuenzaniso, kuburikidza ne IPMI KCS (Keyboard Controller Style) interface, kuburikidza neEthernet, kana nekupenya BMC. yehurongwa hwazvino.
Chekutanga, isu tinoratidza kuti undervoltage pamusoro pePMBus inobvumira kutyora kutendeseka vimbiso dzeSGX enclaves, nekupfuura Intel's countermeasures kupokana neyakapfuura undervoltage kurwiswa sePlundervolt/V0ltPwn. Chechipiri, isu tinoedza kuratidza kuti simba rinowedzera kunze kweiyo yakatarwa rine mukana wekukuvadza zvachose Intel Xeon CPUs, zvichiita kuti sevha isashande. Isu takaongorora mabatiro ezvatakawana pane mamwe maseva mamabhodhi akagadzirwa naSupermicro uye ASRock.
Kurwiswa kwedu, kunonzi PMFault, kunogona kuitwa nemupikisi wesoftware ane rombo uye hazvidi kuwana kwemuviri kune server mamaboard kana ruzivo rweBMC login zvitupa.
Zvinonzi pane dambudziko rakasimbiswa kuti inobvumira kurwiswa pasina ruzivo rwezviyero zvekusimbisa paBMC paSupermicro mamaboards ane IPMI uye ASRock rutsigiro, asi mamwe maseva mabhodhi uko PMBus anogona kuwanikwa anokanganiswawo.
Nzira ye shanduko yemagetsi kuburikidza nePMBus inogona zvakare kushandiswa kuita Plundervolt kurwisa, iyo inobvumira, nekudzikisira voltage kune hushoma hutsika, kukuvadza zviri mukati me data maseru muCPU anoshandiswa mukuverenga mune ari ega Intel SGX enclaves uye kugadzira zvikanganiso mukutanga kugadzirisa algorithms.
Semuenzaniso, kana ukashandura kukosha kunoshandiswa mukuwandisa panguva yekuvharidzira, mhedzisiro inenge isiri iyo ciphertext. Nekukwanisa kufonera mutyairi paSGX kuti encrypt data yayo, anorwisa anogona, nekukonzeresa kutadza, kuunganidza manhamba ekuchinja kweinobuda ciphertext uye kutora kukosha kwekiyi yakachengetwa muSGX enclave.
Munguva yekuedza, apo magetsi akawedzera kusvika 2,84 volts, Maviri Intel Xeon processors pamabhodhi aya akakuvadzwa.
Pakupedzisira, kune avo vanofarira kukwanisa kudzidza zvakawanda pamusoro payo, vanofanira kuziva izvozvo seti inoburitswa paGitHub yezvishandiso zvekurwisa Supermicro uye ASRock mabhodhi, pamwe nekushandisa kuona PMBus kuwana. Unogona kubvunza zvakawanda nezve ongororo Mune inotevera chinongedzo.