Vakaona kusakwana kwe2 muTPM 2.0 inobvumira kuwana data 

ngozi

Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.

Munguva pfupi yapfuura nhau dzakabuda kuti vaona kusakwana kuviri (yakatonyorwa pasi peCVE-2023-1017, CVE-2023-1018) mukodhi ine referensi yekuitwa kweiyo TPM 2.0 tsanangudzo (Yakavimbika Platform Module).

Mhosho dzakaonekwa zvinocherechedzwa, sezvavanotungamira mukunyora kana kuverenga data kunze kwemiganhu yebhafa yakagoverwa. Kurwiswa kwekushandiswa kwecryptoprocessor uchishandisa kodhi isina njodzi kunogona kukonzera kubviswa kana kudhindwa kweruzivo rwakachengetwa padivi re chip, senge cryptographic kiyi.

Anorwisa ane mukana weiyo TPM yekuraira interface anogona kutumira mirairo yakashata kumodule uye kukonzeresa izvi. Izvi zvinobvumira kuverenga-chete kuwana kune data rakadzama kana kunyora pamusoro pe data rakachengetedzwa rinowanikwa chete kuTPM (semuenzaniso, cryptographic kiyi).

Izvo zvinotaurwa kuti munhu anorwisa anogona kushandisa kugona kunyora pamusoro data muTPM firmware kurongedza kuurayiwa kwekodhi yako mumamiriro eTPM, ayo, semuenzaniso, anogona kushandiswa kuita mabackdoors anoshanda kudivi reTPM uye asingaonekwe kubva kuOS.

Kune avo vasina kujairana neTPM (Trusted Platform Module), iwe unofanirwa kuziva kuti iyi ihardware-based solution inopa yakasimba cryptographic mabasa kumakomputa emazuva ano anoshanda masisitimu, zvichiita kuti isagone kukanganiswa.

Murwisi wepanzvimbo akatenderwa anogona kutumira mirairo ine hutsinye kune isina njodzi TPM inobvumira kupinda kune data rakajeka. Mune zvimwe zviitiko, anorwisa anogona zvakare kunyora pasi data rakachengetedzwa muTPM firmware. Izvi zvinogona kukonzera kuparara kana kupokana kodhi kuurayiwa mukati meTPM. Nekuti mubhadharo weanorwisa unomhanya mukati meTPM, haugone kuwonekwa nezvimwe zvikamu pachinhu chakanangana.

Sezvo cloud computing uye virtualization zvanyanya kufarirwa mumakore achangopfuura, software-based TPM mashandisirwo akakurawo mukuzivikanwa. Iyo TPM inogona kuitwa se discrete, yakamisikidzwa, kana firmware TPM mune yayo hardware fomu. Virtual TPMs iripo mune hypervisor fomu kana mune yakasarudzika-yakavakirwa TPM kuita, semuenzaniso, swtpm.

Nezve kusagadzikana waonekwa, inotaurwa kuti izvi zvinokonzerwa nekutarisa kwakashata saizi yezviyero zveCryptParameterDecryption() basa, iro inobvumira kunyora kana kuverenga mabhayiti maviri kunze kwebhafa yakapfuura kune iyo ExecuteCommand () basa uye ine iyo TPM2.0 yekuraira. Zvichienderana nekuitwa kwefirmware, kunyora pamusoro maviri mabyte kunogona kukanganisa zvese zvisina kushandiswa ndangariro uye data kana anongedza pane stack.

Kusagadzikana kunoshandiswa nekutumira mirairo yakanyatso kugadzirirwa iyo TPM module (anorwisa anofanira kuwana iyo TPM interface).

Parizvino, nyaya dzakatogadziriswa nekutumira shanduro dzekuvandudza TPM 2.0 yakatarwa yakaburitswa muna Ndira (1.59 Errata 1.4, 1.38 Errata 1.13, 1.16 Errata 1.6).

Ukuwo, zvinonzi zvakare libtpms Open Source Library, iyo inoshandiswa kugadzirira kutevedzera TPM module uye kubatanidza TPM rutsigiro mune hypervisors, inobatwawo nekusagadzikana. Kunyange zvazvo zvakakoshawo kutaura kuti kukanganisa kwakagadziriswa mukusunungurwa kwe libtpms 0.9.6, saka kune avo vari pane imwe shanduro yekare, zvinokurudzirwa kuti vagadzirise kune shanduro itsva nokukurumidza.

Nezve mhinduro yekukanganisa uku, TCG (Trusted Computing Group) yakaburitsa gadziriso kune yayo Errata yeTPM2.0 raibhurari yakatarwa nemirayiridzo yekugadzirisa kusagadzikana uku. Kuve nechokwadi chekuchengetedza masisitimu avo, vashandisi vanofanirwa kushandisa zvigadziriso zvinopihwa nehardware nevagadziri vesoftware kuburikidza neketani yavo yekugovera nekukurumidza.

Chekupedzisira, kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako