Bafumene ubuthathaka obu-2 kwi-TPM 2.0 evumela ukufikelela kwidatha 

Mva nje kwavela iindaba zokuba bachonge ubuthathaka obubini (esele ifakwe kwikhathalogu phantsi kwe-CVE-2023-1017, CVE-2023-1018) ngekhowudi ngokuphunyezwa kwereferensi. TPM 2.0 iinkcukacha (Imodyuli yeQonga elithembekileyo).

Iimpazamo zichongiwe ziphawuleka, njengoko zikhokelela ekubhaleni okanye ekufundeni idatha ngaphandle kwemida ye-buffer eyabiweyo. Uhlaselo ekuphunyezweni kwe-cryptoprocessor kusetyenziswa ikhowudi esengozini kunokubangela ukutsalwa okanye ukubhala ngaphezulu kolwazi olugcinwe kwicala le-chip, elifana nezitshixo ze-cryptographic.

Umhlaseli onokufikelela kujongano lomyalelo we-TPM angathumela imiyalelo eyilwe ngokukhohlakeleyo kwimodyuli kwaye aqalise obu bubuthathaka. Oku kuvumela ukufikelela kokufunda kuphela kwidatha ebuthathaka okanye ukubhala ngaphezulu kwedatha ekhuselweyo eqhelekileyo efumaneka kuphela kwi-TPM (umzekelo, izitshixo ze-cryptographic).

Kuyakhankanywa ukuba umhlaseli unokusebenzisa ukukwazi ukubhala ngaphezulu idatha kwi-firmware ye-TPM ukucwangcisa ukuphunyezwa kwekhowudi yakho kumxholo we-TPM, leyo, umzekelo, ingasetyenziselwa ukuphumeza i-backdoors esebenza kwicala le-TPM kwaye ayibonwa kwi-OS.

Kwabo bangayazi i-TPM (iModyuli yePlatifomu ethembekileyo), kufuneka ukwazi ukuba esi sisisombululo esisekelwe kwi-hardware esinika imisebenzi eyomeleleyo ye-cryptographic kwiinkqubo zokusebenza zekhompyutheni zanamhlanje, okwenza ukuba zixhathise ukuphazamisa.

Umhlaseli wasekuhlaleni oqinisekisiweyo angathumela imiyalelo ekhohlakeleyo kwi-TPM esesichengeni evumela ufikelelo kwidatha ebuthathaka. Kwezinye iimeko, umhlaseli unokuphinda abhale ngaphezulu idatha ekhuselweyo kwi-firmware ye-TPM. Oku kunokubangela ukuphazamiseka okanye ukuphunyezwa kwekhowudi engafanelekanga ngaphakathi kweTPM. Ngenxa yokuba umthwalo womhlaseli ubaleka ngaphakathi kwe-TPM, usenokungabonwa ngamanye amacandelo kwisixhobo ekujoliswe kuso.

Njengoko i-computing yelifu kunye ne-virtualization iye yanda kakhulu kwiminyaka yakutshanje, ukuphunyezwa kwe-TPM esekwe kwisoftware nako kukhule ekuthandeni. I-TPM inokuphunyezwa njenge-discrete, embedded, okanye i-firmware ye-TPM kwifom yayo ye-hardware. Ii-TPM ze-Virtual zikhona kwifomu ye-hypervisor okanye kuphunyezo lwe-TPM olusekwe kwisoftware, umzekelo, i-SWtpm.

Malunga nokuba semngciphekweni ibhaqwe, kukhankanywa ukuba ezi zibangelwa kukukhangela ubungakanani obungachanekanga yeparameters ze CryptParameterDecryption() umsebenzi, othi ivumela ukubhala okanye ukufunda iibhayithi ezimbini ngaphandle kwesithinteli esigqithiselwe kwi-ExecuteCommand () umsebenzi kwaye iqulathe umyalelo we TPM2.0. Ngokuxhomekeke ekuphunyezweni kwe-firmware, ukubhala ngaphezulu kwee-byte ezimbini kunokonakalisa zombini imemori engasetyenziswanga kunye nedatha okanye izikhombisi kwi-stack.

Ukuba sesichengeni kusetyenziswe ngokuthumela imiyalelo eyenzelwe ngokukodwa imodyuli yeTPM (umhlaseli kufuneka abe nofikelelo kujongano lweTPM).

Okwangoku, imiba sele ilungisiwe ngokuthumela iinguqulelo zohlaziyo lwenkcazo ye-TPM 2.0 ekhutshwe ngoJanuwari (1.59 Errata 1.4, 1.38 Errata 1.13, 1.16 Errata 1.6).

Kwelinye icala, kukwaxelwa ukuba i libtpms iThala leencwadi eliVulekileyo, esetyenziselwa ukulinganisa ngokwenkqubo iimodyuli zeTPM kunye nokudibanisa inkxaso yeTPM kwiihypervisors, ikwachatshazelwa nokuba sesichengeni. Nangona kubalulekile ukukhankanya ukuba ubuthathaka bulungiswe ekukhululweni kwe-libtpms 0.9.6, ngoko ke abo bakwinguqulo endala, kucetyiswa ukuba bahlaziye kwinguqulo entsha ngokukhawuleza.

Ngokumalunga nesisombululo kwezi ziphene, i-TCG (iQela eliThenjiweyo leKhompyutha) ipapashe uhlaziyo kwi-Errata yayo yenkcazo yethala leencwadi le-TPM2.0 enemiyalelo yokujongana nobu buthathaka. Ukuqinisekisa ukhuseleko lweenkqubo zabo, abasebenzisi kufuneka basebenzise uhlaziyo olunikezelwa yihardware kunye nabavelisi besoftware ngekhonkco labo lokubonelela ngokukhawuleza.

Okokugqibela, ukuba unomdla wokwazi okungakumbi ngayo, unokujonga kwiinkcukacha Kule khonkco ilandelayo.