Abaphandi abavela Iitekhnoloji eziqinisekileyo zichonge umngcipheko omtsha (CVE-2019-0090) ukuba ivumela ukufikelela ngokwasemzimbeni kwikhompyuter ukukhupha isitshixo seengcambu zeqonga (isitshixo se-chipset), esisetyenziswa njengengcambu yokuthembela ekuqinisekiseni izinto ezahlukeneyo zeqonga, kubandakanya i-TPM (yeQonga elithembekileyo leModyuli yeFirmware) kunye ne-UEFI.
Ukuba sesichengeni Kubangelwa yimpazamo kwizixhobo kunye ne-firmware Intel CSME, que Ime kwi-boot yeROM, ebaluleke kakhulu kuba le mpazamo ayinakulungiswa nangayiphi na indlela.
Umngcipheko we-CVE-2019-0090 ibhekisa kwinjini yokhuseleko ehlanganisiweyo kunye nolawulo (CSME) kuninzi lwee-CPU ze-Intel ezikhutshwe kule minyaka mihlanu idlulileyo, kunye nezo ze-XNUMXth genation ezizezinye ngaphandle.
Ingxaki enkulu kuba ibonelela ngokuhlolwa kwe-cryptographic inqanaba eliphantsi xa iibhodi zebhodi yomama, phakathi kwezinye izinto. Yinto yokuqala obalekayo xa ucofe iswitshi yamandla kunye nengcambu yokuthembela kuyo yonke into elandelayo.
Ngenxa yobukho befestile ngexesha lokuqalisa kwakhona kwe-Intel CSME umzekelo, xa uphuma kwimodi yokulala.
Ngokusebenzisa ubuqhetseba nge-DMA, idatha ingabhalwa kwimemori emileyo ye-Intel CSME kunye neetafile zamaphepha ememori ezinokutshintshwa I-Intel CSME sele iqalisile ukuthintela ukwenziwa, ukukhupha isitshixo eqongeni kunye nokufumana ulawulo kwisizukulwana sezitshixo zofihlo kwiimodyuli ze-Intel CSME. Iinkcukacha zokuba sesichengeni kokuxhaphaza zicwangciselwe ukuba zikhutshwe kamva.
Ukongeza ekukhupheni isitshixo, Impazamo ikwavumela ukwenziwa kwekhowudi kwinqanaba lelungelo zero ukusuka kwi-Intel CSME (ukuLawulwa kokuGuqulwa kunye neeNjini zoKhuseleko).
I-Intel yaqaphela ingxaki malunga nonyaka odlulileyo kwaye ngoMeyi 2019 uhlaziyo lwakhutshwa firmware ukuba, nangona bengenakutshintsha ikhowudi esemngciphekweni kwiROM, nangona kuthiwa "bazama ukuvimba iindlela zokusebenza ezinokubakho kwinqanaba leemodyuli ze-Intel CSME nganye."
Ngokwe-Positive Technologies, isisombululo sivale kuphela i-vector enye yokuxhaphaza. Bakholelwa ukuba zininzi iindlela zokuhlaselwa kwaye ezinye azidingi ukufikelela ngokwasemzimbeni.
"Zininzi iindlela zokusebenzisa obu bungozi kwiROM, ayizizo zonke ezifuna ukufikelela ngokwasemzimbeni, ezinye ukufikelela kuphela okunxulumene ne-malware yendawo.
Ngokuka-Mark Ermolov, isiQinisekiso seKhompyutha kunye ne-OS Security Specialist kwiiPositive Technologies, ngenxa yendawo ekuyo, Isiphene siyafana nokuhlola i-Checkm8 boot ROM exhaphaza izixhobo ze-iOS eyatyhilwa ngo-Septemba kwaye ithathwa njengeqhekeza elisisigxina.
Phakathi kweziphumo ezinokubakho ukufumana isitshixo seengcambu zeqonga, Inkxaso ye-firmware ye-Intel CSME ikhankanyiwe, ukuzibophelela kwe iinkqubo zofihlo Imithombo yeendaba esekwe kwi-Intel CSME, ngokunjalo ukubakho kokuphamba nge-EPID (Ukuphuculwa kwe-ID yaBucala) ukuhambisa ikhompyuter yakho kwenye ngokudlula kukhuseleko lwe-DRM.
Kwimeko apho iimodyuli ze-CSME ziyekisiwe, i-Intel ibonelele ngesakhono sokuhlaziya izitshixo ezinxulunyaniswa nazo zisebenzisa indlela ye-SVN (yeNombolo yeNombolo yoKhuseleko).
Kwimeko yokufikelela kwisitshixo seengcambu zeqonga, lo matshini awusebenzi kuba isitshixo seengcambu seqonga sisetyenziselwa ukwenza isitshixo sokubethela i-Integrity Control Value Blob (ICVB), ethi irisithi, Ivumela ikhowudi yokukhohlisa kuyo nayiphi na imodyuli ye-Intel CSME firmware.
Le inokuba yeyona ngxaki inkulu kwi-Intel, kuba iingxaki zangaphambili ezinje nge-specter okanye ukunyibilika kuncitshisiwe, kodwa le yingxaki enkulu kuba isiphoso sikwiROM kwaye njengoko abaphandi bayikhankanyayo le mpazamo ayinakusonjululwa nangayiphi na indlela.
Kwaye nangona i-Intel isebenza ukuze ikwazi "ukuzama ukuvimba" iindlela ezinokubakho, nantoni na abayenzayo akunakwenzeka ukusombulula ukusilela.