I-CoreBoot 4.17 isivele ikhishwe futhi lezi yizindaba zayo

Darkcrizt

Imizuzu ye-4

Ukukhishwa kwephrojekthi ye-CoreBoot 4.17 kushicilelwe, lapho kuthuthukiswa enye indlela yamahhala ye-firmware yobunikazi kanye ne-BIOS.

Selokhu kwakhululwa inguqulo engu-4.16, sekube nezibophezelo ezintsha ezingaphezu kwe-1300 ezivela kubanikeli ababalelwa ku-150. Kulabo bantu, cishe abayi-15 babengamafayili okuqala.

Izici ezintsha eziyinhloko ze-CoreBoot 4.17

Kule nguqulo entsha eyethulwa, singakuthola lokho Imisebenzi ye-TIS yengeziwe (I-TPM Interface Specification) ethize yomthengisi ukufunda nokubhala ngokuqondile kusuka kurejista ye-TPM (Trusted Platform Module): tis_vendor_read() kanye ne-tis_vendor_write().

Olunye ushintsho olugqamayo ukuthi ukwesekwa kokunqamula ukuchezuka kwesikhombi null ngokusebenzisa izingodo zokususa iphutha nokuthi ngaphezu kwalokho Ukutholwa kwedivayisi ye-i2c kusetshenziswe ukwenza lula umsebenzi ngama-lacquers afakwe ama-touchpads noma izikrini zokuthinta ezivela kubakhiqizi abahlukene.

Ngaphandle kwalokho, Kuyaphawulwa ukuthi ikhono lokulondoloza idatha yesikhathi ngefomethi yengeziwe. ilungele ukukhiqiza amashadi e-FlameGraph abonisa ngokucacile ukuthi singakanani isikhathi esichithwa ezigabeni ezihlukene zokukhishwa.

Kwengezwe inketho kusisetshenziswa se-cbmem ukwengeza isikhathi kusuka endaweni yomsebenzisi kuya kuthebula elithi "isitembu sesikhathi" se-cbmem, okwenza kube nokwenzeka ukukhombisa imicimbi ku-cbmem ezigabeni ezikhishwe ngemva kwe-CoreBoot.

I- ikhono elakhelwe ngaphakathi lokukhiqiza amathebula ekhasi lememori emile kusuka kumafayela e-assembler, ngaphandle kwesidingo sokubiza izinsiza zezinkampani zangaphandle.

Ngakolunye uhlangothi, futhi kuqokonyiswa lokho kulungiswe ukuba sengozini (I-CVE-2022-29264) kuboniswe kuzinguqulo ze-CoreBoot 4.13 kuya ku-4.16 futhi ivumele amasistimu ane-AP (I-Application Processor) ukuthi asebenzise ikhodi ezingeni le-SMM (Imodi Yokulawulwa Kwesistimu), enokubaluleka okuphezulu (Ring -2) kunemodi ye-hypervisor kanye noziro wendandatho yokuvikela, kanye nokuba nokufinyelela okungenamkhawulo kuyo yonke inkumbulo. Inkinga ibangelwa ucingo olungalungile oluya kusibambi se-SMI kumojuli smm_module_loader.

Kokunye ukushintshaezigqamayo kule nguqulo entsha:

  • Kuvunyelwe ukubhala imininingwane yokususa iphutha kukhonsoli ye-CBMEMC kusuka kuzibambi ze-SMI uma usebenzisa i-DEBUG_SMI.
  • Isistimu yesibambi sokuqalisa se-CBMEM ishintshiwe, esikhundleni sezibambi *_CBMEM_INIT_HOOK ezixhunywe ezigabeni, izibambi ezimbili ziyaphakanyiswa: CBMEM_CREATION_HOOK (esetshenziswa esigabeni sokuqala esidala i-cbmem) kanye ne-CBMEM_READY_HOOK (esetshenziswa kunoma yisiphi isigaba lapho i-cbmem isivele idaliwe) .
  • Ukwesekwa okwengeziwe kwe-PSB (I-Platform Secure Boot), eyenziwe yasebenza i-PSP (I-Platform Security Processor) ukuze kuqinisekiswe ubuqotho be-BIOS kusetshenziswa isiginesha yedijithali.
  • Kwengezwe ukuqaliswa kwakho kwesibambi sedatha yokususa iphutha okuphasiswe ku-FSP (Isibambi Sokususa iphutha se-FSP).
  • Usekelo olungeziwe lwamabhodi omama angu-12, angu-5 kuwo asetshenziswa kumadivayisi we-Chrome OS noma amaseva e-Google:
    I-Clevo L140MU / L141MU / L142MU
    I-Dell Precision T1650
    I-HP Z220 CMT Workstation
    I-Star Labs LabTop Mk III (i7-8550u), LabTop Mk IV (i3-10110U, i7-10710U), Lite Mk III (N5000), ne-Lite Mk IV (N5030).
  • Kususwe ukwesekwa kwamabhodi omama we-Google Deltan kanye ne-Deltaur.
  • Kwengezwe ukulayisha okusha kwe-coreDOOM, okukuvumela ukuthi uqalise igeyimu ye-DOOM kusukela ku-Coreboot.
  • Iphrojekthi isebenzisa ikhodi ye-doomgeneric efakwe ku-libpayload.
  • Umugqa wefreyimu yefreyimu ye-Coreboot isetshenziselwa okukhiphayo futhi amafayela e-WAD anempahla yomdlalo alayishwa esuka ku-CBFS.
  • Izingxenye zokulayisha okukhokhelwayo ezibuyekeziwe i-SeaBIOS 1.16.0 kanye ne-iPXE 2022.1.
  • Imodi ye-SeaGRUB eyengeziwe (i-GRUB2 phezu kwe-SeaBIOS), evumela i-GRUB2 ukuthi isebenzise ama-callback ahlinzekwe yi-SeaBIOS, ngokwesibonelo, ukuze ifinyelele imishini ukulayisha kwe-GRUB2 okungakwazi ukufinyelela kuyo.
  • Ukuvikela okungeziwe ekuhlaselweni kwe-SinkHole, okukuvumela ukuthi usebenzise ikhodi ezingeni le-SMM (Imodi Yokuphatha Yesistimu).

Ukwengeza, singakwazi ukukhomba ishicilelwe yi-OSFF (Open-Source Firmware Foundation) encwadini evulekile eya ku-Intel, lapho ihlongoza ukuhlela amaphakheji okusekela kwe-firmware (I-FSP, Iphakheji Yokusekela I-Firmware) bese uqala ukushicilela imibhalo ehlobene nokuqaliswa kwe-Intel SoC.

Ukuntuleka kwekhodi ye-FSP kwenza kube nzima kakhulu ukwakha i-firmware evulekile futhi kwenza kube nzima ukuthi amaphrojekthi we-Coreboot, U-Boot, kanye ne-LinuxBoot athuthuke ku-Intel hardware. Ngaphambilini, umkhankaso ofanayo ube yimpumelelo futhi i-Intel evulekile yavula i-firmware ye-PSE (Programmable Services Engine) ecelwe ngumphakathi.

Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.