Akukho okuxakayo, amadrama zero ... Kepha sekutholakele okunye ukuba sengozini, i-CVE-2020-10713, ethinta i-GRUB2 bootloader ne-Secure Boot. Ukushicilelwa kwethimba labacwaningi be-Eclypsium yilokho obekudala lokhu okutholakele nabakubize ngeBootHole. Ngisho neMicrosoft ishicilele okufakiwe kwisexwayo sayo sezokuphepha futhi isho ukuthi kunesixazululo esiyinkimbinkimbi okwamanje.
I-BootHole Kungukuchichima kokuchichima kwesibhaxana okuthinta izigidigidi zamadivayisi ane-GRUB2 kanye nabanye abangenayo i-GRUB2 abasebenzisa i-Secure Boot efana neWindows. Ekuhlukanisweni kohlelo lweCVSS kutholwe amaphuzu angama-8.2 kwayishumi, okusho ukuthi kuyingozi enkulu. Futhi ukuthi umhlaseli angasebenzisa lokhu ukuze akwazi ukwenza ikhodi engenacala (kufaka phakathi i-malware) eyethulwe ngesikhathi senqubo yokuqalisa, noma ngabe i-Secure Boot inikwe amandla.
ngakho amadivaysi inethiwekhi, amaseva, izindawo zokusebenza, amadeski nama-laptops, kanye namanye amadivayisi afana nama-SBC, amadivayisi athile eselula, amadivayisi we-IoT, njll.
Ngaphezu kwalokho, ngokwe-Eclypsium, kuzoba njalo Kunzima ukunciphisa futhi kuzothatha isikhathi ukuthola isixazululo. Kuzodinga ukubuyekezwa okujulile kwama-bootloaders futhi abathengisi kufanele bakhiphe izinhlobo ezintsha zama-bootloaders asayinwe yi-UEFI CA. Kuzothatha imizamo ehlanganisiwe phakathi kwabathuthukisi kumthombo ovulekile weMicrosoft nomphakathi obambisene nabanye abanikazi bohlelo abathintekayo ukwehlisa iBootHole.
Eqinisweni, benze i- ukwenza uhlu ukwazi ukulungisa iBootHole ku-GRUB2 futhi udinga:
- Isiqephu sokuvuselela i-GRUB2 futhi siqede ubungozi.
- Ukuthi abathuthukisi bokusabalalisa kweLinux nabanye abathengisi bakhiphe izibuyekezo zabasebenzisi babo. Kokubili ezingeni le-GRUB2, abafaki nama-shims.
- Ama-shim amasha kufanele asayinwe yi-Microsoft UEFI CA kubantu besithathu.
- Abaphathi bezinhlelo zokusebenza ngokusobala kuzofanele bavuselele. Kepha kufanele ifake phakathi kokubili uhlelo olufakiwe, izithombe ezifakiwe kanye nemidiya yokuthola kabusha noma yokuqalisa ebakhile.
- Uhlu Lokuchithwa kwe-UEFI (dbx) luzodinga nokuvuselelwa ku-firmware yohlelo ngalunye oluthintekile ukuvimbela ukwenziwa kwekhodi ngesikhathi sokuqalisa.
Okubi kakhulu ukuthi uma kukhulunywa nge-firmware, kufanele uqaphele futhi uqaphele ukuthi ungagcini unezinkinga nokuthi amakhompyutha ahlala kumodi yezitini.
Okwamanje, izinkampani ezifana neRed Hat, HP, Debian, SUSE, Canonical, Oracle, Microsoft, VMWare, Citrix, UEFI Security Response Team kanye nama-OEMs, kanye nabahlinzeki be-software, vele basebenzela ukuyixazulula. Kodwa-ke, kuzofanele silinde ukubona iziqeshana zokuqala.
QAPHELA
Kepha ukubukela phansi ukusebenza kwabathuthukisi nomphakathi kungaba yisiphukuphuku. Kakade kunabaqokiwe abaningana be-patch ukuyinciphisa eqhamuka ezinkampanini ezinjengeRed Hat, iCanonical, njll. Le nkinga bayihlabe umkhosi njengeyona nto eseqhulwini futhi iyazuzisa.
Inkinga? Inkinga ukuthi lezi zimaki zidala ezinye izinkinga. Kungikhumbuza okwenzeka ngeziqeshana zeMetldown neSpecter, ukuthi kwesinye isikhathi ikhambi libi kakhulu kunesifo ...