Uma exhashazwa, lawa maphutha angavumela abahlaseli ukuthi bathole ukufinyelela okungagunyaziwe kulwazi olubucayi noma ngokuvamile babangele izinkinga.
Muva nje ulwazi olumayelana nokuba sengozini luye lwadalulwa (esivele ifakwe kukhathalogi ngaphansi kwe-CVE-2021-33164) itholwe ku-firmware ye-UEFI, iphutha elitholiwe livumela ukukhishwa kwekhodi ezingeni le-SMM (Imodi Yokulawulwa Kwesistimu), ebaluleke kakhulu kunemodi ye-hypervisor nendandatho yokuvikela enguziro, futhi inikeza ukufinyelela okungenamkhawulo yonke inkumbulo yesistimu.
Ukuba sengozini, kabani Igama lekhodi nguRingHopper, kuyinto okuhlobene nokwenzeka kokuhlaselwa kwesikhathi kusetshenziswa i-DMA (Ukufinyelela Inkumbulo Okuqondile) ukuze konakalise inkumbulo kukhodi esebenza kusendlalelo se-SMM.
Isimo somjaho esibandakanya ukufinyelela nokuqinisekiswa kwe-SMRAM kungafinyelelwa ngokuhlaselwa kwesikhathi kwe-DMA okuncike kuzimo zesikhathi sokusebenzisa (TOCTOU). Umhlaseli angasebenzisa ukuvota okufika ngesikhathi ukuze azame ukubhala phezu kokuqukethwe kwe-SMRAM ngedatha engaqondile, okuholela kukhodi yomhlaseli esebenza ngamalungelo afanayo aphezulu atholakala ku-CPU (okungukuthi, imodi ye-Ring -2). Imvelo engavumelanisiwe yokufinyelela kwe-SMRAM ngezilawuli ze-DMA ivumela umhlaseli ukuthi enze lokho kufinyelela okungagunyaziwe futhi adlule ukuhlola okuvamile okunikezwa isilawuli se-SMI API.
Ubuchwepheshe be-Intel-VT ne-Intel VT-d bunikeza isivikelo esithile ekuhlaselweni kwe-DMA ngokusebenzisa i-Input Output Memory Management Unit (IOMMU) ukuze kubhekwane nezinsongo ze-DMA. Nakuba i-IOMMU ingavikela ekuhlaselweni kwehadiwe ye-DMA, abalawuli be-SMI abasengozini ye-RingHopper basengahlukunyezwa.
Ukuba sengozini ingasetshenziswa ohlelweni lokusebenza usebenzisa abashayeli be-SMI sengozini (I-System Administration Interrupt), edinga amalungelo omlawuli ukufinyelela. Ukuhlasela kungenziwa futhi uma kukhona ukufinyelela ngokomzimba ekuqaleni kwe-boot, esigabeni sangaphambi kokuqaliswa kwesistimu yokusebenza. Ukuvimba udaba, abasebenzisi be-Linux bayanconywa ukuthi babuyekeze i-firmware nge-LVFS (Insizakalo ye-Linux Vendor Firmware) besebenzisa i-fwupdmgr (fwupdmgr thola-updates) insiza evela ephaketheni le-fwupd.
Isidingo sokuba namalungelo omlawuli ukwenza ukuhlasela kunciphisa ingozi yenkinga, kodwa akuvimbeli ukusetshenziswa kwayo njengobungozi besixhumanisi sesibili, ukugcina ubukhona babo ngemva kokusebenzisa obunye ubungozi ohlelweni noma ukusebenzisa izindlela zobunjiniyela benkundla yezokuxhumana.
Ukufinyelela ku-SMM (Ring -2) kuvumela ikhodi ukuthi ifakwe ezingeni elingalawulwa isistimu yokusebenza, engasetshenziswa ukulungisa i-firmware nokubeka amakhodi anonya noma ama-rootkits afihlwe ku-SPI Flash engatholwa isistimu yokusebenza. . , kanye nokukhubaza ukuqinisekiswa esiteji sokuqalisa (i-UEFI Secure Boot, Intel BootGuard) nokuhlaselwa kwama-hypervisors ukuze kudlule izindlela zokuqinisekisa ubuqotho bezindawo ezibonakalayo.
Inkinga ingenxa yesimo somjaho kusilawuli se-SMI (ukuphazamiseka kokuphathwa kwesistimu) okwenzeka phakathi kokuhlola ukufinyelela nokufinyelela kwe-SMRAM. Ukuhlaziywa kwesiteshi eseceleni nge-DMA kungasetshenziswa ukuze kunqunywe isikhathi esifanele phakathi kokuhlolwa kwesimo nokusetshenziswa komphumela wokuhlola.
Ngenxa yalokho, ngenxa yemvelo engavumelanisiwe yokufinyelela kwe-SMRAM nge-DMA, umhlaseli angakwazi isikhathi futhi abhale ngaphezulu okuqukethwe kwe-SMRAM nge-DMA, edlula i-API yomshayeli we-SMI.
Amaphrosesa anikwe amandla e-Intel-VT kanye ne-Intel VT-d ahlanganisa ukuvikeleka ekuhlaselweni kwe-DMA okusekelwe ekusetshenzisweni kwe-IOMMU (Input Output Memory Management Unit), kodwa lokhu kuvikela kusebenza ngempumelelo ekuvimbeni ukuhlaselwa kwezingxenyekazi zekhompyutha ze-DMA okwenziwa ngamadivayisi okuhlasela alungiselelwe, futhi akuvikeli ngokumelene nawo. ukuhlaselwa ngezilawuli ze-SMI.
Ukuba sengozini kuqinisekisiwe ku i-firmware Intel, Dell kanye Insyde Software (Lolu daba kuthiwa luthinta abakhiqizi abangu-8, kodwa aba-5 abasele abakadalulwa.) i-firmware ye I-AMD, i-Phoenix ne-Toshiba ayithinteki kule nkinga.
Umthombo: https://kb.cert.org/