Vagadziri veboka reGoogle Cloud vaona kusagadzikana (CVE-2019-9836) mukumisikidza tekinoroji ye AMD SEV (kuchengetedzwa kwakachengetedzwa kwakachengetedzwa), izvo zvinogona kukanganisa data rakachengetedzwa neiyi tekinoroji.
AMD SEV padanho rehardwaree inopa yakajeka yekunyepera memory yemuchina chaiwo, uko iko chete kwazvino system yevaenzi inokwanisa kuwana iyo yakadzvanywa dhata, nepo mamwe ese akasimba michina uye iyo hypervisor vanowana seti yeyakavharidzirwa dhata pavanowana iyi memory.
Dambudziko rakatarwa rinotendera zvirimo muPHH yakavanzika kiyi kuti inyatso dzoreredzwa iyo inogadziriswa padanho remunhu akadzivirirwa PSP (AMD Security processor) processor isingawanikwe kune huru yekushandisa system.
Nekuva nekiyi PDH, anorwisa anogona kudzoreredza kiyi yechikamu uye kuteedzana kwakavanzika yakatsanangurwa paunenge uchigadzira muchina chaiwo uye uchiwana iyo yakavharidzirwa data.
Iyo kusagadzikana kuri nekuda kwekukanganisa mukuitwa kweiyo elliptic curves (ECC) inoshandiswa kunyorera, iyo inobvumidza kurwisa kudzoreredza ma parameter eiyo curve.
Munguva yekuitwa kwekutanga kuraira kwekuchengetedzwa kwemuchina chaiwo, uyo anorwisa anogona kutumira ma curve parameter asingafanane nematanho akakurudzirwa neNIST, izvo zvinozotungamira mukushandiswa kweanodzika-poindi poindi kukosha mukuwanda kwekuita pamwe nedatha kubva kune yakavanzika kiyi.
SEV's Elliptical Curve (ECC) kuitiswa kwakawanikwa kuve panjodzi yekurwiswa zvisina kukodzera kwemakona. Panguva yebhoti yekutanga kuraira, anorwisa anogona kutumira
Iwo madiki madhizaini ECC mapoinzi haasi mune epamutemo NIST curves, uye ivo vanomanikidza iyo SEV firmware kuti iwedzere diki yekuraira poindi neyakavanzika DH yeiyo scalar firmware.
Nekutora zvakakwana modular marara, anorwisa anogona kudzoreredza yakazara PDH yakavanzika kiyi. Iine PDH, anorwisa anogona kudzoreredza kiyi yechikamu uye kuvhura chakavanzika chemuchina chaiwo. Izvi zvinoputsa zvivimbo zvekuvanzika zvinopihwa neSVV.
Iko kuchengetedzwa kweECDH protocol kunoenderana zvakananga neakarongedzwa enzvimbo yakatangira yeiyo curve, ine discrete logarithm ibasa rakaomarara.
Mune rimwe rematanho ekutanga iyo AMD SEV nharaunda, ma parameter akawanikwa kubva kumushandisi anoshandiswa mukuverenga nekiyi yakavanzika.
Mukukosha, iko kushanda kwekuwedzera mapoinzi maviri kunoitwa, imwe yacho inoenderana nekiyi yakavanzika.
Kana iyo yechipiri poindi ichinongedzera kune yakaderera-odha prime manhamba, ipapo anorwisa anogona kuona paramende yepakutanga poindi (mabheti emodulo anoshandiswa mukujekesa modulo oparesheni) nekunyora zvese zvinogona kuita. Zvimedu zvakasarudzika zvemhando yepamusoro zvinogona kusanganiswa kuona iyo yakavanzika kiyi uchishandisa Chinese theorem pane zvakasara.
Kurwiswa kwakashata kwemakona ndiko iko kuwanda kwemapoinzi ECDH kunoitwa pane rakasiyana curve - akasiyana paramende (a, b). Izvi zvinogoneswa mupfupi Weierstrass huwandu hwemapoinzi basa sezvo paramende "b" isiri kushandiswa.
Pane iri curve, iyo poindi ine diki yekutanga chirongwa. Nekuedza ese akakosha kukosha kweiyo diki odha poindi, anorwisa anogona kutora yakavanzika scalar bits (modulate iyo odhiyo).
AMD EPYC server mapuratifomu anoshandisa SEV firmware kusvika kune vhezheni 0.17 kuvaka 11 idambudziko.
AMD yakatoburitsa firmware yekuvandudza, iyo yakawedzera kukiya pakushandisa mapoinzi asingaenderane neiyo NIST curve.
Panguva imwecheteyo, zvitifiketi zvakagadzirwa kare zvemakiyi ePH anoramba achishanda, zvichibvumira anorwisa kuti aite kurwisa kwemuchina wekutama kubva munzvimbo dzakachengetedzwa kubva kunjodzi kune avo vane dambudziko.
Iko mukana wekuita kudzokedzana kurwisa pane iyo firmware vhezheni yeiyo yapfuura nenjodzi vhezheni inotaurwa zvakare, asi basa iri harisati rasimbiswa parizvino
mabviro: https://seclists.org/