On 21.06.2018 13:20, Jose Trujillo via coreboot wrote:
If you don't enable a device in devicetree the initialization routine will not be executed.
Interpretation of the devicetree on/off values depends on the chipset code. And even if the chipset code disables (or doesn't enable) some- thing, this might just mean that the device is not visible any more.
Beside the IOMMU protection, there are two other options to prevent a PCI device from DMA:
1. The Bus-Master bit in the device' PCI-Command register. Though, enforcement of the bit is implementation specific.
2. Disabling the PCIe port of the chipset / bridge. If this is possible is also implementation specific.
To test just insert a SD card and use DMESG or other command to see if device ID is found, also in device manager in Windows.
Alas, a non-functioning device driver is no proof that DMA can't happen. If you want to be sure, find research (for exactly your platform) that confirms that a given method prevents DMA; or, get a programmable PCIe device and test it yourself. There are no shortcuts.
Nico