-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/21/2016 10:43 AM, ron minnich wrote:
Talidan, just be aware, you can spend the money on enabling IOMMU in coreboot, but you should not just assumed that it gets upstreamed.
That's why I was suggesting we discuss mitigating DMA attacks instead of going after the IOMMU directly. We have the AMD platform documentation and should be able to properly configure the hardware to reject DMA attacks, even without the IOMMU active, unless AMD inserted a backdoor into the relevant hardware as they have been known to do. At least they have been kind enough to document said backdoors when they are present!
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com