15 Nov
2016
15 Nov
'16
1:35 p.m.
I have KGPE-d16 with IOMMU/AMD-VI and I was wondering if it would be possible to designate in coreboot certain devices pass-through only to stop them from communicating with the host? If I have to launch a rescue CD or what not then a rogue infected device could do a DMA attack correct?
On linux does iommu only isolate from the host devices assigned to a guest? assigned to pcistub? or is there always some level of mediation? My system says "dom0 mode - relaxed" right below the AMDVI messages, what does it mean?
Thanks for any replies!