You the man! Very informative >:D
Was the card malicious or just horribly programmed?
How much $$$$ would it run for you fellas to make DMA protection happen?
On 11/15/2016 04:58 PM, Timothy Pearson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/15/2016 03:35 PM,Taiidan@gmx.com wrote:
I have KGPE-d16 with IOMMU/AMD-VI and I was wondering if it would be possible to designate in coreboot certain devices pass-through only to stop them from communicating with the host? If I have to launch a rescue CD or what not then a rogue infected device could do a DMA attack correct?
On linux does iommu only isolate from the host devices assigned to a guest? assigned to pcistub? or is there always some level of mediation? My system says "dom0 mode - relaxed" right below the AMDVI messages, what does it mean?
Thanks for any replies!
Coreboot does not currently configure the IOMMU to reject unauthorized access; it waits for Linux to start and configure the IOMMU. By default, Linux configures the IOMMU (if present) to only accept access to authorised areas of memory*, therefore once Linux starts exploiting the system via PCI becomes very difficult. If you have passed any options to Linux regarding the IOMMU (e.g. iommu=soft or iommu=pt), the system may have lost this protection, so be careful!
It might be an interesting experiment to configure the IOMMU from within coreboot in order to close the small window where a malicious PCI device could attack the host. This is something we'd be willing to consider under contract if there's interest.
I hope this helps!
- Both Raptor and other KGPE-D16 users have seen this in action with
rogue cards -- in particular, one USB 3 card with firmware blobs attempted to scan host memory. When a peripheral misbehaves in this manner, you will see messages similar to:
"AMD-Vi: Event logged [IO_PAGE_FAULT device=00.00.0 domain=0x0000 address=0x0000000000000000 flags=0x0000]"
Each one of those is a peripheral access to main memory that has been blocked by the IOMMU. If you see a lot of these, especially if they continue to be generated after bootup, you probably have a buggy or malicious PCI device installed.
Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJYK4TyAAoJEK+E3vEXDOFbJ9sH/3SEQ1eXRmdu9OU9DunssFLU tzipT9K5VzJPr4YJr3gAJ7U+hcofWveFRxeK7hdsLJCn4BamhCtCOXVOTR6oG9z7 dEAHg15k4nF0uent+FXMYjUDjFrpPTV+oJlfuvzhqHPmTQEJ02XuVssoEp5KA06r Q0+0ya1Ea1rzXobgF25LVy4jkEMTmynDKsxAyQxPsNzUWH9GRn90h7syP5c7CFKS Y2aGEvgnDyuuvH2FYspOkPtZM6tmTtMcwBOfiSTid7YhDWL/G1mTkbvild6M70yv MWcG41Pnd6a+JuAoqtRBmh0S9ej8ltZRqGYKQTL1O8ZMTZLak4v95PLS6x4jCH4= =Eohg -----END PGP SIGNATURE-----
The way coreboot has always enforced DMA protections is to not set bus master enabling on IO devices. I trust that particular setting a lot more than I trust trying to configure an IOMMU, given that such configuration seems to require trying to parse ACPI DMAR tables. If you will now tell me that some bad IO device might ignore BME, then I would want to know how to disable PCI bus mastering in the root complex, but certainly not via the IOMMU.
coreboot has always attempted to do absolutely minimal platform configuration, just enough so a payload can run. This includes enabling as little of the hardware as possible, including IO devices. Every time you add in new capabilities such as IOMMU you take the risk of getting it wrong and making the system less secure.
Off the type of my head, messing about with the IOMMU in coreboot seems a very bad idea.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/19/2016 02:24 PM, Taiidan@gmx.com wrote:
You the man! Very informative >:D
Was the card malicious or just horribly programmed?
How much $$$$ would it run for you fellas to make DMA protection happen?
At this point I'm not entirely sure. There are a few ways to do it and, as Ron mentioned, configuring the full IOMMU might be somewhat overkill or just plain problematic here. If you or someone else has a few thousand to throw at this, please contact me off list and we can discuss possible solutions with pricing further.
Thanks!
- -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com
Talidan, just be aware, you can spend the money on enabling IOMMU in coreboot, but you should not just assumed that it gets upstreamed.
Enabling IOMMU on one implementation of one CPU from one vendor for one generation is not a really compelling idea, at least for me.
You don't want to confuse your goal -- disable bus master attacks -- from the means -- using the IOMMU to implement such protection.
I hope you will both look at a much simpler way to do this.
On Mon, Nov 21, 2016 at 8:25 AM Timothy Pearson < tpearson@raptorengineering.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/19/2016 02:24 PM, Taiidan@gmx.com wrote:
You the man! Very informative >:D
Was the card malicious or just horribly programmed?
How much $$$$ would it run for you fellas to make DMA protection happen?
At this point I'm not entirely sure. There are a few ways to do it and, as Ron mentioned, configuring the full IOMMU might be somewhat overkill or just plain problematic here. If you or someone else has a few thousand to throw at this, please contact me off list and we can discuss possible solutions with pricing further.
Thanks!
Timothy Pearson Raptor Engineering +1 (415) 727-8645 <(415)%20727-8645> (direct line) +1 (512) 690-0200 <(512)%20690-0200> (switchboard) https://www.raptorengineering.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJYMx+vAAoJEK+E3vEXDOFbA94IALD7RKAPz1NdVBRuaA2zSygX ZVxN+gcVf1Lf78u2Oh929Kp2fg2+Lpa7aN+0WrmhgOOe85Bi8p1lEGKg5uK6lhQO lvrDXkZ1n5Vmp9K+kmtar/OOmmwBtqSzdt0lJ9NcOvUxKP7tpr2kK+uGnUuUo3VJ 72i6L9P5g5uItBLVeOGXH9/z4sBYoeByasOWofhI6DYYCTD/kFmkF4xlw+N85P0i wTAVFBkwqxj7oqacXfzlsiNs5diaHmQ2mtN5jMOWiLpHuMiwdDmE3BgFUDR+x2Rr gfRHPb2mLf98ivoAVLTe5Lh767fYxBvXs9uocO9Qsl0xCvr/xgP03gC8Bj50xsY= =y5mf -----END PGP SIGNATURE-----
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
-
ron minnich -
Taiidan@gmx.com -
Timothy Pearson