On 21.06.2018 13:20, Jose Trujillo via coreboot wrote:
If you don't enable a device in devicetree the initialization routine will not be executed.
Interpretation of the devicetree on/off values depends on the chipset code. And even if the chipset code disables (or doesn't enable) some- thing, this might just mean that the device is not visible any more.
Beside the IOMMU protection, there are two other options to prevent a PCI device from DMA:
1. The Bus-Master bit in the device' PCI-Command register. Though, enforcement of the bit is implementation specific.
2. Disabling the PCIe port of the chipset / bridge. If this is possible is also implementation specific.
To test just insert a SD card and use DMESG or other command to see if device ID is found, also in device manager in Windows.
Alas, a non-functioning device driver is no proof that DMA can't happen. If you want to be sure, find research (for exactly your platform) that confirms that a given method prevents DMA; or, get a programmable PCIe device and test it yourself. There are no shortcuts.
Nico
Sounds like disabling the PCIe port of the device is the safest solution. Will switching the value in the devicetree be enough or is that too uncertain?
-
Nico Huber -
Thomasheidler