[coreboot] DMA protection? [AMD-Vi]
Timothy Pearson
tpearson at raptorengineering.com
Mon Nov 21 16:53:35 CET 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/20/2016 05:56 PM, ron minnich wrote:
> man. Most of these BME things revolve around intel. Not surprising, but
> not good.
>
> Does anyone care about the realtek 8168? And why on earth does it need
> BME? Can it just be initialized but not have DMA enabled?
>
> I wonder if we should scan for anything with BME set, at each stage
> transition, and print a warning for each one found?
A quick check through the source seems to indicate that the generic
pci_set_resource function will enable bus mastering on any PCI bridges.
From that point on, if I'm not mistaken, any malicious device that
exposed a bridge interface could enable mastering for any logical
devices behind the bridge and attack the host. Am I missing something?
Thanks!
- --
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJYMxh/AAoJEK+E3vEXDOFbu7IIAKMYJplqgN/XRy1yPnlwC4N6
h33fAgnQs74HI0uMQU3vT1mTTqFNsJtpCJisdFmIRyDsOMHxNSdlV4JkHUE4gQPu
Hj8U2VxIumBBMaezKF+mR5mwLrDBNaR23OJT9ONskssggaasGu6CYj8iJe9/ap3J
sAZ/j0wM8QoGBB4A1mCMJWWQtjzfTkyKql71nRevhC59qqyqWgoME5+dcVPU350v
XGZZXuPoGwQzoAVwY0Hel5Havun+68r5k++lHqUKGVcKcAOMN2s9hdHUr5f8IU4w
kLEMdTFeAX+AFdtIyYiWh5Gc9XMHTBnODgUQzbahIRvpXU8X4VPm3eQ3kCYAV/Y=
=mUO9
-----END PGP SIGNATURE-----
More information about the coreboot
mailing list