[coreboot] DMA protection? [AMD-Vi]
Timothy Pearson
tpearson at raptorengineering.com
Mon Nov 21 18:21:21 CET 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/21/2016 10:43 AM, ron minnich wrote:
> Talidan, just be aware, you can spend the money on enabling IOMMU in
> coreboot, but you should not just assumed that it gets upstreamed.
That's why I was suggesting we discuss mitigating DMA attacks instead of
going after the IOMMU directly. We have the AMD platform documentation
and should be able to properly configure the hardware to reject DMA
attacks, even without the IOMMU active, unless AMD inserted a backdoor
into the relevant hardware as they have been known to do. At least they
have been kind enough to document said backdoors when they are present!
- --
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJYMy0OAAoJEK+E3vEXDOFbbvEIAKDEtFhTpvrpZxZmtKh5Rczk
47CXy+rnhBaLQYNFPtqlWqPGgEfvSOZqoUInAuWacO+idJvoGO30qrRpPlssUfAw
pT2NskcqKD8wMZoSrqdm/rwvG/x4ezJIylGAdhRNrcKNKXK9JkJ+Hx3Tp1VfALa6
gPLR99d9hGjEI9KOKSnyPY2KtjTUihEcCUb9St2eL+LUtjPif7pZwBsyOfkKWslv
r6rsznl/ydGECa8U7fUhaCWfJhr99wKEXQb3kSlkKPOaV9nQ2KQFI/abgMIKrcvG
aMN8duKTQyNmVM3/s3ctjzDZUZCnRPbRqDed2isaGamYsKUbSy2QcdAtR0bYoGY=
=2WO8
-----END PGP SIGNATURE-----
More information about the coreboot
mailing list