[coreboot] DMA protection? [AMD-Vi]
ron minnich
rminnich at gmail.com
Mon Nov 21 18:26:55 CET 2016
On Mon, Nov 21, 2016 at 9:21 AM Timothy Pearson <
tpearson at raptorengineering.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11/21/2016 10:43 AM, ron minnich wrote:
> > Talidan, just be aware, you can spend the money on enabling IOMMU in
> > coreboot, but you should not just assumed that it gets upstreamed.
>
> That's why I was suggesting we discuss mitigating DMA attacks instead of
> going after the IOMMU directly.
>
Got it, thanks. So, in a more general case, what can we do to remediate
such attacks across all the systems we have? And, further, what PCI support
can we contemplate removing now that kernels are smarter, so as to help
ensure that we don't accidentally make such attacks possible in the future?
And, in the age of FSP blobs, what should we check to make sure FSP has not
accidentally enabled such attacks?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20161121/34612164/attachment.html>
More information about the coreboot
mailing list