[coreboot] Thinkpad SD card controller DMA

Nico Huber nico.h at gmx.de
Thu Jun 21 16:18:08 CEST 2018

On 21.06.2018 13:20, Jose Trujillo via coreboot wrote:
> If you don't enable a device in devicetree the initialization routine will not be executed.

Interpretation of the devicetree on/off values depends on the chipset
code. And even if the chipset code disables (or doesn't enable) some-
thing, this might just mean that the device is not visible any more.

Beside the IOMMU protection, there are two other options to prevent
a PCI device from DMA:

 1. The Bus-Master bit in the device' PCI-Command register.
    Though, enforcement of the bit is implementation specific.

 2. Disabling the PCIe port of the chipset / bridge. If this
    is possible is also implementation specific.

> To test just insert a SD card and use DMESG or other command to see if device ID is found, also in device manager in Windows.

Alas, a non-functioning device driver is no proof that DMA can't happen.
If you want to be sure, find research (for exactly your platform) that
confirms that a given method prevents DMA; or, get a programmable PCIe
device and test it yourself. There are no shortcuts.


More information about the coreboot mailing list