On 21.06.2018 13:20, Jose Trujillo via coreboot wrote:
> If you don't enable a device in devicetree the initialization routine will
> not be executed.
Interpretation of the devicetree on/off values depends on the chipset
code. And even if the chipset code disables (or doesn't enable) some-
thing, this might just mean that the device is not visible any more.
Beside the IOMMU protection, there are two other options to prevent
a PCI device from DMA:
1. The Bus-Master bit in the device' PCI-Command register.
Though, enforcement of the bit is implementation specific.
2. Disabling the PCIe port of the chipset / bridge. If this
is possible is also implementation specific.
> To test just insert a SD card and use DMESG or other command to see if device
> ID is found, also in device manager in Windows.
Alas, a non-functioning device driver is no proof that DMA can't happen.
If you want to be sure, find research (for exactly your platform) that
confirms that a given method prevents DMA; or, get a programmable PCIe
device and test it yourself. There are no shortcuts.
Nico
--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
