On 21.06.2018 13:20, Jose Trujillo via coreboot wrote: > If you don't enable a device in devicetree the initialization routine will > not be executed.
Interpretation of the devicetree on/off values depends on the chipset code. And even if the chipset code disables (or doesn't enable) some- thing, this might just mean that the device is not visible any more. Beside the IOMMU protection, there are two other options to prevent a PCI device from DMA: 1. The Bus-Master bit in the device' PCI-Command register. Though, enforcement of the bit is implementation specific. 2. Disabling the PCIe port of the chipset / bridge. If this is possible is also implementation specific. > To test just insert a SD card and use DMESG or other command to see if device > ID is found, also in device manager in Windows. Alas, a non-functioning device driver is no proof that DMA can't happen. If you want to be sure, find research (for exactly your platform) that confirms that a given method prevents DMA; or, get a programmable PCIe device and test it yourself. There are no shortcuts. Nico -- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot