Earlier this year, Linux changed its startup procedure on UEFI systems, so that all PCI devices behind bridges are not able to DMA until Linux has setup its IOMMU mappings. This works because the UEFI drivers also use the IOMMU, and Linux can disable bus mastering on PCI bridges before telling the firmware to tear down its IOMMU mappings.
Would it be possible for Xen to do something similar? This could provide significant protection against DMA attacks. Sincerely, Demi -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/dde448d1-d984-a538-64cb-86d733a9c60a%40gmail.com.
signature.asc
Description: OpenPGP digital signature