Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/david_chisnall/statuses/113077853669763860">david_chisnall (david_chisnall@infosec.exchange)'s status on Thursday, 05-Sep-2024 01:56:01 JST</a><a href="https://infosec.exchange/@david_chisnall" title="david_chisnall@infosec.exchange"><img src="https://gnusocial.jp/avatar/241214-48-20240302204654.webp" width="48" height="48" alt="david_chisnall" style="position: absolute; left: 0; top: 0;">david_chisnall</a><div><a href="https://mastodon.social/@cr1901/113075634586769298" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://mastodon.social/@cr1901" rel="nofollow noreferrer">@cr1901</a> IOMMUs in most systems are designed to allow devices to be attached to VMs. The threat model is that you have attached a device to a VM and want to protect against that device initiating DMAs to or from a physical address that the VM cannot access. They are somewhat useful without virtualisation (and, increasingly for kernel-bypass things with userspace), but the threat model almost always assumes that devices are trustworthy. The PCIe spec even includes a feature called ATS that allows the device to bypass the IOMMU if it implements its own (fortunately, it’s possible to turn this off).</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3614061#notice-7086751">In conversation</a><time datetime="2024-09-05T01:56:01+09:00" title="Thursday, 05-Sep-2024 01:56:01 JST">about 2 months ago</time> <span>from <span><a href="https://infosec.exchange/@david_chisnall/113077853669763860" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@david_chisnall/113077853669763860">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
david_chisnall (david_chisnall@infosec.exchange)'s status on Thursday, 05-Sep-2024 01:56:01 JSTdavid_chisnall
in reply to
- William D. Jones
@cr1901 IOMMUs in most systems are designed to allow devices to be attached to VMs. The threat model is that you have attached a device to a VM and want to protect against that device initiating DMAs to or from a physical address that the VM cannot access. They are somewhat useful without virtualisation (and, increasingly for kernel-bypass things with userspace), but the threat model almost always assumes that devices are trustworthy. The PCIe spec even includes a feature called ATS that allows the device to bypass the IOMMU if it implements its own (fortunately, it’s possible to turn this off).
In conversationabout 2 months ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice