[PATCH 0/6] [B]iommu: add kernel dma protection
Aaron Ma
aaron.ma at canonical.com
Thu Mar 28 17:03:31 UTC 2019
On 3/28/19 11:12 PM, Stefan Bader wrote:
> On 28.03.19 07:21, Aaron Ma wrote:
>> Hi Khaled:
>>
>> Bionic need this serie of SRU.
>>
>> B-OEM kernel already have one commit.
>> [PATCH 2/6] ACPI / property: Allow multiple property compatible _DSD entries
>>
>> Bionic kernel need this one too.
> Repeating the comment I made on the Cosmic submission with some additional info
> I saw when reading the b/oem thread. The part about testing seemed to be done
> more thoroughly (including non-affected systems, too), however that detail did
> not get added to the SRU justification in the bug report.
> The question about "need" I would still have, in the sense of why would one want
> to take the risk of regressions to have it.
Recent systems shipping with "kernel DMA protection" = "enabled" by
default in BIOS. This setting option changed "Thunderbolt Security
Level" = "No Security (SL0)".
With this setting systems will be vulnerable to a DMA attack by a
thunderbolt device.
So utilizing IOMMU to prevent DMA attack is a must have feature to users
on these new systems.
Also it is strongly recommended by Intel and a requirement from customer.
Sorry for missing details on SRU justification. Will add it in bug report.
Thanks,
Aaron
>
> -Stefan
>
>> Thanks,
>> Aaron
>>
>>
>
More information about the kernel-team
mailing list