
When was the last time you reverse-engineered all the PCI devices on your motherboard?. . . Enters the game-changer: IOMMU (known as VT-d on Intel). With proper OS/VMM design, this technology can address the very problem of most of the
hardware backdoors. A good example of a practical system that allows for that is Xen 3.3, which supports VT-d and allows you to move drivers into a separate, unprivileged driver domain(s). This way each PCI device can be limited to DMA only to the memory region occupied by its own driver.
Member since:
2006-01-22
is the next big thing to hardware. It makes the uKernel designs easier and virtualization also is neater. I am eager to buy a motherboard+cpu with IOMMU. It seems expensive though. Hopefully we will se an Atom with IOMMU but it seems that they keep it for more expensive products. Personally I believe that IOMMU must become the norm (virtualization extensions come second).