Linked by David Adams on Fri 2nd Mar 2012 16:03 UTC
When was the last time you reverse-engineered all the PCI devices on your motherboard?. . . Enters the game-changer: IOMMU (known as VT-d on Intel). With proper OS/VMM design, this technology can address the very problem of most of the hardware backdoors. A good example of a practical system that allows for that is Xen 3.3, which supports VT-d and allows you to move drivers into a separate, unprivileged driver domain(s). This way each PCI device can be limited to DMA only to the memory region occupied by its own driver.
Permalink for comment 509453
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2006-01-22
is the next big thing to hardware. It makes the uKernel designs easier and virtualization also is neater. I am eager to buy a motherboard+cpu with IOMMU. It seems expensive though. Hopefully we will se an Atom with IOMMU but it seems that they keep it for more expensive products. Personally I believe that IOMMU must become the norm (virtualization extensions come second).