Linked by David Adams on Fri 2nd Mar 2012 16:03 UTC
Privacy, Security, Encryption When was the last time you reverse-engineered all the PCI devices on your motherboard?. . . Enters the game-changer: IOMMU (known as VT-d on Intel). With proper OS/VMM design, this technology can address the very problem of most of the hardware backdoors. A good example of a practical system that allows for that is Xen 3.3, which supports VT-d and allows you to move drivers into a separate, unprivileged driver domain(s). This way each PCI device can be limited to DMA only to the memory region occupied by its own driver.
Thread beginning with comment 509380
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by Nico57
by David on Sat 3rd Mar 2012 00:28 UTC in reply to "Comment by Nico57"
David
Member since:
1997-10-01

Sorry. Read it on HN today and found it interesting.

Reply Parent Score: 1

RE[2]: Comment by Nico57
by Nico57 on Sat 3rd Mar 2012 00:47 in reply to "RE: Comment by Nico57"
Nico57 Member since:
2006-12-18

Hacker News?
I had never heard about this website, thanks for mentionning it.

Reply Parent Score: 1

RE[2]: Comment by Nico57
by broken_symlink on Sat 3rd Mar 2012 01:05 in reply to "RE: Comment by Nico57"
broken_symlink Member since:
2005-07-06

do you know how to get the hacker news rss feed to go to directly to the hacker news page, like how reddit's rss feed works? when i click on a hacker news article in my feed reader it goes directly to the linked page instead of the hacker news page with comments.

Reply Parent Score: 2

RE[2]: Comment by Nico57
by boxy on Sat 3rd Mar 2012 04:40 in reply to "RE: Comment by Nico57"
boxy Member since:
2011-06-20

Sorry. Read it on HN today and found it interesting.


The article is still as relevant today as it was then. I thought it was a great read. Thanks for this.

Reply Parent Score: 2

RE[2]: Comment by Nico57
by renox on Sat 3rd Mar 2012 09:59 in reply to "RE: Comment by Nico57"
renox Member since:
2005-07-06

It is interesting article.
Another interesting "fact" I've heard is that in many cases the IO-MMU was disabled because it was buggy.

I don't know if this is still the case now, but that's interesting, no?
Even if the CPU has an IO-MMU doesn't mean that it is used..

Reply Parent Score: 2