Linked by David Adams on Fri 2nd Mar 2012 16:03 UTC
Privacy, Security, Encryption When was the last time you reverse-engineered all the PCI devices on your motherboard?. . . Enters the game-changer: IOMMU (known as VT-d on Intel). With proper OS/VMM design, this technology can address the very problem of most of the hardware backdoors. A good example of a practical system that allows for that is Xen 3.3, which supports VT-d and allows you to move drivers into a separate, unprivileged driver domain(s). This way each PCI device can be limited to DMA only to the memory region occupied by its own driver.
Thread beginning with comment 509668
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:

I've been thinking some more about this and how does the "secure boot" UEFI deal with the graphics card firmware ?

I guess it uses some higher level interface ? Not the legacy one that needs a VGA-console.

So I was actually wrong.

I see that Linux 3.3 now also supports starting from EFI directly.

Reply Parent Score: 2

Lennie Member since:

I checked, the firmware that needs to be loaded of the devices like NIC and graphics card are signed just like the OS with different private/public keypairs.

Reply Parent Score: 2