diff options
author | Francis Rowe <info@gluglug.org.uk> | 2015-08-23 11:22:34 (EDT) |
---|---|---|
committer | Francis Rowe <info@gluglug.org.uk> | 2015-08-23 11:22:34 (EDT) |
commit | 619b04be938c0bd0fb040ddfd437abb72b6bce6a (patch) | |
tree | ada0d053a61448ad3587abc53835f3fab9f1fc01 /site/faq/index.php | |
parent | 730ba63e485a6755fb1dd85e5654ce2cfb1a4834 (diff) | |
download | libreboot.org-619b04be938c0bd0fb040ddfd437abb72b6bce6a.zip libreboot.org-619b04be938c0bd0fb040ddfd437abb72b6bce6a.tar.gz libreboot.org-619b04be938c0bd0fb040ddfd437abb72b6bce6a.tar.bz2 |
FAQ: mitigations for certain DMA-capable hardware
Diffstat (limited to 'site/faq/index.php')
-rw-r--r-- | site/faq/index.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/site/faq/index.php b/site/faq/index.php index 8fd76ad..d8d7f1b 100644 --- a/site/faq/index.php +++ b/site/faq/index.php @@ -478,7 +478,8 @@ unencrypted for future retrieval by an adversary. </p> <p> - With proper IOMMU, it might be possible to mitigate the DMA-related issues. + With proper IOMMU, it might be possible to mitigate the DMA-related issues. USB drives (flash drive, HDD, etc) can be used, + to avoid DMA. </p> <p> Some proof of concepts have been demonstrated. For HDDs:<br/> @@ -500,6 +501,7 @@ </p> <p> With proper IOMMU, it might be possible to mitigate the DMA-related issues. + A USB NIC can also be used, which does not have DMA. </p> <p> <a href="#pagetop">Back to top of page</a> @@ -513,6 +515,11 @@ Microcode can be very powerful. No proof that it's malicious, but it could theoretically </p> <p> + There isn't really a way to solve this, unless you use a CPU which does not have microcode. + (ARM CPUs don't, but most ARM systems require blobs for the graphics hardware at present, and typically + have other things like soldered wifi which might require blobs) + </p> + <p> CPUs often on modern systems have a processor inside it for things like power management. ARM for example, has lots of these. </p> @@ -523,6 +530,7 @@ <h3 id="firmware-sound">Sound card <span class="ref">(<a href="#firmware-sound">#firmware-sound</a>)</h3> <p> Sound hardware (integrated or discrete) typically has firmware on it (DSP) for processing input/output. + Again, a USB DAC is a good workaround. </p> <p> <a href="#pagetop">Back to top of page</a> @@ -531,7 +539,8 @@ <h3 id="firmware-webcam">Web cam <span class="ref">(<a href="#firmware-webcam">#firmware-webcam</a></h3> <p> Webcams have firmware integrated into them that process the image input into the camera; adjusting focus, - white balancing and so on. + white balancing and so on. Can use USB webcam hardware, to work around potential DMA issues; integrated webcams + (on laptops, for instance) are discouraged by the libreboot project. </p> <p> <a href="#pagetop">Back to top of page</a> |