From 619b04be938c0bd0fb040ddfd437abb72b6bce6a Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Sun, 23 Aug 2015 11:22:34 -0400 Subject: FAQ: mitigations for certain DMA-capable hardware --- diff --git a/site/faq/index.php b/site/faq/index.php index 8fd76ad..d8d7f1b 100644 --- a/site/faq/index.php +++ b/site/faq/index.php @@ -478,7 +478,8 @@ unencrypted for future retrieval by an adversary.

- With proper IOMMU, it might be possible to mitigate the DMA-related issues. + With proper IOMMU, it might be possible to mitigate the DMA-related issues. USB drives (flash drive, HDD, etc) can be used, + to avoid DMA.

Some proof of concepts have been demonstrated. For HDDs:
@@ -500,6 +501,7 @@

With proper IOMMU, it might be possible to mitigate the DMA-related issues. + A USB NIC can also be used, which does not have DMA.

Back to top of page @@ -513,6 +515,11 @@ Microcode can be very powerful. No proof that it's malicious, but it could theoretically

+ There isn't really a way to solve this, unless you use a CPU which does not have microcode. + (ARM CPUs don't, but most ARM systems require blobs for the graphics hardware at present, and typically + have other things like soldered wifi which might require blobs) +

+

CPUs often on modern systems have a processor inside it for things like power management. ARM for example, has lots of these.

@@ -523,6 +530,7 @@

Sound card (#firmware-sound)

Sound hardware (integrated or discrete) typically has firmware on it (DSP) for processing input/output. + Again, a USB DAC is a good workaround.

Back to top of page @@ -531,7 +539,8 @@

Web cam (#firmware-webcam

Webcams have firmware integrated into them that process the image input into the camera; adjusting focus, - white balancing and so on. + white balancing and so on. Can use USB webcam hardware, to work around potential DMA issues; integrated webcams + (on laptops, for instance) are discouraged by the libreboot project.

Back to top of page -- cgit v0.9.1