From 619b04be938c0bd0fb040ddfd437abb72b6bce6a Mon Sep 17 00:00:00 2001
From: Francis Rowe
- With proper IOMMU, it might be possible to mitigate the DMA-related issues. + With proper IOMMU, it might be possible to mitigate the DMA-related issues. USB drives (flash drive, HDD, etc) can be used, + to avoid DMA.
Some proof of concepts have been demonstrated. For HDDs:
@@ -500,6 +501,7 @@
With proper IOMMU, it might be possible to mitigate the DMA-related issues. + A USB NIC can also be used, which does not have DMA.
Back to top of page @@ -513,6 +515,11 @@ Microcode can be very powerful. No proof that it's malicious, but it could theoretically
+ There isn't really a way to solve this, unless you use a CPU which does not have microcode. + (ARM CPUs don't, but most ARM systems require blobs for the graphics hardware at present, and typically + have other things like soldered wifi which might require blobs) +
+CPUs often on modern systems have a processor inside it for things like power management. ARM for example, has lots of these.
@@ -523,6 +530,7 @@Sound hardware (integrated or discrete) typically has firmware on it (DSP) for processing input/output. + Again, a USB DAC is a good workaround.
Back to top of page @@ -531,7 +539,8 @@
Webcams have firmware integrated into them that process the image input into the camera; adjusting focus, - white balancing and so on. + white balancing and so on. Can use USB webcam hardware, to work around potential DMA issues; integrated webcams + (on laptops, for instance) are discouraged by the libreboot project.
Back to top of page -- cgit v0.9.1