On Tue, Oct 02, 2018 at 02:02:11PM +0100, Daniel Thompson wrote: > On 25/09/2018 10:07, Ilias Apalodimas wrote: > >Hello, > > > >Can we add a discussion in upcoming meetings about the participation > >of SMMU in the booting procedure? > > If I were you I'd roll up to one of the Thursday meetings. There's usually > time for a bit of any other business. > Ok will do that > > >In the past there's been a number of proposals on how to mitigate > >attacks, were a rogue PCI card is inserted into the system. > >Some of them include shutting down external DMA ports until the OS > >explicitly powers them up or blocking DMA using BME bit et > > >Keeping in mind this will enhance the security of devices would it > >make sense to include it as a 'MUST' if the hardware is present or a > >recommendation would be enough? > > I'm not totally convinced this is in scope for EBBR (don't take this as a > firm "no"). Me neither > > Basically EBBR primarily focuses on the handover from system firmware to > OS[1]. > > For full defense this is essentially a requirement about the state of the > system when we hand over from BL<something> to BL33 isn't it? It might > therefore be regarded as an implementation quality issue. Well i'd replace BL<something> with 'once the bus is configured'. In other words if a peripheral that's connected to the SMMU is required to do transactions SMMU should be up and running. If no device is going to do transactions the SMMU can be ignored. Again i am not entirely sure this is an EBBR decision to make
Thanks /Ilias _______________________________________________ boot-architecture mailing list [email protected] https://lists.linaro.org/mailman/listinfo/boot-architecture
