-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/20/2016 05:56 PM, ron minnich wrote: > man. Most of these BME things revolve around intel. Not surprising, but > not good. > > Does anyone care about the realtek 8168? And why on earth does it need > BME? Can it just be initialized but not have DMA enabled? > > I wonder if we should scan for anything with BME set, at each stage > transition, and print a warning for each one found?
A quick check through the source seems to indicate that the generic pci_set_resource function will enable bus mastering on any PCI bridges. From that point on, if I'm not mistaken, any malicious device that exposed a bridge interface could enable mastering for any logical devices behind the bridge and attack the host. Am I missing something? Thanks! - -- Timothy Pearson Raptor Engineering +1 (415) 727-8645 (direct line) +1 (512) 690-0200 (switchboard) https://www.raptorengineering.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJYMxh/AAoJEK+E3vEXDOFbu7IIAKMYJplqgN/XRy1yPnlwC4N6 h33fAgnQs74HI0uMQU3vT1mTTqFNsJtpCJisdFmIRyDsOMHxNSdlV4JkHUE4gQPu Hj8U2VxIumBBMaezKF+mR5mwLrDBNaR23OJT9ONskssggaasGu6CYj8iJe9/ap3J sAZ/j0wM8QoGBB4A1mCMJWWQtjzfTkyKql71nRevhC59qqyqWgoME5+dcVPU350v XGZZXuPoGwQzoAVwY0Hel5Havun+68r5k++lHqUKGVcKcAOMN2s9hdHUr5f8IU4w kLEMdTFeAX+AFdtIyYiWh5Gc9XMHTBnODgUQzbahIRvpXU8X4VPm3eQ3kCYAV/Y= =mUO9 -----END PGP SIGNATURE----- -- coreboot mailing list: [email protected] https://www.coreboot.org/mailman/listinfo/coreboot
