-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Wed, Feb 27, 2019 at 08:30:33AM +0100, David Hobach wrote: > Dear devs, > > [1] claims full IOMMU bypass from malicious peripherals using any of > a) racing conditions during boot.
There is not much Qubes can do until Qubes is loaded. So, security at this stage depends on the system firmware. Many firmwares have separate options for Thunderbolt support and it may be a good idea to disable it, since Qubes doesn't support them anyway (at least not when hot plugged)[3][4]. > b) enabled ATS (apparently the default with Linux < 4.21; I'm not sure > about Xen). Xen do support ATS, but it is disabled by default. And the documentation[2] recommends not enabling it. So, we don't enable it. > What's the Qubes OS view on that? Is ATS enabled/disabled? You may want to see [4], which contains a plan to properly support Thunderbolt devices. Generally the idea is to use Thunderbolt security levels to prevent DMA until just plugged in device is assigned to appropriate VM, including IOMMU setup. But until we get it right, we won't re-enable PCI hotplug. > Were you included in the disclosure process? Unfortunately no. > I'll have to dig deeper myself to see further potential consequences. > > Best Regards > David > > [1] http://thunderclap.io/thunderclap-paper-ndss2019.pdf [2] https://xenbits.xen.org/docs/unstable/misc/xen-command-line.html#ats-x86 [3] https://github.com/QubesOS/qubes-issues/issues/4353 [4] https://github.com/QubesOS/qubes-issues/issues/4426 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlx3b10ACgkQ24/THMrX 1yzSOQf9FbbO9vLlKZ0IvQ3ySSiIsEGeJ4aO1idd65gu57l8n27BLXxxRRxqgWkT 3GsIp0gytvfniBYHThhez0prNgjPQGSZ3TPpV9i9bS/u3KfhsOPcl6i02ita8wLA kiIQn9LncXFDwI3lZgSJ/rV02CswNDbrTI6wAyTi1AXQbA284RSKgyzxry7pOiVM 1QgH9O42OTN5FiYDWafdoMkHrfgmVqy12B8FhwGAtqZbL1NxV0GegWegP3lskp89 5etY2SS6dogIexjU/fXS5B4JuXDT0C1rjSkT542ZlpiOY8lFgfvi3MFEdiGeruyG GLMU032tvLa3w9tghwmQdCue9XRqCw== =r18V -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20190228051925.GJ19265%40mail-itl. For more options, visit https://groups.google.com/d/optout.
