On Thu, 24 Nov 2016 09:33:23 +0100 Zrubi <[email protected]> wrote: > > Well, as you noted the qubes-hcl-report tool relays on xl info, and xl > dmesg output. > If both states tat IOMMU is enabled: > > > virt_caps: hvm hvm_directio > > (XEN) I/O virtualisation enabled > > what else can it say? > > If you 100% sure that this is a false positive, then we should address > this issue for sure. > However I can't see how we can check if IOMMU is really working? Maybe > we can try DMA attack PoC script and try to break out from a netvm for > example? > (of course not as part of the hcl report :)
Thanks for your reply. After reading it I realized that I should probably ask at Xen devel mailing list. I am not 100% sure, but the specs about my HW says so(and I am 100% sure about what HW I have). Anyway, I like the idea of DMA PoC attack. Sounds like a definitve measure of VT-d separation. Are there any PoCs publicly available? Regards, tezeb -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161127011328.2c7c0f51%40outoftheblue.pl. For more options, visit https://groups.google.com/d/optout.
