Исходное сообщение
"Thunderspy - серия атак на оборудование с интерфейсом Thunde..." Отправлено хотел спросить, 12-Май-20 02:14
DMA protection utilizing IOMMU Recent systems from 2018 and forward with Thunderbolt ports may natively support IOMMU. This means that Thunderbolt security is handled by an IOMMU so connected devices cannot access memory regions outside of what is allocated for them by drivers. When Linux is running on such system it automatically enables IOMMU if not enabled by the user already. These systems can be identified by reading 1 from /sys/bus/thunderbolt/devices/domainX/iommu_dma_protection attribute. The driver does not do anything special in this case but because DMA protection is handled by the IOMMU, security levels (if set) are redundant. For this reason some systems ship with security level set to none. Other systems have security level set to user in order to support downgrade to older OS, so users who want to automatically authorize devices when IOMMU DMA protection is enabled can use the following udev rule: