You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's not supported because Intel FSP blobs missing requirements, to be troubleshooted and FSP requirements updated, fixed upstream and then downstream under Heads, pointing to new coreboot commit that will include the fix.
IOMMU It is used to protect against AMD attack in Dasharo + coreboot, does this during system startup.
Not sure about what you meant here @Lapushy6351. AMD? Feel free to edit OP. I think this was autocorrected DMA - >AMD but unsure. Maybe you referred to a vuln for AMD, but here those are Intel platforms. Clarify.
I renamed issue for better tracking and linked to upstream Dasharo coreboot fork's known issue.
On Clevo NV41 and Clevo NS50 models this is disabled, and I don't understand why.
Why?
Excerpt :
When setting CONFIG_ENABLE_EARLY_DMA_PROTECTION=y, cannot be applied.
Hi,
IOMMU It is used to protect against AMD attack in Dasharo + coreboot, does this during system startup.
https://osresearch.net/Heads-threat-model/#peripheral-firmware
https://docs.dasharo.com/dasharo-menu-docs/dasharo-system-features/#dasharo-security-options
On Clevo NV41 and Clevo NS50 models this is disabled, and I don't understand why.
https://github.com/linuxboot/heads/blob/master/config/coreboot-novacustom-nv4x_adl.config#L426
https://github.com/linuxboot/heads/blob/d4c4e5699b89365a88d9d49748dbcc11b6394907/config/coreboot-nitropad-ns50.config#L426
@tlaurion why?
The text was updated successfully, but these errors were encountered: