-
-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Early DMA protection not enforced properly on Alderlake and Meteorlake #1922
Comments
It's not supported because Intel FSP blobs missing requirements, to be troubleshooted and FSP requirements updated, fixed upstream and then downstream under Heads, pointing to new coreboot commit that will include the fix. Details upstream Dasharo/dasharo-issues#985 (comment) |
Not sure about what you meant here @Lapushy6351. AMD? Feel free to edit OP. I think this was autocorrected DMA - >AMD but unsure. Maybe you referred to a vuln for AMD, but here those are Intel platforms. Clarify. I renamed issue for better tracking and linked to upstream Dasharo coreboot fork's known issue.
Excerpt :
|
and what are the compatible models or as the identifications? |
Hi,
IOMMU It is used to protect against DMA attack in Dasharo + coreboot, does this during system startup.
https://osresearch.net/Heads-threat-model/#peripheral-firmware
https://docs.dasharo.com/dasharo-menu-docs/dasharo-system-features/#dasharo-security-options
On Clevo NV41 and Clevo NS50 models this is disabled, and I don't understand why.
https://github.com/linuxboot/heads/blob/master/config/coreboot-novacustom-nv4x_adl.config#L426
https://github.com/linuxboot/heads/blob/d4c4e5699b89365a88d9d49748dbcc11b6394907/config/coreboot-nitropad-ns50.config#L426
@tlaurion why?
The text was updated successfully, but these errors were encountered: