You are not logged in.
Hi,
PCI-Devices have direct access to (all of) the system's memory, iirc. As I have a system with an IOMMU-Unit/PCI-Virtualisation-capabilities, which can be used to contain PCI-Devices to a certain space in memory. I'd like to explore that possibility for system hardening, as it could be used to restrict memory access for PCI-devices, using it as a protection against malicious devices or so.
I'd like to explore these possibilities a little, unfortunately, I haven't found anything regarding this topic, I always end up finding information about using it to hand PCI-Devices over to a virtualized system, which is obviously the much more common use case.
Does anyone know of some documentation, projects, etc. regarding this? (Or is documentation not necessary because the feature I'd like to have is by design of IOMMU or something like that? I found information on that topic to be extremely rare.)
Thanks for any hints!
Offline
Moving to Kernel & Hardware
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline