On other phones the baseband has full control of the AP because it can read and write to all of its physical RAM. With an IOMMU a compromised baseband can only control things inside its small view, rather than completely compromise everything running on your phone.
But doesn't the IOMMU itself become additional attack surface for compromising the kernel? At least, I've seen it suggested that the tradeoff to gain a bit of defense-in-depth isn't necessarily worth it.
I must be missing something. I don't understand how that's supposed to help.
On other phones the baseband has full control of the AP because it can read and write to all of its physical RAM. With an IOMMU a compromised baseband can only control things inside its small view, rather than completely compromise everything running on your phone.
But doesn't the IOMMU itself become additional attack surface for compromising the kernel? At least, I've seen it suggested that the tradeoff to gain a bit of defense-in-depth isn't necessarily worth it.
1 reply →