Comment by webmaven
4 years ago
But doesn't the IOMMU itself become additional attack surface for compromising the kernel? At least, I've seen it suggested that the tradeoff to gain a bit of defense-in-depth isn't necessarily worth it.
4 years ago
But doesn't the IOMMU itself become additional attack surface for compromising the kernel? At least, I've seen it suggested that the tradeoff to gain a bit of defense-in-depth isn't necessarily worth it.
Not having an IOMMU=baseband can access all of the AP's memory.
Having an IOMMU=baseband can only access a small section of memory marked for it, ideally.
Obviously, it's worth implementing this: it turns a baseband compromise from "instant game over" to "might be a problem, but the IOMMU needs to have been set up incorrectly or the code that deals with it needs to have a serious vulnerability".