Comment by jsolson

5 months ago

> Those are already unstoppable because they now use Direct Memory Access over the PCI-E bus, so the cheats don't even run on the same computer anymore.

Working on mostly server platforms, I had forgotten that IOMMU enablement (and, where relevant, enforcement) was not the default.

Consumer hardware and software is terrifying.

8 comments

jsolson

Reply
cwillu  5 months ago

Not sure how that's relevant, unless you find it terrifying that owners of hardware have control over their hardware.

  • dwattttt  5 months ago

    It's your IOMMU, you can do what you want with it. Maybe you need to write heaps of stuff to take advantage of it, but what's new there?

    The only thing you're getting by saying "no IOMMU" is "I want any devices in my machine to be able to do anything, not just what I want them restricted to".

    • cwillu  5 months ago

      Okay, but he's specifically brought it up in the context of a computer's owner doing something that the software vendor (and also myself as another gamer harmed by cheating) would prefer he did not.

      3 replies →

  • jsolson  5 months ago

    In my world, we won't let a system boot with production credentials unless the IOMMU is enabled.

    This is enforced by a greatly enriched TPM (and it's willingness to unwrap credentials). We have trust several layers of firmware and OS software, but the same mechanism allows us to ensure that known-bad versions of those aren't part of the stack that booted.

    If I wanted secure games (and the market would tolerate it), I'd push for enforcement of something similar in the consumer space.