Comment by cwillu
5 months ago
Not sure how that's relevant, unless you find it terrifying that owners of hardware have control over their hardware.
5 months ago
Not sure how that's relevant, unless you find it terrifying that owners of hardware have control over their hardware.
It's your IOMMU, you can do what you want with it. Maybe you need to write heaps of stuff to take advantage of it, but what's new there?
The only thing you're getting by saying "no IOMMU" is "I want any devices in my machine to be able to do anything, not just what I want them restricted to".
Okay, but he's specifically brought it up in the context of a computer's owner doing something that the software vendor (and also myself as another gamer harmed by cheating) would prefer he did not.
And if they want complete control, they can choose not to use a vendor and do it themself, for all the control they could want.
Hooray, freedom!
2 replies →
In my world, we won't let a system boot with production credentials unless the IOMMU is enabled.
This is enforced by a greatly enriched TPM (and it's willingness to unwrap credentials). We have trust several layers of firmware and OS software, but the same mechanism allows us to ensure that known-bad versions of those aren't part of the stack that booted.
If I wanted secure games (and the market would tolerate it), I'd push for enforcement of something similar in the consumer space.