Firewire threat to FDE
David Malone
dwmalone at maths.tcd.ie
Thu Mar 20 05:13:23 EDT 2008
On Wed, Mar 19, 2008 at 02:25:36PM -0400, Leichter, Jerry wrote:
[This has been thrashed out on other lists.]
> Just how would that help? As I understand it, Firewire and PCMCIA
> provide a way for a device to access memory directly. The OS doesn't
> have to do anything - in fact, it *can't* do anything.
The OS can program the Firewire controller not to allow DMA.
> The only possible protection here is at the hardware level: The
> external interface controller must be able to run in a mode which
> blocks externally-initiated memory transactions. Unfortunately,
> that may not be possible for some controllers. Sure, the rules for
> (say) SCSI might say that a target is only supposed to begin sending
> after a request from an initiator - but it would take a rather
> sophisticated state machine to make sure to match things up properly,
> especially on a multi-point bus.
Isn't what you're describing here an IOMMU?
David.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list