Message-ID: <446B3082.1000200@argo.co.il>
Date: Wed, 17 May 2006 17:17:38 +0300
From: Avi Kivity <avi@argo.co.il>
User-Agent: Thunderbird 1.5.0.2 (X11/20060501)
MIME-Version: 1.0
To: Joerg Pommnitz <pommnitz@yahoo.com>
CC: Linux kernel <linux-kernel@vger.kernel.org>
Subject: Re: Wiretapping Linux?
References: <20060517132503.79272.qmail@web51410.mail.yahoo.com>
In-Reply-To: <20060517132503.79272.qmail@web51410.mail.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1152
Lines: 31

Joerg Pommnitz wrote:
> --- Avi Kivity schrieb:
>   
>> A pci device can read system RAM and other memory-mapped PCI devices 
>> (such as display framebuffers) using DMA. In addition, a pci (but not 
>> pci-express) device can snoop on pci bus traffic to other devices. 
>> Typically, however, hard drive controllers will be integrated into the 
>> chipset so the data is not on the bus.
>>     
>
> Thanks for providing this information. This makes the binary firmware
> required for peripherals even more interesting for security conscious
> people.
>   

Note that some machines have IOMMUs so it may be possible to prevent a 
device from reading main memory, perhaps at a performance cost.

My AMD machine disables the IOMMU on startup.

If you don't trust your hardware there are only two solutions: keep it 
off the net or keep it off.

-- 
error compiling committee.c: too many arguments to function

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/