[117911] in cryptography@c2.net mail archive
Re: Firewire threat to FDE
daemon@ATHENA.MIT.EDU (David Malone)
Fri Mar 21 15:02:00 2008
Date: Thu, 20 Mar 2008 09:13:23 +0000
From: David Malone <dwmalone@maths.tcd.ie>
To: "Leichter, Jerry" <leichter_jerrold@emc.com>
Cc: Hagai Bar-El <info@hbarel.com>, Cryptography <cryptography@metzdowd.com>,
PracticalSecurity <practicalsecurity@hbarel.com>
In-Reply-To: <Pine.SOL.4.61.0803191416530.21837@mental>
On Wed, Mar 19, 2008 at 02:25:36PM -0400, Leichter, Jerry wrote:
[This has been thrashed out on other lists.]
> Just how would that help? As I understand it, Firewire and PCMCIA
> provide a way for a device to access memory directly. The OS doesn't
> have to do anything - in fact, it *can't* do anything.
The OS can program the Firewire controller not to allow DMA.
> The only possible protection here is at the hardware level: The
> external interface controller must be able to run in a mode which
> blocks externally-initiated memory transactions. Unfortunately,
> that may not be possible for some controllers. Sure, the rules for
> (say) SCSI might say that a target is only supposed to begin sending
> after a request from an initiator - but it would take a rather
> sophisticated state machine to make sure to match things up properly,
> especially on a multi-point bus.
Isn't what you're describing here an IOMMU?
David.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
