[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
|
|
Subscribe / Log in / New account

Restricted DMA

Restricted DMA

Posted Jan 8, 2021 13:52 UTC (Fri) by danielthompson (subscriber, #97243)
In reply to: Restricted DMA by ttuttle
Parent article: Restricted DMA

Perhaps better to think of trusted firmware as "a firmware" rather then "the firmware"! In this case the trusted firmware is the component that manages switching in and out of trustzone on arm64 systems and, additionally, it provides reference bootloaders to get the trusted and normal worlds running.

If you have DMA peripheral that can restrict the set of address it will use *and* a SoC that can block further changes or make changing them a privileged operation (e.g. can only be done from trusted world) then the bootloader parts of the trusted firmware can be modified to configure the DMA windows for the hardware and then seal them off before Linux starts to run.

to post comments

Restricted DMA

Posted Jan 11, 2021 23:48 UTC (Mon) by florianfainelli (subscriber, #61952) [Link]

The key for this scheme to work is that you need some sort of protection mechanism whereby the PCIe host bridge is allowed/denied access to specific regions of memory. The use of an ARM Trusted Firmware is probably two fold in that it is part of the chain of trust for said platform, and given there are at least 2 different SoC vendors to be supported, then the firmware provides some nice abstraction on how to configure this region to be restricted.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds