From b72d50c37c5dc73f72c18a1caa90c4058f8a1e0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?imme=C3=ABmosol?= Date: Sun, 14 May 2023 17:41:43 +0200 Subject: [PATCH] Add (I/O MMU) behind VT-d in security-guidelines.md --- docs/security/security-guidelines.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/security/security-guidelines.md b/docs/security/security-guidelines.md index 26aac36..69a179f 100644 --- a/docs/security/security-guidelines.md +++ b/docs/security/security-guidelines.md @@ -68,9 +68,9 @@ In **Dom0** terminal, run: qubes-hcl-report ~~~ -where \ is the name of the VM within which the report will be written (but the report will also be displayed in the Dom0 terminal). If it displays that VT-d is active, you should be able to assign **PCIe devices to an HVM** and **enjoy DMA protection** for your driver domains, so you successfully passed this step. +where \ is the name of the VM within which the report will be written (but the report will also be displayed in the Dom0 terminal). If it displays that VT-d (I/O MMU) is active, you should be able to assign **PCIe devices to an HVM** and **enjoy DMA protection** for your driver domains, so you successfully passed this step. -If VT-d is not active, attempt to activate it by selecting the **VT-d flag** within the BIOS settings. If your processor/BIOS does not allow VT-d activation you still enjoy much better security than alternative systems, but you may be vulnerable to **DMA attacks**. Next time you buy a computer consult our **[HCL (Hardware Compatibility List)](https://www.qubes-os.org/hcl/)** and possibly contribute to it. +If VT-d (I/O MMU) is not active, attempt to activate it by selecting the **VT-d flag** within the BIOS settings. If your processor/BIOS does not allow VT-d activation you still enjoy much better security than alternative systems, but you may be vulnerable to **DMA attacks**. Next time you buy a computer consult our **[HCL (Hardware Compatibility List)](https://www.qubes-os.org/hcl/)** and possibly contribute to it. Updating Software -----------------