2022-05-20 14:46:38 -04:00
|
|
|
## Copyright (C) 2019 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
2019-11-05 09:55:43 -05:00
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
|
|
## Enables IOMMU to prevent DMA attacks.
|
2019-06-23 14:38:50 -04:00
|
|
|
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=on"
|
2020-02-14 13:52:01 -05:00
|
|
|
|
|
|
|
## Disable the busmaster bit on all PCI bridges during very
|
|
|
|
## early boot to avoid holes in IOMMU.
|
|
|
|
##
|
|
|
|
## https://mjg59.dreamwidth.org/54433.html
|
|
|
|
## https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4444f8541dad16fefd9b8807ad1451e806ef1d94
|
|
|
|
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma"
|
2022-07-12 14:47:07 -04:00
|
|
|
|
|
|
|
## Enables strict enforcement of IOMMU TLB invalidation so devices will never be able to access stale data contents
|
|
|
|
## https://github.com/torvalds/linux/blob/master/drivers/iommu/Kconfig#L97
|
|
|
|
## Page 11 of https://lenovopress.lenovo.com/lp1467.pdf
|
|
|
|
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX iommu.passthrough=0 iommu.strict=1"
|