Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-23 16:41:04 -05:00
Code Issues Packages Projects Releases Wiki Activity

enforce of IOMMU TLB invalidation

Browse Source
This commit is contained in:
Raja Grewal 2022-07-13 04:47:07 +10:00
parent 33df16af80
commit a47922ad28
No known key found for this signature in database
GPG Key ID: E34A5801947020A5
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
etc/default/grub.d/40_enable_iommu.cfg
View File

@ -10,3 +10,8 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=on"
## https://mjg59.dreamwidth.org/54433.html ## https://mjg59.dreamwidth.org/54433.html
## https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4444f8541dad16fefd9b8807ad1451e806ef1d94 ## https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4444f8541dad16fefd9b8807ad1451e806ef1d94
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma"
## Enables strict enforcement of IOMMU TLB invalidation so devices will never be able to access stale data contents
## https://github.com/torvalds/linux/blob/master/drivers/iommu/Kconfig#L97
## Page 11 of https://lenovopress.lenovo.com/lp1467.pdf
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX iommu.passthrough=0 iommu.strict=1"