From c9ea7a4dca6e985c3a1044a3b4ddda83909fbc51 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 4 Dec 2023 11:02:55 -0500 Subject: [PATCH] use `amd_iommu=force_isolation` instead of `amd_iommu=force_enable` because we set `iommu=force` already anyhow fixes https://github.com/Kicksecure/security-misc/issues/175 --- etc/default/grub.d/40_enable_iommu.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/default/grub.d/40_enable_iommu.cfg b/etc/default/grub.d/40_enable_iommu.cfg index 10c732f..10a82fd 100644 --- a/etc/default/grub.d/40_enable_iommu.cfg +++ b/etc/default/grub.d/40_enable_iommu.cfg @@ -2,7 +2,7 @@ ## See the file COPYING for copying conditions. ## Enables IOMMU to prevent DMA attacks. -GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=force_enable" +GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX intel_iommu=on amd_iommu=force_isolation" ## Disable the busmaster bit on all PCI bridges during very ## early boot to avoid holes in IOMMU.