-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
>
> On Sun, May 21, 2017 at 10:59:00AM -0700, blacklight wrote:
>> I see, maybe does @Marek knows a way to test it? Since performing
>> a dma attack is not in the abilities of the average user, it
>> might be benifical for a users security to be able to check it
>
> I don't know any generic method. I have tried in the past a simple
> modification to a driver (AFAIR e1000e) to command the device to
> send received data (DMA) to completely different address. Then,
> with IOMMU disabled, it crashed the whole host, but with IOMMU
> enabled, it crashed only that VM or even just the device didn't
> worked.
For Intel systems there is an application called Chipsec that runs all
sorts of UEFI tests, including DMA. The only downside to Chipsec is
that it must be run in dom0, making it potentially extremely
vulnerable. Read the warning.txt for more info. It is better for
running in a live distro, unless it is made into a package that scrubs
everything from the warning.txt after the report is output. Chipsec
currently does not help out any of the AMD users, but I am working on
porting it to AMD systems.
Here is a link directly to the Chipsec module that tests the DMA
protection:
https://github.com/chipsec/chipsec/blob/master/chipsec/modules/smm_dma.p
y
>> On 05/15/2017 10:35 PM, 'Bjoern Christoph' via qubes-devel
>> wrote:
>>> Ok, it's NOT working after all. Trying to install a HVM causes
>>> a reboot... so I guess there is more work left there after
>>> all.
>>>
>>> You can ignore the HCL report then as well.
>>>
Bjoern,
Have you made any progress on this, and are you still looking for help
with this? I would love to help get Qubes up and running on Ryzen.
-----BEGIN PGP SIGNATURE-----
iQJPBAEBCAA5FiEE/uqpYKVXMvPi+oujATVgIguBe+gFAllwECMbHGVtZXJnZW5j
eW1leGljYW5AZ21haWwuY29tAAoJEAE1YCILgXvo4o0QAJZSC/Ed3lOQFT22aFnx
I0kASQf8dNrzmrUyGIStEwJMxlFlw+ZYVC5kubVsI2wWlsu3djyEECpzhvlIO7O1
MelVoMM2FJv9wFAegyVSPRNA4+RfLojHGmfpkLK4OwAJ46acYBZOmHNPiwKg6YJI
bbEfBinQpwmUxqXpIz6qOwg2VSoKFa42jiAu+7iz007h3EO2vlefpfkj4h0uftxC
Y3OFY55Db6wzOCoAMHtUfA1rWN4t7d3E7sV+nB9DDHoaSZdwmACaekxZCGMAwqVu
pHFzcv1Iie1c3VDmcAzA11meYudR8e7tMBJlq9BP2N7ZfD+zktTREaKF2+L5HAXx
DbYKpTfa2AsbGtbD8DMSYchvbYIqfxyBXraXlFY4GcqWEpNahxSmyBbpUj2FT0Wi
bxZIRi47YoE4/S5NR29iWTF9jnTbzlCHcGPwEtRkuzy0cW5vSwfY4pr6K28D/5tg
phgF9dpTf4W+Kh35IDaKYX81TciiXJmEEV2VLxlbnn6wNQ8A4awf26JX2P4ZfAUV
1oGWIA9QcwVmXj/i5yvtc+xt2Qp9eX4j0uvJZ9U2Cv7ER2580bVHqFuX24WCcH9G
1Vr23Gg+JcaUUrlZdmZG3KLbBAgWs7NhzsKLmSS/m7OdNMXjQ35GVYCcR1cR65+R
w+bu+9zrMRT3RDE5AxZ9UZEa
=aiKl
-----END PGP SIGNATURE-----