WHERE is VT-D implemented..?
34 views
Skip to first unread message
neilh...@gmail.com
Sep 19, 2016, 8:44:53 PM9/19/16
to qubes-users
Quick question.
WHERE is VT-D protection against DMA attacks implemented..?
Is it implemented at a particular VM, such as
"sys-net"
or
"sys-firewall"
Or is this just built-in to the entire Qubes system regardless of which VM you are using..?
If I were to run something like
wget google.com
within "sys-net" terminal
Would that be protected by VT-D..?
Thanks
Zrubi
Sep 20, 2016, 3:15:00 AM9/20/16
to neilh...@gmail.com, qubes-users
On 09/20/2016 02:44 AM, neilh...@gmail.com wrote:
> WHERE is VT-D protection against DMA attacks implemented..?
VT-D is implemented in Xen and it is actually protecting PCI passtrough
> WHERE is VT-D protection against DMA attacks implemented..?
feature:
https://wiki.xen.org/wiki/Xen_PCI_Passthrough
Because Qubes using Xen, all the VM's are protected against DMA attacks,
however most of the VM's are not even affected by DMA attacks, only the
ones having PCI device assigned.
(sys-net and sys-usb by default)
--
Zrubi
J. Eppler
Sep 21, 2016, 1:39:15 AM9/21/16
to qubes-users, neilh...@gmail.com
WHERE is VT-D implemented..?
Intel VT-d is a hardware virtualization feature and it is implemented in hardware.
Xen uses Intel VT-d. Xen does not call it Intel VT-d, instead Xen uses the more general term IOMMU (I/O MMU).
For the rest look at Zrubi's answer.
Reply all
Reply to author
Forward
0 new messages