WHERE is VT-D protection against DMA attacks implemented..?
Is it implemented at a particular VM, such as
"sys-net"
or
"sys-firewall"
Or is this just built-in to the entire Qubes system regardless of which VM you are using..?
If I were to run something like
wget google.com
within "sys-net" terminal
Would that be protected by VT-D..?
Thanks
Intel VT-d is a hardware virtualization feature and it is implemented in hardware.
Xen uses Intel VT-d. Xen does not call it Intel VT-d, instead Xen uses the more general term IOMMU (I/O MMU).
For the rest look at Zrubi's answer.