dma-attack – WindowsTechs.com

How does IOMMU and/or Linux kernel handle DMA that span a page boundary?

Posted on November 5, 2023 by sammy17

I am looking into how DMA works at the device driver and kernel level in the Linux kernel.
I observed that access control to DMA buffers from IO devices is performed by the IOMMU and IOMMU driver in the kernel.
I will provide an example to… Continue reading How does IOMMU and/or Linux kernel handle DMA that span a page boundary?→

PCR to prevent TPM2 key unsealing in case of rogue DMA devices connected?

Posted on August 29, 2023 by Polizi8

Security threat: physical theft of a laptop and a server that use TPM2 auto unlock FDE with LUKS. In both cases the TPM checks against some PCRs before unsealing the key. The laptop prompts for a TPM PIN, the server doesn’t. The attacker i… Continue reading PCR to prevent TPM2 key unsealing in case of rogue DMA devices connected?→

How to check if a PCI device is trusted or untrusted by the Linux kernel (for IOMMU)?

Posted on June 2, 2023 by sammy17

I am looking into the protection provided by IOMMU against DMA attacks.
I noticed that the Linux kernel provides a feature called bounce buffers for untrusted PCI devices (https://lwn.net/Articles/786558/) when the device drivers allocate … Continue reading How to check if a PCI device is trusted or untrusted by the Linux kernel (for IOMMU)?→

Security by using USB NIC, USB to SATA adapter, etc

Posted on April 1, 2023 by ValoWaking

After reading libreboot FAQ i have some questions about USB 2.0 bus. There it is strongly recommended to use usb devices – USB network card and USB to SATA adapter (to connect HDD or SSD with it). The reason is the lack of DMA. But all spe… Continue reading Security by using USB NIC, USB to SATA adapter, etc→

Detect DMA attack

Posted on December 9, 2021 by jamalk

How can you detect DMA attacks like reading or writing to memory?
Could you distinguish a normal peripheral from a malicious one or one that has become malicious?

Continue reading Detect DMA attack→

Bitlocker TPM + PIN vs pre-boot DMA attack

Posted on March 11, 2021 by user252597

In this link there are talks about pre-boot DMA attack:
https://eclypsium.com/2020/01/30/direct-memory-access-attacks/
If the user would have a Bitlocker TPM + PIN enabled, would an attacker with a pre-boot DMA attack be able to do harm?
T… Continue reading Bitlocker TPM + PIN vs pre-boot DMA attack→

Non-obvious Mitigations for This DMA-Attack Demonstrated by F-Secure

Posted on July 17, 2019 by Daniel

Are there any non-obvious mitigations for the big DMA-attack revealed last year and demonstrated in this video by F-Secure?

We know that Microsoft has published some material pertaining to DMA-attacks, but, from my reading o… Continue reading Non-obvious Mitigations for This DMA-Attack Demonstrated by F-Secure→

BIOS Password vs. BitLocker Pre-boot PIN

Posted on July 12, 2019 by Daniel

I’m attempting to ensure maximum security for my PC. I’m running Windows 10 Pro on a business-class HP notebook.

Unless I’m mistaken, I understand that both a BIOS password and the BitLocker pre-boot PIN can help to prevent DMA attacks. I… Continue reading BIOS Password vs. BitLocker Pre-boot PIN→

Thunderclap: Apple Macs at risk from malicious Thunderbolt peripherals

Posted on February 28, 2019 by John E Dunn

Researchers have revealed how malicious Thunderbolt and PCI Express (PCIe) peripherals could be used to compromise computers running macOS, Windows, Linux and FreeBSD. Continue reading Thunderclap: Apple Macs at risk from malicious Thunderbolt peripherals→

New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers

Posted on February 27, 2019 by Mohit Kumar

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend… Continue reading New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers→