Posted Jan 11, 2013 16:19 UTC (Fri) by epa
In reply to: It does
Parent article: Attacking full-disk encryption with Inception
The disk device just sends a packet with a specific address to the host.
Surely not - the disk sends a packet to the SCSI controller, and then the SCSI controller writes into the host's memory. (Unless this is just a question of terminology)
However, as an optimization, FireWire controllers can be configured by the driver to handle certain packets from certain devices differently, by writing them to the physical memory address specified in the packet itself.
I see - that is the root of this vulnerability. Clearly if devices can be plugged in externally, that optimization needs to be disabled.
to post comments)