User: Password:
|
|
Subscribe / Log in / New account

It does

It does

Posted Jan 11, 2013 12:24 UTC (Fri) by cladisch (✭ supporter ✭, #50193)
In reply to: It does by epa
Parent article: Attacking full-disk encryption with Inception

> But you are saying that the *disk* gets to choose which part of the host's memory to write to

Yes; the disk gets told by the disk driver the address which it should write to.

> and organizes the DMA itself?

The disk device just sends a packet with a specific address to the host.

This address usually works similar to the port number in TCP/IP, i.e., the controller writes the packet into a buffer configured by the driver, and the host's FireWire software stack uses the address to determine which driver/application gets to handle the packet.

However, as an optimization, FireWire controllers can be configured by the driver to handle certain packets from certain devices differently, by writing them to the physical memory address specified in the packet itself.


(Log in to post comments)

It does

Posted Jan 11, 2013 16:19 UTC (Fri) by epa (subscriber, #39769) [Link]

The disk device just sends a packet with a specific address to the host.
Surely not - the disk sends a packet to the SCSI controller, and then the SCSI controller writes into the host's memory. (Unless this is just a question of terminology)
However, as an optimization, FireWire controllers can be configured by the driver to handle certain packets from certain devices differently, by writing them to the physical memory address specified in the packet itself.
I see - that is the root of this vulnerability. Clearly if devices can be plugged in externally, that optimization needs to be disabled.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds