|
|
Log in / Subscribe / Register

Keeping secrets in memfd areas

Keeping secrets in memfd areas

Posted Feb 18, 2020 22:38 UTC (Tue) by ncm (guest, #165)
Parent article: Keeping secrets in memfd areas

Of course nothing is concealed from DMA. NICs, GPUs, and even audio hardware and USB bridges often have poorly-secured DMA capability.

to post comments

Keeping secrets in memfd areas

Posted Feb 18, 2020 23:38 UTC (Tue) by excors (subscriber, #95769) [Link]

That depends on the hardware details - e.g. I believe some common ARM TrustZone implementations can mark regions of memory as inaccessible to the DMA controller, the GPU, the CPU, etc, which sounds like it could be useful here. (Sometimes used for DRM video decoding, where the decrypted bitstream and decoded frames are accessible to the VPU/GPU/display and not to the CPU, but it could be configured the other way round.)

Keeping secrets in memfd areas

Posted Feb 20, 2020 22:42 UTC (Thu) by chutzpah (subscriber, #39595) [Link]

An IOMMU should be able to protect against rogue devices with DMA access, currently Linux's IOMMU usage does have some leaks, but it should be able to protect this memory.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds