top | item 38873532

(no title)

defparam | 2 years ago

Sure, but aren't you connecting your general purpose serdes to a peer PCIe controller? I don't understand why having raw serdes control is a security concern in this regard unless you are trying to find exploits at the physical layer...

In any regard, a lot of threat models (including mine) consider installing hardware (especially an FPGA) as a trusted action.

discuss

Lramseyer|2 years ago

The thing is, the PCIe EP on the FPGAs uses the general purpose SerDes that are routed to the PCIe controller in the bitstream. So if you were to load a different malicious bitstream (which is admittedly a challenge in it's own regard) You could turn the FPGA into a malicious PCIe device.

opello|2 years ago

Is the concern the idea that as FPGA fabric is included in more devices, some hypervisor escape is going to present this as additional attack surface?

Otherwise if it's configfs you're root on the system and unless it's integrated peripherals you plan to attack you probably have finer grained hardware context to imply physical access... which seems to minimize the farther reaching, generalizable concerns?

LargoLasskhyfv|2 years ago

Shouldn't that be solvable by extending mandatory access control frameworks to the IOMMU?