top | item 44383632

(no title)

jsolson | 8 months ago

> Those are already unstoppable because they now use Direct Memory Access over the PCI-E bus, so the cheats don't even run on the same computer anymore.

Working on mostly server platforms, I had forgotten that IOMMU enablement (and, where relevant, enforcement) was not the default.

Consumer hardware and software is terrifying.

discuss

cwillu|8 months ago

Not sure how that's relevant, unless you find it terrifying that owners of hardware have control over their hardware.

dwattttt|8 months ago

It's your IOMMU, you can do what you want with it. Maybe you need to write heaps of stuff to take advantage of it, but what's new there?

The only thing you're getting by saying "no IOMMU" is "I want any devices in my machine to be able to do anything, not just what I want them restricted to".

jsolson|8 months ago

In my world, we won't let a system boot with production credentials unless the IOMMU is enabled.

This is enforced by a greatly enriched TPM (and it's willingness to unwrap credentials). We have trust several layers of firmware and OS software, but the same mechanism allows us to ensure that known-bad versions of those aren't part of the stack that booted.

If I wanted secure games (and the market would tolerate it), I'd push for enforcement of something similar in the consumer space.

unknown|8 months ago

[deleted]