The problem you're addressing (if any)
The only quasi-guaranteed way to reset a PCIe device is to force it through D3Cold (electrically powered off). Otherwise, there is an increased risk that state could be carried over, which could be used to compromise the next user of the device.
Describe the solution you'd like
Hold all PCIe devices in D3Cold for long enough for internal capacitors to discharge.
Where is the value to a user, and who might that user be?
All users who use PCIe pass-through to untrusted VMs, or VFIO with untrusted userspace drivers, will benefit from improved security. This includes all users of Qubes OS
Describe alternatives you've considered
None
Additional context
None
Relevant documentation you've consulted
Private communication
The problem you're addressing (if any) The only quasi-guaranteed way to reset a PCIe device is to force it through D3Cold (electrically powered off). Otherwise, there is an increased risk that state could be carried over, which could be used to compromise the next user of the device.
Describe the solution you'd like Hold all PCIe devices in D3Cold for long enough for internal capacitors to discharge.
Where is the value to a user, and who might that user be? All users who use PCIe pass-through to untrusted VMs, or VFIO with untrusted userspace drivers, will benefit from improved security. This includes all users of Qubes OS
Describe alternatives you've considered None
Additional context None
Relevant documentation you've consulted Private communication
Related, non-duplicate issues None