IOMMU isolation

[orangecms]

Raised by @demimarie:

Firmware should provide the ability to not turn on certain devices until the OS and/or hypervisor has brought up IOMMU, so that the OS/hypervisor can enforce isolation. A user should then be able to ensure that all devices are bounced through D3Cold during any reboot.

The purpose of this is to ensure that IOMMU isolation can actually work, even on devices that do not support DRTM or that have no way of verifying the attestations DRTM provides.

[orangecms]

see alco

• https://learn.microsoft.com/en-us/windows-hardware/drivers/display/iommu-based-gpu-isolation
• https://docs.oracle.com/cd/E19683-01/806-5222/dma-isolation/index.html
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-iommu-deep-dive