Closed tobyxdd closed 6 years ago
The IOMMU is a memory management unit for devices, which basically allows for the operating system to assign "device page tables" to individual devices.
Many operating systems do not use the IOMMU to protect against DMA attacks at all. Some systems, such as Windows 10 with Virtualization Based Security will only protect their "secure kernel" fully, while leaving ordinary kernel/user-space read-only or totally unprotected. (that is what I mean with does not work fully). Some systems, such as macOS protects almost everything by default.
Thank you for the explanation. I wonder if there is any other way to get around this protection? (Although it may be off-topic for this project) Is it possible to directly "hijack" the DRAM, for example to plug into the pins of its socket and record IO operations to get a full copy of physical memory?
About the RAM attack you mention, it's been done, but it's cutting edge research.
Thanks for the information! It seems not really practical yet.
I'm a little curious about why exactly the virtualization affects this, and what it's the meaning of
does not work fully
? Many thanks!