> All this is true and I totally agree with you. But there are partial > workarounds against this attack (see Windows/MacOS). All I wanted to > know whether there were any work in this direction. I'm not a programer. > It is impossible for me to answer to yourself by studying commits to CVS.
An IOMMU provides some protection against these attacks. Intel calls their IOMMU "VT-d", which as what https://github.com/carmaa/inception/blob/master/README.md mentions as a partial workaround. An IOMMU can be used to restrict access to physical memory by PCI devices. OpenBSD/sparc64 has had IOMMU support since its inception and is therefore less vulnerable to attacks like this. Intel makes you pay extra for protection against this type of attacks as only the more expensive CPUs support VT-d. A lot of hardware that does have VT-d support has it disabled in the BIOS. And even when enabled many OSes will not enable the IOMMU if it isn't absolutely necessary because it makes I/O a little bit slower. I would welcome VT-d support for OpenBSD/amd64. Unfortunately Intel's implementation is quite complex and BIOS support can (allegedly) be quite buggy. So the really paranoid amongs us just put glue in their firewire ports.
