相信你的硬件

你上次逆向工程自己主板上的所有PCI设备是在什么时候？......认识一下游戏变革者：IOMMU （Intel VT-d 处理器）。加上好的OS/VMM设计，该技术能准确定位出大多数硬件后门的问题来。有好的OS/VMM设计的系统，一个好的实际可用的例子，是Xen 3.3。Xen 3.3支持VT-d，允许你将驱动转移到独立的、无特权的驱动域中。通过这种方式，每一个PCI设备都可被限制为仅可通过DMA方式访问被其驱动所占用的内存。

转载请注明：Linux人社区>英文资讯翻译专版.编译

英文原文：
[img=15,15]http://www.osnews.com/images/gstaroff.gif[/img] Trusting Your Hardware
posted by David Adams on Fri 2nd Mar 2012 16:03 UTC
[img=32,32]http://www.osnews.com/images/icons/33.gif[/img]When was the last time you reverse-engineered all the PCI devices on your motherboard?. . . Enters the game-changer: IOMMU (known as VT-d on Intel). With proper OS/VMM design, this technology can address the very problem of most of the hardware backdoors. A good example of a practical system that allows for that is Xen 3.3, which supports VT-d and allows you to move drivers into a separate, unprivileged driver domain(s). This way each PCI device can be limited to DMA only to the memory region occupied by its own driver.