franconian.net talks

Things not to do when using an IOMMU

franconian.net
This presentation takes you from why there was a need for an IOMMU, what the attack surface is, and what the common missuses and mistakes are and offers advise along the way.
Back in the old days, when devices wanted to share data with the CPU, it would send it to the CPU (e.g. P/IO) and the CPU would receive it and then handle it. This worked well, for a while, but devices would become faster, and send more data. This was slow, so devices were granted direct access to memory, relieving the CPU of doing any kind of work to receive data, and all the CPU has to do is wait for memory to be written by the device. This worked well. This still works well. DMA is a wonderful thing for performance. Everything became faster, MUCH faster. Everyone was happy. Then -not that long ago- people wanted to make secure "hardware / external PCI port / virtualization". DMA is not your friend in these scenarios, e.g. your hard disk shouldn't be able to read kernel memory and read out DRM keys! There are all sorts of possible creative solutions to this problem. A common one is a thing called an IOMMU, IO Memory Management Unit. These days they come in all shapes and sizes. Conceptually, they act as gate keepers. They get to decide what device gets access to what part of physical memory and are initially programmed by the CPU. This presentation is for the poor schmo who has to port the old drivers (or make new ones utilizing an IOMMU). We've spent the last couple of years reviewing various trusted firmware's and secure devices that make use of an IOMMU to protect against DMA attacks. Many things can go wrong if you're not using the IOMMU correctly. In this presentation we address these issues systematically, showing what they look like and offering some advice.

Additional information

Type Talk
Language English

More sessions

12/27/20
franconian.net talks
Florian Festi
franconian.net
Laser cutters get more and more common in hacker and maker spaces around the world - and rightly so. They are amazing machines that are fast, precise, versatile and easy to use. This talk will get give a quick introduction into laser cutting and will show a few examples what a laser cutter can do.
12/27/20
franconian.net talks
Anthony
franconian.net
An overview of Tox, including the motivation for the project, its benefits, how the protocol works, info on the reference library, and info on some of the clients.
12/27/20
franconian.net talks
Tobias "Tobi" Buchberger
franconian.net
Tox [0] is a free and open source peer-to-peer instant messaging protocol and implementation, that aims to provide secure messaging. It’s intended as an end-to-end encrypted (E2EE) and distributed Skype replacement. Tox’ cryptography is based on the NaCl library from Daniel J. Bernstein [1]. The cryptographic primitives for the key exchange (X25519), authentication (Poly1305) and symmetric encryption (XSalsa20) are state of the art peer-reviewed algorithms. Unfortunately Tox’ authenticated ...
12/28/20
franconian.net talks
franconian.net
From the AFL++ team comes a talk about the core concepts of fuzzing, novel fuzzing research, a library, and parts of fuzzing that can be edited and swapped out.
12/28/20
franconian.net talks
miro
franconian.net
Names of people cannot be invalid.
12/28/20
franconian.net talks
Vanessa
franconian.net
Die Geschichte einer etwas ungewöhnlichen Hausbesetzung im schwäbischen Reutlingen (kein Witz!) und was sich daraus bisher entwickelt hat - zusammen mit einer Idee, wie selbstbestimmtes Wohnen aussehen kann und meinen bisherigen Erfahrungen, was auf unserem Weg hilfreich war.
12/29/20
franconian.net talks
franconian.net
Frauen gelten insbesondere als perfide Zielscheibe von Hass und Hetze im digitalen Diskurs. Wir schauen uns die Dimension der digitalen Gewalt gegen Frauen genauer an. Die Bandbreite unterschiedlicher Erscheinungsformen sowie ihre Strafbarkeit wird vorgestellt. Wir beleuchten die unterschiedlichen Ursachen und zeigen davon ausgehend die daraus entstehenden Probleme und Konsequenzen. Handlungsmöglichkeiten und ein interaktiver Austausch bieten einen aktiven Abschluss.