On Thu, Nov 15, 2018 at 08:27:41PM +0100, Lukas Wunner wrote: > On Thu, Nov 15, 2018 at 09:10:26PM +0200, Mika Westerberg wrote: > > I was thinking we could cover all these with is_external filling them > > based on the _DSD or some other means in the kernel. > > > > We would then deal all such devices as "untrusted" by default. > > Tinfoil hat on, even internal devices could be malicious. > What's the downside of enabling the feature for everything? Mostly performance, I think. That's the main reason we put all non external devices to passthrough IOMMU mode.