On Mon, Dec 23, 2019 at 7:46 AM Arvind Sankar <nivedita@xxxxxxxxxxxx> wrote: > Also, what about for eg, the USB or SATA controllers? I know that > someone had said earlier that disabling BM on endpoints is pointless as > malicious endpoints could just re-enable it, but is it not possible for > malicious USB devices/SATA devices to try to use DMA through those > controllers? ie if we trust the controllers since they're on-board, but > not necessarily the devices behind them, wouldn't it still be worth it > to disable BM on the controllers too? The concern is DMA initiated by a hostile device. SATA and USB don't permit the devices themselves to initiate DMA, whereas PCI does.
