Icon security track bubbles
Wednesday 12th 04:30 PM

How to enable AMD IOMMU in coreboot

The idea for this talk born from fascination about the philosophy behind QubesOS, OpenXT and ViryaOS. The underlying technology for those OSes is Xen. Xen is a well-known project under the Linux Foundation umbrella, but what is most interesting in it from open source firmware perspective are high-end virtualization features
like:

* DMA protection
* PCI pass-through
* Interrupt remapping
* SR-IOV
* TPM and vTPM
* others

With automotive market hypervisors slowly move into embedded space, what means underlying firmware will have to expose right infrastructure to provide initial configuration and security.

Most features have to be configured and exposed in a well-defined way by firmware. IOMMU is the system component that some of the mentioned features rely on.

As maintainers of PC Engines apuX platforms, we decided to work on AMD IOMMU enabling to create right infrastructure for hypervisors and operating systems.

In this presentation we want to:
* explain features of AMD IOMMU
* present recommended methods of AMD IOMMU enabling
* demonstrate current status of our work
* discuss future user needs and implementation plans

Download the paper

Download .ics