Uncategorized

Qubes MSI support for PCI device pass-through with stub domains

MSI support for PCI device pass-through with stub domains
by Simon Gaiser
In this post, we will describe how we fixed MSI support for VMs running in HVM mode in Qubes 4.0. First, allow us to provide some background about the MSI feature and why we need it in the first place.[…]

https://www.qubes-os.org/news/2017/10/18/msi-support/

 

Standard
Uncategorized

Microsoft Windows DMA Guard

[…] New Bitlocker features in Windows 10, version 1507:
* DMA port protection. You can use the DataProtection/AllowDirectMemoryAccess MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on.
[…]

This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled.

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-dataprotection#dataprotection-allowdirectmemoryaccess

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceguard
https://docs.microsoft.com/en-us/windows/device-security/device-guard/deploy-device-guard-enable-virtualization-based-security
https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide
https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-manage
https://docs.microsoft.com/en-us/windows/device-security/device-guard/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies

Standard
Uncategorized

PCILeech 2.0 released

https://github.com/ufrisk/pcileech

 

Standard
Uncategorized

ShowPCIx: UEFI tool to show PCI devices using PCI.IDS database

https://github.com/fpmurphy/UEFI-Utilities-2016/tree/master/MyApps/ShowPCIx

http://blog.fpmurphy.com/2017/04/using-pci-ids-database-to-show-pci-vendor-and-device-information-in-uefi-shell.html

http://pci-ids.ucw.cz/

http://pcidatabase.com/

 

 

Standard
Uncategorized

6-part Youtube BIOS system architecture series

 

BIOS Session 1 – System Memory Map
BIOS Session 2 – Legacy Region
BIOS Session 3 – HIgh Level Overview of the BOOT flow
BIOS Session 4 – Transaction flows and address decoding part 1
BIOS Session 5 – Transaction flows and address decoding part 2
BIOS Session 6 – PCI Basics and Bus Enumeration

 

 

 

Standard