Speaking of which, how exactly does seL4 enforce no dma on systems without
Also, what if the DMA controllers had its own device driver and the seL4
kernel could be instructed to do the DMA buffer management itself and
simply not allow any "userland" code to touch the DMA controller? Maybe if
you have an untyped memory cap you can pass it to the kernel and ask it to
be "mapped" to the dma controller.
On Fri, Dec 25, 2015 at 10:14 PM, Corey Richardson <corey(a)octayn.net> wrote:
On Fri, Dec 25, 2015 at 03:28:07PM -0800, Raymond
Is it ever possible for seL4 to run on a
conventional machine without an
IOMMU if any code that manipulates a DMA capable device is included as
trusted or does DMA automatically void any assurance?
Reason for question: Running seL4 on a system without an IOMMU.
You aren't able to do this in a "stock" seL4 ever. It may be possible to
modify the kernel to allow unsafe DMA, though I don't know precisely what
DMA in and of itself will not void any assurance if you already include the
device and driver in the TCB.