Talk Title:

Things not to do when using an IOMMU

Abstract:

Back in the old days, when devices wanted to share data with the CPU, it would send it to the CPU (e.g. P/IO) and the CPU would receive it and then handle it. This worked well, for a while, but devices would become faster, and send more data. This was slow, so devices were granted direct access to memory, relieving the CPU of doing any kind of work to receive data, and all the CPU has to do is wait for memory to be written by the device. This worked well. This still works well. DMA is a wonderful thing for performance. Everything became faster, MUCH faster. Everyone was happy.

Then -not that long ago- people wanted to make secure "hardware / external PCI port / virtualization". DMA is not your friend in these scenarios, e.g. your hard disk shouldn't be able to read kernel memory and read out DRM keys! There are all sorts of possible creative solutions to this problem. A common one is a thing called an IOMMU, IO Memory Management Unit. These days they come in all shapes and sizes. Conceptually, they act as gate keepers. They get to decide what device gets access to what part of physical memory and are initially programmed by the CPU.

This presentation is for the poor schmo who has to port the old drivers (or make new ones utilizing an IOMMU).

We've spent the last couple of years reviewing various trusted firmware's and secure devices that make use of an IOMMU to protect against DMA attacks. Many things can go wrong if you're not using the IOMMU correctly. In this presentation we address these issues systematically, showing what they look like and offering some advice.

Speaker Bio:

Ilja van Sprundel is a experienced in secure code review, network and application testing. As IOActive's Director of Penetration Testing, he performs primarily gray-box penetration testing engagements on mobile and low level applications and firmware (specializing in low level internals, OS kernel internals, bootloaders, hypervisors, ...) that require customized fuzzing and source code review, identifying system vulnerabilities, and designing custom security solutions for clients.van Sprundel specializes in the assessment of low-level kernel code and architecture/infrastructure design, having security reviewed literally hundreds of thousands of lines of code. However, as a Director, he also functions in a managerial capacity by overseeing penetration testing engagements, providing oversight regarding technical accuracy, serving as the point of contact between technical consultants and technical stakeholders, and ensuring that engagements are delivered on time and in alignment with customer's expectations. van Sprundel also is responsible to mentor and guide Associate-level consultants as they grow both their penetration testing and general consulting skillsets. He is the driver behind the team's implementation of cutting-edge techniques and tools, guided by both research and successful exploits performed during client engagements.

Joseph Tartaro is an Associate Principal Consultant, interested in offensive security and hacking of retro and modern video games. He makes a living as Associate Principal Consultant at IOActive, which helps fund his degenerate passion for hardware hacking on old video game console hardware. He’s spoken at conferences like Defcon, CCC and Ruxcon and helped bring Metal Gear Online back to life. He enjoys international travel to security conferences to kick it with awesome hackers.