Commit 5edb6faf authored by Tomasz Nowicki's avatar Tomasz Nowicki
Browse files

ANDROID: GKI: x86: Enable INTEL_IOMMU 



pKVM-IA requires Intel IOMMU support for enforcing DMA isolation of
protected VMs memory. Also regardless of pKVM, we want to enable IOMMU
on chromebooks to enforce DMA isolation of untrusted devices (e.g. WiFi,
external Thunderbolt devices) within the host.

By default enable IOMMU in PASSTHROUGH mode, i.e. with identity mapping
(i.e. no DMA isolation within the host), to avoid pKVM's IOMMU
virtualization overhead for most devices (except untrusted devices, for
which kernel will enforce STRICT mode instead of PASSTHROUGH anyway).

Signed-off-by: default avatarDmytro Maluka <dmaluka@google.com>

Bug: 349990461
Bug: 379814782
Test: "grep . /sys/bus/pci/devices/*/iommu_group/type" shows IOMMU
domains of PCI devices.

Change-Id: Ied41b5c388368bb3bebfdb3dead3513ecc9cf4bb
Signed-off-by: default avatarTomasz Nowicki <tnowicki@google.com>
parent c1bb3686
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment