Force all PCIe devices through D3Cold #5
Labels
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
T: enhancement
Type: enhancement. An enhancement or improvement of existing functionality.
W: todo
Workflow: todo. The issue is in the initial to do state.
Comments
DemiMarie
added
P: default
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The problem you're addressing (if any)
The only quasi-guaranteed way to reset a PCIe device is to force it through D3Cold (electrically powered off). Otherwise, there is an increased risk that state could be carried over, which could be used to compromise the next user of the device.
Describe the solution you'd like
Hold all PCIe devices in D3Cold for long enough for internal capacitors to discharge.
Where is the value to a user, and who might that user be?
All users who use PCIe pass-through to untrusted VMs, or VFIO with untrusted userspace drivers, will benefit from improved security. This includes all users of Qubes OS
Describe alternatives you've considered
None
Additional context
None
Relevant documentation you've consulted
Private communication
Related, non-duplicate issues
None
The text was updated successfully, but these errors were encountered: