Re: [Tails-dev] Tails: pcmcia / firewire / etc.

Delete this message

Reply to this message
Autor: Maxim Kammerer
Data:  
A: Steve Weis
CC: tails-dev
Assumpte: Re: [Tails-dev] Tails: pcmcia / firewire / etc.
On Sat, Oct 13, 2012 at 5:18 AM, Maxim Kammerer <mk@???> wrote:
> On Sat, Oct 13, 2012 at 5:04 AM, Steve Weis <steveweis@???> wrote:
>> I think the kernel is working as expected. Debian and Ubuntu are both also
>> vulnerable by default, since FireWire modules are loaded automatically.
>
> From Documentation/debugging-via-ohci1394.txt:
> “The alternative firewire-ohci driver in drivers/firewire uses filtered physical
> DMA by default, which is more secure but not suitable for remote debugging.”


There is some more information in 1394 OHCI Spec v1.1 [1, §5.14.2].
drivers/firewire/ohci.c doesn't touch OHCI1394_PhyReqFilter* registers
at all if CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set, so physical
request DMA should be forwarded to asynchronous request DMA. Could it
be that the kernel does not implement AR DMA correctly?

There is also something strange when the spec is compared to the older
v1.0 spec [2, §5.13.2]. The older spec does not have a clarification
wrt. what happens on a bus reset, in Table 5-21 (whether it has such a
clarification in §5.13.1, for instance). It has such a clarification
in the newer v1.1 spec, in Table 5-22. Is it possible that when
implementing OHCI 1.0, vendors did not know what to do, and kept the
physReq* registers values even over a soft reset? This is quite
unlikely, of course, but did you try to power off the computer
completely before performing the test?

[1] http://download.microsoft.com/download/1/6/1/161ba512-40e2-4cc9-843a-923143f3456c/ohci_11.pdf
[2] ftp://ftp.microsoft.com/bussys/1394/OHCI/Released_Specs/OHC1.0.pdf

--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte