linux: Enable Intel DMA Remapping Devices by default on x86_64

If available, the kernel will enable IOMMU (a/k/a DMA remapping) by
default on boot. To tools making use of that, particularly hypervisors,
this provides better security without any downsides.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This commit is contained in:
Peter Müller
2022-07-11 14:48:08 +00:00
parent 37895e21bf
commit 5591a68c05
2 changed files with 2 additions and 1 deletions

View File

@@ -6488,7 +6488,7 @@ CONFIG_AMD_IOMMU_V2=y
CONFIG_DMAR_TABLE=y
CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_SVM=y
# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
CONFIG_INTEL_IOMMU_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set
CONFIG_IRQ_REMAP=y

View File

@@ -8075,6 +8075,7 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/INTEL_INT0002_VGPIO
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOATDMA
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU_DEFAULT_ON
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU_FLOPPY_WA
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU_SVM
#lib/modules/KVER-ipfire/build/include/config/INTEL_IPS