From: Stefano Stabellini Date: Mon, 11 May 2020 22:58:59 +0000 (-0700) Subject: xen/docs: add a document to explain how to do passthrough without IOMMU X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=refs%2Fheads%2Fdirect-map-2;p=people%2Fsstabellini%2Fxen-unstable.git%2F.git xen/docs: add a document to explain how to do passthrough without IOMMU Make sure to start with a WARNING about security. Signed-off-by: Stefano Stabellini --- diff --git a/docs/misc/arm/passthrough-noiommu.txt b/docs/misc/arm/passthrough-noiommu.txt new file mode 100644 index 0000000000..f3be973874 --- /dev/null +++ b/docs/misc/arm/passthrough-noiommu.txt @@ -0,0 +1,37 @@ +Request Device Assignment without IOMMU support +=============================================== + +WARNING: it is not secure to assign a device without IOMMU protection. A +domU can program the device to do DMA on its behalf, gaining access to +the whole system. Another security measure should be employed, such as +programming a MPU. + + +This document assumes that the IOMMU is absent from the system or it is +disabled (status = "disabled" in device tree). + + +Add xen,force-assign-without-iommu; to the device tree snippet + + ethernet: ethernet@ff0e0000 { + compatible = "cdns,zynqmp-gem"; + xen,path = "/amba/ethernet@ff0e0000"; + xen,reg = <0x0 0xff0e0000 0x1000 0x0 0xff0e0000>; + xen,force-assign-without-iommu; + + +Request 1:1 memory mapping for the dom0-less domain +=================================================== + +Add a direct-map property under the appropriate /chosen/domU node with +the memory ranges you want to assign to your domain. If you are using +imagebuilder, you can add to boot.source something like the following: + + fdt set /chosen/domU0 direct-map <0x0 0x10000000 0x0 0x10000000 0x0 0x60000000 0x0 0x10000000> + +Which will assign the ranges: + + 0x10000000 - 0x20000000 + 0x60000000 - 0x70000000 + +to the first dom0less domU.