UPDATE: I have been informed that firmware will go out of its way to initialize Thunderbolt alternate mode device during boot and run Option ROMs from it (in ring 0, naturally) so now I think it should just be all burned to ground instead
-
Show this thread
-
Replying to @whitequark
You think everyone would have learned that Option ROMs are a bad idea from Heasman (2007), snare (2012), Thunderstrike (2014) or Thunderstrike 2 (2016), but here we are...pic.twitter.com/99pvPJ55JM
1 reply 7 retweets 21 likes -
Replying to @qrs @whitequark
Why, why, why do they keep doing idiotic things like this? Why does awful shit like thunderbolt even exist? Uhg.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @qrs
well how else do you want me to plug a 10 GbE card into my laptop if not via Thunderbolt?
1 reply 0 retweets 1 like -
Replying to @whitequark @qrs
I don't know a good solution for that kind of data rate, but I know a design that gives an external peripheral easily plugged in an external port full memory access and ring0 code-exec is an idiotically bad one.
2 replies 0 retweets 0 likes -
Replying to @RichFelker @qrs
"Option ROMs are bad" sure, regardless of Thunderbolt "OS/firmware should enable IOMMU" sure, regardless of Thunderbolt "Thunderbolt is awful" I lost you
1 reply 0 retweets 1 like -
Replying to @whitequark @qrs
Aren't option ROMs and lack of enforced IOMMU (i.e. a policy where nothing functions until OS sets up IOMMU) part of the host spec for Thunderbolt?
1 reply 0 retweets 0 likes -
Replying to @RichFelker @qrs
nope, Intel recommends using IOMMU https://firmware.intel.com/sites/default/files/Intel_WhitePaper_Using_IOMMU_for_DMA_Protection_in_UEFI.pdf …
2 replies 0 retweets 0 likes -
Replying to @whitequark @qrs
"Recommending" is not worth much if the default state is unprotected. The DMA interface simply should not work at all until the OS voluntarily adds IOMMU mappings.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @qrs
sure but that doesn't make Thunderbolt inherently bad
1 reply 0 retweets 0 likes
I think we're just disagreeing over what Thunderbolt entails. I'm including host implementations/ecosystem, you just the minimal interface. Former is usually awful, latter I agree could be done well.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.