diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2024-02-24 15:03:05 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2024-02-24 15:03:05 -0300 |
| commit | c1b973a39a5be58eb4465603b971235ed7fedd4d (patch) | |
| tree | 4cd1890930fa3ee59e244a9d963592a7b51979d4 /firewire.md | |
| parent | 3541adeafcdb79efdedc1f9d29a3bca15571c611 (diff) | |
| download | padrao-c1b973a39a5be58eb4465603b971235ed7fedd4d.tar.gz padrao-c1b973a39a5be58eb4465603b971235ed7fedd4d.tar.bz2 | |
Feat: migrate docs from Ikiwiki to MkDocs
Diffstat (limited to 'firewire.md')
| -rw-r--r-- | firewire.md | 23 |
1 files changed, 0 insertions, 23 deletions
diff --git a/firewire.md b/firewire.md deleted file mode 100644 index 63ac7f4..0000000 --- a/firewire.md +++ /dev/null @@ -1,23 +0,0 @@ -[[!toc levels=4]] - -Firewire -======== - -Para evitar [dumps de memória via firewire](http://links.sarava.org/tags/firewire), [este artigo](http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation) oferece a mitigação ideal via `/etc/modprobe.d/blacklist`: - - # Physical memory attacks via Firewire/DMA Mitigation - # Prevent automatic loading of the ohci1394 module. - blacklist ohci1394 - # Prevent manual loading of the ohci1394 module. - install ohci1394 false - # Iff we should ever load the ohci1394 module, force the use of the 'phys_dma=0' option. - options ohci1394 phys_dma=0 - -Depois dessa configuração, é preciso atualizar a `initrd` de cada sistema, através do comando - - update-initramfs -v -u - -Feito isso, o firewire pode ser desabilitado nos sistemas que estão rodando simplesmente com um - - rmmod ohci1394 - |