From 52de4478f790aeccee5ba6c4164a3486bd779756 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 2 Feb 2010 21:46:39 -0200
Subject: Adicionando procedimento de firewire

---
 firewire.mdwn | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'firewire.mdwn')

diff --git a/firewire.mdwn b/firewire.mdwn
index e69de29..289dc59 100644
--- a/firewire.mdwn
+++ b/firewire.mdwn
@@ -0,0 +1,21 @@
+Firewire
+========
+
+Para evitar dumps de memória via firewire, este artigo oferece a mitigação ideal via `/etc/modprobe.d/blacklist`:
+
+    # Physical memory attacks via Firewire/DMA Mitigation
+    # Prevent automatic loading of the ohci1394 module.
+    blacklist ohci1394
+    # Prevent manual loading of the ohci1394 module.
+    install ohci1394 false
+    # Iff we should ever load the ohci1394 module, force the use of the 'phys_dma=0' option.
+    options ohci1394 phys_dma=0
+
+Depois dessa configuração, é preciso atualizar a `initrd` de cada sistema, através do comando
+
+    update-initramfs -v -u
+
+Feito isso, o firewire pode ser desabilitado nos sistemas que estão rodando simplesmente com um
+
+    rmmod ohci1394
+
-- 
cgit v1.2.3