aboutsummaryrefslogtreecommitdiff
path: root/firewire.mdwn
blob: 63ac7f426779e84f5c59c650acc4b406ea45190f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[[!toc levels=4]]

Firewire
========

Para evitar [dumps de mem�ria via firewire](http://links.sarava.org/tags/firewire), [este artigo](http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation) oferece a mitiga��o ideal via `/etc/modprobe.d/blacklist`:

    # Physical memory attacks via Firewire/DMA Mitigation
    # Prevent automatic loading of the ohci1394 module.
    blacklist ohci1394
    # Prevent manual loading of the ohci1394 module.
    install ohci1394 false
    # Iff we should ever load the ohci1394 module, force the use of the 'phys_dma=0' option.
    options ohci1394 phys_dma=0

Depois dessa configura��o, � preciso atualizar a `initrd` de cada sistema, atrav�s do comando

    update-initramfs -v -u

Feito isso, o firewire pode ser desabilitado nos sistemas que est�o rodando simplesmente com um

    rmmod ohci1394