I have been working on a system recently which we have got reasonably secure with secure boot and then a custom method of using dm-crypt on the main file-system. There are no obvious login paths.
However someone recently noted we have an open 4x PCIe port (for nvme storage) and they pointed to the PCIeLeech and other related ways of reading/dumping system memory via a rogue PCIe hardware adaptor that fakes a simple device but then issues custom PCIe transactions to perform memory scraping…
Would a Tegra based system be vulnerable to these attacks?
I know the Tegra has it’s own iommu device-driver and the device tree has entries that look to be carving out address ranges with various aliases which are then used by various devices. Does this provide (by default) protection by limiting devices to the default area unless it’s assigned an alternative.