Are Jetson Nano/TX1's vulnerable to PCIe attack

Hi.
I have been working on a system recently which we have got reasonably secure with secure boot and then a custom method of using dm-crypt on the main file-system. There are no obvious login paths.

However someone recently noted we have an open 4x PCIe port (for nvme storage) and they pointed to the PCIeLeech and other related ways of reading/dumping system memory via a rogue PCIe hardware adaptor that fakes a simple device but then issues custom PCIe transactions to perform memory scraping…

Would a Tegra based system be vulnerable to these attacks?

I know the Tegra has it’s own iommu device-driver and the device tree has entries that look to be carving out address ranges with various aliases which are then used by various devices. Does this provide (by default) protection by limiting devices to the default area unless it’s assigned an alternative.

Cheers, Marc

Yes. Tegra has SMMU enabled for PCIe by default and that prevents the PCIe hardware from accessing any other memory other than what has been allocated to it. Please keep the default configuration and don’t disable the SMMU for PCIe explicitly if you care about the security.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.