Resorting to strict default IOMMU handling has been our default for several Core Updates on x86_64 by now, so bring this security improvement to our aarch64 userbase as well.
Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/kernel/kernel.config.aarch64-ipfire | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index a85704e96..dec736a56 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -7257,9 +7257,9 @@ CONFIG_IOMMU_IO_PGTABLE_LPAE=y # CONFIG_IOMMU_IO_PGTABLE_DART is not set # end of Generic IOMMU Pagetable Support
-# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set +CONFIG_IOMMU_DEFAULT_DMA_STRICT=y # CONFIG_IOMMU_DEFAULT_DMA_LAZY is not set -CONFIG_IOMMU_DEFAULT_PASSTHROUGH=y +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set CONFIG_OF_IOMMU=y CONFIG_IOMMU_DMA=y CONFIG_ROCKCHIP_IOMMU=y