linux: Enable Intel DMA Remapping Devices by default on x86_64
Commit Message
If available, the kernel will enable IOMMU (a/k/a DMA remapping) by
default on boot. To tools making use of that, particularly hypervisors,
this provides better security without any downsides.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
config/kernel/kernel.config.x86_64-ipfire | 2 +-
config/rootfiles/common/x86_64/linux | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
@@ -6488,7 +6488,7 @@ CONFIG_AMD_IOMMU_V2=y
CONFIG_DMAR_TABLE=y
CONFIG_INTEL_IOMMU=y
CONFIG_INTEL_IOMMU_SVM=y
-# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set
+CONFIG_INTEL_IOMMU_DEFAULT_ON=y
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set
CONFIG_IRQ_REMAP=y
@@ -8071,6 +8071,7 @@ etc/modprobe.d/ipv6.conf
#lib/modules/KVER-ipfire/build/include/config/INTEL_INT0002_VGPIO
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOATDMA
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU
+#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU_DEFAULT_ON
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU_FLOPPY_WA
#lib/modules/KVER-ipfire/build/include/config/INTEL_IOMMU_SVM
#lib/modules/KVER-ipfire/build/include/config/INTEL_IPS