Jump to content

Thunderbolt DMA Windows?

Memories4K
By Memories4K
in Operating Systems
 Share
Go to solution Solved by ionbasa,

I believe Windows 8.1 and up has fixed most (if not all) DMA issues across various system buses:

 

New to Windows 8.1 is a capability by which Windows won’t enable newly attached DMA devices until the operating system starts and a user signs in. Every time the PC switches to suspend, hibernation, or sleep mode, Windows waits for the user to sign in before granting new devices DMA access. This delay helps prevent DMA attacks when an authorized user isn’t present. This new Windows 8.1 behavior successfully mitigates the DMA attack vector and eliminates the need for pre-boot authentication in most scenarios. Another option is for administrators to configure policy settings to disable FireWire and other device types that have DMA; many PCs allow those devices to be disabled by using firmware settings. Although the need for pre-boot authentication can be eliminated at the device level or through Windows configuration, the BitLocker pre-boot authentication feature is still available when needed. When used, it successfully mitigates all types of DMA port and expansion slot attacks on any type of device.

https://technet.microsoft.com/en-us/library/dn632182.aspx

 

This is of course mainly for bootup security issues. 

Posted

So, i didn't really know in which section of the forum to post this.

 

I know Thunderbolt has some security issues with DMA and that Apple has apparently recently updated OSX where DMA is no longer (or as big) of an issue.

 

Is there any similar fixes for those with thunderbolt running Windows? (Not on an Apple product)

 

Want to use an external SSD (Also be able to use TRIM, so going the Thunderbolt route) and would like to not have to worry about security issues.

 

Please and Thank You!

"If you ain't first, you're last"

Link to comment
https://linustechtips.com/topic/328314-thunderbolt-dma-windows/
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

I believe Windows 8.1 and up has fixed most (if not all) DMA issues across various system buses:

 

New to Windows 8.1 is a capability by which Windows won’t enable newly attached DMA devices until the operating system starts and a user signs in. Every time the PC switches to suspend, hibernation, or sleep mode, Windows waits for the user to sign in before granting new devices DMA access. This delay helps prevent DMA attacks when an authorized user isn’t present. This new Windows 8.1 behavior successfully mitigates the DMA attack vector and eliminates the need for pre-boot authentication in most scenarios. Another option is for administrators to configure policy settings to disable FireWire and other device types that have DMA; many PCs allow those devices to be disabled by using firmware settings. Although the need for pre-boot authentication can be eliminated at the device level or through Windows configuration, the BitLocker pre-boot authentication feature is still available when needed. When used, it successfully mitigates all types of DMA port and expansion slot attacks on any type of device.

https://technet.microsoft.com/en-us/library/dn632182.aspx

 

This is of course mainly for bootup security issues. 

▶ Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning. - Einstein◀

Please remember to mark a thread as solved if your issue has been fixed, it helps other who may stumble across the thread at a later point in time.

Link to comment
https://linustechtips.com/topic/328314-thunderbolt-dma-windows/#findComment-4457283
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Operating Systems

×