1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
documentation_complete: true
title: 'IOMMU configuration directive'
description: |-
On x86 architecture supporting VT-d, the IOMMU manages the access control policy between the hardware devices and some
of the system critical units such as the memory.
{{{ describe_grub2_argument("iommu=force") | indent(4) }}}
rationale: |-
On x86 architectures, activating the I/OMMU prevents the system from arbitrary accesses potentially made by
hardware devices.
severity: unknown
identifiers:
cce@rhel8: CCE-83920-9
cce@rhel9: CCE-83844-1
cce@rhel10: CCE-87932-0
cce@sle12: CCE-91532-2
cce@sle15: CCE-91217-0
ocil_clause: 'I/OMMU is not activated'
ocil: |-
{{{ ocil_grub2_argument("iommu=force") | indent(4) }}}
warnings:
- functionality:
Depending on the hardware, devices and operating system used, enabling IOMMU can cause hardware instabilities.
Proper function and stability should be assessed before applying remediation to production systems.
template:
name: grub2_bootloader_argument
vars:
arg_name: iommu
arg_value: 'force'
|
