Hello all,
since i am fiddling around with my framework laptop for better battery life, i found that with my current configuration there is a significant improvement in resume time form deep sleep if i switch off vt-d in Bios.
With vt-d enabled it takes ~10s pressing the powerbutton until the lockscreen is up.
With vt-d disabled it takes ~2s.
The Security Tab in Gnome Settings shows IOMMU-Protection not found if i disable it. Is this a serious Problem?
All 4 ports on your laptop are Thunderbolt and thus expose a PCIe connection and are vulnerable to DMA attacks.
A good analogy would be that it is quicker to enter a house that is unlocked. You see quicker boot up times. It is also easier for bad actors.
I’m sure there are other reasons to leave it enabled that I am either not remembering or am unaware of. Either way, my advice stands, you should leave it enabled so that virtualization works properly.
thanks for this point. That’s the answer to my question in the first post if it is a serious security issue for the system.
Am i right that the “long” resume is hitting all tb4 equipped systems?