From fafeab0ac4ff5e8800a9fb1d1f6f4eb8e22b6cda Mon Sep 17 00:00:00 2001
From: kimg45 <138676274+kimg45@users.noreply.github.com>
Date: Fri, 9 Aug 2024 23:05:00 -0500
Subject: [PATCH] add DMA info

---
 content/posts/macos/Security Features of macOS | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/content/posts/macos/Security Features of macOS b/content/posts/macos/Security Features of macOS
index f17c634..98e2466 100644
--- a/content/posts/macos/Security Features of macOS	
+++ b/content/posts/macos/Security Features of macOS	
@@ -66,4 +66,8 @@ Apple also issues revocations for notarization tickets, these are detected with
 
 Mac computers ensure that only Apple-signed code runs from the lowest levels of the firmware to macOS itself. It accomplishes this with a [chain of trust](https://support.apple.com/guide/security/boot-process-secac71d5623/web) that starts with the Boot ROM burned into the Secure Enclave at the factory as the first step.
 
-A unique feature of Mac computers is that you can set a different LocalPolicy for different installs, so you could have your main macOS with Full Security set and also an Asahi Linux install set to Permissive Security and it won't affect the security of your macOS.
\ No newline at end of file
+A unique feature of Mac computers is that you can set a different LocalPolicy for different installs, so you could have your main macOS with Full Security set and also an Asahi Linux install set to Permissive Security and it won't affect the security of your macOS.
+
+## DMA Protection
+
+Mac computers have an [IOMMU](https://support.apple.com/guide/security/direct-memory-access-protections-seca4960c2b5/1/web/1) so that each DMA agent, including PCIe and Thunderbolt ports, can only access memory explicitly mapped for their use.
\ No newline at end of file