If you are using a Programmable Logic Device (PLD)—such as an FPGA or CPLD—as a PCIe endpoint, disabling DMA isn't always as simple as flipping a driver switch. You have to kill it at the hardware configuration level.
April 17, 2026 Category: Security & Firmware how to disable dma on pld
Hardening Your System: How to Disable DMA on a PLD-Based PCIe Device If you are using a Programmable Logic Device
Direct Memory Access (DMA) is a powerful feature. It allows hardware devices to read/write system RAM without bothering the CPU. However, from a security perspective, an unrestricted DMA channel is a gaping hole—it’s the primary vector for DMA attacks like Thunderclap and FireWire DMA . It allows hardware devices to read/write system RAM
This requires an internal TLP filter in your PLD logic:
-- Original DMA request dma_request <= pcie_rx_buffer_full; -- Disabled DMA (hardcoded off) dma_request <= '0'; If you cannot remove the DMA engine, starve it. Program your PLD's Base Address Registers (BARs) to map to a tiny memory region (e.g., 4KB). Configure the PLD to reject any Memory Write or Read TLP (Transaction Layer Packet) that targets an address outside a specific, non-RAM range.