@cr1901 @david_chisnall to properly attach a device to a VM, you need an IOMMU so that, when the guest OS programs DMA using guest physical addresses, the guest-to-host physical mapping is applied on device memory accesses; it's not even (just) about security, it's about feasibility of making the device work within VM at all — without IOMMU, the device / memory subsystem would try to interpret the guest-given physical addresses as host physical addresses and break everything