I've been involved (a tiny bit) in the EFI stub cleanups which
have
landed for 5.6, a such I've been building my own test kernels with
CONFIG_EFI_DISABLE_PCI_DMA=y up to know that is.
Recently I got a Lenovo X1 + Thunderbolt 3 dock for testing and
booting my own test kernel build on it failed, disabling
CONFIG_EFI_DISABLE_PCI_DMA fixes this.
Note currently we have:
[hans@x1 master]$ cat configs/fedora/generic/CONFIG_EFI_DISABLE_PCI_DMA
# CONFIG_EFI_DISABLE_PCI_DMA is not set
So the Fedora 5.6 kernels should work and this is not a bug report,
this is mostly a heads up and trying to turn my knowledge that for
now turning this on is not a good idea form private knowledge into
collective knowledge.
I will also report this upstream, so that maybe this issue can be
fixed.
The Kconfig text on this is pretty decent:
https://cateee.net/lkddb/web-lkddb/EFI_DISABLE_PCI_DMA.html
It also looks like it might be hard to enable by default on a generic
kernel, but from a security PoV it would certainly be something that
would be useful to be able to enable.