I was under the impression that most modern (past few years) SoCs like Exynos, Qualcomm, Apple silicon all had IOMMU support. Sometimes it’s misconfigured to be too permissive but that’s getting better.

Qualcomm SMMU: https://www.qualcomm.com/content/dam/qcomm-martech/dm-assets...

Apple: https://support.apple.com/lt-lt/guide/security/seca4960c2b5/...

Samsung (vuln indicating it wasn’t configured correctly, but they still do have and use an IOMMU): https://nvd.nist.gov/vuln/detail/CVE-2022-39854

Why's IOMMU thrown around so casually in this forum as if it's a silver-bullet explosive reactive armors? They'd be running something like 30 years old giant main loop with "// don't remove this line, build breaks" comments everywhere, not like Rust microservices on formally verified microkernel.

The main CPU/application processor/main CPU might be running better secured Unix/Linux and might be able to protect itself from peripheral CPUs, but that's not the point; a phone had always been a pair (minimum) of computers, traditionally referred to as Application Processor(AP) and Baseband Processor(BP), of only the slightly faster one is exposed to the user, and it's unclear what is going on inside the other one or how to handle it. That's the problem.

How big a concern is this if the data is encrypted by the kernel or user space?

Ding ding ding, we have a winner!