Early DMA protection not enforced properly on Alderlake and Meteorlake

[Lapushy6351]

Hi,

IOMMU It is used to protect against DMA attack in Dasharo + coreboot, does this during system startup.

https://osresearch.net/Heads-threat-model/#peripheral-firmware

https://docs.dasharo.com/dasharo-menu-docs/dasharo-system-features/#dasharo-security-options

On Clevo NV41 and Clevo NS50 models this is disabled, and I don't understand why.

https://github.com/linuxboot/heads/blob/master/config/coreboot-novacustom-nv4x_adl.config#L426

https://github.com/linuxboot/heads/blob/d4c4e5699b89365a88d9d49748dbcc11b6394907/config/coreboot-nitropad-ns50.config#L426

@tlaurion why?