Re: Honest question...
From what I can tell, there is more than one DMA controller, and it's potentially the one of the PCH (chipset) that is leaking. However the request is going though the main IOMMU, which is brought online in a security disabled state.