IOMMU remaps the address space for DMA, between the address that the peripheral device sees and the physical address. Like memory paging but for the peripherals instead of the CPU. In addition to remapping it restricts DMA to only access memory regions that have been explicitly mapped, thus preventing buggy or malicious DMA-capable peripherals (PCIE cards and Thunderbolt devices, but not USB devices, AFAIK) from accessing memory not intended to be accessed by them. This is the main security gain it provides. Its concept and its implementation in x86 predates the discovery of SPECTRE vulnerabilities.
2 Likes