Originally posted by xfcemint
View Post
The default security mode for Thunderbolt is "secure". The controller in the host device does not automatically tunnel any PCIe lanes when you attach a PCIe-capable device to the bus. The user has to authorize the device to make that happen, and the operating system remembers the device so it can re-authorize it automatically in the future. This is also true for all current UEFI implementations I've worked with. All Thunderbolt-capable systems I've seen in the last four years had safe defaults both in the UEFI settings and the operating systems.
Here's a blog post from someone who actually tried to hack a stock system via Thunderbolt back in 2016 and failed:
Leave a comment: