intel thought it would be a good idea to expose jtag over usb3 on their newer laptops. is puri.sm going to skip these series or otherwise mitigate the issue?
heres the ccc talk on this https://www.youtube.com/watch?v=QuuTLkZFsug
and an article based on it, http://hothardware.com/news/intel-skylake-kaby-lake-vulnerable-to-usb-port-debugging-exploit
all that is required is that the DCI interface is enabled
Possible way of mitigation: coletely disable DCI on BIOS level (without exposing anything to a user), but this would require custom BIOS implementation like Coreboot.
in the q&a at 24:50 he clarifies that even if its disabled in bios, some systems have enabled by default and you can get past it on boot.
without bootgaurd enabled, you can also rewrite the bios. can you have coreboot with bootguard enabled?
to clarify, on some systems, hopefully not any of purisms, the default state is on, and the bios just turns it off. but, in these cases, you can use dci to prevent the bios from turning it off.
thats how it sounded. this part of architecture is new to me and i had to keep pausing the video to look up what they were talking about.