[mjg59]

> they can also flash the BIOS SPI

Boot Guard makes that impractical in most cases. The point here is that on machines that don't implement kernel DMA protection, you're able to drop the Thunderbolt config to the lowest security level and then write-protect the Thunderbolt SPI so the system firmware can't re-enable it, making it easier to perform a DMA attack over Thunderbolt and sidestep the Boot Guard protections.

This isn't a world-ending vulnerability, but it's of interest to anyone who has physical attacks as part of their threat model.

[osy]

Boot Guard is not implemented on most (all?) self built machines and a lot of pre-builts as well. But even if it is enabled, UEFI variables are not protected at all. You can disable Secure Boot just by overwriting UEFI variables and then boot any arbitrary code from USB.

[mjg59]

Which will change the measurements in PCR7, which is a detectable event that will break Bitlocker unsealing.