USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
We have found 7 vulnerabilities in Intel’s design and developed 9 realistic scenarios how these could be exploited by a malicious entity to get access to your system, past the defenses that Intel had set up for your protection.
Thunderspy:
Proof of concept vulnerability checker: spycheck-linux
Possible mitigation code: spiblock
This is a request for comment on rolling mitigation code into usbguard, if possible and not redundant.