RE: USB devices on Dell TB16 dock stop working after resuming

From: Mario.Limonciello
Date: Wed Nov 20 2019 - 12:42:25 EST


> > But I mean this is generally an unsafe (but convenient) option, it means that you
> > throw out security pre-boot, and all someone needs to do is turn off your
> machine,
> > plug in a malicious device, turn it on and then they have malicious device all the
> way
> > into OS.
>
> Only if the attacker found how to forge the device UUID (and knew what UUIDs
> are allowed), isn't it? Unless you take into account things like
> external GPU box,
> where it's pretty easy to replace the card installed inside it.

Notice, I never said it was easy :)

In order to turn that on something like that "generally" safely you need to have
mitigations like pre boot DMA protection in place.