On Fri, Mar 26, 2021 at 6:28 PM Mark Kettenis <mark.kettenis@xxxxxxxxx> wrote: > I haven't figured out how the bypass stuff really works. Corellium > added support for it in their codebase when they added support for > Thunderbolt, and some of the DARTs that seem to be related to > Thunderbolt do indeed have a "bypass" property. But it is unclear to > me how the different puzzle pieces fit together for Thunderbolt. As a general observation, bypass mode for Thunderbolt is what enabled the http://thunderclap.io/ attack. This is extremely useful for debugging a running kernel from another machine, but it's also something that should never be done in a production kernel. Arnd
