If the thunderbolt part (more accurately, the pci-express lanes) could be disabled without losing the USB 3.1 and display port capabilities the port still might be "good enough" for most purposes.
And yeah, we really need device firewalls that isolate everything via IOMMU and don't allow drivers to do any memory mappings until the user confirmed the device.
And yeah, we really need device firewalls that isolate everything via IOMMU and don't allow drivers to do any memory mappings until the user confirmed the device.