Oculink is emerging as an alternative to the long promised Intel Thunderbolt 5 for those that wants a setup light and mobile for daily use with the option for a powerful station with eGPUs. Lenovo launched in China a new laptop that has this port available and seems to be about to launch it globally.
This port is not new, it seems that is in use in servers for quite a while for the PCIe 4 speed transfer with SSDs and some other devices.
The question that I have is if this technology is secure and private enough for laptop users. It seems that it gives direct access to the memory rather the CPU controller like Thunderbolt.
Should one privacy conscious enthusiast avoid this type of hardware?
Oculink is exactly the same as plugging into an M.2 or PCIe slot on a desktop computer. Which is to say it has no security features intended for plugging in external/untrusted devices like USB4/Thunderbolt does, no.
(The IOMMU might protect you from DMA attacks still, but I wouldn’t rely on it)
If you only plug in devices you trust like an eGPU you own though, there’s probably no need to avoid it. Otherwise I’d disable it.