Attempt to disable and lock Intel Silicon Debug on boot
One of the countermeasures against using Direct Connect Interface
(DCI) to debug CPUs via USB3 mentioned in the "Tapping into the
core" talk at the 33c3 was to identify and disable the Silicon
Debug feature found in Haswell and newer CPUs.
Two machines we have here are Haswell and Skylake, but both of
them have debugging disabled. Would be interesting to know if
this works (or doesn't).