While it's not widely documented, you can be almost certain, that any architecturally visible state of almost any modern processor (for i386 that means 80486 and up) can be easily read out by JTAG or some other debug interface. So this actually makes attacker's job easier (no wide and fast parallel interfaces, no need to inject code). Also note that state of debug registers is undefined after reboot, which could in many implementations mean that they retain their contents.
While it's not widely documented, you can be almost certain, that any architecturally visible state of almost any modern processor (for i386 that means 80486 and up) can be easily read out by JTAG or some other debug interface. So this actually makes attacker's job easier (no wide and fast parallel interfaces, no need to inject code). Also note that state of debug registers is undefined after reboot, which could in many implementations mean that they retain their contents.