How does have a computer that is turned off affect this? Take a MacPro laptop with an encrypted SSD. If the Mac is turned off, and the attack is attempted after a fresh reboot without knowing the password, is the laptop still susceptible?

Yeah, it would have to be someone 'borrowing' or stealing a laptop that's running and has you logged in.

If I'm reading it correctly, any newer Mac with T2 chip and full disk encryption would not allow data to be exfiltrated unless a user were logged in.

I would think itd matter in which order devices are initialized in, for example, if you had a compromised device connected, is it initialized before your keyboard is so you can enter your full disk encryption password.

Id wager youd probably be safe because I think the bare USB keyboard support is provided by the UEFI BIOS and no OS level drivers would be initialized yet (e.g. why you can use basic USB keyboard and mouse support in the BIOS), but this is my mildly educated speculation. This is definitely not my area of expertise.

It seems to leverage the DMA features of Thunderbolt to dump the data, so if no sensitive data is in memory, then it wouldn't be leakable.

Fpr the same reason, note that if the computer was booted and locked, it would be affected.

so if you're carrying a susceptible device through a border check, it would be a good idea to shut the laptop down first. after that, it's all about how much pain you can take for refusing to login after they pull out the $5 wrench.

what about using their device to install something onto your system rather than retrieving data from it? is it possible to do one of those mischievous flash roms from something like this?

Forget borders, it could be a problem for domestic flights in the US. I've had the TSA demand I give them my laptop for special screening. Presumably they 'thought' it was a bomb, they didn't ask me to turn it on. But had it been turned on, it would have been vulnerable.