No, Bootcamp enabled operating systems do not have the same protections as MacOS on the very same hardware. Apple says to use MacOS if you want (IOMMU+kDMA) security protections.
ssh uses asymmetric keys and the cache on the client has a three tuple (host,ip,public key) which allows a client to notice a difference in any of the three elements. By comparison, Thunderbolt leaks the entire secret as the first step and subsequent steps use derived values. ssh is secure if the key doesn't change and isn't compromised through other means. Thunderbolt is not secure and it fails under a passive surveillance adversary, it also fails for active adversaries.
I take your point that subsequent secret use in the n+1 protocol run isn't as bad as the very first run, and as you note, that probably doesn't matter in the face of an active attacker.
If Thunderbolt had used asymmetric cryptography, I would probably agree with you that the protocol has the same semantics as ssh. The reason that I disagree is that it appears to have the same semantics for the user interface but the underlying protocol differences are what make the protocol unsuitable for use. It's at least part of why Intel has now retired Security Levels and is leaning so strongly on kDMA. Security Levels as a protocol is simply not cryptographically secure for any meaningful definition of secure as the first step exposes the base secret value.
Note: the attack doesn't require the use of a flash clip, that's just a simple way to demonstrate device specific state extraction.
Many smaller devices do not require tools and are trivial to clone. Any of the victim devices will do. It's not only useful to attack a target computer.
Device identifiers and capabilities are not bound to the security level secret values. Drop off a pre-cloned video adapter in a conference room. If it is used and as a result authorized by a targeted computer at a later moment in time, it's game over. An attacker may now perform DMA operations unless the system has kDMA protection enabled. This requires kDMA support in the BIOS, IOMMU hardware, and in the Operating System.
The focus on DMA is however missing a very important observation about security levels from the research: There is a lot of attack surface when you're able to plug in a PCI(e) device as easily as a USB disk.
This only holds for Macbooks running MacOS. It will not be protected by the IOMMU if the system uses Bootcamp with Windows or another operating system such as Linux.